echo "Options:"
echo " -S, --master-socket <path> Use the master socket at <path> (default: ${SOCKET})"
echo " -s, --socket <path> Use the stats socket at <path>"
- echo " -p, --path <path> Specifiy a base path for relative files (default: ${BASEPATH})"
+ echo " -p, --path <path> Specify a base path for relative files (default: ${BASEPATH})"
echo " -n, --dry-run Read certificates on the socket but don't dump them"
echo " -d, --debug Debug mode, set -x"
echo " -v, --verbose Verbose mode"
provide its opinion on the need for a backport and an explanation of the reason
for its choice. This often helps the user to find a quick summary about the
patch. All these outputs are then converted to a long HTML page with colors and
-radio buttons, where patches are pre-selected based on this classification,
+radio buttons, where patches are preselected based on this classification,
that the user can consult and adjust, read the commits if needed, and the
selected patches finally provide some copy-pastable commands in a text-area to
select commit IDs to work on, typically in a form that's suitable for a simple
When set to "auto" it uses the default value of the TLS library.
- With "off" it tries to explicitely disable the support of the feature.
+ With "off" it tries to explicitly disable the support of the feature.
HAProxy won't try to send compressed certificates anymore nor accept
compressed certificates.
used when no rule has matched. It generally is the dynamic backend which
will catch all undetermined requests.
- If a backend is disabled or unpublished, default_backend rules targetting it
+ If a backend is disabled or unpublished, default_backend rules targeting it
will be ignored and stream processing will remain on the original proxy.
Example :
May be used in sections : defaults | frontend | listen | backend
yes | no | yes | yes
- This option can be used to enable the small buffers support at diffent places
+ This option can be used to enable the small buffers support at different places
to save memory. By default, with no parameter, small buffers are used as far
as possible at all possible places. Otherwise, it is possible to limit it to
following the places:
requests.
When enabled, small buffers are used, but only if it is possible. Otherwise,
- when data are too large, a regular buffer is automtically used. The size of
+ when data are too large, a regular buffer is automatically used. The size of
small buffers is configurable via the "tune.bufsize.small" global setting.
If this option has been enabled in a "defaults" section, it can be disabled
decrypted thanks to the certificate provided.
The <cert> parameter must be a path to an already loaded certificate (that
can be dumped via the "dump ssl cert" CLI command). The certificate must have
- its "jwt" option explicitely set to "on" (see "jwt" crt-list option). It can
+ its "jwt" option explicitly set to "on" (see "jwt" crt-list option). It can
be provided directly or via a variable.
The only tokens managed yet are the ones using the Compact Serialization
format (five dot-separated base64-url encoded strings).
filter compression (deprecated)
-Alias for backward compatibility purposes that is functionnally equivalent to
+Alias for backward compatibility purposes that is functionally equivalent to
enabling both "comp-req" and "comp-res" filter. "compression" keyword must be
used to configure appropriate behavior:
slower than their glibc counterparts when calculating hashes, so you might
want to consider this aspect too.
- All passwords are considered normal arguments and are therefor subject to
+ All passwords are considered normal arguments and are therefore subject to
regular section 2.2 Quoting and escaping. Single quoting passwords is
- therefor recommended.
+ therefore recommended.
Example:
userlist L1
- /?R=<enable> Enable sending random data if >0.
Note that those arguments may be cumulated on one line separated by a set of
- delimitors among [&?,;/] :
+ delimiters among [&?,;/] :
- GET /?s=20k&c=1&t=700&K=30r HTTP/1.0
- GET /?r=500?s=0?c=0?t=1000 HTTP/1.0
1 1 1 => shut pending
PB: we can land into final shut if one thread disables the FD while another
- one that was waiting on it reports it as shut. Theorically it should be
+ one that was waiting on it reports it as shut. Theoretically it should be
implicitly ready though, since reported. But if no data is reported, it
will be reportedly shut only. And no event will be reported then. This
might still make sense since it's not active, thus we don't want events.
Only TCP or HTTP proxies can be created. All of the settings are inherited
from <defproxy> default proxy instance. By default, it is mandatory to
specify the backend mode via the argument of the same name, unless <defproxy>
- already defines it explicitely. It is also possible to use an optional GUID
+ already defines it explicitly. It is also possible to use an optional GUID
argument if wanted.
Servers can be added via the command "add server". The backend is initialized
be attached to the backend instance.
There is additional restrictions which prevent backend removal. First, a
- backend cannot be removed if it is explicitely referenced by config elements,
+ backend cannot be removed if it is explicitly referenced by config elements,
for example via a use_backend rule or in sample expressions. Some proxies
options are also incompatible with runtime deletion. Currently, this is the
case when deprecated dispatch or option transparent are used. Also, a backend
impossible for now to remove a backend if QUIC servers were present in it.
It can be useful to use "wait be-removable" prior to this command to check
- for the aformentioned requisites. This also provides a methode to wait for
+ for the aforementioned requisites. This also provides a method to wait for
the final closure of the streams attached to the target backend.
This command is restricted and can only be issued on sockets configured for
#define HTX_XFER_DEFAULT 0x00000000 /* Default XFER: no partial xfer / remove blocks from source */
#define HTX_XFER_KEEP_SRC_BLKS 0x00000001 /* Don't remove xfer blocks from source messages during xfer */
#define HTX_XFER_PARTIAL_HDRS_COPY 0x00000002 /* Allow partial copy of headers and trailers part */
-#define HTX_XFER_HDRS_ONLY 0x00000003 /* Only Transfert header blocks (start-line, header and EOH) */
+#define HTX_XFER_HDRS_ONLY 0x00000003 /* Only Transfer header blocks (start-line, header and EOH) */
size_t htx_xfer(struct htx *dst, struct htx *src, size_t count, unsigned int flags);
/* Functions and macros to get parts of the start-line or length of these
/* Proxy flags */
#define PR_FL_DISABLED 0x00000001 /* The proxy was disabled in the configuration (not at runtime) */
#define PR_FL_STOPPED 0x00000002 /* The proxy was stopped */
-#define PR_FL_DEF_EXPLICIT_MODE 0x00000004 /* Proxy mode is explicitely defined - only used for defaults instance */
+#define PR_FL_DEF_EXPLICIT_MODE 0x00000004 /* Proxy mode is explicitly defined - only used for defaults instance */
#define PR_FL_EXPLICIT_REF 0x00000008 /* The default proxy is explicitly referenced by another proxy */
#define PR_FL_IMPLICIT_REF 0x00000010 /* The default proxy is implicitly referenced by another proxy */
#define PR_FL_PAUSED 0x00000020 /* The proxy was paused at run time (reversible) */
#define PR_FL_CHECKED 0x00000040 /* The proxy configuration was fully checked (including postparsing checks) */
-#define PR_FL_BE_UNPUBLISHED 0x00000080 /* The proxy cannot be targetted by content switching rules */
+#define PR_FL_BE_UNPUBLISHED 0x00000080 /* The proxy cannot be targeted by content switching rules */
#define PR_FL_DELETED 0x00000100 /* Proxy has been deleted and must be manipulated with care */
#define PR_FL_NON_PURGEABLE 0x00000200 /* Proxy referenced by config elements which prevent its runtime removal. */
char **passphrase_cmd;
int passphrase_cmd_args_cnt;
- unsigned int certificate_compression:1; /* allow to explicitely disable certificate compression */
+ unsigned int certificate_compression:1; /* allow to explicitly disable certificate compression */
};
/* The order here matters for picking a default context,
/*!
- * simple alias to pre-selected XXH3_128bits variant
+ * simple alias to preselected XXH3_128bits variant
*/
XXH_PUBLIC_API XXH_PUREF XXH128_hash_t XXH128(XXH_NOESCAPE const void* data, size_t len, XXH64_hash_t seed);
* available.
*
* This check must be performed before conn_prepare()
- * to ensure consistency accross the whole stack, in
+ * to ensure consistency across the whole stack, in
* particular for QUIC between quic-conn and mux layer.
*/
if (IS_HTX_STRM(s) && srv->use_ssl &&
/* Checks if <px> backend supports the addition of servers at runtime. Either a
* backend or a defaults proxy are supported. If proxy is incompatible, <msg>
- * will be allocated to contain a textual explaination.
+ * will be allocated to contain a textual explanation.
*/
int be_supports_dynamic_srv(struct proxy *px, char **msg)
{
}
#endif
-/* Allow to explicitely disable certificate compression when set to "off" */
+/* Allow to explicitly disable certificate compression when set to "off" */
#ifdef SSL_OP_NO_RX_CERTIFICATE_COMPRESSION
static int ssl_parse_certificate_compression(char **args, int section_type, struct proxy *curpx,
const struct proxy *defpx, const char *file, int line,
}
/* Similar to get_trash_chunk() but return a pre-allocated large chunk
- * instead. Becasuse large buffers are not enabled by default, this function may
+ * instead. Because large buffers are not enabled by default, this function may
* return NULL.
*/
struct buffer *get_large_trash_chunk(void)
}
/* Similar to get_trash_chunk() but return a pre-allocated small chunk
- * instead. Becasuse small buffers are not enabled by default, this function may
+ * instead. Because small buffers are not enabled by default, this function may
* return NULL.
*/
struct buffer *get_small_trash_chunk(void)
}
/* the sockpair between the master and the worker is
- * used temporarly as a listener to receive
+ * used temporarily as a listener to receive
* _send_status. Once it is received we don't want to
* use this FD as a listener anymore, but only as a
* server, to allow only connections from the master to
* they are respectively cleaned up in sink_deinit() and deinit_log_forward()
*/
- /* If named defaults were preserved, ensure <def_ref> count is resetted. */
+ /* If named defaults were preserved, ensure <def_ref> count is reset. */
if (!(global.tune.options & GTUNE_PURGE_DEFAULTS))
defaults_px_unref_all();
" - /?R=<enable> Enable sending random data if >0.\n"
"\n"
"Note that those arguments may be cumulated on one line separated by a set of\n"
- "delimitors among [&?,;/] :\n"
+ "delimiters among [&?,;/] :\n"
" - GET /?s=20k&c=1&t=700&K=30r HTTP/1.0\n"
" - GET /?r=500?s=0?c=0?t=1000 HTTP/1.0\n"
"\n";
}
/* The HTX data are not fully sent if the last HTX data
- * were not fully transfered or if there are remaining data
+ * were not fully transferred or if there are remaining data
* to send (->to_write > 0).
*/
if (!htx_is_empty(htxbuf(&hs->res))) {
/* original haterm chunk mode responses are made of 1-byte chunks
* but the haproxy muxes do not support this. At this time
- * these reponses are handled the same way as for common
+ * these responses are handled the same way as for common
* responses with a pre-built buffer.
*/
for (i = 0; i < sizeof(common_chunk_resp); i++)
random_resp = malloc(random_resp_len);
if (!random_resp) {
- ha_alert("not enough memore...\n");
+ ha_alert("not enough memory...\n");
return -1;
}
/* Simple function, to append <line> to <b> without without
* trailing '\0' character.
- * Take into an account the '\t' and '\n' escaped sequeces.
+ * Take into an account the '\t' and '\n' escaped sequences.
*/
static void hstream_str_buf_append(struct hbuf *h, const char *line)
{
argc--; argv++;
}
- /* Restore the argumenst */
+ /* Restore the arguments */
argc = sargc; argv = sargv;
while (argc > 0) {
char *opt;
if (s->txn->meth == HTTP_METH_HEAD)
htx_skip_msg_payload(htx);
- /* Respnse from haproxy, override HTTP response verison using the request one */
+ /* Response from haproxy, override HTTP response version using the request one */
s->txn->rsp.vsn = s->txn->req.vsn;
channel_auto_read(req);
/* this struct is used between calls to smp_fetch_hdr() or smp_fetch_cookie() */
static THREAD_LOCAL struct http_hdr_ctx static_http_hdr_ctx;
/* this is used to convert raw connection buffers to htx */
-/* NOTE: For now, raw bufers cannot exceeds the standard size */
+/* NOTE: For now, raw buffers cannot exceeds the standard size */
static THREAD_LOCAL struct buffer static_raw_htx_chunk;
static THREAD_LOCAL char *static_raw_htx_buf;
}
/* Converts <conf_errors> initialized during config parsing for <px> proxy.
- * Each one of them is transfromed in a http_reply type, stored in proxy
+ * Each one of them is transformed in a http_reply type, stored in proxy
* replies array member. The original <conf_errors> becomes unneeded and is
* thus removed and freed.
*/
* block in <dst>. So have:
* - <blk> == NULL: everything was copied. <last_dstblk> must be NULL
* - <blk> != NULL && <last_dstblk> == NULL: partial copy but the last block was fully copied
- * - <blk> != NULL && <last_dstblk> != NULL: partial copy and the last block was patially copied (DATA block only)
+ * - <blk> != NULL && <last_dstblk> != NULL: partial copy and the last block was partially copied (DATA block only)
*/
if (!(flags & HTX_XFER_PARTIAL_HDRS_COPY)) {
/* Partial headers/trailers copy is not supported */
}
}
- /* Everything was copied, transfert terminal HTX flags too */
+ /* Everything was copied, transfer terminal HTX flags too */
if (!blk) {
dst->flags |= (src->flags & (HTX_FL_EOM|HTX_FL_PARSING_ERROR|HTX_FL_PROCESSING_ERROR));
src->flags = 0;
}
-/* If possible, trasnfer HTX blocks from <src> to a small buffer. This function
+/* If possible, transfer HTX blocks from <src> to a small buffer. This function
* allocate the small buffer and makes <dst> point on it. If <dst> is not empty
* or if <src> contains to many data, NULL is returned. If the allocation
* failed, NULL is returned. Otherwise <dst> is returned. <flags> instructs how
return dst;
}
-/* If possible, trasnfer HTX blocks from <src> to a large buffer. This function
+/* If possible, transfer HTX blocks from <src> to a large buffer. This function
* allocate the small buffer and makes <dst> point on it. If <dst> is not empty
* or if <src> contains to many data, NULL is returned. If the allocation
* failed, NULL is returned. Otherwise <dst> is returned. <flags> instructs how
* the one found in the JWE token.
* The tag is built out of a HMAC of some concatenated data taken from the JWE
* token (see https://datatracker.ietf.org/doc/html/rfc7518#section-5.2). The
- * firest half of the previously decrypted cek is used as HMAC key.
+ * first half of the previously decrypted cek is used as HMAC key.
* Returns 0 in case of success, 1 otherwise.
*/
static int build_and_check_tag(jwe_enc enc, struct jwt_item items[JWE_ELT_MAX],
/*
* Decrypt the contents of a JWE token thanks to the user-provided base64
* encoded secret. This converter can only be used for tokens that have a
- * symetric algorithm (AESKW, AESGCMKW or "dir" special case).
+ * symmetric algorithm (AESKW, AESGCMKW or "dir" special case).
* Returns the decrypted contents, or nothing if any error happened.
*/
static int sample_conv_jwt_decrypt_secret(const struct arg *args, struct sample *smp, void *private)
/*
* Decrypt the contents of a JWE token thanks to the user-provided certificate
* and private key. This converter can only be used for tokens that have an
- * asymetric algorithm (RSA only for now).
+ * asymmetric algorithm (RSA only for now).
* Returns the decrypted contents, or nothing if any error happened.
*/
static int sample_conv_jwt_decrypt_cert(const struct arg *args, struct sample *smp, void *private)
/* With ECDH-ES no CEK will be provided. */
if (!ec || alg != JWE_ALG_ECDH_ES) {
- /* With asymetric crypto algorithms we should always have a CEK */
+ /* With asymmetric crypto algorithms we should always have a CEK */
if (!items[JWE_ELT_CEK].length)
goto end;
/* If more frames remain in the buffer, let's first check if we've
* depleted the frames processing budget. Consuming the RST budget
- * makes the tasklet go to TL_BULK to make it less prioritary than
+ * makes the tasklet go to TL_BULK to make it less priority than
* other processing since it's often used by attacks, while other
* frame types just yield normally.
*/
return 1;
}
if (!(defpx->flags & PR_FL_DEF_EXPLICIT_MODE) && !mode) {
- cli_dynerr(appctx, memprintf(&msg, "Mode is required as '%s' default proxy does not explicitely defines it.\n", def_name));
+ cli_dynerr(appctx, memprintf(&msg, "Mode is required as '%s' default proxy does not explicitly defines it.\n", def_name));
return 1;
}
if (defpx->mode != PR_MODE_TCP && defpx->mode != PR_MODE_HTTP) {
/* This code is called by connect_server() by way of
* conn_prepare().
* XXX TODO XXX: there is a remaining race condition where
- * the negotiated alpn could be resetted before running this code
+ * the negotiated alpn could be reset before running this code
* here. In this case the app_ops for the mux will not be
* set by quic_reuse_srv_params().
*
break;
case STICKTABLE_LOCAL_UPDATES:
*metric = (struct promex_metric){ .n = ist("local_updates"), .type = PROMEX_MT_GAUGE, .flags = PROMEX_FL_MODULE_METRIC };
- *desc = ist("Cumulative number of updates on the stick table initiated by the local process. Please note that this value will eventually wrap after 4294967295 since it is stored using unsigned int (uint32). As this metric is often used to compute the update rate of a given table between two queries, wrapping must be taken into account and the time between 2 queries must not exceed the theorical time needed for this value to wrap.");
+ *desc = ist("Cumulative number of updates on the stick table initiated by the local process. Please note that this value will eventually wrap after 4294967295 since it is stored using unsigned int (uint32). As this metric is often used to compute the update rate of a given table between two queries, wrapping must be taken into account and the time between 2 queries must not exceed the theoretical time needed for this value to wrap.");
break;
default:
return -1;
return ACT_RET_STOP;
}
-/* Parses persist-rules attached to <fe> frontend and report the first macthing
+/* Parses persist-rules attached to <fe> frontend and report the first matching
* entry, using <sess> session and <s> stream as sample source.
*
* As this function is called several times in the same stream context,
* <persist> will act as a caching value to avoid reprocessing of a similar
- * ruleset. It must be set to a negative value for the first invokation.
+ * ruleset. It must be set to a negative value for the first invocation.
*
* Returns 1 if a rule matches, else 0.
*/
ha_free(&comment);
break;
case TCPCHK_ACT_SEND:
- /* Disable small buffer use for rules using LF stirngs or too large data */
+ /* Disable small buffer use for rules using LF strings or too large data */
switch (chk->send.type) {
case TCPCHK_SEND_STRING:
case TCPCHK_SEND_BINARY:
projects / thirdparty / haproxy.git / commitdiff
