upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-20 00:10:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 14
haproxy/src/haproxy.c

3360 lines
92 KiB
C
Raw Normal View History

[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* HA-Proxy : High Availability-enabled HTTP/TCP proxy
[RELEASE] Released version 2.0-dev1 Released version 2.0-dev1 with the following main changes : - MINOR: mux-h2: only increase the connection window with the first update - REGTESTS: remove the expected window updates from H2 handshakes - BUG/MINOR: mux-h2: make empty HEADERS frame return a connection error - BUG/MEDIUM: mux-h2: mark that we have too many CS once we have more than the max - MEDIUM: mux-h2: remove padlen during headers phase - MINOR: h2: add a bit-based frame type representation - MINOR: mux-h2: remove useless check for empty frame length in h2s_decode_headers() - MEDIUM: mux-h2: decode HEADERS frames before allocating the stream - MINOR: mux-h2: make h2c_send_rst_stream() use the dummy stream's error code - MINOR: mux-h2: add a new dummy stream for the REFUSED_STREAM error code - MINOR: mux-h2: fail stream creation more cleanly using RST_STREAM - MINOR: buffers: add a new b_move() function - MINOR: mux-h2: make h2_peek_frame_hdr() support an offset - MEDIUM: mux-h2: handle decoding of CONTINUATION frames - CLEANUP: mux-h2: remove misleading comments about CONTINUATION - BUG/MEDIUM: servers: Don't try to reuse connection if we switched server. - BUG/MEDIUM: tasks: Decrement tasks_run_queue in tasklet_free(). - BUG/MINOR: htx: send the proper authenticate header when using http-request auth - BUG/MEDIUM: mux_h2: Don't add to the idle list if we're full. - BUG/MEDIUM: servers: Fail if we fail to allocate a conn_stream. - BUG/MAJOR: servers: Use the list api correctly to avoid crashes. - BUG/MAJOR: servers: Correctly use LIST_ELEM(). - BUG/MAJOR: sessions: Use an unlimited number of servers for the conn list. - BUG/MEDIUM: servers: Flag the stream_interface on handshake error. - MEDIUM: servers: Be smarter when switching connections. - MEDIUM: sessions: Keep track of which connections are idle. - MINOR: payload: add sample fetch for TLS ALPN - BUG/MEDIUM: log: don't mark log FDs as non-blocking on terminals - MINOR: channel: Add the function channel_add_input - MINOR: stats/htx: Call channel_add_input instead of updating channel state by hand - BUG/MEDIUM: cache: Be sure to end the forwarding when XFER length is unknown - BUG/MAJOR: htx: Return the good block address after a defrag - MINOR: lb: allow redispatch when using consistent hash - CLEANUP: mux-h2: fix end-of-stream flag name when processing headers - BUG/MEDIUM: mux-h2: always restart reading if data are available - BUG/MINOR: mux-h2: set the stream-full flag when leaving h2c_decode_headers() - BUG/MINOR: mux-h2: don't check the CS count in h2c_bck_handle_headers() - BUG/MINOR: mux-h2: mark end-of-stream after processing response HEADERS, not before - BUG/MINOR: mux-h2: only update rxbuf's length for H1 headers - BUG/MEDIUM: mux-h1: use per-direction flags to indicate transitions - BUG/MEDIUM: mux-h1: make HTX chunking consistent with H2 - BUG/MAJOR: stream-int: Update the stream expiration date in stream_int_notify() - BUG/MEDIUM: proto-htx: Set SI_FL_NOHALF on server side when request is done - BUG/MEDIUM: mux-h1: Add a task to handle connection timeouts - MINOR: mux-h2: make h2c_decode_headers() return a status, not a count - MINOR: mux-h2: add a new dummy stream : h2_error_stream - MEDIUM: mux-h2: make h2c_decode_headers() support recoverable errors - BUG/MINOR: mux-h2: detect when the HTX EOM block cannot be added after headers - MINOR: mux-h2: remove a misleading and impossible test - CLEANUP: mux-h2: clean the stream error path on HEADERS frame processing - MINOR: mux-h2: check for too many streams only for idle streams - MINOR: mux-h2: set H2_SF_HEADERS_RCVD when a HEADERS frame was decoded - BUG/MEDIUM: mux-h2: decode trailers in HEADERS frames - MINOR: h2: add h2_make_h1_trailers to turn H2 headers to H1 trailers - MEDIUM: mux-h2: pass trailers to H1 (legacy mode) - MINOR: htx: add a new function to add a block without filling it - MINOR: h2: add h2_make_htx_trailers to turn H2 headers to HTX trailers - MEDIUM: mux-h2: pass trailers to HTX - MINOR: mux-h1: parse the content-length header on output and set H1_MF_CLEN - BUG/MEDIUM: mux-h1: don't enforce chunked encoding on requests - MINOR: mux-h2: make HTX_BLK_EOM processing idempotent - MINOR: h1: make the H1 headers block parser able to parse headers only - MEDIUM: mux-h2: emit HEADERS frames when facing HTX trailers blocks - MINOR: stream/htx: Add info about the HTX structs in "show sess all" command - MINOR: stream: Add the subscription events of SIs in "show sess all" command - MINOR: mux-h1: Add the subscription events in "show fd" command - BUG/MEDIUM: h1: Get the h1m state when restarting the headers parsing - BUG/MINOR: cache/htx: Be sure to count partial trailers - BUG/MEDIUM: h1: In h1_init(), wake the tasklet instead of calling h1_recv(). - BUG/MEDIUM: server: Defer the mux init until after xprt has been initialized. - MINOR: connections: Remove a stall comment. - BUG/MEDIUM: cli: make "show sess" really thread-safe - BUILD: add a new file "version.c" to carry version updates - MINOR: stream/htx: add the HTX flags output in "show sess all" - MINOR: stream/cli: fix the location of the waiting flag in "show sess all" - MINOR: stream/cli: report more info about the HTTP messages on "show sess all" - BUG/MINOR: lua: bad args are returned for Lua actions - BUG/MEDIUM: lua: dead lock when Lua tasks are trigerred - MINOR: htx: Add an helper function to get the max space usable for a block - MINOR: channel/htx: Add HTX version for some helper functions - BUG/MEDIUM: cache/htx: Respect the reserve when cached objects are served - BUG/MINOR: stats/htx: Respect the reserve when the stats page is dumped - DOC: regtest: make it clearer what the purpose of the "broken" series is - REGTEST: mailers: add new test for 'mailers' section - REGTEST: Add a reg test for health-checks over SSL/TLS. - BUG/MINOR: mux-h1: Close connection on shutr only when shutw was really done - MEDIUM: mux-h1: Clarify how shutr/shutw are handled - BUG/MINOR: compression: Disable it if another one is already in progress - BUG/MINOR: filters: Detect cache+compression config on legacy HTTP streams - BUG/MINOR: cache: Disable the cache if any compression filter precedes it - REGTEST: Add some informatoin to test results. - MINOR: htx: Add a function to truncate all blocks after a specific offset - MINOR: channel/htx: Add the HTX version of channel_truncate/erase - BUG/MINOR: proto_htx: Use HTX versions to truncate or erase a buffer - BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used - DOC: Fix typo in req.ssl_alpn example (commit 4afdd138424ab...) - DOC: http-request cache-use / http-response cache-store expects cache name - REGTEST: "capture (request|response)" regtest. - BUG/MINOR: lua/htx: Respect the reserve when data are send from an HTX applet - REGTEST: filters: add compression test - BUG/MEDIUM: init: Initialize idle_orphan_conns for first server in server-template - BUG/MEDIUM: ssl: Disable anti-replay protection and set max data with 0RTT. - DOC: Be a bit more explicit about allow-0rtt security implications. - MINOR: mux-h1: make the mux_h1_ops struct static - BUILD: makefile: add an EXTRA_OBJS variable to help build optional code - BUG/MEDIUM: connection: properly unregister the mux on failed initialization - BUG/MAJOR: cache: fix confusion between zero and uninitialized cache key - REGTESTS: test case for map_regm commit 271022150d - REGTESTS: Basic tests for concat,strcmp,word,field,ipmask converters - REGTESTS: Basic tests for using maps to redirect requests / select backend - DOC: REGTESTS README varnishtest -Dno-htx= define. - MINOR: spoe: Make the SPOE filter compatible with HTX proxies - MINOR: checks: Store the proxy in checks. - BUG/MEDIUM: checks: Avoid having an associated server for email checks. - REGTEST: Switch to vtest. - REGTEST: Adapt reg test doc files to vtest. - BUG/MEDIUM: h1: Make sure we destroy an inactive connectin that did shutw. - BUG/MINOR: base64: dec func ignores padding for output size checking - BUG/MEDIUM: ssl: missing allocation failure checks loading tls key file - MINOR: ssl: add support of aes256 bits ticket keys on file and cli. - BUG/MINOR: backend: don't use url_param_name as a hint for BE_LB_ALGO_PH - BUG/MINOR: backend: balance uri specific options were lost across defaults - BUG/MINOR: backend: BE_LB_LKUP_CHTREE is a value, not a bit - MINOR: backend: move url_param_name/len to lbprm.arg_str/len - MINOR: backend: make headers and RDP cookie also use arg_str/len - MINOR: backend: add new fields in lbprm to store more LB options - MINOR: backend: make the header hash use arg_opt1 for use_domain_only - MINOR: backend: remap the balance uri settings to lbprm.arg_opt{1,2,3} - MINOR: backend: move hash_balance_factor out of chash - MEDIUM: backend: move all LB algo parameters into an union - MINOR: backend: make the random algorithm support a number of draws - BUILD/MEDIUM: da: Necessary code changes for new buffer API. - BUG/MINOR: stick_table: Prevent conn_cur from underflowing - BUG: 51d: Changes to the buffer API in 1.9 were not applied to the 51Degrees code. - BUG/MEDIUM: stats: Get the right scope pointer depending on HTX is used or not - DOC: add a missing space in the documentation for bc_http_major - REGTEST: checks basic stats webpage functionality - BUG/MEDIUM: servers: Make assign_tproxy_address work when ALPN is set. - BUG/MEDIUM: connections: Add the CO_FL_CONNECTED flag if a send succeeded. - DOC: add github issue templates - MINOR: cfgparse: Extract some code to be re-used. - CLEANUP: cfgparse: Return asap from cfg_parse_peers(). - CLEANUP: cfgparse: Code reindentation. - MINOR: cfgparse: Useless frontend initialization in "peers" sections. - MINOR: cfgparse: Rework peers frontend init. - MINOR: cfgparse: Simplication. - MINOR: cfgparse: Make "peer" lines be parsed as "server" lines. - MINOR: peers: Make outgoing connection to SSL/TLS peers work. - MINOR: cfgparse: SSL/TLS binding in "peers" sections. - DOC: peers: SSL/TLS documentation for "peers" - BUG/MINOR: startup: certain goto paths in init_pollers fail to free - BUG/MEDIUM: checks: fix recent regression on agent-check making it crash - BUG/MINOR: server: don't always trust srv_check_health when loading a server state - BUG/MINOR: check: Wake the check task if the check is finished in wake_srv_chk() - BUG/MEDIUM: ssl: Fix handling of TLS 1.3 KeyUpdate messages - DOC: mention the effect of nf_conntrack_tcp_loose on src/dst - BUG/MINOR: proto-htx: Return an error if all headers cannot be received at once - BUG/MEDIUM: mux-h2/htx: Respect the channel's reserve - BUG/MINOR: mux-h1: Apply the reserve on the channel's buffer only - BUG/MINOR: mux-h1: avoid copying output over itself in zero-copy - BUG/MAJOR: mux-h2: don't destroy the stream on failed allocation in h2_snd_buf() - BUG/MEDIUM: backend: also remove from idle list muxes that have no more room - BUG/MEDIUM: mux-h2: properly abort on trailers decoding errors - MINOR: h2: declare new sets of frame types - BUG/MINOR: mux-h2: CONTINUATION in closed state must always return GOAWAY - BUG/MINOR: mux-h2: headers-type frames in HREM are always a connection error - BUG/MINOR: mux-h2: make it possible to set the error code on an already closed stream - BUG/MINOR: hpack: return a compression error on invalid table size updates - MINOR: server: make sure pool-max-conn is >= -1 - BUG/MINOR: stream: take care of synchronous errors when trying to send - CLEANUP: server: fix indentation mess on idle connections - BUG/MINOR: mux-h2: always check the stream ID limit in h2_avail_streams() - BUG/MINOR: mux-h2: refuse to allocate a stream with too high an ID - BUG/MEDIUM: backend: never try to attach to a mux having no more stream available - MINOR: server: add a max-reuse parameter - MINOR: mux-h2: always consider a server's max-reuse parameter - MEDIUM: stream-int: always mark pending outgoing SI_ST_CON - MINOR: stream: don't wait before retrying after a failed connection reuse - MEDIUM: h2: always parse and deduplicate the content-length header - BUG/MINOR: mux-h2: always compare content-length to the sum of DATA frames - CLEANUP: h2: Remove debug printf in mux_h2.c - MINOR: cfgparse: make the process/thread parser support a maximum value - MINOR: threads: make MAX_THREADS configurable at build time - DOC: nbthread is no longer experimental. - BUG/MINOR: listener: always fill the source address for accepted socketpairs - BUG/MINOR: mux-h2: do not report available outgoing streams after GOAWAY - BUG/MINOR: spoe: corrected fragmentation string size - BUG/MINOR: task: fix possibly missed event in inter-thread wakeups - BUG/MEDIUM: servers: Attempt to reuse an unfinished connection on retry. - BUG/MEDIUM: backend: always call si_detach_endpoint() on async connection failure - SCRIPTS: add the issue tracker URL to the announce script - MINOR: peers: Extract some code to be reused. - CLEANUP: peers: Indentation fixes. - MINOR: peers: send code factorization. - MINOR: peers: Add new functions to send code and reduce the I/O handler. - MEDIUM: peers: synchronizaiton code factorization to reduce the size of the I/O handler. - MINOR: peers: Move update receive code to reduce the size of the I/O handler. - MINOR: peers: Move ack, switch and definition receive code to reduce the size of the I/O handler. - MINOR: peers: Move high level receive code to reduce the size of I/O handler. - CLEANUP: peers: Be more generic. - MINOR: peers: move error handling to reduce the size of the I/O handler. - MINOR: peers: move messages treatment code to reduce the size of the I/O handler. - MINOR: peers: move send code to reduce the size of the I/O handler. - CLEANUP: peers: Remove useless statements. - MINOR: peers: move "hello" message treatment code to reduce the size of the I/O handler. - MINOR: peers: move peer initializations code to reduce the size of the I/O handler. - CLEANUP: peers: factor the error handling code in peer_treet_updatemsg() - CLEANUP: peers: factor error handling in peer_treat_definedmsg() - BUILD/MINOR: peers: shut up a build warning introduced during last cleanup - BUG/MEDIUM: mux-h2: only close connection on request frames on closed streams - CLEANUP: mux-h2: remove two useless but misleading assignments - BUG/MEDIUM: checks: Check that conn_install_mux succeeded. - BUG/MEDIUM: servers: Only destroy a conn_stream we just allocated. - BUG/MEDIUM: servers: Don't add an incomplete conn to the server idle list. - BUG/MEDIUM: checks: Don't try to set ALPN if connection failed. - BUG/MEDIUM: h2: In h2_send(), stop the loop if we failed to alloc a buf. - BUG/MEDIUM: peers: Handle mux creation failure. - BUG/MEDIUM: servers: Close the connection if we failed to install the mux. - BUG/MEDIUM: compression: Rewrite strong ETags - BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit - CLEANUP: mux-h2: remove misleading leftover test on h2s' nullity - BUG/MEDIUM: mux-h2: wake up flow-controlled streams on initial window update - BUG/MEDIUM: mux-h2: fix two half-closed to closed transitions - BUG/MEDIUM: mux-h2: make sure never to send GOAWAY on too old streams - BUG/MEDIUM: mux-h2: do not abort HEADERS frame before decoding them - BUG/MINOR: mux-h2: make sure response HEADERS are not received in other states than OPEN and HLOC - MINOR: h2: add a generic frame checker - MEDIUM: mux-h2: check the frame validity before considering the stream state - CLEANUP: mux-h2: remove stream ID and frame length checks from the frame parsers - BUG/MINOR: mux-h2: make sure request trailers on aborted streams don't break the connection - DOC: compression: Update the reasons for disabled compression - BUG/MEDIUM: buffer: Make sure b_is_null handles buffers waiting for allocation. - DOC: htx: make it clear that htxbuf() and htx_from_buf() always return valid pointers - MINOR: htx: never check for null htx pointer in htx_is_{,not_}empty() - MINOR: mux-h2: consistently rely on the htx variable to detect the mode - BUG/MEDIUM: peers: Peer addresses parsing broken. - BUG/MEDIUM: mux-h1: Don't add "transfer-encoding" if message-body is forbidden - BUG/MEDIUM: connections: Don't forget to remove CO_FL_SESS_IDLE. - BUG/MINOR: stream: don't close the front connection when facing a backend error - BUG/MEDIUM: mux-h2: wait for the mux buffer to be empty before closing the connection - MINOR: stream-int: add a new flag to mention that we want the connection to be killed - MINOR: connstream: have a new flag CS_FL_KILL_CONN to kill a connection - BUG/MEDIUM: mux-h2: do not close the connection on aborted streams - BUG/MINOR: server: fix logic flaw in idle connection list management - MINOR: mux-h2: max-concurrent-streams should be unsigned - MINOR: mux-h2: make sure to only check concurrency limit on the frontend - MINOR: mux-h2: learn and store the peer's advertised MAX_CONCURRENT_STREAMS setting - BUG/MEDIUM: mux-h2: properly consider the peer's advertised max-concurrent-streams - MINOR: xref: Add missing barriers. - MINOR: muxes: Don't bother to LIST_DEL(&conn->list) before calling conn_free(). - MINOR: debug: Add an option that causes random allocation failures. - BUG/MEDIUM: backend: always release the previous connection into its own target srv_list - BUG/MEDIUM: htx: check the HTX compatibility in dynamic use-backend rules - BUG/MINOR: tune.fail-alloc: Don't forget to initialize ret. - BUG/MINOR: backend: check srv_conn before dereferencing it - BUG/MEDIUM: mux-h2: always omit :scheme and :path for the CONNECT method - BUG/MEDIUM: mux-h2: always set :authority on request output - BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free(). - BUG/MINOR: threads: fix the process range of thread masks - BUG/MINOR: config: fix bind line thread mask validation - CLEANUP: threads: fix misleading comment about all_threads_mask - CLEANUP: threads: use nbits to calculate the thread mask - OPTIM: listener: optimize cache-line packing for struct listener - MINOR: tools: improve the popcount() operation - MINOR: config: keep an all_proc_mask like we have all_threads_mask - MINOR: global: add proc_mask() and thread_mask() - MINOR: config: simplify bind_proc processing using proc_mask() - MINOR: threads: make use of thread_mask() to simplify some thread calculations - BUG/MINOR: compression: properly report compression stats in HTX mode - BUG/MINOR: task: close a tiny race in the inter-thread wakeup - BUG/MAJOR: config: verify that targets of track-sc and stick rules are present - BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes - BUG/MAJOR: htx/backend: Make all tests on HTTP messages compatible with HTX - BUG/MINOR: config: make sure to count the error on incorrect track-sc/stick rules - DOC: ssl: Clarify when pre TLSv1.3 cipher can be used - DOC: ssl: Stop documenting ciphers example to use - BUG/MINOR: spoe: do not assume agent->rt is valid on exit - BUG/MINOR: lua: initialize the correct idle conn lists for the SSL sockets - BUG/MEDIUM: spoe: initialization depending on nbthread must be done last - BUG/MEDIUM: server: initialize the idle conns list after parsing the config - BUG/MEDIUM: server: initialize the orphaned conns lists and tasks at the end - MINOR: config: make MAX_PROCS configurable at build time - BUG/MAJOR: spoe: Don't try to get agent config during SPOP healthcheck - BUG/MINOR: config: Reinforce validity check when a process number is parsed - BUG/MEDIUM: peers: check that p->srv actually exists before using p->srv->use_ssl - CONTRIB: contrib/prometheus-exporter: Add a Prometheus exporter for HAProxy - BUG/MINOR: mux-h1: verify the request's version before dropping connection: keep-alive - BUG: 51d: In Hash Trie, multi header matching was affected by the header names stored globaly. - MEDIUM: 51d: Enabled multi threaded operation in the 51Degrees module. - BUG/MAJOR: stream: avoid double free on unique_id - BUILD/MINOR: stream: avoid a build warning with threads disabled - BUILD/MINOR: tools: fix build warning in the date conversion functions - BUILD/MINOR: peers: remove an impossible null test in intencode() - BUILD/MINOR: htx: fix some potential null-deref warnings with http_find_stline - BUG/MEDIUM: peers: Missing peer initializations. - BUG/MEDIUM: http_fetch: fix the "base" and "base32" fetch methods in HTX mode - BUG/MEDIUM: proto_htx: Fix data size update if end of the cookie is removed - BUG/MEDIUM: http_fetch: fix "req.body_len" and "req.body_size" fetch methods in HTX mode - BUILD/MEDIUM: initcall: Fix build on MacOS. - BUG/MEDIUM: mux-h2/htx: Always set CS flags before exiting h2_rcv_buf() - MINOR: h2/htx: Set the flag HTX_SL_F_BODYLESS for messages without body - BUG/MINOR: mux-h1: Add "transfer-encoding" header on outgoing requests if needed - BUG/MINOR: mux-h2: Don't add ":status" pseudo-header on trailers - BUG/MINOR: proto-htx: Consider a XFER_LEN message as chunked by default - BUG/MEDIUM: h2/htx: Correctly handle interim responses when HTX is enabled - MINOR: mux-h2: Set HTX extra value when possible - BUG/MEDIUM: htx: count the amount of copied data towards the final count - MINOR: mux-h2: make the H2 MAX_FRAME_SIZE setting configurable - BUG/MEDIUM: mux-h2/htx: send an empty DATA frame on empty HTX trailers - BUG/MEDIUM: servers: Use atomic operations when handling curr_idle_conns. - BUG/MEDIUM: servers: Add a per-thread counter of idle connections. - MINOR: fd: add a new my_closefrom() function to close all FDs - MINOR: checks: use my_closefrom() to close all FDs - MINOR: fd: implement an optimised my_closefrom() function - BUG/MINOR: fd: make sure my_closefrom() doesn't miss some FDs - BUG/MAJOR: fd/threads, task/threads: ensure all spin locks are unlocked - BUG/MAJOR: listener: Make sure the listener exist before using it. - MINOR: fd: Use closefrom() as my_closefrom() if supported. - BUG/MEDIUM: mux-h1: Report the right amount of data xferred in h1_rcv_buf() - BUG/MINOR: channel: Set CF_WROTE_DATA when outgoing data are skipped - MINOR: htx: Add function to drain data from an HTX message - MINOR: channel/htx: Add function to skips output bytes from an HTX channel - BUG/MAJOR: cache/htx: Set the start-line offset when a cached object is served - BUG/MEDIUM: cache: Get objects from the cache only for GET and HEAD requests - BUG/MINOR: cache/htx: Return only the headers of cached objects to HEAD requests - BUG/MINOR: mux-h1: Always initilize h1m variable in h1_process_input() - BUG/MEDIUM: proto_htx: Fix functions applying regex filters on HTX messages - BUG/MEDIUM: h2: advertise to servers that we don't support push - MINOR: standard: Add a function to parse uints (dotted notation). - MINOR: arg: Add support for ARGT_PBUF_FNUM arg type. - MINOR: http_fetch: add "req.ungrpc" sample fetch for gRPC. - MINOR: sample: Add two sample converters for protocol buffers. - DOC: sample: Add gRPC related documentation.
2019-02-26 10:43:49 -05:00
* Copyright 2000-2019 Willy Tarreau <willy@haproxy.org>.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
DOC: update RFC references A few doc and code comment updates bumping RFC references to the new ones.
2017-04-28 09:24:30 -04:00
* Please refer to RFC7230 - RFC7235 informations about HTTP protocol, and
* RFC6265 for informations about cookies usage. More generally, the IETF HTTP
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
* Working Group's web site should be consulted for protocol related changes :
*
* http://ftp.ics.uci.edu/pub/ietf/http/
*
* Pending bugs (may be not fixed because never reproduced) :
* - solaris only : sometimes, an HTTP proxy with only a dispatch address causes
* the proxy to terminate (no core) if the client breaks the connection during
* the response. Seen on 1.1.8pre4, but never reproduced. May not be related to
* the snprintf() bug since requests were simple (GET / HTTP/1.0), but may be
* related to missing setsid() (fixed in 1.1.15)
* - a proxy with an invalid config will prevent the startup even if disabled.
*
* ChangeLog has moved to the CHANGELOG file.
*
*/
CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro. In order to properly enable sched_setaffinity, in some versions of Linux, it is rather _GNU_SOURCE than __USE_GNU (spotted on Alpine Linux for instance), also for the sake of consistency as __USE_GNU seems not used across the code and for last, it seems on Linux it is the best way to enable non portable code. On Linux glibc's based versions, it seems _GNU_SOURCE defines __USE_GNU it should be safe enough.
2015-12-08 16:43:09 -05:00
#define _GNU_SOURCE
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <ctype.h>
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
#include <dirent.h>
#include <sys/stat.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/tcp.h>
#include <netinet/in.h>
#include <arpa/inet.h>
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
#include <net/if.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <netdb.h>
#include <fcntl.h>
#include <errno.h>
#include <signal.h>
#include <stdarg.h>
#include <sys/resource.h>
MEDIUM: New cli option -Ds for systemd compatibility This patch adds a new option "-Ds" which is exactly like "-D", but instead of forking n times to get n jobs running and then exiting, prefers to wait for all the children it just created. With this done, haproxy becomes more systemd-compliant, without changing anything for other systems. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 04:53:52 -05:00
#include <sys/wait.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <time.h>
#include <syslog.h>
BUG/MEDIUM: remove supplementary groups when changing gid Without it, haproxy will retain the group membership of root, which may give more access than intended to the process. For example, haproxy would still be in the wheel group on Fedora 18, as seen with : # haproxy -f /etc/haproxy/haproxy.cfg # ps a -o pid,user,group,command | grep hapr 3545 haproxy haproxy haproxy -f /etc/haproxy/haproxy.cfg 4356 root root grep --color=auto hapr # grep Group /proc/3545/status Groups: 0 1 2 3 4 6 10 # getent group wheel wheel:x:10:root,misc [WT: The issue has been investigated by independent security research team and realized by itself not being able to allow security exploitation. Additionally, dropping groups is not allowed to unprivileged users, though this mode of deployment is quite common. Thus a warning is emitted in this case to inform the user. The fix could be backported into all supported versions as the issue has always been there. ]
2013-01-12 12:35:19 -05:00
#include <grp.h>
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
#ifdef USE_CPU_AFFINITY
#include <sched.h>
BUILD/MEDIUM: threads/affinity: DragonFly build fix DragonFlyBSD does not have a build on its own, it has always used the FreeBSD's. To be able to support the cpu affinity, it needs few more headers.
2018-11-12 11:22:19 -05:00
#if defined(__FreeBSD__) || defined(__DragonFly__)
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#include <sys/param.h>
BUILD/MEDIUM: threads/affinity: DragonFly build fix DragonFlyBSD does not have a build on its own, it has always used the FreeBSD's. To be able to support the cpu affinity, it needs few more headers.
2018-11-12 11:22:19 -05:00
#ifdef __FreeBSD__
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#include <sys/cpuset.h>
BUILD/MEDIUM: threads/affinity: DragonFly build fix DragonFlyBSD does not have a build on its own, it has always used the FreeBSD's. To be able to support the cpu affinity, it needs few more headers.
2018-11-12 11:22:19 -05:00
#endif
BUILD/MINOR: haproxy : FreeBSD/cpu affinity needs pthread_np header for pthread_*_np calls, pthread_np.h is needed under FreeBSD.
2017-11-29 06:02:32 -05:00
#include <pthread_np.h>
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#endif
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#ifdef DEBUG_FULL
#include <assert.h>
#endif
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
#include <systemd/sd-daemon.h>
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/base64.h>
#include <common/cfgparse.h>
REORG: buffers: split buffers into chunk,buffer,channel Many parts of the channel definition still make use of the "buffer" word.
2012-08-24 13:22:53 -04:00
#include <common/chunk.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/compat.h>
#include <common/config.h>
#include <common/defaults.h>
[MINOR] move error codes to common/errors.h It's useful to be able to share error codes between C files, so move the codes currently only used in protocols to a generic file.
2007-10-28 06:14:07 -04:00
#include <common/errors.h>
MINOR: init: process all initcalls in order at boot time main() now iterates over all initcall stages at boot time. This will allow to move init code from constructors to initcalls.
2018-11-25 12:43:29 -05:00
#include <common/initcall.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/memory.h>
#include <common/mini-clist.h>
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 09:11:45 -05:00
#include <common/namespace.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/regex.h>
#include <common/standard.h>
#include <common/time.h>
#include <common/uri_auth.h>
#include <common/version.h>
MINOR: threads: Add nbthread parameter It is only parsed and initialized for now. It will be used later. This parameter is only available when support for threads was built in.
2017-08-29 09:37:10 -04:00
#include <common/hathreads.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <types/capture.h>
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
#include <types/cli.h>
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
#include <types/filters.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <types/global.h>
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
#include <types/acl.h>
[MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate The peers and the stats socket are control sockets, they must not be limited by traffic rules.
2011-09-07 12:00:47 -04:00
#include <types/peers.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
#include <proto/acl.h>
REORG: time/activity: move activity measurements to activity.{c,h} At the moment the situation with activity measurement is quite tricky because the struct activity is defined in global.h and declared in haproxy.c, with operations made in time.h and relying on freq_ctr which are defined in freq_ctr.h which itself includes time.h. It's barely possible to touch any of these files without breaking all the circular dependency. Let's move all this stuff to activity.{c,h} and be done with it. The measurement of active and stolen time is now done in a dedicated function called just after tv_before_poll() instead of mixing the two, which used to be a lazy (but convenient) decision. No code was changed, stuff was just moved around.
2018-11-22 02:31:09 -05:00
#include <proto/activity.h>
MEDIUM: sample: pass an empty list instead of a null for fetch args ACL and sample fetches use args list and it is really not convenient to check for null args everywhere. Now for empty args we pass a constant list of end of lists. It will allow us to remove many useless checks.
2012-10-19 13:49:09 -04:00
#include <proto/arg.h>
MEDIUM: applet: implement a run queue for active appctx The new function is called for each round of polling in order to call any active appctx. For now we pick the stream interface from the appctx's owner. At the moment there's no appctx queued yet, but we have everything needed to queue them and remove them.
2015-04-19 03:59:31 -04:00
#include <proto/auth.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/backend.h>
REORG: buffers: split buffers into chunk,buffer,channel Many parts of the channel definition still make use of the "buffer" word.
2012-08-24 13:22:53 -04:00
#include <proto/channel.h>
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
#include <proto/cli.h>
MAJOR: session: detach the connections from the stream interfaces We will need to be able to switch server connections on a session and to keep idle connections. In order to achieve this, the preliminary requirement is that the connections can survive the session and be detached from them. Right now they're still allocated at exactly the same place, so when there is a session, there are always 2 connections. We could soon improve on this by allocating the outgoing connection only during a connect(). This current patch touches a lot of code and intentionally does not change any functionnality. Performance tests show no regression (even a very minor improvement). The doc has not yet been updated.
2012-10-26 14:10:28 -04:00
#include <proto/connection.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/fd.h>
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
#include <proto/filters.h>
OPTIM/MINOR: move the hdr_idx pools out of the proxy struct It makes no sense to have one pointer to the hdr_idx pool in each proxy struct since these pools do not depend on the proxy. Let's have a common pool instead as it is already the case for other types.
2011-10-24 12:15:04 -04:00
#include <proto/hdr_idx.h>
MEDIUM: lua: lua integration in the build and init system. This is the first step of the lua integration. We add the useful files in the HAProxy project. These files contains the main includes, the Makefile options and empty initialisation function. Is is the LUA skeleton.
2015-01-23 08:06:13 -05:00
#include <proto/hlua.h>
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
#include <proto/http_rules.h>
REORG: split "protocols" files into protocol and listener It was becoming confusing to have protocols and listeners in the same files, split them.
2012-09-12 16:58:11 -04:00
#include <proto/listener.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/log.h>
MINOR: pattern: Each pattern is identified by unique id. The pattern reference are stored with two identifiers: the unique_id and the reference. The reference identify a file. Each file with the same name point to the same reference. We can register many times one file. If the file is modified, all his dependencies are also modified. The reference can be used with map or acl. The unique_id identify inline acl. The unique id is unique for each acl. You cannot force the same id in the configuration file, because this repport an error. The format of the acl and map listing through the "socket" has changed for displaying these new ids.
2014-03-11 09:29:22 -04:00
#include <proto/pattern.h>
REORG: split "protocols" files into protocol and listener It was becoming confusing to have protocols and listeners in the same files, split them.
2012-09-12 16:58:11 -04:00
#include <proto/protocol.h>
[MEDIUM] errorloc now checked first from backend then from frontend It is now possible to define an errorloc in the backend as well as in the frontend. The backend's will be used first, and if undefined, then the frontend's will be used instead. If none is used, then the original error messages will be used.
2006-12-24 11:47:20 -05:00
#include <proto/proto_http.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/proxy.h>
#include <proto/queue.h>
#include <proto/server.h>
MINOR: session: start to reintroduce struct session There is now a pointer to the session in the stream, which is NULL for now. The session pool is created as well. Some parts will move from the stream to the session now.
2015-04-03 07:53:24 -04:00
#include <proto/session.h>
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
#include <proto/stream.h>
[MEDIUM] call signal_process_queue from run_poll_loop Now we check for asynchronous pending signals. There's no user yet so this cannot cause any trouble.
2009-05-10 03:01:21 -04:00
#include <proto/signal.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/task.h>
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
#include <proto/dns.h>
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
#include <proto/vars.h>
BUILD/MINOR: build without openssl still broken As mentionned in commit cf4e496c9 ("BUG/MEDIUM: build without openssl broken"), commit 872f9c213 ("MEDIUM: ssl: add basic support for OpenSSL crypto engine") broke the build without openssl support. But the former did only fix it when openssl is not enabled, but not when it's not installed on the system : In file included from src/haproxy.c:112: include/proto/ssl_sock.h:24:25: openssl/ssl.h: No such file or directory In file included from src/haproxy.c:112: include/proto/ssl_sock.h:45: error: syntax error before "SSL_CTX" include/proto/ssl_sock.h:75: error: syntax error before '*' token include/proto/ssl_sock.h:75: warning: type defaults to `int' in declaration of `ssl_sock_create_cert' include/proto/ssl_sock.h:75: warning: data definition has no type or storage class include/proto/ssl_sock.h:76: error: syntax error before '*' token include/proto/ssl_sock.h:76: warning: type defaults to `int' in declaration of `ssl_sock_get_generated_cert' include/proto/ssl_sock.h:76: warning: data definition has no type or storage class include/proto/ssl_sock.h:77: error: syntax error before '*' token Now we also surround the include with #ifdef USE_OPENSSL to fix this. No backport is needed since openssl async engines were not backported.
2017-08-16 09:35:19 -04:00
#ifdef USE_OPENSSL
MEDIUM: ssl: add basic support for OpenSSL crypto engine This patch adds the global 'ssl-engine' keyword. First arg is an engine identifier followed by a list of default_algorithms the engine will operate. If the openssl version is too old, an error is reported when the option is used.
2017-01-20 20:10:18 -05:00
#include <proto/ssl_sock.h>
BUILD/MINOR: build without openssl still broken As mentionned in commit cf4e496c9 ("BUG/MEDIUM: build without openssl broken"), commit 872f9c213 ("MEDIUM: ssl: add basic support for OpenSSL crypto engine") broke the build without openssl support. But the former did only fix it when openssl is not enabled, but not when it's not installed on the system : In file included from src/haproxy.c:112: include/proto/ssl_sock.h:24:25: openssl/ssl.h: No such file or directory In file included from src/haproxy.c:112: include/proto/ssl_sock.h:45: error: syntax error before "SSL_CTX" include/proto/ssl_sock.h:75: error: syntax error before '*' token include/proto/ssl_sock.h:75: warning: type defaults to `int' in declaration of `ssl_sock_create_cert' include/proto/ssl_sock.h:75: warning: data definition has no type or storage class include/proto/ssl_sock.h:76: error: syntax error before '*' token include/proto/ssl_sock.h:76: warning: type defaults to `int' in declaration of `ssl_sock_get_generated_cert' include/proto/ssl_sock.h:76: warning: data definition has no type or storage class include/proto/ssl_sock.h:77: error: syntax error before '*' token Now we also surround the include with #ifdef USE_OPENSSL to fix this. No backport is needed since openssl async engines were not backported.
2017-08-16 09:35:19 -04:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] config: remove the limitation of 10 config files Now we use a linked list, there is no limit anymore.
2010-01-03 15:12:30 -05:00
/* list of config files */
static struct list cfg_cfgfiles = LIST_HEAD_INIT(cfg_cfgfiles);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
int pid; /* current process id */
[BUG] relative_pid was not initialized
2007-11-26 10:13:36 -05:00
int relative_pid = 1; /* process id starting at 1 */
CLEANUP: global: introduce variable pid_bit to avoid shifts with relative_pid At a number of places, bitmasks are used for process affinity and to map listeners to processes. Every time 1UL<<(relative_pid-1) is used. Let's create a "pid_bit" variable corresponding to this value to clean this up.
2017-11-10 13:08:14 -05:00
unsigned long pid_bit = 1; /* bit corresponding to the process id */
MINOR: config: keep an all_proc_mask like we have all_threads_mask This simplifies some mask comparisons at various places where nbits(global.nbproc) was used.
2019-02-02 11:11:28 -05:00
unsigned long all_proc_mask = 1; /* mask of all processes */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: pollers: Add a way to wake a thread sleeping in the poller. Add a new pipe, one per thread, so that we can write on it to wake a thread sleeping in a poller, and use it to wake threads supposed to take care of a task, if they are all sleeping.
2018-07-26 11:55:11 -04:00
volatile unsigned long sleeping_thread_mask; /* Threads that are about to sleep in poll() */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* global options */
struct global global = {
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
.hard_stop_after = TICK_ETERNITY,
MINOR: global: don't prevent nbproc from being redefined Having nbproc preinitialized to zero is really annoying as it prevents some checks from being correctly performed. Also the check to prevent nbproc from being redefined is totally useless, so let's preset it to 1 and remove the test.
2012-11-15 11:38:15 -05:00
.nbproc = 1,
MINOR: threads: Add nbthread parameter It is only parsed and initialized for now. It will be used later. This parameter is only available when support for threads was built in.
2017-08-29 09:37:10 -04:00
.nbthread = 1,
MEDIUM: log: New format-log flags: %Fi %Fp %Si %Sp %Ts %rt %H %pid %Fi: Frontend IP %Fp: Frontend Port %Si: Server IP %Sp: Server Port %Ts: Timestamp %rt: HTTP request counter %H: hostname %pid: PID +X: Hexadecimal represenation The +X mode in logformat displays hexadecimal for the following flags %Ci %Cp %Fi %Fp %Bi %Bp %Si %Sp %Ts %ct %pid rename logformat_write_string() to lf_text() Optimize size computation
2012-04-05 12:02:55 -04:00
.req_count = 0,
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
.logsrvs = LIST_HEAD_INIT(global.logsrvs),
MEDIUM: compression: limit RAM usage With the global maxzlibmem option, you are able ton control the maximum amount of RAM usable for HTTP compression. A test is done before each zlib allocation, if the there isn't available memory, the test fail and so the zlib initialization, so data won't be compressed.
2012-11-07 10:12:57 -05:00
.maxzlibmem = 0,
MINOR: compression: maximum compression rate limit This patch adds input and output rate calcutation on the HTTP compresion feature. Compression can be limited with a maximum rate value in kilobytes per second. The rate is set with the global 'maxcomprate' option. You can change this value dynamicaly with 'set rate-limit http-compression global' on the UNIX socket.
2012-11-09 11:05:39 -05:00
.comp_rate_lim = 0,
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
.ssl_server_verify = SSL_SERVER_VERIFY_REQUIRED,
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
.unix_bind = {
.ux = {
.uid = -1,
.gid = -1,
.mode = 0,
}
},
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
.tune = {
MINOR: config: round up global.tune.bufsize to the next multiple of 2 void* Since HTX casts the buffer to a struct and stores relative pointers at the end, it is mandatory that its end is properly aligned. This patch enforces a buffer size rounding up to the next multiple of two void*, thus 8 on 32-bit and 16 on 64-bit, to match what malloc() already does on the beginning of the buffer. In pratice it will never be really noticeable since default sizes already are such multiples.
2018-12-12 00:19:42 -05:00
.bufsize = (BUFSIZE + 2*sizeof(void *) - 1) & -(2*sizeof(void *)),
MEDIUM: config: set tune.maxrewrite to 1024 by default The tune.maxrewrite parameter used to be pre-initialized to half of the buffer size since the very early days when buffers were very small. It has grown to absurdly large values over the years to reach 8kB for a 16kB buffer. This prevents large requests from being accepted, which is the opposite of the initial goal. Many users fix it to 1024 which is already quite large for header addition. So let's change the default setting policy : - pre-initialize it to 1024 - let the user tweak it - in any case, limit it to tune.bufsize / 2 This results in 15kB usable to buffer HTTP messages instead of 8kB, and doesn't affect existing configurations which already force it.
2015-09-28 07:53:23 -04:00
.maxrewrite = -1,
MINOR: config: round up global.tune.bufsize to the next multiple of 2 void* Since HTX casts the buffer to a struct and stores relative pointers at the end, it is mandatory that its end is properly aligned. This patch enforces a buffer size rounding up to the next multiple of two void*, thus 8 on 32-bit and 16 on 64-bit, to match what malloc() already does on the beginning of the buffer. In pratice it will never be really noticeable since default sizes already are such multiples.
2018-12-12 00:19:42 -05:00
.chksize = (BUFSIZE + 2*sizeof(void *) - 1) & -(2*sizeof(void *)),
MAJOR: session: only wake up as many sessions as available buffers permit We've already experimented with three wake up algorithms when releasing buffers : the first naive one used to wake up far too many sessions, causing many of them not to get any buffer. The second approach which was still in use prior to this patch consisted in waking up either 1 or 2 sessions depending on the number of FDs we had released. And this was still inaccurate. The third one tried to cover the accuracy issues of the second and took into consideration the number of FDs the sessions would be willing to use, but most of the time we ended up waking up too many of them for nothing, or deadlocking by lack of buffers. This patch completely removes the need to allocate two buffers at once. Instead it splits allocations into critical and non-critical ones and implements a reserve in the pool for this. The deadlock situation happens when all buffers are be allocated for requests pending in a maxconn-limited server queue, because then there's no more way to allocate buffers for responses, and these responses are critical to release the servers's connection in order to release the pending requests. In fact maxconn on a server creates a dependence between sessions and particularly between oldest session's responses and latest session's requests. Thus, it is mandatory to get a free buffer for a response in order to release a server connection which will permit to release a request buffer. Since we definitely have non-symmetrical buffers, we need to implement this logic in the buffer allocation mechanism. What this commit does is implement a reserve of buffers which can only be allocated for responses and that will never be allocated for requests. This is made possible by the requester indicating how much margin it wants to leave after the allocation succeeds. Thus it is a cooperative allocation mechanism : the requester (process_session() in general) prefers not to get a buffer in order to respect other's need for response buffers. The session management code always knows if a buffer will be used for requests or responses, so that is not difficult : - either there's an applet on the initiator side and we really need the request buffer (since currently the applet is called in the context of the session) - or we have a connection and we really need the response buffer (in order to support building and sending an error message back) This reserve ensures that we don't take all allocatable buffers for requests waiting in a queue. The downside is that all the extra buffers are really allocated to ensure they can be allocated. But with small values it is not an issue. With this change, we don't observe any more deadlocks even when running with maxconn 1 on a server under severely constrained memory conditions. The code becomes a bit tricky, it relies on the scheduler's run queue to estimate how many sessions are already expected to run so that it doesn't wake up everyone with too few resources. A better solution would probably consist in having two queues, one for urgent requests and one for normal requests. A failed allocation for a session dealing with an error, a connection event, or the need for a response (or request when there's an applet on the left) would go to the urgent request queue, while other requests would go to the other queue. Urgent requests would be served from 1 entry in the pool, while the regular ones would be served only according to the reserve. Despite not yet having this, it works remarkably well. This mechanism is quite efficient, we don't perform too many wake up calls anymore. For 1 million sessions elapsed during massive memory contention, we observe about 4.5M calls to process_session() compared to 4.0M without memory constraints. Previously we used to observe up to 16M calls, which rougly means 12M failures. During a test run under high memory constraints (limit enforced to 27 MB instead of the 58 MB normally needed), performance used to drop by 53% prior to this patch. Now with this patch instead it *increases* by about 1.5%. The best effect of this change is that by limiting the memory usage to about 2/3 to 3/4 of what is needed by default, it's possible to increase performance by up to about 18% mainly due to the fact that pools are reused more often and remain hot in the CPU cache (observed on regular HTTP traffic with 20k objects, buffers.limit = maxconn/10, buffers.reserve = limit/2). Below is an example of scenario which used to cause a deadlock previously : - connection is received - two buffers are allocated in process_session() then released - one is allocated when receiving an HTTP request - the second buffer is allocated then released in process_session() for request parsing then connection establishment. - poll() says we can send, so the request buffer is sent and released - process session gets notified that the connection is now established and allocates two buffers then releases them - all other sessions do the same till one cannot get the request buffer without hitting the margin - and now the server responds. stream_interface allocates the response buffer and manages to get it since it's higher priority being for a response. - but process_session() cannot allocate the request buffer anymore => We could end up with all buffers used by responses so that none may be allocated for a request in process_session(). When the applet processing leaves the session context, the test will have to be changed so that we always allocate a response buffer regardless of the left side (eg: H2->H1 gateway). A final improvement would consists in being able to only retry the failed I/O operation without waking up a task, but to date all experiments to achieve this have proven not to be reliable enough.
2014-11-26 19:11:56 -05:00
.reserved_bufs = RESERVED_BUFS,
MAJOR: pattern: add LRU-based cache on pattern matching The principle of this cache is to have a global cache for all pattern matching operations which rely on lists (reg, sub, dir, dom, ...). The input data, the expression and a random seed are used as a hashing key. The cached entries contains a pointer to the expression and a revision number for that expression so that we don't accidently used obsolete data after a pattern update or a very unlikely hash collision. Regarding the risk of collisions, 10k entries at 10k req/s mean 1% risk of a collision after 60 years, that's already much less than the memory's reliability in most machines and more durable than most admin's life expectancy. A collision will result in a valid result to be returned for a different entry from the same list. If this is not acceptable, the cache can be disabled using tune.pattern.cache-size. A test on a file containing 10k small regex showed that the regex matching was limited to 6k/s instead of 70k with regular strings. When enabling the LRU cache, the performance was back to 70k/s.
2015-04-29 10:24:50 -04:00
.pattern_cache = DEFAULT_PAT_LRU_SIZE,
MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size. This new global setting allows the user to change the SSL cache size in number of sessions. It defaults to 20000.
2012-09-03 06:10:29 -04:00
#ifdef USE_OPENSSL
MINOR: build: allow packagers to specify the ssl cache size This is done by passing the default value to SSLCACHESIZE in sessions. User can use tune.sslcachesize to change this value. By default, it is set to 20000 sessions as openssl internal cache size. Currently, a session entry size is between 592 and 616 bytes depending on the arch.
2012-11-14 05:32:56 -05:00
.sslcachesize = SSLCACHESIZE,
MINOR: compression: memlevel and windowsize The window size and the memlevel of the zlib are now configurable using global options tune.zlib.memlevel and tune.zlib.windowsize. It affects the memory consumption of the zlib.
2012-11-07 10:54:34 -05:00
#endif
MINOR: compression: tune.comp.maxlevel This option allows you to set the maximum compression level usable by the compression algorithm. It affects CPU usage.
2012-11-09 06:33:10 -05:00
.comp_maxlevel = 1,
MINOR: config: make the stream interface idle timer user-configurable The new tune.idletimer value allows one to set a different value for idle stream detection. The default value remains set to one second. It is possible to disable it using zero, and to change the default value at build time using DEFAULT_IDLE_TIMER.
2014-02-12 10:35:14 -05:00
#ifdef DEFAULT_IDLE_TIMER
.idle_timer = DEFAULT_IDLE_TIMER,
#else
.idle_timer = 1000, /* 1 second */
#endif
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
},
MINOR: ssl: add defines LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS. These ones are used to set the default ciphers suite on "bind" lines and "server" lines respectively, instead of using OpenSSL's defaults. These are probably mainly useful for distro packagers.
2012-10-05 09:47:31 -04:00
#ifdef USE_OPENSSL
#ifdef DEFAULT_MAXSSLCONN
MEDIUM: config: implement maxsslconn in the global section SSL connections take a huge amount of memory, and unfortunately openssl does not check malloc() returns and easily segfaults when too many connections are used. The only solution against this is to provide a global maxsslconn setting to reject SSL connections above the limit in order to avoid reaching unsafe limits.
2012-09-06 05:58:37 -04:00
.maxsslconn = DEFAULT_MAXSSLCONN,
MINOR: ssl: add defines LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS. These ones are used to set the default ciphers suite on "bind" lines and "server" lines respectively, instead of using OpenSSL's defaults. These are probably mainly useful for distro packagers.
2012-10-05 09:47:31 -04:00
#endif
MEDIUM: config: implement maxsslconn in the global section SSL connections take a huge amount of memory, and unfortunately openssl does not check malloc() returns and easily segfaults when too many connections are used. The only solution against this is to provide a global maxsslconn setting to reject SSL connections above the limit in order to avoid reaching unsafe limits.
2012-09-06 05:58:37 -04:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* others NULL OK */
};
/*********************************************************************/
int stopping; /* non zero means stopping in progress */
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
int killed; /* non zero means a hard-stop is triggered */
[MINOR] support a global jobs counter This counter is incremented for each incoming connection and each active listener, and is used to prevent haproxy from stopping upon SIGUSR1. It will thus be possible for some tasks in increment this counter in order to prevent haproxy from dying until they have completed their job.
2010-08-31 09:39:26 -04:00
int jobs = 0; /* number of active jobs (conns, listeners, active tasks, ...) */
MEDIUM: jobs: support unstoppable jobs for soft stop This patch allows a process to properly quit when some jobs are still active, this feature is handled by the unstoppable_jobs variable, which must be atomically incremented. During each new iteration of run_poll_loop() the break condition of the loop is now (jobs - unstoppable_jobs) == 0. The unique usage of this at the moment is to handle the socketpair CLI of a the worker during the stopping of the process. During the soft stop, we could mark the CLI listener as an unstoppable job and still handle new connections till every other jobs are stopped.
2018-11-16 10:57:20 -05:00
int unstoppable_jobs = 0; /* number of active jobs that can't be stopped during a soft stop */
MINOR: stats: report the number of active peers in "show info" Peers are the last type of activity which can maintain a job present, so it's important to report that such an entity is still active to explain why the job count may be higher than zero. Here by "ActivePeers" we report peers sessions, which include both established connections and outgoing connection attempts.
2018-11-05 10:31:22 -05:00
int active_peers = 0; /* number of active peers (connection attempts and connected) */
MINOR: stats: report the number of currently connected peers The active peers output indicates both the number of established peers connections and the number of peers connection attempts. The new counter "ConnectedPeers" also indicates the number of currently connected peers. This helps detect that some peers cannot be reached for example. It's worth mentioning that this value changes over time because unused peers are often disconnected and reconnected. Most of the time it should be equal to ActivePeers.
2018-11-05 11:12:27 -05:00
int connected_peers = 0; /* number of connected peers (verified ones) */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* Here we store informations about the pids of the processes we may pause
* or kill. We will send them a signal every 10 ms until we can bind to all
* our ports. With 200 retries, that's about 2 seconds.
*/
#define MAX_START_RETRIES 200
static int *oldpids = NULL;
static int oldpids_sig; /* use USR1 or TERM */
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
/* Path to the unix socket we use to retrieve listener sockets from the old process */
static const char *old_unixsocket;
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
static char *cur_unixsocket = NULL;
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
int atexit_flag = 0;
MEDIUM: mworker: exit with the incriminated exit code The former behavior was to exit() the master process with the latest status code known, which was the one of the last process to exit. The problem is that the master process was not exiting with the status code which provoked the exit-on-failure.
2018-11-06 11:37:14 -05:00
static int exitcode = -1;
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
int nb_oldpids = 0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
const int zero = 0;
const int one = 1;
[MINOR] add the "nolinger" option to disable data lingering The following patch will give the ability to tweak socket linger mode. You can use this option with "option nolinger" inside fronted or backend configuration declaration. This will help in environments where lots of FIN_WAIT sockets are encountered.
2007-10-11 14:48:58 -04:00
const struct linger nolinger = { .l_onoff = 1, .l_linger = 0 };
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MINOR] force null-termination of hostname Marcello Gorlani reported that at least on FreeBSD, a long hostname was reported with garbage on the stats page. POSIX does not make it mandatory for gethostname() to NULL-terminate the string in case of truncation, and at least FreeBSD appears not to do it. So let's force null-termination to keep safe.
2010-03-12 15:58:54 -05:00
char hostname[MAX_HOSTNAME_LEN];
[MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management Add cmdline option -L to configure local peer name
2010-09-23 12:30:22 -04:00
char localpeer[MAX_HOSTNAME_LEN];
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
BUILD: definitely silence some stupid GCC warnings It's becoming increasingly difficult to ignore unwanted function returns in debug code with gcc. Now even when you try to work around it, it suggests a way to write your code differently. For example : src/frontend.c:187:65: warning: if statement has empty body [-Wempty-body] if (write(1, trash.str, trash.len) < 0) /* shut gcc warning */; ^ src/frontend.c:187:65: note: put the semicolon on a separate line to silence this warning 1 warning generated. This is totally unacceptable, this code already had to be written this way to shut it up in earlier versions. And now it comments the form ? What's the purpose of the C language if you can't write anymore the code that does what you want ? Emeric proposed to just keep a global variable to drain such useless results so that gcc stops complaining all the time it believes people who write code are monkeys. The solution is acceptable because the useless assignment is done only in debug code so it will not impact performance. This patch implements this, until gcc becomes even "smarter" to detect that we tried to cheat.
2013-12-13 09:14:55 -05:00
/* used from everywhere just to drain results we don't want to read and which
* recent versions of gcc increasingly and annoyingly complain about.
*/
int shut_your_big_mouth_gcc_int = 0;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
int *children = NULL; /* store PIDs of children in master workers mode */
static char **next_argv = NULL;
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
struct list proc_list = LIST_HEAD_INIT(proc_list);
int master = 0; /* 1 if in master, 0 if in child */
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
struct mworker_proc *proc_self = NULL;
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
[MEDIUM] listeners: put listeners in queue upon resource shortage When an accept() fails because of a connection limit or a memory shortage, we now disable it and queue it so that it's dequeued only when a connection is released. This has improved the behaviour of the process near the fd limit as now a listener with a no connection (eg: stats) will not loop forever trying to get its connection accepted. The solution is still not 100% perfect, as we'd like to have this used when proxy limits are reached (use a per-proxy list) and for safety, we'd need to have dedicated tasks to periodically re-enable them (eg: to overcome temporary system-wide resource limitations when no connection is released).
2011-07-24 16:58:00 -04:00
/* list of the temporarily limited listeners because of lack of resource */
struct list global_listener_queue = LIST_HEAD_INIT(global_listener_queue);
[MEDIUM] listeners: add a global listener management task This global task is used to periodically check for end of resource shortage and to try to enable queued listeners again. This is important in case some temporary system-wide shortage is encountered, so that we don't have to wait for an existing connection to be released before checking the queue again. For situations where listeners are queued due to the global maxconn being reached, the task is woken up at least every second. For situations where a system resource shortage is detected (memory, sockets, ...) the task is woken up at least every 100 ms. That way, recovery from severe events can still be achieved under acceptable conditions.
2011-08-01 14:57:55 -04:00
struct task *global_listener_queue_task;
MINOR: tasks: Change the task API so that the callback takes 3 arguments. In preparation for thread-specific runqueues, change the task API so that the callback takes 3 arguments, the task itself, the context, and the state, those were retrieved from the task before. This will allow these elements to change atomically in the scheduler while the application uses the copied value, and even to have NULL tasks later.
2018-05-25 08:04:04 -04:00
static struct task *manage_global_listener_queue(struct task *t, void *context, unsigned short state);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
static void *run_thread_poll_loop(void *data);
MINOR: config: add minimum support for emitting warnings only once This is useful to explain to users what to do during a migration.
2014-04-28 16:27:06 -04:00
/* bitfield of a few warnings to emit just once (WARN_*) */
unsigned int warned = 0;
MEDIUM: mworker: create CLI listeners from argv[] This patch introduces mworker_cli_proxy_new_listener() which allows the creation of new listeners for the CLI proxy. Using this function it is possible to create new listeners from the program arguments with -Sa <unix_socket>. It is allowed to create multiple listeners with several -Sa.
2018-10-26 08:47:36 -04:00
/* master CLI configuration (-S flag) */
struct list mworker_cli_conf = LIST_HEAD_INIT(mworker_cli_conf);
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
/* These are strings to be reported in the output of "haproxy -vv". They may
* either be constants (in which case must_free must be zero) or dynamically
* allocated strings to pass to free() on exit, and in this case must_free
* must be non-zero.
*/
struct list build_opts_list = LIST_HEAD_INIT(build_opts_list);
struct build_opts_str {
struct list list;
const char *str;
int must_free;
};
MINOR: haproxy: add a registration for post-check functions There's a significant amount of late initialization calls which are performed after the point where we exit in check mode. These calls are used to allocate resource and perform certain slow operations. Let's have a way to register some functions which need to be called there instead of having this multitude of #ifdef in the init path.
2016-12-21 13:57:00 -05:00
/* These functions are called just after the point where the program exits
* after a config validity check, so they are generally suited for resource
* allocation and slow initializations that should be skipped during basic
* config checks. The functions must return 0 on success, or a combination
* of ERR_* flags (ERR_WARN, ERR_ABORT, ERR_FATAL, ...). The 2 latter cause
* and immediate exit, so the function must have emitted any useful error.
*/
struct list post_check_list = LIST_HEAD_INIT(post_check_list);
struct post_check_fct {
struct list list;
int (*fct)();
};
MINOR: haproxy: add a registration for post-deinit functions The 3 device detection engines stop at the same place in deinit() with the usual #ifdefs. Similar to the other functions we can have some late deinitialization functions. These functions do not return anything however so we have to use a different type.
2016-12-21 14:46:26 -05:00
/* These functions are called when freeing the global sections at the end
* of deinit, after everything is stopped. They don't return anything, and
* they work in best effort mode as their sole goal is to make valgrind
* mostly happy.
*/
struct list post_deinit_list = LIST_HEAD_INIT(post_deinit_list);
struct post_deinit_fct {
struct list list;
void (*fct)();
};
MINOR: threads: Add mechanism to register per-thread init/deinit functions hap_register_per_thread_init and hap_register_per_thread_deinit functions has been added to register functions to do, for each thread, respectively, some initialization and deinitialization. These functions are added in the global lists per_thread_init_list and per_thread_deinit_list. These functions are called only when HAProxy is started with more than 1 thread (global.nbthread > 1).
2017-07-25 10:52:58 -04:00
/* These functions are called for each thread just after the thread creation
* and before running the scheduler. They should be used to do per-thread
* initializations. They must return 0 if an error occurred. */
struct list per_thread_init_list = LIST_HEAD_INIT(per_thread_init_list);
struct per_thread_init_fct {
struct list list;
int (*fct)();
};
/* These functions are called for each thread just after the scheduler loop and
* before exiting the thread. They don't return anything and, as for post-deinit
* functions, they work in best effort mode as their sole goal is to make
* valgrind mostly happy. */
struct list per_thread_deinit_list = LIST_HEAD_INIT(per_thread_deinit_list);
struct per_thread_deinit_fct {
struct list list;
void (*fct)();
};
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*********************************************************************/
/* general purpose functions ***************************************/
/*********************************************************************/
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
/* used to register some build option strings at boot. Set must_free to
* non-zero if the string must be freed upon exit.
*/
void hap_register_build_opts(const char *str, int must_free)
{
struct build_opts_str *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->str = str;
b->must_free = must_free;
LIST_ADDQ(&build_opts_list, &b->list);
}
MINOR: haproxy: add a registration for post-check functions There's a significant amount of late initialization calls which are performed after the point where we exit in check mode. These calls are used to allocate resource and perform certain slow operations. Let's have a way to register some functions which need to be called there instead of having this multitude of #ifdef in the init path.
2016-12-21 13:57:00 -05:00
/* used to register some initialization functions to call after the checks. */
void hap_register_post_check(int (*fct)())
{
struct post_check_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&post_check_list, &b->list);
}
MINOR: haproxy: add a registration for post-deinit functions The 3 device detection engines stop at the same place in deinit() with the usual #ifdefs. Similar to the other functions we can have some late deinitialization functions. These functions do not return anything however so we have to use a different type.
2016-12-21 14:46:26 -05:00
/* used to register some de-initialization functions to call after everything
* has stopped.
*/
void hap_register_post_deinit(void (*fct)())
{
struct post_deinit_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&post_deinit_list, &b->list);
}
MINOR: threads: Add mechanism to register per-thread init/deinit functions hap_register_per_thread_init and hap_register_per_thread_deinit functions has been added to register functions to do, for each thread, respectively, some initialization and deinitialization. These functions are added in the global lists per_thread_init_list and per_thread_deinit_list. These functions are called only when HAProxy is started with more than 1 thread (global.nbthread > 1).
2017-07-25 10:52:58 -04:00
/* used to register some initialization functions to call for each thread. */
void hap_register_per_thread_init(int (*fct)())
{
struct per_thread_init_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&per_thread_init_list, &b->list);
}
/* used to register some de-initialization functions to call for each thread. */
void hap_register_per_thread_deinit(void (*fct)())
{
struct per_thread_deinit_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&per_thread_deinit_list, &b->list);
}
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void display_version()
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
BUILD: add a new file "version.c" to carry version updates While testing fixes, it's sometimes confusing to rebuild only one C file (e.g. a mux) and not to have the correct commit ID reported in "haproxy -v" nor on the stats page. This patch adds a new "version.c" file which is always rebuilt. It's very small and contains only 3 variables derived from the various version strings. These variables are used instead of the macros at the few places showing the version. This way the output version of the running code is always correct for the parts that were rebuilt.
2019-01-04 12:20:32 -05:00
printf("HA-Proxy version %s %s - https://haproxy.org/\n", haproxy_version, haproxy_date);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void display_build_opts()
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
{
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
struct build_opts_str *item;
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
printf("Build options :"
#ifdef BUILD_TARGET
[BUILD] major rework of the GNU Makefile The build process was getting annoying under some conditions, especially on platforms which are used to set CFLAGS, as well as those which set a lot of complex defines. The new Makefile takes care of this situation by not mixing TARGET, CPU and user values, and by making privileging the pre-setting of common variables with the ability to override them. Now CFLAGS and LDFLAGS are set by default and may be overridden without the risk of breaking useful defines. Options are better dealt with, and as a bonus, it was possible to merge the FreeBSD and OpenBSD targets into the common GNU Makefile. The report of build options by "haproxy -vv" has been slightly adapted to the new mode. Options implied by architecture are not reported, only user-specified options are. It is also possible to add options which will not be reported in order not to mangle the output when specifying dirty informations such as URLs... The Makefile was copiously documented and it should be easier to build for any target now. Backwards compatibility with older build processes was kept, and warnings are emitted for deprecated build options.
2008-01-02 14:48:34 -05:00
"\n TARGET = " BUILD_TARGET
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
#endif
#ifdef BUILD_CPU
[BUILD] major rework of the GNU Makefile The build process was getting annoying under some conditions, especially on platforms which are used to set CFLAGS, as well as those which set a lot of complex defines. The new Makefile takes care of this situation by not mixing TARGET, CPU and user values, and by making privileging the pre-setting of common variables with the ability to override them. Now CFLAGS and LDFLAGS are set by default and may be overridden without the risk of breaking useful defines. Options are better dealt with, and as a bonus, it was possible to merge the FreeBSD and OpenBSD targets into the common GNU Makefile. The report of build options by "haproxy -vv" has been slightly adapted to the new mode. Options implied by architecture are not reported, only user-specified options are. It is also possible to add options which will not be reported in order not to mangle the output when specifying dirty informations such as URLs... The Makefile was copiously documented and it should be easier to build for any target now. Backwards compatibility with older build processes was kept, and warnings are emitted for deprecated build options.
2008-01-02 14:48:34 -05:00
"\n CPU = " BUILD_CPU
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
#endif
#ifdef BUILD_CC
[BUILD] major rework of the GNU Makefile The build process was getting annoying under some conditions, especially on platforms which are used to set CFLAGS, as well as those which set a lot of complex defines. The new Makefile takes care of this situation by not mixing TARGET, CPU and user values, and by making privileging the pre-setting of common variables with the ability to override them. Now CFLAGS and LDFLAGS are set by default and may be overridden without the risk of breaking useful defines. Options are better dealt with, and as a bonus, it was possible to merge the FreeBSD and OpenBSD targets into the common GNU Makefile. The report of build options by "haproxy -vv" has been slightly adapted to the new mode. Options implied by architecture are not reported, only user-specified options are. It is also possible to add options which will not be reported in order not to mangle the output when specifying dirty informations such as URLs... The Makefile was copiously documented and it should be easier to build for any target now. Backwards compatibility with older build processes was kept, and warnings are emitted for deprecated build options.
2008-01-02 14:48:34 -05:00
"\n CC = " BUILD_CC
#endif
#ifdef BUILD_CFLAGS
"\n CFLAGS = " BUILD_CFLAGS
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
#endif
[BUILD] major rework of the GNU Makefile The build process was getting annoying under some conditions, especially on platforms which are used to set CFLAGS, as well as those which set a lot of complex defines. The new Makefile takes care of this situation by not mixing TARGET, CPU and user values, and by making privileging the pre-setting of common variables with the ability to override them. Now CFLAGS and LDFLAGS are set by default and may be overridden without the risk of breaking useful defines. Options are better dealt with, and as a bonus, it was possible to merge the FreeBSD and OpenBSD targets into the common GNU Makefile. The report of build options by "haproxy -vv" has been slightly adapted to the new mode. Options implied by architecture are not reported, only user-specified options are. It is also possible to add options which will not be reported in order not to mangle the output when specifying dirty informations such as URLs... The Makefile was copiously documented and it should be easier to build for any target now. Backwards compatibility with older build processes was kept, and warnings are emitted for deprecated build options.
2008-01-02 14:48:34 -05:00
#ifdef BUILD_OPTIONS
"\n OPTIONS = " BUILD_OPTIONS
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
#endif
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
"\n\nDefault settings :"
"\n maxconn = %d, bufsize = %d, maxrewrite = %d, maxpollevents = %d"
"\n\n",
DEFAULT_MAXCONN, BUFSIZE, MAXREWRITE, MAX_POLL_EVENTS);
[MINOR] report list of supported pollers with -vv During troubleshooting, it's often useful to get the list of supported pollers but until now it was required to have a working configuration first. Since the pollers are known before main() is called, let's list them with the build options.
2009-10-03 12:57:08 -04:00
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
list_for_each_entry(item, &build_opts_list, list) {
puts(item->str);
}
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
putchar('\n');
[MINOR] report list of supported pollers with -vv During troubleshooting, it's often useful to get the list of supported pollers but until now it was required to have a working configuration first. Since the pollers are known before main() is called, let's list them with the build options.
2009-10-03 12:57:08 -04:00
list_pollers(stdout);
putchar('\n');
MINOR: mux: Print the list of existing mux protocols during HA startup This is done in verbose/debug mode and when build options are reported.
2018-04-10 08:37:32 -04:00
list_mux_proto(stdout);
putchar('\n');
MINOR: filters: Print the list of existing filters during HA startup This is done in verbose/debug mode and when build options are reported.
2016-03-07 06:46:38 -05:00
list_filters(stdout);
putchar('\n');
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* This function prints the command line usage and exits
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void usage(char *name)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
display_version();
fprintf(stderr,
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
"Usage : %s [-f <cfgfile|cfgdir>]* [ -vdV"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
"D ] [ -n <maxconn> ] [ -N <maxpconn> ]\n"
MEDIUM: init: support a list of files on the command line HAProxy could already support being passed a file list on the command line, by passing multiple times "-f" followed by a file name. People have been complaining that it made it hard to pass file lists from init scripts. This patch introduces an end of arguments using the common "--" tag, after which only file names may appear. These files are then added to the existing list of other files specified using -f and are loaded in their declaration order. Thus it becomes possible to do something like this : haproxy -sf $(pidof haproxy) -- /etc/haproxy/global.cfg /etc/haproxy/customers/*.cfg
2015-10-08 05:58:48 -04:00
" [ -p <pidfile> ] [ -m <max megs> ] [ -C <dir> ] [-- <cfgfile>*]\n"
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
" -v displays version ; -vv shows known build options.\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -d enters debug mode ; -db only disables background mode.\n"
MEDIUM: memory: add the ability to poison memory at run time From time to time, some bugs are discovered that are caused by non-initialized memory areas. It happens that most platforms return a zero-filled area upon first malloc() thus hiding potential bugs. This patch also replaces malloc() in pools with calloc() to ensure that all platforms exhibit the same behaviour upon startup. In order to catch these bugs more easily, add a -dM command line flag to enable memory poisonning. Optionally, passing -dM<byte> forces the poisonning byte to <byte>.
2012-05-08 09:40:42 -04:00
" -dM[<byte>] poisons memory with <byte> (defaults to 0x50)\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -V enters verbose mode (disables quiet mode)\n"
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
" -D goes daemon ; -C changes to <dir> before loading files.\n"
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
" -W master-worker mode.\n"
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
" -Ws master-worker mode with systemd notify support.\n"
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -q quiet mode : don't display messages\n"
[MEDIUM] config: support loading multiple configuration files We now support up to 10 distinct configuration files. They are all loaded in the order defined by -f <file1> -f <file2> ... This can be useful in order to store global, private, public, etc... configurations in distinct files.
2009-06-22 10:02:30 -04:00
" -c check mode : only check config files and exit\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -n sets the maximum total # of connections (%d)\n"
" -m limits the usable amount of memory (in MB)\n"
" -N sets the default, per-proxy maximum # of connections (%d)\n"
[MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management Add cmdline option -L to configure local peer name
2010-09-23 12:30:22 -04:00
" -L set local peer name (default to hostname)\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -p writes pids of all children to this file\n"
#if defined(ENABLE_EPOLL)
" -de disables epoll() usage even when available\n"
#endif
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
#if defined(ENABLE_KQUEUE)
" -dk disables kqueue() usage even when available\n"
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#if defined(ENABLE_POLL)
" -dp disables poll() usage even when available\n"
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
#endif
[MEDIUM] remove old experimental tcpsplice option This Linux-specific option was never really used in production and has since been superseded by new splicing options brought by recent Linux kernels. It caused several particular cases in the code because the kernel would take care of the session without haproxy being able to do anything on it, which became hard to handle in the new architecture. Let's simply get rid of it now that there is a replacement available.
2009-08-16 07:20:32 -04:00
#if defined(CONFIG_HAP_LINUX_SPLICE)
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
" -dS disables splice usage (broken on old kernels)\n"
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
#endif
#if defined(USE_GETADDRINFO)
" -dG disables getaddrinfo() usage\n"
MEDIUM: make SO_REUSEPORT configurable With Linux officially introducing SO_REUSEPORT support in 3.9 and its mainstream adoption we have seen more people running into strange SO_REUSEPORT related issues (a process management issue turning into hard to diagnose problems because the kernel load-balances between the new and an obsolete haproxy instance). Also some people simply want the guarantee that the bind fails when the old process is still bound. This change makes SO_REUSEPORT configurable, introducing the command line argument "-dR" and the noreuseport configuration directive. A backport to 1.6 should be considered.
2016-09-12 17:42:20 -04:00
#endif
#if defined(SO_REUSEPORT)
" -dR disables SO_REUSEPORT usage\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
MINOR: init: add -dr to ignore server address resolution failures It is very common when validating a configuration out of production not to have access to the same resolvers and to fail on server address resolution, making it difficult to test a configuration. This option simply appends the "none" method to the list of address resolution methods for all servers, ensuring that even if the libc fails to resolve an address, the startup sequence is not interrupted.
2016-11-07 15:03:16 -05:00
" -dr ignores server address resolution failures\n"
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
" -dV disables SSL verify on servers side\n"
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
" -sf/-st [pid ]* finishes/terminates old pids.\n"
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
" -x <unix_socket> get listening sockets from a unix socket\n"
MEDIUM: mworker: create CLI listeners from argv[] This patch introduces mworker_cli_proxy_new_listener() which allows the creation of new listeners for the CLI proxy. Using this function it is possible to create new listeners from the program arguments with -Sa <unix_socket>. It is allowed to create multiple listeners with several -Sa.
2018-10-26 08:47:36 -04:00
" -S <unix_socket>[,<bind options>...] new stats socket for the master\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
"\n",
name, DEFAULT_MAXCONN, cfg_maxpconn);
exit(1);
}
/*********************************************************************/
/* more specific functions ***************************************/
/*********************************************************************/
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/* sends the signal <sig> to all pids found in <oldpids>. Returns the number of
* pids the signal was correctly delivered to.
*/
static int tell_old_pids(int sig)
{
int p;
int ret = 0;
for (p = 0; p < nb_oldpids; p++)
if (kill(oldpids[p], sig) == 0)
ret++;
return ret;
}
/* return 1 if a pid is a current child otherwise 0 */
int current_child(int pid)
{
int i;
for (i = 0; i < global.nbproc; i++) {
if (children[i] == pid)
return 1;
}
return 0;
}
static void mworker_block_signals()
{
sigset_t set;
sigemptyset(&set);
sigaddset(&set, SIGUSR1);
sigaddset(&set, SIGUSR2);
sigaddset(&set, SIGHUP);
MEDIUM: mworker: block SIGCHLD until the master is ready With the new way of handling the signals in the master worker, we are are not staying in a waitpid() loop. Which means that we need to catch the SIGCHLD signals to call waitpid(). The problem is when the master is reloading, this signal is neither registered nor blocked so we lost all signals between the restart and the call to mworker_loop(). This patch blocks the SIGCHLD signals before the reloading and ensure it's not unblocked before the master registered the SIGCHLD handler.
2018-09-11 04:06:21 -04:00
sigaddset(&set, SIGCHLD);
BUG/MINOR: signals: ha_sigmask macro for multithreading The behavior of sigprocmask in an multithreaded environment is undefined. The new macro ha_sigmask() calls either pthreads_sigmask() or sigprocmask() if haproxy was built with thread support or not. This should be backported to 1.8.
2018-06-07 05:23:40 -04:00
ha_sigmask(SIG_SETMASK, &set, NULL);
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
}
static void mworker_unblock_signals()
{
MEDIUM: startup: unify signal init between daemon and mworker mode The signals are now unblocked only once the configuration have been parsed.
2018-09-11 04:06:23 -04:00
haproxy_unblock_signals();
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
}
/*
* Send signal to every known children.
*/
static void mworker_kill(int sig)
{
int i;
tell_old_pids(sig);
if (children) {
for (i = 0; i < global.nbproc; i++)
kill(children[i], sig);
}
}
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
/*
* serialize the proc list and put it in the environment
*/
static void mworker_proc_list_to_env()
{
char *msg = NULL;
struct mworker_proc *child;
list_for_each_entry(child, &proc_list, list) {
BUG/MINOR: mworker: don't use unitialized mworker_proc struct If the reload fail after the parsing of the configuration, the mworker_proc structures are created for the processes it tried to create. The mworker_proc_list_to_env() function was exporting these unitialized structures in the "HAPROXY_PROCESSES" environment variable which was leading to this kind of output in "show proc": 4294967295 worker [was: 1] 1 17879d 16h26m28s
2018-12-14 13:31:21 -05:00
if (child->pid > -1)
memprintf(&msg, "%s|type=%c;fd=%d;pid=%d;rpid=%d;reloads=%d;timestamp=%d", msg ? msg : "", child->type, child->ipc_fd[0], child->pid, child->relative_pid, child->reloads, child->timestamp);
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
}
if (msg)
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
setenv("HAPROXY_PROCESSES", msg, 1);
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
}
/*
* unserialize the proc list from the environment
*/
static void mworker_env_to_proc_list()
{
char *msg, *token = NULL, *s1;
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
msg = getenv("HAPROXY_PROCESSES");
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
if (!msg)
return;
while ((token = strtok_r(msg, "|", &s1))) {
struct mworker_proc *child;
char *subtoken = NULL;
char *s2;
msg = NULL;
child = calloc(1, sizeof(*child));
while ((subtoken = strtok_r(token, ";", &s2))) {
token = NULL;
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
if (strncmp(subtoken, "type=", 5) == 0) {
child->type = *(subtoken+5);
if (child->type == 'm') /* we are in the master, assign it */
proc_self = child;
} else if (strncmp(subtoken, "fd=", 3) == 0) {
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
child->ipc_fd[0] = atoi(subtoken+3);
} else if (strncmp(subtoken, "pid=", 4) == 0) {
child->pid = atoi(subtoken+4);
} else if (strncmp(subtoken, "rpid=", 5) == 0) {
child->relative_pid = atoi(subtoken+5);
MINOR: mworker: number of reload in the life of a worker This patch adds a field in the mworker_proc structure which contains how much time the master reloaded during the life of a worker.
2018-10-26 08:47:29 -04:00
} else if (strncmp(subtoken, "reloads=", 8) == 0) {
/* we reloaded this process once more */
child->reloads = atoi(subtoken+8) + 1;
MINOR: cli: displays uptime in `show proc` Displays the uptime of the workers in `show proc`
2018-11-19 12:46:17 -05:00
} else if (strncmp(subtoken, "timestamp=", 10) == 0) {
child->timestamp = atoi(subtoken+10);
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
}
}
if (child->pid)
LIST_ADDQ(&proc_list, &child->list);
else
free(child);
}
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
unsetenv("HAPROXY_PROCESSES");
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
}
BUG/MEDIUM: mworker: does not close inherited FD At the end of the master initialisation, a call to protocol_unbind_all() was made, in order to close all the FDs. Unfortunately, this function closes the inherited FDs (fd@), upon reload the master wasn't able to reload a configuration with those FDs. The create_listeners() function now store a flag to specify if the fd was inherited or not. Replace the protocol_unbind_all() by mworker_cleanlisteners() + deinit_pollers()
2017-11-15 13:02:58 -05:00
/*
* Upon a reload, the master worker needs to close all listeners FDs but the mworker_pipe
* fd, and the FD provided by fd@
*/
static void mworker_cleanlisteners()
{
struct listener *l, *l_next;
struct proxy *curproxy;
BUG/MEDIUM: mworker: also close peers sockets in the master There's a nasty case related to signaling all processes via SIGUSR1. Since the master process still holds the peers sockets, the old process trying to connect to the new one to teach it its tables has a risk to connect to the master instead, which will not do anything, causing the old process to hang instead of quitting. This patch ensures we correctly close the peers in the master process on startup, just like it is done for proxies. Ultimately we would rather have a complete list of listeners to avoid such issues. But that's a bit trickier as it would require using unbind_all() and avoiding side effects the master could cause to other processes (like unlinking unix sockets). To be backported to 1.8.
2017-12-05 05:14:12 -05:00
struct peers *curpeers;
BUG/MEDIUM: mworker: does not close inherited FD At the end of the master initialisation, a call to protocol_unbind_all() was made, in order to close all the FDs. Unfortunately, this function closes the inherited FDs (fd@), upon reload the master wasn't able to reload a configuration with those FDs. The create_listeners() function now store a flag to specify if the fd was inherited or not. Replace the protocol_unbind_all() by mworker_cleanlisteners() + deinit_pollers()
2017-11-15 13:02:58 -05:00
BUG/MINOR: mworker: no need to stop peers for each proxy The mworker_cleanlisteners() was cleaning the peers in the proxy loop, which is useless since we need to stop the peers only once.
2018-09-11 04:06:19 -04:00
/* we might have to unbind some peers sections from some processes */
for (curpeers = cfg_peers; curpeers; curpeers = curpeers->next) {
if (!curpeers->peers_fe)
continue;
stop_proxy(curpeers->peers_fe);
/* disable this peer section so that it kills itself */
signal_unregister_handler(curpeers->sighandler);
task_delete(curpeers->sync_task);
task_free(curpeers->sync_task);
curpeers->sync_task = NULL;
task_free(curpeers->peers_fe->task);
curpeers->peers_fe->task = NULL;
curpeers->peers_fe = NULL;
}
BUG/MEDIUM: mworker: does not close inherited FD At the end of the master initialisation, a call to protocol_unbind_all() was made, in order to close all the FDs. Unfortunately, this function closes the inherited FDs (fd@), upon reload the master wasn't able to reload a configuration with those FDs. The create_listeners() function now store a flag to specify if the fd was inherited or not. Replace the protocol_unbind_all() by mworker_cleanlisteners() + deinit_pollers()
2017-11-15 13:02:58 -05:00
MINOR: mworker: mworker_cleanlisteners() delete the listeners The mworker_cleanlisteners() function now remove the listeners, we don't need them in the master for now.
2018-09-11 04:06:20 -04:00
for (curproxy = proxies_list; curproxy; curproxy = curproxy->next) {
BUG/MEDIUM: mworker: stop proxies which have no listener in the master The previous code was only stopping the listeners in the master, not the entire proxy. Since we now have a polling loop in the master, there might be some side effects, indeed some things that are still initialized. For example the checks were still running.
2018-12-03 14:34:44 -05:00
int listen_in_master = 0;
BUG/MEDIUM: mworker: does not close inherited FD At the end of the master initialisation, a call to protocol_unbind_all() was made, in order to close all the FDs. Unfortunately, this function closes the inherited FDs (fd@), upon reload the master wasn't able to reload a configuration with those FDs. The create_listeners() function now store a flag to specify if the fd was inherited or not. Replace the protocol_unbind_all() by mworker_cleanlisteners() + deinit_pollers()
2017-11-15 13:02:58 -05:00
list_for_each_entry_safe(l, l_next, &curproxy->conf.listeners, by_fe) {
MINOR: mworker: keep and clean the listeners Keep the listeners that should be used in the master process and clean them in the workers.
2018-09-11 04:06:27 -04:00
/* remove the listener, but not those we need in the master... */
BUG/MEDIUM: mworker: don't poll on LI_O_INHERITED listeners The listeners with the LI_O_INHERITED flag were deleted but not unbound which is a problem since we have a polling in the master. This patch unbind every listeners which are not require for the master, but does not close the FD of those that have a LI_O_INHERITED flag.
2018-10-12 04:39:54 -04:00
if (!(l->options & LI_O_MWORKER)) {
/* unbind the listener but does not close if
the FD is inherited with fd@ from the parent
process */
if (l->options & LI_O_INHERITED)
unbind_listener_no_close(l);
else
unbind_listener(l);
MINOR: mworker: keep and clean the listeners Keep the listeners that should be used in the master process and clean them in the workers.
2018-09-11 04:06:27 -04:00
delete_listener(l);
BUG/MEDIUM: mworker: stop proxies which have no listener in the master The previous code was only stopping the listeners in the master, not the entire proxy. Since we now have a polling loop in the master, there might be some side effects, indeed some things that are still initialized. For example the checks were still running.
2018-12-03 14:34:44 -05:00
} else {
listen_in_master = 1;
BUG/MEDIUM: mworker: don't poll on LI_O_INHERITED listeners The listeners with the LI_O_INHERITED flag were deleted but not unbound which is a problem since we have a polling in the master. This patch unbind every listeners which are not require for the master, but does not close the FD of those that have a LI_O_INHERITED flag.
2018-10-12 04:39:54 -04:00
}
BUG/MEDIUM: mworker: does not close inherited FD At the end of the master initialisation, a call to protocol_unbind_all() was made, in order to close all the FDs. Unfortunately, this function closes the inherited FDs (fd@), upon reload the master wasn't able to reload a configuration with those FDs. The create_listeners() function now store a flag to specify if the fd was inherited or not. Replace the protocol_unbind_all() by mworker_cleanlisteners() + deinit_pollers()
2017-11-15 13:02:58 -05:00
}
BUG/MEDIUM: mworker: stop proxies which have no listener in the master The previous code was only stopping the listeners in the master, not the entire proxy. Since we now have a polling loop in the master, there might be some side effects, indeed some things that are still initialized. For example the checks were still running.
2018-12-03 14:34:44 -05:00
/* if the proxy shouldn't be in the master, we stop it */
if (!listen_in_master)
curproxy->state = PR_STSTOPPED;
BUG/MEDIUM: mworker: does not close inherited FD At the end of the master initialisation, a call to protocol_unbind_all() was made, in order to close all the FDs. Unfortunately, this function closes the inherited FDs (fd@), upon reload the master wasn't able to reload a configuration with those FDs. The create_listeners() function now store a flag to specify if the fd was inherited or not. Replace the protocol_unbind_all() by mworker_cleanlisteners() + deinit_pollers()
2017-11-15 13:02:58 -05:00
}
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/*
* remove a pid forom the olpid array and decrease nb_oldpids
* return 1 pid was found otherwise return 0
*/
int delete_oldpid(int pid)
{
int i;
for (i = 0; i < nb_oldpids; i++) {
if (oldpids[i] == pid) {
oldpids[i] = oldpids[nb_oldpids - 1];
oldpids[nb_oldpids - 1] = 0;
nb_oldpids--;
return 1;
}
}
return 0;
}
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
static void get_cur_unixsocket()
{
/* if -x was used, try to update the stat socket if not available anymore */
if (global.stats_fe) {
struct bind_conf *bind_conf;
/* pass through all stats socket */
list_for_each_entry(bind_conf, &global.stats_fe->conf.bind, by_fe) {
struct listener *l;
list_for_each_entry(l, &bind_conf->listeners, by_bind) {
if (l->addr.ss_family == AF_UNIX &&
(bind_conf->level & ACCESS_FD_LISTENERS)) {
const struct sockaddr_un *un;
un = (struct sockaddr_un *)&l->addr;
/* priority to old_unixsocket */
if (!cur_unixsocket) {
cur_unixsocket = strdup(un->sun_path);
} else {
if (old_unixsocket && !strcmp(un->sun_path, old_unixsocket)) {
free(cur_unixsocket);
cur_unixsocket = strdup(old_unixsocket);
return;
}
}
}
}
}
}
if (!cur_unixsocket && old_unixsocket)
cur_unixsocket = strdup(old_unixsocket);
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/*
* When called, this function reexec haproxy with -sf followed by current
CLEANUP: Fix some typos in the haproxy subsystem Fix some typos in the code comments of the haproxy subsystem.
2018-11-15 13:41:50 -05:00
* children PIDs and possibly old children PIDs if they didn't leave yet.
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
*/
MINOR: cli: implements 'reload' on master CLI The reload command reload the haproxy master like it is done with a kill -USR2 on the master process.
2018-12-14 15:11:31 -05:00
void mworker_reload()
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
{
int next_argc = 0;
int j;
char *msg = NULL;
BUG/MEDIUM: mworker: fix FD leak upon reload We reintroduced some FDs leaking by using a poller and some listeners in the master. The master proxy needs to be stopped to avoid leaking its listeners, the polling loop needs to be deinit, and the thread waker pipe need to be closed too. No backport needed.
2018-11-26 05:53:40 -05:00
struct per_thread_deinit_fct *ptdf;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
mworker_block_signals();
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
if (global.tune.options & GTUNE_USE_SYSTEMD)
sd_notify(0, "RELOADING=1");
#endif
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
setenv("HAPROXY_MWORKER_REEXEC", "1", 1);
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
mworker_proc_list_to_env(); /* put the children description in the env */
BUG/MEDIUM: mworker: fix FD leak upon reload We reintroduced some FDs leaking by using a poller and some listeners in the master. The master proxy needs to be stopped to avoid leaking its listeners, the polling loop needs to be deinit, and the thread waker pipe need to be closed too. No backport needed.
2018-11-26 05:53:40 -05:00
/* during the reload we must ensure that every FDs that can't be
* reuse (ie those that are not referenced in the proc_list)
* are closed or they will leak. */
/* close the listeners FD */
mworker_cli_proxy_stop();
/* close the poller FD and the thread waker pipe FD */
list_for_each_entry(ptdf, &per_thread_deinit_list, list)
ptdf->fct();
if (fdtab)
deinit_pollers();
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/* compute length */
while (next_argv[next_argc])
next_argc++;
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
/* 1 for haproxy -sf, 2 for -x /socket */
next_argv = realloc(next_argv, (next_argc + 1 + 2 + global.nbproc + nb_oldpids + 1) * sizeof(char *));
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
if (next_argv == NULL)
goto alloc_error;
/* add -sf <PID>* to argv */
if (children || nb_oldpids > 0)
next_argv[next_argc++] = "-sf";
if (children) {
for (j = 0; j < global.nbproc; next_argc++,j++) {
next_argv[next_argc] = memprintf(&msg, "%d", children[j]);
if (next_argv[next_argc] == NULL)
goto alloc_error;
msg = NULL;
}
}
/* copy old process PIDs */
for (j = 0; j < nb_oldpids; next_argc++,j++) {
next_argv[next_argc] = memprintf(&msg, "%d", oldpids[j]);
if (next_argv[next_argc] == NULL)
goto alloc_error;
msg = NULL;
}
next_argv[next_argc] = NULL;
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
/* add the -x option with the stat socket */
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
if (cur_unixsocket) {
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
next_argv[next_argc++] = "-x";
next_argv[next_argc++] = (char *)cur_unixsocket;
next_argv[next_argc++] = NULL;
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
}
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Reexecuting Master process\n");
BUG/MEDIUM: mworker: Fix re-exec when haproxy is started from PATH If haproxy is started using the name of the binary only (i.e. not using a relative or absolute path) the `execv` in `mworker_reload` fails with `ENOENT`, because it does not examine the `PATH`: [WARNING] 315/161139 (7) : Reexecuting Master process [WARNING] 315/161139 (7) : Cannot allocate memory [WARNING] 315/161139 (7) : Failed to reexecute the master processs [7] The error messages are misleading, because the return value of `execv` is not checked. This should be fixed in a separate commit. Once this happened the master process ignores any further signals sent by the administrator. Replace `execv` with `execvp` to establish the expected behaviour. This bug was introduced in commit 73b85e75b3963086be889e1fb40a59e7ef2ad63b.
2017-11-12 11:39:18 -05:00
execvp(next_argv[0], next_argv);
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to reexecute the master process [%d]: %s\n", pid, strerror(errno));
MINOR: mworker: display an accurate error when the reexec fail When the master worker fail the execvp, it returns the wrong error "Cannot allocate memory". We now display the accurate error corresponding to the errno value.
2017-11-15 13:02:55 -05:00
return;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
alloc_error:
MINOR: Fix an error message thrown when we run out of memory Fixes a typo in an error message that can be seen by the end user when the haproxy subsystem runs out of memory.
2018-11-15 13:43:05 -05:00
ha_warning("Failed to reexecute the master process [%d]: Cannot allocate memory\n", pid);
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
return;
}
/*
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
* When called, this function reexec haproxy with -sf followed by current
CLEANUP: Fix some typos in the haproxy subsystem Fix some typos in the code comments of the haproxy subsystem.
2018-11-15 13:41:50 -05:00
* children PIDs and possibly old children PIDs if they didn't leave yet.
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
*/
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
static void mworker_catch_sighup(struct sig_handler *sh)
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
{
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
mworker_reload();
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
static void mworker_catch_sigterm(struct sig_handler *sh)
{
int sig = sh->arg;
BUG/MEDIUM: mworker: wait again for signals when execvp fail After execvp fails, the signals were ignored, preventing to try a reload again. It is now fixed by reaching the top of the mworker_wait() function once the execvp failed.
2017-11-15 13:02:56 -05:00
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
if (global.tune.options & GTUNE_USE_SYSTEMD) {
sd_notify(0, "STOPPING=1");
}
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#endif
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
ha_warning("Exiting Master process...\n");
mworker_kill(sig);
}
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
/*
* Wait for every children to exit
*/
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
static void mworker_catch_sigchld(struct sig_handler *sh)
{
int exitpid = -1;
int status = 0;
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
struct mworker_proc *child, *it;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
restart_wait:
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
exitpid = waitpid(-1, &status, WNOHANG);
if (exitpid > 0) {
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
if (WIFEXITED(status))
status = WEXITSTATUS(status);
else if (WIFSIGNALED(status))
status = 128 + WTERMSIG(status);
else if (WIFSTOPPED(status))
status = 128 + WSTOPSIG(status);
else
status = 255;
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
list_for_each_entry_safe(child, it, &proc_list, list) {
if (child->pid != exitpid)
continue;
LIST_DEL(&child->list);
close(child->ipc_fd[0]);
break;
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
if (!children) {
MINOR: mworker: displays more information when leaving When a worker is leaving, we display the relative PID and the result of the strsignal() function if it was killed by a signal.
2018-11-06 11:37:13 -05:00
ha_warning("Worker %d exited with code %d (%s)\n", exitpid, status, (status >= 128) ? strsignal(status - 128) : "Exit");
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
} else {
/* check if exited child was in the current children list */
if (current_child(exitpid)) {
MINOR: mworker: displays more information when leaving When a worker is leaving, we display the relative PID and the result of the strsignal() function if it was killed by a signal.
2018-11-06 11:37:13 -05:00
ha_alert("Current worker #%d (%d) exited with code %d (%s)\n", child->relative_pid, exitpid, status, (status >= 128) ? strsignal(status - 128) : "Exit");
MEDIUM: mworker: exit-on-failure option This option exits every workers when one of the current workers die. It allows you to monitor the master process in order to relaunch everything on a failure. For example it can be used with systemd and Restart=on-failure in a spec file.
2017-06-01 11:38:54 -04:00
if (status != 0 && status != 130 && status != 143
MAJOR: mworker: exits the master on failure This patch changes the behavior of the master during the exit of a worker. When a worker exits with an error code, for example in the case of a segfault, all workers are now killed and the master leaves. If you don't want this behavior you can use the option "master-worker no-exit-on-failure".
2017-11-24 16:02:34 -05:00
&& !(global.tune.options & GTUNE_NOEXIT_ONFAILURE)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("exit-on-failure: killing every workers with SIGTERM\n");
MEDIUM: mworker: exit with the incriminated exit code The former behavior was to exit() the master process with the latest status code known, which was the one of the last process to exit. The problem is that the master process was not exiting with the status code which provoked the exit-on-failure.
2018-11-06 11:37:14 -05:00
if (exitcode < 0)
exitcode = status;
MEDIUM: mworker: exit-on-failure option This option exits every workers when one of the current workers die. It allows you to monitor the master process in order to relaunch everything on a failure. For example it can be used with systemd and Restart=on-failure in a spec file.
2017-06-01 11:38:54 -04:00
mworker_kill(SIGTERM);
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
} else {
MINOR: mworker: displays more information when leaving When a worker is leaving, we display the relative PID and the result of the strsignal() function if it was killed by a signal.
2018-11-06 11:37:13 -05:00
ha_warning("Former worker #%d (%d) exited with code %d (%s)\n", child->relative_pid, exitpid, status, (status >= 128) ? strsignal(status - 128) : "Exit");
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
delete_oldpid(exitpid);
}
}
MINOR: mworker: displays more information when leaving When a worker is leaving, we display the relative PID and the result of the strsignal() function if it was killed by a signal.
2018-11-06 11:37:13 -05:00
free(child);
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
/* do it again to check if it was the last worker */
goto restart_wait;
}
/* Better rely on the system than on a list of process to check if it was the last one */
else if (exitpid == -1 && errno == ECHILD) {
MINOR: mworker: displays more information when leaving When a worker is leaving, we display the relative PID and the result of the strsignal() function if it was killed by a signal.
2018-11-06 11:37:13 -05:00
ha_warning("All workers exited. Exiting... (%d)\n", (exitcode > 0) ? exitcode : status);
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
atexit_flag = 0;
MEDIUM: mworker: exit with the incriminated exit code The former behavior was to exit() the master process with the latest status code known, which was the one of the last process to exit. The problem is that the master process was not exiting with the status code which provoked the exit-on-failure.
2018-11-06 11:37:14 -05:00
if (exitcode > 0)
exit(exitcode);
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
exit(status); /* parent must leave using the latest status code known */
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
}
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
}
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
static void mworker_loop()
{
#if defined(USE_SYSTEMD)
if (global.tune.options & GTUNE_USE_SYSTEMD)
sd_notifyf(0, "READY=1\nMAINPID=%lu", (unsigned long)getpid());
#endif
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
master = 1;
BUG/MEDIUM: mworker: unregister the signals of main() The signal_register_fct() does not remove the handlers assigned to a signal, but add a new handler to a list. We accidentality inherited the handlers of the main() function in the master process which is a problem because they act on the proxies. The side effect was to stop the MASTER proxy which handle the master CLI on a SIGUSR1, and to display some debug info when doing a SIGHUP and a SIGQUIT.
2018-11-20 11:36:53 -05:00
signal_unregister(SIGUSR1);
signal_unregister(SIGHUP);
signal_unregister(SIGQUIT);
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
signal_register_fct(SIGTERM, mworker_catch_sigterm, SIGTERM);
signal_register_fct(SIGUSR1, mworker_catch_sigterm, SIGUSR1);
signal_register_fct(SIGINT, mworker_catch_sigterm, SIGINT);
signal_register_fct(SIGHUP, mworker_catch_sighup, SIGHUP);
signal_register_fct(SIGUSR2, mworker_catch_sighup, SIGUSR2);
signal_register_fct(SIGCHLD, mworker_catch_sigchld, SIGCHLD);
mworker_unblock_signals();
mworker_cleanlisteners();
BUG/MEDIUM: mworker: stop every tasks in the master The master is not supposed to run (at the moment) any task before the polling loop, the created tasks should be run only in the workers but in the master they should be disabled or removed. No backport needed.
2018-12-06 08:05:20 -05:00
mworker_cleantasks();
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
mworker_catch_sigchld(NULL); /* ensure we clean the children in case
some SIGCHLD were lost */
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
global.nbthread = 1;
relative_pid = 1;
pid_bit = 1;
MINOR: config: keep an all_proc_mask like we have all_threads_mask This simplifies some mask comparisons at various places where nbits(global.nbproc) was used.
2019-02-02 11:11:28 -05:00
all_proc_mask = 1;
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
MINOR: mworker: set all_threads_mask and pid_bit to 1 Reinit the all_threads_mask and pid_bit to 1 before the master polling loop, this process is monothread.
2018-12-14 09:52:39 -05:00
#ifdef USE_THREAD
tid_bit = 1;
all_threads_mask = 1;
#endif
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
jobs++; /* this is the "master" job, we want to take care of the
signals even if there is no listener so the poll loop don't
leave */
fork_poller();
run_thread_poll_loop((int []){0});
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
/*
* Reexec the process in failure mode, instead of exiting
*/
void reexec_on_failure()
{
if (!atexit_flag)
return;
setenv("HAPROXY_MWORKER_WAIT_ONLY", "1", 1);
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Reexecuting Master process in waitpid mode\n");
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
mworker_reload();
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
[MEDIUM] signals: support redistribution of signal zero when stopping Signal zero is never delivered by the system. However having a signal to which functions and tasks can subscribe to be notified of a stopping event is useful. So this patch does two things : 1) allow signal zero to be delivered from any function of signal handler 2) make soft_stop() deliver this signal so that tasks can be notified of a stopping condition.
2010-08-27 12:26:11 -04:00
* upon SIGUSR1, let's have a soft stop. Note that soft_stop() broadcasts
* a signal zero to all subscribers. This means that it's as easy as
* subscribing to signal 0 to get informed about an imminent shutdown.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void sig_soft_stop(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
soft_stop();
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
signal_unregister_handler(sh);
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_gc(NULL);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/*
* upon SIGTTOU, we pause everything
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void sig_pause(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
pause_proxies();
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_gc(NULL);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/*
* upon SIGTTIN, let's have a soft stop.
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void sig_listen(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
[MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c Managing listeners state is difficult because they have their own state and can at the same time have theirs dictated by their proxy. The pause is not done properly, as the proxy code is fiddling with sockets. By introducing new functions such as pause_listener()/resume_listener(), we make it a bit more obvious how/when they're supposed to be used. The listen_proxies() function was also renamed to resume_proxies() since it's only used for pause/resume. This patch is the first in a series aiming at getting rid of the maintain_proxies mess. In the end, proxies should not call enable_listener()/disable_listener() anymore.
2011-07-24 12:28:10 -04:00
resume_proxies();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/*
* this function dumps every server's state when the process receives SIGHUP.
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void sig_dump_state(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
struct proxy *p = proxies_list;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("SIGHUP received, dumping servers states.\n");
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
while (p) {
struct server *s = p->srv;
send_log(p, LOG_NOTICE, "SIGHUP received, dumping servers states for proxy %s.\n", p->id);
while (s) {
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_printf(&trash,
"SIGHUP: Server %s/%s is %s. Conn: %d act, %d pend, %lld tot.",
p->id, s->id,
MEDIUM: check: server states and weight propagation re-work The server state and weight was reworked to handle "pending" values updated by checks/CLI/LUA/agent. These values are commited to be propagated to the LB stack. In further dev related to multi-thread, the commit will be handled into a sync point. Pending values are named using the prefix 'next_' Current values used by the LB stack are named 'cur_'
2017-08-31 08:41:55 -04:00
(s->cur_state != SRV_ST_STOPPED) ? "UP" : "DOWN",
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
s->cur_sess, s->nbpend, s->counters.cum_sess);
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
ha_warning("%s\n", trash.area);
send_log(p, LOG_NOTICE, "%s\n", trash.area);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
s = s->next;
}
[MINOR] fix the SIGHUP message not to alert on server-less proxies The SIGHUP message was designed long before it was possible to have no server in a proxy. Remove the alert in case there's no server.
2007-09-17 05:27:09 -04:00
/* FIXME: those info are a bit outdated. We should be able to distinguish between FE and BE. */
if (!p->srv) {
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_printf(&trash,
"SIGHUP: Proxy %s has no servers. Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld.",
p->id,
p->feconn, p->beconn, p->totpend, p->nbpend, p->fe_counters.cum_conn, p->be_counters.cum_conn);
[MINOR] fix the SIGHUP message not to alert on server-less proxies The SIGHUP message was designed long before it was possible to have no server in a proxy. Remove the alert in case there's no server.
2007-09-17 05:27:09 -04:00
} else if (p->srv_act == 0) {
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_printf(&trash,
"SIGHUP: Proxy %s %s ! Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld.",
p->id,
(p->srv_bck) ? "is running on backup servers" : "has no server available",
p->feconn, p->beconn, p->totpend, p->nbpend, p->fe_counters.cum_conn, p->be_counters.cum_conn);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else {
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_printf(&trash,
"SIGHUP: Proxy %s has %d active servers and %d backup servers available."
" Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld.",
p->id, p->srv_act, p->srv_bck,
p->feconn, p->beconn, p->totpend, p->nbpend, p->fe_counters.cum_conn, p->be_counters.cum_conn);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
ha_warning("%s\n", trash.area);
send_log(p, LOG_NOTICE, "%s\n", trash.area);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
p = p->next;
}
}
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void dump(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
[MAJOR] migrated task, tree64 and session to pool2 task and tree64 are already very close in size and are merged together. Overall performance gained slightly by this simple change.
2007-05-13 13:43:47 -04:00
/* dump memory usage then free everything possible */
dump_pools();
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_gc(NULL);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
/*
* This function dup2 the stdio FDs (0,1,2) with <fd>, then closes <fd>
* If <fd> < 0, it opens /dev/null and use it to dup
*
* In the case of chrooting, you have to open /dev/null before the chroot, and
* pass the <fd> to this function
*/
static void stdio_quiet(int fd)
{
if (fd < 0)
fd = open("/dev/null", O_RDWR, 0);
if (fd > -1) {
fclose(stdin);
fclose(stdout);
fclose(stderr);
dup2(fd, 0);
dup2(fd, 1);
dup2(fd, 2);
if (fd > 2)
close(fd);
return;
}
ha_alert("Cannot open /dev/null\n");
exit(EXIT_FAILURE);
}
CLEANUP: Fix some typos in the haproxy subsystem Fix some typos in the code comments of the haproxy subsystem.
2018-11-15 13:41:50 -05:00
/* This function checks if cfg_cfgfiles contains directories.
* If it finds one, it adds all the files (and only files) it contains
* in cfg_cfgfiles in place of the directory (and removes the directory).
* It adds the files in lexical order.
* It adds only files with .cfg extension.
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
* It doesn't add files with name starting with '.'
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void cfgfiles_expand_directories(void)
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
{
struct wordlist *wl, *wlb;
char *err = NULL;
list_for_each_entry_safe(wl, wlb, &cfg_cfgfiles, list) {
struct stat file_stat;
struct dirent **dir_entries = NULL;
int dir_entries_nb;
int dir_entries_it;
if (stat(wl->s, &file_stat)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot open configuration file/directory %s : %s\n",
wl->s,
strerror(errno));
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
if (!S_ISDIR(file_stat.st_mode))
continue;
/* from this point wl->s is a directory */
dir_entries_nb = scandir(wl->s, &dir_entries, NULL, alphasort);
if (dir_entries_nb < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot open configuration directory %s : %s\n",
wl->s,
strerror(errno));
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
/* for each element in the directory wl->s */
for (dir_entries_it = 0; dir_entries_it < dir_entries_nb; dir_entries_it++) {
struct dirent *dir_entry = dir_entries[dir_entries_it];
char *filename = NULL;
char *d_name_cfgext = strstr(dir_entry->d_name, ".cfg");
/* don't add filename that begin with .
CLEANUP: Fix some typos in the haproxy subsystem Fix some typos in the code comments of the haproxy subsystem.
2018-11-15 13:41:50 -05:00
* only add filename with .cfg extension
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
*/
if (dir_entry->d_name[0] == '.' ||
!(d_name_cfgext && d_name_cfgext[4] == '\0'))
goto next_dir_entry;
if (!memprintf(&filename, "%s/%s", wl->s, dir_entry->d_name)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot load configuration files %s : out of memory.\n",
filename);
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
if (stat(filename, &file_stat)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot open configuration file %s : %s\n",
wl->s,
strerror(errno));
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
/* don't add anything else than regular file in cfg_cfgfiles
* this way we avoid loops
*/
if (!S_ISREG(file_stat.st_mode))
goto next_dir_entry;
if (!list_append_word(&wl->list, filename, &err)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot load configuration files %s : %s\n",
filename,
err);
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
next_dir_entry:
free(filename);
free(dir_entry);
}
free(dir_entries);
/* remove the current directory (wl) from cfg_cfgfiles */
free(wl->s);
LIST_DEL(&wl->list);
free(wl);
}
free(err);
}
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
static int get_old_sockets(const char *unixsocket)
{
char *cmsgbuf = NULL, *tmpbuf = NULL;
int *tmpfd = NULL;
struct sockaddr_un addr;
struct cmsghdr *cmsg;
struct msghdr msghdr;
struct iovec iov;
struct xfer_sock_list *xfer_sock = NULL;
MINOR: socket transfer: Set a timeout on the socket. Make sure we're not stuck forever by setting a timeout on the socket.
2017-04-06 08:45:14 -04:00
struct timeval tv = { .tv_sec = 1, .tv_usec = 0 };
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
int sock = -1;
int ret = -1;
int ret2 = -1;
int fd_nb;
int got_fd = 0;
int i = 0;
size_t maxoff = 0, curoff = 0;
memset(&msghdr, 0, sizeof(msghdr));
cmsgbuf = malloc(CMSG_SPACE(sizeof(int)) * MAX_SEND_FD);
if (!cmsgbuf) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory to send sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
sock = socket(PF_UNIX, SOCK_STREAM, 0);
if (sock < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to connect to the old process socket '%s'\n",
unixsocket);
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
strncpy(addr.sun_path, unixsocket, sizeof(addr.sun_path));
addr.sun_path[sizeof(addr.sun_path) - 1] = 0;
addr.sun_family = PF_UNIX;
ret = connect(sock, (struct sockaddr *)&addr, sizeof(addr));
if (ret < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to connect to the old process socket '%s'\n",
unixsocket);
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
MINOR: socket transfer: Set a timeout on the socket. Make sure we're not stuck forever by setting a timeout on the socket.
2017-04-06 08:45:14 -04:00
setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (void *)&tv, sizeof(tv));
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
iov.iov_base = &fd_nb;
iov.iov_len = sizeof(fd_nb);
msghdr.msg_iov = &iov;
msghdr.msg_iovlen = 1;
send(sock, "_getsocks\n", strlen("_getsocks\n"), 0);
/* First, get the number of file descriptors to be received */
if (recvmsg(sock, &msghdr, MSG_WAITALL) != sizeof(fd_nb)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to get the number of sockets to be transferred !\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
if (fd_nb == 0) {
ret = 0;
goto out;
}
BUILD: use MAXPATHLEN instead of NAME_MAX. This fixes building on at least Solaris, where NAME_MAX doesn't exist.
2017-11-04 10:13:01 -04:00
tmpbuf = malloc(fd_nb * (1 + MAXPATHLEN + 1 + IFNAMSIZ + sizeof(int)));
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
if (tmpbuf == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory while receiving sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
tmpfd = malloc(fd_nb * sizeof(int));
if (tmpfd == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory while receiving sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
msghdr.msg_control = cmsgbuf;
msghdr.msg_controllen = CMSG_SPACE(sizeof(int)) * MAX_SEND_FD;
BUILD: use MAXPATHLEN instead of NAME_MAX. This fixes building on at least Solaris, where NAME_MAX doesn't exist.
2017-11-04 10:13:01 -04:00
iov.iov_len = MAX_SEND_FD * (1 + MAXPATHLEN + 1 + IFNAMSIZ + sizeof(int));
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
do {
int ret3;
iov.iov_base = tmpbuf + curoff;
ret = recvmsg(sock, &msghdr, 0);
if (ret == -1 && errno == EINTR)
continue;
if (ret <= 0)
break;
/* Send an ack to let the sender know we got the sockets
* and it can send some more
*/
do {
ret3 = send(sock, &got_fd, sizeof(got_fd), 0);
} while (ret3 == -1 && errno == EINTR);
for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg != NULL;
cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
if (cmsg->cmsg_level == SOL_SOCKET &&
cmsg->cmsg_type == SCM_RIGHTS) {
size_t totlen = cmsg->cmsg_len -
CMSG_LEN(0);
if (totlen / sizeof(int) + got_fd > fd_nb) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Got to many sockets !\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
/*
* Be paranoid and use memcpy() to avoid any
* potential alignement issue.
*/
memcpy(&tmpfd[got_fd], CMSG_DATA(cmsg), totlen);
got_fd += totlen / sizeof(int);
}
}
curoff += ret;
} while (got_fd < fd_nb);
if (got_fd != fd_nb) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("We didn't get the expected number of sockets (expecting %d got %d)\n",
fd_nb, got_fd);
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
maxoff = curoff;
curoff = 0;
for (i = 0; i < got_fd; i++) {
int fd = tmpfd[i];
socklen_t socklen;
int len;
xfer_sock = calloc(1, sizeof(*xfer_sock));
if (!xfer_sock) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory in get_old_sockets() !\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
break;
}
xfer_sock->fd = -1;
socklen = sizeof(xfer_sock->addr);
if (getsockname(fd, (struct sockaddr *)&xfer_sock->addr, &socklen) != 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to get socket address\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
free(xfer_sock);
BUG/MINOR: Prevent a use-after-free on error scenario on option "-x". This was introduced with recent commit f73629d ("MINOR: global: Add an option to get the old listening sockets."). No backport is needed.
2017-07-17 11:25:33 -04:00
xfer_sock = NULL;
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
continue;
}
if (curoff >= maxoff) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Inconsistency while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
len = tmpbuf[curoff++];
if (len > 0) {
/* We have a namespace */
if (curoff + len > maxoff) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Inconsistency while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
xfer_sock->namespace = malloc(len + 1);
if (!xfer_sock->namespace) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
memcpy(xfer_sock->namespace, &tmpbuf[curoff], len);
xfer_sock->namespace[len] = 0;
curoff += len;
}
if (curoff >= maxoff) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Inconsistency while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
len = tmpbuf[curoff++];
if (len > 0) {
/* We have an interface */
if (curoff + len > maxoff) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Inconsistency while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
xfer_sock->iface = malloc(len + 1);
if (!xfer_sock->iface) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
memcpy(xfer_sock->iface, &tmpbuf[curoff], len);
BUG/MINOR: seemless reload: Fix crash when an interface is specified. When doing a seemless reload, while receiving the sockets from the old process the new process will die if the socket has been bound to a specific interface. This happens because the code that tries to parse the informations bogusly try to set xfer_sock->namespace, while it should be setting wfer_sock->iface. This should be backported to 1.8.
2018-03-15 12:48:49 -04:00
xfer_sock->iface[len] = 0;
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
curoff += len;
}
if (curoff + sizeof(int) > maxoff) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Inconsistency while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
memcpy(&xfer_sock->options, &tmpbuf[curoff],
sizeof(xfer_sock->options));
curoff += sizeof(xfer_sock->options);
xfer_sock->fd = fd;
if (xfer_sock_list)
xfer_sock_list->prev = xfer_sock;
xfer_sock->next = xfer_sock_list;
xfer_sock->prev = NULL;
xfer_sock_list = xfer_sock;
xfer_sock = NULL;
}
ret2 = 0;
out:
/* If we failed midway make sure to close the remaining
* file descriptors
*/
if (tmpfd != NULL && i < got_fd) {
for (; i < got_fd; i++) {
close(tmpfd[i]);
}
}
free(tmpbuf);
free(tmpfd);
free(cmsgbuf);
if (sock != -1)
close(sock);
if (xfer_sock) {
free(xfer_sock->namespace);
free(xfer_sock->iface);
if (xfer_sock->fd != -1)
close(xfer_sock->fd);
free(xfer_sock);
}
return (ret2);
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/*
* copy and cleanup the current argv
* Remove the -sf /-st parameters
* Return an allocated copy of argv
*/
static char **copy_argv(int argc, char **argv)
{
char **newargv;
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
int i = 0, j = 0;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
newargv = calloc(argc + 2, sizeof(char *));
if (newargv == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Cannot allocate memory\n");
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
return NULL;
}
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
while (i < argc) {
/* -sf or -st or -x */
BUG/MEDIUM: mworker: execvp failure depending on argv[0] The copy_argv() function lacks a check on '-' to remove the -x, -sf and -st parameters. When reloading a master process with a path starting by /st, /sf, or /x.. the copy_argv() function skipped argv[0] leading to an execvp() without the binary.
2018-01-09 17:12:27 -05:00
if (i > 0 && argv[i][0] == '-' &&
((argv[i][1] == 's' && (argv[i][2] == 'f' || argv[i][2] == 't')) || argv[i][1] == 'x' )) {
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
/* list of pids to finish ('f') or terminate ('t') or unix socket (-x) */
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
i++;
while (i < argc && argv[i][0] != '-') {
i++;
}
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
continue;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
}
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
newargv[j++] = argv[i++];
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
}
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
return newargv;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* This function initializes all the necessary variables. It only returns
* if everything is OK. If something fails, it exits.
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void init(int argc, char **argv)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
int arg_mode = 0; /* MODE_DEBUG, ... */
char *tmp;
char *cfg_pidfile = NULL;
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
int err_code = 0;
MEDIUM: init: use list_append_word in haproxy.c replace LIST_ADDQ with list_append_word
2016-05-13 17:52:55 -04:00
char *err_msg = NULL;
[MEDIUM] config: remove the limitation of 10 config files Now we use a linked list, there is no limit anymore.
2010-01-03 15:12:30 -05:00
struct wordlist *wl;
[MINOR] log: ability to override the syslog tag One of the requirements we have is to run multiple instances of haproxy on a single host; this is so that we can split the responsibilities (and change permissions) between product teams. An issue we ran up against is how we would distinguish between the logs generated by each instance. The solution we came up with (please let me know if there is a better way) is to override the application tag written to syslog. We can then configure syslog to write these to different files. I have attached a patch adding a global option 'log-tag' to override the default syslog tag 'haproxy' (actually defaults to argv[0]).
2010-12-22 11:08:21 -05:00
char *progname;
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
char *change_dir = NULL;
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
struct proxy *px;
MINOR: haproxy: add a registration for post-check functions There's a significant amount of late initialization calls which are performed after the point where we exit in check mode. These calls are used to allocate resource and perform certain slow operations. Let's have a way to register some functions which need to be called there instead of having this multitude of #ifdef in the init path.
2016-12-21 13:57:00 -05:00
struct post_check_fct *pcf;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: startup: Extend the scope the MODE_STARTING flag Now, MODE_STARTING is set at the begining to init function and it is removed just before the polling loop. So more alerts or warnings are saved.
2017-10-24 07:53:54 -04:00
global.mode = MODE_STARTING;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
next_argv = copy_argv(argc, argv);
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
if (!init_trash_buffers(1)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("failed to initialize trash buffers.\n");
MINOR: chunks: Use dedicated function to init/deinit trash buffers Now, we use init_trash_buffers and deinit_trash_buffers to, respectively, initialize and deinitialize trash buffers (trash, trash_buf1 and trash_buf2). These functions have been introduced to be used by threads, to deal with thread-local trash buffers.
2017-07-26 08:59:46 -04:00
exit(1);
}
BUG/MAJOR: trash must always be the size of a buffer Before it was possible to resize the buffers using global.tune.bufsize, the trash has always been the size of a buffer by design. Unfortunately, the recent buffer sizing at runtime forgot to adjust the trash, resulting in it being too short for content rewriting if buffers were enlarged from the default value. The bug was encountered in 1.4 so the fix must be backported there.
2012-05-16 08:16:48 -04:00
[MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management Add cmdline option -L to configure local peer name
2010-09-23 12:30:22 -04:00
/* NB: POSIX does not make it mandatory for gethostname() to NULL-terminate
* the string in case of truncation, and at least FreeBSD appears not to do
* it.
*/
memset(hostname, 0, sizeof(hostname));
gethostname(hostname, sizeof(hostname) - 1);
memset(localpeer, 0, sizeof(localpeer));
memcpy(localpeer, hostname, (sizeof(hostname) > sizeof(localpeer) ? sizeof(localpeer) : sizeof(hostname)) - 1);
MINOR: export localpeer as an environment variable Export localpeer as the environment variable $HAPROXY_LOCALPEER, allowing to use this variable in the configuration file. It's useful to use this variable in the case of synchronized configuration between peers.
2018-04-17 10:46:13 -04:00
setenv("HAPROXY_LOCALPEER", localpeer, 1);
[MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management Add cmdline option -L to configure local peer name
2010-09-23 12:30:22 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* Initialize the previously static variables.
*/
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
MEDIUM: polling: start to move maxfd computation to the pollers Since only select() and poll() still make use of maxfd, let's move its computation right there in the pollers themselves, and only during each fd update pass. The computation doesn't need a lock anymore, only a few atomic ops. It will be accurate, be done much less often and will not be required anymore in the FD's fast patch. This provides a small performance increase of about 1% in connection rate when using epoll since we get rid of this computation which was performed under a lock.
2018-01-26 15:48:23 -05:00
totalconn = actconn = listeners = stopping = 0;
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
killed = 0;
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#ifdef HAPROXY_MEMMAX
BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced When memmax is forced using "-m", the per-process memory limit is enforced using setrlimit(), but this value is not used to compute the automatic maxconn limit. In addition, the per-process memory limit didn't consider the fact that the shared SSL cache only needs to be accounted once. The doc was also fixed to clearly state that "-m" is global and not per process. It makes sense because people who use -m want to protect the system's resources regardless of whatever appears in the configuration.
2015-12-14 06:46:07 -05:00
global.rlimit_memmax_all = HAPROXY_MEMMAX;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
BUG/MINOR: log: GMT offset not updated when entering/leaving DST GMT offset used in local time formats was computed at startup, but was not updated when DST status changed while running. For example these two RFC5424 syslog traces where emitted 5 seconds apart, just before and after DST changed: <14>1 2016-03-27T01:59:58+01:00 bunch-VirtualBox haproxy 2098 - - Connect ... <14>1 2016-03-27T03:00:03+01:00 bunch-VirtualBox haproxy 2098 - - Connect ... It looked like they were emitted more than 1 hour apart, unlike with the fix: <14>1 2016-03-27T01:59:58+01:00 bunch-VirtualBox haproxy 3381 - - Connect ... <14>1 2016-03-27T03:00:03+02:00 bunch-VirtualBox haproxy 3381 - - Connect ... This patch should be backported to 1.6 and partially to 1.5 (no fix needed in log.c).
2016-03-27 05:08:03 -04:00
tzset();
[MEDIUM] further improve monotonic clock by check forward jumps The first implementation of the monotonic clock did not verify forward jumps. The consequence is that a fast changing time may expire a lot of tasks. While it does seem minor, in fact it is problematic because most machines which boot with a wrong date are in the past and suddenly see their time jump by several years in the future. The solution is to check if we spent more apparent time in a poller than allowed (with a margin applied). The margin is currently set to 1000 ms. It should be large enough for any poll() to complete. Tests with randomly jumping clock show that the result is quite accurate (error less than 1 second at every change of more than one second).
2008-06-23 08:00:57 -04:00
tv_update_date(-1,-1);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
start_date = now;
MINOR: sample: add a rand() sample fetch to return a sample. Sometimes it can be useful to generate a random value, at least for debugging purposes, but also to take routing decisions or to pass such a value to a backend server.
2014-02-14 05:59:04 -05:00
srandom(now_ms - getpid());
MAJOR: acl: make all ACLs reference the fetch function via a sample. ACL fetch functions used to directly reference a fetch function. Now that all ACL fetches have their sample fetches equivalent, we can make ACLs reference a sample fetch keyword instead. In order to simplify the code, a sample keyword name may be NULL if it is the same as the ACL's, which is the most common case. A minor change appeared, http_auth always expects one argument though the ACL allowed it to be missing and reported as such afterwards, so fix the ACL to match this. This is not really a bug.
2013-01-11 09:49:37 -05:00
if (init_acl() != 0)
exit(1);
MEDIUM: initcall: use initcalls for a few initialization functions signal_init(), init_log(), init_stream(), and init_task() all used to only preset some values and lists. This needs to be done very early to provide a reliable interface to all other users. The calls used to be explicit in haproxy.c:init(). Now they're placed in initcalls at the STG_PREPARE stage. The functions are not exported anymore.
2018-11-26 10:31:20 -05:00
[BUG] variable buffer size ignored at initialization time Commit 27a674efb84bde8c045b87c9634f123e2f8925dc introduced the ability to configure buffer sizes. Unfortunately, the pool was created before the conf was read, so that is was always set to the default size. In order to fix that, we delay the call to init_buffer(), which is not a problem since nothing uses it during the initialization.
2009-09-23 17:37:52 -04:00
/* warning, we init buffers later */
REORG: http: move error codes production and processing to http.c These error codes and messages are agnostic to the version, even if they are represented as HTTP/1.0 messages. Ultimately they will have to be transformed into internal HTTP messages to be used everywhere. The HTTP/1.1 100 Continue message was turned to an IST and the local copy in the Lua code was removed.
2018-09-10 12:04:24 -04:00
if (!init_http(&err_msg)) {
ha_alert("%s. Aborting.\n", err_msg);
free(err_msg);
abort();
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: lua: lua integration in the build and init system. This is the first step of the lua integration. We add the useful files in the HAProxy project. These files contains the main includes, the Makefile options and empty initialisation function. Is is the LUA skeleton.
2015-01-23 08:06:13 -05:00
/* Initialise lua. */
hlua_init();
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
/* Initialize process vars */
vars_init(&global.vars, SCOPE_PROC);
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options |= GTUNE_USE_SELECT; /* select() is always available */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#if defined(ENABLE_POLL)
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options |= GTUNE_USE_POLL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
#if defined(ENABLE_EPOLL)
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options |= GTUNE_USE_EPOLL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
#if defined(ENABLE_KQUEUE)
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options |= GTUNE_USE_KQUEUE;
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
#endif
[MEDIUM] remove old experimental tcpsplice option This Linux-specific option was never really used in production and has since been superseded by new splicing options brought by recent Linux kernels. It caused several particular cases in the code because the kernel would take care of the session without haproxy being able to do anything on it, which became hard to handle in the new architecture. Let's simply get rid of it now that there is a replacement available.
2009-08-16 07:20:32 -04:00
#if defined(CONFIG_HAP_LINUX_SPLICE)
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
global.tune.options |= GTUNE_USE_SPLICE;
#endif
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
#if defined(USE_GETADDRINFO)
global.tune.options |= GTUNE_USE_GAI;
#endif
MEDIUM: make SO_REUSEPORT configurable With Linux officially introducing SO_REUSEPORT support in 3.9 and its mainstream adoption we have seen more people running into strange SO_REUSEPORT related issues (a process management issue turning into hard to diagnose problems because the kernel load-balances between the new and an obsolete haproxy instance). Also some people simply want the guarantee that the bind fails when the old process is still bound. This change makes SO_REUSEPORT configurable, introducing the command line argument "-dR" and the noreuseport configuration directive. A backport to 1.6 should be considered.
2016-09-12 17:42:20 -04:00
#if defined(SO_REUSEPORT)
global.tune.options |= GTUNE_USE_REUSEPORT;
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
pid = getpid();
progname = *argv;
while ((tmp = strchr(progname, '/')) != NULL)
progname = tmp + 1;
[MINOR] log: ability to override the syslog tag One of the requirements we have is to run multiple instances of haproxy on a single host; this is so that we can split the responsibilities (and change permissions) between product teams. An issue we ran up against is how we would distinguish between the logs generated by each instance. The solution we came up with (please let me know if there is a better way) is to override the application tag written to syslog. We can then configure syslog to write these to different files. I have attached a patch adding a global option 'log-tag' to override the default syslog tag 'haproxy' (actually defaults to argv[0]).
2010-12-22 11:08:21 -05:00
/* the process name is used for the logs only */
BUG/MEDIUM: logs: segfault writing to log from Lua Michael Ezzell reported a bug causing haproxy to segfault during startup when trying to send syslog message from Lua. The function __send_log() can be called with *p that is NULL and/or when the configuration is not fully parsed, as is the case with Lua. This patch fixes this problem by using individual vectors instead of the pre-generated strings log_htp and log_htp_rfc5424. Also, this patch fixes a problem causing haproxy to write the wrong pid in the logs -- the log_htp(_rfc5424) strings were generated at the haproxy start, but "pid" value would be changed after haproxy is started in daemon/systemd mode.
2015-10-01 07:18:13 -04:00
chunk_initstr(&global.log_tag, strdup(progname));
[MINOR] log: ability to override the syslog tag One of the requirements we have is to run multiple instances of haproxy on a single host; this is so that we can split the responsibilities (and change permissions) between product teams. An issue we ran up against is how we would distinguish between the logs generated by each instance. The solution we came up with (please let me know if there is a better way) is to override the application tag written to syslog. We can then configure syslog to write these to different files. I have attached a patch adding a global option 'log-tag' to override the default syslog tag 'haproxy' (actually defaults to argv[0]).
2010-12-22 11:08:21 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
argc--; argv++;
while (argc > 0) {
char *flag;
if (**argv == '-') {
flag = *argv+1;
/* 1 arg */
if (*flag == 'v') {
display_version();
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
if (flag[1] == 'v') /* -vv */
display_build_opts();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
exit(0);
}
#if defined(ENABLE_EPOLL)
else if (*flag == 'd' && flag[1] == 'e')
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_EPOLL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
#if defined(ENABLE_POLL)
else if (*flag == 'd' && flag[1] == 'p')
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_POLL;
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
#endif
[MINOR] copy-paste typo when checking for -dk to disable kqueue.
2007-04-10 16:45:11 -04:00
#if defined(ENABLE_KQUEUE)
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
else if (*flag == 'd' && flag[1] == 'k')
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_KQUEUE;
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
#endif
[MEDIUM] remove old experimental tcpsplice option This Linux-specific option was never really used in production and has since been superseded by new splicing options brought by recent Linux kernels. It caused several particular cases in the code because the kernel would take care of the session without haproxy being able to do anything on it, which became hard to handle in the new architecture. Let's simply get rid of it now that there is a replacement available.
2009-08-16 07:20:32 -04:00
#if defined(CONFIG_HAP_LINUX_SPLICE)
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
else if (*flag == 'd' && flag[1] == 'S')
global.tune.options &= ~GTUNE_USE_SPLICE;
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
#endif
#if defined(USE_GETADDRINFO)
else if (*flag == 'd' && flag[1] == 'G')
global.tune.options &= ~GTUNE_USE_GAI;
MEDIUM: make SO_REUSEPORT configurable With Linux officially introducing SO_REUSEPORT support in 3.9 and its mainstream adoption we have seen more people running into strange SO_REUSEPORT related issues (a process management issue turning into hard to diagnose problems because the kernel load-balances between the new and an obsolete haproxy instance). Also some people simply want the guarantee that the bind fails when the old process is still bound. This change makes SO_REUSEPORT configurable, introducing the command line argument "-dR" and the noreuseport configuration directive. A backport to 1.6 should be considered.
2016-09-12 17:42:20 -04:00
#endif
#if defined(SO_REUSEPORT)
else if (*flag == 'd' && flag[1] == 'R')
global.tune.options &= ~GTUNE_USE_REUSEPORT;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
else if (*flag == 'd' && flag[1] == 'V')
global.ssl_server_verify = SSL_SERVER_VERIFY_NONE;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'V')
arg_mode |= MODE_VERBOSE;
else if (*flag == 'd' && flag[1] == 'b')
arg_mode |= MODE_FOREGROUND;
MEDIUM: memory: add the ability to poison memory at run time From time to time, some bugs are discovered that are caused by non-initialized memory areas. It happens that most platforms return a zero-filled area upon first malloc() thus hiding potential bugs. This patch also replaces malloc() in pools with calloc() to ensure that all platforms exhibit the same behaviour upon startup. In order to catch these bugs more easily, add a -dM command line flag to enable memory poisonning. Optionally, passing -dM<byte> forces the poisonning byte to <byte>.
2012-05-08 09:40:42 -04:00
else if (*flag == 'd' && flag[1] == 'M')
mem_poison_byte = flag[2] ? strtol(flag + 2, NULL, 0) : 'P';
MINOR: init: add -dr to ignore server address resolution failures It is very common when validating a configuration out of production not to have access to the same resolvers and to fail on server address resolution, making it difficult to test a configuration. This option simply appends the "none" method to the list of address resolution methods for all servers, ensuring that even if the libc fails to resolve an address, the startup sequence is not interrupted.
2016-11-07 15:03:16 -05:00
else if (*flag == 'd' && flag[1] == 'r')
global.tune.options |= GTUNE_RESOLVE_DONTFAIL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'd')
arg_mode |= MODE_DEBUG;
else if (*flag == 'c')
arg_mode |= MODE_CHECK;
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
else if (*flag == 'D')
[MINOR] startup: don't imply -q with -D It is recommended to have -D in init scripts, but -D also implies quiet mode, which hides warning messages, and both options are now completely unrelated. Remove the implication to get warnings with -D.
2009-05-18 10:29:51 -04:00
arg_mode |= MODE_DAEMON;
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
else if (*flag == 'W' && flag[1] == 's') {
BUG/MINOR: systemd: ignore daemon mode Since we switched to notify mode in the systemd unit file in commit d6942c8, haproxy won't start if the daemon keyword is present in the configuration. This change makes sure that haproxy remains in foreground when using systemd mode and adds a note in the documentation.
2017-11-21 06:39:34 -05:00
arg_mode |= MODE_MWORKER | MODE_FOREGROUND;
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
global.tune.options |= GTUNE_USE_SYSTEMD;
#else
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("master-worker mode with systemd support (-Ws) requested, but not compiled. Use master-worker mode (-W) if you are not using Type=notify in your unit file or recompile with USE_SYSTEMD=1.\n\n");
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
usage(progname);
#endif
}
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
else if (*flag == 'W')
arg_mode |= MODE_MWORKER;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'q')
arg_mode |= MODE_QUIET;
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
else if (*flag == 'x') {
BUG/MEDIUM: fix segfault when no argument to -x option This patch fixes a segfault in the command line parser. When haproxy is launched with -x with no argument and -x is the latest option in argv it segfaults. Use usage() insteads of exit() on error.
2017-06-19 09:57:55 -04:00
if (argc <= 1 || argv[1][0] == '-') {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Unix socket path expected with the -x flag\n\n");
BUG/MEDIUM: fix segfault when no argument to -x option This patch fixes a segfault in the command line parser. When haproxy is launched with -x with no argument and -x is the latest option in argv it segfaults. Use usage() insteads of exit() on error.
2017-06-19 09:57:55 -04:00
usage(progname);
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
}
MINOR: warning on multiple -x Multiple use of the -x option is useless, emit a warning.
2017-06-19 10:37:19 -04:00
if (old_unixsocket)
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("-x option already set, overwriting the value\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
old_unixsocket = argv[1];
MINOR: warning on multiple -x Multiple use of the -x option is useless, emit a warning.
2017-06-19 10:37:19 -04:00
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
argv++;
argc--;
}
MEDIUM: mworker: create CLI listeners from argv[] This patch introduces mworker_cli_proxy_new_listener() which allows the creation of new listeners for the CLI proxy. Using this function it is possible to create new listeners from the program arguments with -Sa <unix_socket>. It is allowed to create multiple listeners with several -Sa.
2018-10-26 08:47:36 -04:00
else if (*flag == 'S') {
struct wordlist *c;
if (argc <= 1 || argv[1][0] == '-') {
ha_alert("Socket and optional bind parameters expected with the -S flag\n");
usage(progname);
}
if ((c = malloc(sizeof(*c))) == NULL || (c->s = strdup(argv[1])) == NULL) {
ha_alert("Cannot allocate memory\n");
exit(EXIT_FAILURE);
}
LIST_ADD(&mworker_cli_conf, &c->list);
argv++;
argc--;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 's' && (flag[1] == 'f' || flag[1] == 't')) {
/* list of pids to finish ('f') or terminate ('t') */
if (flag[1] == 'f')
oldpids_sig = SIGUSR1; /* finish then exit */
else
oldpids_sig = SIGTERM; /* terminate immediately */
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
while (argc > 1 && argv[1][0] != '-') {
MINOR: init: emit warning when -sf/-sd cannot parse argument Previously, -sf and -sd command line parsing used atol which cannot detect errors. I had a problem where I was doing -sf "$pid1 $pid2 $pid" and it was sending the gracefully terminate signal only to the first pid. The change uses strtol and checks endptr and errno to see if the parsing worked. It will exit when the pid list is not parsed. [wt: this should be backported to 1.8]
2018-02-05 18:15:44 -05:00
char * endptr = NULL;
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
oldpids = realloc(oldpids, (nb_oldpids + 1) * sizeof(int));
if (!oldpids) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot allocate old pid : out of memory.\n");
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
exit(1);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
argc--; argv++;
MINOR: init: emit warning when -sf/-sd cannot parse argument Previously, -sf and -sd command line parsing used atol which cannot detect errors. I had a problem where I was doing -sf "$pid1 $pid2 $pid" and it was sending the gracefully terminate signal only to the first pid. The change uses strtol and checks endptr and errno to see if the parsing worked. It will exit when the pid list is not parsed. [wt: this should be backported to 1.8]
2018-02-05 18:15:44 -05:00
errno = 0;
oldpids[nb_oldpids] = strtol(*argv, &endptr, 10);
if (errno) {
ha_alert("-%2s option: failed to parse {%s}: %s\n",
flag,
*argv, strerror(errno));
exit(1);
} else if (endptr && strlen(endptr)) {
while (isspace(*endptr)) endptr++;
BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st The codes tries to strip trailing spaces of arguments but due to missing brackets, it will always exit. It can be reproduced with this (silly) example: $ haproxy -f /etc/haproxy/haproxy.cfg -sf 1234 "1235 " 1236 $ echo $? 1 This was introduced in commit 236062f7c ("MINOR: init: emit warning when -sf/-sd cannot parse argument") Signed-off-by: Aurélien Nephtali <aurelien.nephtali@gmail.com>
2018-02-17 14:53:11 -05:00
if (*endptr != 0) {
MINOR: init: emit warning when -sf/-sd cannot parse argument Previously, -sf and -sd command line parsing used atol which cannot detect errors. I had a problem where I was doing -sf "$pid1 $pid2 $pid" and it was sending the gracefully terminate signal only to the first pid. The change uses strtol and checks endptr and errno to see if the parsing worked. It will exit when the pid list is not parsed. [wt: this should be backported to 1.8]
2018-02-05 18:15:44 -05:00
ha_alert("-%2s option: some bytes unconsumed in PID list {%s}\n",
flag, endptr);
exit(1);
BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st The codes tries to strip trailing spaces of arguments but due to missing brackets, it will always exit. It can be reproduced with this (silly) example: $ haproxy -f /etc/haproxy/haproxy.cfg -sf 1234 "1235 " 1236 $ echo $? 1 This was introduced in commit 236062f7c ("MINOR: init: emit warning when -sf/-sd cannot parse argument") Signed-off-by: Aurélien Nephtali <aurelien.nephtali@gmail.com>
2018-02-17 14:53:11 -05:00
}
MINOR: init: emit warning when -sf/-sd cannot parse argument Previously, -sf and -sd command line parsing used atol which cannot detect errors. I had a problem where I was doing -sf "$pid1 $pid2 $pid" and it was sending the gracefully terminate signal only to the first pid. The change uses strtol and checks endptr and errno to see if the parsing worked. It will exit when the pid list is not parsed. [wt: this should be backported to 1.8]
2018-02-05 18:15:44 -05:00
}
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
if (oldpids[nb_oldpids] <= 0)
usage(progname);
nb_oldpids++;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
MEDIUM: init: support a list of files on the command line HAProxy could already support being passed a file list on the command line, by passing multiple times "-f" followed by a file name. People have been complaining that it made it hard to pass file lists from init scripts. This patch introduces an end of arguments using the common "--" tag, after which only file names may appear. These files are then added to the existing list of other files specified using -f and are loaded in their declaration order. Thus it becomes possible to do something like this : haproxy -sf $(pidof haproxy) -- /etc/haproxy/global.cfg /etc/haproxy/customers/*.cfg
2015-10-08 05:58:48 -04:00
else if (flag[0] == '-' && flag[1] == 0) { /* "--" */
/* now that's a cfgfile list */
argv++; argc--;
while (argc > 0) {
MEDIUM: init: use list_append_word in haproxy.c replace LIST_ADDQ with list_append_word
2016-05-13 17:52:55 -04:00
if (!list_append_word(&cfg_cfgfiles, *argv, &err_msg)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot load configuration file/directory %s : %s\n",
*argv,
err_msg);
MEDIUM: init: support a list of files on the command line HAProxy could already support being passed a file list on the command line, by passing multiple times "-f" followed by a file name. People have been complaining that it made it hard to pass file lists from init scripts. This patch introduces an end of arguments using the common "--" tag, after which only file names may appear. These files are then added to the existing list of other files specified using -f and are loaded in their declaration order. Thus it becomes possible to do something like this : haproxy -sf $(pidof haproxy) -- /etc/haproxy/global.cfg /etc/haproxy/customers/*.cfg
2015-10-08 05:58:48 -04:00
exit(1);
}
argv++; argc--;
}
break;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else { /* >=2 args */
argv++; argc--;
if (argc == 0)
[CLEANUP] startup: report only the basename in the usage message Don't write the full path to the program, just the program name.
2011-09-10 13:20:23 -04:00
usage(progname);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
switch (*flag) {
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
case 'C' : change_dir = *argv; break;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
case 'n' : cfg_maxconn = atol(*argv); break;
BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced When memmax is forced using "-m", the per-process memory limit is enforced using setrlimit(), but this value is not used to compute the automatic maxconn limit. In addition, the per-process memory limit didn't consider the fact that the shared SSL cache only needs to be accounted once. The doc was also fixed to clearly state that "-m" is global and not per process. It makes sense because people who use -m want to protect the system's resources regardless of whatever appears in the configuration.
2015-12-14 06:46:07 -05:00
case 'm' : global.rlimit_memmax_all = atol(*argv); break;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
case 'N' : cfg_maxpconn = atol(*argv); break;
MINOR: export localpeer as an environment variable Export localpeer as the environment variable $HAPROXY_LOCALPEER, allowing to use this variable in the configuration file. It's useful to use this variable in the case of synchronized configuration between peers.
2018-04-17 10:46:13 -04:00
case 'L' :
strncpy(localpeer, *argv, sizeof(localpeer) - 1);
setenv("HAPROXY_LOCALPEER", localpeer, 1);
break;
[MEDIUM] config: support loading multiple configuration files We now support up to 10 distinct configuration files. They are all loaded in the order defined by -f <file1> -f <file2> ... This can be useful in order to store global, private, public, etc... configurations in distinct files.
2009-06-22 10:02:30 -04:00
case 'f' :
MEDIUM: init: use list_append_word in haproxy.c replace LIST_ADDQ with list_append_word
2016-05-13 17:52:55 -04:00
if (!list_append_word(&cfg_cfgfiles, *argv, &err_msg)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot load configuration file/directory %s : %s\n",
*argv,
err_msg);
[MEDIUM] config: support loading multiple configuration files We now support up to 10 distinct configuration files. They are all loaded in the order defined by -f <file1> -f <file2> ... This can be useful in order to store global, private, public, etc... configurations in distinct files.
2009-06-22 10:02:30 -04:00
exit(1);
}
break;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
case 'p' : cfg_pidfile = *argv; break;
[CLEANUP] startup: report only the basename in the usage message Don't write the full path to the program, just the program name.
2011-09-10 13:20:23 -04:00
default: usage(progname);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
}
else
[CLEANUP] startup: report only the basename in the usage message Don't write the full path to the program, just the program name.
2011-09-10 13:20:23 -04:00
usage(progname);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
argv++; argc--;
}
MINOR: startup: Extend the scope the MODE_STARTING flag Now, MODE_STARTING is set at the begining to init function and it is removed just before the polling loop. So more alerts or warnings are saved.
2017-10-24 07:53:54 -04:00
global.mode |= (arg_mode & (MODE_DAEMON | MODE_MWORKER | MODE_FOREGROUND | MODE_VERBOSE
| MODE_QUIET | MODE_CHECK | MODE_DEBUG));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (getenv("HAPROXY_MWORKER_WAIT_ONLY")) {
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
unsetenv("HAPROXY_MWORKER_WAIT_ONLY");
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
global.mode |= MODE_MWORKER_WAIT;
global.mode &= ~MODE_MWORKER;
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
}
if ((global.mode & MODE_MWORKER) && (getenv("HAPROXY_MWORKER_REEXEC") != NULL)) {
atexit_flag = 1;
atexit(reexec_on_failure);
}
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
if (change_dir && chdir(change_dir) < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Could not change to directory %s : %s\n", change_dir, strerror(errno));
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
exit(1);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.maxsock = 10; /* reserve 10 fds ; will be incremented by socket eaters */
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
init_default_instance();
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
/* in wait mode, we don't try to read the configuration files */
if (!(global.mode & MODE_MWORKER_WAIT)) {
[BUG] config: fix error message when config file is not found Cameron Simpson reported an annoying case where haproxy simply reports "Error(s) found in configuration file" when the file is not found or not readable. Fortunately the parsing function still returns -1 in case of open error, so we're able to detect the issue from the caller and report the corresponding errno message.
2009-12-06 07:10:44 -05:00
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
/* handle cfgfiles that are actually directories */
cfgfiles_expand_directories();
if (LIST_ISEMPTY(&cfg_cfgfiles))
usage(progname);
list_for_each_entry(wl, &cfg_cfgfiles, list) {
int ret;
ret = readcfgfile(wl->s);
if (ret == -1) {
ha_alert("Could not open configuration file %s : %s\n",
wl->s, strerror(errno));
exit(1);
}
if (ret & (ERR_ABORT|ERR_FATAL))
ha_alert("Error(s) found in configuration file : %s\n", wl->s);
err_code |= ret;
if (err_code & ERR_ABORT)
exit(1);
[BUG] config: fix error message when config file is not found Cameron Simpson reported an annoying case where haproxy simply reports "Error(s) found in configuration file" when the file is not found or not readable. Fortunately the parsing function still returns -1 in case of open error, so we're able to detect the issue from the caller and report the corresponding errno message.
2009-12-06 07:10:44 -05:00
}
[MEDIUM] Spread health checks even more When one server appears at the same position in multiple backends, it receives all the checks from all the backends exactly at the same time because the health-checks are only spread within a backend but not globally. Attached patch implements per-server start delay in a different way. Checks are now spread globally - not locally to one backend. It also makes them start faster - IMHO there is no need to add a 'server->inter' when calculating first execution. Calculation were moved from cfgparse.c to checks.c. There is a new function start_checks() and now it is not called when haproxy is started in MODE_CHECK. With this patch it is also possible to set a global 'spread-checks' parameter. It takes a percentage value (1..50, probably something near 5..10 is a good idea) so haproxy adds or removes that many percent to the original interval after each check. My test shows that with 18 backends, 54 servers total and 10000ms/5% it takes about 45m to mix them completely. I decided to use rand/srand pseudo-random number generator. I am aware it is not recommend for a good randomness but a) we do not need a good random generator here b) it is probably the most portable one.
2007-10-14 17:40:01 -04:00
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
/* do not try to resolve arguments nor to spot inconsistencies when
* the configuration contains fatal errors caused by files not found
* or failed memory allocations.
*/
if (err_code & (ERR_ABORT|ERR_FATAL)) {
ha_alert("Fatal errors found in configuration.\n");
exit(1);
}
MEDIUM: config: don't check config validity when there are fatal errors Overall we do have an issue with the severity of a number of errors. Most fatal errors are reported with ERR_FATAL (which prevents startup) and not ERR_ABORT (which stops parsing ASAP), but check_config_validity() is still called on ERR_FATAL, and will most of the time report bogus errors. This is what caused smp_resolve_args() to be called on a number of unparsable ACLs, and it also is what reports incorrect ordering or unresolvable section names when certain entries could not be properly parsed. This patch stops this domino effect by simply aborting before trying to further check and resolve the configuration when it's already know that there are fatal errors. A concrete example comes from this config : userlist users : user foo insecure-password bar listen foo bind :1234 mode htttp timeout client 10S timeout server 10s timeout connect 10s stats uri /stats stats http-request auth unless { http_auth(users) } http-request redirect location /index.html if { path / } It contains a colon after the userlist name, a typo in the client timeout value, another one in "mode http" which cause some other configuration elements not to be properly handled. Previously it would confusingly report : [ALERT] 108/114851 (20224) : parsing [err-report.cfg:1] : 'userlist' cannot handle unexpected argument ':'. [ALERT] 108/114851 (20224) : parsing [err-report.cfg:6] : unknown proxy mode 'htttp'. [ALERT] 108/114851 (20224) : parsing [err-report.cfg:7] : unexpected character 'S' in 'timeout client' [ALERT] 108/114851 (20224) : Error(s) found in configuration file : err-report.cfg [ALERT] 108/114851 (20224) : parsing [err-report.cfg:11] : unable to find userlist 'users' referenced in arg 1 of ACL keyword 'http_auth' in proxy 'foo'. [WARNING] 108/114851 (20224) : config : missing timeouts for proxy 'foo'. | While not properly invalid, you will certainly encounter various problems | with such a configuration. To fix this, please ensure that all following | timeouts are set to a non-zero value: 'client', 'connect', 'server'. [WARNING] 108/114851 (20224) : config : 'stats' statement ignored for proxy 'foo' as it requires HTTP mode. [WARNING] 108/114851 (20224) : config : 'http-request' rules ignored for proxy 'foo' as they require HTTP mode. [ALERT] 108/114851 (20224) : Fatal errors found in configuration. The "requires HTTP mode" errors are just pollution resulting from the improper spelling of this mode earlier. The unresolved reference to the userlist is caused by the extra colon on the declaration, and the warning regarding the missing timeouts is caused by the wrong character. Now it more accurately reports : [ALERT] 108/114900 (20225) : parsing [err-report.cfg:1] : 'userlist' cannot handle unexpected argument ':'. [ALERT] 108/114900 (20225) : parsing [err-report.cfg:6] : unknown proxy mode 'htttp'. [ALERT] 108/114900 (20225) : parsing [err-report.cfg:7] : unexpected character 'S' in 'timeout client' [ALERT] 108/114900 (20225) : Error(s) found in configuration file : err-report.cfg [ALERT] 108/114900 (20225) : Fatal errors found in configuration. Despite not really a fix, this patch should be backported at least to 1.7, possibly even 1.6, and 1.5 since it hardens the config parser against certain bad situations like the recently reported use-after-free and the last null dereference.
2017-04-19 05:24:07 -04:00
}
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
if (global.mode & MODE_MWORKER) {
int proc;
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
struct mworker_proc *tmproc;
if (getenv("HAPROXY_MWORKER_REEXEC") == NULL) {
tmproc = malloc(sizeof(*tmproc));
if (!tmproc) {
ha_alert("Cannot allocate process structures.\n");
exit(EXIT_FAILURE);
}
tmproc->type = 'm'; /* master */
tmproc->reloads = 0;
tmproc->relative_pid = 0;
tmproc->pid = pid;
tmproc->timestamp = start_date.tv_sec;
tmproc->ipc_fd[0] = -1;
tmproc->ipc_fd[1] = -1;
proc_self = tmproc;
LIST_ADDQ(&proc_list, &tmproc->list);
}
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
for (proc = 0; proc < global.nbproc; proc++) {
tmproc = malloc(sizeof(*tmproc));
if (!tmproc) {
ha_alert("Cannot allocate process structures.\n");
exit(EXIT_FAILURE);
}
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
tmproc->type = 'w'; /* worker */
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
tmproc->pid = -1;
tmproc->reloads = 0;
MINOR: cli: displays uptime in `show proc` Displays the uptime of the workers in `show proc`
2018-11-19 12:46:17 -05:00
tmproc->timestamp = -1;
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
tmproc->relative_pid = 1 + proc;
MEDIUM: mworker: does not create the CLI proxy when no listener Does not create the CLI proxy if no -S argument was specified. It prevents a warning that says that the MASTER proxy does not have any bind option.
2018-11-06 11:37:12 -05:00
tmproc->ipc_fd[0] = -1;
tmproc->ipc_fd[1] = -1;
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
if (mworker_cli_sockpair_new(tmproc, proc) < 0) {
exit(EXIT_FAILURE);
}
LIST_ADDQ(&proc_list, &tmproc->list);
}
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
}
if (global.mode & (MODE_MWORKER|MODE_MWORKER_WAIT)) {
struct wordlist *it, *c;
MEDIUM: mworker: move proc_list gen before proxies startup We need to generate the process list before starting the proxies, because it will be used to create a proxy in the master
2018-10-26 08:47:33 -04:00
mworker_env_to_proc_list(); /* get the info of the children in the env */
MEDIUM: mworker: proxy for the master CLI This patch implements a listen proxy within the master. It uses the sockpair of all the workers as servers. In the current state of the code, the proxy is only doing round robin on the CLI of the workers. A CLI mode will be needed to know to which CLI send the requests.
2018-10-26 08:47:35 -04:00
MEDIUM: mworker: create CLI listeners from argv[] This patch introduces mworker_cli_proxy_new_listener() which allows the creation of new listeners for the CLI proxy. Using this function it is possible to create new listeners from the program arguments with -Sa <unix_socket>. It is allowed to create multiple listeners with several -Sa.
2018-10-26 08:47:36 -04:00
MEDIUM: mworker: does not create the CLI proxy when no listener Does not create the CLI proxy if no -S argument was specified. It prevents a warning that says that the MASTER proxy does not have any bind option.
2018-11-06 11:37:12 -05:00
if (!LIST_ISEMPTY(&mworker_cli_conf)) {
MEDIUM: mworker: create CLI listeners from argv[] This patch introduces mworker_cli_proxy_new_listener() which allows the creation of new listeners for the CLI proxy. Using this function it is possible to create new listeners from the program arguments with -Sa <unix_socket>. It is allowed to create multiple listeners with several -Sa.
2018-10-26 08:47:36 -04:00
MEDIUM: mworker: does not create the CLI proxy when no listener Does not create the CLI proxy if no -S argument was specified. It prevents a warning that says that the MASTER proxy does not have any bind option.
2018-11-06 11:37:12 -05:00
if (mworker_cli_proxy_create() < 0) {
MEDIUM: mworker: create CLI listeners from argv[] This patch introduces mworker_cli_proxy_new_listener() which allows the creation of new listeners for the CLI proxy. Using this function it is possible to create new listeners from the program arguments with -Sa <unix_socket>. It is allowed to create multiple listeners with several -Sa.
2018-10-26 08:47:36 -04:00
ha_alert("Can't create the master's CLI.\n");
exit(EXIT_FAILURE);
}
MEDIUM: mworker: does not create the CLI proxy when no listener Does not create the CLI proxy if no -S argument was specified. It prevents a warning that says that the MASTER proxy does not have any bind option.
2018-11-06 11:37:12 -05:00
list_for_each_entry_safe(c, it, &mworker_cli_conf, list) {
if (mworker_cli_proxy_new_listener(c->s) < 0) {
ha_alert("Can't create the master's CLI.\n");
exit(EXIT_FAILURE);
}
LIST_DEL(&c->list);
free(c->s);
free(c);
}
}
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
}
MINOR: pattern: Each pattern is identified by unique id. The pattern reference are stored with two identifiers: the unique_id and the reference. The reference identify a file. Each file with the same name point to the same reference. We can register many times one file. If the file is modified, all his dependencies are also modified. The reference can be used with map or acl. The unique_id identify inline acl. The unique id is unique for each acl. You cannot force the same id in the configuration file, because this repport an error. The format of the acl and map listing through the "socket" has changed for displaying these new ids.
2014-03-11 09:29:22 -04:00
pattern_finalize_config();
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
err_code |= check_config_validity();
if (err_code & (ERR_ABORT|ERR_FATAL)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Fatal errors found in configuration.\n");
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
exit(1);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced When memmax is forced using "-m", the per-process memory limit is enforced using setrlimit(), but this value is not used to compute the automatic maxconn limit. In addition, the per-process memory limit didn't consider the fact that the shared SSL cache only needs to be accounted once. The doc was also fixed to clearly state that "-m" is global and not per process. It makes sense because people who use -m want to protect the system's resources regardless of whatever appears in the configuration.
2015-12-14 06:46:07 -05:00
/* recompute the amount of per-process memory depending on nbproc and
* the shared SSL cache size (allowed to exist in all processes).
*/
if (global.rlimit_memmax_all) {
#if defined (USE_OPENSSL) && !defined(USE_PRIVATE_CACHE)
int64_t ssl_cache_bytes = global.tune.sslcachesize * 200LL;
global.rlimit_memmax =
((((int64_t)global.rlimit_memmax_all * 1048576LL) -
ssl_cache_bytes) / global.nbproc +
ssl_cache_bytes + 1048575LL) / 1048576LL;
#else
global.rlimit_memmax = global.rlimit_memmax_all / global.nbproc;
#endif
}
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 09:11:45 -05:00
#ifdef CONFIG_HAP_NS
err_code |= netns_init();
if (err_code & (ERR_ABORT|ERR_FATAL)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Failed to initialize namespace support.\n");
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 09:11:45 -05:00
exit(1);
}
#endif
MINOR: init: move apply_server_state in haproxy.c before MODE_CHECK Currently, the function which applies server states provided by the "old" process is applied after configuration sanity check. This results in the impossibility to check the validity of the state file during a regular config check, implying a full start is required, which can be a problem sometimes. This patch moves the loading of server_state file before MODE_CHECK.
2016-11-02 10:33:15 -04:00
/* Apply server states */
apply_server_state();
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
for (px = proxies_list; px; px = px->next)
MINOR: init: move apply_server_state in haproxy.c before MODE_CHECK Currently, the function which applies server states provided by the "old" process is applied after configuration sanity check. This results in the impossibility to check the validity of the state file during a regular config check, implying a full start is required, which can be a problem sometimes. This patch moves the loading of server_state file before MODE_CHECK.
2016-11-02 10:33:15 -04:00
srv_compute_all_admin_states(px);
MAJOR: server: postpone address resolution Server addresses are not resolved anymore upon the first pass so that we don't fail if an address cannot be resolved by the libc. Instead they are processed all at once after the configuration is fully loaded, by the new function srv_init_addr(). This function only acts on the server's address if this address uses an FQDN, which appears in server->hostname. For now the function does two things, to followup with HAProxy's historical default behavior: 1. apply server IP address found in server-state file if runtime DNS resolution is enabled for this server 2. use the DNS resolver provided by the libc If none of the 2 options above can find an IP address, then an error is returned. All of this will be needed to support the new server parameter "init-addr". For now, the biggest user-visible change is that all server resolution errors are dumped at once instead of causing a startup failure one by one.
2016-11-02 10:34:05 -04:00
/* Apply servers' configured address */
err_code |= srv_init_addr();
if (err_code & (ERR_ABORT|ERR_FATAL)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Failed to initialize server(s) addr.\n");
MAJOR: server: postpone address resolution Server addresses are not resolved anymore upon the first pass so that we don't fail if an address cannot be resolved by the libc. Instead they are processed all at once after the configuration is fully loaded, by the new function srv_init_addr(). This function only acts on the server's address if this address uses an FQDN, which appears in server->hostname. For now the function does two things, to followup with HAProxy's historical default behavior: 1. apply server IP address found in server-state file if runtime DNS resolution is enabled for this server 2. use the DNS resolver provided by the libc If none of the 2 options above can find an IP address, then an error is returned. All of this will be needed to support the new server parameter "init-addr". For now, the biggest user-visible change is that all server resolution errors are dumped at once instead of causing a startup failure one by one.
2016-11-02 10:34:05 -04:00
exit(1);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (global.mode & MODE_CHECK) {
MEDIUM: improve config check return codes When checking a configuration file using "-c -f xxx", sometimes it is reported that a config is valid while it will later fail (eg: no enabled listener). Instead, let's improve the return values : - return 0 if config is 100% OK - return 1 if config has errors - return 2 if config is OK but no listener nor peer is enabled
2012-02-02 11:48:18 -05:00
struct peers *pr;
struct proxy *px;
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
for (pr = cfg_peers; pr; pr = pr->next)
MEDIUM: improve config check return codes When checking a configuration file using "-c -f xxx", sometimes it is reported that a config is valid while it will later fail (eg: no enabled listener). Instead, let's improve the return values : - return 0 if config is 100% OK - return 1 if config has errors - return 2 if config is OK but no listener nor peer is enabled
2012-02-02 11:48:18 -05:00
if (pr->peers_fe)
break;
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
for (px = proxies_list; px; px = px->next)
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
if (px->state == PR_STNEW && !LIST_ISEMPTY(&px->conf.listeners))
MEDIUM: improve config check return codes When checking a configuration file using "-c -f xxx", sometimes it is reported that a config is valid while it will later fail (eg: no enabled listener). Instead, let's improve the return values : - return 0 if config is 100% OK - return 1 if config has errors - return 2 if config is OK but no listener nor peer is enabled
2012-02-02 11:48:18 -05:00
break;
if (pr || px) {
/* At least one peer or one listener has been found */
qfprintf(stdout, "Configuration file is valid\n");
exit(0);
}
qfprintf(stdout, "Configuration file has no error but will not start (no listener) => exit(2).\n");
exit(2);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MAJOR: threads/task: handle multithread on task scheduler 2 global locks have been added to protect, respectively, the run queue and the wait queue. And a process mask has been added on each task. Like for FDs, this mask is used to know which threads are allowed to process a task. For many tasks, all threads are granted. And this must be your first intension when you create a new task, else you have a good reason to make a task sticky on some threads. This is then the responsibility to the process callback to lock what have to be locked in the task context. Nevertheless, all tasks linked to a session must be sticky on the thread creating the session. It is important that I/O handlers processing session FDs and these tasks run on the same thread to avoid conflicts.
2017-09-27 08:59:38 -04:00
global_listener_queue_task = task_new(MAX_THREADS_MASK);
[MEDIUM] listeners: add a global listener management task This global task is used to periodically check for end of resource shortage and to try to enable queued listeners again. This is important in case some temporary system-wide shortage is encountered, so that we don't have to wait for an existing connection to be released before checking the queue again. For situations where listeners are queued due to the global maxconn being reached, the task is woken up at least every second. For situations where a system resource shortage is detected (memory, sockets, ...) the task is woken up at least every 100 ms. That way, recovery from severe events can still be achieved under acceptable conditions.
2011-08-01 14:57:55 -04:00
if (!global_listener_queue_task) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Out of memory when initializing global task\n");
[MEDIUM] listeners: add a global listener management task This global task is used to periodically check for end of resource shortage and to try to enable queued listeners again. This is important in case some temporary system-wide shortage is encountered, so that we don't have to wait for an existing connection to be released before checking the queue again. For situations where listeners are queued due to the global maxconn being reached, the task is woken up at least every second. For situations where a system resource shortage is detected (memory, sockets, ...) the task is woken up at least every 100 ms. That way, recovery from severe events can still be achieved under acceptable conditions.
2011-08-01 14:57:55 -04:00
exit(1);
}
/* very simple initialization, users will queue the task if needed */
global_listener_queue_task->context = NULL; /* not even a context! */
global_listener_queue_task->process = manage_global_listener_queue;
CLEANUP: channel: use "channel" instead of "buffer" in function names This is a massive rename of most functions which should make use of the word "channel" instead of the word "buffer" in their names. In concerns the following ones (new names) : unsigned long long channel_forward(struct channel *buf, unsigned long long bytes); static inline void channel_init(struct channel *buf) static inline int channel_input_closed(struct channel *buf) static inline int channel_output_closed(struct channel *buf) static inline void channel_check_timeouts(struct channel *b) static inline void channel_erase(struct channel *buf) static inline void channel_shutr_now(struct channel *buf) static inline void channel_shutw_now(struct channel *buf) static inline void channel_abort(struct channel *buf) static inline void channel_stop_hijacker(struct channel *buf) static inline void channel_auto_connect(struct channel *buf) static inline void channel_dont_connect(struct channel *buf) static inline void channel_auto_close(struct channel *buf) static inline void channel_dont_close(struct channel *buf) static inline void channel_auto_read(struct channel *buf) static inline void channel_dont_read(struct channel *buf) unsigned long long channel_forward(struct channel *buf, unsigned long long bytes) Some functions provided by channel.[ch] have kept their "buffer" name because they are really designed to act on the buffer according to some information gathered from the channel. They have been moved together to the same place in the file for better readability but they were not changed at all. The "buffer" memory pool was also renamed "channel".
2012-08-27 18:06:31 -04:00
/* now we know the buffer size, we can initialize the channels and buffers */
MAJOR: channel: replace the struct buffer with a pointer to a buffer With this commit, we now separate the channel from the buffer. This will allow us to replace buffers on the fly without touching the channel. Since nobody is supposed to keep a reference to a buffer anymore, doing so is not a problem and will also permit some copy-less data manipulation. Interestingly, these changes have shown a 2% performance increase on some workloads, probably due to a better cache placement of data.
2012-10-12 17:49:43 -04:00
init_buffer();
[BUG] variable buffer size ignored at initialization time Commit 27a674efb84bde8c045b87c9634f123e2f8925dc introduced the ability to configure buffer sizes. Unfortunately, the pool was created before the conf was read, so that is was always set to the default size. In order to fix that, we delay the call to init_buffer(), which is not a problem since nothing uses it during the initialization.
2009-09-23 17:37:52 -04:00
MINOR: haproxy: add a registration for post-check functions There's a significant amount of late initialization calls which are performed after the point where we exit in check mode. These calls are used to allocate resource and perform certain slow operations. Let's have a way to register some functions which need to be called there instead of having this multitude of #ifdef in the init path.
2016-12-21 13:57:00 -05:00
list_for_each_entry(pcf, &post_check_list, list) {
err_code |= pcf->fct();
if (err_code & (ERR_ABORT|ERR_FATAL))
exit(1);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (cfg_maxconn > 0)
global.maxconn = cfg_maxconn;
if (cfg_pidfile) {
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(global.pidfile);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.pidfile = strdup(cfg_pidfile);
}
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
/* Now we want to compute the maxconn and possibly maxsslconn values.
* It's a bit tricky. If memmax is not set, maxconn defaults to
* DEFAULT_MAXCONN and maxsslconn defaults to DEFAULT_MAXSSLCONN.
*
* If memmax is set, then it depends on which values are set. If
* maxsslconn is set, we use memmax to determine how many cleartext
* connections may be added, and set maxconn to the sum of the two.
* If maxconn is set and not maxsslconn, maxsslconn is computed from
* the remaining amount of memory between memmax and the cleartext
* connections. If neither are set, then it is considered that all
* connections are SSL-capable, and maxconn is computed based on this,
* then maxsslconn accordingly. We need to know if SSL is used on the
* frontends, backends, or both, because when it's used on both sides,
* we need twice the value for maxsslconn, but we only count the
* handshake once since it is not performed on the two sides at the
* same time (frontend-side is terminated before backend-side begins).
* The SSL stack is supposed to have filled ssl_session_cost and
MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn when possible") resulted in a case where if enough memory is available, a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting in possibly overflowing other systems resources (eg: kernel socket buffers, conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN if it is defined. Note that the value is set to DEFAULT_MAXCONN since SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
2015-01-28 13:03:21 -05:00
* ssl_handshake_cost during its initialization. In any case, if
* SYSTEM_MAXCONN is set, we still enforce it as an upper limit for
* maxconn in order to protect the system.
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
*/
if (!global.rlimit_memmax) {
if (global.maxconn == 0) {
global.maxconn = DEFAULT_MAXCONN;
if (global.mode & (MODE_VERBOSE|MODE_DEBUG))
fprintf(stderr, "Note: setting global.maxconn to %d.\n", global.maxconn);
}
}
#ifdef USE_OPENSSL
else if (!global.maxconn && !global.maxsslconn &&
(global.ssl_used_frontend || global.ssl_used_backend)) {
/* memmax is set, compute everything automatically. Here we want
* to ensure that all SSL connections will be served. We take
* care of the number of sides where SSL is used, and consider
* the worst case : SSL used on both sides and doing a handshake
* simultaneously. Note that we can't have more than maxconn
* handshakes at a time by definition, so for the worst case of
* two SSL conns per connection, we count a single handshake.
*/
int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
int64_t mem = global.rlimit_memmax * 1048576ULL;
mem -= global.tune.sslcachesize * 200; // about 200 bytes per SSL cache entry
mem -= global.maxzlibmem;
mem = mem * MEM_USABLE_RATIO;
global.maxconn = mem /
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
((STREAM_MAX_COST + 2 * global.tune.bufsize) + // stream + 2 buffers per stream
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
sides * global.ssl_session_max_cost + // SSL buffers, one per side
global.ssl_handshake_max_cost); // 1 handshake per connection max
global.maxconn = round_2dig(global.maxconn);
MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn when possible") resulted in a case where if enough memory is available, a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting in possibly overflowing other systems resources (eg: kernel socket buffers, conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN if it is defined. Note that the value is set to DEFAULT_MAXCONN since SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
2015-01-28 13:03:21 -05:00
#ifdef SYSTEM_MAXCONN
if (global.maxconn > DEFAULT_MAXCONN)
global.maxconn = DEFAULT_MAXCONN;
#endif /* SYSTEM_MAXCONN */
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
global.maxsslconn = sides * global.maxconn;
if (global.mode & (MODE_VERBOSE|MODE_DEBUG))
fprintf(stderr, "Note: setting global.maxconn to %d and global.maxsslconn to %d.\n",
global.maxconn, global.maxsslconn);
}
else if (!global.maxsslconn &&
(global.ssl_used_frontend || global.ssl_used_backend)) {
/* memmax and maxconn are known, compute maxsslconn automatically.
* maxsslconn being forced, we don't know how many of it will be
* on each side if both sides are being used. The worst case is
* when all connections use only one SSL instance because
* handshakes may be on two sides at the same time.
*/
int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
int64_t mem = global.rlimit_memmax * 1048576ULL;
int64_t sslmem;
mem -= global.tune.sslcachesize * 200; // about 200 bytes per SSL cache entry
mem -= global.maxzlibmem;
mem = mem * MEM_USABLE_RATIO;
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
sslmem = mem - global.maxconn * (int64_t)(STREAM_MAX_COST + 2 * global.tune.bufsize);
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
global.maxsslconn = sslmem / (global.ssl_session_max_cost + global.ssl_handshake_max_cost);
global.maxsslconn = round_2dig(global.maxsslconn);
if (sslmem <= 0 || global.maxsslconn < sides) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot compute the automatic maxsslconn because global.maxconn is already too "
"high for the global.memmax value (%d MB). The absolute maximum possible value "
"without SSL is %d, but %d was found and SSL is in use.\n",
global.rlimit_memmax,
(int)(mem / (STREAM_MAX_COST + 2 * global.tune.bufsize)),
global.maxconn);
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
exit(1);
}
if (global.maxsslconn > sides * global.maxconn)
global.maxsslconn = sides * global.maxconn;
if (global.mode & (MODE_VERBOSE|MODE_DEBUG))
fprintf(stderr, "Note: setting global.maxsslconn to %d\n", global.maxsslconn);
}
#endif
else if (!global.maxconn) {
/* memmax and maxsslconn are known/unused, compute maxconn automatically */
int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
int64_t mem = global.rlimit_memmax * 1048576ULL;
int64_t clearmem;
if (global.ssl_used_frontend || global.ssl_used_backend)
mem -= global.tune.sslcachesize * 200; // about 200 bytes per SSL cache entry
mem -= global.maxzlibmem;
mem = mem * MEM_USABLE_RATIO;
clearmem = mem;
if (sides)
clearmem -= (global.ssl_session_max_cost + global.ssl_handshake_max_cost) * (int64_t)global.maxsslconn;
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
global.maxconn = clearmem / (STREAM_MAX_COST + 2 * global.tune.bufsize);
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
global.maxconn = round_2dig(global.maxconn);
MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn when possible") resulted in a case where if enough memory is available, a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting in possibly overflowing other systems resources (eg: kernel socket buffers, conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN if it is defined. Note that the value is set to DEFAULT_MAXCONN since SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
2015-01-28 13:03:21 -05:00
#ifdef SYSTEM_MAXCONN
if (global.maxconn > DEFAULT_MAXCONN)
global.maxconn = DEFAULT_MAXCONN;
#endif /* SYSTEM_MAXCONN */
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
if (clearmem <= 0 || !global.maxconn) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot compute the automatic maxconn because global.maxsslconn is already too "
"high for the global.memmax value (%d MB). The absolute maximum possible value "
"is %d, but %d was found.\n",
global.rlimit_memmax,
(int)(mem / (global.ssl_session_max_cost + global.ssl_handshake_max_cost)),
global.maxsslconn);
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
exit(1);
}
if (global.mode & (MODE_VERBOSE|MODE_DEBUG)) {
if (sides && global.maxsslconn > sides * global.maxconn) {
fprintf(stderr, "Note: global.maxsslconn is forced to %d which causes global.maxconn "
"to be limited to %d. Better reduce global.maxsslconn to get more "
"room for extra connections.\n", global.maxsslconn, global.maxconn);
}
fprintf(stderr, "Note: setting global.maxconn to %d\n", global.maxconn);
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
if (!global.maxpipes) {
/* maxpipes not specified. Count how many frontends and backends
* may be using splicing, and bound that to maxconn.
*/
struct proxy *cur;
int nbfe = 0, nbbe = 0;
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
for (cur = proxies_list; cur; cur = cur->next) {
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
if (cur->options2 & (PR_O2_SPLIC_ANY)) {
if (cur->cap & PR_CAP_FE)
nbfe += cur->maxconn;
if (cur->cap & PR_CAP_BE)
[BUG] reserve some pipes for backends with splice enabled If splicing is enabled in a backend, we need to guess how many pipes will be needed. We used to rely on fullconn, but this leads to non-working splicing when fullconn is not specified. So we now fallback to global.maxconn.
2009-01-25 04:42:05 -05:00
nbbe += cur->fullconn ? cur->fullconn : global.maxconn;
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
}
}
global.maxpipes = MAX(nbfe, nbbe);
if (global.maxpipes > global.maxconn)
global.maxpipes = global.maxconn;
[OPTIM] make global.maxpipes default to global.maxconn/4 when not specified global.maxconn/4 seems to be a good hint for global.maxpipes when that one must be guessed. If the limit is reached, it's still possible to set it manually in the configuration.
2009-01-25 08:06:58 -05:00
global.maxpipes /= 4;
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
}
[CLEANUP] remove a useless test in manage_global_listener_queue() The test for the empty list was done twice.
2011-09-07 08:26:33 -04:00
global.hardmaxconn = global.maxconn; /* keep this max value */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.maxsock += global.maxconn * 2; /* each connection needs two sockets */
[MINOR] global.maxpipes: add the ability to reserve file descriptors for pipes This will be needed to use linux's splice() syscall.
2009-01-18 14:39:42 -05:00
global.maxsock += global.maxpipes * 2; /* each pipe needs two FDs */
BUG/MEDIUM: ssl engines: Fix async engines fds were not considered to fix fd limit automatically. The number of async fd is computed considering the maxconn, the number of sides using ssl and the number of engines using async mode. This patch should be backported on haproxy 1.8
2017-12-06 07:51:49 -05:00
/* compute fd used by async engines */
if (global.ssl_used_async_engines) {
int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
global.maxsock += global.maxconn * sides * global.ssl_used_async_engines;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate The peers and the stats socket are control sockets, they must not be limited by traffic rules.
2011-09-07 12:00:47 -04:00
if (global.stats_fe)
global.maxsock += global.stats_fe->maxconn;
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
if (cfg_peers) {
[MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate The peers and the stats socket are control sockets, they must not be limited by traffic rules.
2011-09-07 12:00:47 -04:00
/* peers also need to bypass global maxconn */
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
struct peers *p = cfg_peers;
[MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate The peers and the stats socket are control sockets, they must not be limited by traffic rules.
2011-09-07 12:00:47 -04:00
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
for (p = cfg_peers; p; p = p->next)
[MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate The peers and the stats socket are control sockets, they must not be limited by traffic rules.
2011-09-07 12:00:47 -04:00
if (p->peers_fe)
global.maxsock += p->peers_fe->maxconn;
}
[MEDIUM] limit the number of events returned by *poll* By default, epoll/kqueue used to return as many events as possible. This could sometimes cause huge latencies (latencies of up to 400 ms have been observed with many thousands of fds at once). Limiting the number of events returned also reduces the latency by avoiding too many blind processing. The value is set to 200 by default and can be changed in the global section using the tune.maxpollevents parameter.
2007-06-03 11:16:49 -04:00
if (global.tune.maxpollevents <= 0)
global.tune.maxpollevents = MAX_POLL_EVENTS;
MINOR: tasks: Make the number of tasks to run at once configurable. Instead of hardcoding 200, make the number of tasks to be run configurable using tune.runqueue-depth. 200 is still the default.
2018-05-24 12:59:04 -04:00
if (global.tune.runqueue_depth <= 0)
global.tune.runqueue_depth = RUNQUEUE_DEPTH;
[OPTIM] stream_sock: don't retry to read after a large read If we get very large data at once, it's almost certain that it's worthless trying to read again, because we got everything we could get. Doing this has made all -EAGAIN disappear from splice reads. The threshold has been put in the global tunable structures so that if we one day want to make it accessible from user config, it will be easy to do so.
2009-03-21 15:43:57 -04:00
if (global.tune.recv_enough == 0)
global.tune.recv_enough = MIN_RECV_AT_ONCE_ENOUGH;
MEDIUM: config: set tune.maxrewrite to 1024 by default The tune.maxrewrite parameter used to be pre-initialized to half of the buffer size since the very early days when buffers were very small. It has grown to absurdly large values over the years to reach 8kB for a 16kB buffer. This prevents large requests from being accepted, which is the opposite of the initial goal. Many users fix it to 1024 which is already quite large for header addition. So let's change the default setting policy : - pre-initialize it to 1024 - let the user tweak it - in any case, limit it to tune.bufsize / 2 This results in 15kB usable to buffer HTTP messages instead of 8kB, and doesn't affect existing configurations which already force it.
2015-09-28 07:53:23 -04:00
if (global.tune.maxrewrite < 0)
global.tune.maxrewrite = MAXREWRITE;
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
if (global.tune.maxrewrite >= global.tune.bufsize / 2)
global.tune.maxrewrite = global.tune.bufsize / 2;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (arg_mode & (MODE_DEBUG | MODE_FOREGROUND)) {
/* command line debug mode inhibits configuration mode */
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
global.mode &= ~(MODE_DAEMON | MODE_QUIET);
BUG/MEDIUM: command-line option -D must have precedence over "debug" From the beginning it has been said that -D must always be used on the command line from startup scripts so that haproxy does not accidentally stay in foreground when loaded from init script... Except that this has not been true for a long time now. The fix is easy and must be backported to 1.4 too which is affected.
2012-10-26 10:04:28 -04:00
global.mode |= (arg_mode & (MODE_DEBUG | MODE_FOREGROUND));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
BUG/MEDIUM: command-line option -D must have precedence over "debug" From the beginning it has been said that -D must always be used on the command line from startup scripts so that haproxy does not accidentally stay in foreground when loaded from init script... Except that this has not been true for a long time now. The fix is easy and must be backported to 1.4 too which is affected.
2012-10-26 10:04:28 -04:00
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (arg_mode & MODE_DAEMON) {
BUG/MEDIUM: command-line option -D must have precedence over "debug" From the beginning it has been said that -D must always be used on the command line from startup scripts so that haproxy does not accidentally stay in foreground when loaded from init script... Except that this has not been true for a long time now. The fix is easy and must be backported to 1.4 too which is affected.
2012-10-26 10:04:28 -04:00
/* command line daemon mode inhibits foreground and debug modes mode */
global.mode &= ~(MODE_DEBUG | MODE_FOREGROUND);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
global.mode |= arg_mode & MODE_DAEMON;
BUG/MEDIUM: command-line option -D must have precedence over "debug" From the beginning it has been said that -D must always be used on the command line from startup scripts so that haproxy does not accidentally stay in foreground when loaded from init script... Except that this has not been true for a long time now. The fix is easy and must be backported to 1.4 too which is affected.
2012-10-26 10:04:28 -04:00
}
global.mode |= (arg_mode & (MODE_QUIET | MODE_VERBOSE));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if ((global.mode & MODE_DEBUG) && (global.mode & (MODE_DAEMON | MODE_QUIET))) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("<debug> mode incompatible with <quiet> and <daemon>. Keeping <debug> only.\n");
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
global.mode &= ~(MODE_DAEMON | MODE_QUIET);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if ((global.nbproc > 1) && !(global.mode & (MODE_DAEMON | MODE_MWORKER))) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (!(global.mode & (MODE_FOREGROUND | MODE_DEBUG)))
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("<nbproc> is only meaningful in daemon mode or master-worker mode. Setting limit to 1 process.\n");
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.nbproc = 1;
}
if (global.nbproc < 1)
global.nbproc = 1;
MINOR: threads: Add nbthread parameter It is only parsed and initialized for now. It will be used later. This parameter is only available when support for threads was built in.
2017-08-29 09:37:10 -04:00
if (global.nbthread < 1)
global.nbthread = 1;
MEDIUM: chunks: Realloc trash buffers only after the config is parsed and checked Trash buffers are reallocated when "tune.bufsize" parameter is changed. Here, we just move the realloc after the configuration parsing. Given that the config parser doesn't rely on the trash size, it should be harmless.
2017-08-29 10:46:57 -04:00
/* Realloc trash buffers because global.tune.bufsize may have changed */
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
if (!init_trash_buffers(0)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("failed to initialize trash buffers.\n");
MEDIUM: chunks: Realloc trash buffers only after the config is parsed and checked Trash buffers are reallocated when "tune.bufsize" parameter is changed. Here, we just move the realloc after the configuration parsing. Given that the config parser doesn't rely on the trash size, it should be harmless.
2017-08-29 10:46:57 -04:00
exit(1);
}
BUG/MINOR: Allocate the log buffers before the proxies startup Since the commit cd7879adc ("BUG/MEDIUM: threads: Run the poll loop on the main thread too"), the log buffers are allocated after the proxies startup. So log messages produced during this startup was ignored. To fix the bug, we restore the initialization of these buffers before proxies startup. This is specific to threads, no backport is needed.
2017-11-14 16:02:30 -05:00
if (!init_log_buffers()) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("failed to initialize log buffers.\n");
BUG/MINOR: Allocate the log buffers before the proxies startup Since the commit cd7879adc ("BUG/MEDIUM: threads: Run the poll loop on the main thread too"), the log buffers are allocated after the proxies startup. So log messages produced during this startup was ignored. To fix the bug, we restore the initialization of these buffers before proxies startup. This is specific to threads, no backport is needed.
2017-11-14 16:02:30 -05:00
exit(1);
}
[MAJOR] auto-registering of pollers at load time Gcc provides __attribute__((constructor)) which is very convenient to execute functions at startup right before main(). All the pollers have been converted to have their register() function declared like this, so that it is not necessary anymore to call them from a centralized file.
2007-04-15 18:25:25 -04:00
/*
* Note: we could register external pollers here.
* Built-in pollers have been registered before main().
*/
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
if (!(global.tune.options & GTUNE_USE_KQUEUE))
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
disable_poller("kqueue");
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
if (!(global.tune.options & GTUNE_USE_EPOLL))
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
disable_poller("epoll");
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
if (!(global.tune.options & GTUNE_USE_POLL))
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
disable_poller("poll");
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
if (!(global.tune.options & GTUNE_USE_SELECT))
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
disable_poller("select");
/* Note: we could disable any poller by name here */
MINOR: filters: Print the list of existing filters during HA startup This is done in verbose/debug mode and when build options are reported.
2016-03-07 06:46:38 -05:00
if (global.mode & (MODE_VERBOSE|MODE_DEBUG)) {
[MAJOR] delay registering of listener sockets at startup Some pollers such as kqueue lose their FD across fork(), meaning that the registered file descriptors are lost too. Now when the proxies are started by start_proxies(), the file descriptors are not registered yet, leaving enough time for the fork() to take place and to get a new pollfd. It will be the first call to maintain_proxies that will register them.
2007-04-09 13:29:56 -04:00
list_pollers(stderr);
MINOR: filters: Print the list of existing filters during HA startup This is done in verbose/debug mode and when build options are reported.
2016-03-07 06:46:38 -05:00
fprintf(stderr, "\n");
list_filters(stderr);
}
[MAJOR] delay registering of listener sockets at startup Some pollers such as kqueue lose their FD across fork(), meaning that the registered file descriptors are lost too. Now when the proxies are started by start_proxies(), the file descriptors are not registered yet, leaving enough time for the fork() to take place and to get a new pollfd. It will be the first call to maintain_proxies that will register them.
2007-04-09 13:29:56 -04:00
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
if (!init_pollers()) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("No polling mechanism available.\n"
" It is likely that haproxy was built with TARGET=generic and that FD_SETSIZE\n"
" is too low on this platform to support maxconn and the number of listeners\n"
" and servers. You should rebuild haproxy specifying your system using TARGET=\n"
" in order to support other polling systems (poll, epoll, kqueue) or reduce the\n"
" global maxconn setting to accommodate the system's limitation. For reference,\n"
" FD_SETSIZE=%d on this system, global.maxconn=%d resulting in a maximum of\n"
" %d file descriptors. You should thus reduce global.maxconn by %d. Also,\n"
" check build settings using 'haproxy -vv'.\n\n",
FD_SETSIZE, global.maxconn, global.maxsock, (global.maxsock + 1 - FD_SETSIZE) / 2);
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
exit(1);
}
[MAJOR] delay registering of listener sockets at startup Some pollers such as kqueue lose their FD across fork(), meaning that the registered file descriptors are lost too. Now when the proxies are started by start_proxies(), the file descriptors are not registered yet, leaving enough time for the fork() to take place and to get a new pollfd. It will be the first call to maintain_proxies that will register them.
2007-04-09 13:29:56 -04:00
if (global.mode & (MODE_VERBOSE|MODE_DEBUG)) {
printf("Using %s() as the polling mechanism.\n", cur_poller.name);
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
}
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
if (!global.node)
global.node = strdup(hostname);
MINOR: lua: post initialisation bindings This system permits to execute some lua function after than HAProxy complete his initialisation. These functions are executed between the end of the configuration parsing and check and the begin of the scheduler.
2015-01-23 06:08:30 -05:00
if (!hlua_post_init())
exit(1);
MINOR: init: add 51Degrees initialisation code This creates a dataset using the file given in global._51d_data_file_path.
2015-05-12 11:23:58 -04:00
MEDIUM: init: use list_append_word in haproxy.c replace LIST_ADDQ with list_append_word
2016-05-13 17:52:55 -04:00
free(err_msg);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
static void deinit_acl_cond(struct acl_cond *cond)
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
{
struct acl_term_suite *suite, *suiteb;
struct acl_term *term, *termb;
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
if (!cond)
return;
list_for_each_entry_safe(suite, suiteb, &cond->suites, list) {
list_for_each_entry_safe(term, termb, &suite->terms, list) {
LIST_DEL(&term->list);
free(term);
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
}
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
LIST_DEL(&suite->list);
free(suite);
}
free(cond);
}
static void deinit_tcp_rules(struct list *rules)
{
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
struct act_rule *trule, *truleb;
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
list_for_each_entry_safe(trule, truleb, rules, list) {
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
LIST_DEL(&trule->list);
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
deinit_acl_cond(trule->cond);
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
free(trule);
}
}
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
static void deinit_stick_rules(struct list *rules)
{
struct sticking_rule *rule, *ruleb;
list_for_each_entry_safe(rule, ruleb, rules, list) {
LIST_DEL(&rule->list);
deinit_acl_cond(rule->cond);
REORG: sample: move code to release a sample expression in sample.c This code has been moved from haproxy.c to sample.c and the function release_sample_expr can now be called from anywhere to release a sample expression. This function will be used by the stream processing offload engine (SPOE).
2016-10-26 05:34:47 -04:00
release_sample_expr(rule->expr);
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
free(rule);
}
}
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
void deinit(void)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
struct proxy *p = proxies_list, *p0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
struct cap_hdr *h,*h_next;
struct server *s,*s_next;
struct listener *l,*l_next;
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
struct acl_cond *cond, *condb;
struct hdr_exp *exp, *expb;
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
struct acl *acl, *aclb;
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
struct switching_rule *rule, *ruleb;
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
struct server_rule *srule, *sruleb;
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
struct redirect_rule *rdr, *rdrb;
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
struct wordlist *wl, *wlb;
[MINOR] prepare req_*/rsp_* to receive a condition It will be very handy to be able to pass conditions to req_* and rsp_*. For now, we just add the pointer to the condition in the affected structs.
2010-01-28 12:10:50 -05:00
struct cond_wordlist *cwl, *cwlb;
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
struct uri_auth *uap, *ua = NULL;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
struct logsrv *log, *logb;
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
struct logformat_node *lf, *lfb;
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
struct bind_conf *bind_conf, *bind_back;
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
struct build_opts_str *bol, *bolb;
MINOR: haproxy: add a registration for post-deinit functions The 3 device detection engines stop at the same place in deinit() with the usual #ifdefs. Similar to the other functions we can have some late deinitialization functions. These functions do not return anything however so we have to use a different type.
2016-12-21 14:46:26 -05:00
struct post_deinit_fct *pdf;
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
int i;
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
deinit_signals();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
while (p) {
BUG/MINOR: config: use a copy of the file name in proxy configurations Each proxy contains a reference to the original config file and line number where it was declared. The pointer used is just a reference to the one passed to the function instead of being duplicated. The effect is that it is not valid anymore at the end of the parsing and that all proxies will be enumerated as coming from the same file on some late configuration errors. This may happen for exmaple when reporting SSL certificate issues. By copying using strdup(), we avoid this issue. 1.4 has the same issue, though no report of the proxy file name is done out of the config section. Anyway a backport is recommended to ease post-mortem analysis.
2012-10-04 02:01:43 -04:00
free(p->conf.file);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(p->id);
free(p->check_req);
free(p->cookie_name);
free(p->cookie_domain);
MINOR: backend: move url_param_name/len to lbprm.arg_str/len This one is exclusively used by LB parameters, when using URL param hashing. Let's move it to the lbprm struct under a more generic name.
2019-01-14 09:23:54 -05:00
free(p->lbprm.arg_str);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(p->capture_name);
free(p->monitor_uri);
[MINOR] Free rdp_cookie_name on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:08 -04:00
free(p->rdp_cookie_name);
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (p->conf.logformat_string != default_http_log_format &&
p->conf.logformat_string != default_tcp_log_format &&
p->conf.logformat_string != clf_http_log_format)
free(p->conf.logformat_string);
free(p->conf.lfs_file);
free(p->conf.uniqueid_format_string);
free(p->conf.uif_file);
MEDIUM: backend: move all LB algo parameters into an union Since all of them are exclusive, let's move them to an union instead of eating memory with the sum of all of them. We're using a transparent union to limit the code changes. Doing so reduces the struct lbprm from 392 bytes to 372, and thanks to these changes, the struct proxy is now down to 6480 bytes vs 6624 before the changes (144 bytes saved per proxy).
2019-01-14 10:55:42 -05:00
if ((p->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_MAP)
free(p->lbprm.map.srv);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: logs: add a new RFC5424 log-format for the structured-data This patch adds a new RFC5424-specific log-format for the structured-data that is automatically send by __send_log() when the sender is in RFC5424 mode. A new statement "log-format-sd" should be used in order to set log-format for the structured-data part in RFC5424 formatted syslog messages. Example: log-format-sd [exampleSDID@1234\ bytes=\"%B\"\ status=\"%ST\"]
2015-09-25 13:17:44 -04:00
if (p->conf.logformat_sd_string != default_rfc5424_sd_log_format)
free(p->conf.logformat_sd_string);
free(p->conf.lfsd_file);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
for (i = 0; i < HTTP_ERR_SIZE; i++)
[MAJOR] struct chunk rework Add size to struct chunk and simplify the code as there is no longer required to pass sizeof in chunk_printf().
2009-09-27 07:23:20 -04:00
chunk_destroy(&p->errmsg[i]);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MINOR] prepare req_*/rsp_* to receive a condition It will be very handy to be able to pass conditions to req_* and rsp_*. For now, we just add the pointer to the condition in the affected structs.
2010-01-28 12:10:50 -05:00
list_for_each_entry_safe(cwl, cwlb, &p->req_add, list) {
LIST_DEL(&cwl->list);
free(cwl->s);
free(cwl);
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MINOR] prepare req_*/rsp_* to receive a condition It will be very handy to be able to pass conditions to req_* and rsp_*. For now, we just add the pointer to the condition in the affected structs.
2010-01-28 12:10:50 -05:00
list_for_each_entry_safe(cwl, cwlb, &p->rsp_add, list) {
LIST_DEL(&cwl->list);
free(cwl->s);
free(cwl);
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
}
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
list_for_each_entry_safe(cond, condb, &p->mon_fail_cond, list) {
LIST_DEL(&cond->list);
prune_acl_cond(cond);
free(cond);
}
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
for (exp = p->req_exp; exp != NULL; ) {
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
if (exp->preg) {
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
regex_free(exp->preg);
free(exp->preg);
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
}
MAJOR: config: remove the deprecated reqsetbe / reqisetbe actions These ones were already obsoleted in 1.4, marked for removal in 1.5, and not documented anymore. They used to emit warnings, and do still require quite some code to stay in place. Let's remove them now.
2015-05-26 06:18:29 -04:00
free((char *)exp->replace);
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
expb = exp;
exp = exp->next;
free(expb);
}
for (exp = p->rsp_exp; exp != NULL; ) {
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
if (exp->preg) {
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
regex_free(exp->preg);
free(exp->preg);
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
}
MAJOR: config: remove the deprecated reqsetbe / reqisetbe actions These ones were already obsoleted in 1.4, marked for removal in 1.5, and not documented anymore. They used to emit warnings, and do still require quite some code to stay in place. Let's remove them now.
2015-05-26 06:18:29 -04:00
free((char *)exp->replace);
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
expb = exp;
exp = exp->next;
free(expb);
}
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
/* build a list of unique uri_auths */
if (!ua)
ua = p->uri_auth;
else {
/* check if p->uri_auth is unique */
for (uap = ua; uap; uap=uap->next)
if (uap == p->uri_auth)
break;
[BUG] we could segfault during exit while freeing uri_auths The following config makes haproxy segfault on exit : defaults mode http balance roundrobin listen no-stats bind :8001 listen stats bind :8002 stats uri /stats The simple fix is to ensure that p->uri_auth is not NULL before dereferencing it.
2008-06-24 05:14:45 -04:00
if (!uap && p->uri_auth) {
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
/* add it, if it is */
p->uri_auth->next = ua;
ua = p->uri_auth;
}
}
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
list_for_each_entry_safe(acl, aclb, &p->acl, list) {
LIST_DEL(&acl->list);
prune_acl(acl);
free(acl);
}
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
list_for_each_entry_safe(srule, sruleb, &p->server_rules, list) {
LIST_DEL(&srule->list);
prune_acl_cond(srule->cond);
free(srule->cond);
free(srule);
}
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
list_for_each_entry_safe(rule, ruleb, &p->switching_rules, list) {
LIST_DEL(&rule->list);
MEDIUM: config: relax use_backend check to make the condition optional Since it became possible to use log-format expressions in use_backend, having a mandatory condition becomes annoying because configurations are full of "if TRUE". Let's relax the check to accept no condition like many other keywords (eg: redirect).
2014-04-22 19:21:56 -04:00
if (rule->cond) {
prune_acl_cond(rule->cond);
free(rule->cond);
MINOR: http/conf: store the use_backend configuration file and line for logs The error log of the directive use_backend doesn't provide the file and line containing the declaration. This patch stores theses informations.
2016-11-24 17:57:54 -05:00
free(rule->file);
MEDIUM: config: relax use_backend check to make the condition optional Since it became possible to use log-format expressions in use_backend, having a mandatory condition becomes annoying because configurations are full of "if TRUE". Let's relax the check to accept no condition like many other keywords (eg: redirect).
2014-04-22 19:21:56 -04:00
}
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
free(rule);
}
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
list_for_each_entry_safe(rdr, rdrb, &p->redirect_rules, list) {
LIST_DEL(&rdr->list);
[MINOR] redirect: add support for unconditional rules Sometimes it's useful to be able to specify an unconditional redirect rule without adding "if TRUE".
2010-01-03 14:03:03 -05:00
if (rdr->cond) {
prune_acl_cond(rdr->cond);
free(rdr->cond);
}
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
free(rdr->rdr_str);
MEDIUM: http: The redirect strings follows the log format rules. We handle "http-request redirect" with a log-format string now, but we leave "redirect" unaffected. Note that the control of the special "/" case is move from the runtime execution to the configuration parsing. If the format rule list is empty, the build_logline() function does nothing.
2013-11-29 06:15:45 -05:00
list_for_each_entry_safe(lf, lfb, &rdr->rdr_fmt, list) {
LIST_DEL(&lf->list);
free(lf);
}
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
free(rdr);
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
list_for_each_entry_safe(log, logb, &p->logsrvs, list) {
LIST_DEL(&log->list);
free(log);
}
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
list_for_each_entry_safe(lf, lfb, &p->logformat, list) {
LIST_DEL(&lf->list);
free(lf);
}
MEDIUM: logs: add a new RFC5424 log-format for the structured-data This patch adds a new RFC5424-specific log-format for the structured-data that is automatically send by __send_log() when the sender is in RFC5424 mode. A new statement "log-format-sd" should be used in order to set log-format for the structured-data part in RFC5424 formatted syslog messages. Example: log-format-sd [exampleSDID@1234\ bytes=\"%B\"\ status=\"%ST\"]
2015-09-25 13:17:44 -04:00
list_for_each_entry_safe(lf, lfb, &p->logformat_sd, list) {
LIST_DEL(&lf->list);
free(lf);
}
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
deinit_tcp_rules(&p->tcp_req.inspect_rules);
BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit It seems like this can be backported as far as 1.5.
2019-01-30 03:01:21 -05:00
deinit_tcp_rules(&p->tcp_rep.inspect_rules);
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
deinit_tcp_rules(&p->tcp_req.l4_rules);
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
deinit_stick_rules(&p->storersp_rules);
deinit_stick_rules(&p->sticking_rules);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
h = p->req_cap;
while (h) {
h_next = h->next;
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(h->name);
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_destroy(h->pool);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
free(h);
h = h_next;
}/* end while(h) */
h = p->rsp_cap;
while (h) {
h_next = h->next;
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(h->name);
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_destroy(h->pool);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
free(h);
h = h_next;
}/* end while(h) */
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
s = p->srv;
while (s) {
s_next = s->next;
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
REORG: server: move the check-specific parts into a check subsection The health checks in the servers are becoming a real mess, move them into their own subsection. We'll soon need to have a struct buffer to replace the char * as well as check-specific protocol and transport layers.
2012-09-28 09:01:02 -04:00
if (s->check.task) {
task_delete(s->check.task);
task_free(s->check.task);
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
}
MEDIUM: checks: Add supplementary agent checks Allow an auxiliary agent check to be run independently of the regular a regular health check. This is enabled by the agent-check server setting. The agent-port, which specifies the TCP port to use for the agent's connections, is required. The agent-inter, which specifies the interval between agent checks and timeout of agent checks, is optional. If not set the value for regular checks is used. e.g. server web1_1 127.0.0.1:80 check agent-port 10000 If either the health or agent check determines that a server is down then it is marked as being down, otherwise it is marked as being up. An agent health check performed by opening a TCP socket and reading an ASCII string. The string should have one of the following forms: * An ASCII representation of an positive integer percentage. e.g. "75%" Values in this format will set the weight proportional to the initial weight of a server as configured when haproxy starts. * The string "drain". This will cause the weight of a server to be set to 0, and thus it will not accept any new connections other than those that are accepted via persistence. * The string "down", optionally followed by a description string. Mark the server as down and log the description string as the reason. * The string "stopped", optionally followed by a description string. This currently has the same behaviour as "down". * The string "fail", optionally followed by a description string. This currently has the same behaviour as "down". Signed-off-by: Simon Horman <horms@verge.net.au>
2013-11-24 20:46:36 -05:00
if (s->agent.task) {
task_delete(s->agent.task);
task_free(s->agent.task);
}
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
BUG/MEDIUM: checks: fix slowstart behaviour when server tracking is in use Ludovic Levesque reported and diagnosed an annoying bug. When a server is configured to track another one and has a slowstart interval set, it's assigned a minimal weight when the tracked server goes back up but keeps this weight forever. This is because the throttling during the warmup phase is only computed in the health checking function. After several attempts to resolve the issue, the only real solution is to split the check processing task in two tasks, one for the checks and one for the warmup. Each server with a slowstart setting has a warmum task which is responsible for updating the server's weight after a down to up transition. The task does not run in othe situations. In the end, the fix is neither complex nor long and should be backported to 1.4 since the issue was detected there first.
2011-10-31 06:53:20 -04:00
if (s->warmup) {
task_delete(s->warmup);
task_free(s->warmup);
}
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(s->id);
free(s->cookie);
MAJOR: buffer: finalize buffer detachment Now the buffers only contain the header and a pointer to the storage area which can be anywhere. This will significantly simplify buffer swapping and will make it possible to map chunks on buffers as well. The buf_empty variable was removed, as now it's enough to have size==0 and area==NULL to designate the empty buffer (thus a non-allocated head is the empty buffer by default). buf_wanted for now is indicated by size==0 and area==(void *)1. The channels and the checks now embed the buffer's head, and the only pointer is to the storage area. This slightly increases the unallocated buffer size (3 extra ints for the empty buffer) but considerably simplifies dynamic buffer management. It will also later permit to detach unused checks. The way the struct buffer is arranged has proven quite efficient on a number of tests, which makes sense given that size is always accessed and often first, followed by the othe ones.
2018-07-10 11:43:27 -04:00
free(s->check.bi.area);
free(s->check.bo.area);
free(s->agent.bi.area);
free(s->agent.bo.area);
MINOR: check: add agent-send server parameter Causes HAProxy to emit a static string to the agent on every check, so that you can independently control multiple services running behind a single agent port.
2015-10-21 21:19:05 -04:00
free(s->agent.send_string);
MAJOR: dns: Refactor the DNS code This is a huge patch with many changes, all about the DNS. Initially, the idea was to update the DNS part to ease the threads support integration. But quickly, I started to refactor some parts. And after several iterations, it was impossible for me to commit the different parts atomically. So, instead of adding tens of patches, often reworking the same parts, it was easier to merge all my changes in a uniq patch. Here are all changes made on the DNS. First, the DNS initialization has been refactored. The DNS configuration parsing remains untouched, in cfgparse.c. But all checks have been moved in a post-check callback. In the function dns_finalize_config, for each resolvers, the nameservers configuration is tested and the task used to manage DNS resolutions is created. The links between the backend's servers and the resolvers are also created at this step. Here no connection are kept alive. So there is no needs anymore to reopen them after HAProxy fork. Connections used to send DNS queries will be opened on demand. Then, the way DNS requesters are linked to a DNS resolution has been reworked. The resolution used by a requester is now referenced into the dns_requester structure and the resolution pointers in server and dns_srvrq structures have been removed. wait and curr list of requesters, for a DNS resolution, have been replaced by a uniq list. And Finally, the way a requester is removed from a DNS resolution has been simplified. Now everything is done in dns_unlink_resolution. srv_set_fqdn function has been simplified. Now, there is only 1 way to set the server's FQDN, independently it is done by the CLI or when a SRV record is resolved. The static DNS resolutions pool has been replaced by a dynamoc pool. The part has been modified by Baptiste Assmann. The way the DNS resolutions are triggered by the task or by a health-check has been totally refactored. Now, all timeouts are respected. Especially hold.valid. The default frequency to wake up a resolvers is now configurable using "timeout resolve" parameter. Now, as documented, as long as invalid repsonses are received, we really wait all name servers responses before retrying. As far as possible, resources allocated during DNS configuration parsing are releases when HAProxy is shutdown. Beside all these changes, the code has been cleaned to ease code review and the doc has been updated.
2017-09-27 05:00:59 -04:00
free(s->hostname_dn);
MINOR: deinit: fix memory leak deinit() did not free the conf.file member of server objects.
2014-09-05 04:08:23 -04:00
free((char*)s->conf.file);
MINOR: servers: Free [idle|safe|priv]_conns on exit. Don't forget to free idle_conns, safe_conns and priv_conns on exit. This can be backported to 1.8.
2018-11-22 12:50:54 -05:00
free(s->idle_conns);
free(s->priv_conns);
free(s->safe_conns);
MEDIUM: servers: Add a way to keep idle connections alive. Add a new keyword for servers, "idle-timeout". If set, unused connections are kept alive until the timeout happens, and will be picked for reuse if no other connection is available.
2018-12-02 08:11:41 -05:00
free(s->idle_orphan_conns);
BUG/MEDIUM: servers: Add a per-thread counter of idle connections. Add a per-thread counter of idling connections, and use it to determine how many connections we should kill after the timeout, instead of using the global counter, or we're likely to just kill most of the connections. This should be backported to 1.9.
2019-02-18 10:41:17 -05:00
free(s->curr_idle_thr);
MEDIUM: servers: Add a way to keep idle connections alive. Add a new keyword for servers, "idle-timeout". If set, unused connections are kept alive until the timeout happens, and will be picked for reuse if no other connection is available.
2018-12-02 08:11:41 -05:00
if (s->idle_task) {
int i;
for (i = 0; i < global.nbthread; i++)
task_free(s->idle_task[i]);
free(s->idle_task);
}
MINOR: ssl_sock: implement and use prepare_srv()/destroy_srv() Now we can simply check the transport layer at run time and decide whether or not to initialize or destroy these entries. This removes other ifdefs and includes from cfgparse.c, haproxy.c and hlua.c.
2016-12-22 15:16:08 -05:00
if (s->use_ssl || s->check.use_ssl) {
if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->destroy_srv)
xprt_get(XPRT_SSL)->destroy_srv(s);
}
BUILD: threads: Rename SPIN/RWLOCK macros using HA_ prefix This remove any name conflicts, especially on Solaris.
2017-11-07 04:42:54 -05:00
HA_SPIN_DESTROY(&s->lock);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
free(s);
s = s_next;
}/* end while(s) */
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
list_for_each_entry_safe(l, l_next, &p->conf.listeners, by_fe) {
MINOR: proxy: Don't close FDs if not our proxy. When running with multiple process, if some proxies are just assigned to some processes, the other processes will just close the file descriptors for the listening sockets. However, we may still have to provide those sockets when reloading, so instead we just try hard to pretend those proxies are dead, while keeping the sockets opened. A new global option, no-reused-socket", has been added, to restore the old behavior of closing the sockets not bound to this process.
2017-04-05 19:05:05 -04:00
/*
* Zombie proxy, the listener just pretend to be up
* because they still hold an opened fd.
* Close it and give the listener its real state.
*/
if (p->state == PR_STSTOPPED && l->state >= LI_ZOMBIE) {
close(l->fd);
l->state = LI_INIT;
}
[BUG] deinit: unbind listeners before freeing them In deinit(), it is possible that we first free the listeners, then unbind them all. Right now this situation can't happen because the only way to call deinit() is to pass via a soft-stop which will already unbind all protocols. But later this might become a problem.
2010-09-03 04:38:17 -04:00
unbind_listener(l);
delete_listener(l);
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
LIST_DEL(&l->by_fe);
LIST_DEL(&l->by_bind);
[BUG] cfgparse memory leak and missing free calls in deinit() Thich patch fixes cfgparser not to leak memory on each default server statement and adds several missing free calls in deinit(): - free(l->name) - free(l->counters) - free(p->desc); - free(p->fwdfor_hdr_name); None of them are critical, hopefully.
2010-02-05 14:31:44 -05:00
free(l->name);
free(l->counters);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
free(l);
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
}
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
/* Release unused SSL configs. */
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
list_for_each_entry_safe(bind_conf, bind_back, &p->conf.bind, by_fe) {
MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf() Instead of hard-coding all SSL destruction in cfgparse.c and haproxy.c, we now register this new function as the transport layer's destroy_bind_conf() and call it only when defined. This removes some non-obvious SSL-specific code and #ifdefs from cfgparse.c and haproxy.c
2016-12-22 11:30:54 -05:00
if (bind_conf->xprt->destroy_bind_conf)
bind_conf->xprt->destroy_bind_conf(bind_conf);
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
free(bind_conf->file);
free(bind_conf->arg);
LIST_DEL(&bind_conf->by_fe);
free(bind_conf);
}
MEDIUM: config: centralize handling of SSL config per bind line SSL config holds many parameters which are per bind line and not per listener. Let's use a per-bind line config instead of having it replicated for each listener. At the moment we only do this for the SSL part but this should probably evolved to handle more of the configuration and maybe even the state per bind line.
2012-09-07 10:58:00 -04:00
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
flt_deinit(p);
[BUG] cfgparse memory leak and missing free calls in deinit() Thich patch fixes cfgparser not to leak memory on each default server statement and adds several missing free calls in deinit(): - free(l->name) - free(l->counters) - free(p->desc); - free(p->fwdfor_hdr_name); None of them are critical, hopefully.
2010-02-05 14:31:44 -05:00
free(p->desc);
free(p->fwdfor_hdr_name);
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
free_http_req_rules(&p->http_req_rules);
MEDIUM: http: add actions "replace-header" and "replace-values" in http-req/resp This patch adds two new actions to http-request and http-response rulesets : - replace-header : replace a whole header line, suited for headers which might contain commas - replace-value : replace a single header value, suited for headers defined as lists. The match consists in a regex, and the replacement string takes a log-format and supports back-references.
2014-06-16 14:05:59 -04:00
free_http_res_rules(&p->http_res_rules);
BUG/MEDIUM: deinit: correctly deinitialize the proxy and global listener tasks While using mmap() to allocate pools for debugging purposes, kill -USR1 caused libc aborts in deinit() on two calls to free() on proxies' tasks and the global listener task. The issue comes from the fact that we're using free() to release a task instead of task_free(), so the task was allocated from a pool and released using a different method. This bug has been there since at least 1.5, so a backport is desirable to all maintained versions.
2017-11-22 10:53:53 -05:00
task_free(p->task);
[MINOR] http-request: allow/deny/auth support for frontend/backend/listen Use the generic auth framework to control access to frontends/backends/listens
2010-01-29 11:58:21 -05:00
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_destroy(p->req_cap_pool);
pool_destroy(p->rsp_cap_pool);
pool_destroy(p->table.pool);
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
[MAJOR] call garbage collector when doing soft stop When we're interrupted by another instance, it is very likely that the other one will need some memory. Now we know how to free what is not used, so let's do it. Also only free non-null pointers. Previously, pool_destroy() did implicitly check for this case which was incidentely needed.
2007-05-13 18:39:29 -04:00
p0 = p;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
p = p->next;
BUILD: threads: Rename SPIN/RWLOCK macros using HA_ prefix This remove any name conflicts, especially on Solaris.
2017-11-07 04:42:54 -05:00
HA_SPIN_DESTROY(&p0->lbprm.lock);
HA_SPIN_DESTROY(&p0->lock);
[MAJOR] call garbage collector when doing soft stop When we're interrupted by another instance, it is very likely that the other one will need some memory. Now we know how to free what is not used, so let's do it. Also only free non-null pointers. Previously, pool_destroy() did implicitly check for this case which was incidentely needed.
2007-05-13 18:39:29 -04:00
free(p0);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}/* end while(p) */
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
while (ua) {
uap = ua;
ua = ua->next;
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(uap->uri_prefix);
free(uap->auth_realm);
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
free(uap->node);
free(uap->desc);
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
userlist_free(uap->userlist);
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
free_http_req_rules(&uap->http_req_rules);
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
free(uap);
}
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
userlist_free(userlist);
BUG/MEDIUM: main: Freeing a bunch of static pointers static_table_key, get_http_auth_buff and swap_buffer static variables are now freed during deinit and the two previously new functions are called as well. In addition, the 'trash' string buffer is cleared.
2015-09-25 07:02:25 -04:00
cfg_unregister_sections();
MINOR: logs: Use dedicated function to init/deinit log buffers Now, we use init_log_buffers and deinit_log_buffers to, respectively, initialize and deinitialize log buffers used for syslog messages. These functions have been introduced to be used by threads, to deal with thread-local log buffers.
2017-07-26 09:33:35 -04:00
deinit_log_buffers();
BUG/MEDIUM: main: Freeing a bunch of static pointers static_table_key, get_http_auth_buff and swap_buffer static variables are now freed during deinit and the two previously new functions are called as well. In addition, the 'trash' string buffer is cleared.
2015-09-25 07:02:25 -04:00
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
protocol_unbind_all();
MINOR: haproxy: add a registration for post-deinit functions The 3 device detection engines stop at the same place in deinit() with the usual #ifdefs. Similar to the other functions we can have some late deinitialization functions. These functions do not return anything however so we have to use a different type.
2016-12-21 14:46:26 -05:00
list_for_each_entry(pdf, &post_deinit_list, list)
pdf->fct();
[MINOR] log: add support for passing the forwarded hostname Haproxy does not include the hostname rather the IP of the machine in the syslog headers it sends. Unfortunately this means that for each log line rsyslog does a reverse dns on the client IP and in the case of non-routable IPs one gets the public hostname not the internal one. While this is valid according to RFC3164 as one might imagine this is troublsome if you have some machines with public IPs, internal IPs, no reverse DNS entries, etc and you want a standardized hostname based log directory structure. The rfc says the preferred value is the hostname. This patch adds a global "log-send-hostname" statement which accepts an optional string to force the host name. If unset, the local host name is used.
2010-12-29 11:05:48 -05:00
free(global.log_send_hostname); global.log_send_hostname = NULL;
BUG/MEDIUM: logs: segfault writing to log from Lua Michael Ezzell reported a bug causing haproxy to segfault during startup when trying to send syslog message from Lua. The function __send_log() can be called with *p that is NULL and/or when the configuration is not fully parsed, as is the case with Lua. This patch fixes this problem by using individual vectors instead of the pre-generated strings log_htp and log_htp_rfc5424. Also, this patch fixes a problem causing haproxy to write the wrong pid in the logs -- the log_htp(_rfc5424) strings were generated at the haproxy start, but "pid" value would be changed after haproxy is started in daemon/systemd mode.
2015-10-01 07:18:13 -04:00
chunk_destroy(&global.log_tag);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(global.chroot); global.chroot = NULL;
free(global.pidfile); global.pidfile = NULL;
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
free(global.node); global.node = NULL;
free(global.desc); global.desc = NULL;
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(oldpids); oldpids = NULL;
BUG/MEDIUM: deinit: correctly deinitialize the proxy and global listener tasks While using mmap() to allocate pools for debugging purposes, kill -USR1 caused libc aborts in deinit() on two calls to free() on proxies' tasks and the global listener task. The issue comes from the fact that we're using free() to release a task instead of task_free(), so the task was allocated from a pool and released using a different method. This bug has been there since at least 1.5, so a backport is desirable to all maintained versions.
2017-11-22 10:53:53 -05:00
task_free(global_listener_queue_task); global_listener_queue_task = NULL;
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
list_for_each_entry_safe(log, logb, &global.logsrvs, list) {
LIST_DEL(&log->list);
free(log);
}
[MEDIUM] config: remove the limitation of 10 config files Now we use a linked list, there is no limit anymore.
2010-01-03 15:12:30 -05:00
list_for_each_entry_safe(wl, wlb, &cfg_cfgfiles, list) {
MEDIUM: init: use list_append_word in haproxy.c replace LIST_ADDQ with list_append_word
2016-05-13 17:52:55 -04:00
free(wl->s);
[MEDIUM] config: remove the limitation of 10 config files Now we use a linked list, there is no limit anymore.
2010-01-03 15:12:30 -05:00
LIST_DEL(&wl->list);
free(wl);
}
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
list_for_each_entry_safe(bol, bolb, &build_opts_list, list) {
if (bol->must_free)
free((void *)bol->str);
LIST_DEL(&bol->list);
free(bol);
}
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
vars_prune(&global.vars, NULL, NULL);
MEDIUM: memory: use pool_destroy_all() to destroy all pools on deinit() Instead of exporting a number of pools and having to manually delete them in deinit() or to have dedicated destructors to remove them, let's simply kill all pools on deinit(). For this a new function pool_destroy_all() was introduced. As its name implies, it destroys and frees all pools (provided they don't have any user anymore of course). This allowed to remove 4 implicit destructors, 2 explicit ones, and 11 individual calls to pool_destroy(). In addition it properly removes the mux_pt_ctx pool which was not cleared on exit (no backport needed here since it's 1.9 only). The sig_handler pool doesn't need to be exported anymore and became static now.
2018-11-26 09:57:34 -05:00
pool_destroy_all();
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
deinit_pollers();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} /* end deinit() */
MEDIUM: mworker: leave when the master die When the master die, the worker should exit too, this is achieved by checking if the FD of the socketpair/pipe was closed between the master and the worker. In the former architecture of the master-worker, there was only a pipe between the master and the workers, and it was easy to check an EOF on the pipe FD to exit() the worker. With the new architecture, we use a socketpair by process, and this socketpair is also used to accept new connections with the listener_accept() callback. This accept callback can't handle the EOF and the exit of the process, because it's very specific to the master worker. This is why we transformed the mworker_pipe_handler() function in a wrapper which check if there is an EOF and exit the process, and if not call listener_accept() to achieve the accept.
2018-11-06 11:37:16 -05:00
/* This is a wrapper for the sockpair FD, It tests if the socket received an
* EOF, if not, it calls listener_accept */
void mworker_accept_wrapper(int fd)
MAJOR: threads/fd: Make fd stuffs thread-safe Many changes have been made to do so. First, the fd_updt array, where all pending FDs for polling are stored, is now a thread-local array. Then 3 locks have been added to protect, respectively, the fdtab array, the fd_cache array and poll information. In addition, a lock for each entry in the fdtab array has been added to protect all accesses to a specific FD or its information. For pollers, according to the poller, the way to manage the concurrency is different. There is a poller loop on each thread. So the set of monitored FDs may need to be protected. epoll and kqueue are thread-safe per-se, so there few things to do to protect these pollers. This is not possible with select and poll, so there is no sharing between the threads. The poller on each thread is independant from others. Finally, per-thread init/deinit functions are used for each pollers and for FD part for manage thread-local ressources. Now, you must be carefull when a FD is created during the HAProxy startup. All update on the FD state must be made in the threads context and never before their creation. This is mandatory because fd_updt array is thread-local and initialized only for threads. Because there is no pollers for the main one, this array remains uninitialized in this context. For this reason, listeners are now enabled in run_thread_poll_loop function, just like the worker pipe.
2017-05-29 04:40:41 -04:00
{
char c;
MEDIUM: mworker: leave when the master die When the master die, the worker should exit too, this is achieved by checking if the FD of the socketpair/pipe was closed between the master and the worker. In the former architecture of the master-worker, there was only a pipe between the master and the workers, and it was easy to check an EOF on the pipe FD to exit() the worker. With the new architecture, we use a socketpair by process, and this socketpair is also used to accept new connections with the listener_accept() callback. This accept callback can't handle the EOF and the exit of the process, because it's very specific to the master worker. This is why we transformed the mworker_pipe_handler() function in a wrapper which check if there is an EOF and exit the process, and if not call listener_accept() to achieve the accept.
2018-11-06 11:37:16 -05:00
int ret;
MAJOR: threads/fd: Make fd stuffs thread-safe Many changes have been made to do so. First, the fd_updt array, where all pending FDs for polling are stored, is now a thread-local array. Then 3 locks have been added to protect, respectively, the fdtab array, the fd_cache array and poll information. In addition, a lock for each entry in the fdtab array has been added to protect all accesses to a specific FD or its information. For pollers, according to the poller, the way to manage the concurrency is different. There is a poller loop on each thread. So the set of monitored FDs may need to be protected. epoll and kqueue are thread-safe per-se, so there few things to do to protect these pollers. This is not possible with select and poll, so there is no sharing between the threads. The poller on each thread is independant from others. Finally, per-thread init/deinit functions are used for each pollers and for FD part for manage thread-local ressources. Now, you must be carefull when a FD is created during the HAProxy startup. All update on the FD state must be made in the threads context and never before their creation. This is mandatory because fd_updt array is thread-local and initialized only for threads. Because there is no pollers for the main one, this array remains uninitialized in this context. For this reason, listeners are now enabled in run_thread_poll_loop function, just like the worker pipe.
2017-05-29 04:40:41 -04:00
MEDIUM: mworker: leave when the master die When the master die, the worker should exit too, this is achieved by checking if the FD of the socketpair/pipe was closed between the master and the worker. In the former architecture of the master-worker, there was only a pipe between the master and the workers, and it was easy to check an EOF on the pipe FD to exit() the worker. With the new architecture, we use a socketpair by process, and this socketpair is also used to accept new connections with the listener_accept() callback. This accept callback can't handle the EOF and the exit of the process, because it's very specific to the master worker. This is why we transformed the mworker_pipe_handler() function in a wrapper which check if there is an EOF and exit the process, and if not call listener_accept() to achieve the accept.
2018-11-06 11:37:16 -05:00
while (1) {
ret = recv(fd, &c, 1, MSG_PEEK);
if (ret == -1) {
if (errno == EINTR)
continue;
if (errno == EAGAIN) {
fd_cant_recv(fd);
return;
}
break;
} else if (ret > 0) {
listener_accept(fd);
MAJOR: threads/fd: Make fd stuffs thread-safe Many changes have been made to do so. First, the fd_updt array, where all pending FDs for polling are stored, is now a thread-local array. Then 3 locks have been added to protect, respectively, the fdtab array, the fd_cache array and poll information. In addition, a lock for each entry in the fdtab array has been added to protect all accesses to a specific FD or its information. For pollers, according to the poller, the way to manage the concurrency is different. There is a poller loop on each thread. So the set of monitored FDs may need to be protected. epoll and kqueue are thread-safe per-se, so there few things to do to protect these pollers. This is not possible with select and poll, so there is no sharing between the threads. The poller on each thread is independant from others. Finally, per-thread init/deinit functions are used for each pollers and for FD part for manage thread-local ressources. Now, you must be carefull when a FD is created during the HAProxy startup. All update on the FD state must be made in the threads context and never before their creation. This is mandatory because fd_updt array is thread-local and initialized only for threads. Because there is no pollers for the main one, this array remains uninitialized in this context. For this reason, listeners are now enabled in run_thread_poll_loop function, just like the worker pipe.
2017-05-29 04:40:41 -04:00
return;
MEDIUM: mworker: leave when the master die When the master die, the worker should exit too, this is achieved by checking if the FD of the socketpair/pipe was closed between the master and the worker. In the former architecture of the master-worker, there was only a pipe between the master and the workers, and it was easy to check an EOF on the pipe FD to exit() the worker. With the new architecture, we use a socketpair by process, and this socketpair is also used to accept new connections with the listener_accept() callback. This accept callback can't handle the EOF and the exit of the process, because it's very specific to the master worker. This is why we transformed the mworker_pipe_handler() function in a wrapper which check if there is an EOF and exit the process, and if not call listener_accept() to achieve the accept.
2018-11-06 11:37:16 -05:00
} else if (ret == 0) {
/* At this step the master is down before
* this worker perform a 'normal' exit.
* So we want to exit with an error but
* other threads could currently process
* some stuff so we can't perform a clean
* deinit().
*/
exit(EXIT_FAILURE);
MAJOR: threads/fd: Make fd stuffs thread-safe Many changes have been made to do so. First, the fd_updt array, where all pending FDs for polling are stored, is now a thread-local array. Then 3 locks have been added to protect, respectively, the fdtab array, the fd_cache array and poll information. In addition, a lock for each entry in the fdtab array has been added to protect all accesses to a specific FD or its information. For pollers, according to the poller, the way to manage the concurrency is different. There is a poller loop on each thread. So the set of monitored FDs may need to be protected. epoll and kqueue are thread-safe per-se, so there few things to do to protect these pollers. This is not possible with select and poll, so there is no sharing between the threads. The poller on each thread is independant from others. Finally, per-thread init/deinit functions are used for each pollers and for FD part for manage thread-local ressources. Now, you must be carefull when a FD is created during the HAProxy startup. All update on the FD state must be made in the threads context and never before their creation. This is mandatory because fd_updt array is thread-local and initialized only for threads. Because there is no pollers for the main one, this array remains uninitialized in this context. For this reason, listeners are now enabled in run_thread_poll_loop function, just like the worker pipe.
2017-05-29 04:40:41 -04:00
}
}
return;
}
MEDIUM: mworker: leave when the master die When the master die, the worker should exit too, this is achieved by checking if the FD of the socketpair/pipe was closed between the master and the worker. In the former architecture of the master-worker, there was only a pipe between the master and the workers, and it was easy to check an EOF on the pipe FD to exit() the worker. With the new architecture, we use a socketpair by process, and this socketpair is also used to accept new connections with the listener_accept() callback. This accept callback can't handle the EOF and the exit of the process, because it's very specific to the master worker. This is why we transformed the mworker_pipe_handler() function in a wrapper which check if there is an EOF and exit the process, and if not call listener_accept() to achieve the accept.
2018-11-06 11:37:16 -05:00
/*
* This function register the accept wrapper for the sockpair of the master worker
*/
BUG/MEDIUM: threads/mworker: fix a race on startup Marc Fournier reported an interesting case when using threads with the master-worker mode : sometimes, a listener would have its FD closed during startup. Sometimes it could even be health checks seeing this. What happens is that after the threads are created, and the pollers enabled on each threads, the master-worker pipe is registered, and at the same time a close() is performed on the write side of this pipe since the children must not use it. But since this is replicated in every thread, what happens is that the first thread closes the pipe, thus releases the FD, and the next thread starting a listener in parallel gets this FD reassigned. Then another thread closes the FD again, which this time corresponds to the listener. It can also happen with the health check sockets if they're started early enough. This patch splits the mworker_pipe_register() function in two, so that the close() of the write side of the FD is performed very early after the fork() and long before threads are created (we don't need to delay it anyway). Only the pipe registration is done in the threaded code since it is important that the pollers are properly allocated for this. The mworker_pipe_register() function now takes care of registering the pipe only once, and this is guaranteed by a new surrounding lock. The call to protocol_enable_all() looks fragile in theory since it scans the list of proxies and their listeners, though in practice all threads scan the same list and take the same locks for each listener so it's not possible that any of them escapes the process and finishes before all listeners are started. And the operation is idempotent. This fix must be backported to 1.8. Thanks to Marc for providing very detailed traces clearly showing the problem.
2018-01-23 13:01:49 -05:00
void mworker_pipe_register()
MAJOR: threads/fd: Make fd stuffs thread-safe Many changes have been made to do so. First, the fd_updt array, where all pending FDs for polling are stored, is now a thread-local array. Then 3 locks have been added to protect, respectively, the fdtab array, the fd_cache array and poll information. In addition, a lock for each entry in the fdtab array has been added to protect all accesses to a specific FD or its information. For pollers, according to the poller, the way to manage the concurrency is different. There is a poller loop on each thread. So the set of monitored FDs may need to be protected. epoll and kqueue are thread-safe per-se, so there few things to do to protect these pollers. This is not possible with select and poll, so there is no sharing between the threads. The poller on each thread is independant from others. Finally, per-thread init/deinit functions are used for each pollers and for FD part for manage thread-local ressources. Now, you must be carefull when a FD is created during the HAProxy startup. All update on the FD state must be made in the threads context and never before their creation. This is mandatory because fd_updt array is thread-local and initialized only for threads. Because there is no pollers for the main one, this array remains uninitialized in this context. For this reason, listeners are now enabled in run_thread_poll_loop function, just like the worker pipe.
2017-05-29 04:40:41 -04:00
{
MEDIUM: mworker: leave when the master die When the master die, the worker should exit too, this is achieved by checking if the FD of the socketpair/pipe was closed between the master and the worker. In the former architecture of the master-worker, there was only a pipe between the master and the workers, and it was easy to check an EOF on the pipe FD to exit() the worker. With the new architecture, we use a socketpair by process, and this socketpair is also used to accept new connections with the listener_accept() callback. This accept callback can't handle the EOF and the exit of the process, because it's very specific to the master worker. This is why we transformed the mworker_pipe_handler() function in a wrapper which check if there is an EOF and exit the process, and if not call listener_accept() to achieve the accept.
2018-11-06 11:37:16 -05:00
/* The iocb should be already initialized with listener_accept */
BUG/MEDIUM: mworker: does not abort() in mworker_pipe_register() The process was aborting with nbthread > 1. The mworker_pipe_register() could be called several time in multithread mode, we don't want to abort() there.
2018-11-07 02:38:32 -05:00
if (fdtab[proc_self->ipc_fd[1]].iocb == mworker_accept_wrapper)
return;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
fcntl(proc_self->ipc_fd[1], F_SETFL, O_NONBLOCK);
BUG/MEDIUM: mworker: segfault receiving SIGUSR1 followed by SIGTERM. This bug appeared only if nbthread > 1. Handling the pipe with the master, multiple threads of the same worker could process the deinit(). In addition, deinit() was called while some other threads were still performing some tasks. This patch assign the handler of the pipe with master to only the first thread and removes the call to deinit() before exiting with an error. This patch should be backported in v1.8.
2018-10-11 09:27:07 -04:00
/* In multi-tread, we need only one thread to process
* events on the pipe with master
*/
BUG/MEDIUM: cli: crash when trying to access a worker When using the CLI proxy of the master and trying to access a worker with the @ prefix, the worker just crash. The commit 7216032 ("MEDIUM: mworker: leave when the master die") reintroduced the old code of the pipe, which was not trying to access the pointers before. The owner of the FD was modified to a different value, this is a problem since we call listener_accept() in most cases now from the mworker_accept_wrapper() and it casts the owner variable to get the listener. This patch fix the issue by setting back the previous owner of the FD.
2018-11-08 06:00:14 -05:00
fd_insert(proc_self->ipc_fd[1], fdtab[proc_self->ipc_fd[1]].owner, mworker_accept_wrapper, 1);
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
fd_want_recv(proc_self->ipc_fd[1]);
MAJOR: threads/fd: Make fd stuffs thread-safe Many changes have been made to do so. First, the fd_updt array, where all pending FDs for polling are stored, is now a thread-local array. Then 3 locks have been added to protect, respectively, the fdtab array, the fd_cache array and poll information. In addition, a lock for each entry in the fdtab array has been added to protect all accesses to a specific FD or its information. For pollers, according to the poller, the way to manage the concurrency is different. There is a poller loop on each thread. So the set of monitored FDs may need to be protected. epoll and kqueue are thread-safe per-se, so there few things to do to protect these pollers. This is not possible with select and poll, so there is no sharing between the threads. The poller on each thread is independant from others. Finally, per-thread init/deinit functions are used for each pollers and for FD part for manage thread-local ressources. Now, you must be carefull when a FD is created during the HAProxy startup. All update on the FD state must be made in the threads context and never before their creation. This is mandatory because fd_updt array is thread-local and initialized only for threads. Because there is no pollers for the main one, this array remains uninitialized in this context. For this reason, listeners are now enabled in run_thread_poll_loop function, just like the worker pipe.
2017-05-29 04:40:41 -04:00
}
MINOR: threads: Define the sync-point inside run_poll_loop The function sync_poll_loop is called at the end of each loop inside run_poll_loop function. It is a protected area where all threads have a chance to execute tricky tasks with the warranty that no concurrent access is possible. Of course, it comes with a cost because all threads must be syncrhonized. So changes must be uncommon.
2017-10-19 05:59:44 -04:00
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
/* Runs the polling loop */
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void run_poll_loop()
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
{
MINOR: global: add some global activity counters to help debugging A number of counters have been added at special places helping better understanding certain bug reports. These counters are maintained per thread and are shown using "show activity" on the CLI. The "clear counters" commands also reset these counters. The output is sent as a single write(), which currently produces up to about 7 kB of data for 64 threads. If more counters are added, it may be necessary to write into multiple buffers, or to reset the counters. To backport to 1.8 to help collect more detailed bug reports.
2018-01-20 13:30:13 -05:00
int next, exp;
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
[MEDIUM] further improve monotonic clock by check forward jumps The first implementation of the monotonic clock did not verify forward jumps. The consequence is that a fast changing time may expire a lot of tasks. While it does seem minor, in fact it is problematic because most machines which boot with a wrong date are in the past and suddenly see their time jump by several years in the future. The solution is to check if we spent more apparent time in a poller than allowed (with a margin applied). The margin is currently set to 1000 ms. It should be large enough for any poll() to complete. Tests with randomly jumping clock show that the result is quite accurate (error less than 1 second at every change of more than one second).
2008-06-23 08:00:57 -04:00
tv_update_date(0,1);
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
while (1) {
MAJOR: poll: only rely on wake_expired_tasks() to compute the wait delay Actually, HAProxy uses the function "process_runnable_tasks" and "wake_expired_tasks" to get the next task which can expires. If a task is added with "task_schedule" or other method during the execution of an other task, the expiration of this new task is not taken into account, and the execution of this task can be too late. Actualy, HAProxy seems to be no sensitive to this bug. This fix moves the call to process_runnable_tasks() before the timeout calculation and ensures that all wakeups are processed together. Only wake_expired_tasks() needs to return a timeout now.
2014-12-15 07:26:01 -05:00
/* Process a few tasks */
process_runnable_tasks();
BUG/MEDIUM: threads: handle signal queue only in thread 0 Signals were handled in all threads which caused some signals to be lost from time to time. To avoid complicated lock system (threads+signals), we prefer handling the signals in one thread avoiding concurrent access. The side effect of this bug was that some process were not leaving from time to time during a reload. This patch must be backported in 1.8.
2018-06-07 03:46:01 -04:00
/* check if we caught some signals and process them in the
first thread */
if (tid == 0)
signal_process_queue();
[MEDIUM] call signal_process_queue from run_poll_loop Now we check for asynchronous pending signals. There's no user yet so this cannot cause any trouble.
2009-05-10 03:01:21 -04:00
[MAJOR] use an ebtree instead of a list for the run queue We now insert tasks in a certain sequence in the run queue. The sorting key currently is the arrival order. It will now be possible to apply a "nice" value to any task so that it goes forwards or backwards in the run queue. The calls to wake_expired_tasks() and maintain_proxies() have been moved to the main run_poll_loop(), because they had nothing to do in process_runnable_tasks(). The task_wakeup() function is not inlined anymore, as it was only used at one place. The qlist member of the task structure has been removed now. The run_queue list has been replaced for an integer indicating the number of tasks in the run queue.
2008-06-29 16:40:23 -04:00
/* Check if we can expire some tasks */
MAJOR: poll: only rely on wake_expired_tasks() to compute the wait delay Actually, HAProxy uses the function "process_runnable_tasks" and "wake_expired_tasks" to get the next task which can expires. If a task is added with "task_schedule" or other method during the execution of an other task, the expiration of this new task is not taken into account, and the execution of this task can be too late. Actualy, HAProxy seems to be no sensitive to this bug. This fix moves the call to process_runnable_tasks() before the timeout calculation and ensures that all wakeups are processed together. Only wake_expired_tasks() needs to return a timeout now.
2014-12-15 07:26:01 -05:00
next = wake_expired_tasks();
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
MEDIUM: haproxy: don't use sync_poll_loop() anymore in the main loop This partially reverts commit d8fd2af ("BUG/MEDIUM: threads: Use the sync point to check active jobs and exit") which used to address an issue in the way the sync point used to check for present threads, which was later addressed by commit ddb6c16 ("BUG/MEDIUM: threads: Fix the exit condition of the thread barrier"). Thus there is no need anymore to use the sync point for exiting and we can completely remove this call in the main loop.
2018-08-02 04:54:31 -04:00
/* stop when there's nothing left to do */
MEDIUM: jobs: support unstoppable jobs for soft stop This patch allows a process to properly quit when some jobs are still active, this feature is handled by the unstoppable_jobs variable, which must be atomically incremented. During each new iteration of run_poll_loop() the break condition of the loop is now (jobs - unstoppable_jobs) == 0. The unique usage of this at the moment is to handle the socketpair CLI of a the worker during the stopping of the process. During the soft stop, we could mark the CLI listener as an unstoppable job and still handle new connections till every other jobs are stopped.
2018-11-16 10:57:20 -05:00
if ((jobs - unstoppable_jobs) == 0)
MEDIUM: haproxy: don't use sync_poll_loop() anymore in the main loop This partially reverts commit d8fd2af ("BUG/MEDIUM: threads: Use the sync point to check active jobs and exit") which used to address an issue in the way the sync point used to check for present threads, which was later addressed by commit ddb6c16 ("BUG/MEDIUM: threads: Fix the exit condition of the thread barrier"). Thus there is no need anymore to use the sync point for exiting and we can completely remove this call in the main loop.
2018-08-02 04:54:31 -04:00
break;
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
CLEANUP: poll: move the conditions for waiting out of the poll functions The poll() functions have become a bit dirty because they now check the size of the signal queue, the FD cache and the number of tasks. It's not their job, this must be moved to the caller. In the end it simplifies the code because the expiration date is now set to now_ms if we must not wait, and this achieves in exactly the same result and is cleaner. The change looks large due to the change of indent for blocks which were inside an "if" block.
2015-04-13 14:44:19 -04:00
/* expire immediately if events are pending */
MINOR: global: add some global activity counters to help debugging A number of counters have been added at special places helping better understanding certain bug reports. These counters are maintained per thread and are shown using "show activity" on the CLI. The "clear counters" commands also reset these counters. The output is sent as a single write(), which currently produces up to about 7 kB of data for 64 threads. If more counters are added, it may be necessary to write into multiple buffers, or to reset the counters. To backport to 1.8 to help collect more detailed bug reports.
2018-01-20 13:30:13 -05:00
exp = now_ms;
BUG/MEDIUM: threads/polling: Use fd_cache_mask instead of fd_cache_num fd_cache_num is the number of FDs in the FD cache. It is a global variable. So it is underoptimized because we may be lead to consider there are waiting FDs for the current thread in the FD cache while in fact all FDs are assigned to the other threads. So, in such cases, the polling loop will be evaluated many more times than necessary. Instead, we now check if the thread id is set in the bitfield fd_cache_mask. [wt: it's not exactly a bug, rather a design limitation of the thread which was not addressed in time for the 1.8 release. It can appear more often than we initially predicted, when more threads are running than the number of assigned CPU cores, or when certain threads spend milliseconds computing crypto keys while other threads spin on epoll_wait(0)=0] This patch should be backported to 1.8.
2018-01-15 06:16:34 -05:00
if (fd_cache_mask & tid_bit)
MINOR: global: add some global activity counters to help debugging A number of counters have been added at special places helping better understanding certain bug reports. These counters are maintained per thread and are shown using "show activity" on the CLI. The "clear counters" commands also reset these counters. The output is sent as a single write(), which currently produces up to about 7 kB of data for 64 threads. If more counters are added, it may be necessary to write into multiple buffers, or to reset the counters. To backport to 1.8 to help collect more detailed bug reports.
2018-01-20 13:30:13 -05:00
activity[tid].wake_cache++;
else if (active_tasks_mask & tid_bit)
activity[tid].wake_tasks++;
BUG/MEDIUM: threads: handle signal queue only in thread 0 Signals were handled in all threads which caused some signals to be lost from time to time. To avoid complicated lock system (threads+signals), we prefer handling the signals in one thread avoiding concurrent access. The side effect of this bug was that some process were not leaving from time to time during a reload. This patch must be backported in 1.8.
2018-06-07 03:46:01 -04:00
else if (signal_queue_len && tid == 0)
MINOR: global: add some global activity counters to help debugging A number of counters have been added at special places helping better understanding certain bug reports. These counters are maintained per thread and are shown using "show activity" on the CLI. The "clear counters" commands also reset these counters. The output is sent as a single write(), which currently produces up to about 7 kB of data for 64 threads. If more counters are added, it may be necessary to write into multiple buffers, or to reset the counters. To backport to 1.8 to help collect more detailed bug reports.
2018-01-20 13:30:13 -05:00
activity[tid].wake_signal++;
MINOR: pollers: Add a way to wake a thread sleeping in the poller. Add a new pipe, one per thread, so that we can write on it to wake a thread sleeping in a poller, and use it to wake threads supposed to take care of a task, if they are all sleeping.
2018-07-26 11:55:11 -04:00
else {
HA_ATOMIC_OR(&sleeping_thread_mask, tid_bit);
__ha_barrier_store();
if (active_tasks_mask & tid_bit) {
activity[tid].wake_tasks++;
HA_ATOMIC_AND(&sleeping_thread_mask, ~tid_bit);
} else
exp = next;
}
CLEANUP: poll: move the conditions for waiting out of the poll functions The poll() functions have become a bit dirty because they now check the size of the signal queue, the FD cache and the number of tasks. It's not their job, this must be moved to the caller. In the end it simplifies the code because the expiration date is now set to now_ms if we must not wait, and this achieves in exactly the same result and is cleaner. The change looks large due to the change of indent for blocks which were inside an "if" block.
2015-04-13 14:44:19 -04:00
[MAJOR] use an ebtree instead of a list for the run queue We now insert tasks in a certain sequence in the run queue. The sorting key currently is the arrival order. It will now be possible to apply a "nice" value to any task so that it goes forwards or backwards in the run queue. The calls to wake_expired_tasks() and maintain_proxies() have been moved to the main run_poll_loop(), because they had nothing to do in process_runnable_tasks(). The task_wakeup() function is not inlined anymore, as it was only used at one place. The qlist member of the task structure has been removed now. The run_queue list has been replaced for an integer indicating the number of tasks in the run queue.
2008-06-29 16:40:23 -04:00
/* The poller will ensure it returns around <next> */
MINOR: global: add some global activity counters to help debugging A number of counters have been added at special places helping better understanding certain bug reports. These counters are maintained per thread and are shown using "show activity" on the CLI. The "clear counters" commands also reset these counters. The output is sent as a single write(), which currently produces up to about 7 kB of data for 64 threads. If more counters are added, it may be necessary to write into multiple buffers, or to reset the counters. To backport to 1.8 to help collect more detailed bug reports.
2018-01-20 13:30:13 -05:00
cur_poller.poll(&cur_poller, exp);
MINOR: pollers: Add a way to wake a thread sleeping in the poller. Add a new pipe, one per thread, so that we can write on it to wake a thread sleeping in a poller, and use it to wake threads supposed to take care of a task, if they are all sleeping.
2018-07-26 11:55:11 -04:00
if (sleeping_thread_mask & tid_bit)
HA_ATOMIC_AND(&sleeping_thread_mask, ~tid_bit);
REORG: polling: rename "fd_process_spec_events()" to "fd_process_cached_events()" This is in order to be coherent with the rest.
2014-01-25 13:24:15 -05:00
fd_process_cached_events();
MAJOR: servers: propagate server status changes asynchronously. In order to prepare multi-thread development, code was re-worked to propagate changes asynchronoulsy. Servers with pending status changes are registered in a list and this one is processed and emptied only once 'run poll' loop. Operational status changes are performed before administrative status changes. In a case of multiple operational status change or admin status change in the same 'run poll' loop iteration, those changes are merged to reach only the targeted status.
2017-10-03 08:46:45 -04:00
MINOR: global: add some global activity counters to help debugging A number of counters have been added at special places helping better understanding certain bug reports. These counters are maintained per thread and are shown using "show activity" on the CLI. The "clear counters" commands also reset these counters. The output is sent as a single write(), which currently produces up to about 7 kB of data for 64 threads. If more counters are added, it may be necessary to write into multiple buffers, or to reset the counters. To backport to 1.8 to help collect more detailed bug reports.
2018-01-20 13:30:13 -05:00
activity[tid].loops++;
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
}
}
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
static void *run_thread_poll_loop(void *data)
{
struct per_thread_init_fct *ptif;
struct per_thread_deinit_fct *ptdf;
MINOR: threads: Use __decl_hathreads instead of #ifdef/#endif A #ifdef/#endif on USE_THREAD was added in the commit 0048dd04 ("MINOR: threads: Fix build when we're not compiling with threads.") to conditionally define the start_lock variable, because HA_SPINLOCK_T is only defined when HAProxy is compiled with threads. If fact, to do that, we should use the macro __decl_hathreads instead. If commit 0048dd04 is backported in 1.8, this one can also be backported.
2018-01-25 10:10:16 -05:00
__decl_hathreads(static HA_SPINLOCK_T start_lock);
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
MINOR: threads: add more consistency between certain variables in no-thread case When threads are disabled, some variables such as tid and tid_bit are still checked everywhere, the MAX_THREADS_MASK macro is ~0UL while MAX_THREADS is 1, and the all_threads_mask variable is replaced with a macro forced to zero. The compiler cannot optimize away all this code involving checks on tid and tid_bit, and we end up in special cases where all_threads_mask has to be specifically tested for being zero or not. It is not even certain the code paths are always equivalent when testing without threads and with nbthread 1. Let's change this to make sure we always present a single thread when threads are disabled, and have the relevant values declared as constants so that the compiler can optimize all the tests away. Now we have MAX_THREADS_MASK set to 1, all_threads_mask set to 1, tid set to zero and tid_bit set to 1. Doing just this has removed 4 kB of code in the no-thread case. A few checks for all_threads_mask==0 have been removed since it never happens anymore.
2018-08-01 13:12:20 -04:00
ha_set_tid(*((unsigned int *)data));
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
tv_update_date(-1,-1);
list_for_each_entry(ptif, &per_thread_init_list, list) {
if (!ptif->fct()) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("failed to initialize thread %u.\n", tid);
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
exit(1);
}
}
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
if ((global.mode & MODE_MWORKER) && master == 0) {
BUG/MEDIUM: threads/mworker: fix a race on startup Marc Fournier reported an interesting case when using threads with the master-worker mode : sometimes, a listener would have its FD closed during startup. Sometimes it could even be health checks seeing this. What happens is that after the threads are created, and the pollers enabled on each threads, the master-worker pipe is registered, and at the same time a close() is performed on the write side of this pipe since the children must not use it. But since this is replicated in every thread, what happens is that the first thread closes the pipe, thus releases the FD, and the next thread starting a listener in parallel gets this FD reassigned. Then another thread closes the FD again, which this time corresponds to the listener. It can also happen with the health check sockets if they're started early enough. This patch splits the mworker_pipe_register() function in two, so that the close() of the write side of the FD is performed very early after the fork() and long before threads are created (we don't need to delay it anyway). Only the pipe registration is done in the threaded code since it is important that the pollers are properly allocated for this. The mworker_pipe_register() function now takes care of registering the pipe only once, and this is guaranteed by a new surrounding lock. The call to protocol_enable_all() looks fragile in theory since it scans the list of proxies and their listeners, though in practice all threads scan the same list and take the same locks for each listener so it's not possible that any of them escapes the process and finishes before all listeners are started. And the operation is idempotent. This fix must be backported to 1.8. Thanks to Marc for providing very detailed traces clearly showing the problem.
2018-01-23 13:01:49 -05:00
HA_SPIN_LOCK(START_LOCK, &start_lock);
mworker_pipe_register();
HA_SPIN_UNLOCK(START_LOCK, &start_lock);
}
MAJOR: threads/fd: Make fd stuffs thread-safe Many changes have been made to do so. First, the fd_updt array, where all pending FDs for polling are stored, is now a thread-local array. Then 3 locks have been added to protect, respectively, the fdtab array, the fd_cache array and poll information. In addition, a lock for each entry in the fdtab array has been added to protect all accesses to a specific FD or its information. For pollers, according to the poller, the way to manage the concurrency is different. There is a poller loop on each thread. So the set of monitored FDs may need to be protected. epoll and kqueue are thread-safe per-se, so there few things to do to protect these pollers. This is not possible with select and poll, so there is no sharing between the threads. The poller on each thread is independant from others. Finally, per-thread init/deinit functions are used for each pollers and for FD part for manage thread-local ressources. Now, you must be carefull when a FD is created during the HAProxy startup. All update on the FD state must be made in the threads context and never before their creation. This is mandatory because fd_updt array is thread-local and initialized only for threads. Because there is no pollers for the main one, this array remains uninitialized in this context. For this reason, listeners are now enabled in run_thread_poll_loop function, just like the worker pipe.
2017-05-29 04:40:41 -04:00
protocol_enable_all();
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
run_poll_loop();
list_for_each_entry(ptdf, &per_thread_deinit_list, list)
ptdf->fct();
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
#ifdef USE_THREAD
BUG/BUILD: threads: unbreak build without threads The build without threads was once again broken. This issue was introduced in commit ba86c6c ("MINOR: threads: Be sure to remove threads from all_threads_mask on exit"). This is exactly the same problem as last time it happened, because of all_threads_mask not being defined with USE_THREAD= This must be backported in 1.8
2018-06-24 03:37:03 -04:00
HA_ATOMIC_AND(&all_threads_mask, ~tid_bit);
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
if (tid > 0)
pthread_exit(NULL);
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
#endif
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
return NULL;
}
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
[MEDIUM] listeners: add a global listener management task This global task is used to periodically check for end of resource shortage and to try to enable queued listeners again. This is important in case some temporary system-wide shortage is encountered, so that we don't have to wait for an existing connection to be released before checking the queue again. For situations where listeners are queued due to the global maxconn being reached, the task is woken up at least every second. For situations where a system resource shortage is detected (memory, sockets, ...) the task is woken up at least every 100 ms. That way, recovery from severe events can still be achieved under acceptable conditions.
2011-08-01 14:57:55 -04:00
/* This is the global management task for listeners. It enables listeners waiting
* for global resources when there are enough free resource, or at least once in
* a while. It is designed to be called as a task.
*/
MINOR: tasks: Change the task API so that the callback takes 3 arguments. In preparation for thread-specific runqueues, change the task API so that the callback takes 3 arguments, the task itself, the context, and the state, those were retrieved from the task before. This will allow these elements to change atomically in the scheduler while the application uses the copied value, and even to have NULL tasks later.
2018-05-25 08:04:04 -04:00
static struct task *manage_global_listener_queue(struct task *t, void *context, unsigned short state)
[MEDIUM] listeners: add a global listener management task This global task is used to periodically check for end of resource shortage and to try to enable queued listeners again. This is important in case some temporary system-wide shortage is encountered, so that we don't have to wait for an existing connection to be released before checking the queue again. For situations where listeners are queued due to the global maxconn being reached, the task is woken up at least every second. For situations where a system resource shortage is detected (memory, sockets, ...) the task is woken up at least every 100 ms. That way, recovery from severe events can still be achieved under acceptable conditions.
2011-08-01 14:57:55 -04:00
{
int next = TICK_ETERNITY;
/* queue is empty, nothing to do */
if (LIST_ISEMPTY(&global_listener_queue))
goto out;
/* If there are still too many concurrent connections, let's wait for
* some of them to go away. We don't need to re-arm the timer because
* each of them will scan the queue anyway.
*/
if (unlikely(actconn >= global.maxconn))
goto out;
/* We should periodically try to enable listeners waiting for a global
* resource here, because it is possible, though very unlikely, that
* they have been blocked by a temporary lack of global resource such
* as a file descriptor or memory and that the temporary condition has
* disappeared.
*/
[CLEANUP] remove a useless test in manage_global_listener_queue() The test for the empty list was done twice.
2011-09-07 08:26:33 -04:00
dequeue_all_listeners(&global_listener_queue);
[MEDIUM] listeners: add a global listener management task This global task is used to periodically check for end of resource shortage and to try to enable queued listeners again. This is important in case some temporary system-wide shortage is encountered, so that we don't have to wait for an existing connection to be released before checking the queue again. For situations where listeners are queued due to the global maxconn being reached, the task is woken up at least every second. For situations where a system resource shortage is detected (memory, sockets, ...) the task is woken up at least every 100 ms. That way, recovery from severe events can still be achieved under acceptable conditions.
2011-08-01 14:57:55 -04:00
out:
t->expire = next;
task_queue(t);
return t;
}
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
int main(int argc, char **argv)
{
int err, retry;
struct rlimit limit;
[MEDIUM] Enhance message errors management on binds
2010-10-22 10:06:11 -04:00
char errmsg[100];
BUG/MEDIUM: workaround an eglibc bug which truncates the pidfiles when nbproc > 1 Thomas Heil reported that when using nbproc > 1, his pidfiles were regularly truncated. The issue could be tracked down to the presence of a call to lseek(pidfile, 0, SEEK_SET) just before the close() call in the children, resulting in the file being truncated by the children while the parent was feeding it. This unexpected lseek() is transparently performed by fclose(). Since there is no way to have the file automatically closed during the fork, the only solution is to bypass the libc and use open/write/close instead of fprintf() and fclose(). The issue was observed on eglibc 2.15.
2012-09-05 02:02:48 -04:00
int pidfd = -1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: init: make stdout unbuffered printf is unusable for debugging without this, and printf() is not used for anything else.
2018-02-03 09:15:21 -05:00
setvbuf(stdout, NULL, _IONBF, 0);
MINOR: init: process all initcalls in order at boot time main() now iterates over all initcall stages at boot time. This will allow to move init code from constructors to initcalls.
2018-11-25 12:43:29 -05:00
MINOR: config: make MAX_PROCS configurable at build time For some embedded systems, it's pointless to have 32- or even 64- large arrays of processes when it's known that much fewer processes will be used in the worst case. Let's introduce this MAX_PROCS define which contains the highest number of processes allowed to run at once. It still defaults to LONGBITS but may be lowered.
2019-02-07 04:39:36 -05:00
/* this can only safely be done here, though it's optimized away by
* the compiler.
*/
if (MAX_PROCS < 1 || MAX_PROCS > LONGBITS) {
ha_alert("MAX_PROCS value must be between 1 and %d inclusive; "
"HAProxy was built with value %d, please fix it and rebuild.\n",
LONGBITS, MAX_PROCS);
exit(1);
}
MINOR: init: process all initcalls in order at boot time main() now iterates over all initcall stages at boot time. This will allow to move init code from constructors to initcalls.
2018-11-25 12:43:29 -05:00
/* process all initcalls in order of potential dependency */
RUN_INITCALLS(STG_PREPARE);
RUN_INITCALLS(STG_LOCK);
RUN_INITCALLS(STG_ALLOC);
RUN_INITCALLS(STG_POOL);
RUN_INITCALLS(STG_REGISTER);
RUN_INITCALLS(STG_INIT);
[MEDIUM] Enhance message errors management on binds
2010-10-22 10:06:11 -04:00
init(argc, argv);
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
signal_register_fct(SIGQUIT, dump, SIGQUIT);
signal_register_fct(SIGUSR1, sig_soft_stop, SIGUSR1);
signal_register_fct(SIGHUP, sig_dump_state, SIGHUP);
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
signal_register_fct(SIGUSR2, NULL, 0);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[BUG] init: unconditionally catch SIGPIPE Apparently some systems define MSG_NOSIGNAL but do not necessarily check it (or maybe binaries are built somewhere and used on older versions). There were reports of very recent FreeBSD setups causing SIGPIPEs, while older ones catch the signal. Recent FreeBSD manpages indeed define MSG_NOSIGNAL. So let's now unconditionnaly catch the signal. It's useless not to do it for the rare cases where it's not needed (linux 2.4 and below).
2010-03-17 13:02:46 -04:00
/* Always catch SIGPIPE even on platforms which define MSG_NOSIGNAL.
* Some recent FreeBSD setups report broken pipes, and MSG_NOSIGNAL
* was defined there, so let's stay on the safe side.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
signal_register_fct(SIGPIPE, NULL, 0);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
/* ulimits */
if (!global.rlimit_nofile)
global.rlimit_nofile = global.maxsock;
if (global.rlimit_nofile) {
limit.rlim_cur = limit.rlim_max = global.rlimit_nofile;
if (setrlimit(RLIMIT_NOFILE, &limit) == -1) {
BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual limits global.rlimit_nofile contains the mxa number of file descriptors that can be allocated, except if the user is not allowed to reach this limit, where it still contains the initially requested value. It is important that this value always matches what is really configured so that it is properly reported in the stats and that we can use it later to close all FDs without wasting time closing impossible FDs. This fix may be backported to 1.6 and 1.5.
2016-06-21 05:48:18 -04:00
/* try to set it to the max possible at least */
getrlimit(RLIMIT_NOFILE, &limit);
BUG/MINOR: init: ensure that FD limit is raised to the max allowed When the requested amount of FDs cannot be allocated, setrlimit() fails. That's bad because if the limit is set to 1024 and we need 10000, we stay on 1024 while we could possibly raise it to 4096 thanks to rlim_max. This patch takes care of trying to assign rlim_cur to rlim_max on failure so that we get as much as possible if we can't get all we need. The case is particularly visible when starting haproxy as a non-privileged user and a large maxconn is specified in the configuration. Another point of doing this is that it is the only way to allow us to close inherited FDs upon fork(), ie those between rlim_cur and rlim_max. This patch may be backported to 1.6 and 1.5.
2016-06-21 05:51:59 -04:00
limit.rlim_cur = limit.rlim_max;
if (setrlimit(RLIMIT_NOFILE, &limit) != -1)
getrlimit(RLIMIT_NOFILE, &limit);
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] Cannot raise FD limit to %d, limit is %d.\n", argv[0], global.rlimit_nofile, (int)limit.rlim_cur);
BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual limits global.rlimit_nofile contains the mxa number of file descriptors that can be allocated, except if the user is not allowed to reach this limit, where it still contains the initially requested value. It is important that this value always matches what is really configured so that it is properly reported in the stats and that we can use it later to close all FDs without wasting time closing impossible FDs. This fix may be backported to 1.6 and 1.5.
2016-06-21 05:48:18 -04:00
global.rlimit_nofile = limit.rlim_cur;
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
}
}
if (global.rlimit_memmax) {
limit.rlim_cur = limit.rlim_max =
BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced When memmax is forced using "-m", the per-process memory limit is enforced using setrlimit(), but this value is not used to compute the automatic maxconn limit. In addition, the per-process memory limit didn't consider the fact that the shared SSL cache only needs to be accounted once. The doc was also fixed to clearly state that "-m" is global and not per process. It makes sense because people who use -m want to protect the system's resources regardless of whatever appears in the configuration.
2015-12-14 06:46:07 -05:00
global.rlimit_memmax * 1048576ULL;
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
#ifdef RLIMIT_AS
if (setrlimit(RLIMIT_AS, &limit) == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] Cannot fix MEM limit to %d megs.\n",
argv[0], global.rlimit_memmax);
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
}
#else
if (setrlimit(RLIMIT_DATA, &limit) == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] Cannot fix MEM limit to %d megs.\n",
argv[0], global.rlimit_memmax);
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
}
#endif
}
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
if (old_unixsocket) {
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
if (strcmp("/dev/null", old_unixsocket) != 0) {
if (get_old_sockets(old_unixsocket) != 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Failed to get the sockets from the old process!\n");
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
if (!(global.mode & MODE_MWORKER))
exit(1);
}
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
}
}
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
get_cur_unixsocket();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* We will loop at most 100 times with 10 ms delay each time.
* That's at most 1 second. We only send a signal to old pids
* if we cannot grab at least one port.
*/
retry = MAX_START_RETRIES;
err = ERR_NONE;
while (retry >= 0) {
struct timeval w;
err = start_proxies(retry == 0 || nb_oldpids == 0);
[BUG] hot reconfiguration failed because of a wrong error check The error check in return of start_proxies checked for exact ERR_RETRYABLE but did not consider the return as a bit field. The function returned both ERR_RETRYABLE and ERR_ALERT, hence the problem.
2007-12-20 17:05:50 -05:00
/* exit the loop on no error or fatal error */
if ((err & (ERR_RETRYABLE|ERR_FATAL)) != ERR_RETRYABLE)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
break;
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
if (nb_oldpids == 0 || retry == 0)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
break;
/* FIXME-20060514: Solaris and OpenBSD do not support shutdown() on
* listening sockets. So on those platforms, it would be wiser to
* simply send SIGUSR1, which will not be undoable.
*/
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
if (tell_old_pids(SIGTTOU) == 0) {
/* no need to wait if we can't contact old pids */
retry = 0;
continue;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* give some time to old processes to stop listening */
w.tv_sec = 0;
w.tv_usec = 10*1000;
select(0, NULL, NULL, NULL, &w);
retry--;
}
/* Note: start_proxies() sends an alert when it fails. */
[BUG] we must not exit if protocol binding only returns a warning Right now, protocol binding cannot return a warning, but when this will happen, we must not exit but just print the warning.
2009-02-04 11:05:23 -05:00
if ((err & ~ERR_WARN) != ERR_NONE) {
[BUG] ensure that we correctly re-start old process in case of error When a new process fails to grab some ports, it sends a signal to the old process in order to release them. Then it tries to bind again. If it still fails (eg: one of the ports is bound to a completely different process), it must send the continue signal to the old process so that this one re-binds to the ports. This is correctly done, but the newly bound ports are not released first, which sometimes causes the old process to remain running with no port bound. The fix simply consists in unbinding all ports before sending the signal to the old process.
2009-06-09 08:36:00 -04:00
if (retry != MAX_START_RETRIES && nb_oldpids) {
protocol_unbind_all(); /* cleanup everything we can */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
tell_old_pids(SIGTTIN);
[BUG] ensure that we correctly re-start old process in case of error When a new process fails to grab some ports, it sends a signal to the old process in order to release them. Then it tries to bind again. If it still fails (eg: one of the ports is bound to a completely different process), it must send the continue signal to the old process so that this one re-binds to the ports. This is correctly done, but the newly bound ports are not released first, which sometimes causes the old process to remain running with no port bound. The fix simply consists in unbinding all ports before sending the signal to the old process.
2009-06-09 08:36:00 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
exit(1);
}
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (!(global.mode & MODE_MWORKER_WAIT) && listeners == 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] No enabled listener found (check for 'bind' directives) ! Exiting.\n", argv[0]);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* Note: we don't have to send anything to the old pids because we
* never stopped them. */
exit(1);
}
[MEDIUM] Enhance message errors management on binds
2010-10-22 10:06:11 -04:00
err = protocol_bind_all(errmsg, sizeof(errmsg));
if ((err & ~ERR_WARN) != ERR_NONE) {
if ((err & ERR_ALERT) || (err & ERR_WARN))
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] %s.\n", argv[0], errmsg);
[MEDIUM] Enhance message errors management on binds
2010-10-22 10:06:11 -04:00
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Some protocols failed to start their listeners! Exiting.\n", argv[0]);
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
protocol_unbind_all(); /* cleanup everything we can */
if (nb_oldpids)
tell_old_pids(SIGTTIN);
exit(1);
[MEDIUM] Enhance message errors management on binds
2010-10-22 10:06:11 -04:00
} else if (err & ERR_WARN) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] %s.\n", argv[0], errmsg);
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
}
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
/* Ok, all listener should now be bound, close any leftover sockets
* the previous process gave us, we don't need them anymore
*/
while (xfer_sock_list != NULL) {
struct xfer_sock_list *tmpxfer = xfer_sock_list->next;
close(xfer_sock_list->fd);
free(xfer_sock_list->iface);
free(xfer_sock_list->namespace);
free(xfer_sock_list);
xfer_sock_list = tmpxfer;
}
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* prepare pause/play signals */
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
signal_register_fct(SIGTTOU, sig_pause, SIGTTOU);
signal_register_fct(SIGTTIN, sig_listen, SIGTTIN);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* MODE_QUIET can inhibit alerts and warnings below this line */
BUG/MEDIUM: mworker: don't close stdio several time This patch makes sure that a frontend socket that gets created after initialization won't be closed when the master gets re-executed. When used in daemon mode, the master-worker is closing the FDs 0, 1, 2 after the fork of the children. When the master was reloading, those FDs were assigned again during the parsing of the configuration (probably for some listeners), and the workers were closing them thinking it was the stdio. This patch must be backported to 1.8.
2017-12-25 15:03:31 -05:00
if (getenv("HAPROXY_MWORKER_REEXEC") != NULL) {
/* either stdin/out/err are already closed or should stay as they are. */
if ((global.mode & MODE_DAEMON)) {
/* daemon mode re-executing, stdin/stdout/stderr are already closed so keep quiet */
global.mode &= ~MODE_VERBOSE;
global.mode |= MODE_QUIET; /* ensure that we won't say anything from now */
}
} else {
if ((global.mode & MODE_QUIET) && !(global.mode & MODE_VERBOSE)) {
/* detach from the tty */
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
stdio_quiet(-1);
BUG/MEDIUM: mworker: don't close stdio several time This patch makes sure that a frontend socket that gets created after initialization won't be closed when the master gets re-executed. When used in daemon mode, the master-worker is closing the FDs 0, 1, 2 after the fork of the children. When the master was reloading, those FDs were assigned again during the parsing of the configuration (probably for some listeners), and the workers were closing them thinking it was the stdio. This patch must be backported to 1.8.
2017-12-25 15:03:31 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/* open log & pid files before the chroot */
MINOR: mworker: allow pidfile in mworker + foreground This patch allows the use of the pidfile in master-worker mode without using the background option.
2017-11-06 05:00:03 -05:00
if ((global.mode & MODE_DAEMON || global.mode & MODE_MWORKER) && global.pidfile != NULL) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
unlink(global.pidfile);
pidfd = open(global.pidfile, O_CREAT | O_WRONLY | O_TRUNC, 0644);
if (pidfd < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot create pidfile %s\n", argv[0], global.pidfile);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (nb_oldpids)
tell_old_pids(SIGTTIN);
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
protocol_unbind_all();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
exit(1);
}
}
[MEDIUM] check for cttproxy support when required Previously, use of the "usesrc" keyword could silently fail if either the module was not loaded, or the user did not have enough permissions. Now the errors are better diagnosed and more appropriate advices are given.
2007-03-24 12:24:39 -04:00
if ((global.last_checks & LSTCHK_NETADM) && global.uid) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Some configuration options require full privileges, so global.uid cannot be changed.\n"
"", argv[0]);
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
protocol_unbind_all();
[MEDIUM] check for cttproxy support when required Previously, use of the "usesrc" keyword could silently fail if either the module was not loaded, or the user did not have enough permissions. Now the errors are better diagnosed and more appropriate advices are given.
2007-03-24 12:24:39 -04:00
exit(1);
}
[BUG] inform the user when root is expected but not set When a plain user runs haproxy as non-root but some options require root, let's inform him.
2009-02-04 12:02:48 -05:00
/* If the user is not root, we'll still let him try the configuration
* but we inform him that unexpected behaviour may occur.
*/
if ((global.last_checks & LSTCHK_NETADM) && getuid())
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] Some options which require full privileges"
" might not work well.\n"
"", argv[0]);
[BUG] inform the user when root is expected but not set When a plain user runs haproxy as non-root but some options require root, let's inform him.
2009-02-04 12:02:48 -05:00
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if ((global.mode & (MODE_MWORKER|MODE_DAEMON)) == 0) {
/* chroot if needed */
if (global.chroot != NULL) {
if (chroot(global.chroot) == -1 || chdir("/") == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot chroot(%s).\n", argv[0], global.chroot);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (nb_oldpids)
tell_old_pids(SIGTTIN);
protocol_unbind_all();
exit(1);
}
[MEDIUM] fixed call to chroot() during startup It wasn't very wise to chroot() early during the startup. Also, the exit() was missing if the chroot() failed.
2007-10-15 12:57:08 -04:00
}
}
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (nb_oldpids && !(global.mode & MODE_MWORKER_WAIT))
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
nb_oldpids = tell_old_pids(oldpids_sig);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
BUG/MEDIUM: mworker: don't reuse PIDs passed to the master When starting the master worker with -sf or -st, the PIDs will be reused on the next reload, which is a problem if new processes on the system took those PIDs. This patch ensures that we don't register old PIDs in the reload system when launching the master worker.
2017-06-20 05:20:33 -04:00
if ((getenv("HAPROXY_MWORKER_REEXEC") == NULL)) {
nb_oldpids = 0;
free(oldpids);
oldpids = NULL;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* Note that any error at this stage will be fatal because we will not
* be able to restart the old pids.
*/
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if ((global.mode & (MODE_MWORKER|MODE_DAEMON)) == 0) {
/* setgid / setuid */
if (global.gid) {
if (getgroups(0, NULL) > 0 && setgroups(0, NULL) == -1)
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] Failed to drop supplementary groups. Using 'gid'/'group'"
" without 'uid'/'user' is generally useless.\n", argv[0]);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (setgid(global.gid) == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot set gid %d.\n", argv[0], global.gid);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
protocol_unbind_all();
exit(1);
}
}
BUG/MEDIUM: remove supplementary groups when changing gid Without it, haproxy will retain the group membership of root, which may give more access than intended to the process. For example, haproxy would still be in the wheel group on Fedora 18, as seen with : # haproxy -f /etc/haproxy/haproxy.cfg # ps a -o pid,user,group,command | grep hapr 3545 haproxy haproxy haproxy -f /etc/haproxy/haproxy.cfg 4356 root root grep --color=auto hapr # grep Group /proc/3545/status Groups: 0 1 2 3 4 6 10 # getent group wheel wheel:x:10:root,misc [WT: The issue has been investigated by independent security research team and realized by itself not being able to allow security exploitation. Additionally, dropping groups is not allowed to unprivileged users, though this mode of deployment is quite common. Thus a warning is emitted in this case to inform the user. The fix could be backported into all supported versions as the issue has always been there. ]
2013-01-12 12:35:19 -05:00
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (global.uid && setuid(global.uid) == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot set uid %d.\n", argv[0], global.uid);
BUG/MEDIUM: remove supplementary groups when changing gid Without it, haproxy will retain the group membership of root, which may give more access than intended to the process. For example, haproxy would still be in the wheel group on Fedora 18, as seen with : # haproxy -f /etc/haproxy/haproxy.cfg # ps a -o pid,user,group,command | grep hapr 3545 haproxy haproxy haproxy -f /etc/haproxy/haproxy.cfg 4356 root root grep --color=auto hapr # grep Group /proc/3545/status Groups: 0 1 2 3 4 6 10 # getent group wheel wheel:x:10:root,misc [WT: The issue has been investigated by independent security research team and realized by itself not being able to allow security exploitation. Additionally, dropping groups is not allowed to unprivileged users, though this mode of deployment is quite common. Thus a warning is emitted in this case to inform the user. The fix could be backported into all supported versions as the issue has always been there. ]
2013-01-12 12:35:19 -05:00
protocol_unbind_all();
exit(1);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/* check ulimits */
limit.rlim_cur = limit.rlim_max = 0;
getrlimit(RLIMIT_NOFILE, &limit);
if (limit.rlim_cur < global.maxsock) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] FD limit (%d) too low for maxconn=%d/maxsock=%d. Please raise 'ulimit-n' to %d or more to avoid any trouble.\n",
argv[0], (int)limit.rlim_cur, global.maxconn, global.maxsock, global.maxsock);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (global.mode & (MODE_DAEMON | MODE_MWORKER | MODE_MWORKER_WAIT)) {
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
struct proxy *px;
MEDIUM: init: stop any peers section not bound to the correct process This will prevent the peers section from remaining in listen state on the incorrect process. The peers_fe pointer is set to NULL, which will tell the peers task to commit suicide if it was already scheduled.
2015-05-01 13:13:41 -04:00
struct peers *curpeers;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
int ret = 0;
int proc;
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
int devnullfd = -1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
/*
* if daemon + mworker: must fork here to let a master
* process live in background before forking children
*/
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
if ((getenv("HAPROXY_MWORKER_REEXEC") == NULL)
&& (global.mode & MODE_MWORKER)
&& (global.mode & MODE_DAEMON)) {
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
ret = fork();
if (ret < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot fork.\n", argv[0]);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
protocol_unbind_all();
exit(1); /* there has been an error */
MINOR: startup: change session/process group settings Change the way the process groups are set. Indeed setsid() was called for every processes which caused the worker to have a different process group than the master. This patch behave in a better way: - In daemon mode only, each child do a setsid() - In master worker + daemon mode, the setsid() is done in the master before forking the children - In any foreground mode, we don't do a setsid() Could be backported in 1.8 but the master-worker mode is mostly used with systemd which rely on cgroups so that won't affect much people.
2018-07-04 09:31:23 -04:00
} else if (ret > 0) { /* parent leave to daemonize */
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
exit(0);
MINOR: startup: change session/process group settings Change the way the process groups are set. Indeed setsid() was called for every processes which caused the worker to have a different process group than the master. This patch behave in a better way: - In daemon mode only, each child do a setsid() - In master worker + daemon mode, the setsid() is done in the master before forking the children - In any foreground mode, we don't do a setsid() Could be backported in 1.8 but the master-worker mode is mostly used with systemd which rely on cgroups so that won't affect much people.
2018-07-04 09:31:23 -04:00
} else /* change the process group ID in the child (master process) */
setsid();
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
}
MEDIUM: mworker: workers exit when the master leaves This patch ensure that the children will exit when the master quits, even if the master didn't send any signal. The master and the workers are connected through a pipe, when the pipe closes the children leave.
2017-06-01 11:38:55 -04:00
MINOR: mworker: write parent pid in the pidfile The first pid in the pidfile is now the parent, it's more convenient for supervising the processus. You can now reload haproxy in master-worker mode with convenient command like: kill -USR2 $(head -1 /tmp/haproxy.pid)
2017-11-06 05:00:04 -05:00
/* if in master-worker mode, write the PID of the father */
if (global.mode & MODE_MWORKER) {
char pidstr[100];
snprintf(pidstr, sizeof(pidstr), "%d\n", getpid());
BUG/MINOR: mworker: only write to pidfile if it exists A missing test causes a write(-1, $PID) to appear in strace output when in master-worker mode. This is totally harmless though. This fix must be backported to 1.8.
2018-01-23 13:20:19 -05:00
if (pidfd >= 0)
shut_your_big_mouth_gcc(write(pidfd, pidstr, strlen(pidstr)));
MINOR: mworker: write parent pid in the pidfile The first pid in the pidfile is now the parent, it's more convenient for supervising the processus. You can now reload haproxy in master-worker mode with convenient command like: kill -USR2 $(head -1 /tmp/haproxy.pid)
2017-11-06 05:00:04 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* the father launches the required number of processes */
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (!(global.mode & MODE_MWORKER_WAIT)) {
children = calloc(global.nbproc, sizeof(int));
for (proc = 0; proc < global.nbproc; proc++) {
ret = fork();
if (ret < 0) {
ha_alert("[%s.main()] Cannot fork.\n", argv[0]);
protocol_unbind_all();
exit(1); /* there has been an error */
}
else if (ret == 0) /* child breaks here */
break;
children[proc] = ret;
if (pidfd >= 0 && !(global.mode & MODE_MWORKER)) {
char pidstr[100];
snprintf(pidstr, sizeof(pidstr), "%d\n", ret);
shut_your_big_mouth_gcc(write(pidfd, pidstr, strlen(pidstr)));
}
if (global.mode & MODE_MWORKER) {
struct mworker_proc *child;
MINOR: mworker: use ha_notice to announce a new worker Displays the PID and the relative PID when we fork a new worker with ha_notice().
2018-11-21 12:04:53 -05:00
ha_notice("New worker #%d (%d) forked\n", relative_pid, ret);
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
/* find the right mworker_proc */
list_for_each_entry(child, &proc_list, list) {
if (child->relative_pid == relative_pid &&
child->reloads == 0) {
child->timestamp = now.tv_sec;
child->pid = ret;
break;
}
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
}
}
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
relative_pid++; /* each child will get a different one */
pid_bit <<= 1;
}
} else {
/* wait mode */
global.nbproc = 1;
proc = 1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
#ifdef USE_CPU_AFFINITY
if (proc < global.nbproc && /* child */
MINOR: config: make MAX_PROCS configurable at build time For some embedded systems, it's pointless to have 32- or even 64- large arrays of processes when it's known that much fewer processes will be used in the worst case. Let's introduce this MAX_PROCS define which contains the highest number of processes allowed to run at once. It still defaults to LONGBITS but may be lowered.
2019-02-07 04:39:36 -05:00
proc < MAX_PROCS && /* only the first 32/64 processes may be pinned */
MINOR: config: Add the threads support in cpu-map directive Now, it is possible to bind CPU at the thread level instead of the process level by defining a thread set in "cpu-map" directives. Thus, its format is now: cpu-map [auto:]<process-set>[/<thread-set>] <cpu-set>... where <process-set> and <thread-set> must follow the format: all | odd | even | number[-[number]] Having a process range and a thread range in same time with the "auto:" prefix is not supported. Only one range is supported, the other one must be a fixed number. But it is allowed when there is no "auto:" prefix. Because it is possible to define a mapping for a process and another for a thread on this process, threads will be bound on the intersection of their mapping and the one of the process on which they are attached. If the intersection is null, no specific binding will be set for the threads.
2017-11-22 10:50:41 -05:00
global.cpu_map.proc[proc]) /* only do this if the process has a CPU map */
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#ifdef __FreeBSD__
MINOR: init: Fix CPU affinity setting on FreeBSD. Use a cpuset_t instead of assuming the cpu mask is an unsigned long. This should fix setting the CPU affinity on FreeBSD >= 11. This patch should be backported to stable releases.
2017-08-16 11:29:11 -04:00
{
cpuset_t cpuset;
int i;
MINOR: config: Add the threads support in cpu-map directive Now, it is possible to bind CPU at the thread level instead of the process level by defining a thread set in "cpu-map" directives. Thus, its format is now: cpu-map [auto:]<process-set>[/<thread-set>] <cpu-set>... where <process-set> and <thread-set> must follow the format: all | odd | even | number[-[number]] Having a process range and a thread range in same time with the "auto:" prefix is not supported. Only one range is supported, the other one must be a fixed number. But it is allowed when there is no "auto:" prefix. Because it is possible to define a mapping for a process and another for a thread on this process, threads will be bound on the intersection of their mapping and the one of the process on which they are attached. If the intersection is null, no specific binding will be set for the threads.
2017-11-22 10:50:41 -05:00
unsigned long cpu_map = global.cpu_map.proc[proc];
MINOR: init: Fix CPU affinity setting on FreeBSD. Use a cpuset_t instead of assuming the cpu mask is an unsigned long. This should fix setting the CPU affinity on FreeBSD >= 11. This patch should be backported to stable releases.
2017-08-16 11:29:11 -04:00
CPU_ZERO(&cpuset);
while ((i = ffsl(cpu_map)) > 0) {
CPU_SET(i - 1, &cpuset);
BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc Krishna Kumar reported a 100% cpu usage with a configuration using cpu-map and a high number of threads, Indeed, this minimal configuration to reproduce the issue : global nbthread 40 cpu-map auto:1/1-40 0-39 frontend test bind :8000 This is due to a wrong type in a shift operator (int vs unsigned long int), causing an endless loop while applying the cpu affinity on threads. The same issue may also occur with nbproc under FreeBSD. This commit addresses both cases. This patch must be backported to 1.8.
2018-03-12 16:47:39 -04:00
cpu_map &= ~(1UL << (i - 1));
MINOR: init: Fix CPU affinity setting on FreeBSD. Use a cpuset_t instead of assuming the cpu mask is an unsigned long. This should fix setting the CPU affinity on FreeBSD >= 11. This patch should be backported to stable releases.
2017-08-16 11:29:11 -04:00
}
ret = cpuset_setaffinity(CPU_LEVEL_WHICH, CPU_WHICH_PID, -1, sizeof(cpuset), &cpuset);
}
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#else
MINOR: config: Add the threads support in cpu-map directive Now, it is possible to bind CPU at the thread level instead of the process level by defining a thread set in "cpu-map" directives. Thus, its format is now: cpu-map [auto:]<process-set>[/<thread-set>] <cpu-set>... where <process-set> and <thread-set> must follow the format: all | odd | even | number[-[number]] Having a process range and a thread range in same time with the "auto:" prefix is not supported. Only one range is supported, the other one must be a fixed number. But it is allowed when there is no "auto:" prefix. Because it is possible to define a mapping for a process and another for a thread on this process, threads will be bound on the intersection of their mapping and the one of the process on which they are attached. If the intersection is null, no specific binding will be set for the threads.
2017-11-22 10:50:41 -05:00
sched_setaffinity(0, sizeof(unsigned long), (void *)&global.cpu_map.proc[proc]);
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#endif
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* close the pidfile both in children and father */
BUG/MEDIUM: workaround an eglibc bug which truncates the pidfiles when nbproc > 1 Thomas Heil reported that when using nbproc > 1, his pidfiles were regularly truncated. The issue could be tracked down to the presence of a call to lseek(pidfile, 0, SEEK_SET) just before the close() call in the children, resulting in the file being truncated by the children while the parent was feeding it. This unexpected lseek() is transparently performed by fclose(). Since there is no way to have the file automatically closed during the fork, the only solution is to bypass the libc and use open/write/close instead of fprintf() and fclose(). The issue was observed on eglibc 2.15.
2012-09-05 02:02:48 -04:00
if (pidfd >= 0) {
//lseek(pidfd, 0, SEEK_SET); /* debug: emulate eglibc bug */
close(pidfd);
}
[MINOR] startup: release unused structs after forking Don't keep the old pid list or chroot place after startup, they won't be used anymore.
2010-08-25 06:49:05 -04:00
/* We won't ever use this anymore */
free(global.pidfile); global.pidfile = NULL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: init: don't stop proxies in parent process when exiting That's pointless, and that's confusing when debugging.
2015-05-01 11:01:08 -04:00
if (proc == global.nbproc) {
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (global.mode & (MODE_MWORKER|MODE_MWORKER_WAIT)) {
BUG/MINOR: mworker: detach from tty when in daemon mode This allows a calling script to show the first startup output and know when to stop reading from stdout so haproxy can daemonize. To be backpored to 1.8.
2017-11-28 17:26:08 -05:00
if ((!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
(global.mode & MODE_DAEMON)) {
/* detach from the tty, this is required to properly daemonize. */
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
if ((getenv("HAPROXY_MWORKER_REEXEC") == NULL))
stdio_quiet(-1);
BUG/MINOR: mworker: detach from tty when in daemon mode This allows a calling script to show the first startup output and know when to stop reading from stdout so haproxy can daemonize. To be backpored to 1.8.
2017-11-28 17:26:08 -05:00
global.mode &= ~MODE_VERBOSE;
global.mode |= MODE_QUIET; /* ensure that we won't say anything from now */
}
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
mworker_loop();
BUG/MEDIUM: misplaced exit and wrong exit code Commit cb11fd2 ("MEDIUM: mworker: wait mode on reload failure") introduced a regression, when HAProxy is used in daemon mode, it exits 1 after forking its children. HAProxy should exit(0), the exit(EXIT_FAILURE) was expected to be use when the master fail in master-worker mode. Thanks to Emmanuel Hocdet for reporting this bug. No backport needed.
2017-06-07 09:04:47 -04:00
/* should never get there */
exit(EXIT_FAILURE);
MEDIUM: init: don't stop proxies in parent process when exiting That's pointless, and that's confusing when debugging.
2015-05-01 11:01:08 -04:00
}
BUG/MEDIUM: build without openssl broken The commit 872f9c213 ("MEDIUM: ssl: add basic support for OpenSSL crypto engine") broke the build without openssl support. The ssl_free_dh() function is not defined when USE_OPENSSL is not defined and leads to a compilation failure.
2017-06-08 13:05:48 -04:00
#if defined(USE_OPENSSL) && !defined(OPENSSL_NO_DH)
MEDIUM: ssl: add basic support for OpenSSL crypto engine This patch adds the global 'ssl-engine' keyword. First arg is an engine identifier followed by a list of default_algorithms the engine will operate. If the openssl version is too old, an error is reported when the option is used.
2017-01-20 20:10:18 -05:00
ssl_free_dh();
#endif
BUG/MEDIUM: misplaced exit and wrong exit code Commit cb11fd2 ("MEDIUM: mworker: wait mode on reload failure") introduced a regression, when HAProxy is used in daemon mode, it exits 1 after forking its children. HAProxy should exit(0), the exit(EXIT_FAILURE) was expected to be use when the master fail in master-worker mode. Thanks to Emmanuel Hocdet for reporting this bug. No backport needed.
2017-06-07 09:04:47 -04:00
exit(0); /* parent must leave */
MEDIUM: init: don't stop proxies in parent process when exiting That's pointless, and that's confusing when debugging.
2015-05-01 11:01:08 -04:00
}
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
/* child must never use the atexit function */
atexit_flag = 0;
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
/* close useless master sockets */
if (global.mode & MODE_MWORKER) {
struct mworker_proc *child, *it;
master = 0;
MEDIUM: mworker: stop the master proxy in the workers The master proxy which handles the CLI should not be used or shown in the stats of the workers. This proxy is now disabled after the fork.
2018-10-26 08:47:45 -04:00
mworker_cli_proxy_stop();
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
/* free proc struct of other processes */
list_for_each_entry_safe(child, it, &proc_list, list) {
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
/* close the FD of the master side for all
* workers, we don't need to close the worker
* side of other workers since it's done with
* the bind_proc */
BUG/MINOR: mworker: Do not attempt to close(2) fd -1 Valgrind reports: ==3389== Warning: invalid file descriptor -1 in syscall close() Check for >= 0 before closing. This bug was introduced in commit ce83b4a5dd48c000dec68f9d551945d21e9ac7ac and is specific to 1.9. No backport needed.
2018-11-25 14:03:39 -05:00
if (child->ipc_fd[0] >= 0)
close(child->ipc_fd[0]);
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
if (child->relative_pid == relative_pid &&
child->reloads == 0) {
/* keep this struct if this is our pid */
proc_self = child;
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
continue;
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
}
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
LIST_DEL(&child->list);
free(child);
}
}
BUG/MEDIUM: threads/mworker: fix a race on startup Marc Fournier reported an interesting case when using threads with the master-worker mode : sometimes, a listener would have its FD closed during startup. Sometimes it could even be health checks seeing this. What happens is that after the threads are created, and the pollers enabled on each threads, the master-worker pipe is registered, and at the same time a close() is performed on the write side of this pipe since the children must not use it. But since this is replicated in every thread, what happens is that the first thread closes the pipe, thus releases the FD, and the next thread starting a listener in parallel gets this FD reassigned. Then another thread closes the FD again, which this time corresponds to the listener. It can also happen with the health check sockets if they're started early enough. This patch splits the mworker_pipe_register() function in two, so that the close() of the write side of the FD is performed very early after the fork() and long before threads are created (we don't need to delay it anyway). Only the pipe registration is done in the threaded code since it is important that the pollers are properly allocated for this. The mworker_pipe_register() function now takes care of registering the pipe only once, and this is guaranteed by a new surrounding lock. The call to protocol_enable_all() looks fragile in theory since it scans the list of proxies and their listeners, though in practice all threads scan the same list and take the same locks for each listener so it's not possible that any of them escapes the process and finishes before all listeners are started. And the operation is idempotent. This fix must be backported to 1.8. Thanks to Marc for providing very detailed traces clearly showing the problem.
2018-01-23 13:01:49 -05:00
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
if (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) {
devnullfd = open("/dev/null", O_RDWR, 0);
if (devnullfd < 0) {
ha_alert("Cannot open /dev/null\n");
exit(EXIT_FAILURE);
}
}
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
/* Must chroot and setgid/setuid in the children */
/* chroot if needed */
if (global.chroot != NULL) {
if (chroot(global.chroot) == -1 || chdir("/") == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot chroot1(%s).\n", argv[0], global.chroot);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (nb_oldpids)
tell_old_pids(SIGTTIN);
protocol_unbind_all();
exit(1);
}
}
free(global.chroot);
global.chroot = NULL;
/* setgid / setuid */
if (global.gid) {
if (getgroups(0, NULL) > 0 && setgroups(0, NULL) == -1)
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] Failed to drop supplementary groups. Using 'gid'/'group'"
" without 'uid'/'user' is generally useless.\n", argv[0]);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (setgid(global.gid) == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot set gid %d.\n", argv[0], global.gid);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
protocol_unbind_all();
exit(1);
}
}
if (global.uid && setuid(global.uid) == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot set uid %d.\n", argv[0], global.uid);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
protocol_unbind_all();
exit(1);
}
MEDIUM: proxy: zombify proxies only when the expose-fd socket is bound When HAProxy is running with multiple processes and some listeners arebound to processes, the unused sockets were not closed in the other processes. The aim was to be able to send those listening sockets using the -x option. However to ensure the previous behavior which was to close those sockets, we provided the "no-unused-socket" global option. This patch changes this behavior, it will close unused sockets which are not in the same process as an expose-fd socket, making the "no-unused-socket" option useless. The "no-unused-socket" option was removed in this patch.
2017-05-26 12:19:55 -04:00
/* pass through every cli socket, and check if it's bound to
* the current process and if it exposes listeners sockets.
* Caution: the GTUNE_SOCKET_TRANSFER is now set after the fork.
* */
if (global.stats_fe) {
struct bind_conf *bind_conf;
list_for_each_entry(bind_conf, &global.stats_fe->conf.bind, by_fe) {
if (bind_conf->level & ACCESS_FD_LISTENERS) {
if (!bind_conf->bind_proc || bind_conf->bind_proc & (1UL << proc)) {
global.tune.options |= GTUNE_SOCKET_TRANSFER;
break;
}
}
}
}
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
/* we might have to unbind some proxies from some processes */
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
px = proxies_list;
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
while (px != NULL) {
if (px->bind_proc && px->state != PR_STSTOPPED) {
MINOR: proxy: Don't close FDs if not our proxy. When running with multiple process, if some proxies are just assigned to some processes, the other processes will just close the file descriptors for the listening sockets. However, we may still have to provide those sockets when reloading, so instead we just try hard to pretend those proxies are dead, while keeping the sockets opened. A new global option, no-reused-socket", has been added, to restore the old behavior of closing the sockets not bound to this process.
2017-04-05 19:05:05 -04:00
if (!(px->bind_proc & (1UL << proc))) {
if (global.tune.options & GTUNE_SOCKET_TRANSFER)
zombify_proxy(px);
else
stop_proxy(px);
}
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
}
px = px->next;
}
MEDIUM: init: stop any peers section not bound to the correct process This will prevent the peers section from remaining in listen state on the incorrect process. The peers_fe pointer is set to NULL, which will tell the peers task to commit suicide if it was already scheduled.
2015-05-01 13:13:41 -04:00
/* we might have to unbind some peers sections from some processes */
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
for (curpeers = cfg_peers; curpeers; curpeers = curpeers->next) {
MEDIUM: init: stop any peers section not bound to the correct process This will prevent the peers section from remaining in listen state on the incorrect process. The peers_fe pointer is set to NULL, which will tell the peers task to commit suicide if it was already scheduled.
2015-05-01 13:13:41 -04:00
if (!curpeers->peers_fe)
continue;
if (curpeers->peers_fe->bind_proc & (1UL << proc))
continue;
stop_proxy(curpeers->peers_fe);
/* disable this peer section so that it kills itself */
MEDIUM: init: completely deallocate unused peers When peers are stopped due to not being running on the appropriate process, we want to completely release them and unregister their signals and task in order to ensure there's no way they may be called in the future. Note: ideally we should have a list of all tables attached to a peers section being disabled in order to unregister them and void their sync_task. It doesn't appear to be *that* easy for now.
2015-09-28 10:39:25 -04:00
signal_unregister_handler(curpeers->sighandler);
task_delete(curpeers->sync_task);
task_free(curpeers->sync_task);
curpeers->sync_task = NULL;
task_free(curpeers->peers_fe->task);
curpeers->peers_fe->task = NULL;
MEDIUM: init: stop any peers section not bound to the correct process This will prevent the peers section from remaining in listen state on the incorrect process. The peers_fe pointer is set to NULL, which will tell the peers task to commit suicide if it was already scheduled.
2015-05-01 13:13:41 -04:00
curpeers->peers_fe = NULL;
}
MINOR: mworker: only close std{in,out,err} in daemon mode This allows to output messages when we are not in daemon mode which is useful to use log stdout in master worker mode.
2018-11-13 10:18:23 -05:00
/*
* This is only done in daemon mode because we might want the
* logs on stdout in mworker mode. If we're NOT in QUIET mode,
* we should now close the 3 first FDs to ensure that we can
* detach from the TTY. We MUST NOT do it in other cases since
* it would have already be done, and 0-2 would have been
* affected to listening sockets
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
MINOR: mworker: only close std{in,out,err} in daemon mode This allows to output messages when we are not in daemon mode which is useful to use log stdout in master worker mode.
2018-11-13 10:18:23 -05:00
if ((global.mode & MODE_DAEMON) &&
(!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE))) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* detach from the tty */
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
stdio_quiet(devnullfd);
[BUG] critical errors should be reported even in daemon mode Josh Goebel reported that haproxy silently dies when it fails to chroot. In fact, it does so when in daemon mode, because daemon mode has been disabling output for ages. Since the code has been reworked, this could have been changed because there is no reason for this anymore, hence this patch. (cherry picked from commit 304d6fb00fe32fca1bd932a301d4afb7d54c92bc) (cherry picked from commit 50b7f7f12c67322c793f50a6be009f0fd0eec1bb)
2008-11-16 01:40:34 -05:00
global.mode &= ~MODE_VERBOSE;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.mode |= MODE_QUIET; /* ensure that we won't say anything from now */
}
pid = getpid(); /* update child's pid */
MINOR: startup: change session/process group settings Change the way the process groups are set. Indeed setsid() was called for every processes which caused the worker to have a different process group than the master. This patch behave in a better way: - In daemon mode only, each child do a setsid() - In master worker + daemon mode, the setsid() is done in the master before forking the children - In any foreground mode, we don't do a setsid() Could be backported in 1.8 but the master-worker mode is mostly used with systemd which rely on cgroups so that won't affect much people.
2018-07-04 09:31:23 -04:00
if (!(global.mode & MODE_MWORKER)) /* in mworker mode we don't want a new pgid for the children */
setsid();
[MAJOR] delay registering of listener sockets at startup Some pollers such as kqueue lose their FD across fork(), meaning that the registered file descriptors are lost too. Now when the proxies are started by start_proxies(), the file descriptors are not registered yet, leaving enough time for the fork() to take place and to get a new pollfd. It will be the first call to maintain_proxies that will register them.
2007-04-09 13:29:56 -04:00
fork_poller();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: startup: Extend the scope the MODE_STARTING flag Now, MODE_STARTING is set at the begining to init function and it is removed just before the polling loop. So more alerts or warnings are saved.
2017-10-24 07:53:54 -04:00
global.mode &= ~MODE_STARTING;
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
/*
* That's it : the central polling loop. Run until we stop.
*/
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
#ifdef USE_THREAD
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
{
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
unsigned int *tids = calloc(global.nbthread, sizeof(unsigned int));
pthread_t *threads = calloc(global.nbthread, sizeof(pthread_t));
int i;
BUG/MEDIUM: threads: handle signal queue only in thread 0 Signals were handled in all threads which caused some signals to be lost from time to time. To avoid complicated lock system (threads+signals), we prefer handling the signals in one thread avoiding concurrent access. The side effect of this bug was that some process were not leaving from time to time during a reload. This patch must be backported in 1.8.
2018-06-07 03:46:01 -04:00
sigset_t blocked_sig, old_sig;
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
/* Init tids array */
for (i = 0; i < global.nbthread; i++)
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
tids[i] = i;
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
BUG/MEDIUM: threads: handle signal queue only in thread 0 Signals were handled in all threads which caused some signals to be lost from time to time. To avoid complicated lock system (threads+signals), we prefer handling the signals in one thread avoiding concurrent access. The side effect of this bug was that some process were not leaving from time to time during a reload. This patch must be backported in 1.8.
2018-06-07 03:46:01 -04:00
/* ensure the signals will be blocked in every thread */
sigfillset(&blocked_sig);
sigdelset(&blocked_sig, SIGPROF);
sigdelset(&blocked_sig, SIGBUS);
sigdelset(&blocked_sig, SIGFPE);
sigdelset(&blocked_sig, SIGILL);
sigdelset(&blocked_sig, SIGSEGV);
pthread_sigmask(SIG_SETMASK, &blocked_sig, &old_sig);
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
/* Create nbthread-1 thread. The first thread is the current process */
threads[0] = pthread_self();
for (i = 1; i < global.nbthread; i++)
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
pthread_create(&threads[i], NULL, &run_thread_poll_loop, &tids[i]);
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
MINOR: threads: Add thread-map config parameter in the global section By default, no affinity is set for threads. To bind threads on CPU, you must define a "thread-map" in the global section. The format is the same than the "cpu-map" parameter, with a small difference. The process number must be defined, with the same format than cpu-map ("all", "even", "odd" or a number between 1 and 31/63). A thread will be bound on the intersection of its mapping and the one of the process on which it is attached. If the intersection is null, no specific bind will be set for the thread.
2017-10-16 09:49:32 -04:00
#ifdef USE_CPU_AFFINITY
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
/* Now the CPU affinity for all threads */
for (i = 0; i < global.nbthread; i++) {
MINOR: config: Add the threads support in cpu-map directive Now, it is possible to bind CPU at the thread level instead of the process level by defining a thread set in "cpu-map" directives. Thus, its format is now: cpu-map [auto:]<process-set>[/<thread-set>] <cpu-set>... where <process-set> and <thread-set> must follow the format: all | odd | even | number[-[number]] Having a process range and a thread range in same time with the "auto:" prefix is not supported. Only one range is supported, the other one must be a fixed number. But it is allowed when there is no "auto:" prefix. Because it is possible to define a mapping for a process and another for a thread on this process, threads will be bound on the intersection of their mapping and the one of the process on which they are attached. If the intersection is null, no specific binding will be set for the threads.
2017-11-22 10:50:41 -05:00
if (global.cpu_map.proc[relative_pid-1])
global.cpu_map.thread[relative_pid-1][i] &= global.cpu_map.proc[relative_pid-1];
MINOR: threads: Add thread-map config parameter in the global section By default, no affinity is set for threads. To bind threads on CPU, you must define a "thread-map" in the global section. The format is the same than the "cpu-map" parameter, with a small difference. The process number must be defined, with the same format than cpu-map ("all", "even", "odd" or a number between 1 and 31/63). A thread will be bound on the intersection of its mapping and the one of the process on which it is attached. If the intersection is null, no specific bind will be set for the thread.
2017-10-16 09:49:32 -04:00
MINOR: threads: add a MAX_THREADS define instead of LONGBITS This one allows not to inflate some structures when threads are disabled. Now struct global is 1.4 kB instead of 33 kB. Should be backported to 1.8 for ease of backporting of upcoming patches.
2018-01-20 12:19:22 -05:00
if (i < MAX_THREADS && /* only the first 32/64 threads may be pinned */
MINOR: threads: Fix pthread_setaffinity_np on FreeBSD. As with the call to cpuset_setaffinity(), FreeBSD expects the argument to pthread_setaffinity_np() to be a cpuset_t, not an unsigned long, so the call was silently failing. This should probably be backported to 1.8.
2017-12-01 12:19:43 -05:00
global.cpu_map.thread[relative_pid-1][i]) {/* only do this if the thread has a THREAD map */
#if defined(__FreeBSD__) || defined(__NetBSD__)
cpuset_t cpuset;
#else
cpu_set_t cpuset;
#endif
int j;
unsigned long cpu_map = global.cpu_map.thread[relative_pid-1][i];
CPU_ZERO(&cpuset);
while ((j = ffsl(cpu_map)) > 0) {
CPU_SET(j - 1, &cpuset);
BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc Krishna Kumar reported a 100% cpu usage with a configuration using cpu-map and a high number of threads, Indeed, this minimal configuration to reproduce the issue : global nbthread 40 cpu-map auto:1/1-40 0-39 frontend test bind :8000 This is due to a wrong type in a shift operator (int vs unsigned long int), causing an endless loop while applying the cpu affinity on threads. The same issue may also occur with nbproc under FreeBSD. This commit addresses both cases. This patch must be backported to 1.8.
2018-03-12 16:47:39 -04:00
cpu_map &= ~(1UL << (j - 1));
MINOR: threads: Fix pthread_setaffinity_np on FreeBSD. As with the call to cpuset_setaffinity(), FreeBSD expects the argument to pthread_setaffinity_np() to be a cpuset_t, not an unsigned long, so the call was silently failing. This should probably be backported to 1.8.
2017-12-01 12:19:43 -05:00
}
MINOR: threads: Add thread-map config parameter in the global section By default, no affinity is set for threads. To bind threads on CPU, you must define a "thread-map" in the global section. The format is the same than the "cpu-map" parameter, with a small difference. The process number must be defined, with the same format than cpu-map ("all", "even", "odd" or a number between 1 and 31/63). A thread will be bound on the intersection of its mapping and the one of the process on which it is attached. If the intersection is null, no specific bind will be set for the thread.
2017-10-16 09:49:32 -04:00
pthread_setaffinity_np(threads[i],
MINOR: threads: Fix pthread_setaffinity_np on FreeBSD. As with the call to cpuset_setaffinity(), FreeBSD expects the argument to pthread_setaffinity_np() to be a cpuset_t, not an unsigned long, so the call was silently failing. This should probably be backported to 1.8.
2017-12-01 12:19:43 -05:00
sizeof(cpuset), &cpuset);
}
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
}
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
#endif /* !USE_CPU_AFFINITY */
BUG/MEDIUM: threads: handle signal queue only in thread 0 Signals were handled in all threads which caused some signals to be lost from time to time. To avoid complicated lock system (threads+signals), we prefer handling the signals in one thread avoiding concurrent access. The side effect of this bug was that some process were not leaving from time to time during a reload. This patch must be backported in 1.8.
2018-06-07 03:46:01 -04:00
/* when multithreading we need to let only the thread 0 handle the signals */
MEDIUM: startup: unify signal init between daemon and mworker mode The signals are now unblocked only once the configuration have been parsed.
2018-09-11 04:06:23 -04:00
haproxy_unblock_signals();
BUG/MEDIUM: threads: handle signal queue only in thread 0 Signals were handled in all threads which caused some signals to be lost from time to time. To avoid complicated lock system (threads+signals), we prefer handling the signals in one thread avoiding concurrent access. The side effect of this bug was that some process were not leaving from time to time during a reload. This patch must be backported in 1.8.
2018-06-07 03:46:01 -04:00
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
/* Finally, start the poll loop for the first thread */
run_thread_poll_loop(&tids[0]);
/* Wait the end of other threads */
for (i = 1; i < global.nbthread; i++)
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
pthread_join(threads[i], NULL);
free(tids);
free(threads);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: threads/signal: Add a lock to make signals thread-safe A global lock has been added to protect the signal processing. So when a signal it triggered, only one thread will catch it.
2017-05-30 09:34:30 -04:00
#if defined(DEBUG_THREAD) || defined(DEBUG_FULL)
show_lock_stats();
#endif
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
}
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
#else /* ! USE_THREAD */
MEDIUM: startup: unify signal init between daemon and mworker mode The signals are now unblocked only once the configuration have been parsed.
2018-09-11 04:06:23 -04:00
haproxy_unblock_signals();
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
run_thread_poll_loop((int []){0});
MINOR: threads: Add thread-map config parameter in the global section By default, no affinity is set for threads. To bind threads on CPU, you must define a "thread-map" in the global section. The format is the same than the "cpu-map" parameter, with a small difference. The process number must be defined, with the same format than cpu-map ("all", "even", "odd" or a number between 1 and 31/63). A thread will be bound on the intersection of its mapping and the one of the process on which it is attached. If the intersection is null, no specific bind will be set for the thread.
2017-10-16 09:49:32 -04:00
#endif
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
/* Do some cleanup */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
deinit();
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
exit(0);
}
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/
Reference in a new issue Copy permalink