upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-12 20:36:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
haproxy/include/types/global.h

346 lines
14 KiB
C
Raw Normal View History

[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
[MEDIUM] http: revert to use a swap buffer for realignment The bounce realign function was algorithmically good but as expected it was not cache-friendly. Using it with large requests caused so many cache thrashing that the function itself could drain 70% of the total CPU time for only 0.5% of the calls ! Revert back to a standard memcpy() using a specially allocated swap buffer. We're now back to 2M req/s on pipelined requests.
2010-02-26 05:12:27 -05:00
* include/types/global.h
* Global variables.
*
MAJOR: polling: replace epoll with sepoll and remove sepoll Now that all pollers make use of speculative I/O, there is no point having two epoll implementations, so replace epoll with the sepoll code and remove sepoll which has just become the standard epoll method.
2012-11-11 11:42:00 -05:00
* Copyright (C) 2000-2012 Willy Tarreau - w@1wt.eu
[MEDIUM] http: revert to use a swap buffer for realignment The bounce realign function was algorithmically good but as expected it was not cache-friendly. Using it with large requests caused so many cache thrashing that the function itself could drain 70% of the total CPU time for only 0.5% of the calls ! Revert back to a standard memcpy() using a specially allocated swap buffer. We're now back to 2M req/s on pipelined requests.
2010-02-26 05:12:27 -05:00
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation, version 2.1
* exclusively.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#ifndef _TYPES_GLOBAL_H
#define _TYPES_GLOBAL_H
#include <netinet/in.h>
[CLEANUP] included common/version.h everywhere
2006-06-29 12:54:54 -04:00
#include <common/config.h>
MINOR: initcall: apply initcall to all register_build_opts() calls Most register_build_opts() calls use static strings. These ones were replaced with a trivial REGISTER_BUILD_OPTS() statement adding the string and its call to the STG_REGISTER section. A dedicated section could be made for this if needed, but there are very few such calls for this to be worth it. The calls made with computed strings however, like those which retrieve OpenSSL's version or zlib's version, were moved to a dedicated function to guarantee they are called late in the process. For example, the SSL call probably requires that SSL_library_init() has been called first.
2018-11-26 04:19:54 -05:00
#include <common/initcall.h>
MEDIUM: threads/chunks: Transform trash chunks in thread-local variables So, per-thread init/deinit functions are registered to allocate/release them.
2017-04-21 10:47:03 -04:00
#include <common/hathreads.h>
MINOR: initcall: apply initcall to all register_build_opts() calls Most register_build_opts() calls use static strings. These ones were replaced with a trivial REGISTER_BUILD_OPTS() statement adding the string and its call to the STG_REGISTER section. A dedicated section could be made for this if needed, but there are very few such calls for this to be worth it. The calls made with computed strings however, like those which retrieve OpenSSL's version or zlib's version, were moved to a dedicated function to guarantee they are called late in the process. For example, the SSL call probably requires that SSL_library_init() has been called first.
2018-11-26 04:19:54 -05:00
#include <common/standard.h>
MEDIUM: threads/chunks: Transform trash chunks in thread-local variables So, per-thread init/deinit functions are registered to allocate/release them.
2017-04-21 10:47:03 -04:00
REORG: split "protocols" files into protocol and listener It was becoming confusing to have protocols and listeners in the same files, split them.
2012-09-12 16:58:11 -04:00
#include <types/listener.h>
[MEDIUM] make the global stats socket part of a frontend Creating a frontend for the global stats socket will help merge unix sockets management with the other socket management. Since frontends are huge structs, we only allocate it if required.
2009-08-16 11:41:45 -04:00
#include <types/proxy.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <types/task.h>
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
#include <types/vars.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: ssl: add 'crt-base' and 'ca-base' global statements. 'crt-base' sets root directory used for relative certificates paths. 'ca-base' sets root directory used for relative CAs and CRLs paths.
2012-10-02 12:42:10 -04:00
#ifndef UNIX_MAX_PATH
#define UNIX_MAX_PATH 108
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* modes of operation (global.mode) */
[MEDIUM] introduce the "stats" keyword in global section Removed old unused MODE_LOG and MODE_STATS, and replaced the "stats" keyword in the global section. The new "stats" keyword in the global section is used to create a UNIX socket on which the statistics will be accessed. The client must issue a "show stat\n" command in order to get a CSV-formated output similar to the output on the HTTP socket in CSV mode.
2007-10-18 07:53:22 -04:00
#define MODE_DEBUG 0x01
#define MODE_DAEMON 0x02
#define MODE_QUIET 0x04
#define MODE_CHECK 0x08
#define MODE_VERBOSE 0x10
#define MODE_STARTING 0x20
#define MODE_FOREGROUND 0x40
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
#define MODE_MWORKER 0x80 /* Master Worker */
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
#define MODE_MWORKER_WAIT 0x100 /* Master Worker wait mode */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MAJOR] support for source binding via cttproxy Using the cttproxy kernel patch, it's possible to bind to any source address. It is highly recommended to use the 03-natdel patch with the other ones. A new keyword appears as a complement to the "source" keyword : "usesrc". The source address is mandatory and must be valid on the interface which will see the packets. The "usesrc" option supports "client" (for full client_ip:client_port spoofing), "client_ip" (for client_ip spoofing) and any 'IP[:port]' combination to pretend to be another machine. Right now, the source binding is missing from server health-checks if set to another address. It must be implemented (think restricted firewalls). The doc is still missing too.
2006-11-12 17:57:19 -05:00
/* list of last checks to perform, depending on config options */
#define LSTCHK_CAP_BIND 0x00000001 /* check that we can bind to any port */
MAJOR: tproxy: remove support for cttproxy This was the first transparent proxy technology supported by haproxy circa 2005 but it was obsoleted in 2007 by Tproxy 4.0 which removed a lot of the earlier versions' shortcomings and was finally merged into the kernel. Since nobody has been using cttproxy for many years now and nobody has even just tried to compile the files, it's time to remove it. The doc was updated as well.
2015-08-20 13:35:14 -04:00
#define LSTCHK_NETADM 0x00000002 /* check that we have CAP_NET_ADMIN */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
/* Global tuning options */
/* available polling mechanisms */
#define GTUNE_USE_SELECT (1<<0)
#define GTUNE_USE_POLL (1<<1)
#define GTUNE_USE_EPOLL (1<<2)
#define GTUNE_USE_KQUEUE (1<<3)
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
/* platform-specific options */
MAJOR: polling: replace epoll with sepoll and remove sepoll Now that all pollers make use of speculative I/O, there is no point having two epoll implementations, so replace epoll with the sepoll code and remove sepoll which has just become the standard epoll method.
2012-11-11 11:42:00 -05:00
#define GTUNE_USE_SPLICE (1<<4)
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
#define GTUNE_USE_GAI (1<<5)
MEDIUM: make SO_REUSEPORT configurable With Linux officially introducing SO_REUSEPORT support in 3.9 and its mainstream adoption we have seen more people running into strange SO_REUSEPORT related issues (a process management issue turning into hard to diagnose problems because the kernel load-balances between the new and an obsolete haproxy instance). Also some people simply want the guarantee that the bind fails when the old process is still bound. This change makes SO_REUSEPORT configurable, introducing the command line argument "-dR" and the noreuseport configuration directive. A backport to 1.6 should be considered.
2016-09-12 17:42:20 -04:00
#define GTUNE_USE_REUSEPORT (1<<6)
MINOR: init: add -dr to ignore server address resolution failures It is very common when validating a configuration out of production not to have access to the same resolvers and to fail on server address resolution, making it difficult to test a configuration. This option simply appends the "none" method to the list of address resolution methods for all servers, ensuring that even if the libc fails to resolve an address, the startup sequence is not interrupted.
2016-11-07 15:03:16 -05:00
#define GTUNE_RESOLVE_DONTFAIL (1<<7)
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
MINOR: proxy: Don't close FDs if not our proxy. When running with multiple process, if some proxies are just assigned to some processes, the other processes will just close the file descriptors for the listening sockets. However, we may still have to provide those sockets when reloading, so instead we just try hard to pretend those proxies are dead, while keeping the sockets opened. A new global option, no-reused-socket", has been added, to restore the old behavior of closing the sockets not bound to this process.
2017-04-05 19:05:05 -04:00
#define GTUNE_SOCKET_TRANSFER (1<<8)
MAJOR: mworker: exits the master on failure This patch changes the behavior of the master during the exit of a worker. When a worker exits with an error code, for example in the case of a segfault, all workers are now killed and the master leaves. If you don't want this behavior you can use the option "master-worker no-exit-on-failure".
2017-11-24 16:02:34 -05:00
#define GTUNE_NOEXIT_ONFAILURE (1<<9)
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#define GTUNE_USE_SYSTEMD (1<<10)
MINOR: proxy: Don't close FDs if not our proxy. When running with multiple process, if some proxies are just assigned to some processes, the other processes will just close the file descriptors for the listening sockets. However, we may still have to provide those sockets when reloading, so instead we just try hard to pretend those proxies are dead, while keeping the sockets opened. A new global option, no-reused-socket", has been added, to restore the old behavior of closing the sockets not bound to this process.
2017-04-05 19:05:05 -04:00
MINOR: polling: add an option to support busy polling In some situations, especially when dealing with low latency on processors supporting a variable frequency or when running inside virtual machines, each time the process waits for an I/O using the poller, the processor goes back to sleep or is offered to another VM for a long time, and it causes excessively high latencies. A solution to this provided by this patch is to enable busy polling using a global option. When busy polling is enabled, the pollers never sleep and loop over themselves waiting for an I/O event to happen or for a timeout to occur. On multi-processor machines it can significantly overheat the processor but it usually results in much lower latencies. A typical test consisting in injecting traffic over a single connection at a time over the loopback shows a bump from 4640 to 8540 connections per second on forwarded connections, indicating a latency reduction of 98 microseconds for each connection, and a bump from 12500 to 21250 for locally terminated connections (redirects), indicating a reduction of 33 microseconds. It is only usable with epoll and kqueue because select() and poll()'s API is not convenient for such usages, and the level of performance they are used in doesn't benefit from this anyway. The option, which obviously remains disabled by default, can be turned on using "busy-polling" in the global section, and turned off later using "no busy-polling". Its status is reported in "show info" to help troubleshooting suspicious CPU spikes.
2018-11-22 12:07:59 -05:00
#define GTUNE_BUSY_POLLING (1<<11)
MINOR: config: add global tune.listener.multi-queue setting tune.listener.multi-queue { on | off } Enables ('on') or disables ('off') the listener's multi-queue accept which spreads the incoming traffic to all threads a "bind" line is allowed to run on instead of taking them for itself. This provides a smoother traffic distribution and scales much better, especially in environments where threads may be unevenly loaded due to external activity (network interrupts colliding with one thread for example). This option is enabled by default, but it may be forcefully disabled for troubleshooting or for situations where it is estimated that the operating system already provides a good enough distribution and connections are extremely short-lived.
2019-02-27 06:02:18 -05:00
#define GTUNE_LISTENER_MQ (1<<12)
MINOR: init: add a "set-dumpable" global directive to enable core dumps It's always a pain to get a core dump when enabling user/group setting (which disables the dumpable flag on Linux), when using a chroot and/or when haproxy is started by a service management tool which requires complex operations to just raise the core dump limit. This patch introduces a new "set-dumpable" global directive to work around these troubles by doing the following : - remove file size limits (equivalent of ulimit -f unlimited) - remove core size limits (equivalent of ulimit -c unlimited) - mark the process dumpable again (equivalent of suid_dumpable=1) Some of these will depend on the operating system. This way it becomes much easier to retrieve a core file. Temporarily moving the chroot to a user-writable place generally enough.
2019-04-15 13:38:50 -04:00
#define GTUNE_SET_DUMPABLE (1<<13)
MAJOR: polling: add event ports support (Solaris) Event ports are kqueue/epoll polling class for Solaris. Code is based on https://github.com/joyent/haproxy-1.8/tree/joyent/dev-v1.8.8. Event ports are available only on SunOS systems derived from Solaris 10 and later (including illumos systems).
2019-04-08 12:53:32 -04:00
#define GTUNE_USE_EVPORTS (1<<14)
MINOR: init: always fail when setrlimit fails this patch introduces a strict-limits parameter which enforces the setrlimit setting instead of a warning. This option can be forcingly disable with the "no" keyword. The general aim of this patch is to avoid bad surprises on a production environment where you change the maxconn for example, a new fd limit is calculated, but cannot be set because of sysfs setting. In that case you might want to have an explicit failure to be aware of it before seeing your traffic going down. During a global rollout it is also useful to explictly fail as most progressive rollout would simply check the general health check of the process. As discussed, plan to use the strict by default mode starting from v2.3. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-10-27 15:08:11 -04:00
#define GTUNE_STRICT_LIMITS (1<<15)
MEDIUM: init: prevent process and thread creation at runtime Some concerns are regularly raised about the risk to inherit some Lua files which make use of a fork (e.g. via os.execute()) as well as whether or not some of bugs we fix might or not be exploitable to run some code. Given that haproxy is event-driven, any foreground activity completely stops processing and is easy to detect, but background activity is a different story. A Lua script could very well discretely fork a sub-process connecting to a remote location and taking commands, and some injected code could also try to hide its activity by creating a process or a thread without blocking the rest of the processing. While such activities should be extremely limited when run in an empty chroot without any permission, it would be better to get a higher assurance they cannot happen. This patch introduces something very simple: it limits the number of processes and threads to zero in the workers after the last thread was created. By doing so, it effectively instructs the system to fail on any fork() or clone() syscall. Thus any undesired activity has to happen in the foreground and is way easier to detect. This will obviously break external checks (whose concept is already totally insecure), and for this reason a new option "insecure-fork-wanted" was added to disable this protection, and it is suggested in the fork() error report from the checks. It is obviously recommended not to use it and to reconsider the reasons leading to it being enabled in the first place. If for any reason we fail to disable forks, we still start because it could be imaginable that some operating systems refuse to set this limit to zero, but in this case we emit a warning, that may or may not be reported since we're after the fork point. Ideally over the long term it should be conditionned by strict-limits and cause a hard fail.
2019-12-03 01:07:36 -05:00
#define GTUNE_INSECURE_FORK (1<<16)
MEDIUM: init: set NO_NEW_PRIVS by default when supported HAProxy doesn't need to call executables at run time (except when using external checks which are strongly recommended against), and is even expected to isolate itself into an empty chroot. As such, there basically is no valid reason to allow a setuid executable to be called without the user being fully aware of the risks. In a situation where haproxy would need to call external checks and/or disable chroot, exploiting a vulnerability in a library or in haproxy itself could lead to the execution of an external program. On Linux it is possible to lock the process so that any setuid bit present on such an executable is ignored. This significantly reduces the risk of privilege escalation in such a situation. This is what haproxy does by default. In case this causes a problem to an external check (for example one which would need the "ping" command), then it is possible to disable this protection by explicitly adding this directive in the global section. If enabled, it is possible to turn it back off by prefixing it with the "no" keyword. Before the option: $ socat - /tmp/sock1 <<< "expert-mode on; debug dev exec sudo /bin/id" uid=0(root) gid=0(root) groups=0(root After the option: $ socat - /tmp/sock1 <<< "expert-mode on; debug dev exec sudo /bin/id" sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
2019-12-06 10:31:45 -05:00
#define GTUNE_INSECURE_SETUID (1<<17)
MAJOR: polling: add event ports support (Solaris) Event ports are kqueue/epoll polling class for Solaris. Code is based on https://github.com/joyent/haproxy-1.8/tree/joyent/dev-v1.8.8. Event ports are available only on SunOS systems derived from Solaris 10 and later (including illumos systems).
2019-04-08 12:53:32 -04:00
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
/* SSL server verify mode */
enum {
SSL_SERVER_VERIFY_NONE = 0,
SSL_SERVER_VERIFY_REQUIRED = 1,
};
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* FIXME : this will have to be redefined correctly */
struct global {
[MAJOR] support for source binding via cttproxy Using the cttproxy kernel patch, it's possible to bind to any source address. It is highly recommended to use the 03-natdel patch with the other ones. A new keyword appears as a complement to the "source" keyword : "usesrc". The source address is mandatory and must be valid on the interface which will see the packets. The "usesrc" option supports "client" (for full client_ip:client_port spoofing), "client_ip" (for client_ip spoofing) and any 'IP[:port]' combination to pretend to be another machine. Right now, the source binding is missing from server health-checks if set to another address. It must be implemented (think restricted firewalls). The doc is still missing too.
2006-11-12 17:57:19 -05:00
int uid;
int gid;
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
int external_check;
[MAJOR] support for source binding via cttproxy Using the cttproxy kernel patch, it's possible to bind to any source address. It is highly recommended to use the 03-natdel patch with the other ones. A new keyword appears as a complement to the "source" keyword : "usesrc". The source address is mandatory and must be valid on the interface which will see the packets. The "usesrc" option supports "client" (for full client_ip:client_port spoofing), "client_ip" (for client_ip spoofing) and any 'IP[:port]' combination to pretend to be another machine. Right now, the source binding is missing from server health-checks if set to another address. It must be implemented (think restricted firewalls). The doc is still missing too.
2006-11-12 17:57:19 -05:00
int nbproc;
MINOR: threads: Add nbthread parameter It is only parsed and initialized for now. It will be used later. This parameter is only available when support for threads was built in.
2017-08-29 09:37:10 -04:00
int nbthread;
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
unsigned int hard_stop_after; /* maximum time allowed to perform a soft-stop */
[MEDIUM] stats: add the "set maxconn" setting to the command line interface This option permits to change the global maxconn setting within the limit that was set by the initial value, which is now reported as the hard maxconn value. This allows to immediately accept more concurrent connections or to stop accepting new ones until the value passes below the indicated setting. The main use of this option is on systems where many haproxy instances are loaded and admins need to re-adjust resource sharing at run time to regain a bit of fairness between processes.
2011-09-07 08:38:31 -04:00
int maxconn, hardmaxconn;
MEDIUM: config: implement maxsslconn in the global section SSL connections take a huge amount of memory, and unfortunately openssl does not check malloc() returns and easily segfaults when too many connections are used. The only solution against this is to provide a global maxsslconn setting to reject SSL connections above the limit in order to avoid reaching unsafe limits.
2012-09-06 05:58:37 -04:00
int maxsslconn;
MINOR: global: report information about the cost of SSL connections An SSL connection takes some memory when it exists and during handshakes. We measured up to 16kB for an established endpoint, and up to 76 extra kB during a handshake. The SSL layer stores these values into the global struct during initialization. If other SSL libs are used, it's easy to change these values. Anyway they'll only be used as gross estimates in order to guess the max number of SSL conns that can be established when memory is constrained and the limit is not set.
2015-01-15 15:34:39 -05:00
int ssl_session_max_cost; /* how many bytes an SSL session may cost */
int ssl_handshake_max_cost; /* how many bytes an SSL handshake may use */
MINOR: global: always export some SSL-specific metrics We'll need to know the number of SSL connections, their use and their cost soon. In order to avoid getting tons of ifdefs everywhere, always export SSL information in the global section. We add two flags to know whether or not SSL is used in a frontend and in a backend.
2015-01-15 15:32:40 -05:00
int ssl_used_frontend; /* non-zero if SSL is used in a frontend */
int ssl_used_backend; /* non-zero if SSL is used in a backend */
BUG/MEDIUM: ssl engines: Fix async engines fds were not considered to fix fd limit automatically. The number of async fd is computed considering the maxconn, the number of sides using ssl and the number of engines using async mode. This patch should be backported on haproxy 1.8
2017-12-06 07:51:49 -05:00
int ssl_used_async_engines; /* number of used async engines */
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
unsigned int ssl_server_verify; /* default verify mode on servers side */
[MEDIUM] add support for global.maxconnrate to limit the per-process conn rate. This one enforces a per-process connection rate limit, regardless of what may be set per frontend. It can be a way to limit the CPU usage of a process being severely attacked. The side effect is that the global process connection rate is now measured for each incoming connection, so it will be possible to report it.
2011-09-07 09:17:21 -04:00
struct freq_ctr conn_per_sec;
MEDIUM: listener: add support for limiting the session rate in addition to the connection rate It's sometimes useful to be able to limit the connection rate on a machine running many haproxy instances (eg: per customer) but it removes the ability for that machine to defend itself against a DoS. Thus, better also provide a limit on the session rate, which does not include the connections rejected by "tcp-request connection" rules. This permits to have much higher limits on the connection rate without having to raise the session rate limit to insane values. The limit can be changed on the CLI using "set rate-limit sessions global", or in the global section using "maxsessrate".
2013-10-07 12:51:07 -04:00
struct freq_ctr sess_per_sec;
MEDIUM: listener: apply a limit on the session rate submitted to SSL Just like the previous commit, we sometimes want to limit the rate of incoming SSL connections. While it can be done for a frontend, it was not possible for a whole process, which makes sense when multiple processes are running on a system to server multiple customers. The new global "maxsslrate" setting is usable to fix a limit on the session rate going to the SSL frontends. The limits applies before the SSL handshake and not after, so that it saves the SSL stack from expensive key computations that would finally be aborted before being accounted for. The same setting may be changed at run time on the CLI using "set rate-limit ssl-session global".
2013-10-07 14:01:52 -04:00
struct freq_ctr ssl_per_sec;
MINOR: stats: report SSL key computations per second It's commonly needed to know how many SSL asymmetric keys are computed per second on either side (frontend or backend), and to know the SSL session reuse ratio. Now we compute these values and report them in "show info".
2014-05-28 06:28:58 -04:00
struct freq_ctr ssl_fe_keys_per_sec;
struct freq_ctr ssl_be_keys_per_sec;
MINOR: compression: maximum compression rate limit This patch adds input and output rate calcutation on the HTTP compresion feature. Compression can be limited with a maximum rate value in kilobytes per second. The rate is set with the global 'maxcomprate' option. You can change this value dynamicaly with 'set rate-limit http-compression global' on the UNIX socket.
2012-11-09 11:05:39 -05:00
struct freq_ctr comp_bps_in; /* bytes per second, before http compression */
struct freq_ctr comp_bps_out; /* bytes per second, after http compression */
MINOR: raw_sock: report global traffic statistics Many times we've been missing per-process traffic statistics. While it didn't make sense in multi-process mode, with threads it does. Thus we now have a counter of bytes emitted by raw_sock, and a freq counter for these as well. However, freq_ctr are limited to 32 bits, and given that loads of 300 Gbps have already been reached over a loopback using splicing, we need to downscale this a bit. Here we're storing 1/32 of the byte rate, which gives a theorical limit of 128 GB/s or ~1 Tbps, which is more than enough. Let's have fun re-reading this sentence in 2029 :-) The values can be read in "show info" output on the CLI.
2019-05-23 05:39:14 -04:00
struct freq_ctr out_32bps; /* #of 32-byte blocks emitted per second */
unsigned long long out_bytes; /* total #of bytes emitted */
[MEDIUM] add support for global.maxconnrate to limit the per-process conn rate. This one enforces a per-process connection rate limit, regardless of what may be set per frontend. It can be a way to limit the CPU usage of a process being severely attacked. The side effect is that the global process connection rate is now measured for each incoming connection, so it will be possible to report it.
2011-09-07 09:17:21 -04:00
int cps_lim, cps_max;
MEDIUM: listener: add support for limiting the session rate in addition to the connection rate It's sometimes useful to be able to limit the connection rate on a machine running many haproxy instances (eg: per customer) but it removes the ability for that machine to defend itself against a DoS. Thus, better also provide a limit on the session rate, which does not include the connections rejected by "tcp-request connection" rules. This permits to have much higher limits on the connection rate without having to raise the session rate limit to insane values. The limit can be changed on the CLI using "set rate-limit sessions global", or in the global section using "maxsessrate".
2013-10-07 12:51:07 -04:00
int sps_lim, sps_max;
MEDIUM: listener: apply a limit on the session rate submitted to SSL Just like the previous commit, we sometimes want to limit the rate of incoming SSL connections. While it can be done for a frontend, it was not possible for a whole process, which makes sense when multiple processes are running on a system to server multiple customers. The new global "maxsslrate" setting is usable to fix a limit on the session rate going to the SSL frontends. The limits applies before the SSL handshake and not after, so that it saves the SSL stack from expensive key computations that would finally be aborted before being accounted for. The same setting may be changed at run time on the CLI using "set rate-limit ssl-session global".
2013-10-07 14:01:52 -04:00
int ssl_lim, ssl_max;
MINOR: stats: report SSL key computations per second It's commonly needed to know how many SSL asymmetric keys are computed per second on either side (frontend or backend), and to know the SSL session reuse ratio. Now we compute these values and report them in "show info".
2014-05-28 06:28:58 -04:00
int ssl_fe_keys_max, ssl_be_keys_max;
MINOR: stats: add counters for SSL cache lookups and misses One important aspect of SSL performance tuning is the cache size, but there's no metric to know whether it's large enough or not. This commit introduces two counters, one for the cache lookups and another one for cache misses. These counters are reported on "show info" on the stats socket. This way, it suffices to see the cache misses counter constantly grow to know that a larger cache could possibly help.
2014-05-28 10:47:01 -04:00
unsigned int shctx_lookups, shctx_misses;
MINOR: compression: maximum compression rate limit This patch adds input and output rate calcutation on the HTTP compresion feature. Compression can be limited with a maximum rate value in kilobytes per second. The rate is set with the global 'maxcomprate' option. You can change this value dynamicaly with 'set rate-limit http-compression global' on the UNIX socket.
2012-11-09 11:05:39 -05:00
int comp_rate_lim; /* HTTP compression rate limit */
[MINOR] global.maxpipes: add the ability to reserve file descriptors for pipes This will be needed to use linux's splice() syscall.
2009-01-18 14:39:42 -05:00
int maxpipes; /* max # of pipes */
[MAJOR] support for source binding via cttproxy Using the cttproxy kernel patch, it's possible to bind to any source address. It is highly recommended to use the 03-natdel patch with the other ones. A new keyword appears as a complement to the "source" keyword : "usesrc". The source address is mandatory and must be valid on the interface which will see the packets. The "usesrc" option supports "client" (for full client_ip:client_port spoofing), "client_ip" (for client_ip spoofing) and any 'IP[:port]' combination to pretend to be another machine. Right now, the source binding is missing from server health-checks if set to another address. It must be implemented (think restricted firewalls). The doc is still missing too.
2006-11-12 17:57:19 -05:00
int maxsock; /* max # of sockets */
int rlimit_nofile; /* default ulimit-n value : 0=unset */
BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced When memmax is forced using "-m", the per-process memory limit is enforced using setrlimit(), but this value is not used to compute the automatic maxconn limit. In addition, the per-process memory limit didn't consider the fact that the shared SSL cache only needs to be accounted once. The doc was also fixed to clearly state that "-m" is global and not per process. It makes sense because people who use -m want to protect the system's resources regardless of whatever appears in the configuration.
2015-12-14 06:46:07 -05:00
int rlimit_memmax_all; /* default all-process memory limit in megs ; 0=unset */
int rlimit_memmax; /* default per-process memory limit in megs ; 0=unset */
MINOR: compression: report zlib memory usage Show the memory usage and the max memory available for zlib. The value stored is now the memory used instead of the remaining available memory.
2012-11-20 05:25:20 -05:00
long maxzlibmem; /* max RAM for zlib in bytes */
[MAJOR] support for source binding via cttproxy Using the cttproxy kernel patch, it's possible to bind to any source address. It is highly recommended to use the 03-natdel patch with the other ones. A new keyword appears as a complement to the "source" keyword : "usesrc". The source address is mandatory and must be valid on the interface which will see the packets. The "usesrc" option supports "client" (for full client_ip:client_port spoofing), "client_ip" (for client_ip spoofing) and any 'IP[:port]' combination to pretend to be another machine. Right now, the source binding is missing from server health-checks if set to another address. It must be implemented (think restricted firewalls). The doc is still missing too.
2006-11-12 17:57:19 -05:00
int mode;
BUG/MEDIUM: unique_id: HTTP request counter is not stable Patrick Hemmer reported that using unique_id_format and logs did not report the same unique ID counter since commit 9f09521 ("BUG/MEDIUM: unique_id: HTTP request counter must be unique!"). This is because the increment was done while producing the log message, so it was performed twice. A better solution consists in fetching a new value once per request and saving it in the request or session context for all of this request's life. It happens that sessions already have a unique ID field which is used for debugging and reporting errors, and which differs from the one sent in logs and unique_id header. So let's change this to reuse this field to have coherent IDs everywhere. As of now, a session gets a new unique ID once it is instanciated. This means that TCP sessions will also benefit from a unique ID that can be logged. And this ID is renewed for each extra HTTP request received on an existing session. Thus, all TCP sessions and HTTP requests will have distinct IDs that will be stable along all their life, and coherent between all places where they're used (logs, unique_id header, "show sess", "show errors"). This feature is 1.5-specific, no backport to 1.4 is needed.
2014-01-25 05:01:50 -05:00
unsigned int req_count; /* request counter (HTTP or TCP session) for logs and unique_id */
[MAJOR] support for source binding via cttproxy Using the cttproxy kernel patch, it's possible to bind to any source address. It is highly recommended to use the 03-natdel patch with the other ones. A new keyword appears as a complement to the "source" keyword : "usesrc". The source address is mandatory and must be valid on the interface which will see the packets. The "usesrc" option supports "client" (for full client_ip:client_port spoofing), "client_ip" (for client_ip spoofing) and any 'IP[:port]' combination to pretend to be another machine. Right now, the source binding is missing from server health-checks if set to another address. It must be implemented (think restricted firewalls). The doc is still missing too.
2006-11-12 17:57:19 -05:00
int last_checks;
[MEDIUM] Spread health checks even more When one server appears at the same position in multiple backends, it receives all the checks from all the backends exactly at the same time because the health-checks are only spread within a backend but not globally. Attached patch implements per-server start delay in a different way. Checks are now spread globally - not locally to one backend. It also makes them start faster - IMHO there is no need to add a 'server->inter' when calculating first execution. Calculation were moved from cfgparse.c to checks.c. There is a new function start_checks() and now it is not called when haproxy is started in MODE_CHECK. With this patch it is also possible to set a global 'spread-checks' parameter. It takes a percentage value (1..50, probably something near 5..10 is a good idea) so haproxy adds or removes that many percent to the original interval after each check. My test shows that with 18 backends, 54 servers total and 10000ms/5% it takes about 45m to mix them completely. I decided to use rand/srand pseudo-random number generator. I am aware it is not recommend for a good randomness but a) we do not need a good random generator here b) it is probably the most portable one.
2007-10-14 17:40:01 -04:00
int spread_checks;
MINOR: checks: add a new global max-spread-checks directive This directive ensures that checks with a huge interval do not start too far apart at the beginning.
2014-04-25 04:46:47 -04:00
int max_spread_checks;
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
int max_syslog_len;
[MAJOR] support for source binding via cttproxy Using the cttproxy kernel patch, it's possible to bind to any source address. It is highly recommended to use the 03-natdel patch with the other ones. A new keyword appears as a complement to the "source" keyword : "usesrc". The source address is mandatory and must be valid on the interface which will see the packets. The "usesrc" option supports "client" (for full client_ip:client_port spoofing), "client_ip" (for client_ip spoofing) and any 'IP[:port]' combination to pretend to be another machine. Right now, the source binding is missing from server health-checks if set to another address. It must be implemented (think restricted firewalls). The doc is still missing too.
2006-11-12 17:57:19 -05:00
char *chroot;
char *pidfile;
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
char *node, *desc; /* node name & description */
MAJOR: chunks: replace struct chunk with struct buffer Now all the code used to manipulate chunks uses a struct buffer instead. The functions are still called "chunk*", and some of them will progressively move to the generic buffer handling code as they are cleaned up.
2018-07-13 05:56:34 -04:00
struct buffer log_tag; /* name for syslog */
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
struct list logsrvs;
[MINOR] log: add support for passing the forwarded hostname Haproxy does not include the hostname rather the IP of the machine in the syslog headers it sends. Unfortunately this means that for each log line rsyslog does a reverse dns on the client IP and in the case of non-routable IPs one gets the public hostname not the internal one. While this is valid according to RFC3164 as one might imagine this is troublsome if you have some machines with public IPs, internal IPs, no reverse DNS entries, etc and you want a standardized hostname based log directory structure. The rfc says the preferred value is the hostname. This patch adds a global "log-send-hostname" statement which accepts an optional string to force the host name. If unset, the local host name is used.
2010-12-29 11:05:48 -05:00
char *log_send_hostname; /* set hostname in syslog header */
MINOR: config: new global directive server-state-base This new global directive can be used to provide a base directory where all the server state files could be loaded. If a server state file name starts with a slash '/', then this directive must not be applied.
2015-08-23 03:22:25 -04:00
char *server_state_base; /* path to a directory where server state files can be found */
MINOR: config: new global section directive: server-state-file This new global section directive is used to store the path to the file where HAProxy will be able to retrieve server states across reloads. The file pointed by this path is used to store a file which can contains state of all servers from all backends.
2015-08-23 03:54:31 -04:00
char *server_state_file; /* path to the file where server states are loaded from */
[MEDIUM] limit the number of events returned by *poll* By default, epoll/kqueue used to return as many events as possible. This could sometimes cause huge latencies (latencies of up to 400 ms have been observed with many thousands of fds at once). Limiting the number of events returned also reduces the latency by avoiding too many blind processing. The value is set to 200 by default and can be changed in the global section using the tune.maxpollevents parameter.
2007-06-03 11:16:49 -04:00
struct {
int maxpollevents; /* max number of poll events at once */
[OPTIM] introduce global parameter "tune.maxaccept" This new parameter makes it possible to override the default number of consecutive incoming connections which can be accepted on a socket. By default it is not limited on single process mode, and limited to 8 in multi-process mode.
2008-01-06 05:22:57 -05:00
int maxaccept; /* max number of consecutive accept() */
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
int options; /* various tuning options */
MINOR: tasks: Make the number of tasks to run at once configurable. Instead of hardcoding 200, make the number of tasks to be run configurable using tune.runqueue-depth. 200 is still the default.
2018-05-24 12:59:04 -04:00
int runqueue_depth;/* max number of tasks to run at once */
[OPTIM] stream_sock: don't retry to read after a large read If we get very large data at once, it's almost certain that it's worthless trying to read again, because we got everything we could get. Doing this has made all -EAGAIN disappear from splice reads. The threshold has been put in the global tunable structures so that if we one day want to make it accessible from user config, it will be easy to do so.
2009-03-21 15:43:57 -04:00
int recv_enough; /* how many input bytes at once are "enough" */
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
int bufsize; /* buffer size in bytes, defaults to BUFSIZE */
int maxrewrite; /* buffer max rewrite size in bytes, defaults to MAXREWRITE */
MAJOR: session: only wake up as many sessions as available buffers permit We've already experimented with three wake up algorithms when releasing buffers : the first naive one used to wake up far too many sessions, causing many of them not to get any buffer. The second approach which was still in use prior to this patch consisted in waking up either 1 or 2 sessions depending on the number of FDs we had released. And this was still inaccurate. The third one tried to cover the accuracy issues of the second and took into consideration the number of FDs the sessions would be willing to use, but most of the time we ended up waking up too many of them for nothing, or deadlocking by lack of buffers. This patch completely removes the need to allocate two buffers at once. Instead it splits allocations into critical and non-critical ones and implements a reserve in the pool for this. The deadlock situation happens when all buffers are be allocated for requests pending in a maxconn-limited server queue, because then there's no more way to allocate buffers for responses, and these responses are critical to release the servers's connection in order to release the pending requests. In fact maxconn on a server creates a dependence between sessions and particularly between oldest session's responses and latest session's requests. Thus, it is mandatory to get a free buffer for a response in order to release a server connection which will permit to release a request buffer. Since we definitely have non-symmetrical buffers, we need to implement this logic in the buffer allocation mechanism. What this commit does is implement a reserve of buffers which can only be allocated for responses and that will never be allocated for requests. This is made possible by the requester indicating how much margin it wants to leave after the allocation succeeds. Thus it is a cooperative allocation mechanism : the requester (process_session() in general) prefers not to get a buffer in order to respect other's need for response buffers. The session management code always knows if a buffer will be used for requests or responses, so that is not difficult : - either there's an applet on the initiator side and we really need the request buffer (since currently the applet is called in the context of the session) - or we have a connection and we really need the response buffer (in order to support building and sending an error message back) This reserve ensures that we don't take all allocatable buffers for requests waiting in a queue. The downside is that all the extra buffers are really allocated to ensure they can be allocated. But with small values it is not an issue. With this change, we don't observe any more deadlocks even when running with maxconn 1 on a server under severely constrained memory conditions. The code becomes a bit tricky, it relies on the scheduler's run queue to estimate how many sessions are already expected to run so that it doesn't wake up everyone with too few resources. A better solution would probably consist in having two queues, one for urgent requests and one for normal requests. A failed allocation for a session dealing with an error, a connection event, or the need for a response (or request when there's an applet on the left) would go to the urgent request queue, while other requests would go to the other queue. Urgent requests would be served from 1 entry in the pool, while the regular ones would be served only according to the reserve. Despite not yet having this, it works remarkably well. This mechanism is quite efficient, we don't perform too many wake up calls anymore. For 1 million sessions elapsed during massive memory contention, we observe about 4.5M calls to process_session() compared to 4.0M without memory constraints. Previously we used to observe up to 16M calls, which rougly means 12M failures. During a test run under high memory constraints (limit enforced to 27 MB instead of the 58 MB normally needed), performance used to drop by 53% prior to this patch. Now with this patch instead it *increases* by about 1.5%. The best effect of this change is that by limiting the memory usage to about 2/3 to 3/4 of what is needed by default, it's possible to increase performance by up to about 18% mainly due to the fact that pools are reused more often and remain hot in the CPU cache (observed on regular HTTP traffic with 20k objects, buffers.limit = maxconn/10, buffers.reserve = limit/2). Below is an example of scenario which used to cause a deadlock previously : - connection is received - two buffers are allocated in process_session() then released - one is allocated when receiving an HTTP request - the second buffer is allocated then released in process_session() for request parsing then connection establishment. - poll() says we can send, so the request buffer is sent and released - process session gets notified that the connection is now established and allocates two buffers then releases them - all other sessions do the same till one cannot get the request buffer without hitting the margin - and now the server responds. stream_interface allocates the response buffer and manages to get it since it's higher priority being for a response. - but process_session() cannot allocate the request buffer anymore => We could end up with all buffers used by responses so that none may be allocated for a request in process_session(). When the applet processing leaves the session context, the test will have to be changed so that we always allocate a response buffer regardless of the left side (eg: H2->H1 gateway). A final improvement would consists in being able to only retry the failed I/O operation without waking up a task, but to date all experiments to achieve this have proven not to be reliable enough.
2014-11-26 19:11:56 -05:00
int reserved_bufs; /* how many buffers can only be allocated for response */
MINOR: config: implement global setting tune.buffers.limit This setting is used to limit memory usage without causing the alloc failures caused by "-m". Unexpectedly, tests have shown a performance boost of up to about 18% on HTTP traffic when limiting the number of buffers to about 10% of the amount of concurrent connections. tune.buffers.limit <number> Sets a hard limit on the number of buffers which may be allocated per process. The default value is zero which means unlimited. The minimum non-zero value will always be greater than "tune.buffers.reserve" and should ideally always be about twice as large. Forcing this value can be particularly useful to limit the amount of memory a process may take, while retaining a sane behaviour. When this limit is reached, sessions which need a buffer wait for another one to be released by another session. Since buffers are dynamically allocated and released, the waiting time is very short and not perceptible provided that limits remain reasonable. In fact sometimes reducing the limit may even increase performance by increasing the CPU cache's efficiency. Tests have shown good results on average HTTP traffic with a limit to 1/10 of the expected global maxconn setting, which also significantly reduces memory usage. The memory savings come from the fact that a number of connections will not allocate 2*tune.bufsize. It is best not to touch this value unless advised to do so by an haproxy core developer.
2014-12-23 16:52:37 -05:00
int buf_limit; /* if not null, how many total buffers may only be allocated */
[MINOR] add the ability to force kernel socket buffer size. Sometimes we need to be able to change the default kernel socket buffer size (recv and send). Four new global settings have been added for this : - tune.rcvbuf.client - tune.rcvbuf.server - tune.sndbuf.client - tune.sndbuf.server Those can be used to reduce kernel memory footprint with large numbers of concurrent connections, and to reduce risks of write timeouts with very slow clients due to excessive kernel buffering.
2010-01-21 11:43:04 -05:00
int client_sndbuf; /* set client sndbuf to this value if not null */
int client_rcvbuf; /* set client rcvbuf to this value if not null */
int server_sndbuf; /* set server sndbuf to this value if not null */
int server_rcvbuf; /* set server rcvbuf to this value if not null */
[MINOR] global: add "tune.chksize" to change the default check buffer size HTTP content-based health checks will be involved in searching text in pages. Some pages may not fit in the default buffer (16kB) and sometimes it might be desired to have larger buffers in order to find patterns. Running checks on smaller URIs is always preferred of course. (cherry picked from commit 043f44aeb835f3d0b57626c4276581a73600b6b1)
2010-10-04 14:39:20 -04:00
int chksize; /* check buffer size in bytes, defaults to BUFSIZE */
OPTIM/MINOR: make it possible to change pipe size (tune.pipesize) By default, pipes are the default size for the system. But sometimes when using TCP splicing, it can improve performance to increase pipe sizes, especially if it is suspected that pipes are not filled and that many calls to splice() are performed. This has an impact on the kernel's memory footprint, so this must not be changed if impacts are not understood.
2011-10-23 15:14:29 -04:00
int pipesize; /* pipe size in bytes, system defaults if zero */
MEDIUM: tune.http.maxhdr makes it possible to configure the maximum number of HTTP headers For a long time, the max number of headers was taken as a part of the buffer size. Since the header size can be configured at runtime, it does not make much sense anymore. Nothing was making it necessary to have a static value, so let's turn this into a tunable with a default value of 101 which equals what was previously used.
2011-10-24 13:14:41 -04:00
int max_http_hdr; /* max number of HTTP headers, use MAX_HTTP_HDR if zero */
MINOR: log: Add logurilen tunable. The default len of request uri in log messages is 1024. In some use cases, you need to keep the long trail of GET parameters. The only way to increase this len is to recompile with DEFINE=-DREQURI_LEN=2048. This commit introduces a tune.http.logurilen configuration directive, allowing to tune this at runtime.
2017-05-18 02:58:41 -04:00
int requri_len; /* max len of request URI, use REQURI_LEN if zero */
MINOR: http: allow the cookie capture size to be changed Some users need more than 64 characters to log large cookies. The limit was set to 63 characters (and not 64 as previously documented). Now it is possible to change this using the global "tune.http.cookielen" setting if required.
2012-11-21 18:17:38 -05:00
int cookie_len; /* max length of cookie captures */
MAJOR: pattern: add LRU-based cache on pattern matching The principle of this cache is to have a global cache for all pattern matching operations which rely on lists (reg, sub, dir, dom, ...). The input data, the expression and a random seed are used as a hashing key. The cached entries contains a pointer to the expression and a revision number for that expression so that we don't accidently used obsolete data after a pattern update or a very unlikely hash collision. Regarding the risk of collisions, 10k entries at 10k req/s mean 1% risk of a collision after 60 years, that's already much less than the memory's reliability in most machines and more durable than most admin's life expectancy. A collision will result in a valid result to be returned for a different entry from the same list. If this is not acceptable, the cache can be disabled using tune.pattern.cache-size. A test on a file containing 10k small regex showed that the regex matching was limited to 6k/s instead of 70k with regular strings. When enabling the LRU cache, the performance was back to 70k/s.
2015-04-29 10:24:50 -04:00
int pattern_cache; /* max number of entries in the pattern cache. */
MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size. This new global setting allows the user to change the SSL cache size in number of sessions. It defaults to 20000.
2012-09-03 06:10:29 -04:00
int sslcachesize; /* SSL cache size in session, defaults to 20000 */
MINOR: compression: tune.comp.maxlevel This option allows you to set the maximum compression level usable by the compression algorithm. It affects CPU usage.
2012-11-09 06:33:10 -05:00
int comp_maxlevel; /* max HTTP compression level */
MEDIUM: connections: Add a way to control the number of idling connections. As by default we add all keepalive connections to the idle pool, if we run into a pathological case, where all client don't do keepalive, but the server does, and haproxy is configured to only reuse "safe" connections, we will soon find ourself having lots of idling, unusable for new sessions, connections, while we won't have any file descriptors available to create new connections. To fix this, add 2 new global settings, "pool_low_ratio" and "pool_high_ratio". pool-low-fd-ratio is the % of fds we're allowed to use (against the maximum number of fds available to haproxy) before we stop adding connections to the idle pool, and destroy them instead. The default is 20. pool-high-fd-ratio is the % of fds we're allowed to use (against the maximum number of fds available to haproxy) before we start killing idling connection in the event we have to create a new outgoing connection, and no reuse is possible. The default is 25.
2019-04-16 13:07:22 -04:00
int pool_low_ratio; /* max ratio of FDs used before we stop using new idle connections */
int pool_high_ratio; /* max ratio of FDs used before we start killing idle connections when creating new connections */
int pool_low_count; /* max number of opened fd before we stop using new idle connections */
int pool_high_count; /* max number of opened fd before we start killing idle connections when creating new connections */
MINOR: config: make the stream interface idle timer user-configurable The new tune.idletimer value allows one to set a different value for idle stream detection. The default value remains set to one second. It is possible to disable it using zero, and to change the default value at build time using DEFAULT_IDLE_TIMER.
2014-02-12 10:35:14 -05:00
unsigned short idle_timer; /* how long before an empty buffer is considered idle (ms) */
[MEDIUM] limit the number of events returned by *poll* By default, epoll/kqueue used to return as many events as possible. This could sometimes cause huge latencies (latencies of up to 400 ms have been observed with many thousands of fds at once). Limiting the number of events returned also reduces the latency by avoiding too many blind processing. The value is set to 200 by default and can be changed in the global section using the tune.maxpollevents parameter.
2007-06-03 11:16:49 -04:00
} tune;
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
struct {
char *prefix; /* path prefix of unix bind socket */
struct { /* UNIX socket permissions */
uid_t uid; /* -1 to leave unchanged */
gid_t gid; /* -1 to leave unchanged */
mode_t mode; /* 0 to leave unchanged */
} ux;
} unix_bind;
MINOR: global/threads: move cpu_map at the end of the global struct The "thread" part is 32kB long, better move it at the end of the structure since it's only used during initialization, to keep the rest grouped together. Should be backported to 1.8 to ease backporting of upcoming patches, no functional impact.
2018-01-20 12:12:15 -05:00
struct proxy *stats_fe; /* the frontend holding the stats settings */
struct vars vars; /* list of variables for the process scope. */
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
#ifdef USE_CPU_AFFINITY
MINOR: config: Add the threads support in cpu-map directive Now, it is possible to bind CPU at the thread level instead of the process level by defining a thread set in "cpu-map" directives. Thus, its format is now: cpu-map [auto:]<process-set>[/<thread-set>] <cpu-set>... where <process-set> and <thread-set> must follow the format: all | odd | even | number[-[number]] Having a process range and a thread range in same time with the "auto:" prefix is not supported. Only one range is supported, the other one must be a fixed number. But it is allowed when there is no "auto:" prefix. Because it is possible to define a mapping for a process and another for a thread on this process, threads will be bound on the intersection of their mapping and the one of the process on which they are attached. If the intersection is null, no specific binding will be set for the threads.
2017-11-22 10:50:41 -05:00
struct {
MINOR: threads: flatten the per-thread cpu-map When we initially experimented with threads and processes support, we needed to implement arrays of threads per process for cpu-map, but this is not needed anymore since we support either threads or processes. Let's simply make the thread-based cpu-map per thread and not per thread and per process since that's not used anymore. Doing so reduces the global struct from 33kB to 1.5kB.
2019-05-03 03:41:23 -04:00
unsigned long proc[MAX_PROCS]; /* list of CPU masks for the 32/64 first processes */
BUG/MEDIUM: threads: cpu-map designating a single thread/process are ignored Since commit 81492c989 ("MINOR: threads: flatten the per-thread cpu-map"), we don't keep the proc*thread matrix anymore to represent the full binding possibilities, but only the proc and thread ones. The problem is that the per-process binding is not the same for each thread and for the process, and the proc[] array was assumed to store the per-proc first thread value when doing this change. Worse, the logic present there tries to deal with thread ranges and process ranges in a way which automatically exclused the other possibility (since ranges cannot be used on both) but as such fails to apply changes if neither the process nor the thread is expressed as a range. The real problem comes from the fact that specifying cpu-map 1/1 doesn't yet reveal if the per-process mask or the per-thread mask needs to be updated. In practice it's the thread one but then the current storage doesn't allow to store the binding of the first thread of each other process in nbproc>1 configurations. When removing the proc*thread matrix, what ought to have been kept was both the thread column for process 1 and the process line for threads 1, but instead only the thread column was kept. This patch reintroduces the storage of the configuration for the first thread of each process so that it is again possible to store either the per-thread or per-process configuration. As a partial workaround for existing configurations, it is possible to systematically indicate at least two processes or two threads at once and map them by pairs or more so that at least two values are present in the range. E.g : # set processes 1-4 to cpus 0-3 : cpu-map auto:1-4/1 0 1 2 3 # or: cpu-map 1-2/1 0 1 cpu-map 2-3/1 2 3 # set threads 1-4 to cpus 0-3 : cpu-map auto:1/1-4 0 1 2 3 # or : cpu-map 1/1-2 0 1 cpu-map 3/3-4 2 3 This fix must be backported to 2.0.
2019-07-16 09:10:34 -04:00
unsigned long proc_t1[MAX_PROCS]; /* list of CPU masks for the 1st thread of each process */
unsigned long thread[MAX_THREADS]; /* list of CPU masks for the 32/64 first threads of the 1st process */
MINOR: config: Add the threads support in cpu-map directive Now, it is possible to bind CPU at the thread level instead of the process level by defining a thread set in "cpu-map" directives. Thus, its format is now: cpu-map [auto:]<process-set>[/<thread-set>] <cpu-set>... where <process-set> and <thread-set> must follow the format: all | odd | even | number[-[number]] Having a process range and a thread range in same time with the "auto:" prefix is not supported. Only one range is supported, the other one must be a fixed number. But it is allowed when there is no "auto:" prefix. Because it is possible to define a mapping for a process and another for a thread on this process, threads will be bound on the intersection of their mapping and the one of the process on which they are attached. If the intersection is null, no specific binding will be set for the threads.
2017-11-22 10:50:41 -05:00
} cpu_map;
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
};
MEDIUM: mworker: store the leaving state of a process Previously we were assuming than a process was in a leaving state when its number of reload was greater than 0. With mworker programs it's not the case anymore so we need to store a leaving state.
2019-04-12 10:09:21 -04:00
/* options for mworker_proc */
#define PROC_O_TYPE_MASTER 0x00000001
#define PROC_O_TYPE_WORKER 0x00000002
#define PROC_O_TYPE_PROG 0x00000004
/* 0x00000008 unused */
#define PROC_O_LEAVING 0x00000010 /* this process should be leaving */
MEDIUM: mworker-prog: implements 'option start-on-reload' This option is already the default, but its opposite 'no option start-on-reload' allows the master to keep a previous instance of a program and don't start a new one upon a reload. The old program will then appear as a current one in "show proc" and could also trigger an exit-on-failure upon a segfault.
2019-04-12 10:09:22 -04:00
/* 0x00000020 to 0x00000080 unused */
#define PROC_O_START_RELOAD 0x00000100 /* Start the process even if the master was re-executed */
MEDIUM: mworker: store the leaving state of a process Previously we were assuming than a process was in a leaving state when its number of reload was greater than 0. With mworker programs it's not the case anymore so we need to store a leaving state.
2019-04-12 10:09:21 -04:00
REORG: mworker: move struct mworker_proc to global.h Move the definition of the mworker_proc structure in types/global.h.
2018-10-26 08:47:31 -04:00
/*
* Structure used to describe the processes in master worker mode
*/
struct mworker_proc {
int pid;
MEDIUM: mworker: store the leaving state of a process Previously we were assuming than a process was in a leaving state when its number of reload was greater than 0. With mworker programs it's not the case anymore so we need to store a leaving state.
2019-04-12 10:09:21 -04:00
int options;
MEDIUM: mworker-prog: implement program for master-worker This patch implements the external binary support in the master worker. To configure an external process, you need to use the program section, for example: program dataplane-api command ./dataplane_api Those processes are launched at the same time as the workers. During a reload of HAProxy, those processes are dealing with the same sequence as a worker: - the master is re-executed - the master sends a USR1 signal to the program - the master launches a new instance of the program During a stop, or restart, a SIGTERM is sent to the program.
2019-04-01 05:30:02 -04:00
char *id;
char **command;
char *path;
MINOR: mworker: add the HAProxy version in "show proc" Displays the HAProxy version so you can compare the version of old processes and new ones.
2019-06-12 13:11:33 -04:00
char *version;
REORG: mworker: move struct mworker_proc to global.h Move the definition of the mworker_proc structure in types/global.h.
2018-10-26 08:47:31 -04:00
int ipc_fd[2]; /* 0 is master side, 1 is worker side */
int relative_pid;
int reloads;
MINOR: cli: displays uptime in `show proc` Displays the uptime of the workers in `show proc`
2018-11-19 12:46:17 -05:00
int timestamp;
MEDIUM: mworker: find the server ptr using a CLI prefix Add a struct server pointer in the mworker_proc struct so we can easily use it as a target for the mworker proxy. pcli_prefix_to_pid() is used to find the right PID of the worker when using a prefix in the CLI. (@master, @#<relative pid> , @<pid>) pcli_pid_to_server() is used to find the right target server for the CLI proxy.
2018-10-26 08:47:38 -04:00
struct server *srv; /* the server entry in the master proxy */
REORG: mworker: move struct mworker_proc to global.h Move the definition of the mworker_proc structure in types/global.h.
2018-10-26 08:47:31 -04:00
struct list list;
MEDIUM: mworker-prog: Add user/group options to program section This patch adds "user" and "group" config options to the "program" section so the configured command can be run as a different user.
2019-07-11 23:50:26 -04:00
int uid;
int gid;
REORG: mworker: move struct mworker_proc to global.h Move the definition of the mworker_proc structure in types/global.h.
2018-10-26 08:47:31 -04:00
};
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
extern struct global global;
extern int pid; /* current process id */
[MINOR] stats: report numerical process ID, proxy ID and server ID It is very convenient for SNMP monitoring to have unique process ID, proxy ID and server ID. Those have been added to the CSV outputs. The numbers start at 1. 0 is reserved. For servers, 0 means that the reported name is not a server name but half a proxy (FRONTEND/BACKEND). A remaining hidden "-" in the CSV output has been eliminated too.
2007-11-04 17:35:08 -05:00
extern int relative_pid; /* process id starting at 1 */
CLEANUP: global: introduce variable pid_bit to avoid shifts with relative_pid At a number of places, bitmasks are used for process affinity and to map listeners to processes. Every time 1UL<<(relative_pid-1) is used. Let's create a "pid_bit" variable corresponding to this value to clean this up.
2017-11-10 13:08:14 -05:00
extern unsigned long pid_bit; /* bit corresponding to the process id */
MINOR: config: keep an all_proc_mask like we have all_threads_mask This simplifies some mask comparisons at various places where nbits(global.nbproc) was used.
2019-02-02 11:11:28 -05:00
extern unsigned long all_proc_mask; /* mask of all processes */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
extern int actconn; /* # of active sessions */
[MINOR] support a global jobs counter This counter is incremented for each incoming connection and each active listener, and is used to prevent haproxy from stopping upon SIGUSR1. It will thus be possible for some tasks in increment this counter in order to prevent haproxy from dying until they have completed their job.
2010-08-31 09:39:26 -04:00
extern int listeners;
MINOR: listeners: make listeners count consistent with reality Some places call delete_listener() then decrement the number of listeners and jobs. At least one other place calls delete_listener() without doing so, but since it's in deinit(), it's harmless and cannot risk to cause zombie processes to survive. Given that the number of listeners and jobs is incremented when creating the listeners, it's much more logical to symmetrically decrement them when deleting such listeners.
2017-09-15 02:18:11 -04:00
extern int jobs; /* # of active jobs (listeners, sessions, open devices) */
MEDIUM: jobs: support unstoppable jobs for soft stop This patch allows a process to properly quit when some jobs are still active, this feature is handled by the unstoppable_jobs variable, which must be atomically incremented. During each new iteration of run_poll_loop() the break condition of the loop is now (jobs - unstoppable_jobs) == 0. The unique usage of this at the moment is to handle the socketpair CLI of a the worker during the stopping of the process. During the soft stop, we could mark the CLI listener as an unstoppable job and still handle new connections till every other jobs are stopped.
2018-11-16 10:57:20 -05:00
extern int unstoppable_jobs; /* # of active jobs that can't be stopped during a soft stop */
MINOR: stats: report the number of active peers in "show info" Peers are the last type of activity which can maintain a job present, so it's important to report that such an entity is still active to explain why the job count may be higher than zero. Here by "ActivePeers" we report peers sessions, which include both established connections and outgoing connection attempts.
2018-11-05 10:31:22 -05:00
extern int active_peers; /* # of active peers (connection attempts and successes) */
MINOR: stats: report the number of currently connected peers The active peers output indicates both the number of established peers connections and the number of peers connection attempts. The new counter "ConnectedPeers" also indicates the number of currently connected peers. This helps detect that some peers cannot be reached for example. It's worth mentioning that this value changes over time because unused peers are often disconnected and reconnected. Most of the time it should be equal to ActivePeers.
2018-11-05 11:12:27 -05:00
extern int connected_peers; /* # of really connected peers */
MAJOR: chunks: replace struct chunk with struct buffer Now all the code used to manipulate chunks uses a struct buffer instead. The functions are still called "chunk*", and some of them will progressively move to the generic buffer handling code as they are cleaned up.
2018-07-13 05:56:34 -04:00
extern THREAD_LOCAL struct buffer trash;
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
extern int nb_oldpids; /* contains the number of old pids found */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
extern const int zero;
extern const int one;
[MINOR] add the "nolinger" option to disable data lingering The following patch will give the ability to tweak socket linger mode. You can use this option with "option nolinger" inside fronted or backend configuration declaration. This will help in environments where lots of FIN_WAIT sockets are encountered.
2007-10-11 14:48:58 -04:00
extern const struct linger nolinger;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
extern int stopping; /* non zero means stopping in progress */
BUG/MINOR: deinit/threads: make hard-stop-after perform a clean exit As reported in GH issue #99, when hard-stop-after triggers and threads are in use, the chance that any thread releases the resources in use by the other ones is non-null. Thus no thread should be allowed to deinit() nor exit by itself. Here we take a different approach. We simply use a 3rd possible value for the "killed" variable so that all threads know they must break out of the run-poll-loop and immediately stop. This patch was tested by commenting the stream_shutdown() calls in hard_stop() to increase the chances to see a stream use released resources. With this fix applied, it never crashes anymore. This fix should be backported to 1.9 and 1.8.
2019-06-02 05:11:29 -04:00
extern int killed; /* >0 means a hard-stop is triggered, >1 means hard-stop immediately */
[MINOR] export the hostname variable so that all the code can access it The hostname variable will be used later, export it.
2009-08-16 04:08:02 -04:00
extern char hostname[MAX_HOSTNAME_LEN];
[MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management Add cmdline option -L to configure local peer name
2010-09-23 12:30:22 -04:00
extern char localpeer[MAX_HOSTNAME_LEN];
MINOR: config: add minimum support for emitting warnings only once This is useful to explain to users what to do during a migration.
2014-04-28 16:27:06 -04:00
extern unsigned int warned; /* bitfield of a few warnings to emit just once */
MINOR: pollers: Add a way to wake a thread sleeping in the poller. Add a new pipe, one per thread, so that we can write on it to wake a thread sleeping in a poller, and use it to wake threads supposed to take care of a task, if they are all sleeping.
2018-07-26 11:55:11 -04:00
extern volatile unsigned long sleeping_thread_mask;
MEDIUM: mworker: add proc_list in global.h Add the process list in types/global.h so it could be accessed from anywhere.
2018-10-26 08:47:34 -04:00
extern struct list proc_list; /* list of process in mworker mode */
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
extern struct mworker_proc *proc_self; /* process structure of current process */
REORG: mworker: declare master variable in global.h This variable is used at several places, better declare it in global.h.
2018-11-27 06:02:38 -05:00
extern int master; /* 1 if in master, 0 otherwise */
MINOR: global: keep a copy of the initial rlim_fd_cur and rlim_fd_max values Let's keep a copy of these initial values. They will be useful to compute automatic maxconn, as well as to restore proper limits when doing an execve() on external checks.
2019-03-01 04:09:28 -05:00
extern unsigned int rlim_fd_cur_at_boot;
extern unsigned int rlim_fd_max_at_boot;
REORG: mworker: move signal handlers and related functions Move the following functions to mworker.c: void mworker_catch_sighup(struct sig_handler *sh); void mworker_catch_sigterm(struct sig_handler *sh); void mworker_catch_sigchld(struct sig_handler *sh); static void mworker_kill(int sig); int current_child(int pid);
2019-04-01 05:29:56 -04:00
extern int atexit_flag;
MINOR: init/threads: make the global threads an array of structs This way we'll be able to store more per-thread information than just the pthread pointer. The storage became an array of struct instead of an allocated array since it's very small (typically 512 bytes) and not worth the hassle of dealing with memory allocation on this. The array was also renamed thread_info to make its intended usage more explicit.
2019-05-03 04:16:39 -04:00
MINOR: config: add minimum support for emitting warnings only once This is useful to explain to users what to do during a migration.
2014-04-28 16:27:06 -04:00
/* bit values to go with "warned" above */
MEDIUM: Make 'block' directive fatal It was deprecated with HAProxy 1.5. Time to remove it.
2019-05-14 14:57:57 -04:00
/* unassigned : 0x00000001 (previously: WARN_BLOCK_DEPRECATED) */
MAJOR: config: remove the deprecated reqsetbe / reqisetbe actions These ones were already obsoleted in 1.4, marked for removal in 1.5, and not documented anymore. They used to emit warnings, and do still require quite some code to stay in place. Let's remove them now.
2015-05-26 06:18:29 -04:00
/* unassigned : 0x00000002 */
MEDIUM: Make 'redispatch' directive fatal It was deprecated with HAProxy 1.5. Time to remove it.
2019-05-14 14:57:58 -04:00
/* unassigned : 0x00000004 (previously: WARN_REDISPATCH_DEPRECATED) */
MEDIUM: Make '(cli|con|srv)timeout' directive fatal They were deprecated with HAProxy 1.5. Time to remove them.
2019-05-14 14:57:59 -04:00
/* unassigned : 0x00000008 (previously: WARN_CLITO_DEPRECATED) */
/* unassigned : 0x00000010 (previously: WARN_SRVTO_DEPRECATED) */
/* unassigned : 0x00000020 (previously: WARN_CONTO_DEPRECATED) */
MEDIUM: Make 'option forceclose' actually warn It is deprecated since 315b39c3914f4c2301ce19a93564566caa2ede50 (1.9-dev), but only was deprecated in the docs. Make it warn when being used and remove it from the docs.
2019-05-14 14:58:00 -04:00
#define WARN_FORCECLOSE_DEPRECATED 0x00000040
MINOR: config: add minimum support for emitting warnings only once This is useful to explain to users what to do during a migration.
2014-04-28 16:27:06 -04:00
MEDIUM: config: deprecate the antique req* and rsp* commands These commands don't follow the same flow as the rest of the commands, each of them iterates over all header lines before switching to the next directive. In addition they make no distinction between start line and headers and can lead to unparsable rewrites which are very difficult to deal with internally. Most of them are still occasionally found in configurations, mainly because of the usual "we've always done this way". By marking them deprecated and emitting a warning and recommendation on first use of each of them, we will raise users' awareness of users regarding the cleaner, faster and more reliable alternatives. Some use cases of "reqrep" still appear from time to time for URL rewriting that is not so convenient with other rules. But at least users facing this requirement will explain their use case so that we can best serve them. Some discussion started on this subject in a thread linked to from github issue #100. The goal is to remove them in 2.1 since they require to reparse the result before indexing it and we don't want this hack to live long. The following directives were marked deprecated : -reqadd -reqallow -reqdel -reqdeny -reqiallow -reqidel -reqideny -reqipass -reqirep -reqitarpit -reqpass -reqrep -reqtarpit -rspadd -rspdel -rspdeny -rspidel -rspideny -rspirep -rsprep
2019-05-22 14:34:35 -04:00
MINOR: config: add minimum support for emitting warnings only once This is useful to explain to users what to do during a migration.
2014-04-28 16:27:06 -04:00
/* to be used with warned and WARN_* */
static inline int already_warned(unsigned int warning)
{
if (warned & warning)
return 1;
warned |= warning;
return 0;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: global: add proc_mask() and thread_mask() These two functions return either all_{proc,threads}_mask, or the argument. This is used to default to all_proc_mask or all_threads_mask when not set on bind_conf or proxies.
2019-02-02 11:22:19 -05:00
/* returns a mask if set, otherwise all_proc_mask */
static inline unsigned long proc_mask(unsigned long mask)
{
return mask ? mask : all_proc_mask;
}
/* returns a mask if set, otherwise all_threads_mask */
static inline unsigned long thread_mask(unsigned long mask)
{
return mask ? mask : all_threads_mask;
}
REORG: mworker: move signal handlers and related functions Move the following functions to mworker.c: void mworker_catch_sighup(struct sig_handler *sh); void mworker_catch_sigterm(struct sig_handler *sh); void mworker_catch_sigchld(struct sig_handler *sh); static void mworker_kill(int sig); int current_child(int pid);
2019-04-01 05:29:56 -04:00
int tell_old_pids(int sig);
int delete_oldpid(int pid);
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
void deinit(void);
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
void hap_register_build_opts(const char *str, int must_free);
MINOR: haproxy: add a registration for post-check functions There's a significant amount of late initialization calls which are performed after the point where we exit in check mode. These calls are used to allocate resource and perform certain slow operations. Let's have a way to register some functions which need to be called there instead of having this multitude of #ifdef in the init path.
2016-12-21 13:57:00 -05:00
void hap_register_post_check(int (*fct)());
MINOR: config: Support per-proxy and per-server post-check functions callbacks Most of times, when a keyword is added in proxy section or on the server line, we need to have a post-parser callback to check the config validity for the proxy or the server which uses this keyword. It is possible to register a global post-parser callback. But all these callbacks need to loop on the proxies and servers to do their job. It is neither handy nor efficient. Instead, it is now possible to register per-proxy and per-server post-check callbacks.
2019-08-12 03:51:07 -04:00
void hap_register_post_proxy_check(int (*fct)(struct proxy *));
void hap_register_post_server_check(int (*fct)(struct server *));
MINOR: haproxy: add a registration for post-deinit functions The 3 device detection engines stop at the same place in deinit() with the usual #ifdefs. Similar to the other functions we can have some late deinitialization functions. These functions do not return anything however so we have to use a different type.
2016-12-21 14:46:26 -05:00
void hap_register_post_deinit(void (*fct)());
MINOR: config: Support per-proxy and per-server deinit functions callbacks Most of times, when any allocation is done during configuration parsing because of a new keyword in proxy section or on the server line, we must add a call in the deinit() function to release allocated ressources. It is now possible to register a post-deinit callback because, at this stage, the proxies and the servers are already releases. Now, it is possible to register deinit callbacks per-proxy or per-server. These callbacks will be called for each proxy and server before releasing them.
2019-07-31 02:44:12 -04:00
void hap_register_proxy_deinit(void (*fct)(struct proxy *));
void hap_register_server_deinit(void (*fct)(struct server *));
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
void hap_register_per_thread_alloc(int (*fct)());
MINOR: threads: Add mechanism to register per-thread init/deinit functions hap_register_per_thread_init and hap_register_per_thread_deinit functions has been added to register functions to do, for each thread, respectively, some initialization and deinitialization. These functions are added in the global lists per_thread_init_list and per_thread_deinit_list. These functions are called only when HAProxy is started with more than 1 thread (global.nbthread > 1).
2017-07-25 10:52:58 -04:00
void hap_register_per_thread_init(int (*fct)());
void hap_register_per_thread_deinit(void (*fct)());
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
void hap_register_per_thread_free(int (*fct)());
MINOR: threads: Add mechanism to register per-thread init/deinit functions hap_register_per_thread_init and hap_register_per_thread_deinit functions has been added to register functions to do, for each thread, respectively, some initialization and deinitialization. These functions are added in the global lists per_thread_init_list and per_thread_deinit_list. These functions are called only when HAProxy is started with more than 1 thread (global.nbthread > 1).
2017-07-25 10:52:58 -04:00
MINOR: cli: add mworker_accept_wrapper to 'show fd' In the output of 'show fd', the worker CLI's socketpair was still handled by an "unknown" function. That can be really confusing during debug. Fixed it by showing "mworker_accept_wrapper" instead.
2018-11-20 11:36:51 -05:00
void mworker_accept_wrapper(int fd);
MINOR: cli: implements 'reload' on master CLI The reload command reload the haproxy master like it is done with a kill -USR2 on the master process.
2018-12-14 15:11:31 -05:00
void mworker_reload();
MINOR: cli: add mworker_accept_wrapper to 'show fd' In the output of 'show fd', the worker CLI's socketpair was still handled by an "unknown" function. That can be really confusing during debug. Fixed it by showing "mworker_accept_wrapper" instead.
2018-11-20 11:36:51 -05:00
MINOR: initcall: apply initcall to all register_build_opts() calls Most register_build_opts() calls use static strings. These ones were replaced with a trivial REGISTER_BUILD_OPTS() statement adding the string and its call to the STG_REGISTER section. A dedicated section could be made for this if needed, but there are very few such calls for this to be worth it. The calls made with computed strings however, like those which retrieve OpenSSL's version or zlib's version, were moved to a dedicated function to guarantee they are called late in the process. For example, the SSL call probably requires that SSL_library_init() has been called first.
2018-11-26 04:19:54 -05:00
/* simplified way to declare static build options in a file */
#define REGISTER_BUILD_OPTS(str) \
INITCALL2(STG_REGISTER, hap_register_build_opts, (str), 0)
MINOR: initcall: use initcalls for most post_{check,deinit} and per_thread* Most calls to hap_register_post_check(), hap_register_post_deinit(), hap_register_per_thread_init(), hap_register_per_thread_deinit() can be done using initcalls and will not require a constructor anymore. Let's create a set of simplified macros for this, called respectively REGISTER_POST_CHECK, REGISTER_POST_DEINIT, REGISTER_PER_THREAD_INIT, and REGISTER_PER_THREAD_DEINIT. Some files were not modified because they wouldn't benefit from this or because they conditionally register (e.g. the pollers).
2018-11-26 05:21:50 -05:00
/* simplified way to declare a post-check callback in a file */
#define REGISTER_POST_CHECK(fct) \
INITCALL1(STG_REGISTER, hap_register_post_check, (fct))
MINOR: config: Support per-proxy and per-server post-check functions callbacks Most of times, when a keyword is added in proxy section or on the server line, we need to have a post-parser callback to check the config validity for the proxy or the server which uses this keyword. It is possible to register a global post-parser callback. But all these callbacks need to loop on the proxies and servers to do their job. It is neither handy nor efficient. Instead, it is now possible to register per-proxy and per-server post-check callbacks.
2019-08-12 03:51:07 -04:00
/* simplified way to declare a post-proxy-check callback in a file */
#define REGISTER_POST_PROXY_CHECK(fct) \
INITCALL1(STG_REGISTER, hap_register_post_proxy_check, (fct))
/* simplified way to declare a post-server-check callback in a file */
#define REGISTER_POST_SERVER_CHECK(fct) \
INITCALL1(STG_REGISTER, hap_register_post_server_check, (fct))
MINOR: initcall: use initcalls for most post_{check,deinit} and per_thread* Most calls to hap_register_post_check(), hap_register_post_deinit(), hap_register_per_thread_init(), hap_register_per_thread_deinit() can be done using initcalls and will not require a constructor anymore. Let's create a set of simplified macros for this, called respectively REGISTER_POST_CHECK, REGISTER_POST_DEINIT, REGISTER_PER_THREAD_INIT, and REGISTER_PER_THREAD_DEINIT. Some files were not modified because they wouldn't benefit from this or because they conditionally register (e.g. the pollers).
2018-11-26 05:21:50 -05:00
/* simplified way to declare a post-deinit callback in a file */
#define REGISTER_POST_DEINIT(fct) \
INITCALL1(STG_REGISTER, hap_register_post_deinit, (fct))
MINOR: config: Support per-proxy and per-server deinit functions callbacks Most of times, when any allocation is done during configuration parsing because of a new keyword in proxy section or on the server line, we must add a call in the deinit() function to release allocated ressources. It is now possible to register a post-deinit callback because, at this stage, the proxies and the servers are already releases. Now, it is possible to register deinit callbacks per-proxy or per-server. These callbacks will be called for each proxy and server before releasing them.
2019-07-31 02:44:12 -04:00
/* simplified way to declare a proxy-deinit callback in a file */
#define REGISTER_PROXY_DEINIT(fct) \
INITCALL1(STG_REGISTER, hap_register_proxy_deinit, (fct))
/* simplified way to declare a proxy-deinit callback in a file */
#define REGISTER_SERVER_DEINIT(fct) \
INITCALL1(STG_REGISTER, hap_register_server_deinit, (fct))
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
/* simplified way to declare a per-thread allocation callback in a file */
#define REGISTER_PER_THREAD_ALLOC(fct) \
INITCALL1(STG_REGISTER, hap_register_per_thread_alloc, (fct))
MINOR: initcall: use initcalls for most post_{check,deinit} and per_thread* Most calls to hap_register_post_check(), hap_register_post_deinit(), hap_register_per_thread_init(), hap_register_per_thread_deinit() can be done using initcalls and will not require a constructor anymore. Let's create a set of simplified macros for this, called respectively REGISTER_POST_CHECK, REGISTER_POST_DEINIT, REGISTER_PER_THREAD_INIT, and REGISTER_PER_THREAD_DEINIT. Some files were not modified because they wouldn't benefit from this or because they conditionally register (e.g. the pollers).
2018-11-26 05:21:50 -05:00
/* simplified way to declare a per-thread init callback in a file */
#define REGISTER_PER_THREAD_INIT(fct) \
INITCALL1(STG_REGISTER, hap_register_per_thread_init, (fct))
/* simplified way to declare a per-thread deinit callback in a file */
#define REGISTER_PER_THREAD_DEINIT(fct) \
INITCALL1(STG_REGISTER, hap_register_per_thread_deinit, (fct))
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
/* simplified way to declare a per-thread free callback in a file */
#define REGISTER_PER_THREAD_FREE(fct) \
INITCALL1(STG_REGISTER, hap_register_per_thread_free, (fct))
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif /* _TYPES_GLOBAL_H */
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/
Reference in a new issue Copy permalink