Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Branch: master
Commits on Mar 21, 2012
  1. @abridgett

    MINOR: patch for minor typo (ressources/resources)

    abridgett authored Willy Tarreau committed
    The main stats page says "ressources" (French spelling) rather than
    "resources" (English spelling).
    
    One little patch attached (against v1.4.20).
    
    Many thanks,
    
    Adrian
    (cherry picked from commit afdb6e57f746e701be95afa3850c0b419a3f8658)
Commits on Mar 10, 2012
  1. [RELEASE] Released version 1.4.20

    Willy Tarreau authored
    Released version 1.4.20 with the following main changes :
        - BUG/MINOR: fix typo in processing of http-send-name-header
        - BUG/MEDIUM: correctly disable servers tracking another disabled servers.
        - BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend
        - MINOR: halog: add some help on the command line     (cherry picked from commit 615674cdec067066a42f53f5d55628ab7b207e6c)
        - BUILD: fix build error on FreeBSD
        - BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions
        - BUG: http: disable TCP delayed ACKs when forwarding content-length data
        - BUG: checks: fix server maintenance exit sequence
        - BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on partial writes
        - DOC: enumerate valid status codes for "observe layer7"
        - BUILD: make it possible to look for pcre in the default system paths
  2. BUILD: make it possible to look for pcre in the default system paths

    Willy Tarreau authored
    If running "make PCREDIR=" will not force to add -I nor -L anymore.
    (cherry picked from commit 32d027239466cdb658a6b97467e172c2a5120e15)
  3. DOC: enumerate valid status codes for "observe layer7"

    Willy Tarreau authored
    (cherry picked from commit 150d146d4dab750784f86417514a1b4f5cec6d4d)
Commits on Mar 9, 2012
  1. BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTW…

    Willy Tarreau authored
    …AIT on partial writes
    
    The flags are one-shot but should be maintained over all send() operations
    as long as send_max is not flushed. The flags were incidentely cleared once
    a complete send() was performed, regardless of the fact that the send()
    might have been on the first half of a buffer before a wrapping. The result
    is that on wrapping data (eg: which happens often with chunked encoding),
    many incomplete segments are transmitted instead of being aggregated.
    
    The fix consists in only flushing the flags only once send_max is empty,
    which was the expected behaviour.
    
    This fix should be backported to 1.4 though it is not critical, just sub-optimal.
    (cherry picked from commit f17810e4fadcda9e556c1950d49a1617e87486b8)
  2. BUG: checks: fix server maintenance exit sequence

    Willy Tarreau authored
    Recent commit 62c3be broke maintenance mode by fixing srv_is_usable().
    Enabling a disabled server would not re-introduce it into the farm.
    The reason is that in set_server_up(), the SRV_MAINTAIN flag is still
    present when recounting the servers. The flag was removed late only to
    adjust a log message. Keep a copy of the old flag instead and update
    SRV_MAINTAIN earlier.
    
    This fix must also be backported to 1.4 (but no release got the regression).
    (cherry picked from commit 454467849070931e0fd7bd09d62b46fbd4923dc5)
Commits on Mar 5, 2012
  1. BUG: http: disable TCP delayed ACKs when forwarding content-length data

    Willy Tarreau authored
    Commits 5c6209 and 072930 were aimed at avoiding undesirable PUSH flags
    when forwarding chunked data, but had the undesired effect of causing
    data advertised by content-length to be affected by the delayed ACK too.
    This can happen when the data to be forwarded are small enough to fit into
    a single send() call, otherwise the BF_EXPECT_MORE flag would be removed.
    
    Content-length data don't need the BF_EXPECT_MORE flag since the low-level
    forwarder already knows it can safely rely on bf->to_forward to set the
    appropriate TCP flags.
    
    Note that the issue is only observed in requests at the moment, though the
    later introduction of server-side keep-alive could trigger the issue on the
    response path too.
    
    Special thanks to Randy Shults for reporting this issue with a lot of
    details helping to reproduce it.
    
    The fix must be backported to 1.4.
    (cherry picked from commit 869fc1edc2acfa8ff88de2f4e638ad48dca5d246)
Commits on Mar 1, 2012
  1. BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions

    Willy Tarreau authored
    When a request completes on a server and the server connection is closed
    while the client connection stays open, the HTTP engine releases all server
    connection slots and scans the queues to offer the connection slot to
    another pending request.
    
    An issue happens when the released connection allows other requests to be
    dequeued : may_dequeue_tasks() relies on srv->served which is only decremented
    by sess_change_server() which itself is only called after may_dequeue_tasks().
    This results in no connection being woken up until another connection terminates
    so that may_dequeue_tasks() is called again.
    
    This fix is minimalist and only moves sess_change_server() earlier (which is
    safe). It should be reworked and the code factored out so that the same occurrence
    in session.c shares the same code.
    
    This bug has been there since the introduction of option-http-server-close and
    the fix must be backported to 1.4.
    (cherry picked from commit 2d5cd479bc7a8c1ced70e562956e3ae99fe7eec9)
Commits on Jan 23, 2012
  1. BUILD: fix build error on FreeBSD

    Willy Tarreau authored
    Marcello Gorlani reported that commit 5e205524ad24003ecc4dbb435066aebe7ed58d95
    (BUG: http: re-enable TCP quick-ack upon incomplete HTTP requests) broke build
    on FreeBSD.
    
    Moving the include lower fixes the issue. This must be backported to 1.4 too.
    (cherry picked from commit b05405a3a8c54922a31f56fd7d81e79c93d152a5)
  2. MINOR: halog: add some help on the command line

    Willy Tarreau authored
    (cherry picked from commit 615674cdec067066a42f53f5d55628ab7b207e6c)
Commits on Jan 20, 2012
  1. BUG/MEDIUM: zero-weight servers must not dequeue requests from the ba…

    Willy Tarreau authored
    …ckend
    
    It was reported that a server configured with a zero weight would
    sometimes still take connections from the backend queue. This issue is
    real, it happens this way :
      1) the disabled server accepts a request with a cookie
      2) many cookie-less requests accumulate in the backend queue
      3) when the disabled server completes its request, it checks its own
         queue and the backend's queue
      4) the server takes a pending request from the backend queue and
         processes it. In response, the server's cookie is assigned to
         the client, which ensures that some requests will continue to
         be served by this server, leading back to point 1 above.
    
    The fix consists in preventing a zero-weight server from dequeuing pending
    requests from the backend. Making use of srv_is_usable() in such tests makes
    the tests more robust against future changes.
    
    This fix must be backported to 1.4 and 1.3.
    (cherry picked from commit f8e8b76ed381f011852b7be631d0247f69f3955f)
  2. BUG/MEDIUM: correctly disable servers tracking another disabled servers.

    Willy Tarreau authored
    In a config where server "s1" is marked disabled and "s2" tracks "s1",
    s2 appears disabled on the stats but is still inserted into the LB farm
    because the tracking is resolved too late in the configuration process.
    
    We now resolve tracked servers before building LB maps and we also mark
    the tracking server in maintenance mode, which previously was not done,
    causing half of the issue.
    
    Last point is that we also protect srv_is_usable() against electing a
    server marked for maintenance. This is not absolutely needed but is a
    safe choice and makes a lot of sense.
    
    (cherry picked from commit 62c3be28ed96dce88b93c5857a8a8b3bab083c73)
Commits on Jan 9, 2012
  1. @stathisv

    BUG/MINOR: fix typo in processing of http-send-name-header

    stathisv authored Willy Tarreau committed
    I downloaded version 1.4.19 this morning. While merging the code changes
    to a custom build that we have here for our project I noticed a typo in
    'session.c', in the new code for inserting the server name in the HTTP
    header. The fix that I did is shown in the patch below.
    
    [WT: the bug is harmless, it is only suboptimal]
    (cherry picked from commit 09a030a9a43380ff1dc6a6b1c59e86bed2dc8f48)
Commits on Jan 7, 2012
  1. [RELEASE] Released version 1.4.19

    Willy Tarreau authored
    Released version 1.4.19 with the following main changes :
        - MEDIUM: http: add support for sending the server's name in the outgoing request
        - BUG/MINOR: fix options forwardfor if-none when an alternative header name is specified
        - MINOR: task: new function task_schedule() to schedule a wake up
        - BUG/MEDIUM: checks: fix slowstart behaviour when server tracking is in use
        - BUG: tcp: option nolinger does not work on backends
        - BUG: ebtree: ebst_lookup() could return the wrong entry
        - BUG: http: re-enable TCP quick-ack upon incomplete HTTP requests
        - CLEANUP: ebtree: remove a few annoying signedness warnings
        - CLEANUP: ebtree: remove 4-year old harmless typo in duplicates insertion code
        - CLEANUP: ebtree: remove another typo, a wrong initialization in insertion code
        - BUG: proto_tcp: set AF_INET on tproxy for use with recent kernels
        - MINOR: halog: add support for matching queued requests
        - BUG: http: tighten the list of allowed characters in a URI
  2. BUG: http: tighten the list of allowed characters in a URI

    Willy Tarreau authored
    The HTTP request parser was considering that any non-LWS char was
    par of the URI. Unfortunately, this allows control chars to be sent
    in the URI, sometimes resulting in backend servers misbehaving, for
    instance when they interprete \0 as an end of string and respond
    with plain HTTP/0.9 without headers, that haproxy blocks as invalid
    responses.
    
    RFC3986 clearly states the list of allowed characters in a URI. Even
    non-ASCII chars are not allowed. Unfortunately, after having run 10
    years with these chars allowed, we can't block them right now without
    an optional workaround. So the first step consists in only blocking
    control chars. A later patch will allow non-ASCII only when an appropriate
    option is enabled in the frontend.
    
    Control chars are 0..31 and 127, with the exception of 9, 10 and 13
    (\t, \n, \r).
    (cherry picked from commit 2e9506d7717ee0a17a044a334f6b1cddf46a00a6)
  3. MINOR: halog: add support for matching queued requests

    Willy Tarreau authored
    -Q outputs all requests which went through at least one queue.
    -QS outputs all requests which went through a server queue.
    (cherry picked from commit 08911ff896e0cf100c17cab18fee619d6fb33b31)
Commits on Jan 5, 2012
  1. MEDIUM: http: add support for sending the server's name in the outgoi…

    Mark Lamourine authored Willy Tarreau committed
    …ng request
    
    New option "http-send-name-header" specifies the name of a header which
    will hold the server name in outgoing requests. This is the name of the
    server the connection is really sent to, which means that upon redispatches,
    the header's value is updated so that it always matches the server's name.
    (cherry picked from commit c2247f0b8d37cc31d34e586fcc60ae67b398feb8)
Commits on Dec 22, 2011
  1. BUG: proto_tcp: set AF_INET on tproxy for use with recent kernels

    Willy Tarreau authored
    Brian Lagoni reported that linux kernels after 2.6.34 broke tproxy with
    a check for the sin_family field which was not previously used. This
    patch simply sets sin_family to AF_INET to fix the issue. 1.5 is not
    affected since it already sets the family.
  2. CLEANUP: ebtree: remove another typo, a wrong initialization in inser…

    Willy Tarreau authored
    …tion code
    
    (from ebtree 6.0.7)
    
    root_right was wrongly initialized first to <root> which is not the same
    type, to be later initialized to root->b[EB_RGHT].
    
    Let's simply remove the wrong and useless initialization.
    (cherry picked from commit e63a0c2f56369b52c4d00221d83c2c4569605c06)
    (cherry picked from commit 6258f7b883ba3b9dd15a71d17cb8323301283a47)
  3. CLEANUP: ebtree: remove 4-year old harmless typo in duplicates insert…

    Willy Tarreau authored
    …ion code
    
    (from ebtree 6.0.7)
    
    This typo has been there since we introduced duplicates. A "struct eb_troot *"
    which apparently the compiler doesn't complain about while it is never declared
    anywhere. Amazing...
    
    (cherry picked from commit 2879648db5d32cf009ae571cb0e8e1df75152281)
    (cherry picked from commit 655c84a9f0afa1b598c43f73ca86a45a8a4c4790)
  4. CLEANUP: ebtree: remove a few annoying signedness warnings

    Willy Tarreau authored
    (from ebtree 6.0.6)
    
    Care has been taken not to make the code bigger (it even got smaller
    due to a possible simplification).
    (cherry picked from commit 7a2c1df646049c7daac52677ec11ed63048cd150)
    (cherry picked from commit 22c0a93c63ffd387cb846eedbc93508e29fcb5b6)
Commits on Dec 17, 2011
  1. BUG: http: re-enable TCP quick-ack upon incomplete HTTP requests

    Willy Tarreau authored
    By default we disable TCP quick-acking on HTTP requests so that we
    avoid sending a pure ACK immediately followed by the HTTP response.
    However, if the client sends an incomplete request in a short packet,
    its TCP stack might wait for this packet to be ACKed before sending
    the rest of the request, delaying incoming requests by up to 40-200ms.
    
    We can detect this undesirable situation when parsing the request :
      - if an incomplete request is received
      - if a full request is received and uses chunked encoding or advertises
        a content-length larger than the data available in the buffer
    
    In these situations, we re-enable TCP quick-ack if we had previously
    disabled it.
    (cherry picked from commit 5e205524ad24003ecc4dbb435066aebe7ed58d95)
  2. BUG: ebtree: ebst_lookup() could return the wrong entry

    Willy Tarreau authored
    (from ebtree 6.0.7)
    
    Julien Thomas provided a reproducible test case where a string lookup
    could return the wrong node. The issue is caused by the jump to a node
    which contains less bit in common than the previous node, making the
    string_equal_bits() function return -1. We must not remember more bits
    than the number on the node, otherwise we can be tempted to trust them
    while they can change while running down.
    
    For a valid test case, enter : "0", "WW", "W", "S", and lookup "W".
    Previously, "S" was returned.
    
    Note: string-based ebtrees are used in haproxy in ACL, peers and
    stick-tables. ACLs are not affected because all patterns are
    interchangeable. stick-tables are not affected because lookups are
    performed using ebmb_lookup(). Only peers might be affected though
    it is not easy to infirm or confirm the issue.
    
    (cherry picked from commit dd47a54103597458887d3cc8414853a541aee9c1)
    (cherry picked from commit 007257ebab378d260c8a0d6b53d1916f9d4fc174)
  3. BUG: tcp: option nolinger does not work on backends

    Willy Tarreau authored
    Daniel Rankov reported that "option nolinger" is inefficient on backends.
    The reason is that it is set on the file descriptor only, which does not
    prevent haproxy from performing a clean shutdown() before closing. We must
    set the flag on the stream_interface instead if we want an RST to be emitted
    upon active close.
    
    (cherry picked from commit f6f8225390c8b9b15fcc53f6736b09a7e4aeefca)
Commits on Oct 31, 2011
  1. BUG/MEDIUM: checks: fix slowstart behaviour when server tracking is i…

    Willy Tarreau authored
    …n use
    
    Ludovic Levesque reported and diagnosed an annoying bug. When a server is
    configured to track another one and has a slowstart interval set, it's
    assigned a minimal weight when the tracked server goes back up but keeps
    this weight forever.
    
    This is because the throttling during the warmup phase is only computed
    in the health checking function.
    
    After several attempts to resolve the issue, the only real solution is to
    split the check processing task in two tasks, one for the checks and one
    for the warmup. Each server with a slowstart setting has a warmum task
    which is responsible for updating the server's weight after a down to up
    transition. The task does not run in othe situations.
    
    In the end, the fix is neither complex nor long and should be backported
    to 1.4 since the issue was detected there first.
    (cherry picked from commit 2e99390fafd576ca04265e32f7fb8d6b209252d5)
  2. MINOR: task: new function task_schedule() to schedule a wake up

    Willy Tarreau authored
    This function is used when a task should be woken up at most at a given
    date. This will be used with rate shapers.
    
    [Note: this backport is needed only for next patch]
    
    (cherry picked from commit 26e4881a2d56cb191e5259ea74528a50ea2c098b)
Commits on Oct 9, 2011
  1. @sagiba

    BUG/MINOR: fix options forwardfor if-none when an alternative header …

    sagiba authored Willy Tarreau committed
    …name is specified
    
    (cherry picked from commit 1611e2d4a199c12ed5ff8d43b182f117863fcb78)
Commits on Sep 16, 2011
  1. [RELEASE] Released version 1.4.18

    Willy Tarreau authored
    Released version 1.4.18 with the following main changes :
        - [MINOR] http: *_dom matching header functions now also split on ":"
        - [MINOR] halog: support backslash-escaped quotes
        - BUILD/MINOR: fix the source URL in the spec file
        - DOC: acl is http_first_req, not http_req_first
        - BUG/MEDIUM: don't trim last spaces from headers consisting only of spaces
        - MINOR: acl: add new matches for header/path/url length
        - [MINOR] halog: do not consider byte 0x8A as end of line
        - [OPTIM] halog: make fgets parse more bytes by blocks
        - [OPTIM] halog: add assembly version of the field lookup code
        - [CLEANUP] startup: report only the basename in the usage message
        - [DOC] update the README file to reflect new naming rules for patches
        - BUILD: halog: make halog build on solaris
  2. BUILD: halog: make halog build on solaris

    Willy Tarreau authored
    Solaris' "rm" command does not support -v. Also, specify CC=gcc
    because "cc" generally is not gcc there.
  3. [DOC] update the README file to reflect new naming rules for patches

    Willy Tarreau authored
    Those will be in effect after 1.5-dev7 is released.
    (cherry picked from commit 9a639a13cd47f7be0c90456ebab17008edf22d25)
  4. [CLEANUP] startup: report only the basename in the usage message

    Willy Tarreau authored
    Don't write the full path to the program, just the program name.
    (cherry picked from commit 3bafcdc07ec1b5f46247a146ba1c6221f2a89ea7)
  5. [OPTIM] halog: add assembly version of the field lookup code

    Willy Tarreau authored
    Gcc tries to be a bit too smart in these small loops and the result is
    that on i386 we waste a lot of time there. By recoding these loops in
    assembly, we save up to 23% total processing time on i386! The savings
    on x86_64 are much lower, probably because there are more registers and
    gcc has to do less tricks. However, those savings vary a lot between gcc
    versions and even cause harm on some of them (eg: 4.4) because gcc does
    not know how to optimize the code once inlined.
    
    However, by recoding field_start() in C to try to match the assembly
    code as much as possible, we can significantly reduce its execution
    time without risking the negative impacts. Thus, the assembly version
    is less interesting there but still worth being used on some compilers.
    (cherry picked from commit f9042060c9db073e3e4143b87fec236c4f9f4e74)
  6. [OPTIM] halog: make fgets parse more bytes by blocks

    Willy Tarreau authored
    By adding a "landing area" at the end of the buffer, it becomes safe to
    parse more bytes at once. On 32-bit this makes fgets run about 4% faster
    but it does not save anything on 64-bit.
    (cherry picked from commit 31a02e9c5bbfc36da3e84cb13e3a48086485beb1)
  7. [MINOR] http: *_dom matching header functions now also split on ":"

    Finn Arne Gangstad authored Willy Tarreau committed
    *_dom is mostly used for matching Host headers, and host headers may
    include port numbers. To avoid having to create multiple rules with
    and without :<port-number> in hdr_dom rules, change the *_dom
    matching functions to also handle : as a delimiter.
    
    Typically there are rules like this in haproxy.cfg:
    
      acl is_foo  hdr_dom(host) www.foo.com
    
    Most clients send "Host: www.foo.com" in their HTTP header, but some
    send "Host: www.foo.com:80" (which is allowed), and the above
    rule will now work for those clients as well.
    
    [Note: patch was edited before merge, any unexpected bug is mine /willy]
    (cherry picked from commit e8c7ecc2ddecab4366a46cd949dc8a56d425fabc)
  8. [MINOR] halog: do not consider byte 0x8A as end of line

    Willy Tarreau authored
    A bug in the algorithm used to find an LF in multiple bytes at once
    made byte 0x80 trigger detection of byte 0x00, thus 0x8A matches byte
    0x0A. In practice, this issue never happens since byte 0x8A won't be
    displayed in logs (or it will be encoded). This could still possibly
    happen in mixed logs.
    (cherry picked from commit 96c148b0d22f461afe5d345ca9d93d0e8ccc7e78)
Something went wrong with that request. Please try again.