upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-20 00:10:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 12
haproxy/src/haproxy.c

2942 lines
79 KiB
C
Raw Normal View History

[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* HA-Proxy : High Availability-enabled HTTP/TCP proxy
[RELEASE] Released version 1.8-dev1 Released version 1.8-dev1 with the following main changes : - BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos - BUG/MINOR: stats: make field_str() return an empty string on NULL - DOC: Spelling fixes - BUG/MEDIUM: http: Fix tunnel mode when the CONNECT method is used - BUG/MINOR: http: Keep the same behavior between 1.6 and 1.7 for tunneled txn - BUG/MINOR: filters: Protect args in macros HAS_DATA_FILTERS and IS_DATA_FILTER - BUG/MINOR: filters: Invert evaluation order of HTTP_XFER_BODY and XFER_DATA analyzers - BUG/MINOR: http: Call XFER_DATA analyzer when HTTP txn is switched in tunnel mode - BUG/MAJOR: stream: fix session abort on resource shortage - OPTIM: stream-int: don't disable polling anymore on DONT_READ - BUG/MINOR: cli: allow the backslash to be escaped on the CLI - BUG/MEDIUM: cli: fix "show stat resolvers" and "show tls-keys" - DOC: Fix map table's format - DOC: Added 51Degrees conv and fetch functions to documentation. - BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect - DOC: mention that req_tot is for both frontends and backends - BUG/MEDIUM: variables: some variable name can hide another ones - MINOR: lua: Allow argument for actions - BUILD: rearrange target files by build time - CLEANUP: hlua: just indent functions - MINOR: lua: give HAProxy variable access to the applets - BUG/MINOR: stats: fix be/sessions/max output in html stats - MINOR: proxy: Add fe_name/be_name fetchers next to existing fe_id/be_id - DOC: lua: Documentation about some entry missing - DOC: lua: Add documentation about variable manipulation from applet - MINOR: Do not forward the header "Expect: 100-continue" when the option http-buffer-request is set - DOC: Add undocumented argument of the trace filter - DOC: Fix some typo in SPOE documentation - MINOR: cli: Remove useless call to bi_putchk - BUG/MINOR: cli: be sure to always warn the cli applet when input buffer is full - MINOR: applet: Count number of (active) applets - MINOR: task: Rename run_queue and run_queue_cur counters - BUG/MEDIUM: stream: Save unprocessed events for a stream - BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled - BUILD/MEDIUM: Fixing the build using LibreSSL - BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2) - SCRIPTS: git-show-backports: fix a harmless typo - SCRIPTS: git-show-backports: add -H to use the hash of the commit message - BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW - CLEANUP: applet/lua: create a dedicated ->fcn entry in hlua_cli context - CLEANUP: applet/table: add an "action" entry in ->table context - CLEANUP: applet: remove the now unused appctx->private field - DOC: lua: documentation about time parser functions - DOC: lua: improve links - DOC: lua: section declared twice - MEDIUM: cli: 'show cli sockets' list the CLI sockets - BUG/MINOR: cli: "show cli sockets" wouldn't list all processes - BUG/MINOR: cli: "show cli sockets" would always report process 64 - CLEANUP: lua: rename one of the lua appctx union - BUG/MINOR: lua/cli: bad error message - MEDIUM: lua: use memory pool for hlua struct in applets - MINOR: lua/signals: Remove Lua part from signals. - DOC: cli: show cli sockets - MINOR: cli: automatically enable a CLI I/O handler when there's no parser - CLEANUP: memory: remove the now unused cli_parse_show_pools() function - CLEANUP: applet: group all CLI contexts together - CLEANUP: stats: move a misplaced stats context initialization - MINOR: cli: add two general purpose pointers and integers in the CLI struct - MINOR: appctx/cli: remove the cli_socket entry from the appctx union - MINOR: appctx/cli: remove the env entry from the appctx union - MINOR: appctx/cli: remove the "be" entry from the appctx union - MINOR: appctx/cli: remove the "dns" entry from the appctx union - MINOR: appctx/cli: remove the "server_state" entry from the appctx union - MINOR: appctx/cli: remove the "tlskeys" entry from the appctx union - CONTRIB: tcploop: add limits.h to fix build issue with some compilers - MINOR/DOC: lua: just precise one thing - DOC: fix small typo in fe_id (backend instead of frontend) - BUG/MINOR: Fix the sending function in Lua's cosocket - BUG/MINOR: lua: memory leak executing tasks - BUG/MINOR: lua: bad return code - BUG/MINOR: lua: memleak when Lua/cli fails - MEDIUM: lua: remove Lua struct from session, and allocate it with memory pools - CLEANUP: haproxy: statify unexported functions - MINOR: haproxy: add a registration for build options - CLEANUP: wurfl: use the build options list to report it - CLEANUP: 51d: use the build options list to report it - CLEANUP: da: use the build options list to report it - CLEANUP: namespaces: use the build options list to report it - CLEANUP: tcp: use the build options list to report transparent modes - CLEANUP: lua: use the build options list to report it - CLEANUP: regex: use the build options list to report the regex type - CLEANUP: ssl: use the build options list to report the SSL details - CLEANUP: compression: use the build options list to report the algos - CLEANUP: auth: use the build options list to report its support - MINOR: haproxy: add a registration for post-check functions - CLEANUP: checks: make use of the post-init registration to start checks - CLEANUP: filters: use the function registration to initialize all proxies - CLEANUP: wurfl: make use of the late init registration - CLEANUP: 51d: make use of the late init registration - CLEANUP: da: make use of the late init registration code - MINOR: haproxy: add a registration for post-deinit functions - CLEANUP: wurfl: register the deinit function via the dedicated list - CLEANUP: 51d: register the deinitialization function - CLEANUP: da: register the deinitialization function - CLEANUP: wurfl: move global settings out of the global section - CLEANUP: 51d: move global settings out of the global section - CLEANUP: da: move global settings out of the global section - MINOR: cfgparse: add two new functions to check arguments count - MINOR: cfgparse: move parsing of "ca-base" and "crt-base" to ssl_sock - MEDIUM: cfgparse: move all tune.ssl.* keywords to ssl_sock - MEDIUM: cfgparse: move maxsslconn parsing to ssl_sock - MINOR: cfgparse: move parsing of ssl-default-{bind,server}-ciphers to ssl_sock - MEDIUM: cfgparse: move ssl-dh-param-file parsing to ssl_sock - MEDIUM: compression: move the zlib-specific stuff from global.h to compression.c - BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake - BUG/MEDIUM: ssl: avoid double free when releasing bind_confs - BUG/MINOR: stats: fix be/sessions/current out in typed stats - MINOR: tcp-rules: check that the listener exists before updating its counters - MEDIUM: spoe: don't create a dummy listener for outgoing connections - MINOR: listener: move the transport layer pointer to the bind_conf - MEDIUM: move listener->frontend to bind_conf->frontend - MEDIUM: ssl: remote the proxy argument from most functions - MINOR: connection: add a new prepare_bind_conf() entry to xprt_ops - MEDIUM: ssl_sock: implement ssl_sock_prepare_bind_conf() - MINOR: connection: add a new destroy_bind_conf() entry to xprt_ops - MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf() - MINOR: server: move the use_ssl field out of the ifdef USE_OPENSSL - MINOR: connection: add a minimal transport layer registration system - CLEANUP: connection: remove all direct references to raw_sock and ssl_sock - CLEANUP: connection: unexport raw_sock and ssl_sock - MINOR: connection: add new prepare_srv()/destroy_srv() entries to xprt_ops - MINOR: ssl_sock: implement and use prepare_srv()/destroy_srv() - CLEANUP: ssl: move tlskeys_finalize_config() to a post_check callback - CLEANUP: ssl: move most ssl-specific global settings to ssl_sock.c - BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled - BUG/MEDIUM: ssl: for a handshake when server-side SNI changes - BUG/MINOR: systemd: potential zombie processes - DOC: Add timings events schemas - BUILD: lua: build failed on FreeBSD. - MINOR: samples: add xx-hash functions - MEDIUM: regex: pcre2 support - BUG/MINOR: option prefer-last-server must be ignored in some case - MINOR: stats: Support "select all" for backend actions - BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches sc*_get_gpt0 - BUG/MAJOR: channel: Fix the definition order of channel analyzers - BUG/MINOR: http: report real parser state in error captures - BUILD: scripts: automatically update the branch in version.h when releasing - MINOR: tools: add a generic hexdump function for debugging - BUG/MAJOR: http: fix risk of getting invalid reports of bad requests - MINOR: http: custom status reason. - MINOR: connection: add sample fetch "fc_rcvd_proxy" - BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options - BUG/MINOR: tools: fix off-by-one in port size check - BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family - MEDIUM: server: split the address and the port into two different fields - MINOR: tools: make str2sa_range() return the port in a separate argument - MINOR: server: take the destination port from the port field, not the addr - MEDIUM: server: disable protocol validations when the server doesn't resolve - BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0 - BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage - BUG/MINOR: ssl: assert on SSL_set_shutdown with BoringSSL - MINOR: Use "500 Internal Server Error" for 500 error/status code message. - MINOR: proto_http.c 502 error txt typo. - DOC: add deprecation notice to "block" - MINOR: compression: fix -vv output without zlib/slz - BUG/MINOR: Reset errno variable before calling strtol(3) - MINOR: ssl: don't show prefer-server-ciphers output - OPTIM/MINOR: config: Optimize fullconn automatic computation loading configuration - BUG/MINOR: stream: Fix how backend-specific analyzers are set on a stream - MAJOR: ssl: bind configuration per certificat - MINOR: ssl: add curve suite for ECDHE negotiation - MINOR: checks: Add agent-addr config directive - MINOR: cli: Add possiblity to change agent config via CLI/socket - MINOR: doc: Add docs for agent-addr configuration variable - MINOR: doc: Add docs for agent-addr and agent-send CLI commands - BUILD: ssl: fix to build (again) with boringssl - BUILD: ssl: fix build on OpenSSL 1.0.0 - BUILD: ssl: silence a warning reported for ERR_remove_state() - BUILD: ssl: eliminate warning with OpenSSL 1.1.0 regarding RAND_pseudo_bytes() - BUILD: ssl: kill a build warning introduced by BoringSSL compatibility - BUG/MEDIUM: tcp: don't poll for write when connect() succeeds - BUG/MINOR: unix: fix connect's polling in case no data are scheduled - MINOR: server: extend the flags to 32 bits - BUG/MINOR: lua: Map.end are not reliable because "end" is a reserved keyword - MINOR: dns: give ability to dns_init_resolvers() to close a socket when requested - BUG/MAJOR: dns: restart sockets after fork() - MINOR: chunks: implement a simple dynamic allocator for trash buffers - BUG/MEDIUM: http: prevent redirect from overwriting a buffer - BUG/MEDIUM: filters: Do not truncate HTTP response when body length is undefined - BUG/MEDIUM: http: Prevent replace-header from overwriting a buffer - BUG/MINOR: http: Return an error when a replace-header rule failed on the response - BUG/MINOR: sendmail: The return of vsnprintf is not cleanly tested - BUG/MAJOR: ssl: fix a regression in ssl_sock_shutw() - BUG/MAJOR: lua segmentation fault when the request is like 'GET ?arg=val HTTP/1.1' - BUG/MEDIUM: config: reject anything but "if" or "unless" after a use-backend rule - MINOR: http: don't close when redirect location doesn't start with "/" - MEDIUM: boringssl: support native multi-cert selection without bundling - BUG/MEDIUM: ssl: fix verify/ca-file per certificate - BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING - MINOR: ssl: removes SSL_CTX_set_ssl_version call and cleanup CTX creation. - BUILD: ssl: fix build with -DOPENSSL_NO_DH - MEDIUM: ssl: add new sample-fetch which captures the cipherlist - MEDIUM: ssl: remove ssl-options from crt-list - BUG/MEDIUM: ssl: in bind line, ssl-options after 'crt' are ignored. - BUG/MINOR: ssl: fix cipherlist captures with sustainable SSL calls - MINOR: ssl: improved cipherlist captures - BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters - BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section - MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents - MINOR: spoe: Add support for pipelining/async capabilities in the SPOA example - MINOR: spoe: Remove SPOE details from the appctx structure - MINOR: spoe: Add status code in error variable instead of hardcoded value - MINOR: spoe: Send a log message when an error occurred during event processing - MINOR: spoe: Check the scope of sample fetches used in SPOE messages - MEDIUM: spoe: Be sure to wakeup the good entity waiting for a buffer - MINOR: spoe: Use the min of all known max_frame_size to encode messages - MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames - MINOR: spoe: Add support for fragmentation capability in the SPOA example - MAJOR: spoe: refactor the filter to clean up the code - MINOR: spoe: Handle NOTIFY frames cancellation using ABORT bit in ACK frames - REORG: spoe: Move struct and enum definitions in dedicated header file - REORG: spoe: Move low-level encoding/decoding functions in dedicated header file - MINOR: spoe: Improve implementation of the payload fragmentation - MINOR: spoe: Add support of negation for options in SPOE configuration file - MINOR: spoe: Add "pipelining" and "async" options in spoe-agent section - MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing - MINOR: spoe: Add "send-frag-payload" option in spoe-agent section - MINOR: spoe: Add "max-frame-size" statement in spoe-agent section - DOC: spoe: Update SPOE documentation to reflect recent changes - MINOR: config: warn when some HTTP rules are used in a TCP proxy - BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file - BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup - BUG/MINOR: Fix "get map <map> <value>" CLI command - MINOR: Add nbsrv sample converter - CLEANUP: Replace repeated code to count usable servers with be_usable_srv() - MINOR: Add hostname sample fetch - CLEANUP: Remove comment that's no longer valid - MEDIUM: http_error_message: txn->status / http_get_status_idx. - MINOR: http-request tarpit deny_status. - CLEANUP: http: make http_server_error() not set the status anymore - MEDIUM: stats: Add JSON output option to show (info|stat) - MEDIUM: stats: Add show json schema - BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer - MINOR: server: Add dynamic session cookies. - MINOR: cli: Let configure the dynamic cookies from the cli. - BUG/MINOR: checks: attempt clean shutw for SSL check - CONTRIB: tcploop: make it build on FreeBSD - CONTRIB: tcploop: fix time format to silence build warnings - CONTRIB: tcploop: report action 'K' (kill) in usage message - CONTRIB: tcploop: fix connect's address length - CONTRIB: tcploop: use the trash instead of NULL for recv() - BUG/MEDIUM: listener: do not try to rebind another process' socket - BUG/MEDIUM server: Fix crash when dynamic is defined, but not key is provided. - CLEANUP: config: Typo in comment. - BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze - TESTS: add a test configuration to stress handshake combinations - BUG/MAJOR: stream-int: do not depend on connection flags to detect connection - BUG/MEDIUM: connection: ensure to always report the end of handshakes - MEDIUM: connection: don't test for CO_FL_WAKE_DATA - CLEANUP: connection: completely remove CO_FL_WAKE_DATA - BUG: payload: fix payload not retrieving arbitrary lengths - BUILD: ssl: simplify SSL_CTX_set_ecdh_auto compatibility - BUILD: ssl: fix OPENSSL_NO_SSL_TRACE for boringssl and libressl - BUG/MAJOR: http: fix typo in http_apply_redirect_rule - MINOR: doc: 2.4. Examples should be 2.5. Examples - BUG/MEDIUM: stream: fix client-fin/server-fin handling - MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller - BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available - OPTIM: poll: enable support for POLLRDHUP - MINOR: kqueue: exclusively rely on the kqueue returned status - MEDIUM: kqueue: take care of EV_EOF to improve polling status accuracy - MEDIUM: kqueue: only set FD_POLL_IN when there are pending data - DOC/MINOR: Fix typos in proxy protocol doc - DOC: Protocol doc: add checksum, TLV type ranges - DOC: Protocol doc: add SSL TLVs, rename CHECKSUM - DOC: Protocol doc: add noop TLV - MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time - MINOR: dns: improve DNS response parsing to use as many available records as possible - BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity(). - MINOR: server: irrelevant error message with 'default-server' config file keyword. - MINOR: server: Make 'default-server' support 'backup' keyword. - MINOR: server: Make 'default-server' support 'check-send-proxy' keyword. - CLEANUP: server: code alignement. - MINOR: server: Make 'default-server' support 'non-stick' keyword. - MINOR: server: Make 'default-server' support 'send-proxy' and 'send-proxy-v2 keywords. - MINOR: server: Make 'default-server' support 'check-ssl' keyword. - MINOR: server: Make 'default-server' support 'force-sslv3' and 'force-tlsv1[0-2]' keywords. - CLEANUP: server: code alignement. - MINOR: server: Make 'default-server' support 'no-ssl*' and 'no-tlsv*' keywords. - MINOR: server: Make 'default-server' support 'ssl' keyword. - MINOR: server: Make 'default-server' support 'send-proxy-v2-ssl*' keywords. - CLEANUP: server: code alignement. - MINOR: server: Make 'default-server' support 'verify' keyword. - MINOR: server: Make 'default-server' support 'verifyhost' setting. - MINOR: server: Make 'default-server' support 'check' keyword. - MINOR: server: Make 'default-server' support 'track' setting. - MINOR: server: Make 'default-server' support 'ca-file', 'crl-file' and 'crt' settings. - MINOR: server: Make 'default-server' support 'redir' keyword. - MINOR: server: Make 'default-server' support 'observe' keyword. - MINOR: server: Make 'default-server' support 'cookie' keyword. - MINOR: server: Make 'default-server' support 'ciphers' keyword. - MINOR: server: Make 'default-server' support 'tcp-ut' keyword. - MINOR: server: Make 'default-server' support 'namespace' keyword. - MINOR: server: Make 'default-server' support 'source' keyword. - MINOR: server: Make 'default-server' support 'sni' keyword. - MINOR: server: Make 'default-server' support 'addr' keyword. - MINOR: server: Make 'default-server' support 'disabled' keyword. - MINOR: server: Add 'no-agent-check' server keyword. - DOC: server: Add docs for "server" and "default-server" new "no-*" and other settings. - MINOR: doc: fix use-server example (imap vs mail) - BUG/MEDIUM: tcp: don't require privileges to bind to device - BUILD: make the release script use shortlog for the final changelog - BUILD: scripts: fix typo in announce-release error message - CLEANUP: time: curr_sec_ms doesn't need to be exported - BUG/MEDIUM: server: Wrong server default CRT filenames initialization. - BUG/MEDIUM: peers: fix buffer overflow control in intdecode. - BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers - BUG/MINOR: http: Fix conditions to clean up a txn and to handle the next request - CLEANUP: http: Remove channel_congested function - CLEANUP: buffers: Remove buffer_bounce_realign function - CLEANUP: buffers: Remove buffer_contig_area and buffer_work_area functions - MINOR: http: remove useless check on HTTP_MSGF_XFER_LEN for the request - MINOR: http: Add debug messages when HTTP body analyzers are called - BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled - BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze - DOC: fix parenthesis and add missing "Example" tags - DOC: update the contributing file - DOC: log-format/tcplog/httplog update - MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections
2017-04-03 03:27:49 -04:00
* Copyright 2000-2017 Willy Tarreau <willy@haproxy.org>.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
DOC: update RFC references A few doc and code comment updates bumping RFC references to the new ones.
2017-04-28 09:24:30 -04:00
* Please refer to RFC7230 - RFC7235 informations about HTTP protocol, and
* RFC6265 for informations about cookies usage. More generally, the IETF HTTP
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
* Working Group's web site should be consulted for protocol related changes :
*
* http://ftp.ics.uci.edu/pub/ietf/http/
*
* Pending bugs (may be not fixed because never reproduced) :
* - solaris only : sometimes, an HTTP proxy with only a dispatch address causes
* the proxy to terminate (no core) if the client breaks the connection during
* the response. Seen on 1.1.8pre4, but never reproduced. May not be related to
* the snprintf() bug since requests were simple (GET / HTTP/1.0), but may be
* related to missing setsid() (fixed in 1.1.15)
* - a proxy with an invalid config will prevent the startup even if disabled.
*
* ChangeLog has moved to the CHANGELOG file.
*
*/
CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro. In order to properly enable sched_setaffinity, in some versions of Linux, it is rather _GNU_SOURCE than __USE_GNU (spotted on Alpine Linux for instance), also for the sake of consistency as __USE_GNU seems not used across the code and for last, it seems on Linux it is the best way to enable non portable code. On Linux glibc's based versions, it seems _GNU_SOURCE defines __USE_GNU it should be safe enough.
2015-12-08 16:43:09 -05:00
#define _GNU_SOURCE
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <ctype.h>
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
#include <dirent.h>
#include <sys/stat.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/tcp.h>
#include <netinet/in.h>
#include <arpa/inet.h>
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
#include <net/if.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <netdb.h>
#include <fcntl.h>
#include <errno.h>
#include <signal.h>
#include <stdarg.h>
#include <sys/resource.h>
MEDIUM: New cli option -Ds for systemd compatibility This patch adds a new option "-Ds" which is exactly like "-D", but instead of forking n times to get n jobs running and then exiting, prefers to wait for all the children it just created. With this done, haproxy becomes more systemd-compliant, without changing anything for other systems. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 04:53:52 -05:00
#include <sys/wait.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <time.h>
#include <syslog.h>
BUG/MEDIUM: remove supplementary groups when changing gid Without it, haproxy will retain the group membership of root, which may give more access than intended to the process. For example, haproxy would still be in the wheel group on Fedora 18, as seen with : # haproxy -f /etc/haproxy/haproxy.cfg # ps a -o pid,user,group,command | grep hapr 3545 haproxy haproxy haproxy -f /etc/haproxy/haproxy.cfg 4356 root root grep --color=auto hapr # grep Group /proc/3545/status Groups: 0 1 2 3 4 6 10 # getent group wheel wheel:x:10:root,misc [WT: The issue has been investigated by independent security research team and realized by itself not being able to allow security exploitation. Additionally, dropping groups is not allowed to unprivileged users, though this mode of deployment is quite common. Thus a warning is emitted in this case to inform the user. The fix could be backported into all supported versions as the issue has always been there. ]
2013-01-12 12:35:19 -05:00
#include <grp.h>
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
#ifdef USE_CPU_AFFINITY
#include <sched.h>
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#ifdef __FreeBSD__
#include <sys/param.h>
#include <sys/cpuset.h>
#endif
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#ifdef DEBUG_FULL
#include <assert.h>
#endif
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
#include <systemd/sd-daemon.h>
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/base64.h>
#include <common/cfgparse.h>
REORG: buffers: split buffers into chunk,buffer,channel Many parts of the channel definition still make use of the "buffer" word.
2012-08-24 13:22:53 -04:00
#include <common/chunk.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/compat.h>
#include <common/config.h>
#include <common/defaults.h>
[MINOR] move error codes to common/errors.h It's useful to be able to share error codes between C files, so move the codes currently only used in protocols to a generic file.
2007-10-28 06:14:07 -04:00
#include <common/errors.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/memory.h>
#include <common/mini-clist.h>
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 09:11:45 -05:00
#include <common/namespace.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/regex.h>
#include <common/standard.h>
#include <common/time.h>
#include <common/uri_auth.h>
#include <common/version.h>
MINOR: threads: Add nbthread parameter It is only parsed and initialized for now. It will be used later. This parameter is only available when support for threads was built in.
2017-08-29 09:37:10 -04:00
#include <common/hathreads.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <types/capture.h>
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
#include <types/filters.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <types/global.h>
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
#include <types/acl.h>
[MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate The peers and the stats socket are control sockets, they must not be limited by traffic rules.
2011-09-07 12:00:47 -04:00
#include <types/peers.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
#include <proto/acl.h>
MEDIUM: applet: implement a run queue for active appctx The new function is called for each round of polling in order to call any active appctx. For now we pick the stream interface from the appctx's owner. At the moment there's no appctx queued yet, but we have everything needed to queue them and remove them.
2015-04-19 03:59:31 -04:00
#include <proto/applet.h>
MEDIUM: sample: pass an empty list instead of a null for fetch args ACL and sample fetches use args list and it is really not convenient to check for null args everywhere. Now for empty args we pass a constant list of end of lists. It will allow us to remove many useless checks.
2012-10-19 13:49:09 -04:00
#include <proto/arg.h>
MEDIUM: applet: implement a run queue for active appctx The new function is called for each round of polling in order to call any active appctx. For now we pick the stream interface from the appctx's owner. At the moment there's no appctx queued yet, but we have everything needed to queue them and remove them.
2015-04-19 03:59:31 -04:00
#include <proto/auth.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/backend.h>
REORG: buffers: split buffers into chunk,buffer,channel Many parts of the channel definition still make use of the "buffer" word.
2012-08-24 13:22:53 -04:00
#include <proto/channel.h>
MAJOR: session: detach the connections from the stream interfaces We will need to be able to switch server connections on a session and to keep idle connections. In order to achieve this, the preliminary requirement is that the connections can survive the session and be detached from them. Right now they're still allocated at exactly the same place, so when there is a session, there are always 2 connections. We could soon improve on this by allocating the outgoing connection only during a connect(). This current patch touches a lot of code and intentionally does not change any functionnality. Performance tests show no regression (even a very minor improvement). The doc has not yet been updated.
2012-10-26 14:10:28 -04:00
#include <proto/connection.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/fd.h>
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
#include <proto/filters.h>
OPTIM/MINOR: move the hdr_idx pools out of the proxy struct It makes no sense to have one pointer to the hdr_idx pool in each proxy struct since these pools do not depend on the proxy. Let's have a common pool instead as it is already the case for other types.
2011-10-24 12:15:04 -04:00
#include <proto/hdr_idx.h>
MEDIUM: lua: lua integration in the build and init system. This is the first step of the lua integration. We add the useful files in the HAProxy project. These files contains the main includes, the Makefile options and empty initialisation function. Is is the LUA skeleton.
2015-01-23 08:06:13 -05:00
#include <proto/hlua.h>
REORG: split "protocols" files into protocol and listener It was becoming confusing to have protocols and listeners in the same files, split them.
2012-09-12 16:58:11 -04:00
#include <proto/listener.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/log.h>
MINOR: pattern: Each pattern is identified by unique id. The pattern reference are stored with two identifiers: the unique_id and the reference. The reference identify a file. Each file with the same name point to the same reference. We can register many times one file. If the file is modified, all his dependencies are also modified. The reference can be used with map or acl. The unique_id identify inline acl. The unique id is unique for each acl. You cannot force the same id in the configuration file, because this repport an error. The format of the acl and map listing through the "socket" has changed for displaying these new ids.
2014-03-11 09:29:22 -04:00
#include <proto/pattern.h>
REORG: split "protocols" files into protocol and listener It was becoming confusing to have protocols and listeners in the same files, split them.
2012-09-12 16:58:11 -04:00
#include <proto/protocol.h>
[MEDIUM] errorloc now checked first from backend then from frontend It is now possible to define an errorloc in the backend as well as in the frontend. The backend's will be used first, and if undefined, then the frontend's will be used instead. If none is used, then the original error messages will be used.
2006-12-24 11:47:20 -05:00
#include <proto/proto_http.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/proxy.h>
#include <proto/queue.h>
#include <proto/server.h>
MINOR: session: start to reintroduce struct session There is now a pointer to the session in the stream, which is NULL for now. The session pool is created as well. Some parts will move from the stream to the session now.
2015-04-03 07:53:24 -04:00
#include <proto/session.h>
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
#include <proto/stream.h>
[MEDIUM] call signal_process_queue from run_poll_loop Now we check for asynchronous pending signals. There's no user yet so this cannot cause any trouble.
2009-05-10 03:01:21 -04:00
#include <proto/signal.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/task.h>
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
#include <proto/dns.h>
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
#include <proto/vars.h>
BUILD/MINOR: build without openssl still broken As mentionned in commit cf4e496c9 ("BUG/MEDIUM: build without openssl broken"), commit 872f9c213 ("MEDIUM: ssl: add basic support for OpenSSL crypto engine") broke the build without openssl support. But the former did only fix it when openssl is not enabled, but not when it's not installed on the system : In file included from src/haproxy.c:112: include/proto/ssl_sock.h:24:25: openssl/ssl.h: No such file or directory In file included from src/haproxy.c:112: include/proto/ssl_sock.h:45: error: syntax error before "SSL_CTX" include/proto/ssl_sock.h:75: error: syntax error before '*' token include/proto/ssl_sock.h:75: warning: type defaults to `int' in declaration of `ssl_sock_create_cert' include/proto/ssl_sock.h:75: warning: data definition has no type or storage class include/proto/ssl_sock.h:76: error: syntax error before '*' token include/proto/ssl_sock.h:76: warning: type defaults to `int' in declaration of `ssl_sock_get_generated_cert' include/proto/ssl_sock.h:76: warning: data definition has no type or storage class include/proto/ssl_sock.h:77: error: syntax error before '*' token Now we also surround the include with #ifdef USE_OPENSSL to fix this. No backport is needed since openssl async engines were not backported.
2017-08-16 09:35:19 -04:00
#ifdef USE_OPENSSL
MEDIUM: ssl: add basic support for OpenSSL crypto engine This patch adds the global 'ssl-engine' keyword. First arg is an engine identifier followed by a list of default_algorithms the engine will operate. If the openssl version is too old, an error is reported when the option is used.
2017-01-20 20:10:18 -05:00
#include <proto/ssl_sock.h>
BUILD/MINOR: build without openssl still broken As mentionned in commit cf4e496c9 ("BUG/MEDIUM: build without openssl broken"), commit 872f9c213 ("MEDIUM: ssl: add basic support for OpenSSL crypto engine") broke the build without openssl support. But the former did only fix it when openssl is not enabled, but not when it's not installed on the system : In file included from src/haproxy.c:112: include/proto/ssl_sock.h:24:25: openssl/ssl.h: No such file or directory In file included from src/haproxy.c:112: include/proto/ssl_sock.h:45: error: syntax error before "SSL_CTX" include/proto/ssl_sock.h:75: error: syntax error before '*' token include/proto/ssl_sock.h:75: warning: type defaults to `int' in declaration of `ssl_sock_create_cert' include/proto/ssl_sock.h:75: warning: data definition has no type or storage class include/proto/ssl_sock.h:76: error: syntax error before '*' token include/proto/ssl_sock.h:76: warning: type defaults to `int' in declaration of `ssl_sock_get_generated_cert' include/proto/ssl_sock.h:76: warning: data definition has no type or storage class include/proto/ssl_sock.h:77: error: syntax error before '*' token Now we also surround the include with #ifdef USE_OPENSSL to fix this. No backport is needed since openssl async engines were not backported.
2017-08-16 09:35:19 -04:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] config: remove the limitation of 10 config files Now we use a linked list, there is no limit anymore.
2010-01-03 15:12:30 -05:00
/* list of config files */
static struct list cfg_cfgfiles = LIST_HEAD_INIT(cfg_cfgfiles);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
int pid; /* current process id */
[BUG] relative_pid was not initialized
2007-11-26 10:13:36 -05:00
int relative_pid = 1; /* process id starting at 1 */
CLEANUP: global: introduce variable pid_bit to avoid shifts with relative_pid At a number of places, bitmasks are used for process affinity and to map listeners to processes. Every time 1UL<<(relative_pid-1) is used. Let's create a "pid_bit" variable corresponding to this value to clean this up.
2017-11-10 13:08:14 -05:00
unsigned long pid_bit = 1; /* bit corresponding to the process id */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* global options */
struct global global = {
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
.hard_stop_after = TICK_ETERNITY,
MINOR: global: don't prevent nbproc from being redefined Having nbproc preinitialized to zero is really annoying as it prevents some checks from being correctly performed. Also the check to prevent nbproc from being redefined is totally useless, so let's preset it to 1 and remove the test.
2012-11-15 11:38:15 -05:00
.nbproc = 1,
MINOR: threads: Add nbthread parameter It is only parsed and initialized for now. It will be used later. This parameter is only available when support for threads was built in.
2017-08-29 09:37:10 -04:00
.nbthread = 1,
MEDIUM: log: New format-log flags: %Fi %Fp %Si %Sp %Ts %rt %H %pid %Fi: Frontend IP %Fp: Frontend Port %Si: Server IP %Sp: Server Port %Ts: Timestamp %rt: HTTP request counter %H: hostname %pid: PID +X: Hexadecimal represenation The +X mode in logformat displays hexadecimal for the following flags %Ci %Cp %Fi %Fp %Bi %Bp %Si %Sp %Ts %ct %pid rename logformat_write_string() to lf_text() Optimize size computation
2012-04-05 12:02:55 -04:00
.req_count = 0,
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
.logsrvs = LIST_HEAD_INIT(global.logsrvs),
MEDIUM: compression: limit RAM usage With the global maxzlibmem option, you are able ton control the maximum amount of RAM usable for HTTP compression. A test is done before each zlib allocation, if the there isn't available memory, the test fail and so the zlib initialization, so data won't be compressed.
2012-11-07 10:12:57 -05:00
.maxzlibmem = 0,
MINOR: compression: maximum compression rate limit This patch adds input and output rate calcutation on the HTTP compresion feature. Compression can be limited with a maximum rate value in kilobytes per second. The rate is set with the global 'maxcomprate' option. You can change this value dynamicaly with 'set rate-limit http-compression global' on the UNIX socket.
2012-11-09 11:05:39 -05:00
.comp_rate_lim = 0,
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
.ssl_server_verify = SSL_SERVER_VERIFY_REQUIRED,
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
.unix_bind = {
.ux = {
.uid = -1,
.gid = -1,
.mode = 0,
}
},
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
.tune = {
.bufsize = BUFSIZE,
MEDIUM: config: set tune.maxrewrite to 1024 by default The tune.maxrewrite parameter used to be pre-initialized to half of the buffer size since the very early days when buffers were very small. It has grown to absurdly large values over the years to reach 8kB for a 16kB buffer. This prevents large requests from being accepted, which is the opposite of the initial goal. Many users fix it to 1024 which is already quite large for header addition. So let's change the default setting policy : - pre-initialize it to 1024 - let the user tweak it - in any case, limit it to tune.bufsize / 2 This results in 15kB usable to buffer HTTP messages instead of 8kB, and doesn't affect existing configurations which already force it.
2015-09-28 07:53:23 -04:00
.maxrewrite = -1,
[MINOR] global: add "tune.chksize" to change the default check buffer size HTTP content-based health checks will be involved in searching text in pages. Some pages may not fit in the default buffer (16kB) and sometimes it might be desired to have larger buffers in order to find patterns. Running checks on smaller URIs is always preferred of course. (cherry picked from commit 043f44aeb835f3d0b57626c4276581a73600b6b1)
2010-10-04 14:39:20 -04:00
.chksize = BUFSIZE,
MAJOR: session: only wake up as many sessions as available buffers permit We've already experimented with three wake up algorithms when releasing buffers : the first naive one used to wake up far too many sessions, causing many of them not to get any buffer. The second approach which was still in use prior to this patch consisted in waking up either 1 or 2 sessions depending on the number of FDs we had released. And this was still inaccurate. The third one tried to cover the accuracy issues of the second and took into consideration the number of FDs the sessions would be willing to use, but most of the time we ended up waking up too many of them for nothing, or deadlocking by lack of buffers. This patch completely removes the need to allocate two buffers at once. Instead it splits allocations into critical and non-critical ones and implements a reserve in the pool for this. The deadlock situation happens when all buffers are be allocated for requests pending in a maxconn-limited server queue, because then there's no more way to allocate buffers for responses, and these responses are critical to release the servers's connection in order to release the pending requests. In fact maxconn on a server creates a dependence between sessions and particularly between oldest session's responses and latest session's requests. Thus, it is mandatory to get a free buffer for a response in order to release a server connection which will permit to release a request buffer. Since we definitely have non-symmetrical buffers, we need to implement this logic in the buffer allocation mechanism. What this commit does is implement a reserve of buffers which can only be allocated for responses and that will never be allocated for requests. This is made possible by the requester indicating how much margin it wants to leave after the allocation succeeds. Thus it is a cooperative allocation mechanism : the requester (process_session() in general) prefers not to get a buffer in order to respect other's need for response buffers. The session management code always knows if a buffer will be used for requests or responses, so that is not difficult : - either there's an applet on the initiator side and we really need the request buffer (since currently the applet is called in the context of the session) - or we have a connection and we really need the response buffer (in order to support building and sending an error message back) This reserve ensures that we don't take all allocatable buffers for requests waiting in a queue. The downside is that all the extra buffers are really allocated to ensure they can be allocated. But with small values it is not an issue. With this change, we don't observe any more deadlocks even when running with maxconn 1 on a server under severely constrained memory conditions. The code becomes a bit tricky, it relies on the scheduler's run queue to estimate how many sessions are already expected to run so that it doesn't wake up everyone with too few resources. A better solution would probably consist in having two queues, one for urgent requests and one for normal requests. A failed allocation for a session dealing with an error, a connection event, or the need for a response (or request when there's an applet on the left) would go to the urgent request queue, while other requests would go to the other queue. Urgent requests would be served from 1 entry in the pool, while the regular ones would be served only according to the reserve. Despite not yet having this, it works remarkably well. This mechanism is quite efficient, we don't perform too many wake up calls anymore. For 1 million sessions elapsed during massive memory contention, we observe about 4.5M calls to process_session() compared to 4.0M without memory constraints. Previously we used to observe up to 16M calls, which rougly means 12M failures. During a test run under high memory constraints (limit enforced to 27 MB instead of the 58 MB normally needed), performance used to drop by 53% prior to this patch. Now with this patch instead it *increases* by about 1.5%. The best effect of this change is that by limiting the memory usage to about 2/3 to 3/4 of what is needed by default, it's possible to increase performance by up to about 18% mainly due to the fact that pools are reused more often and remain hot in the CPU cache (observed on regular HTTP traffic with 20k objects, buffers.limit = maxconn/10, buffers.reserve = limit/2). Below is an example of scenario which used to cause a deadlock previously : - connection is received - two buffers are allocated in process_session() then released - one is allocated when receiving an HTTP request - the second buffer is allocated then released in process_session() for request parsing then connection establishment. - poll() says we can send, so the request buffer is sent and released - process session gets notified that the connection is now established and allocates two buffers then releases them - all other sessions do the same till one cannot get the request buffer without hitting the margin - and now the server responds. stream_interface allocates the response buffer and manages to get it since it's higher priority being for a response. - but process_session() cannot allocate the request buffer anymore => We could end up with all buffers used by responses so that none may be allocated for a request in process_session(). When the applet processing leaves the session context, the test will have to be changed so that we always allocate a response buffer regardless of the left side (eg: H2->H1 gateway). A final improvement would consists in being able to only retry the failed I/O operation without waking up a task, but to date all experiments to achieve this have proven not to be reliable enough.
2014-11-26 19:11:56 -05:00
.reserved_bufs = RESERVED_BUFS,
MAJOR: pattern: add LRU-based cache on pattern matching The principle of this cache is to have a global cache for all pattern matching operations which rely on lists (reg, sub, dir, dom, ...). The input data, the expression and a random seed are used as a hashing key. The cached entries contains a pointer to the expression and a revision number for that expression so that we don't accidently used obsolete data after a pattern update or a very unlikely hash collision. Regarding the risk of collisions, 10k entries at 10k req/s mean 1% risk of a collision after 60 years, that's already much less than the memory's reliability in most machines and more durable than most admin's life expectancy. A collision will result in a valid result to be returned for a different entry from the same list. If this is not acceptable, the cache can be disabled using tune.pattern.cache-size. A test on a file containing 10k small regex showed that the regex matching was limited to 6k/s instead of 70k with regular strings. When enabling the LRU cache, the performance was back to 70k/s.
2015-04-29 10:24:50 -04:00
.pattern_cache = DEFAULT_PAT_LRU_SIZE,
MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size. This new global setting allows the user to change the SSL cache size in number of sessions. It defaults to 20000.
2012-09-03 06:10:29 -04:00
#ifdef USE_OPENSSL
MINOR: build: allow packagers to specify the ssl cache size This is done by passing the default value to SSLCACHESIZE in sessions. User can use tune.sslcachesize to change this value. By default, it is set to 20000 sessions as openssl internal cache size. Currently, a session entry size is between 592 and 616 bytes depending on the arch.
2012-11-14 05:32:56 -05:00
.sslcachesize = SSLCACHESIZE,
MINOR: compression: memlevel and windowsize The window size and the memlevel of the zlib are now configurable using global options tune.zlib.memlevel and tune.zlib.windowsize. It affects the memory consumption of the zlib.
2012-11-07 10:54:34 -05:00
#endif
MINOR: compression: tune.comp.maxlevel This option allows you to set the maximum compression level usable by the compression algorithm. It affects CPU usage.
2012-11-09 06:33:10 -05:00
.comp_maxlevel = 1,
MINOR: config: make the stream interface idle timer user-configurable The new tune.idletimer value allows one to set a different value for idle stream detection. The default value remains set to one second. It is possible to disable it using zero, and to change the default value at build time using DEFAULT_IDLE_TIMER.
2014-02-12 10:35:14 -05:00
#ifdef DEFAULT_IDLE_TIMER
.idle_timer = DEFAULT_IDLE_TIMER,
#else
.idle_timer = 1000, /* 1 second */
#endif
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
},
MINOR: ssl: add defines LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS. These ones are used to set the default ciphers suite on "bind" lines and "server" lines respectively, instead of using OpenSSL's defaults. These are probably mainly useful for distro packagers.
2012-10-05 09:47:31 -04:00
#ifdef USE_OPENSSL
#ifdef DEFAULT_MAXSSLCONN
MEDIUM: config: implement maxsslconn in the global section SSL connections take a huge amount of memory, and unfortunately openssl does not check malloc() returns and easily segfaults when too many connections are used. The only solution against this is to provide a global maxsslconn setting to reject SSL connections above the limit in order to avoid reaching unsafe limits.
2012-09-06 05:58:37 -04:00
.maxsslconn = DEFAULT_MAXSSLCONN,
MINOR: ssl: add defines LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS. These ones are used to set the default ciphers suite on "bind" lines and "server" lines respectively, instead of using OpenSSL's defaults. These are probably mainly useful for distro packagers.
2012-10-05 09:47:31 -04:00
#endif
MEDIUM: config: implement maxsslconn in the global section SSL connections take a huge amount of memory, and unfortunately openssl does not check malloc() returns and easily segfaults when too many connections are used. The only solution against this is to provide a global maxsslconn setting to reject SSL connections above the limit in order to avoid reaching unsafe limits.
2012-09-06 05:58:37 -04:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* others NULL OK */
};
/*********************************************************************/
int stopping; /* non zero means stopping in progress */
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
int killed; /* non zero means a hard-stop is triggered */
[MINOR] support a global jobs counter This counter is incremented for each incoming connection and each active listener, and is used to prevent haproxy from stopping upon SIGUSR1. It will thus be possible for some tasks in increment this counter in order to prevent haproxy from dying until they have completed their job.
2010-08-31 09:39:26 -04:00
int jobs = 0; /* number of active jobs (conns, listeners, active tasks, ...) */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* Here we store informations about the pids of the processes we may pause
* or kill. We will send them a signal every 10 ms until we can bind to all
* our ports. With 200 retries, that's about 2 seconds.
*/
#define MAX_START_RETRIES 200
static int *oldpids = NULL;
static int oldpids_sig; /* use USR1 or TERM */
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
/* Path to the unix socket we use to retrieve listener sockets from the old process */
static const char *old_unixsocket;
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
static char *cur_unixsocket = NULL;
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
int atexit_flag = 0;
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
int nb_oldpids = 0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
const int zero = 0;
const int one = 1;
[MINOR] add the "nolinger" option to disable data lingering The following patch will give the ability to tweak socket linger mode. You can use this option with "option nolinger" inside fronted or backend configuration declaration. This will help in environments where lots of FIN_WAIT sockets are encountered.
2007-10-11 14:48:58 -04:00
const struct linger nolinger = { .l_onoff = 1, .l_linger = 0 };
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MINOR] force null-termination of hostname Marcello Gorlani reported that at least on FreeBSD, a long hostname was reported with garbage on the stats page. POSIX does not make it mandatory for gethostname() to NULL-terminate the string in case of truncation, and at least FreeBSD appears not to do it. So let's force null-termination to keep safe.
2010-03-12 15:58:54 -05:00
char hostname[MAX_HOSTNAME_LEN];
[MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management Add cmdline option -L to configure local peer name
2010-09-23 12:30:22 -04:00
char localpeer[MAX_HOSTNAME_LEN];
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
BUILD: definitely silence some stupid GCC warnings It's becoming increasingly difficult to ignore unwanted function returns in debug code with gcc. Now even when you try to work around it, it suggests a way to write your code differently. For example : src/frontend.c:187:65: warning: if statement has empty body [-Wempty-body] if (write(1, trash.str, trash.len) < 0) /* shut gcc warning */; ^ src/frontend.c:187:65: note: put the semicolon on a separate line to silence this warning 1 warning generated. This is totally unacceptable, this code already had to be written this way to shut it up in earlier versions. And now it comments the form ? What's the purpose of the C language if you can't write anymore the code that does what you want ? Emeric proposed to just keep a global variable to drain such useless results so that gcc stops complaining all the time it believes people who write code are monkeys. The solution is acceptable because the useless assignment is done only in debug code so it will not impact performance. This patch implements this, until gcc becomes even "smarter" to detect that we tried to cheat.
2013-12-13 09:14:55 -05:00
/* used from everywhere just to drain results we don't want to read and which
* recent versions of gcc increasingly and annoyingly complain about.
*/
int shut_your_big_mouth_gcc_int = 0;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
int *children = NULL; /* store PIDs of children in master workers mode */
static volatile sig_atomic_t caught_signal = 0;
static char **next_argv = NULL;
MEDIUM: mworker: workers exit when the master leaves This patch ensure that the children will exit when the master quits, even if the master didn't send any signal. The master and the workers are connected through a pipe, when the pipe closes the children leave.
2017-06-01 11:38:55 -04:00
int mworker_pipe[2];
[MEDIUM] listeners: put listeners in queue upon resource shortage When an accept() fails because of a connection limit or a memory shortage, we now disable it and queue it so that it's dequeued only when a connection is released. This has improved the behaviour of the process near the fd limit as now a listener with a no connection (eg: stats) will not loop forever trying to get its connection accepted. The solution is still not 100% perfect, as we'd like to have this used when proxy limits are reached (use a per-proxy list) and for safety, we'd need to have dedicated tasks to periodically re-enable them (eg: to overcome temporary system-wide resource limitations when no connection is released).
2011-07-24 16:58:00 -04:00
/* list of the temporarily limited listeners because of lack of resource */
struct list global_listener_queue = LIST_HEAD_INIT(global_listener_queue);
[MEDIUM] listeners: add a global listener management task This global task is used to periodically check for end of resource shortage and to try to enable queued listeners again. This is important in case some temporary system-wide shortage is encountered, so that we don't have to wait for an existing connection to be released before checking the queue again. For situations where listeners are queued due to the global maxconn being reached, the task is woken up at least every second. For situations where a system resource shortage is detected (memory, sockets, ...) the task is woken up at least every 100 ms. That way, recovery from severe events can still be achieved under acceptable conditions.
2011-08-01 14:57:55 -04:00
struct task *global_listener_queue_task;
static struct task *manage_global_listener_queue(struct task *t);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: config: add minimum support for emitting warnings only once This is useful to explain to users what to do during a migration.
2014-04-28 16:27:06 -04:00
/* bitfield of a few warnings to emit just once (WARN_*) */
unsigned int warned = 0;
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
/* These are strings to be reported in the output of "haproxy -vv". They may
* either be constants (in which case must_free must be zero) or dynamically
* allocated strings to pass to free() on exit, and in this case must_free
* must be non-zero.
*/
struct list build_opts_list = LIST_HEAD_INIT(build_opts_list);
struct build_opts_str {
struct list list;
const char *str;
int must_free;
};
MINOR: haproxy: add a registration for post-check functions There's a significant amount of late initialization calls which are performed after the point where we exit in check mode. These calls are used to allocate resource and perform certain slow operations. Let's have a way to register some functions which need to be called there instead of having this multitude of #ifdef in the init path.
2016-12-21 13:57:00 -05:00
/* These functions are called just after the point where the program exits
* after a config validity check, so they are generally suited for resource
* allocation and slow initializations that should be skipped during basic
* config checks. The functions must return 0 on success, or a combination
* of ERR_* flags (ERR_WARN, ERR_ABORT, ERR_FATAL, ...). The 2 latter cause
* and immediate exit, so the function must have emitted any useful error.
*/
struct list post_check_list = LIST_HEAD_INIT(post_check_list);
struct post_check_fct {
struct list list;
int (*fct)();
};
MINOR: haproxy: add a registration for post-deinit functions The 3 device detection engines stop at the same place in deinit() with the usual #ifdefs. Similar to the other functions we can have some late deinitialization functions. These functions do not return anything however so we have to use a different type.
2016-12-21 14:46:26 -05:00
/* These functions are called when freeing the global sections at the end
* of deinit, after everything is stopped. They don't return anything, and
* they work in best effort mode as their sole goal is to make valgrind
* mostly happy.
*/
struct list post_deinit_list = LIST_HEAD_INIT(post_deinit_list);
struct post_deinit_fct {
struct list list;
void (*fct)();
};
MINOR: threads: Add mechanism to register per-thread init/deinit functions hap_register_per_thread_init and hap_register_per_thread_deinit functions has been added to register functions to do, for each thread, respectively, some initialization and deinitialization. These functions are added in the global lists per_thread_init_list and per_thread_deinit_list. These functions are called only when HAProxy is started with more than 1 thread (global.nbthread > 1).
2017-07-25 10:52:58 -04:00
/* These functions are called for each thread just after the thread creation
* and before running the scheduler. They should be used to do per-thread
* initializations. They must return 0 if an error occurred. */
struct list per_thread_init_list = LIST_HEAD_INIT(per_thread_init_list);
struct per_thread_init_fct {
struct list list;
int (*fct)();
};
/* These functions are called for each thread just after the scheduler loop and
* before exiting the thread. They don't return anything and, as for post-deinit
* functions, they work in best effort mode as their sole goal is to make
* valgrind mostly happy. */
struct list per_thread_deinit_list = LIST_HEAD_INIT(per_thread_deinit_list);
struct per_thread_deinit_fct {
struct list list;
void (*fct)();
};
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*********************************************************************/
/* general purpose functions ***************************************/
/*********************************************************************/
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
/* used to register some build option strings at boot. Set must_free to
* non-zero if the string must be freed upon exit.
*/
void hap_register_build_opts(const char *str, int must_free)
{
struct build_opts_str *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->str = str;
b->must_free = must_free;
LIST_ADDQ(&build_opts_list, &b->list);
}
MINOR: haproxy: add a registration for post-check functions There's a significant amount of late initialization calls which are performed after the point where we exit in check mode. These calls are used to allocate resource and perform certain slow operations. Let's have a way to register some functions which need to be called there instead of having this multitude of #ifdef in the init path.
2016-12-21 13:57:00 -05:00
/* used to register some initialization functions to call after the checks. */
void hap_register_post_check(int (*fct)())
{
struct post_check_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&post_check_list, &b->list);
}
MINOR: haproxy: add a registration for post-deinit functions The 3 device detection engines stop at the same place in deinit() with the usual #ifdefs. Similar to the other functions we can have some late deinitialization functions. These functions do not return anything however so we have to use a different type.
2016-12-21 14:46:26 -05:00
/* used to register some de-initialization functions to call after everything
* has stopped.
*/
void hap_register_post_deinit(void (*fct)())
{
struct post_deinit_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&post_deinit_list, &b->list);
}
MINOR: threads: Add mechanism to register per-thread init/deinit functions hap_register_per_thread_init and hap_register_per_thread_deinit functions has been added to register functions to do, for each thread, respectively, some initialization and deinitialization. These functions are added in the global lists per_thread_init_list and per_thread_deinit_list. These functions are called only when HAProxy is started with more than 1 thread (global.nbthread > 1).
2017-07-25 10:52:58 -04:00
/* used to register some initialization functions to call for each thread. */
void hap_register_per_thread_init(int (*fct)())
{
struct per_thread_init_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&per_thread_init_list, &b->list);
}
/* used to register some de-initialization functions to call for each thread. */
void hap_register_per_thread_deinit(void (*fct)())
{
struct per_thread_deinit_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&per_thread_deinit_list, &b->list);
}
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void display_version()
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
printf("HA-Proxy version " HAPROXY_VERSION " " HAPROXY_DATE"\n");
[RELEASE] Released version 1.8-dev1 Released version 1.8-dev1 with the following main changes : - BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos - BUG/MINOR: stats: make field_str() return an empty string on NULL - DOC: Spelling fixes - BUG/MEDIUM: http: Fix tunnel mode when the CONNECT method is used - BUG/MINOR: http: Keep the same behavior between 1.6 and 1.7 for tunneled txn - BUG/MINOR: filters: Protect args in macros HAS_DATA_FILTERS and IS_DATA_FILTER - BUG/MINOR: filters: Invert evaluation order of HTTP_XFER_BODY and XFER_DATA analyzers - BUG/MINOR: http: Call XFER_DATA analyzer when HTTP txn is switched in tunnel mode - BUG/MAJOR: stream: fix session abort on resource shortage - OPTIM: stream-int: don't disable polling anymore on DONT_READ - BUG/MINOR: cli: allow the backslash to be escaped on the CLI - BUG/MEDIUM: cli: fix "show stat resolvers" and "show tls-keys" - DOC: Fix map table's format - DOC: Added 51Degrees conv and fetch functions to documentation. - BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect - DOC: mention that req_tot is for both frontends and backends - BUG/MEDIUM: variables: some variable name can hide another ones - MINOR: lua: Allow argument for actions - BUILD: rearrange target files by build time - CLEANUP: hlua: just indent functions - MINOR: lua: give HAProxy variable access to the applets - BUG/MINOR: stats: fix be/sessions/max output in html stats - MINOR: proxy: Add fe_name/be_name fetchers next to existing fe_id/be_id - DOC: lua: Documentation about some entry missing - DOC: lua: Add documentation about variable manipulation from applet - MINOR: Do not forward the header "Expect: 100-continue" when the option http-buffer-request is set - DOC: Add undocumented argument of the trace filter - DOC: Fix some typo in SPOE documentation - MINOR: cli: Remove useless call to bi_putchk - BUG/MINOR: cli: be sure to always warn the cli applet when input buffer is full - MINOR: applet: Count number of (active) applets - MINOR: task: Rename run_queue and run_queue_cur counters - BUG/MEDIUM: stream: Save unprocessed events for a stream - BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled - BUILD/MEDIUM: Fixing the build using LibreSSL - BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2) - SCRIPTS: git-show-backports: fix a harmless typo - SCRIPTS: git-show-backports: add -H to use the hash of the commit message - BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW - CLEANUP: applet/lua: create a dedicated ->fcn entry in hlua_cli context - CLEANUP: applet/table: add an "action" entry in ->table context - CLEANUP: applet: remove the now unused appctx->private field - DOC: lua: documentation about time parser functions - DOC: lua: improve links - DOC: lua: section declared twice - MEDIUM: cli: 'show cli sockets' list the CLI sockets - BUG/MINOR: cli: "show cli sockets" wouldn't list all processes - BUG/MINOR: cli: "show cli sockets" would always report process 64 - CLEANUP: lua: rename one of the lua appctx union - BUG/MINOR: lua/cli: bad error message - MEDIUM: lua: use memory pool for hlua struct in applets - MINOR: lua/signals: Remove Lua part from signals. - DOC: cli: show cli sockets - MINOR: cli: automatically enable a CLI I/O handler when there's no parser - CLEANUP: memory: remove the now unused cli_parse_show_pools() function - CLEANUP: applet: group all CLI contexts together - CLEANUP: stats: move a misplaced stats context initialization - MINOR: cli: add two general purpose pointers and integers in the CLI struct - MINOR: appctx/cli: remove the cli_socket entry from the appctx union - MINOR: appctx/cli: remove the env entry from the appctx union - MINOR: appctx/cli: remove the "be" entry from the appctx union - MINOR: appctx/cli: remove the "dns" entry from the appctx union - MINOR: appctx/cli: remove the "server_state" entry from the appctx union - MINOR: appctx/cli: remove the "tlskeys" entry from the appctx union - CONTRIB: tcploop: add limits.h to fix build issue with some compilers - MINOR/DOC: lua: just precise one thing - DOC: fix small typo in fe_id (backend instead of frontend) - BUG/MINOR: Fix the sending function in Lua's cosocket - BUG/MINOR: lua: memory leak executing tasks - BUG/MINOR: lua: bad return code - BUG/MINOR: lua: memleak when Lua/cli fails - MEDIUM: lua: remove Lua struct from session, and allocate it with memory pools - CLEANUP: haproxy: statify unexported functions - MINOR: haproxy: add a registration for build options - CLEANUP: wurfl: use the build options list to report it - CLEANUP: 51d: use the build options list to report it - CLEANUP: da: use the build options list to report it - CLEANUP: namespaces: use the build options list to report it - CLEANUP: tcp: use the build options list to report transparent modes - CLEANUP: lua: use the build options list to report it - CLEANUP: regex: use the build options list to report the regex type - CLEANUP: ssl: use the build options list to report the SSL details - CLEANUP: compression: use the build options list to report the algos - CLEANUP: auth: use the build options list to report its support - MINOR: haproxy: add a registration for post-check functions - CLEANUP: checks: make use of the post-init registration to start checks - CLEANUP: filters: use the function registration to initialize all proxies - CLEANUP: wurfl: make use of the late init registration - CLEANUP: 51d: make use of the late init registration - CLEANUP: da: make use of the late init registration code - MINOR: haproxy: add a registration for post-deinit functions - CLEANUP: wurfl: register the deinit function via the dedicated list - CLEANUP: 51d: register the deinitialization function - CLEANUP: da: register the deinitialization function - CLEANUP: wurfl: move global settings out of the global section - CLEANUP: 51d: move global settings out of the global section - CLEANUP: da: move global settings out of the global section - MINOR: cfgparse: add two new functions to check arguments count - MINOR: cfgparse: move parsing of "ca-base" and "crt-base" to ssl_sock - MEDIUM: cfgparse: move all tune.ssl.* keywords to ssl_sock - MEDIUM: cfgparse: move maxsslconn parsing to ssl_sock - MINOR: cfgparse: move parsing of ssl-default-{bind,server}-ciphers to ssl_sock - MEDIUM: cfgparse: move ssl-dh-param-file parsing to ssl_sock - MEDIUM: compression: move the zlib-specific stuff from global.h to compression.c - BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake - BUG/MEDIUM: ssl: avoid double free when releasing bind_confs - BUG/MINOR: stats: fix be/sessions/current out in typed stats - MINOR: tcp-rules: check that the listener exists before updating its counters - MEDIUM: spoe: don't create a dummy listener for outgoing connections - MINOR: listener: move the transport layer pointer to the bind_conf - MEDIUM: move listener->frontend to bind_conf->frontend - MEDIUM: ssl: remote the proxy argument from most functions - MINOR: connection: add a new prepare_bind_conf() entry to xprt_ops - MEDIUM: ssl_sock: implement ssl_sock_prepare_bind_conf() - MINOR: connection: add a new destroy_bind_conf() entry to xprt_ops - MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf() - MINOR: server: move the use_ssl field out of the ifdef USE_OPENSSL - MINOR: connection: add a minimal transport layer registration system - CLEANUP: connection: remove all direct references to raw_sock and ssl_sock - CLEANUP: connection: unexport raw_sock and ssl_sock - MINOR: connection: add new prepare_srv()/destroy_srv() entries to xprt_ops - MINOR: ssl_sock: implement and use prepare_srv()/destroy_srv() - CLEANUP: ssl: move tlskeys_finalize_config() to a post_check callback - CLEANUP: ssl: move most ssl-specific global settings to ssl_sock.c - BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled - BUG/MEDIUM: ssl: for a handshake when server-side SNI changes - BUG/MINOR: systemd: potential zombie processes - DOC: Add timings events schemas - BUILD: lua: build failed on FreeBSD. - MINOR: samples: add xx-hash functions - MEDIUM: regex: pcre2 support - BUG/MINOR: option prefer-last-server must be ignored in some case - MINOR: stats: Support "select all" for backend actions - BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches sc*_get_gpt0 - BUG/MAJOR: channel: Fix the definition order of channel analyzers - BUG/MINOR: http: report real parser state in error captures - BUILD: scripts: automatically update the branch in version.h when releasing - MINOR: tools: add a generic hexdump function for debugging - BUG/MAJOR: http: fix risk of getting invalid reports of bad requests - MINOR: http: custom status reason. - MINOR: connection: add sample fetch "fc_rcvd_proxy" - BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options - BUG/MINOR: tools: fix off-by-one in port size check - BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family - MEDIUM: server: split the address and the port into two different fields - MINOR: tools: make str2sa_range() return the port in a separate argument - MINOR: server: take the destination port from the port field, not the addr - MEDIUM: server: disable protocol validations when the server doesn't resolve - BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0 - BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage - BUG/MINOR: ssl: assert on SSL_set_shutdown with BoringSSL - MINOR: Use "500 Internal Server Error" for 500 error/status code message. - MINOR: proto_http.c 502 error txt typo. - DOC: add deprecation notice to "block" - MINOR: compression: fix -vv output without zlib/slz - BUG/MINOR: Reset errno variable before calling strtol(3) - MINOR: ssl: don't show prefer-server-ciphers output - OPTIM/MINOR: config: Optimize fullconn automatic computation loading configuration - BUG/MINOR: stream: Fix how backend-specific analyzers are set on a stream - MAJOR: ssl: bind configuration per certificat - MINOR: ssl: add curve suite for ECDHE negotiation - MINOR: checks: Add agent-addr config directive - MINOR: cli: Add possiblity to change agent config via CLI/socket - MINOR: doc: Add docs for agent-addr configuration variable - MINOR: doc: Add docs for agent-addr and agent-send CLI commands - BUILD: ssl: fix to build (again) with boringssl - BUILD: ssl: fix build on OpenSSL 1.0.0 - BUILD: ssl: silence a warning reported for ERR_remove_state() - BUILD: ssl: eliminate warning with OpenSSL 1.1.0 regarding RAND_pseudo_bytes() - BUILD: ssl: kill a build warning introduced by BoringSSL compatibility - BUG/MEDIUM: tcp: don't poll for write when connect() succeeds - BUG/MINOR: unix: fix connect's polling in case no data are scheduled - MINOR: server: extend the flags to 32 bits - BUG/MINOR: lua: Map.end are not reliable because "end" is a reserved keyword - MINOR: dns: give ability to dns_init_resolvers() to close a socket when requested - BUG/MAJOR: dns: restart sockets after fork() - MINOR: chunks: implement a simple dynamic allocator for trash buffers - BUG/MEDIUM: http: prevent redirect from overwriting a buffer - BUG/MEDIUM: filters: Do not truncate HTTP response when body length is undefined - BUG/MEDIUM: http: Prevent replace-header from overwriting a buffer - BUG/MINOR: http: Return an error when a replace-header rule failed on the response - BUG/MINOR: sendmail: The return of vsnprintf is not cleanly tested - BUG/MAJOR: ssl: fix a regression in ssl_sock_shutw() - BUG/MAJOR: lua segmentation fault when the request is like 'GET ?arg=val HTTP/1.1' - BUG/MEDIUM: config: reject anything but "if" or "unless" after a use-backend rule - MINOR: http: don't close when redirect location doesn't start with "/" - MEDIUM: boringssl: support native multi-cert selection without bundling - BUG/MEDIUM: ssl: fix verify/ca-file per certificate - BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING - MINOR: ssl: removes SSL_CTX_set_ssl_version call and cleanup CTX creation. - BUILD: ssl: fix build with -DOPENSSL_NO_DH - MEDIUM: ssl: add new sample-fetch which captures the cipherlist - MEDIUM: ssl: remove ssl-options from crt-list - BUG/MEDIUM: ssl: in bind line, ssl-options after 'crt' are ignored. - BUG/MINOR: ssl: fix cipherlist captures with sustainable SSL calls - MINOR: ssl: improved cipherlist captures - BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters - BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section - MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents - MINOR: spoe: Add support for pipelining/async capabilities in the SPOA example - MINOR: spoe: Remove SPOE details from the appctx structure - MINOR: spoe: Add status code in error variable instead of hardcoded value - MINOR: spoe: Send a log message when an error occurred during event processing - MINOR: spoe: Check the scope of sample fetches used in SPOE messages - MEDIUM: spoe: Be sure to wakeup the good entity waiting for a buffer - MINOR: spoe: Use the min of all known max_frame_size to encode messages - MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames - MINOR: spoe: Add support for fragmentation capability in the SPOA example - MAJOR: spoe: refactor the filter to clean up the code - MINOR: spoe: Handle NOTIFY frames cancellation using ABORT bit in ACK frames - REORG: spoe: Move struct and enum definitions in dedicated header file - REORG: spoe: Move low-level encoding/decoding functions in dedicated header file - MINOR: spoe: Improve implementation of the payload fragmentation - MINOR: spoe: Add support of negation for options in SPOE configuration file - MINOR: spoe: Add "pipelining" and "async" options in spoe-agent section - MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing - MINOR: spoe: Add "send-frag-payload" option in spoe-agent section - MINOR: spoe: Add "max-frame-size" statement in spoe-agent section - DOC: spoe: Update SPOE documentation to reflect recent changes - MINOR: config: warn when some HTTP rules are used in a TCP proxy - BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file - BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup - BUG/MINOR: Fix "get map <map> <value>" CLI command - MINOR: Add nbsrv sample converter - CLEANUP: Replace repeated code to count usable servers with be_usable_srv() - MINOR: Add hostname sample fetch - CLEANUP: Remove comment that's no longer valid - MEDIUM: http_error_message: txn->status / http_get_status_idx. - MINOR: http-request tarpit deny_status. - CLEANUP: http: make http_server_error() not set the status anymore - MEDIUM: stats: Add JSON output option to show (info|stat) - MEDIUM: stats: Add show json schema - BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer - MINOR: server: Add dynamic session cookies. - MINOR: cli: Let configure the dynamic cookies from the cli. - BUG/MINOR: checks: attempt clean shutw for SSL check - CONTRIB: tcploop: make it build on FreeBSD - CONTRIB: tcploop: fix time format to silence build warnings - CONTRIB: tcploop: report action 'K' (kill) in usage message - CONTRIB: tcploop: fix connect's address length - CONTRIB: tcploop: use the trash instead of NULL for recv() - BUG/MEDIUM: listener: do not try to rebind another process' socket - BUG/MEDIUM server: Fix crash when dynamic is defined, but not key is provided. - CLEANUP: config: Typo in comment. - BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze - TESTS: add a test configuration to stress handshake combinations - BUG/MAJOR: stream-int: do not depend on connection flags to detect connection - BUG/MEDIUM: connection: ensure to always report the end of handshakes - MEDIUM: connection: don't test for CO_FL_WAKE_DATA - CLEANUP: connection: completely remove CO_FL_WAKE_DATA - BUG: payload: fix payload not retrieving arbitrary lengths - BUILD: ssl: simplify SSL_CTX_set_ecdh_auto compatibility - BUILD: ssl: fix OPENSSL_NO_SSL_TRACE for boringssl and libressl - BUG/MAJOR: http: fix typo in http_apply_redirect_rule - MINOR: doc: 2.4. Examples should be 2.5. Examples - BUG/MEDIUM: stream: fix client-fin/server-fin handling - MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller - BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available - OPTIM: poll: enable support for POLLRDHUP - MINOR: kqueue: exclusively rely on the kqueue returned status - MEDIUM: kqueue: take care of EV_EOF to improve polling status accuracy - MEDIUM: kqueue: only set FD_POLL_IN when there are pending data - DOC/MINOR: Fix typos in proxy protocol doc - DOC: Protocol doc: add checksum, TLV type ranges - DOC: Protocol doc: add SSL TLVs, rename CHECKSUM - DOC: Protocol doc: add noop TLV - MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time - MINOR: dns: improve DNS response parsing to use as many available records as possible - BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity(). - MINOR: server: irrelevant error message with 'default-server' config file keyword. - MINOR: server: Make 'default-server' support 'backup' keyword. - MINOR: server: Make 'default-server' support 'check-send-proxy' keyword. - CLEANUP: server: code alignement. - MINOR: server: Make 'default-server' support 'non-stick' keyword. - MINOR: server: Make 'default-server' support 'send-proxy' and 'send-proxy-v2 keywords. - MINOR: server: Make 'default-server' support 'check-ssl' keyword. - MINOR: server: Make 'default-server' support 'force-sslv3' and 'force-tlsv1[0-2]' keywords. - CLEANUP: server: code alignement. - MINOR: server: Make 'default-server' support 'no-ssl*' and 'no-tlsv*' keywords. - MINOR: server: Make 'default-server' support 'ssl' keyword. - MINOR: server: Make 'default-server' support 'send-proxy-v2-ssl*' keywords. - CLEANUP: server: code alignement. - MINOR: server: Make 'default-server' support 'verify' keyword. - MINOR: server: Make 'default-server' support 'verifyhost' setting. - MINOR: server: Make 'default-server' support 'check' keyword. - MINOR: server: Make 'default-server' support 'track' setting. - MINOR: server: Make 'default-server' support 'ca-file', 'crl-file' and 'crt' settings. - MINOR: server: Make 'default-server' support 'redir' keyword. - MINOR: server: Make 'default-server' support 'observe' keyword. - MINOR: server: Make 'default-server' support 'cookie' keyword. - MINOR: server: Make 'default-server' support 'ciphers' keyword. - MINOR: server: Make 'default-server' support 'tcp-ut' keyword. - MINOR: server: Make 'default-server' support 'namespace' keyword. - MINOR: server: Make 'default-server' support 'source' keyword. - MINOR: server: Make 'default-server' support 'sni' keyword. - MINOR: server: Make 'default-server' support 'addr' keyword. - MINOR: server: Make 'default-server' support 'disabled' keyword. - MINOR: server: Add 'no-agent-check' server keyword. - DOC: server: Add docs for "server" and "default-server" new "no-*" and other settings. - MINOR: doc: fix use-server example (imap vs mail) - BUG/MEDIUM: tcp: don't require privileges to bind to device - BUILD: make the release script use shortlog for the final changelog - BUILD: scripts: fix typo in announce-release error message - CLEANUP: time: curr_sec_ms doesn't need to be exported - BUG/MEDIUM: server: Wrong server default CRT filenames initialization. - BUG/MEDIUM: peers: fix buffer overflow control in intdecode. - BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers - BUG/MINOR: http: Fix conditions to clean up a txn and to handle the next request - CLEANUP: http: Remove channel_congested function - CLEANUP: buffers: Remove buffer_bounce_realign function - CLEANUP: buffers: Remove buffer_contig_area and buffer_work_area functions - MINOR: http: remove useless check on HTTP_MSGF_XFER_LEN for the request - MINOR: http: Add debug messages when HTTP body analyzers are called - BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled - BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze - DOC: fix parenthesis and add missing "Example" tags - DOC: update the contributing file - DOC: log-format/tcplog/httplog update - MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections
2017-04-03 03:27:49 -04:00
printf("Copyright 2000-2017 Willy Tarreau <willy@haproxy.org>\n\n");
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void display_build_opts()
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
{
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
struct build_opts_str *item;
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
printf("Build options :"
#ifdef BUILD_TARGET
[BUILD] major rework of the GNU Makefile The build process was getting annoying under some conditions, especially on platforms which are used to set CFLAGS, as well as those which set a lot of complex defines. The new Makefile takes care of this situation by not mixing TARGET, CPU and user values, and by making privileging the pre-setting of common variables with the ability to override them. Now CFLAGS and LDFLAGS are set by default and may be overridden without the risk of breaking useful defines. Options are better dealt with, and as a bonus, it was possible to merge the FreeBSD and OpenBSD targets into the common GNU Makefile. The report of build options by "haproxy -vv" has been slightly adapted to the new mode. Options implied by architecture are not reported, only user-specified options are. It is also possible to add options which will not be reported in order not to mangle the output when specifying dirty informations such as URLs... The Makefile was copiously documented and it should be easier to build for any target now. Backwards compatibility with older build processes was kept, and warnings are emitted for deprecated build options.
2008-01-02 14:48:34 -05:00
"\n TARGET = " BUILD_TARGET
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
#endif
#ifdef BUILD_CPU
[BUILD] major rework of the GNU Makefile The build process was getting annoying under some conditions, especially on platforms which are used to set CFLAGS, as well as those which set a lot of complex defines. The new Makefile takes care of this situation by not mixing TARGET, CPU and user values, and by making privileging the pre-setting of common variables with the ability to override them. Now CFLAGS and LDFLAGS are set by default and may be overridden without the risk of breaking useful defines. Options are better dealt with, and as a bonus, it was possible to merge the FreeBSD and OpenBSD targets into the common GNU Makefile. The report of build options by "haproxy -vv" has been slightly adapted to the new mode. Options implied by architecture are not reported, only user-specified options are. It is also possible to add options which will not be reported in order not to mangle the output when specifying dirty informations such as URLs... The Makefile was copiously documented and it should be easier to build for any target now. Backwards compatibility with older build processes was kept, and warnings are emitted for deprecated build options.
2008-01-02 14:48:34 -05:00
"\n CPU = " BUILD_CPU
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
#endif
#ifdef BUILD_CC
[BUILD] major rework of the GNU Makefile The build process was getting annoying under some conditions, especially on platforms which are used to set CFLAGS, as well as those which set a lot of complex defines. The new Makefile takes care of this situation by not mixing TARGET, CPU and user values, and by making privileging the pre-setting of common variables with the ability to override them. Now CFLAGS and LDFLAGS are set by default and may be overridden without the risk of breaking useful defines. Options are better dealt with, and as a bonus, it was possible to merge the FreeBSD and OpenBSD targets into the common GNU Makefile. The report of build options by "haproxy -vv" has been slightly adapted to the new mode. Options implied by architecture are not reported, only user-specified options are. It is also possible to add options which will not be reported in order not to mangle the output when specifying dirty informations such as URLs... The Makefile was copiously documented and it should be easier to build for any target now. Backwards compatibility with older build processes was kept, and warnings are emitted for deprecated build options.
2008-01-02 14:48:34 -05:00
"\n CC = " BUILD_CC
#endif
#ifdef BUILD_CFLAGS
"\n CFLAGS = " BUILD_CFLAGS
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
#endif
[BUILD] major rework of the GNU Makefile The build process was getting annoying under some conditions, especially on platforms which are used to set CFLAGS, as well as those which set a lot of complex defines. The new Makefile takes care of this situation by not mixing TARGET, CPU and user values, and by making privileging the pre-setting of common variables with the ability to override them. Now CFLAGS and LDFLAGS are set by default and may be overridden without the risk of breaking useful defines. Options are better dealt with, and as a bonus, it was possible to merge the FreeBSD and OpenBSD targets into the common GNU Makefile. The report of build options by "haproxy -vv" has been slightly adapted to the new mode. Options implied by architecture are not reported, only user-specified options are. It is also possible to add options which will not be reported in order not to mangle the output when specifying dirty informations such as URLs... The Makefile was copiously documented and it should be easier to build for any target now. Backwards compatibility with older build processes was kept, and warnings are emitted for deprecated build options.
2008-01-02 14:48:34 -05:00
#ifdef BUILD_OPTIONS
"\n OPTIONS = " BUILD_OPTIONS
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
#endif
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
"\n\nDefault settings :"
"\n maxconn = %d, bufsize = %d, maxrewrite = %d, maxpollevents = %d"
"\n\n",
DEFAULT_MAXCONN, BUFSIZE, MAXREWRITE, MAX_POLL_EVENTS);
[MINOR] report list of supported pollers with -vv During troubleshooting, it's often useful to get the list of supported pollers but until now it was required to have a working configuration first. Since the pollers are known before main() is called, let's list them with the build options.
2009-10-03 12:57:08 -04:00
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
list_for_each_entry(item, &build_opts_list, list) {
puts(item->str);
}
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
putchar('\n');
[MINOR] report list of supported pollers with -vv During troubleshooting, it's often useful to get the list of supported pollers but until now it was required to have a working configuration first. Since the pollers are known before main() is called, let's list them with the build options.
2009-10-03 12:57:08 -04:00
list_pollers(stdout);
putchar('\n');
MINOR: filters: Print the list of existing filters during HA startup This is done in verbose/debug mode and when build options are reported.
2016-03-07 06:46:38 -05:00
list_filters(stdout);
putchar('\n');
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* This function prints the command line usage and exits
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void usage(char *name)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
display_version();
fprintf(stderr,
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
"Usage : %s [-f <cfgfile|cfgdir>]* [ -vdV"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
"D ] [ -n <maxconn> ] [ -N <maxpconn> ]\n"
MEDIUM: init: support a list of files on the command line HAProxy could already support being passed a file list on the command line, by passing multiple times "-f" followed by a file name. People have been complaining that it made it hard to pass file lists from init scripts. This patch introduces an end of arguments using the common "--" tag, after which only file names may appear. These files are then added to the existing list of other files specified using -f and are loaded in their declaration order. Thus it becomes possible to do something like this : haproxy -sf $(pidof haproxy) -- /etc/haproxy/global.cfg /etc/haproxy/customers/*.cfg
2015-10-08 05:58:48 -04:00
" [ -p <pidfile> ] [ -m <max megs> ] [ -C <dir> ] [-- <cfgfile>*]\n"
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
" -v displays version ; -vv shows known build options.\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -d enters debug mode ; -db only disables background mode.\n"
MEDIUM: memory: add the ability to poison memory at run time From time to time, some bugs are discovered that are caused by non-initialized memory areas. It happens that most platforms return a zero-filled area upon first malloc() thus hiding potential bugs. This patch also replaces malloc() in pools with calloc() to ensure that all platforms exhibit the same behaviour upon startup. In order to catch these bugs more easily, add a -dM command line flag to enable memory poisonning. Optionally, passing -dM<byte> forces the poisonning byte to <byte>.
2012-05-08 09:40:42 -04:00
" -dM[<byte>] poisons memory with <byte> (defaults to 0x50)\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -V enters verbose mode (disables quiet mode)\n"
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
" -D goes daemon ; -C changes to <dir> before loading files.\n"
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
" -W master-worker mode.\n"
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
" -Ws master-worker mode with systemd notify support.\n"
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -q quiet mode : don't display messages\n"
[MEDIUM] config: support loading multiple configuration files We now support up to 10 distinct configuration files. They are all loaded in the order defined by -f <file1> -f <file2> ... This can be useful in order to store global, private, public, etc... configurations in distinct files.
2009-06-22 10:02:30 -04:00
" -c check mode : only check config files and exit\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -n sets the maximum total # of connections (%d)\n"
" -m limits the usable amount of memory (in MB)\n"
" -N sets the default, per-proxy maximum # of connections (%d)\n"
[MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management Add cmdline option -L to configure local peer name
2010-09-23 12:30:22 -04:00
" -L set local peer name (default to hostname)\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -p writes pids of all children to this file\n"
#if defined(ENABLE_EPOLL)
" -de disables epoll() usage even when available\n"
#endif
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
#if defined(ENABLE_KQUEUE)
" -dk disables kqueue() usage even when available\n"
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#if defined(ENABLE_POLL)
" -dp disables poll() usage even when available\n"
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
#endif
[MEDIUM] remove old experimental tcpsplice option This Linux-specific option was never really used in production and has since been superseded by new splicing options brought by recent Linux kernels. It caused several particular cases in the code because the kernel would take care of the session without haproxy being able to do anything on it, which became hard to handle in the new architecture. Let's simply get rid of it now that there is a replacement available.
2009-08-16 07:20:32 -04:00
#if defined(CONFIG_HAP_LINUX_SPLICE)
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
" -dS disables splice usage (broken on old kernels)\n"
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
#endif
#if defined(USE_GETADDRINFO)
" -dG disables getaddrinfo() usage\n"
MEDIUM: make SO_REUSEPORT configurable With Linux officially introducing SO_REUSEPORT support in 3.9 and its mainstream adoption we have seen more people running into strange SO_REUSEPORT related issues (a process management issue turning into hard to diagnose problems because the kernel load-balances between the new and an obsolete haproxy instance). Also some people simply want the guarantee that the bind fails when the old process is still bound. This change makes SO_REUSEPORT configurable, introducing the command line argument "-dR" and the noreuseport configuration directive. A backport to 1.6 should be considered.
2016-09-12 17:42:20 -04:00
#endif
#if defined(SO_REUSEPORT)
" -dR disables SO_REUSEPORT usage\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
MINOR: init: add -dr to ignore server address resolution failures It is very common when validating a configuration out of production not to have access to the same resolvers and to fail on server address resolution, making it difficult to test a configuration. This option simply appends the "none" method to the list of address resolution methods for all servers, ensuring that even if the libc fails to resolve an address, the startup sequence is not interrupted.
2016-11-07 15:03:16 -05:00
" -dr ignores server address resolution failures\n"
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
" -dV disables SSL verify on servers side\n"
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
" -sf/-st [pid ]* finishes/terminates old pids.\n"
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
" -x <unix_socket> get listening sockets from a unix socket\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
"\n",
name, DEFAULT_MAXCONN, cfg_maxpconn);
exit(1);
}
/*********************************************************************/
/* more specific functions ***************************************/
/*********************************************************************/
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/* sends the signal <sig> to all pids found in <oldpids>. Returns the number of
* pids the signal was correctly delivered to.
*/
static int tell_old_pids(int sig)
{
int p;
int ret = 0;
for (p = 0; p < nb_oldpids; p++)
if (kill(oldpids[p], sig) == 0)
ret++;
return ret;
}
/* return 1 if a pid is a current child otherwise 0 */
int current_child(int pid)
{
int i;
for (i = 0; i < global.nbproc; i++) {
if (children[i] == pid)
return 1;
}
return 0;
}
static void mworker_signalhandler(int signum)
{
caught_signal = signum;
}
static void mworker_register_signals()
{
struct sigaction sa;
/* Here we are not using the haproxy async way
for signals because it does not exists in
the master */
memset(&sa, 0, sizeof(struct sigaction));
sa.sa_handler = &mworker_signalhandler;
sigaction(SIGHUP, &sa, NULL);
sigaction(SIGUSR1, &sa, NULL);
sigaction(SIGUSR2, &sa, NULL);
sigaction(SIGINT, &sa, NULL);
sigaction(SIGTERM, &sa, NULL);
}
static void mworker_block_signals()
{
sigset_t set;
sigemptyset(&set);
sigaddset(&set, SIGUSR1);
sigaddset(&set, SIGUSR2);
sigaddset(&set, SIGHUP);
sigaddset(&set, SIGINT);
sigaddset(&set, SIGTERM);
sigprocmask(SIG_SETMASK, &set, NULL);
}
static void mworker_unblock_signals()
{
sigset_t set;
sigemptyset(&set);
sigaddset(&set, SIGUSR1);
sigaddset(&set, SIGUSR2);
sigaddset(&set, SIGHUP);
sigaddset(&set, SIGINT);
sigaddset(&set, SIGTERM);
sigprocmask(SIG_UNBLOCK, &set, NULL);
}
static void mworker_unregister_signals()
{
signal(SIGINT, SIG_DFL);
signal(SIGTERM, SIG_DFL);
signal(SIGHUP, SIG_IGN);
signal(SIGUSR1, SIG_IGN);
signal(SIGUSR2, SIG_IGN);
}
/*
* Send signal to every known children.
*/
static void mworker_kill(int sig)
{
int i;
tell_old_pids(sig);
if (children) {
for (i = 0; i < global.nbproc; i++)
kill(children[i], sig);
}
}
BUG/MEDIUM: mworker: does not close inherited FD At the end of the master initialisation, a call to protocol_unbind_all() was made, in order to close all the FDs. Unfortunately, this function closes the inherited FDs (fd@), upon reload the master wasn't able to reload a configuration with those FDs. The create_listeners() function now store a flag to specify if the fd was inherited or not. Replace the protocol_unbind_all() by mworker_cleanlisteners() + deinit_pollers()
2017-11-15 13:02:58 -05:00
/*
* Upon a reload, the master worker needs to close all listeners FDs but the mworker_pipe
* fd, and the FD provided by fd@
*/
static void mworker_cleanlisteners()
{
struct listener *l, *l_next;
struct proxy *curproxy;
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
for (curproxy = proxies_list; curproxy; curproxy = curproxy->next) {
BUG/MEDIUM: mworker: does not close inherited FD At the end of the master initialisation, a call to protocol_unbind_all() was made, in order to close all the FDs. Unfortunately, this function closes the inherited FDs (fd@), upon reload the master wasn't able to reload a configuration with those FDs. The create_listeners() function now store a flag to specify if the fd was inherited or not. Replace the protocol_unbind_all() by mworker_cleanlisteners() + deinit_pollers()
2017-11-15 13:02:58 -05:00
list_for_each_entry_safe(l, l_next, &curproxy->conf.listeners, by_fe) {
/* does not close if the FD is inherited with fd@
* from the parent process */
if (!(l->options & LI_O_INHERITED)) {
close(l->fd);
LIST_DEL(&l->by_fe);
LIST_DEL(&l->by_bind);
free(l->name);
free(l->counters);
free(l);
}
}
}
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/*
* remove a pid forom the olpid array and decrease nb_oldpids
* return 1 pid was found otherwise return 0
*/
int delete_oldpid(int pid)
{
int i;
for (i = 0; i < nb_oldpids; i++) {
if (oldpids[i] == pid) {
oldpids[i] = oldpids[nb_oldpids - 1];
oldpids[nb_oldpids - 1] = 0;
nb_oldpids--;
return 1;
}
}
return 0;
}
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
static void get_cur_unixsocket()
{
/* if -x was used, try to update the stat socket if not available anymore */
if (global.stats_fe) {
struct bind_conf *bind_conf;
/* pass through all stats socket */
list_for_each_entry(bind_conf, &global.stats_fe->conf.bind, by_fe) {
struct listener *l;
list_for_each_entry(l, &bind_conf->listeners, by_bind) {
if (l->addr.ss_family == AF_UNIX &&
(bind_conf->level & ACCESS_FD_LISTENERS)) {
const struct sockaddr_un *un;
un = (struct sockaddr_un *)&l->addr;
/* priority to old_unixsocket */
if (!cur_unixsocket) {
cur_unixsocket = strdup(un->sun_path);
} else {
if (old_unixsocket && !strcmp(un->sun_path, old_unixsocket)) {
free(cur_unixsocket);
cur_unixsocket = strdup(old_unixsocket);
return;
}
}
}
}
}
}
if (!cur_unixsocket && old_unixsocket)
cur_unixsocket = strdup(old_unixsocket);
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/*
* When called, this function reexec haproxy with -sf followed by current
* children PIDs and possibily old children PIDs if they didn't leave yet.
*/
static void mworker_reload()
{
int next_argc = 0;
int j;
char *msg = NULL;
mworker_block_signals();
mworker_unregister_signals();
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
if (global.tune.options & GTUNE_USE_SYSTEMD)
sd_notify(0, "RELOADING=1");
#endif
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
setenv("HAPROXY_MWORKER_REEXEC", "1", 1);
/* compute length */
while (next_argv[next_argc])
next_argc++;
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
/* 1 for haproxy -sf, 2 for -x /socket */
next_argv = realloc(next_argv, (next_argc + 1 + 2 + global.nbproc + nb_oldpids + 1) * sizeof(char *));
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
if (next_argv == NULL)
goto alloc_error;
/* add -sf <PID>* to argv */
if (children || nb_oldpids > 0)
next_argv[next_argc++] = "-sf";
if (children) {
for (j = 0; j < global.nbproc; next_argc++,j++) {
next_argv[next_argc] = memprintf(&msg, "%d", children[j]);
if (next_argv[next_argc] == NULL)
goto alloc_error;
msg = NULL;
}
}
/* copy old process PIDs */
for (j = 0; j < nb_oldpids; next_argc++,j++) {
next_argv[next_argc] = memprintf(&msg, "%d", oldpids[j]);
if (next_argv[next_argc] == NULL)
goto alloc_error;
msg = NULL;
}
next_argv[next_argc] = NULL;
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
/* add the -x option with the stat socket */
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
if (cur_unixsocket) {
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
next_argv[next_argc++] = "-x";
next_argv[next_argc++] = (char *)cur_unixsocket;
next_argv[next_argc++] = NULL;
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
}
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Reexecuting Master process\n");
BUG/MEDIUM: mworker: Fix re-exec when haproxy is started from PATH If haproxy is started using the name of the binary only (i.e. not using a relative or absolute path) the `execv` in `mworker_reload` fails with `ENOENT`, because it does not examine the `PATH`: [WARNING] 315/161139 (7) : Reexecuting Master process [WARNING] 315/161139 (7) : Cannot allocate memory [WARNING] 315/161139 (7) : Failed to reexecute the master processs [7] The error messages are misleading, because the return value of `execv` is not checked. This should be fixed in a separate commit. Once this happened the master process ignores any further signals sent by the administrator. Replace `execv` with `execvp` to establish the expected behaviour. This bug was introduced in commit 73b85e75b3963086be889e1fb40a59e7ef2ad63b.
2017-11-12 11:39:18 -05:00
execvp(next_argv[0], next_argv);
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to reexecute the master process [%d]: %s\n", pid, strerror(errno));
MINOR: mworker: display an accurate error when the reexec fail When the master worker fail the execvp, it returns the wrong error "Cannot allocate memory". We now display the accurate error corresponding to the errno value.
2017-11-15 13:02:55 -05:00
return;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
alloc_error:
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to reexecute the master processs [%d]: Cannot allocate memory\n", pid);
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
return;
}
/*
* Wait for every children to exit
*/
static void mworker_wait()
{
int exitpid = -1;
int status = 0;
BUG/MEDIUM: mworker: wait again for signals when execvp fail After execvp fails, the signals were ignored, preventing to try a reload again. It is now fixed by reaching the top of the mworker_wait() function once the execvp failed.
2017-11-15 13:02:56 -05:00
restart_wait:
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
if (global.tune.options & GTUNE_USE_SYSTEMD)
sd_notifyf(0, "READY=1\nMAINPID=%lu", (unsigned long)getpid());
#endif
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
mworker_register_signals();
mworker_unblock_signals();
while (1) {
while (((exitpid = wait(&status)) == -1) && errno == EINTR) {
int sig = caught_signal;
if (sig == SIGUSR2 || sig == SIGHUP) {
mworker_reload();
BUG/MEDIUM: mworker: wait again for signals when execvp fail After execvp fails, the signals were ignored, preventing to try a reload again. It is now fixed by reaching the top of the mworker_wait() function once the execvp failed.
2017-11-15 13:02:56 -05:00
/* should reach there only if it fail */
goto restart_wait;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
} else {
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
if ((global.tune.options & GTUNE_USE_SYSTEMD) && (sig == SIGUSR1 || sig == SIGTERM)) {
sd_notify(0, "STOPPING=1");
}
#endif
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Exiting Master process...\n");
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
mworker_kill(sig);
mworker_unregister_signals();
}
caught_signal = 0;
}
if (exitpid == -1 && errno == ECHILD) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("All workers are left. Leaving... (%d)\n", status);
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
atexit_flag = 0;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
exit(status); /* parent must leave using the latest status code known */
}
if (WIFEXITED(status))
status = WEXITSTATUS(status);
else if (WIFSIGNALED(status))
status = 128 + WTERMSIG(status);
else if (WIFSTOPPED(status))
status = 128 + WSTOPSIG(status);
else
status = 255;
if (!children) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Worker %d left with exit code %d\n", exitpid, status);
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
} else {
/* check if exited child was in the current children list */
if (current_child(exitpid)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Current worker %d left with exit code %d\n", exitpid, status);
MEDIUM: mworker: exit-on-failure option This option exits every workers when one of the current workers die. It allows you to monitor the master process in order to relaunch everything on a failure. For example it can be used with systemd and Restart=on-failure in a spec file.
2017-06-01 11:38:54 -04:00
if (status != 0 && status != 130 && status != 143
MAJOR: mworker: exits the master on failure This patch changes the behavior of the master during the exit of a worker. When a worker exits with an error code, for example in the case of a segfault, all workers are now killed and the master leaves. If you don't want this behavior you can use the option "master-worker no-exit-on-failure".
2017-11-24 16:02:34 -05:00
&& !(global.tune.options & GTUNE_NOEXIT_ONFAILURE)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("exit-on-failure: killing every workers with SIGTERM\n");
MEDIUM: mworker: exit-on-failure option This option exits every workers when one of the current workers die. It allows you to monitor the master process in order to relaunch everything on a failure. For example it can be used with systemd and Restart=on-failure in a spec file.
2017-06-01 11:38:54 -04:00
mworker_kill(SIGTERM);
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
} else {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Former worker %d left with exit code %d\n", exitpid, status);
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
delete_oldpid(exitpid);
}
}
}
}
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
/*
* Reexec the process in failure mode, instead of exiting
*/
void reexec_on_failure()
{
if (!atexit_flag)
return;
setenv("HAPROXY_MWORKER_WAIT_ONLY", "1", 1);
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Reexecuting Master process in waitpid mode\n");
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
mworker_reload();
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
[MEDIUM] signals: support redistribution of signal zero when stopping Signal zero is never delivered by the system. However having a signal to which functions and tasks can subscribe to be notified of a stopping event is useful. So this patch does two things : 1) allow signal zero to be delivered from any function of signal handler 2) make soft_stop() deliver this signal so that tasks can be notified of a stopping condition.
2010-08-27 12:26:11 -04:00
* upon SIGUSR1, let's have a soft stop. Note that soft_stop() broadcasts
* a signal zero to all subscribers. This means that it's as easy as
* subscribing to signal 0 to get informed about an imminent shutdown.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void sig_soft_stop(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
soft_stop();
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
signal_unregister_handler(sh);
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_gc(NULL);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/*
* upon SIGTTOU, we pause everything
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void sig_pause(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
pause_proxies();
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_gc(NULL);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/*
* upon SIGTTIN, let's have a soft stop.
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void sig_listen(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
[MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c Managing listeners state is difficult because they have their own state and can at the same time have theirs dictated by their proxy. The pause is not done properly, as the proxy code is fiddling with sockets. By introducing new functions such as pause_listener()/resume_listener(), we make it a bit more obvious how/when they're supposed to be used. The listen_proxies() function was also renamed to resume_proxies() since it's only used for pause/resume. This patch is the first in a series aiming at getting rid of the maintain_proxies mess. In the end, proxies should not call enable_listener()/disable_listener() anymore.
2011-07-24 12:28:10 -04:00
resume_proxies();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/*
* this function dumps every server's state when the process receives SIGHUP.
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void sig_dump_state(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
struct proxy *p = proxies_list;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("SIGHUP received, dumping servers states.\n");
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
while (p) {
struct server *s = p->srv;
send_log(p, LOG_NOTICE, "SIGHUP received, dumping servers states for proxy %s.\n", p->id);
while (s) {
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_printf(&trash,
"SIGHUP: Server %s/%s is %s. Conn: %d act, %d pend, %lld tot.",
p->id, s->id,
MEDIUM: check: server states and weight propagation re-work The server state and weight was reworked to handle "pending" values updated by checks/CLI/LUA/agent. These values are commited to be propagated to the LB stack. In further dev related to multi-thread, the commit will be handled into a sync point. Pending values are named using the prefix 'next_' Current values used by the LB stack are named 'cur_'
2017-08-31 08:41:55 -04:00
(s->cur_state != SRV_ST_STOPPED) ? "UP" : "DOWN",
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
s->cur_sess, s->nbpend, s->counters.cum_sess);
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("%s\n", trash.str);
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
send_log(p, LOG_NOTICE, "%s\n", trash.str);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
s = s->next;
}
[MINOR] fix the SIGHUP message not to alert on server-less proxies The SIGHUP message was designed long before it was possible to have no server in a proxy. Remove the alert in case there's no server.
2007-09-17 05:27:09 -04:00
/* FIXME: those info are a bit outdated. We should be able to distinguish between FE and BE. */
if (!p->srv) {
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_printf(&trash,
"SIGHUP: Proxy %s has no servers. Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld.",
p->id,
p->feconn, p->beconn, p->totpend, p->nbpend, p->fe_counters.cum_conn, p->be_counters.cum_conn);
[MINOR] fix the SIGHUP message not to alert on server-less proxies The SIGHUP message was designed long before it was possible to have no server in a proxy. Remove the alert in case there's no server.
2007-09-17 05:27:09 -04:00
} else if (p->srv_act == 0) {
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_printf(&trash,
"SIGHUP: Proxy %s %s ! Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld.",
p->id,
(p->srv_bck) ? "is running on backup servers" : "has no server available",
p->feconn, p->beconn, p->totpend, p->nbpend, p->fe_counters.cum_conn, p->be_counters.cum_conn);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else {
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_printf(&trash,
"SIGHUP: Proxy %s has %d active servers and %d backup servers available."
" Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld.",
p->id, p->srv_act, p->srv_bck,
p->feconn, p->beconn, p->totpend, p->nbpend, p->fe_counters.cum_conn, p->be_counters.cum_conn);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("%s\n", trash.str);
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
send_log(p, LOG_NOTICE, "%s\n", trash.str);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
p = p->next;
}
}
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void dump(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
[MAJOR] migrated task, tree64 and session to pool2 task and tree64 are already very close in size and are merged together. Overall performance gained slightly by this simple change.
2007-05-13 13:43:47 -04:00
/* dump memory usage then free everything possible */
dump_pools();
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_gc(NULL);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
/* This function check if cfg_cfgfiles containes directories.
* If it find one, it add all the files (and only files) it containes
* in cfg_cfgfiles in place of the directory (and remove the directory).
* It add the files in lexical order.
* It add only files with .cfg extension.
* It doesn't add files with name starting with '.'
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void cfgfiles_expand_directories(void)
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
{
struct wordlist *wl, *wlb;
char *err = NULL;
list_for_each_entry_safe(wl, wlb, &cfg_cfgfiles, list) {
struct stat file_stat;
struct dirent **dir_entries = NULL;
int dir_entries_nb;
int dir_entries_it;
if (stat(wl->s, &file_stat)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot open configuration file/directory %s : %s\n",
wl->s,
strerror(errno));
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
if (!S_ISDIR(file_stat.st_mode))
continue;
/* from this point wl->s is a directory */
dir_entries_nb = scandir(wl->s, &dir_entries, NULL, alphasort);
if (dir_entries_nb < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot open configuration directory %s : %s\n",
wl->s,
strerror(errno));
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
/* for each element in the directory wl->s */
for (dir_entries_it = 0; dir_entries_it < dir_entries_nb; dir_entries_it++) {
struct dirent *dir_entry = dir_entries[dir_entries_it];
char *filename = NULL;
char *d_name_cfgext = strstr(dir_entry->d_name, ".cfg");
/* don't add filename that begin with .
* only add filename with .cfg extention
*/
if (dir_entry->d_name[0] == '.' ||
!(d_name_cfgext && d_name_cfgext[4] == '\0'))
goto next_dir_entry;
if (!memprintf(&filename, "%s/%s", wl->s, dir_entry->d_name)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot load configuration files %s : out of memory.\n",
filename);
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
if (stat(filename, &file_stat)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot open configuration file %s : %s\n",
wl->s,
strerror(errno));
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
/* don't add anything else than regular file in cfg_cfgfiles
* this way we avoid loops
*/
if (!S_ISREG(file_stat.st_mode))
goto next_dir_entry;
if (!list_append_word(&wl->list, filename, &err)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot load configuration files %s : %s\n",
filename,
err);
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
next_dir_entry:
free(filename);
free(dir_entry);
}
free(dir_entries);
/* remove the current directory (wl) from cfg_cfgfiles */
free(wl->s);
LIST_DEL(&wl->list);
free(wl);
}
free(err);
}
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
static int get_old_sockets(const char *unixsocket)
{
char *cmsgbuf = NULL, *tmpbuf = NULL;
int *tmpfd = NULL;
struct sockaddr_un addr;
struct cmsghdr *cmsg;
struct msghdr msghdr;
struct iovec iov;
struct xfer_sock_list *xfer_sock = NULL;
MINOR: socket transfer: Set a timeout on the socket. Make sure we're not stuck forever by setting a timeout on the socket.
2017-04-06 08:45:14 -04:00
struct timeval tv = { .tv_sec = 1, .tv_usec = 0 };
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
int sock = -1;
int ret = -1;
int ret2 = -1;
int fd_nb;
int got_fd = 0;
int i = 0;
size_t maxoff = 0, curoff = 0;
memset(&msghdr, 0, sizeof(msghdr));
cmsgbuf = malloc(CMSG_SPACE(sizeof(int)) * MAX_SEND_FD);
if (!cmsgbuf) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory to send sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
sock = socket(PF_UNIX, SOCK_STREAM, 0);
if (sock < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to connect to the old process socket '%s'\n",
unixsocket);
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
strncpy(addr.sun_path, unixsocket, sizeof(addr.sun_path));
addr.sun_path[sizeof(addr.sun_path) - 1] = 0;
addr.sun_family = PF_UNIX;
ret = connect(sock, (struct sockaddr *)&addr, sizeof(addr));
if (ret < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to connect to the old process socket '%s'\n",
unixsocket);
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
MINOR: socket transfer: Set a timeout on the socket. Make sure we're not stuck forever by setting a timeout on the socket.
2017-04-06 08:45:14 -04:00
setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (void *)&tv, sizeof(tv));
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
iov.iov_base = &fd_nb;
iov.iov_len = sizeof(fd_nb);
msghdr.msg_iov = &iov;
msghdr.msg_iovlen = 1;
send(sock, "_getsocks\n", strlen("_getsocks\n"), 0);
/* First, get the number of file descriptors to be received */
if (recvmsg(sock, &msghdr, MSG_WAITALL) != sizeof(fd_nb)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to get the number of sockets to be transferred !\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
if (fd_nb == 0) {
ret = 0;
goto out;
}
BUILD: use MAXPATHLEN instead of NAME_MAX. This fixes building on at least Solaris, where NAME_MAX doesn't exist.
2017-11-04 10:13:01 -04:00
tmpbuf = malloc(fd_nb * (1 + MAXPATHLEN + 1 + IFNAMSIZ + sizeof(int)));
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
if (tmpbuf == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory while receiving sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
tmpfd = malloc(fd_nb * sizeof(int));
if (tmpfd == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory while receiving sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
msghdr.msg_control = cmsgbuf;
msghdr.msg_controllen = CMSG_SPACE(sizeof(int)) * MAX_SEND_FD;
BUILD: use MAXPATHLEN instead of NAME_MAX. This fixes building on at least Solaris, where NAME_MAX doesn't exist.
2017-11-04 10:13:01 -04:00
iov.iov_len = MAX_SEND_FD * (1 + MAXPATHLEN + 1 + IFNAMSIZ + sizeof(int));
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
do {
int ret3;
iov.iov_base = tmpbuf + curoff;
ret = recvmsg(sock, &msghdr, 0);
if (ret == -1 && errno == EINTR)
continue;
if (ret <= 0)
break;
/* Send an ack to let the sender know we got the sockets
* and it can send some more
*/
do {
ret3 = send(sock, &got_fd, sizeof(got_fd), 0);
} while (ret3 == -1 && errno == EINTR);
for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg != NULL;
cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
if (cmsg->cmsg_level == SOL_SOCKET &&
cmsg->cmsg_type == SCM_RIGHTS) {
size_t totlen = cmsg->cmsg_len -
CMSG_LEN(0);
if (totlen / sizeof(int) + got_fd > fd_nb) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Got to many sockets !\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
/*
* Be paranoid and use memcpy() to avoid any
* potential alignement issue.
*/
memcpy(&tmpfd[got_fd], CMSG_DATA(cmsg), totlen);
got_fd += totlen / sizeof(int);
}
}
curoff += ret;
} while (got_fd < fd_nb);
if (got_fd != fd_nb) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("We didn't get the expected number of sockets (expecting %d got %d)\n",
fd_nb, got_fd);
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
maxoff = curoff;
curoff = 0;
for (i = 0; i < got_fd; i++) {
int fd = tmpfd[i];
socklen_t socklen;
int len;
xfer_sock = calloc(1, sizeof(*xfer_sock));
if (!xfer_sock) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory in get_old_sockets() !\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
break;
}
xfer_sock->fd = -1;
socklen = sizeof(xfer_sock->addr);
if (getsockname(fd, (struct sockaddr *)&xfer_sock->addr, &socklen) != 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to get socket address\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
free(xfer_sock);
BUG/MINOR: Prevent a use-after-free on error scenario on option "-x". This was introduced with recent commit f73629d ("MINOR: global: Add an option to get the old listening sockets."). No backport is needed.
2017-07-17 11:25:33 -04:00
xfer_sock = NULL;
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
continue;
}
if (curoff >= maxoff) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Inconsistency while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
len = tmpbuf[curoff++];
if (len > 0) {
/* We have a namespace */
if (curoff + len > maxoff) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Inconsistency while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
xfer_sock->namespace = malloc(len + 1);
if (!xfer_sock->namespace) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
memcpy(xfer_sock->namespace, &tmpbuf[curoff], len);
xfer_sock->namespace[len] = 0;
curoff += len;
}
if (curoff >= maxoff) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Inconsistency while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
len = tmpbuf[curoff++];
if (len > 0) {
/* We have an interface */
if (curoff + len > maxoff) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Inconsistency while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
xfer_sock->iface = malloc(len + 1);
if (!xfer_sock->iface) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
memcpy(xfer_sock->iface, &tmpbuf[curoff], len);
xfer_sock->namespace[len] = 0;
curoff += len;
}
if (curoff + sizeof(int) > maxoff) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Inconsistency while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
memcpy(&xfer_sock->options, &tmpbuf[curoff],
sizeof(xfer_sock->options));
curoff += sizeof(xfer_sock->options);
xfer_sock->fd = fd;
if (xfer_sock_list)
xfer_sock_list->prev = xfer_sock;
xfer_sock->next = xfer_sock_list;
xfer_sock->prev = NULL;
xfer_sock_list = xfer_sock;
xfer_sock = NULL;
}
ret2 = 0;
out:
/* If we failed midway make sure to close the remaining
* file descriptors
*/
if (tmpfd != NULL && i < got_fd) {
for (; i < got_fd; i++) {
close(tmpfd[i]);
}
}
free(tmpbuf);
free(tmpfd);
free(cmsgbuf);
if (sock != -1)
close(sock);
if (xfer_sock) {
free(xfer_sock->namespace);
free(xfer_sock->iface);
if (xfer_sock->fd != -1)
close(xfer_sock->fd);
free(xfer_sock);
}
return (ret2);
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/*
* copy and cleanup the current argv
* Remove the -sf /-st parameters
* Return an allocated copy of argv
*/
static char **copy_argv(int argc, char **argv)
{
char **newargv;
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
int i = 0, j = 0;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
newargv = calloc(argc + 2, sizeof(char *));
if (newargv == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Cannot allocate memory\n");
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
return NULL;
}
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
while (i < argc) {
/* -sf or -st or -x */
if ((argv[i][1] == 's' && (argv[i][2] == 'f' || argv[i][2] == 't')) || argv[i][1] == 'x' ) {
/* list of pids to finish ('f') or terminate ('t') or unix socket (-x) */
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
i++;
while (i < argc && argv[i][0] != '-') {
i++;
}
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
continue;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
}
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
newargv[j++] = argv[i++];
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
}
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
return newargv;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* This function initializes all the necessary variables. It only returns
* if everything is OK. If something fails, it exits.
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void init(int argc, char **argv)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
int arg_mode = 0; /* MODE_DEBUG, ... */
char *tmp;
char *cfg_pidfile = NULL;
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
int err_code = 0;
MEDIUM: init: use list_append_word in haproxy.c replace LIST_ADDQ with list_append_word
2016-05-13 17:52:55 -04:00
char *err_msg = NULL;
[MEDIUM] config: remove the limitation of 10 config files Now we use a linked list, there is no limit anymore.
2010-01-03 15:12:30 -05:00
struct wordlist *wl;
[MINOR] log: ability to override the syslog tag One of the requirements we have is to run multiple instances of haproxy on a single host; this is so that we can split the responsibilities (and change permissions) between product teams. An issue we ran up against is how we would distinguish between the logs generated by each instance. The solution we came up with (please let me know if there is a better way) is to override the application tag written to syslog. We can then configure syslog to write these to different files. I have attached a patch adding a global option 'log-tag' to override the default syslog tag 'haproxy' (actually defaults to argv[0]).
2010-12-22 11:08:21 -05:00
char *progname;
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
char *change_dir = NULL;
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
struct proxy *px;
MINOR: haproxy: add a registration for post-check functions There's a significant amount of late initialization calls which are performed after the point where we exit in check mode. These calls are used to allocate resource and perform certain slow operations. Let's have a way to register some functions which need to be called there instead of having this multitude of #ifdef in the init path.
2016-12-21 13:57:00 -05:00
struct post_check_fct *pcf;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: startup: Extend the scope the MODE_STARTING flag Now, MODE_STARTING is set at the begining to init function and it is removed just before the polling loop. So more alerts or warnings are saved.
2017-10-24 07:53:54 -04:00
global.mode = MODE_STARTING;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
next_argv = copy_argv(argc, argv);
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
if (!init_trash_buffers(1)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("failed to initialize trash buffers.\n");
MINOR: chunks: Use dedicated function to init/deinit trash buffers Now, we use init_trash_buffers and deinit_trash_buffers to, respectively, initialize and deinitialize trash buffers (trash, trash_buf1 and trash_buf2). These functions have been introduced to be used by threads, to deal with thread-local trash buffers.
2017-07-26 08:59:46 -04:00
exit(1);
}
BUG/MAJOR: trash must always be the size of a buffer Before it was possible to resize the buffers using global.tune.bufsize, the trash has always been the size of a buffer by design. Unfortunately, the recent buffer sizing at runtime forgot to adjust the trash, resulting in it being too short for content rewriting if buffers were enlarged from the default value. The bug was encountered in 1.4 so the fix must be backported there.
2012-05-16 08:16:48 -04:00
[MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management Add cmdline option -L to configure local peer name
2010-09-23 12:30:22 -04:00
/* NB: POSIX does not make it mandatory for gethostname() to NULL-terminate
* the string in case of truncation, and at least FreeBSD appears not to do
* it.
*/
memset(hostname, 0, sizeof(hostname));
gethostname(hostname, sizeof(hostname) - 1);
memset(localpeer, 0, sizeof(localpeer));
memcpy(localpeer, hostname, (sizeof(hostname) > sizeof(localpeer) ? sizeof(localpeer) : sizeof(hostname)) - 1);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* Initialize the previously static variables.
*/
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
[MEDIUM] splice: make use of pipe pools Using pipe pools makes pipe management a lot easier. It also allows to remove quite a bunch of #ifdefs in areas which depended on the presence or not of support for kernel splicing. The buffer now holds a pointer to a pipe structure which is always NULL except if there are still data in the pipe. When it needs to use that pipe, it dynamically allocates it from the pipe pool. When the data is consumed, the pipe is immediately released. That way, there is no need anymore to care about pipe closure upon session termination, nor about pipe creation when trying to use splice(). Another immediate advantage of this method is that it considerably reduces the number of pipes needed to use splice(). Tests have shown that even with 0.2 pipe per connection, almost all sessions can use splice(), because the same pipe may be used by several consecutive calls to splice().
2009-01-25 07:56:13 -05:00
totalconn = actconn = maxfd = listeners = stopping = 0;
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
killed = 0;
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#ifdef HAPROXY_MEMMAX
BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced When memmax is forced using "-m", the per-process memory limit is enforced using setrlimit(), but this value is not used to compute the automatic maxconn limit. In addition, the per-process memory limit didn't consider the fact that the shared SSL cache only needs to be accounted once. The doc was also fixed to clearly state that "-m" is global and not per process. It makes sense because people who use -m want to protect the system's resources regardless of whatever appears in the configuration.
2015-12-14 06:46:07 -05:00
global.rlimit_memmax_all = HAPROXY_MEMMAX;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
BUG/MINOR: log: GMT offset not updated when entering/leaving DST GMT offset used in local time formats was computed at startup, but was not updated when DST status changed while running. For example these two RFC5424 syslog traces where emitted 5 seconds apart, just before and after DST changed: <14>1 2016-03-27T01:59:58+01:00 bunch-VirtualBox haproxy 2098 - - Connect ... <14>1 2016-03-27T03:00:03+01:00 bunch-VirtualBox haproxy 2098 - - Connect ... It looked like they were emitted more than 1 hour apart, unlike with the fix: <14>1 2016-03-27T01:59:58+01:00 bunch-VirtualBox haproxy 3381 - - Connect ... <14>1 2016-03-27T03:00:03+02:00 bunch-VirtualBox haproxy 3381 - - Connect ... This patch should be backported to 1.6 and partially to 1.5 (no fix needed in log.c).
2016-03-27 05:08:03 -04:00
tzset();
[MEDIUM] further improve monotonic clock by check forward jumps The first implementation of the monotonic clock did not verify forward jumps. The consequence is that a fast changing time may expire a lot of tasks. While it does seem minor, in fact it is problematic because most machines which boot with a wrong date are in the past and suddenly see their time jump by several years in the future. The solution is to check if we spent more apparent time in a poller than allowed (with a margin applied). The margin is currently set to 1000 ms. It should be large enough for any poll() to complete. Tests with randomly jumping clock show that the result is quite accurate (error less than 1 second at every change of more than one second).
2008-06-23 08:00:57 -04:00
tv_update_date(-1,-1);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
start_date = now;
MINOR: sample: add a rand() sample fetch to return a sample. Sometimes it can be useful to generate a random value, at least for debugging purposes, but also to take routing decisions or to pass such a value to a backend server.
2014-02-14 05:59:04 -05:00
srandom(now_ms - getpid());
MEDIUM: log: add a new log format flag "E" The +E mode escapes characters '"', '\' and ']' with '\' as prefix. It mostly makes sense to use it in the RFC5424 structured-data log formats. Example: log-format-sd %{+Q,+E}o\ [exampleSDID@1234\ header=%[capture.req.hdr(0)]]
2016-02-12 07:23:03 -05:00
init_log();
[MEDIUM] call signal_process_queue from run_poll_loop Now we check for asynchronous pending signals. There's no user yet so this cannot cause any trouble.
2009-05-10 03:01:21 -04:00
signal_init();
MAJOR: acl: make all ACLs reference the fetch function via a sample. ACL fetch functions used to directly reference a fetch function. Now that all ACL fetches have their sample fetches equivalent, we can make ACLs reference a sample fetch keyword instead. In order to simplify the code, a sample keyword name may be NULL if it is the same as the ACL's, which is the most common case. A minor change appeared, http_auth always expects one argument though the ACL allowed it to be missing and reported as such afterwards, so fix the ACL to match this. This is not really a bug.
2013-01-11 09:49:37 -05:00
if (init_acl() != 0)
exit(1);
[MAJOR] migrated task, tree64 and session to pool2 task and tree64 are already very close in size and are merged together. Overall performance gained slightly by this simple change.
2007-05-13 13:43:47 -04:00
init_task();
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
init_stream();
MINOR: session: start to reintroduce struct session There is now a pointer to the session in the stream, which is NULL for now. The session pool is created as well. Some parts will move from the stream to the session now.
2015-04-03 07:53:24 -04:00
init_session();
MAJOR: session: detach the connections from the stream interfaces We will need to be able to switch server connections on a session and to keep idle connections. In order to achieve this, the preliminary requirement is that the connections can survive the session and be detached from them. Right now they're still allocated at exactly the same place, so when there is a session, there are always 2 connections. We could soon improve on this by allocating the outgoing connection only during a connect(). This current patch touches a lot of code and intentionally does not change any functionnality. Performance tests show no regression (even a very minor improvement). The doc has not yet been updated.
2012-10-26 14:10:28 -04:00
init_connection();
[BUG] variable buffer size ignored at initialization time Commit 27a674efb84bde8c045b87c9634f123e2f8925dc introduced the ability to configure buffer sizes. Unfortunately, the pool was created before the conf was read, so that is was always set to the default size. In order to fix that, we delay the call to init_buffer(), which is not a problem since nothing uses it during the initialization.
2009-09-23 17:37:52 -04:00
/* warning, we init buffers later */
[MAJOR] ported pendconn to mempools v2 A pool_destroy() was also missing in deinit()
2007-05-13 14:19:55 -04:00
init_pendconn();
[MEDIUM] errorloc now checked first from backend then from frontend It is now possible to define an errorloc in the backend as well as in the frontend. The backend's will be used first, and if undefined, then the frontend's will be used instead. If none is used, then the original error messages will be used.
2006-12-24 11:47:20 -05:00
init_proto_http();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: lua: lua integration in the build and init system. This is the first step of the lua integration. We add the useful files in the HAProxy project. These files contains the main includes, the Makefile options and empty initialisation function. Is is the LUA skeleton.
2015-01-23 08:06:13 -05:00
/* Initialise lua. */
hlua_init();
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
/* Initialize process vars */
vars_init(&global.vars, SCOPE_PROC);
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options |= GTUNE_USE_SELECT; /* select() is always available */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#if defined(ENABLE_POLL)
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options |= GTUNE_USE_POLL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
#if defined(ENABLE_EPOLL)
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options |= GTUNE_USE_EPOLL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
#if defined(ENABLE_KQUEUE)
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options |= GTUNE_USE_KQUEUE;
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
#endif
[MEDIUM] remove old experimental tcpsplice option This Linux-specific option was never really used in production and has since been superseded by new splicing options brought by recent Linux kernels. It caused several particular cases in the code because the kernel would take care of the session without haproxy being able to do anything on it, which became hard to handle in the new architecture. Let's simply get rid of it now that there is a replacement available.
2009-08-16 07:20:32 -04:00
#if defined(CONFIG_HAP_LINUX_SPLICE)
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
global.tune.options |= GTUNE_USE_SPLICE;
#endif
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
#if defined(USE_GETADDRINFO)
global.tune.options |= GTUNE_USE_GAI;
#endif
MEDIUM: make SO_REUSEPORT configurable With Linux officially introducing SO_REUSEPORT support in 3.9 and its mainstream adoption we have seen more people running into strange SO_REUSEPORT related issues (a process management issue turning into hard to diagnose problems because the kernel load-balances between the new and an obsolete haproxy instance). Also some people simply want the guarantee that the bind fails when the old process is still bound. This change makes SO_REUSEPORT configurable, introducing the command line argument "-dR" and the noreuseport configuration directive. A backport to 1.6 should be considered.
2016-09-12 17:42:20 -04:00
#if defined(SO_REUSEPORT)
global.tune.options |= GTUNE_USE_REUSEPORT;
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
pid = getpid();
progname = *argv;
while ((tmp = strchr(progname, '/')) != NULL)
progname = tmp + 1;
[MINOR] log: ability to override the syslog tag One of the requirements we have is to run multiple instances of haproxy on a single host; this is so that we can split the responsibilities (and change permissions) between product teams. An issue we ran up against is how we would distinguish between the logs generated by each instance. The solution we came up with (please let me know if there is a better way) is to override the application tag written to syslog. We can then configure syslog to write these to different files. I have attached a patch adding a global option 'log-tag' to override the default syslog tag 'haproxy' (actually defaults to argv[0]).
2010-12-22 11:08:21 -05:00
/* the process name is used for the logs only */
BUG/MEDIUM: logs: segfault writing to log from Lua Michael Ezzell reported a bug causing haproxy to segfault during startup when trying to send syslog message from Lua. The function __send_log() can be called with *p that is NULL and/or when the configuration is not fully parsed, as is the case with Lua. This patch fixes this problem by using individual vectors instead of the pre-generated strings log_htp and log_htp_rfc5424. Also, this patch fixes a problem causing haproxy to write the wrong pid in the logs -- the log_htp(_rfc5424) strings were generated at the haproxy start, but "pid" value would be changed after haproxy is started in daemon/systemd mode.
2015-10-01 07:18:13 -04:00
chunk_initstr(&global.log_tag, strdup(progname));
[MINOR] log: ability to override the syslog tag One of the requirements we have is to run multiple instances of haproxy on a single host; this is so that we can split the responsibilities (and change permissions) between product teams. An issue we ran up against is how we would distinguish between the logs generated by each instance. The solution we came up with (please let me know if there is a better way) is to override the application tag written to syslog. We can then configure syslog to write these to different files. I have attached a patch adding a global option 'log-tag' to override the default syslog tag 'haproxy' (actually defaults to argv[0]).
2010-12-22 11:08:21 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
argc--; argv++;
while (argc > 0) {
char *flag;
if (**argv == '-') {
flag = *argv+1;
/* 1 arg */
if (*flag == 'v') {
display_version();
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
if (flag[1] == 'v') /* -vv */
display_build_opts();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
exit(0);
}
#if defined(ENABLE_EPOLL)
else if (*flag == 'd' && flag[1] == 'e')
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_EPOLL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
#if defined(ENABLE_POLL)
else if (*flag == 'd' && flag[1] == 'p')
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_POLL;
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
#endif
[MINOR] copy-paste typo when checking for -dk to disable kqueue.
2007-04-10 16:45:11 -04:00
#if defined(ENABLE_KQUEUE)
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
else if (*flag == 'd' && flag[1] == 'k')
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_KQUEUE;
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
#endif
[MEDIUM] remove old experimental tcpsplice option This Linux-specific option was never really used in production and has since been superseded by new splicing options brought by recent Linux kernels. It caused several particular cases in the code because the kernel would take care of the session without haproxy being able to do anything on it, which became hard to handle in the new architecture. Let's simply get rid of it now that there is a replacement available.
2009-08-16 07:20:32 -04:00
#if defined(CONFIG_HAP_LINUX_SPLICE)
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
else if (*flag == 'd' && flag[1] == 'S')
global.tune.options &= ~GTUNE_USE_SPLICE;
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
#endif
#if defined(USE_GETADDRINFO)
else if (*flag == 'd' && flag[1] == 'G')
global.tune.options &= ~GTUNE_USE_GAI;
MEDIUM: make SO_REUSEPORT configurable With Linux officially introducing SO_REUSEPORT support in 3.9 and its mainstream adoption we have seen more people running into strange SO_REUSEPORT related issues (a process management issue turning into hard to diagnose problems because the kernel load-balances between the new and an obsolete haproxy instance). Also some people simply want the guarantee that the bind fails when the old process is still bound. This change makes SO_REUSEPORT configurable, introducing the command line argument "-dR" and the noreuseport configuration directive. A backport to 1.6 should be considered.
2016-09-12 17:42:20 -04:00
#endif
#if defined(SO_REUSEPORT)
else if (*flag == 'd' && flag[1] == 'R')
global.tune.options &= ~GTUNE_USE_REUSEPORT;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
else if (*flag == 'd' && flag[1] == 'V')
global.ssl_server_verify = SSL_SERVER_VERIFY_NONE;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'V')
arg_mode |= MODE_VERBOSE;
else if (*flag == 'd' && flag[1] == 'b')
arg_mode |= MODE_FOREGROUND;
MEDIUM: memory: add the ability to poison memory at run time From time to time, some bugs are discovered that are caused by non-initialized memory areas. It happens that most platforms return a zero-filled area upon first malloc() thus hiding potential bugs. This patch also replaces malloc() in pools with calloc() to ensure that all platforms exhibit the same behaviour upon startup. In order to catch these bugs more easily, add a -dM command line flag to enable memory poisonning. Optionally, passing -dM<byte> forces the poisonning byte to <byte>.
2012-05-08 09:40:42 -04:00
else if (*flag == 'd' && flag[1] == 'M')
mem_poison_byte = flag[2] ? strtol(flag + 2, NULL, 0) : 'P';
MINOR: init: add -dr to ignore server address resolution failures It is very common when validating a configuration out of production not to have access to the same resolvers and to fail on server address resolution, making it difficult to test a configuration. This option simply appends the "none" method to the list of address resolution methods for all servers, ensuring that even if the libc fails to resolve an address, the startup sequence is not interrupted.
2016-11-07 15:03:16 -05:00
else if (*flag == 'd' && flag[1] == 'r')
global.tune.options |= GTUNE_RESOLVE_DONTFAIL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'd')
arg_mode |= MODE_DEBUG;
else if (*flag == 'c')
arg_mode |= MODE_CHECK;
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
else if (*flag == 'D')
[MINOR] startup: don't imply -q with -D It is recommended to have -D in init scripts, but -D also implies quiet mode, which hides warning messages, and both options are now completely unrelated. Remove the implication to get warnings with -D.
2009-05-18 10:29:51 -04:00
arg_mode |= MODE_DAEMON;
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
else if (*flag == 'W' && flag[1] == 's') {
BUG/MINOR: systemd: ignore daemon mode Since we switched to notify mode in the systemd unit file in commit d6942c8, haproxy won't start if the daemon keyword is present in the configuration. This change makes sure that haproxy remains in foreground when using systemd mode and adds a note in the documentation.
2017-11-21 06:39:34 -05:00
arg_mode |= MODE_MWORKER | MODE_FOREGROUND;
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
global.tune.options |= GTUNE_USE_SYSTEMD;
#else
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("master-worker mode with systemd support (-Ws) requested, but not compiled. Use master-worker mode (-W) if you are not using Type=notify in your unit file or recompile with USE_SYSTEMD=1.\n\n");
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
usage(progname);
#endif
}
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
else if (*flag == 'W')
arg_mode |= MODE_MWORKER;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'q')
arg_mode |= MODE_QUIET;
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
else if (*flag == 'x') {
BUG/MEDIUM: fix segfault when no argument to -x option This patch fixes a segfault in the command line parser. When haproxy is launched with -x with no argument and -x is the latest option in argv it segfaults. Use usage() insteads of exit() on error.
2017-06-19 09:57:55 -04:00
if (argc <= 1 || argv[1][0] == '-') {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Unix socket path expected with the -x flag\n\n");
BUG/MEDIUM: fix segfault when no argument to -x option This patch fixes a segfault in the command line parser. When haproxy is launched with -x with no argument and -x is the latest option in argv it segfaults. Use usage() insteads of exit() on error.
2017-06-19 09:57:55 -04:00
usage(progname);
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
}
MINOR: warning on multiple -x Multiple use of the -x option is useless, emit a warning.
2017-06-19 10:37:19 -04:00
if (old_unixsocket)
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("-x option already set, overwriting the value\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
old_unixsocket = argv[1];
MINOR: warning on multiple -x Multiple use of the -x option is useless, emit a warning.
2017-06-19 10:37:19 -04:00
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
argv++;
argc--;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 's' && (flag[1] == 'f' || flag[1] == 't')) {
/* list of pids to finish ('f') or terminate ('t') */
if (flag[1] == 'f')
oldpids_sig = SIGUSR1; /* finish then exit */
else
oldpids_sig = SIGTERM; /* terminate immediately */
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
while (argc > 1 && argv[1][0] != '-') {
oldpids = realloc(oldpids, (nb_oldpids + 1) * sizeof(int));
if (!oldpids) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot allocate old pid : out of memory.\n");
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
exit(1);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
argc--; argv++;
oldpids[nb_oldpids] = atol(*argv);
if (oldpids[nb_oldpids] <= 0)
usage(progname);
nb_oldpids++;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
MEDIUM: init: support a list of files on the command line HAProxy could already support being passed a file list on the command line, by passing multiple times "-f" followed by a file name. People have been complaining that it made it hard to pass file lists from init scripts. This patch introduces an end of arguments using the common "--" tag, after which only file names may appear. These files are then added to the existing list of other files specified using -f and are loaded in their declaration order. Thus it becomes possible to do something like this : haproxy -sf $(pidof haproxy) -- /etc/haproxy/global.cfg /etc/haproxy/customers/*.cfg
2015-10-08 05:58:48 -04:00
else if (flag[0] == '-' && flag[1] == 0) { /* "--" */
/* now that's a cfgfile list */
argv++; argc--;
while (argc > 0) {
MEDIUM: init: use list_append_word in haproxy.c replace LIST_ADDQ with list_append_word
2016-05-13 17:52:55 -04:00
if (!list_append_word(&cfg_cfgfiles, *argv, &err_msg)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot load configuration file/directory %s : %s\n",
*argv,
err_msg);
MEDIUM: init: support a list of files on the command line HAProxy could already support being passed a file list on the command line, by passing multiple times "-f" followed by a file name. People have been complaining that it made it hard to pass file lists from init scripts. This patch introduces an end of arguments using the common "--" tag, after which only file names may appear. These files are then added to the existing list of other files specified using -f and are loaded in their declaration order. Thus it becomes possible to do something like this : haproxy -sf $(pidof haproxy) -- /etc/haproxy/global.cfg /etc/haproxy/customers/*.cfg
2015-10-08 05:58:48 -04:00
exit(1);
}
argv++; argc--;
}
break;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else { /* >=2 args */
argv++; argc--;
if (argc == 0)
[CLEANUP] startup: report only the basename in the usage message Don't write the full path to the program, just the program name.
2011-09-10 13:20:23 -04:00
usage(progname);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
switch (*flag) {
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
case 'C' : change_dir = *argv; break;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
case 'n' : cfg_maxconn = atol(*argv); break;
BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced When memmax is forced using "-m", the per-process memory limit is enforced using setrlimit(), but this value is not used to compute the automatic maxconn limit. In addition, the per-process memory limit didn't consider the fact that the shared SSL cache only needs to be accounted once. The doc was also fixed to clearly state that "-m" is global and not per process. It makes sense because people who use -m want to protect the system's resources regardless of whatever appears in the configuration.
2015-12-14 06:46:07 -05:00
case 'm' : global.rlimit_memmax_all = atol(*argv); break;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
case 'N' : cfg_maxpconn = atol(*argv); break;
[MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management Add cmdline option -L to configure local peer name
2010-09-23 12:30:22 -04:00
case 'L' : strncpy(localpeer, *argv, sizeof(localpeer) - 1); break;
[MEDIUM] config: support loading multiple configuration files We now support up to 10 distinct configuration files. They are all loaded in the order defined by -f <file1> -f <file2> ... This can be useful in order to store global, private, public, etc... configurations in distinct files.
2009-06-22 10:02:30 -04:00
case 'f' :
MEDIUM: init: use list_append_word in haproxy.c replace LIST_ADDQ with list_append_word
2016-05-13 17:52:55 -04:00
if (!list_append_word(&cfg_cfgfiles, *argv, &err_msg)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot load configuration file/directory %s : %s\n",
*argv,
err_msg);
[MEDIUM] config: support loading multiple configuration files We now support up to 10 distinct configuration files. They are all loaded in the order defined by -f <file1> -f <file2> ... This can be useful in order to store global, private, public, etc... configurations in distinct files.
2009-06-22 10:02:30 -04:00
exit(1);
}
break;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
case 'p' : cfg_pidfile = *argv; break;
[CLEANUP] startup: report only the basename in the usage message Don't write the full path to the program, just the program name.
2011-09-10 13:20:23 -04:00
default: usage(progname);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
}
else
[CLEANUP] startup: report only the basename in the usage message Don't write the full path to the program, just the program name.
2011-09-10 13:20:23 -04:00
usage(progname);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
argv++; argc--;
}
MINOR: startup: Extend the scope the MODE_STARTING flag Now, MODE_STARTING is set at the begining to init function and it is removed just before the polling loop. So more alerts or warnings are saved.
2017-10-24 07:53:54 -04:00
global.mode |= (arg_mode & (MODE_DAEMON | MODE_MWORKER | MODE_FOREGROUND | MODE_VERBOSE
| MODE_QUIET | MODE_CHECK | MODE_DEBUG));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
/* Master workers wait mode */
if ((global.mode & MODE_MWORKER) && (getenv("HAPROXY_MWORKER_WAIT_ONLY") != NULL)) {
unsetenv("HAPROXY_MWORKER_WAIT_ONLY");
mworker_wait();
}
if ((global.mode & MODE_MWORKER) && (getenv("HAPROXY_MWORKER_REEXEC") != NULL)) {
atexit_flag = 1;
atexit(reexec_on_failure);
}
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
if (change_dir && chdir(change_dir) < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Could not change to directory %s : %s\n", change_dir, strerror(errno));
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
exit(1);
}
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
/* handle cfgfiles that are actualy directories */
cfgfiles_expand_directories();
if (LIST_ISEMPTY(&cfg_cfgfiles))
usage(progname);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.maxsock = 10; /* reserve 10 fds ; will be incremented by socket eaters */
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
init_default_instance();
[MEDIUM] config: remove the limitation of 10 config files Now we use a linked list, there is no limit anymore.
2010-01-03 15:12:30 -05:00
list_for_each_entry(wl, &cfg_cfgfiles, list) {
[BUG] config: fix error message when config file is not found Cameron Simpson reported an annoying case where haproxy simply reports "Error(s) found in configuration file" when the file is not found or not readable. Fortunately the parsing function still returns -1 in case of open error, so we're able to detect the issue from the caller and report the corresponding errno message.
2009-12-06 07:10:44 -05:00
int ret;
[MEDIUM] config: remove the limitation of 10 config files Now we use a linked list, there is no limit anymore.
2010-01-03 15:12:30 -05:00
ret = readcfgfile(wl->s);
[BUG] config: fix error message when config file is not found Cameron Simpson reported an annoying case where haproxy simply reports "Error(s) found in configuration file" when the file is not found or not readable. Fortunately the parsing function still returns -1 in case of open error, so we're able to detect the issue from the caller and report the corresponding errno message.
2009-12-06 07:10:44 -05:00
if (ret == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Could not open configuration file %s : %s\n",
wl->s, strerror(errno));
[BUG] config: fix error message when config file is not found Cameron Simpson reported an annoying case where haproxy simply reports "Error(s) found in configuration file" when the file is not found or not readable. Fortunately the parsing function still returns -1 in case of open error, so we're able to detect the issue from the caller and report the corresponding errno message.
2009-12-06 07:10:44 -05:00
exit(1);
}
[MINOR] config: don't report error on all subsequent files on failure Cyril Bont found that when an error is detected in one config file, it is also reported in all other ones, which is wrong. The fix obviously consists in checking the return code from readcfgfile() and not the accumulator.
2009-12-15 15:46:25 -05:00
if (ret & (ERR_ABORT|ERR_FATAL))
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Error(s) found in configuration file : %s\n", wl->s);
[MINOR] config: don't report error on all subsequent files on failure Cyril Bont found that when an error is detected in one config file, it is also reported in all other ones, which is wrong. The fix obviously consists in checking the return code from readcfgfile() and not the accumulator.
2009-12-15 15:46:25 -05:00
err_code |= ret;
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
if (err_code & ERR_ABORT)
[MEDIUM] config: support loading multiple configuration files We now support up to 10 distinct configuration files. They are all loaded in the order defined by -f <file1> -f <file2> ... This can be useful in order to store global, private, public, etc... configurations in distinct files.
2009-06-22 10:02:30 -04:00
exit(1);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] Spread health checks even more When one server appears at the same position in multiple backends, it receives all the checks from all the backends exactly at the same time because the health-checks are only spread within a backend but not globally. Attached patch implements per-server start delay in a different way. Checks are now spread globally - not locally to one backend. It also makes them start faster - IMHO there is no need to add a 'server->inter' when calculating first execution. Calculation were moved from cfgparse.c to checks.c. There is a new function start_checks() and now it is not called when haproxy is started in MODE_CHECK. With this patch it is also possible to set a global 'spread-checks' parameter. It takes a percentage value (1..50, probably something near 5..10 is a good idea) so haproxy adds or removes that many percent to the original interval after each check. My test shows that with 18 backends, 54 servers total and 10000ms/5% it takes about 45m to mix them completely. I decided to use rand/srand pseudo-random number generator. I am aware it is not recommend for a good randomness but a) we do not need a good random generator here b) it is probably the most portable one.
2007-10-14 17:40:01 -04:00
MEDIUM: config: don't check config validity when there are fatal errors Overall we do have an issue with the severity of a number of errors. Most fatal errors are reported with ERR_FATAL (which prevents startup) and not ERR_ABORT (which stops parsing ASAP), but check_config_validity() is still called on ERR_FATAL, and will most of the time report bogus errors. This is what caused smp_resolve_args() to be called on a number of unparsable ACLs, and it also is what reports incorrect ordering or unresolvable section names when certain entries could not be properly parsed. This patch stops this domino effect by simply aborting before trying to further check and resolve the configuration when it's already know that there are fatal errors. A concrete example comes from this config : userlist users : user foo insecure-password bar listen foo bind :1234 mode htttp timeout client 10S timeout server 10s timeout connect 10s stats uri /stats stats http-request auth unless { http_auth(users) } http-request redirect location /index.html if { path / } It contains a colon after the userlist name, a typo in the client timeout value, another one in "mode http" which cause some other configuration elements not to be properly handled. Previously it would confusingly report : [ALERT] 108/114851 (20224) : parsing [err-report.cfg:1] : 'userlist' cannot handle unexpected argument ':'. [ALERT] 108/114851 (20224) : parsing [err-report.cfg:6] : unknown proxy mode 'htttp'. [ALERT] 108/114851 (20224) : parsing [err-report.cfg:7] : unexpected character 'S' in 'timeout client' [ALERT] 108/114851 (20224) : Error(s) found in configuration file : err-report.cfg [ALERT] 108/114851 (20224) : parsing [err-report.cfg:11] : unable to find userlist 'users' referenced in arg 1 of ACL keyword 'http_auth' in proxy 'foo'. [WARNING] 108/114851 (20224) : config : missing timeouts for proxy 'foo'. | While not properly invalid, you will certainly encounter various problems | with such a configuration. To fix this, please ensure that all following | timeouts are set to a non-zero value: 'client', 'connect', 'server'. [WARNING] 108/114851 (20224) : config : 'stats' statement ignored for proxy 'foo' as it requires HTTP mode. [WARNING] 108/114851 (20224) : config : 'http-request' rules ignored for proxy 'foo' as they require HTTP mode. [ALERT] 108/114851 (20224) : Fatal errors found in configuration. The "requires HTTP mode" errors are just pollution resulting from the improper spelling of this mode earlier. The unresolved reference to the userlist is caused by the extra colon on the declaration, and the warning regarding the missing timeouts is caused by the wrong character. Now it more accurately reports : [ALERT] 108/114900 (20225) : parsing [err-report.cfg:1] : 'userlist' cannot handle unexpected argument ':'. [ALERT] 108/114900 (20225) : parsing [err-report.cfg:6] : unknown proxy mode 'htttp'. [ALERT] 108/114900 (20225) : parsing [err-report.cfg:7] : unexpected character 'S' in 'timeout client' [ALERT] 108/114900 (20225) : Error(s) found in configuration file : err-report.cfg [ALERT] 108/114900 (20225) : Fatal errors found in configuration. Despite not really a fix, this patch should be backported at least to 1.7, possibly even 1.6, and 1.5 since it hardens the config parser against certain bad situations like the recently reported use-after-free and the last null dereference.
2017-04-19 05:24:07 -04:00
/* do not try to resolve arguments nor to spot inconsistencies when
* the configuration contains fatal errors caused by files not found
* or failed memory allocations.
*/
if (err_code & (ERR_ABORT|ERR_FATAL)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Fatal errors found in configuration.\n");
MEDIUM: config: don't check config validity when there are fatal errors Overall we do have an issue with the severity of a number of errors. Most fatal errors are reported with ERR_FATAL (which prevents startup) and not ERR_ABORT (which stops parsing ASAP), but check_config_validity() is still called on ERR_FATAL, and will most of the time report bogus errors. This is what caused smp_resolve_args() to be called on a number of unparsable ACLs, and it also is what reports incorrect ordering or unresolvable section names when certain entries could not be properly parsed. This patch stops this domino effect by simply aborting before trying to further check and resolve the configuration when it's already know that there are fatal errors. A concrete example comes from this config : userlist users : user foo insecure-password bar listen foo bind :1234 mode htttp timeout client 10S timeout server 10s timeout connect 10s stats uri /stats stats http-request auth unless { http_auth(users) } http-request redirect location /index.html if { path / } It contains a colon after the userlist name, a typo in the client timeout value, another one in "mode http" which cause some other configuration elements not to be properly handled. Previously it would confusingly report : [ALERT] 108/114851 (20224) : parsing [err-report.cfg:1] : 'userlist' cannot handle unexpected argument ':'. [ALERT] 108/114851 (20224) : parsing [err-report.cfg:6] : unknown proxy mode 'htttp'. [ALERT] 108/114851 (20224) : parsing [err-report.cfg:7] : unexpected character 'S' in 'timeout client' [ALERT] 108/114851 (20224) : Error(s) found in configuration file : err-report.cfg [ALERT] 108/114851 (20224) : parsing [err-report.cfg:11] : unable to find userlist 'users' referenced in arg 1 of ACL keyword 'http_auth' in proxy 'foo'. [WARNING] 108/114851 (20224) : config : missing timeouts for proxy 'foo'. | While not properly invalid, you will certainly encounter various problems | with such a configuration. To fix this, please ensure that all following | timeouts are set to a non-zero value: 'client', 'connect', 'server'. [WARNING] 108/114851 (20224) : config : 'stats' statement ignored for proxy 'foo' as it requires HTTP mode. [WARNING] 108/114851 (20224) : config : 'http-request' rules ignored for proxy 'foo' as they require HTTP mode. [ALERT] 108/114851 (20224) : Fatal errors found in configuration. The "requires HTTP mode" errors are just pollution resulting from the improper spelling of this mode earlier. The unresolved reference to the userlist is caused by the extra colon on the declaration, and the warning regarding the missing timeouts is caused by the wrong character. Now it more accurately reports : [ALERT] 108/114900 (20225) : parsing [err-report.cfg:1] : 'userlist' cannot handle unexpected argument ':'. [ALERT] 108/114900 (20225) : parsing [err-report.cfg:6] : unknown proxy mode 'htttp'. [ALERT] 108/114900 (20225) : parsing [err-report.cfg:7] : unexpected character 'S' in 'timeout client' [ALERT] 108/114900 (20225) : Error(s) found in configuration file : err-report.cfg [ALERT] 108/114900 (20225) : Fatal errors found in configuration. Despite not really a fix, this patch should be backported at least to 1.7, possibly even 1.6, and 1.5 since it hardens the config parser against certain bad situations like the recently reported use-after-free and the last null dereference.
2017-04-19 05:24:07 -04:00
exit(1);
}
MINOR: pattern: Each pattern is identified by unique id. The pattern reference are stored with two identifiers: the unique_id and the reference. The reference identify a file. Each file with the same name point to the same reference. We can register many times one file. If the file is modified, all his dependencies are also modified. The reference can be used with map or acl. The unique_id identify inline acl. The unique id is unique for each acl. You cannot force the same id in the configuration file, because this repport an error. The format of the acl and map listing through the "socket" has changed for displaying these new ids.
2014-03-11 09:29:22 -04:00
pattern_finalize_config();
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
err_code |= check_config_validity();
if (err_code & (ERR_ABORT|ERR_FATAL)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Fatal errors found in configuration.\n");
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
exit(1);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced When memmax is forced using "-m", the per-process memory limit is enforced using setrlimit(), but this value is not used to compute the automatic maxconn limit. In addition, the per-process memory limit didn't consider the fact that the shared SSL cache only needs to be accounted once. The doc was also fixed to clearly state that "-m" is global and not per process. It makes sense because people who use -m want to protect the system's resources regardless of whatever appears in the configuration.
2015-12-14 06:46:07 -05:00
/* recompute the amount of per-process memory depending on nbproc and
* the shared SSL cache size (allowed to exist in all processes).
*/
if (global.rlimit_memmax_all) {
#if defined (USE_OPENSSL) && !defined(USE_PRIVATE_CACHE)
int64_t ssl_cache_bytes = global.tune.sslcachesize * 200LL;
global.rlimit_memmax =
((((int64_t)global.rlimit_memmax_all * 1048576LL) -
ssl_cache_bytes) / global.nbproc +
ssl_cache_bytes + 1048575LL) / 1048576LL;
#else
global.rlimit_memmax = global.rlimit_memmax_all / global.nbproc;
#endif
}
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 09:11:45 -05:00
#ifdef CONFIG_HAP_NS
err_code |= netns_init();
if (err_code & (ERR_ABORT|ERR_FATAL)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Failed to initialize namespace support.\n");
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 09:11:45 -05:00
exit(1);
}
#endif
MINOR: init: move apply_server_state in haproxy.c before MODE_CHECK Currently, the function which applies server states provided by the "old" process is applied after configuration sanity check. This results in the impossibility to check the validity of the state file during a regular config check, implying a full start is required, which can be a problem sometimes. This patch moves the loading of server_state file before MODE_CHECK.
2016-11-02 10:33:15 -04:00
/* Apply server states */
apply_server_state();
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
for (px = proxies_list; px; px = px->next)
MINOR: init: move apply_server_state in haproxy.c before MODE_CHECK Currently, the function which applies server states provided by the "old" process is applied after configuration sanity check. This results in the impossibility to check the validity of the state file during a regular config check, implying a full start is required, which can be a problem sometimes. This patch moves the loading of server_state file before MODE_CHECK.
2016-11-02 10:33:15 -04:00
srv_compute_all_admin_states(px);
MAJOR: server: postpone address resolution Server addresses are not resolved anymore upon the first pass so that we don't fail if an address cannot be resolved by the libc. Instead they are processed all at once after the configuration is fully loaded, by the new function srv_init_addr(). This function only acts on the server's address if this address uses an FQDN, which appears in server->hostname. For now the function does two things, to followup with HAProxy's historical default behavior: 1. apply server IP address found in server-state file if runtime DNS resolution is enabled for this server 2. use the DNS resolver provided by the libc If none of the 2 options above can find an IP address, then an error is returned. All of this will be needed to support the new server parameter "init-addr". For now, the biggest user-visible change is that all server resolution errors are dumped at once instead of causing a startup failure one by one.
2016-11-02 10:34:05 -04:00
/* Apply servers' configured address */
err_code |= srv_init_addr();
if (err_code & (ERR_ABORT|ERR_FATAL)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Failed to initialize server(s) addr.\n");
MAJOR: server: postpone address resolution Server addresses are not resolved anymore upon the first pass so that we don't fail if an address cannot be resolved by the libc. Instead they are processed all at once after the configuration is fully loaded, by the new function srv_init_addr(). This function only acts on the server's address if this address uses an FQDN, which appears in server->hostname. For now the function does two things, to followup with HAProxy's historical default behavior: 1. apply server IP address found in server-state file if runtime DNS resolution is enabled for this server 2. use the DNS resolver provided by the libc If none of the 2 options above can find an IP address, then an error is returned. All of this will be needed to support the new server parameter "init-addr". For now, the biggest user-visible change is that all server resolution errors are dumped at once instead of causing a startup failure one by one.
2016-11-02 10:34:05 -04:00
exit(1);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (global.mode & MODE_CHECK) {
MEDIUM: improve config check return codes When checking a configuration file using "-c -f xxx", sometimes it is reported that a config is valid while it will later fail (eg: no enabled listener). Instead, let's improve the return values : - return 0 if config is 100% OK - return 1 if config has errors - return 2 if config is OK but no listener nor peer is enabled
2012-02-02 11:48:18 -05:00
struct peers *pr;
struct proxy *px;
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
for (pr = cfg_peers; pr; pr = pr->next)
MEDIUM: improve config check return codes When checking a configuration file using "-c -f xxx", sometimes it is reported that a config is valid while it will later fail (eg: no enabled listener). Instead, let's improve the return values : - return 0 if config is 100% OK - return 1 if config has errors - return 2 if config is OK but no listener nor peer is enabled
2012-02-02 11:48:18 -05:00
if (pr->peers_fe)
break;
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
for (px = proxies_list; px; px = px->next)
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
if (px->state == PR_STNEW && !LIST_ISEMPTY(&px->conf.listeners))
MEDIUM: improve config check return codes When checking a configuration file using "-c -f xxx", sometimes it is reported that a config is valid while it will later fail (eg: no enabled listener). Instead, let's improve the return values : - return 0 if config is 100% OK - return 1 if config has errors - return 2 if config is OK but no listener nor peer is enabled
2012-02-02 11:48:18 -05:00
break;
if (pr || px) {
/* At least one peer or one listener has been found */
qfprintf(stdout, "Configuration file is valid\n");
exit(0);
}
qfprintf(stdout, "Configuration file has no error but will not start (no listener) => exit(2).\n");
exit(2);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MAJOR: threads/task: handle multithread on task scheduler 2 global locks have been added to protect, respectively, the run queue and the wait queue. And a process mask has been added on each task. Like for FDs, this mask is used to know which threads are allowed to process a task. For many tasks, all threads are granted. And this must be your first intension when you create a new task, else you have a good reason to make a task sticky on some threads. This is then the responsibility to the process callback to lock what have to be locked in the task context. Nevertheless, all tasks linked to a session must be sticky on the thread creating the session. It is important that I/O handlers processing session FDs and these tasks run on the same thread to avoid conflicts.
2017-09-27 08:59:38 -04:00
global_listener_queue_task = task_new(MAX_THREADS_MASK);
[MEDIUM] listeners: add a global listener management task This global task is used to periodically check for end of resource shortage and to try to enable queued listeners again. This is important in case some temporary system-wide shortage is encountered, so that we don't have to wait for an existing connection to be released before checking the queue again. For situations where listeners are queued due to the global maxconn being reached, the task is woken up at least every second. For situations where a system resource shortage is detected (memory, sockets, ...) the task is woken up at least every 100 ms. That way, recovery from severe events can still be achieved under acceptable conditions.
2011-08-01 14:57:55 -04:00
if (!global_listener_queue_task) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Out of memory when initializing global task\n");
[MEDIUM] listeners: add a global listener management task This global task is used to periodically check for end of resource shortage and to try to enable queued listeners again. This is important in case some temporary system-wide shortage is encountered, so that we don't have to wait for an existing connection to be released before checking the queue again. For situations where listeners are queued due to the global maxconn being reached, the task is woken up at least every second. For situations where a system resource shortage is detected (memory, sockets, ...) the task is woken up at least every 100 ms. That way, recovery from severe events can still be achieved under acceptable conditions.
2011-08-01 14:57:55 -04:00
exit(1);
}
/* very simple initialization, users will queue the task if needed */
global_listener_queue_task->context = NULL; /* not even a context! */
global_listener_queue_task->process = manage_global_listener_queue;
CLEANUP: channel: use "channel" instead of "buffer" in function names This is a massive rename of most functions which should make use of the word "channel" instead of the word "buffer" in their names. In concerns the following ones (new names) : unsigned long long channel_forward(struct channel *buf, unsigned long long bytes); static inline void channel_init(struct channel *buf) static inline int channel_input_closed(struct channel *buf) static inline int channel_output_closed(struct channel *buf) static inline void channel_check_timeouts(struct channel *b) static inline void channel_erase(struct channel *buf) static inline void channel_shutr_now(struct channel *buf) static inline void channel_shutw_now(struct channel *buf) static inline void channel_abort(struct channel *buf) static inline void channel_stop_hijacker(struct channel *buf) static inline void channel_auto_connect(struct channel *buf) static inline void channel_dont_connect(struct channel *buf) static inline void channel_auto_close(struct channel *buf) static inline void channel_dont_close(struct channel *buf) static inline void channel_auto_read(struct channel *buf) static inline void channel_dont_read(struct channel *buf) unsigned long long channel_forward(struct channel *buf, unsigned long long bytes) Some functions provided by channel.[ch] have kept their "buffer" name because they are really designed to act on the buffer according to some information gathered from the channel. They have been moved together to the same place in the file for better readability but they were not changed at all. The "buffer" memory pool was also renamed "channel".
2012-08-27 18:06:31 -04:00
/* now we know the buffer size, we can initialize the channels and buffers */
MAJOR: channel: replace the struct buffer with a pointer to a buffer With this commit, we now separate the channel from the buffer. This will allow us to replace buffers on the fly without touching the channel. Since nobody is supposed to keep a reference to a buffer anymore, doing so is not a problem and will also permit some copy-less data manipulation. Interestingly, these changes have shown a 2% performance increase on some workloads, probably due to a better cache placement of data.
2012-10-12 17:49:43 -04:00
init_buffer();
[BUG] variable buffer size ignored at initialization time Commit 27a674efb84bde8c045b87c9634f123e2f8925dc introduced the ability to configure buffer sizes. Unfortunately, the pool was created before the conf was read, so that is was always set to the default size. In order to fix that, we delay the call to init_buffer(), which is not a problem since nothing uses it during the initialization.
2009-09-23 17:37:52 -04:00
MINOR: haproxy: add a registration for post-check functions There's a significant amount of late initialization calls which are performed after the point where we exit in check mode. These calls are used to allocate resource and perform certain slow operations. Let's have a way to register some functions which need to be called there instead of having this multitude of #ifdef in the init path.
2016-12-21 13:57:00 -05:00
list_for_each_entry(pcf, &post_check_list, list) {
err_code |= pcf->fct();
if (err_code & (ERR_ABORT|ERR_FATAL))
exit(1);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (cfg_maxconn > 0)
global.maxconn = cfg_maxconn;
if (cfg_pidfile) {
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(global.pidfile);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.pidfile = strdup(cfg_pidfile);
}
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
/* Now we want to compute the maxconn and possibly maxsslconn values.
* It's a bit tricky. If memmax is not set, maxconn defaults to
* DEFAULT_MAXCONN and maxsslconn defaults to DEFAULT_MAXSSLCONN.
*
* If memmax is set, then it depends on which values are set. If
* maxsslconn is set, we use memmax to determine how many cleartext
* connections may be added, and set maxconn to the sum of the two.
* If maxconn is set and not maxsslconn, maxsslconn is computed from
* the remaining amount of memory between memmax and the cleartext
* connections. If neither are set, then it is considered that all
* connections are SSL-capable, and maxconn is computed based on this,
* then maxsslconn accordingly. We need to know if SSL is used on the
* frontends, backends, or both, because when it's used on both sides,
* we need twice the value for maxsslconn, but we only count the
* handshake once since it is not performed on the two sides at the
* same time (frontend-side is terminated before backend-side begins).
* The SSL stack is supposed to have filled ssl_session_cost and
MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn when possible") resulted in a case where if enough memory is available, a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting in possibly overflowing other systems resources (eg: kernel socket buffers, conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN if it is defined. Note that the value is set to DEFAULT_MAXCONN since SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
2015-01-28 13:03:21 -05:00
* ssl_handshake_cost during its initialization. In any case, if
* SYSTEM_MAXCONN is set, we still enforce it as an upper limit for
* maxconn in order to protect the system.
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
*/
if (!global.rlimit_memmax) {
if (global.maxconn == 0) {
global.maxconn = DEFAULT_MAXCONN;
if (global.mode & (MODE_VERBOSE|MODE_DEBUG))
fprintf(stderr, "Note: setting global.maxconn to %d.\n", global.maxconn);
}
}
#ifdef USE_OPENSSL
else if (!global.maxconn && !global.maxsslconn &&
(global.ssl_used_frontend || global.ssl_used_backend)) {
/* memmax is set, compute everything automatically. Here we want
* to ensure that all SSL connections will be served. We take
* care of the number of sides where SSL is used, and consider
* the worst case : SSL used on both sides and doing a handshake
* simultaneously. Note that we can't have more than maxconn
* handshakes at a time by definition, so for the worst case of
* two SSL conns per connection, we count a single handshake.
*/
int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
int64_t mem = global.rlimit_memmax * 1048576ULL;
mem -= global.tune.sslcachesize * 200; // about 200 bytes per SSL cache entry
mem -= global.maxzlibmem;
mem = mem * MEM_USABLE_RATIO;
global.maxconn = mem /
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
((STREAM_MAX_COST + 2 * global.tune.bufsize) + // stream + 2 buffers per stream
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
sides * global.ssl_session_max_cost + // SSL buffers, one per side
global.ssl_handshake_max_cost); // 1 handshake per connection max
global.maxconn = round_2dig(global.maxconn);
MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn when possible") resulted in a case where if enough memory is available, a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting in possibly overflowing other systems resources (eg: kernel socket buffers, conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN if it is defined. Note that the value is set to DEFAULT_MAXCONN since SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
2015-01-28 13:03:21 -05:00
#ifdef SYSTEM_MAXCONN
if (global.maxconn > DEFAULT_MAXCONN)
global.maxconn = DEFAULT_MAXCONN;
#endif /* SYSTEM_MAXCONN */
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
global.maxsslconn = sides * global.maxconn;
if (global.mode & (MODE_VERBOSE|MODE_DEBUG))
fprintf(stderr, "Note: setting global.maxconn to %d and global.maxsslconn to %d.\n",
global.maxconn, global.maxsslconn);
}
else if (!global.maxsslconn &&
(global.ssl_used_frontend || global.ssl_used_backend)) {
/* memmax and maxconn are known, compute maxsslconn automatically.
* maxsslconn being forced, we don't know how many of it will be
* on each side if both sides are being used. The worst case is
* when all connections use only one SSL instance because
* handshakes may be on two sides at the same time.
*/
int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
int64_t mem = global.rlimit_memmax * 1048576ULL;
int64_t sslmem;
mem -= global.tune.sslcachesize * 200; // about 200 bytes per SSL cache entry
mem -= global.maxzlibmem;
mem = mem * MEM_USABLE_RATIO;
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
sslmem = mem - global.maxconn * (int64_t)(STREAM_MAX_COST + 2 * global.tune.bufsize);
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
global.maxsslconn = sslmem / (global.ssl_session_max_cost + global.ssl_handshake_max_cost);
global.maxsslconn = round_2dig(global.maxsslconn);
if (sslmem <= 0 || global.maxsslconn < sides) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot compute the automatic maxsslconn because global.maxconn is already too "
"high for the global.memmax value (%d MB). The absolute maximum possible value "
"without SSL is %d, but %d was found and SSL is in use.\n",
global.rlimit_memmax,
(int)(mem / (STREAM_MAX_COST + 2 * global.tune.bufsize)),
global.maxconn);
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
exit(1);
}
if (global.maxsslconn > sides * global.maxconn)
global.maxsslconn = sides * global.maxconn;
if (global.mode & (MODE_VERBOSE|MODE_DEBUG))
fprintf(stderr, "Note: setting global.maxsslconn to %d\n", global.maxsslconn);
}
#endif
else if (!global.maxconn) {
/* memmax and maxsslconn are known/unused, compute maxconn automatically */
int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
int64_t mem = global.rlimit_memmax * 1048576ULL;
int64_t clearmem;
if (global.ssl_used_frontend || global.ssl_used_backend)
mem -= global.tune.sslcachesize * 200; // about 200 bytes per SSL cache entry
mem -= global.maxzlibmem;
mem = mem * MEM_USABLE_RATIO;
clearmem = mem;
if (sides)
clearmem -= (global.ssl_session_max_cost + global.ssl_handshake_max_cost) * (int64_t)global.maxsslconn;
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
global.maxconn = clearmem / (STREAM_MAX_COST + 2 * global.tune.bufsize);
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
global.maxconn = round_2dig(global.maxconn);
MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn when possible") resulted in a case where if enough memory is available, a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting in possibly overflowing other systems resources (eg: kernel socket buffers, conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN if it is defined. Note that the value is set to DEFAULT_MAXCONN since SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
2015-01-28 13:03:21 -05:00
#ifdef SYSTEM_MAXCONN
if (global.maxconn > DEFAULT_MAXCONN)
global.maxconn = DEFAULT_MAXCONN;
#endif /* SYSTEM_MAXCONN */
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
if (clearmem <= 0 || !global.maxconn) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot compute the automatic maxconn because global.maxsslconn is already too "
"high for the global.memmax value (%d MB). The absolute maximum possible value "
"is %d, but %d was found.\n",
global.rlimit_memmax,
(int)(mem / (global.ssl_session_max_cost + global.ssl_handshake_max_cost)),
global.maxsslconn);
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
exit(1);
}
if (global.mode & (MODE_VERBOSE|MODE_DEBUG)) {
if (sides && global.maxsslconn > sides * global.maxconn) {
fprintf(stderr, "Note: global.maxsslconn is forced to %d which causes global.maxconn "
"to be limited to %d. Better reduce global.maxsslconn to get more "
"room for extra connections.\n", global.maxsslconn, global.maxconn);
}
fprintf(stderr, "Note: setting global.maxconn to %d\n", global.maxconn);
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
if (!global.maxpipes) {
/* maxpipes not specified. Count how many frontends and backends
* may be using splicing, and bound that to maxconn.
*/
struct proxy *cur;
int nbfe = 0, nbbe = 0;
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
for (cur = proxies_list; cur; cur = cur->next) {
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
if (cur->options2 & (PR_O2_SPLIC_ANY)) {
if (cur->cap & PR_CAP_FE)
nbfe += cur->maxconn;
if (cur->cap & PR_CAP_BE)
[BUG] reserve some pipes for backends with splice enabled If splicing is enabled in a backend, we need to guess how many pipes will be needed. We used to rely on fullconn, but this leads to non-working splicing when fullconn is not specified. So we now fallback to global.maxconn.
2009-01-25 04:42:05 -05:00
nbbe += cur->fullconn ? cur->fullconn : global.maxconn;
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
}
}
global.maxpipes = MAX(nbfe, nbbe);
if (global.maxpipes > global.maxconn)
global.maxpipes = global.maxconn;
[OPTIM] make global.maxpipes default to global.maxconn/4 when not specified global.maxconn/4 seems to be a good hint for global.maxpipes when that one must be guessed. If the limit is reached, it's still possible to set it manually in the configuration.
2009-01-25 08:06:58 -05:00
global.maxpipes /= 4;
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
}
[CLEANUP] remove a useless test in manage_global_listener_queue() The test for the empty list was done twice.
2011-09-07 08:26:33 -04:00
global.hardmaxconn = global.maxconn; /* keep this max value */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.maxsock += global.maxconn * 2; /* each connection needs two sockets */
[MINOR] global.maxpipes: add the ability to reserve file descriptors for pipes This will be needed to use linux's splice() syscall.
2009-01-18 14:39:42 -05:00
global.maxsock += global.maxpipes * 2; /* each pipe needs two FDs */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate The peers and the stats socket are control sockets, they must not be limited by traffic rules.
2011-09-07 12:00:47 -04:00
if (global.stats_fe)
global.maxsock += global.stats_fe->maxconn;
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
if (cfg_peers) {
[MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate The peers and the stats socket are control sockets, they must not be limited by traffic rules.
2011-09-07 12:00:47 -04:00
/* peers also need to bypass global maxconn */
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
struct peers *p = cfg_peers;
[MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate The peers and the stats socket are control sockets, they must not be limited by traffic rules.
2011-09-07 12:00:47 -04:00
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
for (p = cfg_peers; p; p = p->next)
[MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate The peers and the stats socket are control sockets, they must not be limited by traffic rules.
2011-09-07 12:00:47 -04:00
if (p->peers_fe)
global.maxsock += p->peers_fe->maxconn;
}
[MEDIUM] limit the number of events returned by *poll* By default, epoll/kqueue used to return as many events as possible. This could sometimes cause huge latencies (latencies of up to 400 ms have been observed with many thousands of fds at once). Limiting the number of events returned also reduces the latency by avoiding too many blind processing. The value is set to 200 by default and can be changed in the global section using the tune.maxpollevents parameter.
2007-06-03 11:16:49 -04:00
if (global.tune.maxpollevents <= 0)
global.tune.maxpollevents = MAX_POLL_EVENTS;
[OPTIM] stream_sock: don't retry to read after a large read If we get very large data at once, it's almost certain that it's worthless trying to read again, because we got everything we could get. Doing this has made all -EAGAIN disappear from splice reads. The threshold has been put in the global tunable structures so that if we one day want to make it accessible from user config, it will be easy to do so.
2009-03-21 15:43:57 -04:00
if (global.tune.recv_enough == 0)
global.tune.recv_enough = MIN_RECV_AT_ONCE_ENOUGH;
MEDIUM: config: set tune.maxrewrite to 1024 by default The tune.maxrewrite parameter used to be pre-initialized to half of the buffer size since the very early days when buffers were very small. It has grown to absurdly large values over the years to reach 8kB for a 16kB buffer. This prevents large requests from being accepted, which is the opposite of the initial goal. Many users fix it to 1024 which is already quite large for header addition. So let's change the default setting policy : - pre-initialize it to 1024 - let the user tweak it - in any case, limit it to tune.bufsize / 2 This results in 15kB usable to buffer HTTP messages instead of 8kB, and doesn't affect existing configurations which already force it.
2015-09-28 07:53:23 -04:00
if (global.tune.maxrewrite < 0)
global.tune.maxrewrite = MAXREWRITE;
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
if (global.tune.maxrewrite >= global.tune.bufsize / 2)
global.tune.maxrewrite = global.tune.bufsize / 2;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (arg_mode & (MODE_DEBUG | MODE_FOREGROUND)) {
/* command line debug mode inhibits configuration mode */
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
global.mode &= ~(MODE_DAEMON | MODE_QUIET);
BUG/MEDIUM: command-line option -D must have precedence over "debug" From the beginning it has been said that -D must always be used on the command line from startup scripts so that haproxy does not accidentally stay in foreground when loaded from init script... Except that this has not been true for a long time now. The fix is easy and must be backported to 1.4 too which is affected.
2012-10-26 10:04:28 -04:00
global.mode |= (arg_mode & (MODE_DEBUG | MODE_FOREGROUND));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
BUG/MEDIUM: command-line option -D must have precedence over "debug" From the beginning it has been said that -D must always be used on the command line from startup scripts so that haproxy does not accidentally stay in foreground when loaded from init script... Except that this has not been true for a long time now. The fix is easy and must be backported to 1.4 too which is affected.
2012-10-26 10:04:28 -04:00
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (arg_mode & MODE_DAEMON) {
BUG/MEDIUM: command-line option -D must have precedence over "debug" From the beginning it has been said that -D must always be used on the command line from startup scripts so that haproxy does not accidentally stay in foreground when loaded from init script... Except that this has not been true for a long time now. The fix is easy and must be backported to 1.4 too which is affected.
2012-10-26 10:04:28 -04:00
/* command line daemon mode inhibits foreground and debug modes mode */
global.mode &= ~(MODE_DEBUG | MODE_FOREGROUND);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
global.mode |= arg_mode & MODE_DAEMON;
BUG/MEDIUM: command-line option -D must have precedence over "debug" From the beginning it has been said that -D must always be used on the command line from startup scripts so that haproxy does not accidentally stay in foreground when loaded from init script... Except that this has not been true for a long time now. The fix is easy and must be backported to 1.4 too which is affected.
2012-10-26 10:04:28 -04:00
}
global.mode |= (arg_mode & (MODE_QUIET | MODE_VERBOSE));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if ((global.mode & MODE_DEBUG) && (global.mode & (MODE_DAEMON | MODE_QUIET))) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("<debug> mode incompatible with <quiet> and <daemon>. Keeping <debug> only.\n");
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
global.mode &= ~(MODE_DAEMON | MODE_QUIET);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if ((global.nbproc > 1) && !(global.mode & (MODE_DAEMON | MODE_MWORKER))) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (!(global.mode & (MODE_FOREGROUND | MODE_DEBUG)))
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("<nbproc> is only meaningful in daemon mode or master-worker mode. Setting limit to 1 process.\n");
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.nbproc = 1;
}
if (global.nbproc < 1)
global.nbproc = 1;
MINOR: threads: Add nbthread parameter It is only parsed and initialized for now. It will be used later. This parameter is only available when support for threads was built in.
2017-08-29 09:37:10 -04:00
if (global.nbthread < 1)
global.nbthread = 1;
MEDIUM: chunks: Realloc trash buffers only after the config is parsed and checked Trash buffers are reallocated when "tune.bufsize" parameter is changed. Here, we just move the realloc after the configuration parsing. Given that the config parser doesn't rely on the trash size, it should be harmless.
2017-08-29 10:46:57 -04:00
/* Realloc trash buffers because global.tune.bufsize may have changed */
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
if (!init_trash_buffers(0)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("failed to initialize trash buffers.\n");
MEDIUM: chunks: Realloc trash buffers only after the config is parsed and checked Trash buffers are reallocated when "tune.bufsize" parameter is changed. Here, we just move the realloc after the configuration parsing. Given that the config parser doesn't rely on the trash size, it should be harmless.
2017-08-29 10:46:57 -04:00
exit(1);
}
BUG/MINOR: Allocate the log buffers before the proxies startup Since the commit cd7879adc ("BUG/MEDIUM: threads: Run the poll loop on the main thread too"), the log buffers are allocated after the proxies startup. So log messages produced during this startup was ignored. To fix the bug, we restore the initialization of these buffers before proxies startup. This is specific to threads, no backport is needed.
2017-11-14 16:02:30 -05:00
if (!init_log_buffers()) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("failed to initialize log buffers.\n");
BUG/MINOR: Allocate the log buffers before the proxies startup Since the commit cd7879adc ("BUG/MEDIUM: threads: Run the poll loop on the main thread too"), the log buffers are allocated after the proxies startup. So log messages produced during this startup was ignored. To fix the bug, we restore the initialization of these buffers before proxies startup. This is specific to threads, no backport is needed.
2017-11-14 16:02:30 -05:00
exit(1);
}
[MAJOR] auto-registering of pollers at load time Gcc provides __attribute__((constructor)) which is very convenient to execute functions at startup right before main(). All the pollers have been converted to have their register() function declared like this, so that it is not necessary anymore to call them from a centralized file.
2007-04-15 18:25:25 -04:00
/*
* Note: we could register external pollers here.
* Built-in pollers have been registered before main().
*/
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
if (!(global.tune.options & GTUNE_USE_KQUEUE))
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
disable_poller("kqueue");
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
if (!(global.tune.options & GTUNE_USE_EPOLL))
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
disable_poller("epoll");
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
if (!(global.tune.options & GTUNE_USE_POLL))
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
disable_poller("poll");
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
if (!(global.tune.options & GTUNE_USE_SELECT))
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
disable_poller("select");
/* Note: we could disable any poller by name here */
MINOR: filters: Print the list of existing filters during HA startup This is done in verbose/debug mode and when build options are reported.
2016-03-07 06:46:38 -05:00
if (global.mode & (MODE_VERBOSE|MODE_DEBUG)) {
[MAJOR] delay registering of listener sockets at startup Some pollers such as kqueue lose their FD across fork(), meaning that the registered file descriptors are lost too. Now when the proxies are started by start_proxies(), the file descriptors are not registered yet, leaving enough time for the fork() to take place and to get a new pollfd. It will be the first call to maintain_proxies that will register them.
2007-04-09 13:29:56 -04:00
list_pollers(stderr);
MINOR: filters: Print the list of existing filters during HA startup This is done in verbose/debug mode and when build options are reported.
2016-03-07 06:46:38 -05:00
fprintf(stderr, "\n");
list_filters(stderr);
}
[MAJOR] delay registering of listener sockets at startup Some pollers such as kqueue lose their FD across fork(), meaning that the registered file descriptors are lost too. Now when the proxies are started by start_proxies(), the file descriptors are not registered yet, leaving enough time for the fork() to take place and to get a new pollfd. It will be the first call to maintain_proxies that will register them.
2007-04-09 13:29:56 -04:00
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
if (!init_pollers()) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("No polling mechanism available.\n"
" It is likely that haproxy was built with TARGET=generic and that FD_SETSIZE\n"
" is too low on this platform to support maxconn and the number of listeners\n"
" and servers. You should rebuild haproxy specifying your system using TARGET=\n"
" in order to support other polling systems (poll, epoll, kqueue) or reduce the\n"
" global maxconn setting to accommodate the system's limitation. For reference,\n"
" FD_SETSIZE=%d on this system, global.maxconn=%d resulting in a maximum of\n"
" %d file descriptors. You should thus reduce global.maxconn by %d. Also,\n"
" check build settings using 'haproxy -vv'.\n\n",
FD_SETSIZE, global.maxconn, global.maxsock, (global.maxsock + 1 - FD_SETSIZE) / 2);
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
exit(1);
}
[MAJOR] delay registering of listener sockets at startup Some pollers such as kqueue lose their FD across fork(), meaning that the registered file descriptors are lost too. Now when the proxies are started by start_proxies(), the file descriptors are not registered yet, leaving enough time for the fork() to take place and to get a new pollfd. It will be the first call to maintain_proxies that will register them.
2007-04-09 13:29:56 -04:00
if (global.mode & (MODE_VERBOSE|MODE_DEBUG)) {
printf("Using %s() as the polling mechanism.\n", cur_poller.name);
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
}
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
if (!global.node)
global.node = strdup(hostname);
MINOR: lua: post initialisation bindings This system permits to execute some lua function after than HAProxy complete his initialisation. These functions are executed between the end of the configuration parsing and check and the begin of the scheduler.
2015-01-23 06:08:30 -05:00
if (!hlua_post_init())
exit(1);
MINOR: init: add 51Degrees initialisation code This creates a dataset using the file given in global._51d_data_file_path.
2015-05-12 11:23:58 -04:00
MEDIUM: init: use list_append_word in haproxy.c replace LIST_ADDQ with list_append_word
2016-05-13 17:52:55 -04:00
free(err_msg);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
static void deinit_acl_cond(struct acl_cond *cond)
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
{
struct acl_term_suite *suite, *suiteb;
struct acl_term *term, *termb;
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
if (!cond)
return;
list_for_each_entry_safe(suite, suiteb, &cond->suites, list) {
list_for_each_entry_safe(term, termb, &suite->terms, list) {
LIST_DEL(&term->list);
free(term);
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
}
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
LIST_DEL(&suite->list);
free(suite);
}
free(cond);
}
static void deinit_tcp_rules(struct list *rules)
{
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
struct act_rule *trule, *truleb;
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
list_for_each_entry_safe(trule, truleb, rules, list) {
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
LIST_DEL(&trule->list);
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
deinit_acl_cond(trule->cond);
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
free(trule);
}
}
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
static void deinit_stick_rules(struct list *rules)
{
struct sticking_rule *rule, *ruleb;
list_for_each_entry_safe(rule, ruleb, rules, list) {
LIST_DEL(&rule->list);
deinit_acl_cond(rule->cond);
REORG: sample: move code to release a sample expression in sample.c This code has been moved from haproxy.c to sample.c and the function release_sample_expr can now be called from anywhere to release a sample expression. This function will be used by the stream processing offload engine (SPOE).
2016-10-26 05:34:47 -04:00
release_sample_expr(rule->expr);
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
free(rule);
}
}
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
void deinit(void)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
struct proxy *p = proxies_list, *p0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
struct cap_hdr *h,*h_next;
struct server *s,*s_next;
struct listener *l,*l_next;
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
struct acl_cond *cond, *condb;
struct hdr_exp *exp, *expb;
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
struct acl *acl, *aclb;
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
struct switching_rule *rule, *ruleb;
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
struct server_rule *srule, *sruleb;
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
struct redirect_rule *rdr, *rdrb;
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
struct wordlist *wl, *wlb;
[MINOR] prepare req_*/rsp_* to receive a condition It will be very handy to be able to pass conditions to req_* and rsp_*. For now, we just add the pointer to the condition in the affected structs.
2010-01-28 12:10:50 -05:00
struct cond_wordlist *cwl, *cwlb;
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
struct uri_auth *uap, *ua = NULL;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
struct logsrv *log, *logb;
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
struct logformat_node *lf, *lfb;
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
struct bind_conf *bind_conf, *bind_back;
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
struct build_opts_str *bol, *bolb;
MINOR: haproxy: add a registration for post-deinit functions The 3 device detection engines stop at the same place in deinit() with the usual #ifdefs. Similar to the other functions we can have some late deinitialization functions. These functions do not return anything however so we have to use a different type.
2016-12-21 14:46:26 -05:00
struct post_deinit_fct *pdf;
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
int i;
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
deinit_signals();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
while (p) {
BUG/MINOR: config: use a copy of the file name in proxy configurations Each proxy contains a reference to the original config file and line number where it was declared. The pointer used is just a reference to the one passed to the function instead of being duplicated. The effect is that it is not valid anymore at the end of the parsing and that all proxies will be enumerated as coming from the same file on some late configuration errors. This may happen for exmaple when reporting SSL certificate issues. By copying using strdup(), we avoid this issue. 1.4 has the same issue, though no report of the proxy file name is done out of the config section. Anyway a backport is recommended to ease post-mortem analysis.
2012-10-04 02:01:43 -04:00
free(p->conf.file);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(p->id);
free(p->check_req);
free(p->cookie_name);
free(p->cookie_domain);
free(p->url_param_name);
free(p->capture_name);
free(p->monitor_uri);
[MINOR] Free rdp_cookie_name on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:08 -04:00
free(p->rdp_cookie_name);
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (p->conf.logformat_string != default_http_log_format &&
p->conf.logformat_string != default_tcp_log_format &&
p->conf.logformat_string != clf_http_log_format)
free(p->conf.logformat_string);
free(p->conf.lfs_file);
free(p->conf.uniqueid_format_string);
free(p->conf.uif_file);
BUG/MINOR: deinit: free server map which is allocated in init_server_map() Both static-rr and hash with type map-based call init_server_map() to allocate server map, so the server map should be freed while doing cleanup if one of the above load balance algorithms is used. Signed-off-by: Godbach <nylzhaowei@gmail.com> [wt: removed the unneeded "if" before the free]
2013-10-02 05:10:11 -04:00
free(p->lbprm.map.srv);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: logs: add a new RFC5424 log-format for the structured-data This patch adds a new RFC5424-specific log-format for the structured-data that is automatically send by __send_log() when the sender is in RFC5424 mode. A new statement "log-format-sd" should be used in order to set log-format for the structured-data part in RFC5424 formatted syslog messages. Example: log-format-sd [exampleSDID@1234\ bytes=\"%B\"\ status=\"%ST\"]
2015-09-25 13:17:44 -04:00
if (p->conf.logformat_sd_string != default_rfc5424_sd_log_format)
free(p->conf.logformat_sd_string);
free(p->conf.lfsd_file);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
for (i = 0; i < HTTP_ERR_SIZE; i++)
[MAJOR] struct chunk rework Add size to struct chunk and simplify the code as there is no longer required to pass sizeof in chunk_printf().
2009-09-27 07:23:20 -04:00
chunk_destroy(&p->errmsg[i]);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MINOR] prepare req_*/rsp_* to receive a condition It will be very handy to be able to pass conditions to req_* and rsp_*. For now, we just add the pointer to the condition in the affected structs.
2010-01-28 12:10:50 -05:00
list_for_each_entry_safe(cwl, cwlb, &p->req_add, list) {
LIST_DEL(&cwl->list);
free(cwl->s);
free(cwl);
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MINOR] prepare req_*/rsp_* to receive a condition It will be very handy to be able to pass conditions to req_* and rsp_*. For now, we just add the pointer to the condition in the affected structs.
2010-01-28 12:10:50 -05:00
list_for_each_entry_safe(cwl, cwlb, &p->rsp_add, list) {
LIST_DEL(&cwl->list);
free(cwl->s);
free(cwl);
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
}
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
list_for_each_entry_safe(cond, condb, &p->mon_fail_cond, list) {
LIST_DEL(&cond->list);
prune_acl_cond(cond);
free(cond);
}
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
for (exp = p->req_exp; exp != NULL; ) {
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
if (exp->preg) {
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
regex_free(exp->preg);
free(exp->preg);
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
}
MAJOR: config: remove the deprecated reqsetbe / reqisetbe actions These ones were already obsoleted in 1.4, marked for removal in 1.5, and not documented anymore. They used to emit warnings, and do still require quite some code to stay in place. Let's remove them now.
2015-05-26 06:18:29 -04:00
free((char *)exp->replace);
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
expb = exp;
exp = exp->next;
free(expb);
}
for (exp = p->rsp_exp; exp != NULL; ) {
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
if (exp->preg) {
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
regex_free(exp->preg);
free(exp->preg);
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
}
MAJOR: config: remove the deprecated reqsetbe / reqisetbe actions These ones were already obsoleted in 1.4, marked for removal in 1.5, and not documented anymore. They used to emit warnings, and do still require quite some code to stay in place. Let's remove them now.
2015-05-26 06:18:29 -04:00
free((char *)exp->replace);
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
expb = exp;
exp = exp->next;
free(expb);
}
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
/* build a list of unique uri_auths */
if (!ua)
ua = p->uri_auth;
else {
/* check if p->uri_auth is unique */
for (uap = ua; uap; uap=uap->next)
if (uap == p->uri_auth)
break;
[BUG] we could segfault during exit while freeing uri_auths The following config makes haproxy segfault on exit : defaults mode http balance roundrobin listen no-stats bind :8001 listen stats bind :8002 stats uri /stats The simple fix is to ensure that p->uri_auth is not NULL before dereferencing it.
2008-06-24 05:14:45 -04:00
if (!uap && p->uri_auth) {
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
/* add it, if it is */
p->uri_auth->next = ua;
ua = p->uri_auth;
}
}
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
list_for_each_entry_safe(acl, aclb, &p->acl, list) {
LIST_DEL(&acl->list);
prune_acl(acl);
free(acl);
}
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
list_for_each_entry_safe(srule, sruleb, &p->server_rules, list) {
LIST_DEL(&srule->list);
prune_acl_cond(srule->cond);
free(srule->cond);
free(srule);
}
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
list_for_each_entry_safe(rule, ruleb, &p->switching_rules, list) {
LIST_DEL(&rule->list);
MEDIUM: config: relax use_backend check to make the condition optional Since it became possible to use log-format expressions in use_backend, having a mandatory condition becomes annoying because configurations are full of "if TRUE". Let's relax the check to accept no condition like many other keywords (eg: redirect).
2014-04-22 19:21:56 -04:00
if (rule->cond) {
prune_acl_cond(rule->cond);
free(rule->cond);
MINOR: http/conf: store the use_backend configuration file and line for logs The error log of the directive use_backend doesn't provide the file and line containing the declaration. This patch stores theses informations.
2016-11-24 17:57:54 -05:00
free(rule->file);
MEDIUM: config: relax use_backend check to make the condition optional Since it became possible to use log-format expressions in use_backend, having a mandatory condition becomes annoying because configurations are full of "if TRUE". Let's relax the check to accept no condition like many other keywords (eg: redirect).
2014-04-22 19:21:56 -04:00
}
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
free(rule);
}
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
list_for_each_entry_safe(rdr, rdrb, &p->redirect_rules, list) {
LIST_DEL(&rdr->list);
[MINOR] redirect: add support for unconditional rules Sometimes it's useful to be able to specify an unconditional redirect rule without adding "if TRUE".
2010-01-03 14:03:03 -05:00
if (rdr->cond) {
prune_acl_cond(rdr->cond);
free(rdr->cond);
}
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
free(rdr->rdr_str);
MEDIUM: http: The redirect strings follows the log format rules. We handle "http-request redirect" with a log-format string now, but we leave "redirect" unaffected. Note that the control of the special "/" case is move from the runtime execution to the configuration parsing. If the format rule list is empty, the build_logline() function does nothing.
2013-11-29 06:15:45 -05:00
list_for_each_entry_safe(lf, lfb, &rdr->rdr_fmt, list) {
LIST_DEL(&lf->list);
free(lf);
}
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
free(rdr);
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
list_for_each_entry_safe(log, logb, &p->logsrvs, list) {
LIST_DEL(&log->list);
free(log);
}
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
list_for_each_entry_safe(lf, lfb, &p->logformat, list) {
LIST_DEL(&lf->list);
free(lf);
}
MEDIUM: logs: add a new RFC5424 log-format for the structured-data This patch adds a new RFC5424-specific log-format for the structured-data that is automatically send by __send_log() when the sender is in RFC5424 mode. A new statement "log-format-sd" should be used in order to set log-format for the structured-data part in RFC5424 formatted syslog messages. Example: log-format-sd [exampleSDID@1234\ bytes=\"%B\"\ status=\"%ST\"]
2015-09-25 13:17:44 -04:00
list_for_each_entry_safe(lf, lfb, &p->logformat_sd, list) {
LIST_DEL(&lf->list);
free(lf);
}
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
deinit_tcp_rules(&p->tcp_req.inspect_rules);
deinit_tcp_rules(&p->tcp_req.l4_rules);
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
deinit_stick_rules(&p->storersp_rules);
deinit_stick_rules(&p->sticking_rules);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
h = p->req_cap;
while (h) {
h_next = h->next;
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(h->name);
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_destroy(h->pool);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
free(h);
h = h_next;
}/* end while(h) */
h = p->rsp_cap;
while (h) {
h_next = h->next;
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(h->name);
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_destroy(h->pool);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
free(h);
h = h_next;
}/* end while(h) */
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
s = p->srv;
while (s) {
s_next = s->next;
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
REORG: server: move the check-specific parts into a check subsection The health checks in the servers are becoming a real mess, move them into their own subsection. We'll soon need to have a struct buffer to replace the char * as well as check-specific protocol and transport layers.
2012-09-28 09:01:02 -04:00
if (s->check.task) {
task_delete(s->check.task);
task_free(s->check.task);
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
}
MEDIUM: checks: Add supplementary agent checks Allow an auxiliary agent check to be run independently of the regular a regular health check. This is enabled by the agent-check server setting. The agent-port, which specifies the TCP port to use for the agent's connections, is required. The agent-inter, which specifies the interval between agent checks and timeout of agent checks, is optional. If not set the value for regular checks is used. e.g. server web1_1 127.0.0.1:80 check agent-port 10000 If either the health or agent check determines that a server is down then it is marked as being down, otherwise it is marked as being up. An agent health check performed by opening a TCP socket and reading an ASCII string. The string should have one of the following forms: * An ASCII representation of an positive integer percentage. e.g. "75%" Values in this format will set the weight proportional to the initial weight of a server as configured when haproxy starts. * The string "drain". This will cause the weight of a server to be set to 0, and thus it will not accept any new connections other than those that are accepted via persistence. * The string "down", optionally followed by a description string. Mark the server as down and log the description string as the reason. * The string "stopped", optionally followed by a description string. This currently has the same behaviour as "down". * The string "fail", optionally followed by a description string. This currently has the same behaviour as "down". Signed-off-by: Simon Horman <horms@verge.net.au>
2013-11-24 20:46:36 -05:00
if (s->agent.task) {
task_delete(s->agent.task);
task_free(s->agent.task);
}
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
BUG/MEDIUM: checks: fix slowstart behaviour when server tracking is in use Ludovic Levesque reported and diagnosed an annoying bug. When a server is configured to track another one and has a slowstart interval set, it's assigned a minimal weight when the tracked server goes back up but keeps this weight forever. This is because the throttling during the warmup phase is only computed in the health checking function. After several attempts to resolve the issue, the only real solution is to split the check processing task in two tasks, one for the checks and one for the warmup. Each server with a slowstart setting has a warmum task which is responsible for updating the server's weight after a down to up transition. The task does not run in othe situations. In the end, the fix is neither complex nor long and should be backported to 1.4 since the issue was detected there first.
2011-10-31 06:53:20 -04:00
if (s->warmup) {
task_delete(s->warmup);
task_free(s->warmup);
}
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(s->id);
free(s->cookie);
MEDIUM: checks: use real buffers to store requests and responses Till now the request was made in the trash and sent to the network at once, and the response was read into a preallocated char[]. Now we allocate a full buffer for both the request and the response, and make use of it. Some of the operations will probably be replaced later with buffer macros but the point was to ensure we could migrate to use the data layers soon. One nice improvement caused by this change is that requests are now formed at the beginning of the check and may safely be sent in multiple chunks if needed.
2012-09-28 09:28:30 -04:00
free(s->check.bi);
free(s->check.bo);
MEDIUM: checks: Add supplementary agent checks Allow an auxiliary agent check to be run independently of the regular a regular health check. This is enabled by the agent-check server setting. The agent-port, which specifies the TCP port to use for the agent's connections, is required. The agent-inter, which specifies the interval between agent checks and timeout of agent checks, is optional. If not set the value for regular checks is used. e.g. server web1_1 127.0.0.1:80 check agent-port 10000 If either the health or agent check determines that a server is down then it is marked as being down, otherwise it is marked as being up. An agent health check performed by opening a TCP socket and reading an ASCII string. The string should have one of the following forms: * An ASCII representation of an positive integer percentage. e.g. "75%" Values in this format will set the weight proportional to the initial weight of a server as configured when haproxy starts. * The string "drain". This will cause the weight of a server to be set to 0, and thus it will not accept any new connections other than those that are accepted via persistence. * The string "down", optionally followed by a description string. Mark the server as down and log the description string as the reason. * The string "stopped", optionally followed by a description string. This currently has the same behaviour as "down". * The string "fail", optionally followed by a description string. This currently has the same behaviour as "down". Signed-off-by: Simon Horman <horms@verge.net.au>
2013-11-24 20:46:36 -05:00
free(s->agent.bi);
free(s->agent.bo);
MINOR: check: add agent-send server parameter Causes HAProxy to emit a static string to the agent on every check, so that you can independently control multiple services running behind a single agent port.
2015-10-21 21:19:05 -04:00
free(s->agent.send_string);
MAJOR: dns: Refactor the DNS code This is a huge patch with many changes, all about the DNS. Initially, the idea was to update the DNS part to ease the threads support integration. But quickly, I started to refactor some parts. And after several iterations, it was impossible for me to commit the different parts atomically. So, instead of adding tens of patches, often reworking the same parts, it was easier to merge all my changes in a uniq patch. Here are all changes made on the DNS. First, the DNS initialization has been refactored. The DNS configuration parsing remains untouched, in cfgparse.c. But all checks have been moved in a post-check callback. In the function dns_finalize_config, for each resolvers, the nameservers configuration is tested and the task used to manage DNS resolutions is created. The links between the backend's servers and the resolvers are also created at this step. Here no connection are kept alive. So there is no needs anymore to reopen them after HAProxy fork. Connections used to send DNS queries will be opened on demand. Then, the way DNS requesters are linked to a DNS resolution has been reworked. The resolution used by a requester is now referenced into the dns_requester structure and the resolution pointers in server and dns_srvrq structures have been removed. wait and curr list of requesters, for a DNS resolution, have been replaced by a uniq list. And Finally, the way a requester is removed from a DNS resolution has been simplified. Now everything is done in dns_unlink_resolution. srv_set_fqdn function has been simplified. Now, there is only 1 way to set the server's FQDN, independently it is done by the CLI or when a SRV record is resolved. The static DNS resolutions pool has been replaced by a dynamoc pool. The part has been modified by Baptiste Assmann. The way the DNS resolutions are triggered by the task or by a health-check has been totally refactored. Now, all timeouts are respected. Especially hold.valid. The default frequency to wake up a resolvers is now configurable using "timeout resolve" parameter. Now, as documented, as long as invalid repsonses are received, we really wait all name servers responses before retrying. As far as possible, resources allocated during DNS configuration parsing are releases when HAProxy is shutdown. Beside all these changes, the code has been cleaned to ease code review and the doc has been updated.
2017-09-27 05:00:59 -04:00
free(s->hostname_dn);
MINOR: deinit: fix memory leak deinit() did not free the conf.file member of server objects.
2014-09-05 04:08:23 -04:00
free((char*)s->conf.file);
MINOR: ssl_sock: implement and use prepare_srv()/destroy_srv() Now we can simply check the transport layer at run time and decide whether or not to initialize or destroy these entries. This removes other ifdefs and includes from cfgparse.c, haproxy.c and hlua.c.
2016-12-22 15:16:08 -05:00
if (s->use_ssl || s->check.use_ssl) {
if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->destroy_srv)
xprt_get(XPRT_SSL)->destroy_srv(s);
}
BUILD: threads: Rename SPIN/RWLOCK macros using HA_ prefix This remove any name conflicts, especially on Solaris.
2017-11-07 04:42:54 -05:00
HA_SPIN_DESTROY(&s->lock);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
free(s);
s = s_next;
}/* end while(s) */
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
list_for_each_entry_safe(l, l_next, &p->conf.listeners, by_fe) {
MINOR: proxy: Don't close FDs if not our proxy. When running with multiple process, if some proxies are just assigned to some processes, the other processes will just close the file descriptors for the listening sockets. However, we may still have to provide those sockets when reloading, so instead we just try hard to pretend those proxies are dead, while keeping the sockets opened. A new global option, no-reused-socket", has been added, to restore the old behavior of closing the sockets not bound to this process.
2017-04-05 19:05:05 -04:00
/*
* Zombie proxy, the listener just pretend to be up
* because they still hold an opened fd.
* Close it and give the listener its real state.
*/
if (p->state == PR_STSTOPPED && l->state >= LI_ZOMBIE) {
close(l->fd);
l->state = LI_INIT;
}
[BUG] deinit: unbind listeners before freeing them In deinit(), it is possible that we first free the listeners, then unbind them all. Right now this situation can't happen because the only way to call deinit() is to pass via a soft-stop which will already unbind all protocols. But later this might become a problem.
2010-09-03 04:38:17 -04:00
unbind_listener(l);
delete_listener(l);
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
LIST_DEL(&l->by_fe);
LIST_DEL(&l->by_bind);
[BUG] cfgparse memory leak and missing free calls in deinit() Thich patch fixes cfgparser not to leak memory on each default server statement and adds several missing free calls in deinit(): - free(l->name) - free(l->counters) - free(p->desc); - free(p->fwdfor_hdr_name); None of them are critical, hopefully.
2010-02-05 14:31:44 -05:00
free(l->name);
free(l->counters);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
free(l);
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
}
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
/* Release unused SSL configs. */
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
list_for_each_entry_safe(bind_conf, bind_back, &p->conf.bind, by_fe) {
MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf() Instead of hard-coding all SSL destruction in cfgparse.c and haproxy.c, we now register this new function as the transport layer's destroy_bind_conf() and call it only when defined. This removes some non-obvious SSL-specific code and #ifdefs from cfgparse.c and haproxy.c
2016-12-22 11:30:54 -05:00
if (bind_conf->xprt->destroy_bind_conf)
bind_conf->xprt->destroy_bind_conf(bind_conf);
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
free(bind_conf->file);
free(bind_conf->arg);
LIST_DEL(&bind_conf->by_fe);
free(bind_conf);
}
MEDIUM: config: centralize handling of SSL config per bind line SSL config holds many parameters which are per bind line and not per listener. Let's use a per-bind line config instead of having it replicated for each listener. At the moment we only do this for the SSL part but this should probably evolved to handle more of the configuration and maybe even the state per bind line.
2012-09-07 10:58:00 -04:00
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
flt_deinit(p);
[BUG] cfgparse memory leak and missing free calls in deinit() Thich patch fixes cfgparser not to leak memory on each default server statement and adds several missing free calls in deinit(): - free(l->name) - free(l->counters) - free(p->desc); - free(p->fwdfor_hdr_name); None of them are critical, hopefully.
2010-02-05 14:31:44 -05:00
free(p->desc);
free(p->fwdfor_hdr_name);
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
free_http_req_rules(&p->http_req_rules);
MEDIUM: http: add actions "replace-header" and "replace-values" in http-req/resp This patch adds two new actions to http-request and http-response rulesets : - replace-header : replace a whole header line, suited for headers which might contain commas - replace-value : replace a single header value, suited for headers defined as lists. The match consists in a regex, and the replacement string takes a log-format and supports back-references.
2014-06-16 14:05:59 -04:00
free_http_res_rules(&p->http_res_rules);
BUG/MEDIUM: deinit: correctly deinitialize the proxy and global listener tasks While using mmap() to allocate pools for debugging purposes, kill -USR1 caused libc aborts in deinit() on two calls to free() on proxies' tasks and the global listener task. The issue comes from the fact that we're using free() to release a task instead of task_free(), so the task was allocated from a pool and released using a different method. This bug has been there since at least 1.5, so a backport is desirable to all maintained versions.
2017-11-22 10:53:53 -05:00
task_free(p->task);
[MINOR] http-request: allow/deny/auth support for frontend/backend/listen Use the generic auth framework to control access to frontends/backends/listens
2010-01-29 11:58:21 -05:00
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_destroy(p->req_cap_pool);
pool_destroy(p->rsp_cap_pool);
pool_destroy(p->table.pool);
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
[MAJOR] call garbage collector when doing soft stop When we're interrupted by another instance, it is very likely that the other one will need some memory. Now we know how to free what is not used, so let's do it. Also only free non-null pointers. Previously, pool_destroy() did implicitly check for this case which was incidentely needed.
2007-05-13 18:39:29 -04:00
p0 = p;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
p = p->next;
BUILD: threads: Rename SPIN/RWLOCK macros using HA_ prefix This remove any name conflicts, especially on Solaris.
2017-11-07 04:42:54 -05:00
HA_SPIN_DESTROY(&p0->lbprm.lock);
HA_SPIN_DESTROY(&p0->lock);
[MAJOR] call garbage collector when doing soft stop When we're interrupted by another instance, it is very likely that the other one will need some memory. Now we know how to free what is not used, so let's do it. Also only free non-null pointers. Previously, pool_destroy() did implicitly check for this case which was incidentely needed.
2007-05-13 18:39:29 -04:00
free(p0);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}/* end while(p) */
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
while (ua) {
uap = ua;
ua = ua->next;
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(uap->uri_prefix);
free(uap->auth_realm);
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
free(uap->node);
free(uap->desc);
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
userlist_free(uap->userlist);
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
free_http_req_rules(&uap->http_req_rules);
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
free(uap);
}
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
userlist_free(userlist);
BUG/MEDIUM: main: Freeing a bunch of static pointers static_table_key, get_http_auth_buff and swap_buffer static variables are now freed during deinit and the two previously new functions are called as well. In addition, the 'trash' string buffer is cleared.
2015-09-25 07:02:25 -04:00
cfg_unregister_sections();
MINOR: logs: Use dedicated function to init/deinit log buffers Now, we use init_log_buffers and deinit_log_buffers to, respectively, initialize and deinitialize log buffers used for syslog messages. These functions have been introduced to be used by threads, to deal with thread-local log buffers.
2017-07-26 09:33:35 -04:00
deinit_log_buffers();
MINOR: chunks: Use dedicated function to init/deinit trash buffers Now, we use init_trash_buffers and deinit_trash_buffers to, respectively, initialize and deinitialize trash buffers (trash, trash_buf1 and trash_buf2). These functions have been introduced to be used by threads, to deal with thread-local trash buffers.
2017-07-26 08:59:46 -04:00
deinit_trash_buffers();
BUG/MEDIUM: main: Freeing a bunch of static pointers static_table_key, get_http_auth_buff and swap_buffer static variables are now freed during deinit and the two previously new functions are called as well. In addition, the 'trash' string buffer is cleared.
2015-09-25 07:02:25 -04:00
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
protocol_unbind_all();
MINOR: haproxy: add a registration for post-deinit functions The 3 device detection engines stop at the same place in deinit() with the usual #ifdefs. Similar to the other functions we can have some late deinitialization functions. These functions do not return anything however so we have to use a different type.
2016-12-21 14:46:26 -05:00
list_for_each_entry(pdf, &post_deinit_list, list)
pdf->fct();
[MINOR] log: add support for passing the forwarded hostname Haproxy does not include the hostname rather the IP of the machine in the syslog headers it sends. Unfortunately this means that for each log line rsyslog does a reverse dns on the client IP and in the case of non-routable IPs one gets the public hostname not the internal one. While this is valid according to RFC3164 as one might imagine this is troublsome if you have some machines with public IPs, internal IPs, no reverse DNS entries, etc and you want a standardized hostname based log directory structure. The rfc says the preferred value is the hostname. This patch adds a global "log-send-hostname" statement which accepts an optional string to force the host name. If unset, the local host name is used.
2010-12-29 11:05:48 -05:00
free(global.log_send_hostname); global.log_send_hostname = NULL;
BUG/MEDIUM: logs: segfault writing to log from Lua Michael Ezzell reported a bug causing haproxy to segfault during startup when trying to send syslog message from Lua. The function __send_log() can be called with *p that is NULL and/or when the configuration is not fully parsed, as is the case with Lua. This patch fixes this problem by using individual vectors instead of the pre-generated strings log_htp and log_htp_rfc5424. Also, this patch fixes a problem causing haproxy to write the wrong pid in the logs -- the log_htp(_rfc5424) strings were generated at the haproxy start, but "pid" value would be changed after haproxy is started in daemon/systemd mode.
2015-10-01 07:18:13 -04:00
chunk_destroy(&global.log_tag);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(global.chroot); global.chroot = NULL;
free(global.pidfile); global.pidfile = NULL;
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
free(global.node); global.node = NULL;
free(global.desc); global.desc = NULL;
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(oldpids); oldpids = NULL;
BUG/MEDIUM: deinit: correctly deinitialize the proxy and global listener tasks While using mmap() to allocate pools for debugging purposes, kill -USR1 caused libc aborts in deinit() on two calls to free() on proxies' tasks and the global listener task. The issue comes from the fact that we're using free() to release a task instead of task_free(), so the task was allocated from a pool and released using a different method. This bug has been there since at least 1.5, so a backport is desirable to all maintained versions.
2017-11-22 10:53:53 -05:00
task_free(global_listener_queue_task); global_listener_queue_task = NULL;
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
list_for_each_entry_safe(log, logb, &global.logsrvs, list) {
LIST_DEL(&log->list);
free(log);
}
[MEDIUM] config: remove the limitation of 10 config files Now we use a linked list, there is no limit anymore.
2010-01-03 15:12:30 -05:00
list_for_each_entry_safe(wl, wlb, &cfg_cfgfiles, list) {
MEDIUM: init: use list_append_word in haproxy.c replace LIST_ADDQ with list_append_word
2016-05-13 17:52:55 -04:00
free(wl->s);
[MEDIUM] config: remove the limitation of 10 config files Now we use a linked list, there is no limit anymore.
2010-01-03 15:12:30 -05:00
LIST_DEL(&wl->list);
free(wl);
}
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
list_for_each_entry_safe(bol, bolb, &build_opts_list, list) {
if (bol->must_free)
free((void *)bol->str);
LIST_DEL(&bol->list);
free(bol);
}
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
vars_prune(&global.vars, NULL, NULL);
MINOR: buffers: Move swap_buffer into buffer.c and add deinit_buffer function swap_buffer is a global variable only used by buffer_slow_realign. So it has been moved from global.h to buffer.c and it is allocated by init_buffer function. deinit_buffer function has been added to release it. It is also used to destroy the buffers' pool.
2017-08-29 09:30:11 -04:00
deinit_buffer();
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_destroy(pool_head_stream);
pool_destroy(pool_head_session);
pool_destroy(pool_head_connection);
pool_destroy(pool_head_connstream);
pool_destroy(pool_head_requri);
pool_destroy(pool_head_task);
pool_destroy(pool_head_capture);
pool_destroy(pool_head_pendconn);
pool_destroy(pool_head_sig_handlers);
pool_destroy(pool_head_hdr_idx);
pool_destroy(pool_head_http_txn);
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
deinit_pollers();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} /* end deinit() */
MAJOR: threads/fd: Make fd stuffs thread-safe Many changes have been made to do so. First, the fd_updt array, where all pending FDs for polling are stored, is now a thread-local array. Then 3 locks have been added to protect, respectively, the fdtab array, the fd_cache array and poll information. In addition, a lock for each entry in the fdtab array has been added to protect all accesses to a specific FD or its information. For pollers, according to the poller, the way to manage the concurrency is different. There is a poller loop on each thread. So the set of monitored FDs may need to be protected. epoll and kqueue are thread-safe per-se, so there few things to do to protect these pollers. This is not possible with select and poll, so there is no sharing between the threads. The poller on each thread is independant from others. Finally, per-thread init/deinit functions are used for each pollers and for FD part for manage thread-local ressources. Now, you must be carefull when a FD is created during the HAProxy startup. All update on the FD state must be made in the threads context and never before their creation. This is mandatory because fd_updt array is thread-local and initialized only for threads. Because there is no pollers for the main one, this array remains uninitialized in this context. For this reason, listeners are now enabled in run_thread_poll_loop function, just like the worker pipe.
2017-05-29 04:40:41 -04:00
void mworker_pipe_handler(int fd)
{
char c;
while (read(fd, &c, 1) == -1) {
if (errno == EINTR)
continue;
if (errno == EAGAIN) {
fd_cant_recv(fd);
return;
}
break;
}
deinit();
exit(EXIT_FAILURE);
return;
}
void mworker_pipe_register(int pipefd[2])
{
close(mworker_pipe[1]); /* close the write end of the master pipe in the children */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MAJOR: threads/fd: Make fd stuffs thread-safe Many changes have been made to do so. First, the fd_updt array, where all pending FDs for polling are stored, is now a thread-local array. Then 3 locks have been added to protect, respectively, the fdtab array, the fd_cache array and poll information. In addition, a lock for each entry in the fdtab array has been added to protect all accesses to a specific FD or its information. For pollers, according to the poller, the way to manage the concurrency is different. There is a poller loop on each thread. So the set of monitored FDs may need to be protected. epoll and kqueue are thread-safe per-se, so there few things to do to protect these pollers. This is not possible with select and poll, so there is no sharing between the threads. The poller on each thread is independant from others. Finally, per-thread init/deinit functions are used for each pollers and for FD part for manage thread-local ressources. Now, you must be carefull when a FD is created during the HAProxy startup. All update on the FD state must be made in the threads context and never before their creation. This is mandatory because fd_updt array is thread-local and initialized only for threads. Because there is no pollers for the main one, this array remains uninitialized in this context. For this reason, listeners are now enabled in run_thread_poll_loop function, just like the worker pipe.
2017-05-29 04:40:41 -04:00
fcntl(mworker_pipe[0], F_SETFL, O_NONBLOCK);
fdtab[mworker_pipe[0]].owner = mworker_pipe;
fdtab[mworker_pipe[0]].iocb = mworker_pipe_handler;
MEDIUM: threads/fd: Initialize the process mask during the call to fd_insert Listeners will allow any threads to process the corresponding fd. But for other FDs, we limit the processing to the current thread.
2017-05-30 05:07:16 -04:00
fd_insert(mworker_pipe[0], MAX_THREADS_MASK);
MAJOR: threads/fd: Make fd stuffs thread-safe Many changes have been made to do so. First, the fd_updt array, where all pending FDs for polling are stored, is now a thread-local array. Then 3 locks have been added to protect, respectively, the fdtab array, the fd_cache array and poll information. In addition, a lock for each entry in the fdtab array has been added to protect all accesses to a specific FD or its information. For pollers, according to the poller, the way to manage the concurrency is different. There is a poller loop on each thread. So the set of monitored FDs may need to be protected. epoll and kqueue are thread-safe per-se, so there few things to do to protect these pollers. This is not possible with select and poll, so there is no sharing between the threads. The poller on each thread is independant from others. Finally, per-thread init/deinit functions are used for each pollers and for FD part for manage thread-local ressources. Now, you must be carefull when a FD is created during the HAProxy startup. All update on the FD state must be made in the threads context and never before their creation. This is mandatory because fd_updt array is thread-local and initialized only for threads. Because there is no pollers for the main one, this array remains uninitialized in this context. For this reason, listeners are now enabled in run_thread_poll_loop function, just like the worker pipe.
2017-05-29 04:40:41 -04:00
fd_want_recv(mworker_pipe[0]);
}
MINOR: threads: Define the sync-point inside run_poll_loop The function sync_poll_loop is called at the end of each loop inside run_poll_loop function. It is a protected area where all threads have a chance to execute tricky tasks with the warranty that no concurrent access is possible. Of course, it comes with a cost because all threads must be syncrhonized. So changes must be uncommon.
2017-10-19 05:59:44 -04:00
static void sync_poll_loop()
{
if (THREAD_NO_SYNC())
return;
THREAD_ENTER_SYNC();
if (!THREAD_NEED_SYNC())
goto exit;
/* *** { */
/* Put here all sync functions */
MINOR: threads/server: Add a lock to deal with insert in updates_servers list This list is used to save changes on the servers state. So when serveral threads are used, it must be locked. The changes are then applied in the sync-point. To do so, servers_update_status has be moved in the sync-point. So this is useless to lock it at this step because the sync-point is a protected area by iteself.
2017-10-16 06:00:40 -04:00
servers_update_status(); /* Commit server status changes */
MINOR: threads: Define the sync-point inside run_poll_loop The function sync_poll_loop is called at the end of each loop inside run_poll_loop function. It is a protected area where all threads have a chance to execute tricky tasks with the warranty that no concurrent access is possible. Of course, it comes with a cost because all threads must be syncrhonized. So changes must be uncommon.
2017-10-19 05:59:44 -04:00
/* *** } */
exit:
THREAD_EXIT_SYNC();
}
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
/* Runs the polling loop */
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void run_poll_loop()
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
{
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
int next;
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
[MEDIUM] further improve monotonic clock by check forward jumps The first implementation of the monotonic clock did not verify forward jumps. The consequence is that a fast changing time may expire a lot of tasks. While it does seem minor, in fact it is problematic because most machines which boot with a wrong date are in the past and suddenly see their time jump by several years in the future. The solution is to check if we spent more apparent time in a poller than allowed (with a margin applied). The margin is currently set to 1000 ms. It should be large enough for any poll() to complete. Tests with randomly jumping clock show that the result is quite accurate (error less than 1 second at every change of more than one second).
2008-06-23 08:00:57 -04:00
tv_update_date(0,1);
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
while (1) {
MAJOR: poll: only rely on wake_expired_tasks() to compute the wait delay Actually, HAProxy uses the function "process_runnable_tasks" and "wake_expired_tasks" to get the next task which can expires. If a task is added with "task_schedule" or other method during the execution of an other task, the expiration of this new task is not taken into account, and the execution of this task can be too late. Actualy, HAProxy seems to be no sensitive to this bug. This fix moves the call to process_runnable_tasks() before the timeout calculation and ensures that all wakeups are processed together. Only wake_expired_tasks() needs to return a timeout now.
2014-12-15 07:26:01 -05:00
/* Process a few tasks */
process_runnable_tasks();
[MEDIUM] call signal_process_queue from run_poll_loop Now we check for asynchronous pending signals. There's no user yet so this cannot cause any trouble.
2009-05-10 03:01:21 -04:00
/* check if we caught some signals and process them */
signal_process_queue();
[MAJOR] use an ebtree instead of a list for the run queue We now insert tasks in a certain sequence in the run queue. The sorting key currently is the arrival order. It will now be possible to apply a "nice" value to any task so that it goes forwards or backwards in the run queue. The calls to wake_expired_tasks() and maintain_proxies() have been moved to the main run_poll_loop(), because they had nothing to do in process_runnable_tasks(). The task_wakeup() function is not inlined anymore, as it was only used at one place. The qlist member of the task structure has been removed now. The run_queue list has been replaced for an integer indicating the number of tasks in the run queue.
2008-06-29 16:40:23 -04:00
/* Check if we can expire some tasks */
MAJOR: poll: only rely on wake_expired_tasks() to compute the wait delay Actually, HAProxy uses the function "process_runnable_tasks" and "wake_expired_tasks" to get the next task which can expires. If a task is added with "task_schedule" or other method during the execution of an other task, the expiration of this new task is not taken into account, and the execution of this task can be too late. Actualy, HAProxy seems to be no sensitive to this bug. This fix moves the call to process_runnable_tasks() before the timeout calculation and ensures that all wakeups are processed together. Only wake_expired_tasks() needs to return a timeout now.
2014-12-15 07:26:01 -05:00
next = wake_expired_tasks();
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
[MINOR] support a global jobs counter This counter is incremented for each incoming connection and each active listener, and is used to prevent haproxy from stopping upon SIGUSR1. It will thus be possible for some tasks in increment this counter in order to prevent haproxy from dying until they have completed their job.
2010-08-31 09:39:26 -04:00
/* stop when there's nothing left to do */
if (jobs == 0)
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
break;
CLEANUP: poll: move the conditions for waiting out of the poll functions The poll() functions have become a bit dirty because they now check the size of the signal queue, the FD cache and the number of tasks. It's not their job, this must be moved to the caller. In the end it simplifies the code because the expiration date is now set to now_ms if we must not wait, and this achieves in exactly the same result and is cleaner. The change looks large due to the change of indent for blocks which were inside an "if" block.
2015-04-13 14:44:19 -04:00
/* expire immediately if events are pending */
MAJOR: polling: Use active_appels_mask instead of applets_active_queue applets_active_queue is the active queue size. It is a global variable. So it is underoptimized because we may be lead to consider there are active applets for a thread while in fact all active applets are assigned to the otherthreads. So, in such cases, the polling loop will be evaluated many more times than necessary. Instead, we now check if the thread id is set in the bitfield active_applets_mask. This is specific to threads, no backport is needed.
2017-11-14 05:30:47 -05:00
if (fd_cache_num || (active_tasks_mask & tid_bit) || signal_queue_len || (active_applets_mask & tid_bit))
CLEANUP: poll: move the conditions for waiting out of the poll functions The poll() functions have become a bit dirty because they now check the size of the signal queue, the FD cache and the number of tasks. It's not their job, this must be moved to the caller. In the end it simplifies the code because the expiration date is now set to now_ms if we must not wait, and this achieves in exactly the same result and is cleaner. The change looks large due to the change of indent for blocks which were inside an "if" block.
2015-04-13 14:44:19 -04:00
next = now_ms;
[MAJOR] use an ebtree instead of a list for the run queue We now insert tasks in a certain sequence in the run queue. The sorting key currently is the arrival order. It will now be possible to apply a "nice" value to any task so that it goes forwards or backwards in the run queue. The calls to wake_expired_tasks() and maintain_proxies() have been moved to the main run_poll_loop(), because they had nothing to do in process_runnable_tasks(). The task_wakeup() function is not inlined anymore, as it was only used at one place. The qlist member of the task structure has been removed now. The run_queue list has been replaced for an integer indicating the number of tasks in the run queue.
2008-06-29 16:40:23 -04:00
/* The poller will ensure it returns around <next> */
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
cur_poller.poll(&cur_poller, next);
REORG: polling: rename "fd_process_spec_events()" to "fd_process_cached_events()" This is in order to be coherent with the rest.
2014-01-25 13:24:15 -05:00
fd_process_cached_events();
MEDIUM: applet: implement a run queue for active appctx The new function is called for each round of polling in order to call any active appctx. For now we pick the stream interface from the appctx's owner. At the moment there's no appctx queued yet, but we have everything needed to queue them and remove them.
2015-04-19 03:59:31 -04:00
applet_run_active();
MAJOR: servers: propagate server status changes asynchronously. In order to prepare multi-thread development, code was re-worked to propagate changes asynchronoulsy. Servers with pending status changes are registered in a list and this one is processed and emptied only once 'run poll' loop. Operational status changes are performed before administrative status changes. In a case of multiple operational status change or admin status change in the same 'run poll' loop iteration, those changes are merged to reach only the targeted status.
2017-10-03 08:46:45 -04:00
MINOR: threads: Define the sync-point inside run_poll_loop The function sync_poll_loop is called at the end of each loop inside run_poll_loop function. It is a protected area where all threads have a chance to execute tricky tasks with the warranty that no concurrent access is possible. Of course, it comes with a cost because all threads must be syncrhonized. So changes must be uncommon.
2017-10-19 05:59:44 -04:00
/* Synchronize all polling loops */
sync_poll_loop();
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
}
}
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
static void *run_thread_poll_loop(void *data)
{
struct per_thread_init_fct *ptif;
struct per_thread_deinit_fct *ptdf;
tid = *((unsigned int *)data);
tid_bit = (1UL << tid);
tv_update_date(-1,-1);
list_for_each_entry(ptif, &per_thread_init_list, list) {
if (!ptif->fct()) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("failed to initialize thread %u.\n", tid);
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
exit(1);
}
}
MAJOR: threads/fd: Make fd stuffs thread-safe Many changes have been made to do so. First, the fd_updt array, where all pending FDs for polling are stored, is now a thread-local array. Then 3 locks have been added to protect, respectively, the fdtab array, the fd_cache array and poll information. In addition, a lock for each entry in the fdtab array has been added to protect all accesses to a specific FD or its information. For pollers, according to the poller, the way to manage the concurrency is different. There is a poller loop on each thread. So the set of monitored FDs may need to be protected. epoll and kqueue are thread-safe per-se, so there few things to do to protect these pollers. This is not possible with select and poll, so there is no sharing between the threads. The poller on each thread is independant from others. Finally, per-thread init/deinit functions are used for each pollers and for FD part for manage thread-local ressources. Now, you must be carefull when a FD is created during the HAProxy startup. All update on the FD state must be made in the threads context and never before their creation. This is mandatory because fd_updt array is thread-local and initialized only for threads. Because there is no pollers for the main one, this array remains uninitialized in this context. For this reason, listeners are now enabled in run_thread_poll_loop function, just like the worker pipe.
2017-05-29 04:40:41 -04:00
if (global.mode & MODE_MWORKER)
mworker_pipe_register(mworker_pipe);
protocol_enable_all();
MINOR: threads: Define the sync-point inside run_poll_loop The function sync_poll_loop is called at the end of each loop inside run_poll_loop function. It is a protected area where all threads have a chance to execute tricky tasks with the warranty that no concurrent access is possible. Of course, it comes with a cost because all threads must be syncrhonized. So changes must be uncommon.
2017-10-19 05:59:44 -04:00
THREAD_SYNC_ENABLE();
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
run_poll_loop();
list_for_each_entry(ptdf, &per_thread_deinit_list, list)
ptdf->fct();
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
#ifdef USE_THREAD
if (tid > 0)
pthread_exit(NULL);
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
#endif
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
return NULL;
}
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
[MEDIUM] listeners: add a global listener management task This global task is used to periodically check for end of resource shortage and to try to enable queued listeners again. This is important in case some temporary system-wide shortage is encountered, so that we don't have to wait for an existing connection to be released before checking the queue again. For situations where listeners are queued due to the global maxconn being reached, the task is woken up at least every second. For situations where a system resource shortage is detected (memory, sockets, ...) the task is woken up at least every 100 ms. That way, recovery from severe events can still be achieved under acceptable conditions.
2011-08-01 14:57:55 -04:00
/* This is the global management task for listeners. It enables listeners waiting
* for global resources when there are enough free resource, or at least once in
* a while. It is designed to be called as a task.
*/
static struct task *manage_global_listener_queue(struct task *t)
{
int next = TICK_ETERNITY;
/* queue is empty, nothing to do */
if (LIST_ISEMPTY(&global_listener_queue))
goto out;
/* If there are still too many concurrent connections, let's wait for
* some of them to go away. We don't need to re-arm the timer because
* each of them will scan the queue anyway.
*/
if (unlikely(actconn >= global.maxconn))
goto out;
/* We should periodically try to enable listeners waiting for a global
* resource here, because it is possible, though very unlikely, that
* they have been blocked by a temporary lack of global resource such
* as a file descriptor or memory and that the temporary condition has
* disappeared.
*/
[CLEANUP] remove a useless test in manage_global_listener_queue() The test for the empty list was done twice.
2011-09-07 08:26:33 -04:00
dequeue_all_listeners(&global_listener_queue);
[MEDIUM] listeners: add a global listener management task This global task is used to periodically check for end of resource shortage and to try to enable queued listeners again. This is important in case some temporary system-wide shortage is encountered, so that we don't have to wait for an existing connection to be released before checking the queue again. For situations where listeners are queued due to the global maxconn being reached, the task is woken up at least every second. For situations where a system resource shortage is detected (memory, sockets, ...) the task is woken up at least every 100 ms. That way, recovery from severe events can still be achieved under acceptable conditions.
2011-08-01 14:57:55 -04:00
out:
t->expire = next;
task_queue(t);
return t;
}
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
int main(int argc, char **argv)
{
int err, retry;
struct rlimit limit;
[MEDIUM] Enhance message errors management on binds
2010-10-22 10:06:11 -04:00
char errmsg[100];
BUG/MEDIUM: workaround an eglibc bug which truncates the pidfiles when nbproc > 1 Thomas Heil reported that when using nbproc > 1, his pidfiles were regularly truncated. The issue could be tracked down to the presence of a call to lseek(pidfile, 0, SEEK_SET) just before the close() call in the children, resulting in the file being truncated by the children while the parent was feeding it. This unexpected lseek() is transparently performed by fclose(). Since there is no way to have the file automatically closed during the fork, the only solution is to bypass the libc and use open/write/close instead of fprintf() and fclose(). The issue was observed on eglibc 2.15.
2012-09-05 02:02:48 -04:00
int pidfd = -1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] Enhance message errors management on binds
2010-10-22 10:06:11 -04:00
init(argc, argv);
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
signal_register_fct(SIGQUIT, dump, SIGQUIT);
signal_register_fct(SIGUSR1, sig_soft_stop, SIGUSR1);
signal_register_fct(SIGHUP, sig_dump_state, SIGHUP);
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
signal_register_fct(SIGUSR2, NULL, 0);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[BUG] init: unconditionally catch SIGPIPE Apparently some systems define MSG_NOSIGNAL but do not necessarily check it (or maybe binaries are built somewhere and used on older versions). There were reports of very recent FreeBSD setups causing SIGPIPEs, while older ones catch the signal. Recent FreeBSD manpages indeed define MSG_NOSIGNAL. So let's now unconditionnaly catch the signal. It's useless not to do it for the rare cases where it's not needed (linux 2.4 and below).
2010-03-17 13:02:46 -04:00
/* Always catch SIGPIPE even on platforms which define MSG_NOSIGNAL.
* Some recent FreeBSD setups report broken pipes, and MSG_NOSIGNAL
* was defined there, so let's stay on the safe side.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
signal_register_fct(SIGPIPE, NULL, 0);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
/* ulimits */
if (!global.rlimit_nofile)
global.rlimit_nofile = global.maxsock;
if (global.rlimit_nofile) {
limit.rlim_cur = limit.rlim_max = global.rlimit_nofile;
if (setrlimit(RLIMIT_NOFILE, &limit) == -1) {
BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual limits global.rlimit_nofile contains the mxa number of file descriptors that can be allocated, except if the user is not allowed to reach this limit, where it still contains the initially requested value. It is important that this value always matches what is really configured so that it is properly reported in the stats and that we can use it later to close all FDs without wasting time closing impossible FDs. This fix may be backported to 1.6 and 1.5.
2016-06-21 05:48:18 -04:00
/* try to set it to the max possible at least */
getrlimit(RLIMIT_NOFILE, &limit);
BUG/MINOR: init: ensure that FD limit is raised to the max allowed When the requested amount of FDs cannot be allocated, setrlimit() fails. That's bad because if the limit is set to 1024 and we need 10000, we stay on 1024 while we could possibly raise it to 4096 thanks to rlim_max. This patch takes care of trying to assign rlim_cur to rlim_max on failure so that we get as much as possible if we can't get all we need. The case is particularly visible when starting haproxy as a non-privileged user and a large maxconn is specified in the configuration. Another point of doing this is that it is the only way to allow us to close inherited FDs upon fork(), ie those between rlim_cur and rlim_max. This patch may be backported to 1.6 and 1.5.
2016-06-21 05:51:59 -04:00
limit.rlim_cur = limit.rlim_max;
if (setrlimit(RLIMIT_NOFILE, &limit) != -1)
getrlimit(RLIMIT_NOFILE, &limit);
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] Cannot raise FD limit to %d, limit is %d.\n", argv[0], global.rlimit_nofile, (int)limit.rlim_cur);
BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual limits global.rlimit_nofile contains the mxa number of file descriptors that can be allocated, except if the user is not allowed to reach this limit, where it still contains the initially requested value. It is important that this value always matches what is really configured so that it is properly reported in the stats and that we can use it later to close all FDs without wasting time closing impossible FDs. This fix may be backported to 1.6 and 1.5.
2016-06-21 05:48:18 -04:00
global.rlimit_nofile = limit.rlim_cur;
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
}
}
if (global.rlimit_memmax) {
limit.rlim_cur = limit.rlim_max =
BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced When memmax is forced using "-m", the per-process memory limit is enforced using setrlimit(), but this value is not used to compute the automatic maxconn limit. In addition, the per-process memory limit didn't consider the fact that the shared SSL cache only needs to be accounted once. The doc was also fixed to clearly state that "-m" is global and not per process. It makes sense because people who use -m want to protect the system's resources regardless of whatever appears in the configuration.
2015-12-14 06:46:07 -05:00
global.rlimit_memmax * 1048576ULL;
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
#ifdef RLIMIT_AS
if (setrlimit(RLIMIT_AS, &limit) == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] Cannot fix MEM limit to %d megs.\n",
argv[0], global.rlimit_memmax);
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
}
#else
if (setrlimit(RLIMIT_DATA, &limit) == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] Cannot fix MEM limit to %d megs.\n",
argv[0], global.rlimit_memmax);
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
}
#endif
}
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
if (old_unixsocket) {
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
if (strcmp("/dev/null", old_unixsocket) != 0) {
if (get_old_sockets(old_unixsocket) != 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Failed to get the sockets from the old process!\n");
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
if (!(global.mode & MODE_MWORKER))
exit(1);
}
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
}
}
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
get_cur_unixsocket();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* We will loop at most 100 times with 10 ms delay each time.
* That's at most 1 second. We only send a signal to old pids
* if we cannot grab at least one port.
*/
retry = MAX_START_RETRIES;
err = ERR_NONE;
while (retry >= 0) {
struct timeval w;
err = start_proxies(retry == 0 || nb_oldpids == 0);
[BUG] hot reconfiguration failed because of a wrong error check The error check in return of start_proxies checked for exact ERR_RETRYABLE but did not consider the return as a bit field. The function returned both ERR_RETRYABLE and ERR_ALERT, hence the problem.
2007-12-20 17:05:50 -05:00
/* exit the loop on no error or fatal error */
if ((err & (ERR_RETRYABLE|ERR_FATAL)) != ERR_RETRYABLE)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
break;
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
if (nb_oldpids == 0 || retry == 0)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
break;
/* FIXME-20060514: Solaris and OpenBSD do not support shutdown() on
* listening sockets. So on those platforms, it would be wiser to
* simply send SIGUSR1, which will not be undoable.
*/
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
if (tell_old_pids(SIGTTOU) == 0) {
/* no need to wait if we can't contact old pids */
retry = 0;
continue;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* give some time to old processes to stop listening */
w.tv_sec = 0;
w.tv_usec = 10*1000;
select(0, NULL, NULL, NULL, &w);
retry--;
}
/* Note: start_proxies() sends an alert when it fails. */
[BUG] we must not exit if protocol binding only returns a warning Right now, protocol binding cannot return a warning, but when this will happen, we must not exit but just print the warning.
2009-02-04 11:05:23 -05:00
if ((err & ~ERR_WARN) != ERR_NONE) {
[BUG] ensure that we correctly re-start old process in case of error When a new process fails to grab some ports, it sends a signal to the old process in order to release them. Then it tries to bind again. If it still fails (eg: one of the ports is bound to a completely different process), it must send the continue signal to the old process so that this one re-binds to the ports. This is correctly done, but the newly bound ports are not released first, which sometimes causes the old process to remain running with no port bound. The fix simply consists in unbinding all ports before sending the signal to the old process.
2009-06-09 08:36:00 -04:00
if (retry != MAX_START_RETRIES && nb_oldpids) {
protocol_unbind_all(); /* cleanup everything we can */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
tell_old_pids(SIGTTIN);
[BUG] ensure that we correctly re-start old process in case of error When a new process fails to grab some ports, it sends a signal to the old process in order to release them. Then it tries to bind again. If it still fails (eg: one of the ports is bound to a completely different process), it must send the continue signal to the old process so that this one re-binds to the ports. This is correctly done, but the newly bound ports are not released first, which sometimes causes the old process to remain running with no port bound. The fix simply consists in unbinding all ports before sending the signal to the old process.
2009-06-09 08:36:00 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
exit(1);
}
if (listeners == 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] No enabled listener found (check for 'bind' directives) ! Exiting.\n", argv[0]);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* Note: we don't have to send anything to the old pids because we
* never stopped them. */
exit(1);
}
[MEDIUM] Enhance message errors management on binds
2010-10-22 10:06:11 -04:00
err = protocol_bind_all(errmsg, sizeof(errmsg));
if ((err & ~ERR_WARN) != ERR_NONE) {
if ((err & ERR_ALERT) || (err & ERR_WARN))
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] %s.\n", argv[0], errmsg);
[MEDIUM] Enhance message errors management on binds
2010-10-22 10:06:11 -04:00
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Some protocols failed to start their listeners! Exiting.\n", argv[0]);
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
protocol_unbind_all(); /* cleanup everything we can */
if (nb_oldpids)
tell_old_pids(SIGTTIN);
exit(1);
[MEDIUM] Enhance message errors management on binds
2010-10-22 10:06:11 -04:00
} else if (err & ERR_WARN) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] %s.\n", argv[0], errmsg);
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
}
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
/* Ok, all listener should now be bound, close any leftover sockets
* the previous process gave us, we don't need them anymore
*/
while (xfer_sock_list != NULL) {
struct xfer_sock_list *tmpxfer = xfer_sock_list->next;
close(xfer_sock_list->fd);
free(xfer_sock_list->iface);
free(xfer_sock_list->namespace);
free(xfer_sock_list);
xfer_sock_list = tmpxfer;
}
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* prepare pause/play signals */
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
signal_register_fct(SIGTTOU, sig_pause, SIGTTOU);
signal_register_fct(SIGTTIN, sig_listen, SIGTTIN);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* MODE_QUIET can inhibit alerts and warnings below this line */
if ((global.mode & MODE_QUIET) && !(global.mode & MODE_VERBOSE)) {
/* detach from the tty */
fclose(stdin); fclose(stdout); fclose(stderr);
}
/* open log & pid files before the chroot */
MINOR: mworker: allow pidfile in mworker + foreground This patch allows the use of the pidfile in master-worker mode without using the background option.
2017-11-06 05:00:03 -05:00
if ((global.mode & MODE_DAEMON || global.mode & MODE_MWORKER) && global.pidfile != NULL) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
unlink(global.pidfile);
pidfd = open(global.pidfile, O_CREAT | O_WRONLY | O_TRUNC, 0644);
if (pidfd < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot create pidfile %s\n", argv[0], global.pidfile);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (nb_oldpids)
tell_old_pids(SIGTTIN);
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
protocol_unbind_all();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
exit(1);
}
}
[MEDIUM] check for cttproxy support when required Previously, use of the "usesrc" keyword could silently fail if either the module was not loaded, or the user did not have enough permissions. Now the errors are better diagnosed and more appropriate advices are given.
2007-03-24 12:24:39 -04:00
if ((global.last_checks & LSTCHK_NETADM) && global.uid) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Some configuration options require full privileges, so global.uid cannot be changed.\n"
"", argv[0]);
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
protocol_unbind_all();
[MEDIUM] check for cttproxy support when required Previously, use of the "usesrc" keyword could silently fail if either the module was not loaded, or the user did not have enough permissions. Now the errors are better diagnosed and more appropriate advices are given.
2007-03-24 12:24:39 -04:00
exit(1);
}
[BUG] inform the user when root is expected but not set When a plain user runs haproxy as non-root but some options require root, let's inform him.
2009-02-04 12:02:48 -05:00
/* If the user is not root, we'll still let him try the configuration
* but we inform him that unexpected behaviour may occur.
*/
if ((global.last_checks & LSTCHK_NETADM) && getuid())
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] Some options which require full privileges"
" might not work well.\n"
"", argv[0]);
[BUG] inform the user when root is expected but not set When a plain user runs haproxy as non-root but some options require root, let's inform him.
2009-02-04 12:02:48 -05:00
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if ((global.mode & (MODE_MWORKER|MODE_DAEMON)) == 0) {
/* chroot if needed */
if (global.chroot != NULL) {
if (chroot(global.chroot) == -1 || chdir("/") == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot chroot(%s).\n", argv[0], global.chroot);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (nb_oldpids)
tell_old_pids(SIGTTIN);
protocol_unbind_all();
exit(1);
}
[MEDIUM] fixed call to chroot() during startup It wasn't very wise to chroot() early during the startup. Also, the exit() was missing if the chroot() failed.
2007-10-15 12:57:08 -04:00
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (nb_oldpids)
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
nb_oldpids = tell_old_pids(oldpids_sig);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
BUG/MEDIUM: mworker: don't reuse PIDs passed to the master When starting the master worker with -sf or -st, the PIDs will be reused on the next reload, which is a problem if new processes on the system took those PIDs. This patch ensures that we don't register old PIDs in the reload system when launching the master worker.
2017-06-20 05:20:33 -04:00
if ((getenv("HAPROXY_MWORKER_REEXEC") == NULL)) {
nb_oldpids = 0;
free(oldpids);
oldpids = NULL;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* Note that any error at this stage will be fatal because we will not
* be able to restart the old pids.
*/
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if ((global.mode & (MODE_MWORKER|MODE_DAEMON)) == 0) {
/* setgid / setuid */
if (global.gid) {
if (getgroups(0, NULL) > 0 && setgroups(0, NULL) == -1)
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] Failed to drop supplementary groups. Using 'gid'/'group'"
" without 'uid'/'user' is generally useless.\n", argv[0]);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (setgid(global.gid) == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot set gid %d.\n", argv[0], global.gid);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
protocol_unbind_all();
exit(1);
}
}
BUG/MEDIUM: remove supplementary groups when changing gid Without it, haproxy will retain the group membership of root, which may give more access than intended to the process. For example, haproxy would still be in the wheel group on Fedora 18, as seen with : # haproxy -f /etc/haproxy/haproxy.cfg # ps a -o pid,user,group,command | grep hapr 3545 haproxy haproxy haproxy -f /etc/haproxy/haproxy.cfg 4356 root root grep --color=auto hapr # grep Group /proc/3545/status Groups: 0 1 2 3 4 6 10 # getent group wheel wheel:x:10:root,misc [WT: The issue has been investigated by independent security research team and realized by itself not being able to allow security exploitation. Additionally, dropping groups is not allowed to unprivileged users, though this mode of deployment is quite common. Thus a warning is emitted in this case to inform the user. The fix could be backported into all supported versions as the issue has always been there. ]
2013-01-12 12:35:19 -05:00
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (global.uid && setuid(global.uid) == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot set uid %d.\n", argv[0], global.uid);
BUG/MEDIUM: remove supplementary groups when changing gid Without it, haproxy will retain the group membership of root, which may give more access than intended to the process. For example, haproxy would still be in the wheel group on Fedora 18, as seen with : # haproxy -f /etc/haproxy/haproxy.cfg # ps a -o pid,user,group,command | grep hapr 3545 haproxy haproxy haproxy -f /etc/haproxy/haproxy.cfg 4356 root root grep --color=auto hapr # grep Group /proc/3545/status Groups: 0 1 2 3 4 6 10 # getent group wheel wheel:x:10:root,misc [WT: The issue has been investigated by independent security research team and realized by itself not being able to allow security exploitation. Additionally, dropping groups is not allowed to unprivileged users, though this mode of deployment is quite common. Thus a warning is emitted in this case to inform the user. The fix could be backported into all supported versions as the issue has always been there. ]
2013-01-12 12:35:19 -05:00
protocol_unbind_all();
exit(1);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/* check ulimits */
limit.rlim_cur = limit.rlim_max = 0;
getrlimit(RLIMIT_NOFILE, &limit);
if (limit.rlim_cur < global.maxsock) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] FD limit (%d) too low for maxconn=%d/maxsock=%d. Please raise 'ulimit-n' to %d or more to avoid any trouble.\n",
argv[0], (int)limit.rlim_cur, global.maxconn, global.maxsock, global.maxsock);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (global.mode & (MODE_DAEMON | MODE_MWORKER)) {
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
struct proxy *px;
MEDIUM: init: stop any peers section not bound to the correct process This will prevent the peers section from remaining in listen state on the incorrect process. The peers_fe pointer is set to NULL, which will tell the peers task to commit suicide if it was already scheduled.
2015-05-01 13:13:41 -04:00
struct peers *curpeers;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
int ret = 0;
int proc;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
children = calloc(global.nbproc, sizeof(int));
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
/*
* if daemon + mworker: must fork here to let a master
* process live in background before forking children
*/
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
if ((getenv("HAPROXY_MWORKER_REEXEC") == NULL)
&& (global.mode & MODE_MWORKER)
&& (global.mode & MODE_DAEMON)) {
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
ret = fork();
if (ret < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot fork.\n", argv[0]);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
protocol_unbind_all();
exit(1); /* there has been an error */
}
/* parent leave to daemonize */
if (ret > 0)
exit(0);
}
MEDIUM: mworker: workers exit when the master leaves This patch ensure that the children will exit when the master quits, even if the master didn't send any signal. The master and the workers are connected through a pipe, when the pipe closes the children leave.
2017-06-01 11:38:55 -04:00
if (global.mode & MODE_MWORKER) {
if ((getenv("HAPROXY_MWORKER_REEXEC") == NULL)) {
char *msg = NULL;
/* master pipe to ensure the master is still alive */
ret = pipe(mworker_pipe);
if (ret < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] Cannot create master pipe.\n", argv[0]);
MEDIUM: mworker: workers exit when the master leaves This patch ensure that the children will exit when the master quits, even if the master didn't send any signal. The master and the workers are connected through a pipe, when the pipe closes the children leave.
2017-06-01 11:38:55 -04:00
} else {
memprintf(&msg, "%d", mworker_pipe[0]);
setenv("HAPROXY_MWORKER_PIPE_RD", msg, 1);
memprintf(&msg, "%d", mworker_pipe[1]);
setenv("HAPROXY_MWORKER_PIPE_WR", msg, 1);
free(msg);
}
} else {
mworker_pipe[0] = atol(getenv("HAPROXY_MWORKER_PIPE_RD"));
mworker_pipe[1] = atol(getenv("HAPROXY_MWORKER_PIPE_WR"));
if (mworker_pipe[0] <= 0 || mworker_pipe[1] <= 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] Cannot get master pipe FDs.\n", argv[0]);
MEDIUM: mworker: workers exit when the master leaves This patch ensure that the children will exit when the master quits, even if the master didn't send any signal. The master and the workers are connected through a pipe, when the pipe closes the children leave.
2017-06-01 11:38:55 -04:00
}
}
}
MINOR: mworker: write parent pid in the pidfile The first pid in the pidfile is now the parent, it's more convenient for supervising the processus. You can now reload haproxy in master-worker mode with convenient command like: kill -USR2 $(head -1 /tmp/haproxy.pid)
2017-11-06 05:00:04 -05:00
/* if in master-worker mode, write the PID of the father */
if (global.mode & MODE_MWORKER) {
char pidstr[100];
snprintf(pidstr, sizeof(pidstr), "%d\n", getpid());
shut_your_big_mouth_gcc(write(pidfd, pidstr, strlen(pidstr)));
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* the father launches the required number of processes */
for (proc = 0; proc < global.nbproc; proc++) {
ret = fork();
if (ret < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot fork.\n", argv[0]);
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
protocol_unbind_all();
[BUG] remove condition for exit() under fork() failure This must come from a copy-paste typo: in the unlikely event that fork() would fail, the parent process would only exit(1) if there were old pids. That's non-sense.
2007-10-16 01:44:56 -04:00
exit(1); /* there has been an error */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (ret == 0) /* child breaks here */
break;
MEDIUM: New cli option -Ds for systemd compatibility This patch adds a new option "-Ds" which is exactly like "-D", but instead of forking n times to get n jobs running and then exiting, prefers to wait for all the children it just created. With this done, haproxy becomes more systemd-compliant, without changing anything for other systems. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 04:53:52 -05:00
children[proc] = ret;
MINOR: mworker: do not store child pid anymore in the pidfile The parent process supervises itself the children, we don't need to store the children pids anymore in the pidfile in master-worker mode.
2017-11-06 05:16:12 -05:00
if (pidfd >= 0 && !(global.mode & MODE_MWORKER)) {
BUG/MEDIUM: workaround an eglibc bug which truncates the pidfiles when nbproc > 1 Thomas Heil reported that when using nbproc > 1, his pidfiles were regularly truncated. The issue could be tracked down to the presence of a call to lseek(pidfile, 0, SEEK_SET) just before the close() call in the children, resulting in the file being truncated by the children while the parent was feeding it. This unexpected lseek() is transparently performed by fclose(). Since there is no way to have the file automatically closed during the fork, the only solution is to bypass the libc and use open/write/close instead of fprintf() and fclose(). The issue was observed on eglibc 2.15.
2012-09-05 02:02:48 -04:00
char pidstr[100];
snprintf(pidstr, sizeof(pidstr), "%d\n", ret);
BUILD: definitely silence some stupid GCC warnings It's becoming increasingly difficult to ignore unwanted function returns in debug code with gcc. Now even when you try to work around it, it suggests a way to write your code differently. For example : src/frontend.c:187:65: warning: if statement has empty body [-Wempty-body] if (write(1, trash.str, trash.len) < 0) /* shut gcc warning */; ^ src/frontend.c:187:65: note: put the semicolon on a separate line to silence this warning 1 warning generated. This is totally unacceptable, this code already had to be written this way to shut it up in earlier versions. And now it comments the form ? What's the purpose of the C language if you can't write anymore the code that does what you want ? Emeric proposed to just keep a global variable to drain such useless results so that gcc stops complaining all the time it believes people who write code are monkeys. The solution is acceptable because the useless assignment is done only in debug code so it will not impact performance. This patch implements this, until gcc becomes even "smarter" to detect that we tried to cheat.
2013-12-13 09:14:55 -05:00
shut_your_big_mouth_gcc(write(pidfd, pidstr, strlen(pidstr)));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] stats: report numerical process ID, proxy ID and server ID It is very convenient for SNMP monitoring to have unique process ID, proxy ID and server ID. Those have been added to the CSV outputs. The numbers start at 1. 0 is reserved. For servers, 0 means that the reported name is not a server name but half a proxy (FRONTEND/BACKEND). A remaining hidden "-" in the CSV output has been eliminated too.
2007-11-04 17:35:08 -05:00
relative_pid++; /* each child will get a different one */
CLEANUP: global: introduce variable pid_bit to avoid shifts with relative_pid At a number of places, bitmasks are used for process affinity and to map listeners to processes. Every time 1UL<<(relative_pid-1) is used. Let's create a "pid_bit" variable corresponding to this value to clean this up.
2017-11-10 13:08:14 -05:00
pid_bit <<= 1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
#ifdef USE_CPU_AFFINITY
if (proc < global.nbproc && /* child */
BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only We have to allow 32 or 64 processes depending on the machine's word size, and on 64-bit machines only the first 32 processes were properly bound. This fix should be backported to 1.5.
2015-04-20 05:36:57 -04:00
proc < LONGBITS && /* only the first 32/64 processes may be pinned */
MINOR: config: Add the threads support in cpu-map directive Now, it is possible to bind CPU at the thread level instead of the process level by defining a thread set in "cpu-map" directives. Thus, its format is now: cpu-map [auto:]<process-set>[/<thread-set>] <cpu-set>... where <process-set> and <thread-set> must follow the format: all | odd | even | number[-[number]] Having a process range and a thread range in same time with the "auto:" prefix is not supported. Only one range is supported, the other one must be a fixed number. But it is allowed when there is no "auto:" prefix. Because it is possible to define a mapping for a process and another for a thread on this process, threads will be bound on the intersection of their mapping and the one of the process on which they are attached. If the intersection is null, no specific binding will be set for the threads.
2017-11-22 10:50:41 -05:00
global.cpu_map.proc[proc]) /* only do this if the process has a CPU map */
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#ifdef __FreeBSD__
MINOR: init: Fix CPU affinity setting on FreeBSD. Use a cpuset_t instead of assuming the cpu mask is an unsigned long. This should fix setting the CPU affinity on FreeBSD >= 11. This patch should be backported to stable releases.
2017-08-16 11:29:11 -04:00
{
cpuset_t cpuset;
int i;
MINOR: config: Add the threads support in cpu-map directive Now, it is possible to bind CPU at the thread level instead of the process level by defining a thread set in "cpu-map" directives. Thus, its format is now: cpu-map [auto:]<process-set>[/<thread-set>] <cpu-set>... where <process-set> and <thread-set> must follow the format: all | odd | even | number[-[number]] Having a process range and a thread range in same time with the "auto:" prefix is not supported. Only one range is supported, the other one must be a fixed number. But it is allowed when there is no "auto:" prefix. Because it is possible to define a mapping for a process and another for a thread on this process, threads will be bound on the intersection of their mapping and the one of the process on which they are attached. If the intersection is null, no specific binding will be set for the threads.
2017-11-22 10:50:41 -05:00
unsigned long cpu_map = global.cpu_map.proc[proc];
MINOR: init: Fix CPU affinity setting on FreeBSD. Use a cpuset_t instead of assuming the cpu mask is an unsigned long. This should fix setting the CPU affinity on FreeBSD >= 11. This patch should be backported to stable releases.
2017-08-16 11:29:11 -04:00
CPU_ZERO(&cpuset);
while ((i = ffsl(cpu_map)) > 0) {
CPU_SET(i - 1, &cpuset);
cpu_map &= ~(1 << (i - 1));
}
ret = cpuset_setaffinity(CPU_LEVEL_WHICH, CPU_WHICH_PID, -1, sizeof(cpuset), &cpuset);
}
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#else
MINOR: config: Add the threads support in cpu-map directive Now, it is possible to bind CPU at the thread level instead of the process level by defining a thread set in "cpu-map" directives. Thus, its format is now: cpu-map [auto:]<process-set>[/<thread-set>] <cpu-set>... where <process-set> and <thread-set> must follow the format: all | odd | even | number[-[number]] Having a process range and a thread range in same time with the "auto:" prefix is not supported. Only one range is supported, the other one must be a fixed number. But it is allowed when there is no "auto:" prefix. Because it is possible to define a mapping for a process and another for a thread on this process, threads will be bound on the intersection of their mapping and the one of the process on which they are attached. If the intersection is null, no specific binding will be set for the threads.
2017-11-22 10:50:41 -05:00
sched_setaffinity(0, sizeof(unsigned long), (void *)&global.cpu_map.proc[proc]);
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#endif
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* close the pidfile both in children and father */
BUG/MEDIUM: workaround an eglibc bug which truncates the pidfiles when nbproc > 1 Thomas Heil reported that when using nbproc > 1, his pidfiles were regularly truncated. The issue could be tracked down to the presence of a call to lseek(pidfile, 0, SEEK_SET) just before the close() call in the children, resulting in the file being truncated by the children while the parent was feeding it. This unexpected lseek() is transparently performed by fclose(). Since there is no way to have the file automatically closed during the fork, the only solution is to bypass the libc and use open/write/close instead of fprintf() and fclose(). The issue was observed on eglibc 2.15.
2012-09-05 02:02:48 -04:00
if (pidfd >= 0) {
//lseek(pidfd, 0, SEEK_SET); /* debug: emulate eglibc bug */
close(pidfd);
}
[MINOR] startup: release unused structs after forking Don't keep the old pid list or chroot place after startup, they won't be used anymore.
2010-08-25 06:49:05 -04:00
/* We won't ever use this anymore */
free(global.pidfile); global.pidfile = NULL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: init: don't stop proxies in parent process when exiting That's pointless, and that's confusing when debugging.
2015-05-01 11:01:08 -04:00
if (proc == global.nbproc) {
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (global.mode & MODE_MWORKER) {
BUG/MEDIUM: mworker: does not close inherited FD At the end of the master initialisation, a call to protocol_unbind_all() was made, in order to close all the FDs. Unfortunately, this function closes the inherited FDs (fd@), upon reload the master wasn't able to reload a configuration with those FDs. The create_listeners() function now store a flag to specify if the fd was inherited or not. Replace the protocol_unbind_all() by mworker_cleanlisteners() + deinit_pollers()
2017-11-15 13:02:58 -05:00
mworker_cleanlisteners();
deinit_pollers();
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
mworker_wait();
BUG/MEDIUM: misplaced exit and wrong exit code Commit cb11fd2 ("MEDIUM: mworker: wait mode on reload failure") introduced a regression, when HAProxy is used in daemon mode, it exits 1 after forking its children. HAProxy should exit(0), the exit(EXIT_FAILURE) was expected to be use when the master fail in master-worker mode. Thanks to Emmanuel Hocdet for reporting this bug. No backport needed.
2017-06-07 09:04:47 -04:00
/* should never get there */
exit(EXIT_FAILURE);
MEDIUM: init: don't stop proxies in parent process when exiting That's pointless, and that's confusing when debugging.
2015-05-01 11:01:08 -04:00
}
BUG/MEDIUM: build without openssl broken The commit 872f9c213 ("MEDIUM: ssl: add basic support for OpenSSL crypto engine") broke the build without openssl support. The ssl_free_dh() function is not defined when USE_OPENSSL is not defined and leads to a compilation failure.
2017-06-08 13:05:48 -04:00
#if defined(USE_OPENSSL) && !defined(OPENSSL_NO_DH)
MEDIUM: ssl: add basic support for OpenSSL crypto engine This patch adds the global 'ssl-engine' keyword. First arg is an engine identifier followed by a list of default_algorithms the engine will operate. If the openssl version is too old, an error is reported when the option is used.
2017-01-20 20:10:18 -05:00
ssl_free_dh();
#endif
BUG/MEDIUM: misplaced exit and wrong exit code Commit cb11fd2 ("MEDIUM: mworker: wait mode on reload failure") introduced a regression, when HAProxy is used in daemon mode, it exits 1 after forking its children. HAProxy should exit(0), the exit(EXIT_FAILURE) was expected to be use when the master fail in master-worker mode. Thanks to Emmanuel Hocdet for reporting this bug. No backport needed.
2017-06-07 09:04:47 -04:00
exit(0); /* parent must leave */
MEDIUM: init: don't stop proxies in parent process when exiting That's pointless, and that's confusing when debugging.
2015-05-01 11:01:08 -04:00
}
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
/* child must never use the atexit function */
atexit_flag = 0;
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
/* Must chroot and setgid/setuid in the children */
/* chroot if needed */
if (global.chroot != NULL) {
if (chroot(global.chroot) == -1 || chdir("/") == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot chroot1(%s).\n", argv[0], global.chroot);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (nb_oldpids)
tell_old_pids(SIGTTIN);
protocol_unbind_all();
exit(1);
}
}
free(global.chroot);
global.chroot = NULL;
/* setgid / setuid */
if (global.gid) {
if (getgroups(0, NULL) > 0 && setgroups(0, NULL) == -1)
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] Failed to drop supplementary groups. Using 'gid'/'group'"
" without 'uid'/'user' is generally useless.\n", argv[0]);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (setgid(global.gid) == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot set gid %d.\n", argv[0], global.gid);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
protocol_unbind_all();
exit(1);
}
}
if (global.uid && setuid(global.uid) == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot set uid %d.\n", argv[0], global.uid);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
protocol_unbind_all();
exit(1);
}
MEDIUM: proxy: zombify proxies only when the expose-fd socket is bound When HAProxy is running with multiple processes and some listeners arebound to processes, the unused sockets were not closed in the other processes. The aim was to be able to send those listening sockets using the -x option. However to ensure the previous behavior which was to close those sockets, we provided the "no-unused-socket" global option. This patch changes this behavior, it will close unused sockets which are not in the same process as an expose-fd socket, making the "no-unused-socket" option useless. The "no-unused-socket" option was removed in this patch.
2017-05-26 12:19:55 -04:00
/* pass through every cli socket, and check if it's bound to
* the current process and if it exposes listeners sockets.
* Caution: the GTUNE_SOCKET_TRANSFER is now set after the fork.
* */
if (global.stats_fe) {
struct bind_conf *bind_conf;
list_for_each_entry(bind_conf, &global.stats_fe->conf.bind, by_fe) {
if (bind_conf->level & ACCESS_FD_LISTENERS) {
if (!bind_conf->bind_proc || bind_conf->bind_proc & (1UL << proc)) {
global.tune.options |= GTUNE_SOCKET_TRANSFER;
break;
}
}
}
}
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
/* we might have to unbind some proxies from some processes */
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
px = proxies_list;
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
while (px != NULL) {
if (px->bind_proc && px->state != PR_STSTOPPED) {
MINOR: proxy: Don't close FDs if not our proxy. When running with multiple process, if some proxies are just assigned to some processes, the other processes will just close the file descriptors for the listening sockets. However, we may still have to provide those sockets when reloading, so instead we just try hard to pretend those proxies are dead, while keeping the sockets opened. A new global option, no-reused-socket", has been added, to restore the old behavior of closing the sockets not bound to this process.
2017-04-05 19:05:05 -04:00
if (!(px->bind_proc & (1UL << proc))) {
if (global.tune.options & GTUNE_SOCKET_TRANSFER)
zombify_proxy(px);
else
stop_proxy(px);
}
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
}
px = px->next;
}
MEDIUM: init: stop any peers section not bound to the correct process This will prevent the peers section from remaining in listen state on the incorrect process. The peers_fe pointer is set to NULL, which will tell the peers task to commit suicide if it was already scheduled.
2015-05-01 13:13:41 -04:00
/* we might have to unbind some peers sections from some processes */
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
for (curpeers = cfg_peers; curpeers; curpeers = curpeers->next) {
MEDIUM: init: stop any peers section not bound to the correct process This will prevent the peers section from remaining in listen state on the incorrect process. The peers_fe pointer is set to NULL, which will tell the peers task to commit suicide if it was already scheduled.
2015-05-01 13:13:41 -04:00
if (!curpeers->peers_fe)
continue;
if (curpeers->peers_fe->bind_proc & (1UL << proc))
continue;
stop_proxy(curpeers->peers_fe);
/* disable this peer section so that it kills itself */
MEDIUM: init: completely deallocate unused peers When peers are stopped due to not being running on the appropriate process, we want to completely release them and unregister their signals and task in order to ensure there's no way they may be called in the future. Note: ideally we should have a list of all tables attached to a peers section being disabled in order to unregister them and void their sync_task. It doesn't appear to be *that* easy for now.
2015-09-28 10:39:25 -04:00
signal_unregister_handler(curpeers->sighandler);
task_delete(curpeers->sync_task);
task_free(curpeers->sync_task);
curpeers->sync_task = NULL;
task_free(curpeers->peers_fe->task);
curpeers->peers_fe->task = NULL;
MEDIUM: init: stop any peers section not bound to the correct process This will prevent the peers section from remaining in listen state on the incorrect process. The peers_fe pointer is set to NULL, which will tell the peers task to commit suicide if it was already scheduled.
2015-05-01 13:13:41 -04:00
curpeers->peers_fe = NULL;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* if we're NOT in QUIET mode, we should now close the 3 first FDs to ensure
* that we can detach from the TTY. We MUST NOT do it in other cases since
* it would have already be done, and 0-2 would have been affected to listening
* sockets
*/
[BUG] critical errors should be reported even in daemon mode Josh Goebel reported that haproxy silently dies when it fails to chroot. In fact, it does so when in daemon mode, because daemon mode has been disabling output for ages. Since the code has been reworked, this could have been changed because there is no reason for this anymore, hence this patch. (cherry picked from commit 304d6fb00fe32fca1bd932a301d4afb7d54c92bc) (cherry picked from commit 50b7f7f12c67322c793f50a6be009f0fd0eec1bb)
2008-11-16 01:40:34 -05:00
if (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* detach from the tty */
fclose(stdin); fclose(stdout); fclose(stderr);
[BUG] critical errors should be reported even in daemon mode Josh Goebel reported that haproxy silently dies when it fails to chroot. In fact, it does so when in daemon mode, because daemon mode has been disabling output for ages. Since the code has been reworked, this could have been changed because there is no reason for this anymore, hence this patch. (cherry picked from commit 304d6fb00fe32fca1bd932a301d4afb7d54c92bc) (cherry picked from commit 50b7f7f12c67322c793f50a6be009f0fd0eec1bb)
2008-11-16 01:40:34 -05:00
global.mode &= ~MODE_VERBOSE;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.mode |= MODE_QUIET; /* ensure that we won't say anything from now */
}
pid = getpid(); /* update child's pid */
setsid();
[MAJOR] delay registering of listener sockets at startup Some pollers such as kqueue lose their FD across fork(), meaning that the registered file descriptors are lost too. Now when the proxies are started by start_proxies(), the file descriptors are not registered yet, leaving enough time for the fork() to take place and to get a new pollfd. It will be the first call to maintain_proxies that will register them.
2007-04-09 13:29:56 -04:00
fork_poller();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: startup: Extend the scope the MODE_STARTING flag Now, MODE_STARTING is set at the begining to init function and it is removed just before the polling loop. So more alerts or warnings are saved.
2017-10-24 07:53:54 -04:00
global.mode &= ~MODE_STARTING;
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
/*
* That's it : the central polling loop. Run until we stop.
*/
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
#ifdef USE_THREAD
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
{
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
unsigned int *tids = calloc(global.nbthread, sizeof(unsigned int));
pthread_t *threads = calloc(global.nbthread, sizeof(pthread_t));
int i;
BUG/MEDIUM: threads: Initialize the sync-point The sync point must be initialized before starting threads. This line was lost in one of merges preparing the threads support integration.
2017-10-31 12:30:12 -04:00
THREAD_SYNC_INIT((1UL << global.nbthread) - 1);
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
/* Init tids array */
for (i = 0; i < global.nbthread; i++)
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
tids[i] = i;
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
/* Create nbthread-1 thread. The first thread is the current process */
threads[0] = pthread_self();
for (i = 1; i < global.nbthread; i++)
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
pthread_create(&threads[i], NULL, &run_thread_poll_loop, &tids[i]);
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
MINOR: threads: Add thread-map config parameter in the global section By default, no affinity is set for threads. To bind threads on CPU, you must define a "thread-map" in the global section. The format is the same than the "cpu-map" parameter, with a small difference. The process number must be defined, with the same format than cpu-map ("all", "even", "odd" or a number between 1 and 31/63). A thread will be bound on the intersection of its mapping and the one of the process on which it is attached. If the intersection is null, no specific bind will be set for the thread.
2017-10-16 09:49:32 -04:00
#ifdef USE_CPU_AFFINITY
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
/* Now the CPU affinity for all threads */
for (i = 0; i < global.nbthread; i++) {
MINOR: config: Add the threads support in cpu-map directive Now, it is possible to bind CPU at the thread level instead of the process level by defining a thread set in "cpu-map" directives. Thus, its format is now: cpu-map [auto:]<process-set>[/<thread-set>] <cpu-set>... where <process-set> and <thread-set> must follow the format: all | odd | even | number[-[number]] Having a process range and a thread range in same time with the "auto:" prefix is not supported. Only one range is supported, the other one must be a fixed number. But it is allowed when there is no "auto:" prefix. Because it is possible to define a mapping for a process and another for a thread on this process, threads will be bound on the intersection of their mapping and the one of the process on which they are attached. If the intersection is null, no specific binding will be set for the threads.
2017-11-22 10:50:41 -05:00
if (global.cpu_map.proc[relative_pid-1])
global.cpu_map.thread[relative_pid-1][i] &= global.cpu_map.proc[relative_pid-1];
MINOR: threads: Add thread-map config parameter in the global section By default, no affinity is set for threads. To bind threads on CPU, you must define a "thread-map" in the global section. The format is the same than the "cpu-map" parameter, with a small difference. The process number must be defined, with the same format than cpu-map ("all", "even", "odd" or a number between 1 and 31/63). A thread will be bound on the intersection of its mapping and the one of the process on which it is attached. If the intersection is null, no specific bind will be set for the thread.
2017-10-16 09:49:32 -04:00
if (i < LONGBITS && /* only the first 32/64 threads may be pinned */
MINOR: config: Add the threads support in cpu-map directive Now, it is possible to bind CPU at the thread level instead of the process level by defining a thread set in "cpu-map" directives. Thus, its format is now: cpu-map [auto:]<process-set>[/<thread-set>] <cpu-set>... where <process-set> and <thread-set> must follow the format: all | odd | even | number[-[number]] Having a process range and a thread range in same time with the "auto:" prefix is not supported. Only one range is supported, the other one must be a fixed number. But it is allowed when there is no "auto:" prefix. Because it is possible to define a mapping for a process and another for a thread on this process, threads will be bound on the intersection of their mapping and the one of the process on which they are attached. If the intersection is null, no specific binding will be set for the threads.
2017-11-22 10:50:41 -05:00
global.cpu_map.thread[relative_pid-1][i]) /* only do this if the thread has a THREAD map */
MINOR: threads: Add thread-map config parameter in the global section By default, no affinity is set for threads. To bind threads on CPU, you must define a "thread-map" in the global section. The format is the same than the "cpu-map" parameter, with a small difference. The process number must be defined, with the same format than cpu-map ("all", "even", "odd" or a number between 1 and 31/63). A thread will be bound on the intersection of its mapping and the one of the process on which it is attached. If the intersection is null, no specific bind will be set for the thread.
2017-10-16 09:49:32 -04:00
pthread_setaffinity_np(threads[i],
MINOR: config: Add the threads support in cpu-map directive Now, it is possible to bind CPU at the thread level instead of the process level by defining a thread set in "cpu-map" directives. Thus, its format is now: cpu-map [auto:]<process-set>[/<thread-set>] <cpu-set>... where <process-set> and <thread-set> must follow the format: all | odd | even | number[-[number]] Having a process range and a thread range in same time with the "auto:" prefix is not supported. Only one range is supported, the other one must be a fixed number. But it is allowed when there is no "auto:" prefix. Because it is possible to define a mapping for a process and another for a thread on this process, threads will be bound on the intersection of their mapping and the one of the process on which they are attached. If the intersection is null, no specific binding will be set for the threads.
2017-11-22 10:50:41 -05:00
sizeof(unsigned long),
(void *)&global.cpu_map.thread[relative_pid-1][i]);
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
}
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
#endif /* !USE_CPU_AFFINITY */
/* Finally, start the poll loop for the first thread */
run_thread_poll_loop(&tids[0]);
/* Wait the end of other threads */
for (i = 1; i < global.nbthread; i++)
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
pthread_join(threads[i], NULL);
free(tids);
free(threads);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: threads/signal: Add a lock to make signals thread-safe A global lock has been added to protect the signal processing. So when a signal it triggered, only one thread will catch it.
2017-05-30 09:34:30 -04:00
#if defined(DEBUG_THREAD) || defined(DEBUG_FULL)
show_lock_stats();
#endif
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
}
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
#else /* ! USE_THREAD */
MAJOR: threads/fd: Make fd stuffs thread-safe Many changes have been made to do so. First, the fd_updt array, where all pending FDs for polling are stored, is now a thread-local array. Then 3 locks have been added to protect, respectively, the fdtab array, the fd_cache array and poll information. In addition, a lock for each entry in the fdtab array has been added to protect all accesses to a specific FD or its information. For pollers, according to the poller, the way to manage the concurrency is different. There is a poller loop on each thread. So the set of monitored FDs may need to be protected. epoll and kqueue are thread-safe per-se, so there few things to do to protect these pollers. This is not possible with select and poll, so there is no sharing between the threads. The poller on each thread is independant from others. Finally, per-thread init/deinit functions are used for each pollers and for FD part for manage thread-local ressources. Now, you must be carefull when a FD is created during the HAProxy startup. All update on the FD state must be made in the threads context and never before their creation. This is mandatory because fd_updt array is thread-local and initialized only for threads. Because there is no pollers for the main one, this array remains uninitialized in this context. For this reason, listeners are now enabled in run_thread_poll_loop function, just like the worker pipe.
2017-05-29 04:40:41 -04:00
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
run_thread_poll_loop((int []){0});
MINOR: threads: Add thread-map config parameter in the global section By default, no affinity is set for threads. To bind threads on CPU, you must define a "thread-map" in the global section. The format is the same than the "cpu-map" parameter, with a small difference. The process number must be defined, with the same format than cpu-map ("all", "even", "odd" or a number between 1 and 31/63). A thread will be bound on the intersection of its mapping and the one of the process on which it is attached. If the intersection is null, no specific bind will be set for the thread.
2017-10-16 09:49:32 -04:00
#endif
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
/* Do some cleanup */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
deinit();
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
exit(0);
}
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/
Reference in a new issue Copy permalink