Changes - j0ke.net Open Build Service

Changes of Revision 51

[-] [+]	Changed	_service
@@ -3,5 +3,5 @@ - <param name="protocol">http</param><param name="host">haproxy.1wt.eu</param><param name="path">/download/1.5/src/haproxy-1.5.8.tar.gz</param></service> + <param name="protocol">http</param><param name="host">haproxy.1wt.eu</param><param name="path">/download/1.5/src/haproxy-1.5.9.tar.gz</param></service> </services> \ No newline at end of file
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/CHANGELOG ^
@@ -1,6 +1,22 @@ ChangeLog : =========== +2014/11/26 : 1.5.9 + - BUILD: fix "make install" to support spaces in the install dirs + - BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks + - BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM. + - BUG/MINOR: samples: fix unnecessary memcopy converting binary to string. + - BUG/MEDIUM: connection: sanitize PPv2 header length before parsing address information + - BUG/MEDIUM: pattern: don't load more than once a pattern list. + - BUG/MEDIUM: ssl: force a full GC in case of memory shortage + - BUG/MINOR: config: don't inherit the default balance algorithm in frontends + - BUG/MAJOR: frontend: initialize capture pointers earlier + - BUG/MINOR: stats: correctly set the request/response analysers + - DOC: fix typo in the body parser documentation for msg.sov + - BUG/MINOR: peers: the buffer size is global.tune.bufsize, not trash.size + - MINOR: sample: add a few basic internal fetches (nbproc, proc, stopping) + - BUG/MAJOR: sessions: unlink session from list on out of memory + 2014/10/31 : 1.5.8 - BUG/MAJOR: buffer: check the space left is enough or not when input data in a buffer is wrapped - BUG/BUILD: revert accidental change in the makefile from latest SSL fix
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/Makefile ^
@@ -710,19 +710,19 @@ $(CC) $(COPTS) -DDEFAULT_MMAP_THRESHOLD=$(DLMALLOC_THRES) -c -o $@ $< install-man: - install -d $(DESTDIR)$(MANDIR)/man1 - install -m 644 doc/haproxy.1 $(DESTDIR)$(MANDIR)/man1 + install -d "$(DESTDIR)$(MANDIR)"/man1 + install -m 644 doc/haproxy.1 "$(DESTDIR)$(MANDIR)"/man1 install-doc: - install -d $(DESTDIR)$(DOCDIR) + install -d "$(DESTDIR)$(DOCDIR)" for x in configuration architecture haproxy-en haproxy-fr; do \ - install -m 644 doc/$$x.txt $(DESTDIR)$(DOCDIR) ; \ + install -m 644 doc/$$x.txt "$(DESTDIR)$(DOCDIR)" ; \ done install-bin: haproxy haproxy-systemd-wrapper - install -d $(DESTDIR)$(SBINDIR) - install haproxy $(DESTDIR)$(SBINDIR) - install haproxy-systemd-wrapper $(DESTDIR)$(SBINDIR) + install -d "$(DESTDIR)$(SBINDIR)" + install haproxy "$(DESTDIR)$(SBINDIR)" + install haproxy-systemd-wrapper "$(DESTDIR)$(SBINDIR)" install: install-bin install-man install-doc
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/README ^
@@ -1,9 +1,9 @@ ---------------------- HAProxy how-to ---------------------- - version 1.5.8 + version 1.5.9 willy tarreau - 2014/10/31 + 2014/11/25 1) How to build it
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/VERDATE ^
@@ -1,2 +1,2 @@ $Format:%ci$ -2014/10/31 +2014/11/25
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/VERSION ^
@@ -1 +1 @@ -1.5.8 +1.5.9
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/doc/configuration.txt ^
@@ -2,9 +2,9 @@ HAProxy Configuration Manual ---------------------- - version 1.5.8 + version 1.5.9 willy tarreau - 2014/10/31 + 2014/11/25 This document covers the configuration language as implemented in the version @@ -10180,6 +10180,11 @@ tcp-request content accept if ! too_fast tcp-request content accept if WAIT_END +nbproc : integer + Returns an integer value corresponding to the number of processes that were + started (it equals the global "nbproc" setting). This is useful for logging + and debugging purposes. + nbsrv([<backend>]) : integer Returns an integer value corresponding to the number of usable servers of either the current backend or the named backend. This is mostly used with @@ -10188,6 +10193,11 @@ to handle some load. It is useful to report a failure when combined with "monitor fail". +proc : integer + Returns an integer value corresponding to the position of the process calling + the function, between 1 and global.nbproc. This is useful for logging and + debugging purposes. + queue([<backend>]) : integer Returns the total number of queued connections of the designated backend, including all the connections in server queues. If no backend name is @@ -10238,6 +10248,11 @@ acl srv2_full srv_sess_rate(be1/srv2) gt 50 use_backend be2 if srv1_full or srv2_full +stopping : boolean + Returns TRUE if the process calling the function is currently stopping. This + can be useful for logging, or for relaxing certain checks or helping close + certain connections upon graceful shutdown. + table_avl([<table>]) : integer Returns the total number of available entries in the current proxy's stick-table or in the designated stick-table. See also table_cnt.
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/doc/internals/body-parsing.txt ^
@@ -69,7 +69,7 @@ msg.sov : start of value. First character of the header's value in the header states, start of the body in the data states. Strictly positive values indicate that headers were not forwarded yet (<buf.p> is - before the start of the body), and null or positive values are seen + before the start of the body), and null or negative values are seen after headers are forwarded (<buf.p> is at or past the start of the body). The value stops changing when data start to leave the buffer (in order to avoid integer overflows). So the maximum possible range
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/examples/haproxy.spec ^
@@ -1,6 +1,6 @@ Summary: HA-Proxy is a TCP/HTTP reverse proxy for high availability environments Name: haproxy -Version: 1.5.8 +Version: 1.5.9 Release: 1 License: GPL Group: System Environment/Daemons @@ -76,6 +76,9 @@ %attr(0755,root,root) %config %{_sysconfdir}/rc.d/init.d/%{name} %changelog +* Wed Nov 26 2014 Willy Tarreau <w@1wt.eu> +- updated to 1.5.9 + * Fri Oct 31 2014 Willy Tarreau <w@1wt.eu> - updated to 1.5.8
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/include/proto/pattern.h ^
@@ -206,7 +206,8 @@ / void pattern_init_expr(struct pattern_expr expr); struct pattern_expr pattern_lookup_expr(struct pattern_head head, struct pat_ref ref); -struct pattern_expr pattern_new_expr(struct pattern_head head, struct pat_ref ref, char *err); +struct pattern_expr pattern_new_expr(struct pattern_head head, struct pat_ref ref, + char *err, int reuse); struct sample_storage *pattern_find_smp(struct pattern_expr expr, struct pat_ref_elt elt); int pattern_delete(struct pattern_expr expr, struct pat_ref_elt *ref);
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/include/types/checks.h ^
@@ -125,6 +125,7 @@ }; struct check { + struct xprt_ops xprt; / transport layer operations for health checks / struct connection conn; /* connection state for health checks / unsigned short port; / the port to use for the health checks / struct buffer bi, bo; / input and output buffers to send/recv check / @@ -132,7 +133,7 @@ struct timeval start; / last health check start time / long duration; / time in ms took to finish last health check / short status, code; / check result, check code / - char desc[HCHK_DESC_LEN]; / health check descritpion / + char desc[HCHK_DESC_LEN]; / health check description / int use_ssl; / use SSL for health checks / int send_proxy; / send a PROXY protocol header with checks / struct tcpcheck_rule current_step; /* current step when using tcpcheck */
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/include/types/server.h ^
@@ -194,7 +194,6 @@ struct { /* configuration used by health-check and agent-check / struct protocol proto; /* server address protocol for health checks / - struct xprt_ops xprt; /* transport layer operations for health checks / struct sockaddr_storage addr; / the address to check, if different from <addr> */ } check_common;
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/src/acl.c ^
@@ -532,7 +532,7 @@ } /* Create new pattern expression associated to this reference. */ - pattern_expr = pattern_new_expr(&expr->pat, ref, err); + pattern_expr = pattern_new_expr(&expr->pat, ref, err, NULL); if (!pattern_expr) goto out_free_expr;
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/src/cfgparse.c ^
@@ -2003,7 +2003,6 @@ curproxy->no_options = defproxy.no_options; curproxy->no_options2 = defproxy.no_options2; curproxy->bind_proc = defproxy.bind_proc; - curproxy->lbprm.algo = defproxy.lbprm.algo; curproxy->except_net = defproxy.except_net; curproxy->except_mask = defproxy.except_mask; curproxy->except_to = defproxy.except_to; @@ -2037,6 +2036,7 @@ } if (curproxy->cap & PR_CAP_BE) { + curproxy->lbprm.algo = defproxy.lbprm.algo; curproxy->fullconn = defproxy.fullconn; curproxy->conn_retries = defproxy.conn_retries; curproxy->max_ka_queue = defproxy.max_ka_queue;
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/src/checks.c ^
@@ -1413,7 +1413,7 @@ /* prepare a new connection */ conn_init(conn); - conn_prepare(conn, s->check_common.proto, s->check_common.xprt); + conn_prepare(conn, s->check_common.proto, check->xprt); conn_attach(conn, check, &check_conn_cb); conn->target = &s->obj_type;
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/src/connection.c ^
@@ -424,6 +424,9 @@ case 0x01: /* PROXY command / switch (hdr_v2->fam) { case 0x11: / TCPv4 / + if (ntohs(hdr_v2->len) < PP2_ADDR_LEN_INET) + goto bad_header; + ((struct sockaddr_in )&conn->addr.from)->sin_family = AF_INET; ((struct sockaddr_in )&conn->addr.from)->sin_addr.s_addr = hdr_v2->addr.ip4.src_addr; ((struct sockaddr_in )&conn->addr.from)->sin_port = hdr_v2->addr.ip4.src_port; @@ -433,6 +436,9 @@ conn->flags \|= CO_FL_ADDR_FROM_SET \| CO_FL_ADDR_TO_SET; break; case 0x21: /* TCPv6 / + if (ntohs(hdr_v2->len) < PP2_ADDR_LEN_INET6) + goto bad_header; + ((struct sockaddr_in6 )&conn->addr.from)->sin6_family = AF_INET6; memcpy(&((struct sockaddr_in6 )&conn->addr.from)->sin6_addr, hdr_v2->addr.ip6.src_addr, 16); ((struct sockaddr_in6 )&conn->addr.from)->sin6_port = hdr_v2->addr.ip6.src_port;
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/src/frontend.c ^
@@ -106,11 +106,17 @@ if (global.tune.client_rcvbuf) setsockopt(cfd, SOL_SOCKET, SO_RCVBUF, &global.tune.client_rcvbuf, sizeof(global.tune.client_rcvbuf)); - if (unlikely(s->fe->nb_req_cap > 0 && (s->txn.req.cap = pool_alloc2(s->fe->req_cap_pool)) == NULL)) - goto out_return; /* no memory / + if (unlikely(s->fe->nb_req_cap > 0)) { + if ((s->txn.req.cap = pool_alloc2(s->fe->req_cap_pool)) == NULL) + goto out_return; / no memory / + memset(s->txn.req.cap, 0, s->fe->nb_req_cap sizeof(void )); + } - if (unlikely(s->fe->nb_rsp_cap > 0 && (s->txn.rsp.cap = pool_alloc2(s->fe->rsp_cap_pool)) == NULL)) - goto out_free_reqcap; / no memory / + if (unlikely(s->fe->nb_rsp_cap > 0)) { + if ((s->txn.rsp.cap = pool_alloc2(s->fe->rsp_cap_pool)) == NULL) + goto out_free_reqcap; / no memory / + memset(s->txn.rsp.cap, 0, s->fe->nb_rsp_cap sizeof(void )); + } if (s->fe->http_needed) { / we have to allocate header indexes only if we know
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/src/pattern.c ^
@@ -1855,12 +1855,19 @@ * <ref> can be NULL. If an error is occured, the function returns NULL and * <err> is filled. Otherwise, the function returns new pattern_expr linked * with <head> and <ref>. + * + * The returned value can be a alredy filled pattern list, in this case the + * flag <reuse> is set. / -struct pattern_expr pattern_new_expr(struct pattern_head head, struct pat_ref ref, char *err) +struct pattern_expr pattern_new_expr(struct pattern_head head, struct pat_ref ref, + char *err, int reuse) { struct pattern_expr expr; struct pattern_expr_list list; + if (reuse) + reuse = 0; + / Memory and initialization of the chain element. / list = malloc(sizeof(list)); if (!list) { @@ -1915,6 +1922,8 @@ * with ref and we must not free it. / list->do_free = 0; + if (reuse) + reuse = 1; } /* The new list element reference the pattern_expr. / @@ -2087,6 +2096,7 @@ struct pat_ref ref; struct pattern_expr expr; struct pat_ref_elt elt; + int reuse; /* Lookup for the existing reference. / ref = pat_ref_lookup(filename); @@ -2161,12 +2171,20 @@ / expr = pattern_lookup_expr(head, ref); if (!expr \|\| (expr->mflags != patflags)) { - expr = pattern_new_expr(head, ref, err); + expr = pattern_new_expr(head, ref, err, &reuse); if (!expr) return 0; expr->mflags = patflags; } + /* The returned expression may be not empty, because the function + * "pattern_new_expr" lookup for similar pattern list and can + * reuse a already filled pattern list. In this case, we can not + * reload the patterns. + / + if (reuse) + return 1; + / Load reference content in the pattern expression. */ list_for_each_entry(elt, &ref->head, list) { if (!pat_ref_push(elt, expr, patflags, err)) {
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/src/peers.c ^
@@ -1240,7 +1240,7 @@ if ((s->req->buf = pool_alloc2(pool2_buffer)) == NULL) goto out_fail_req_buf; /* no memory / - s->req->buf->size = trash.size; + s->req->buf->size = global.tune.bufsize; channel_init(s->req); s->req->prod = &s->si[0]; s->req->cons = &s->si[1]; @@ -1266,7 +1266,7 @@ if ((s->rep->buf = pool_alloc2(pool2_buffer)) == NULL) goto out_fail_rep_buf; / no memory */ - s->rep->buf->size = trash.size; + s->rep->buf->size = global.tune.bufsize; channel_init(s->rep); s->rep->prod = &s->si[1]; s->rep->cons = &s->si[0];
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/src/proto_http.c ^
@@ -4086,8 +4086,7 @@ select_compression_request_header(s, req->buf); /* enable the minimally required analyzers to handle keep-alive and compression on the HTTP response */ - req->analysers = (req->analysers & AN_REQ_HTTP_BODY) \| - AN_REQ_HTTP_XFER_BODY \| AN_RES_WAIT_HTTP \| AN_RES_HTTP_PROCESS_BE \| AN_RES_HTTP_XFER_BODY; + req->analysers = (req->analysers & AN_REQ_HTTP_BODY) \| AN_REQ_HTTP_XFER_BODY; goto done; }
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/src/sample.c ^
@@ -497,27 +497,20 @@ return 1; } -/* The sample is always copied into a new one so that smp->size is always - * valid. The NULL char always enforces the end of string if it is met. +/* + * The NULL char always enforces the end of string if it is met. + * Data is never changed, so we can ignore the CONST case / static int c_bin2str(struct sample smp) { - struct chunk trash = get_trash_chunk(); - unsigned char c; - int ptr = 0; + int i; - while (ptr < smp->data.str.len) { - c = smp->data.str.str[ptr]; - if (!c) + for (i = 0; i < smp->data.str.len; i++) { + if (!smp->data.str.str[i]) { + smp->data.str.len = i; break; - trash->str[ptr] = c; - ptr++; + } } - trash->len = ptr; - trash->str[ptr] = 0; - smp->data.str = trash; - smp->type = SMP_T_STR; - smp->flags &= ~SMP_F_CONST; return 1; } @@ -1345,6 +1338,26 @@ return 1; } +/* returns the number of processes / +static int +smp_fetch_nbproc(struct proxy px, struct session s, void l7, unsigned int opt, + const struct arg args, struct sample smp, const char kw) +{ + smp->type = SMP_T_UINT; + smp->data.uint = global.nbproc; + return 1; +} + +/ returns the number of the current process (between 1 and nbproc / +static int +smp_fetch_proc(struct proxy px, struct session s, void l7, unsigned int opt, + const struct arg args, struct sample smp, const char kw) +{ + smp->type = SMP_T_UINT; + smp->data.uint = relative_pid; + return 1; +} + / generate a random 32-bit integer for whatever purpose, with an optional * range specified in argument. / @@ -1363,6 +1376,16 @@ return 1; } +/ returns true if the current process is stopping / +static int +smp_fetch_stopping(struct proxy px, struct session s, void l7, unsigned int opt, + const struct arg args, struct sample smp, const char kw) +{ + smp->type = SMP_T_BOOL; + smp->data.uint = stopping; + return 1; +} + / Note: must not be declared <const> as its list will be overwritten. * Note: fetches that may return multiple types must be declared as the lowest * common denominator, the type that can be casted into all other ones. For @@ -1373,7 +1396,10 @@ { "always_true", smp_fetch_true, 0, NULL, SMP_T_BOOL, SMP_USE_INTRN }, { "env", smp_fetch_env, ARG1(1,STR), NULL, SMP_T_STR, SMP_USE_INTRN }, { "date", smp_fetch_date, ARG1(0,SINT), NULL, SMP_T_UINT, SMP_USE_INTRN }, + { "nbproc", smp_fetch_nbproc,0, NULL, SMP_T_UINT, SMP_USE_INTRN }, + { "proc", smp_fetch_proc, 0, NULL, SMP_T_UINT, SMP_USE_INTRN }, { "rand", smp_fetch_rand, ARG1(0,UINT), NULL, SMP_T_UINT, SMP_USE_INTRN }, + { "stopping", smp_fetch_stopping, 0, NULL, SMP_T_BOOL, SMP_USE_INTRN }, { /* END */ }, }};
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/src/server.c ^
@@ -929,7 +929,7 @@ newsrv->addr = *sk; newsrv->proto = newsrv->check_common.proto = protocol_by_family(newsrv->addr.ss_family); - newsrv->xprt = newsrv->check_common.xprt = &raw_sock; + newsrv->xprt = newsrv->check.xprt = newsrv->agent.xprt = &raw_sock; if (!newsrv->proto) { Alert("parsing [%s:%d] : Unknown protocol family %d '%s'\n",
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/src/session.c ^
@@ -579,6 +579,7 @@ /* and restore the connection pointer in case we destroyed it, * because kill_mini_session() will need it. */ + LIST_DEL(&s->list); s->target = &conn->obj_type; return ret; }
[-] [+]	Changed	_service:download_url:haproxy-1.5.9.tar.gz/src/ssl_sock.c ^
@@ -1812,7 +1812,7 @@ if (srv->use_ssl) srv->xprt = &ssl_sock; if (srv->check.use_ssl) - srv->check_common.xprt = &ssl_sock; + srv->check.xprt = &ssl_sock; srv->ssl_ctx.ctx = SSL_CTX_new(SSLv23_client_method()); if (!srv->ssl_ctx.ctx) { @@ -2033,22 +2033,51 @@ /* If it is in client mode initiate SSL session in connect state otherwise accept state / if (objt_server(conn->target)) { + int may_retry = 1; + + retry_connect: / Alloc a new SSL session ctx / conn->xprt_ctx = SSL_new(objt_server(conn->target)->ssl_ctx.ctx); if (!conn->xprt_ctx) { + if (may_retry--) { + pool_gc2(); + goto retry_connect; + } conn->err_code = CO_ER_SSL_NO_MEM; return -1; } - SSL_set_connect_state(conn->xprt_ctx); - if (objt_server(conn->target)->ssl_ctx.reused_sess) - SSL_set_session(conn->xprt_ctx, objt_server(conn->target)->ssl_ctx.reused_sess); - / set fd on SSL session context / - SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd); + if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) { + SSL_free(conn->xprt_ctx); + conn->xprt_ctx = NULL; + if (may_retry--) { + pool_gc2(); + goto retry_connect; + } + conn->err_code = CO_ER_SSL_NO_MEM; + return -1; + } / set connection pointer / - SSL_set_app_data(conn->xprt_ctx, conn); + if (!SSL_set_app_data(conn->xprt_ctx, conn)) { + SSL_free(conn->xprt_ctx); + conn->xprt_ctx = NULL; + if (may_retry--) { + pool_gc2(); + goto retry_connect; + } + conn->err_code = CO_ER_SSL_NO_MEM; + return -1; + } + + SSL_set_connect_state(conn->xprt_ctx); + if (objt_server(conn->target)->ssl_ctx.reused_sess) { + if(!SSL_set_session(conn->xprt_ctx, objt_server(conn->target)->ssl_ctx.reused_sess)) { + SSL_SESSION_free(objt_server(conn->target)->ssl_ctx.reused_sess); + objt_server(conn->target)->ssl_ctx.reused_sess = NULL; + } + } / leave init state and start handshake / conn->flags \|= CO_FL_SSL_WAIT_HS \| CO_FL_WAIT_L6_CONN; @@ -2058,20 +2087,45 @@ return 0; } else if (objt_listener(conn->target)) { + int may_retry = 1; + + retry_accept: / Alloc a new SSL session ctx / conn->xprt_ctx = SSL_new(objt_listener(conn->target)->bind_conf->default_ctx); if (!conn->xprt_ctx) { + if (may_retry--) { + pool_gc2(); + goto retry_accept; + } conn->err_code = CO_ER_SSL_NO_MEM; return -1; } - SSL_set_accept_state(conn->xprt_ctx); - / set fd on SSL session context / - SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd); + if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) { + SSL_free(conn->xprt_ctx); + conn->xprt_ctx = NULL; + if (may_retry--) { + pool_gc2(); + goto retry_accept; + } + conn->err_code = CO_ER_SSL_NO_MEM; + return -1; + } / set connection pointer / - SSL_set_app_data(conn->xprt_ctx, conn); + if (!SSL_set_app_data(conn->xprt_ctx, conn)) { + SSL_free(conn->xprt_ctx); + conn->xprt_ctx = NULL; + if (may_retry--) { + pool_gc2(); + goto retry_accept; + } + conn->err_code = CO_ER_SSL_NO_MEM; + return -1; + } + + SSL_set_accept_state(conn->xprt_ctx); / leave init state and start handshake */ conn->flags \|= CO_FL_SSL_WAIT_HS \| CO_FL_WAIT_L6_CONN;