upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-20 00:10:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 14
haproxy/src/haproxy.c

3714 lines
105 KiB
C
Raw Normal View History

[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* HA-Proxy : High Availability-enabled HTTP/TCP proxy
[RELEASE] Released version 2.2-dev1 Released version 2.2-dev1 with the following main changes : - DOC: this is development again - MINOR: version: this is development again, update the status - SCRIPTS: update create-release to fix the changelog on new branches - CLEANUP: ssl: Clean up error handling - BUG/MINOR: contrib/prometheus-exporter: decode parameter and value only - BUG/MINOR: h1: Don't test the host header during response parsing - BUILD/MINOR: trace: fix use of long type in a few printf format strings - DOC: Clarify behavior of server maxconn in HTTP mode - MINOR: ssl: deduplicate ca-file - MINOR: ssl: compute ca-list from deduplicate ca-file - MINOR: ssl: deduplicate crl-file - CLEANUP: dns: resolution can never be null - BUG/MINOR: http-htx: Don't make http_find_header() fail if the value is empty - DOC: ssl/cli: set/commit/abort ssl cert - BUG/MINOR: ssl: fix SSL_CTX_set1_chain compatibility for openssl < 1.0.2 - BUG/MINOR: fcgi-app: Make the directive pass-header case insensitive - BUG/MINOR: stats: Fix HTML output for the frontends heading - BUG/MINOR: ssl: fix X509 compatibility for openssl < 1.1.0 - DOC: clarify matching strings on binary fetches - DOC: Fix ordered list in summary - DOC: move the "group" keyword at the right place - MEDIUM: init: prevent process and thread creation at runtime - BUG/MINOR: ssl/cli: 'ssl cert' cmd only usable w/ admin rights - BUG/MEDIUM: stream-int: don't subscribed for recv when we're trying to flush data - BUG/MINOR: stream-int: avoid calling rcv_buf() when splicing is still possible - BUG/MINOR: ssl/cli: don't overwrite the filters variable - BUG/MEDIUM: listener/thread: fix a race when pausing a listener - BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1 - BUG/MEDIUM: mux-h1: Never reuse H1 connection if a shutw is pending - BUG/MINOR: mux-h1: Don't rely on CO_FL_SOCK_RD_SH to set H1C_F_CS_SHUTDOWN - BUG/MINOR: mux-h1: Fix conditions to know whether or not we may receive data - BUG/MEDIUM: tasks: Make sure we switch wait queues in task_set_affinity(). - BUG/MEDIUM: checks: Make sure we set the task affinity just before connecting. - MINOR: debug: replace popen() with pipe+fork() in "debug dev exec" - MEDIUM: init: set NO_NEW_PRIVS by default when supported - BUG/MINOR: mux-h1: Be sure to set CS_FL_WANT_ROOM when EOM can't be added - BUG/MEDIUM: mux-fcgi: Handle cases where the HTX EOM block cannot be inserted - BUG/MINOR: proxy: make soft_stop() also close FDs in LI_PAUSED state - BUG/MINOR: listener/threads: always use atomic ops to clear the FD events - BUG/MINOR: listener: also clear the error flag on a paused listener - BUG/MEDIUM: listener/threads: fix a remaining race in the listener's accept() - MINOR: listener: make the wait paths cleaner and more reliable - MINOR: listener: split dequeue_all_listener() in two - REORG: listener: move the global listener queue code to listener.c - DOC: document the listener state transitions - BUG/MEDIUM: kqueue: Make sure we report read events even when no data. - BUG/MAJOR: dns: add minimalist error processing on the Rx path - BUG/MEDIUM: proto_udp/threads: recv() and send() must not be exclusive. - DOC: listeners: add a few missing transitions - BUG/MINOR: tasks: only requeue a task if it was already in the queue - MINOR: tasks: split wake_expired_tasks() in two parts to avoid useless wakeups - DOC: proxies: HAProxy only supports 3 connection modes - DOC: remove references to the outdated architecture.txt - BUG/MINOR: log: fix minor resource leaks on logformat error path - BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers - BUG/MINOR: listener: do not immediately resume on transient error - BUG/MINOR: server: make "agent-addr" work on default-server line - BUG/MINOR: listener: fix off-by-one in state name check - BUILD/MINOR: unix sockets: silence an absurd gcc warning about strncpy() - MEDIUM: h1-htx: Add HTX EOM block when the message is in H1_MSG_DONE state - MINOR: http-htx: Add some htx sample fetches for debugging purpose - REGTEST: Add an HTX reg-test to check an edge case - DOC: clarify the fact that replace-uri works on a full URI - BUG/MINOR: sample: fix the closing bracket and LF in the debug converter - BUG/MINOR: sample: always check converters' arguments - MINOR: sample: Validate the number of bits for the sha2 converter - BUG/MEDIUM: ssl: Don't set the max early data we can receive too early. - MINOR: ssl/cli: 'show ssl cert' give information on the certificates - BUG/MINOR: ssl/cli: fix build for openssl < 1.0.2 - MINOR: debug: support logging to various sinks - MINOR: http: add a new "replace-path" action - REGTEST: ssl: test the "set ssl cert" CLI command - REGTEST: run-regtests: implement #REQUIRE_BINARIES - MINOR: task: only check TASK_WOKEN_ANY to decide to requeue a task - BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing - BUG/MEDIUM: ssl: Revamp the way early data are handled. - MINOR: fd/threads: make _GET_NEXT()/_GET_PREV() use the volatile attribute - BUG/MEDIUM: fd/threads: fix a concurrency issue between add and rm on the same fd - REGTEST: make the "set ssl cert" require version 2.1 - BUG/MINOR: ssl: openssl-compat: Fix getm_ defines - BUG/MEDIUM: state-file: do not allocate a full buffer for each server entry - BUG/MINOR: state-file: do not store duplicates in the global tree - BUG/MINOR: state-file: do not leak memory on parse errors - BUG/MAJOR: mux-h1: Don't pretend the input channel's buffer is full if empty - BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream - BUILD: ssl: improve SSL_CTX_set_ecdh_auto compatibility - BUILD: travis-ci: link with ssl libraries using rpath instead of LD_LIBRARY_PATH/DYLD_LIBRARY_PATH - BUILD: travis-ci: reenable address sanitizer for clang builds - BUG/MINOR: checks: refine which errno values are really errors. - BUG/MINOR: connection: only wake send/recv callbacks if the FD is active - CLEANUP: connection: conn->xprt is never NULL - MINOR: pollers: add a new flag to indicate pollers reporting ERR & HUP - MEDIUM: tcp: make tcp_connect_probe() consider ERR/HUP - REORG: connection: move tcp_connect_probe() to conn_fd_check() - MINOR: connection: check for connection validation earlier - MINOR: connection: remove the double test on xprt_done_cb() - CLEANUP: connection: merge CO_FL_NOTIFY_DATA and CO_FL_NOTIFY_DONE - MINOR: poller: do not call the IO handler if the FD is not active - OPTIM: epoll: always poll for recv if neither active nor ready - OPTIM: polling: do not create update entries for FD removal - BUG/MEDIUM: checks: Only attempt to do handshakes if the connection is ready. - BUG/MEDIUM: connections: Hold the lock when wanting to kill a connection. - BUILD: CI: modernize cirrus-ci - MINOR: config: disable busy polling on old processes - MINOR: ssl: Remove unused variable "need_out". - BUG/MINOR: h1: Report the right error position when a header value is invalid - BUG/MINOR: proxy: Fix input data copy when an error is captured - BUG/MEDIUM: http-ana: Truncate the response when a redirect rule is applied - BUG/MINOR: channel: inject output data at the end of output - BUG/MEDIUM: session: do not report a failure when rejecting a session - MEDIUM: dns: implement synchronous send - MINOR: raw_sock: make sure to disable polling once everything is sent - MINOR: http: Add 410 to http-request deny - MINOR: http: Add 404 to http-request deny - CLEANUP: mux-h2: remove unused goto "out_free_h2s" - BUILD: cirrus-ci: choose proper openssl package name - BUG/MAJOR: listener: do not schedule a task-less proxy - CLEANUP: server: remove unused err section in server_finalize_init - REGTEST: set_ssl_cert.vtc: replace "echo" with "printf" - BUG/MINOR: stream-int: Don't trigger L7 retry if max retries is already reached - BUG/MEDIUM: tasks: Use the MT macros in tasklet_free(). - BUG/MINOR: mux-h2: use a safe list_for_each_entry in h2_send() - BUG/MEDIUM: mux-h2: fix missing test on sending_list in previous patch - CLEANUP: ssl: remove opendir call in ssl_sock_load_cert - MEDIUM: lua: don't call the GC as often when dealing with outgoing connections - BUG/MEDIUM: mux-h2: don't stop sending when crossing a buffer boundary - BUG/MINOR: cli/mworker: can't start haproxy with 2 programs - REGTEST: mcli/mcli_start_progs: start 2 programs - BUG/MEDIUM: mworker: remain in mworker mode during reload - DOC: clarify crt-base usage - CLEANUP: compression: remove unused deinit_comp_ctx section - BUG/MEDIUM: mux_h1: Don't call h1_send if we subscribed(). - BUG/MEDIUM: raw_sock: Make sur the fd and conn are sync. - CLEANUP: proxy: simplify proxy_parse_rate_limit proxy checks - BUG/MAJOR: hashes: fix the signedness of the hash inputs - REGTEST: add sample_fetches/hashes.vtc to validate hashes - BUG/MEDIUM: cli: _getsocks must send the peers sockets - CLEANUP: cli: deduplicate the code in _getsocks - BUG/MINOR: stream: don't mistake match rules for store-request rules - BUG/MEDIUM: connection: add a mux flag to indicate splice usability - BUG/MINOR: pattern: handle errors from fgets when trying to load patterns - MINOR: connection: move the CO_FL_WAIT_ROOM cleanup to the reader only - MINOR: stream-int: remove dependency on CO_FL_WAIT_ROOM for rcv_buf() - MEDIUM: connection: get rid of CO_FL_CURR_* flags - BUILD: pattern: include errno.h - MEDIUM: mux-h2: do not try to stop sending streams on blocked mux - MEDIUM: mux-fcgi: do not try to stop sending streams on blocked mux - MEDIUM: mux-h2: do not make an h2s subscribe to itself on deferred shut - MEDIUM: mux-fcgi: do not make an fstrm subscribe to itself on deferred shut - REORG: stream/backend: move backend-specific stuff to backend.c - MEDIUM: backend: move the connection finalization step to back_handle_st_con() - MEDIUM: connection: merge the send_wait and recv_wait entries - MEDIUM: xprt: merge recv_wait and send_wait in xprt_handshake - MEDIUM: ssl: merge recv_wait and send_wait in ssl_sock - MEDIUM: mux-h1: merge recv_wait and send_wait - MEDIUM: mux-h2: merge recv_wait and send_wait event notifications - MEDIUM: mux-fcgi: merge recv_wait and send_wait event notifications - MINOR: connection: make the last arg of subscribe() a struct wait_event* - MINOR: ssl: Add support for returning the dn samples from ssl_(c|f)_(i|s)_dn in LDAP v3 (RFC2253) format. - DOC: Fix copy and paste mistake in http-response replace-value doc - BUG/MINOR: cache: Fix leak of cache name in error path - BUG/MINOR: dns: Make dns_query_id_seed unsigned - BUG/MINOR: 51d: Fix bug when HTX is enabled - MINOR: http-htx: Move htx sample fetches in the scope "internal" - MINOR: http-htx: Rename 'internal.htx_blk.val' to 'internal.htx_blk.data' - MINOR: http-htx: Make 'internal.htx_blk_data' return a binary string - DOC: Add a section to document the internal sample fetches - MINOR: mux-h1: Inherit send flags from the upper layer - MINOR: contrib/prometheus-exporter: Add heathcheck status/code in server metrics - BUG/MINOR: http-ana/filters: Wait end of the http_end callback for all filters - BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules - BUG/MINOR: stick-table: Use MAX_SESS_STKCTR as the max track ID during parsing - MEDIUM: http-rules: Register an action keyword for all http rules - MINOR: tcp-rules: Always set from which ruleset a rule comes from - MINOR: actions: Use ACT_RET_CONT code to ignore an error from a custom action - MINOR: tcp-rules: Kill connections when custom actions return ACT_RET_ERR - MINOR: http-rules: Return an error when custom actions return ACT_RET_ERR - MINOR: counters: Add a counter to report internal processing errors - MEDIUM: http-ana: Properly handle internal processing errors - MINOR: http-rules: Add a rule result to report internal error - MINOR: http-rules: Handle internal errors during HTTP rules evaluation - MINOR: http-rules: Add more return codes to let custom actions act as normal ones - MINOR: tcp-rules: Handle denied/aborted/invalid connections from TCP rules - MINOR: http-rules: Handle denied/aborted/invalid connections from HTTP rules - MINOR: stats: Report internal errors in the proxies/listeners/servers stats - MINOR: contrib/prometheus-exporter: Export internal errors per proxy/server - MINOR: counters: Remove failed_secu counter and use denied_resp instead - MINOR: counters: Review conditions to increment counters from analysers - MINOR: http-ana: Add a txn flag to support soft/strict message rewrites - MINOR: http-rules: Handle all message rewrites the same way - MINOR: http-rules: Add a rule to enable or disable the strict rewriting mode - MEDIUM: http-rules: Enable the strict rewriting mode by default - REGTEST: Fix format of set-uri HTTP request rule in h1or2_to_h1c.vtc - MINOR: actions: Add a function pointer to release args used by actions - MINOR: actions: Regroup some info about HTTP rules in the same struct - MINOR: http-rules/tcp-rules: Call the defined action function first if defined - MINOR: actions: Rename the act_flag enum into act_opt - MINOR: actions: Add flags to configure the action behaviour - MINOR: actions: Use an integer to set the action type - MINOR: http-rules: Use a specific action type for some custom HTTP actions - MINOR: http-rules: Make replace-header and replace-value custom actions - MINOR: http-rules: Make set-header and add-header custom actions - MINOR: http-rules: Make set/del-map and add/del-acl custom actions - MINOR: http-rules: Group all processing of early-hint rule in its case clause - MEDIUM: http-rules: Make early-hint custom actions - MINOR: http-rule/tcp-rules: Make track-sc* custom actions - MINOR: tcp-rules: Make tcp-request capture a custom action - MINOR: http-rules: Add release functions for existing HTTP actions - BUG/MINOR: http-rules: Fix memory releases on error path during action parsing - MINOR: tcp-rules: Add release functions for existing TCP actions - BUG/MINOR: tcp-rules: Fix memory releases on error path during action parsing - MINOR: http-htx: Add functions to read a raw error file and convert it in HTX - MINOR: http-htx: Add functions to create HTX redirect message - MINOR: config: Use dedicated function to parse proxy's errorfiles - MINOR: config: Use dedicated function to parse proxy's errorloc - MEDIUM: http-htx/proxy: Use a global and centralized storage for HTTP error messages - MINOR: proxy: Register keywords to parse errorfile and errorloc directives - MINOR: http-htx: Add a new section to create groups of custom HTTP errors - MEDIUM: proxy: Add a directive to reference an http-errors section in a proxy - MINOR: http-rules: Update txn flags and status when a deny rule is executed - MINOR: http-rules: Support an optional status on deny rules for http reponses - MINOR: http-rules: Use same function to parse request and response deny actions - MINOR: http-ana: Add an error message in the txn and send it when defined - MEDIUM: http-rules: Support an optional error message in http deny rules - REGTEST: Add a strict rewriting mode reg test - REGEST: Add reg tests about error files - MINOR: ssl: accept 'verify' bind option with 'set ssl cert' - BUG/MINOR: ssl: ssl_sock_load_ocsp_response_from_file memory leak - BUG/MINOR: ssl: ssl_sock_load_issuer_file_into_ckch memory leak - BUG/MINOR: ssl: ssl_sock_load_sctl_from_file memory leak - BUG/MINOR: http_htx: Fix some leaks on error path when error files are loaded - CLEANUP: http-ana: Remove useless test on txn when the error message is retrieved - BUILD: CI: introduce ARM64 builds - BUILD: ssl: more elegant anti-replay feature presence check - MINOR: proxy/http-ana: Add support of extra attributes for the cookie directive - MEDIUM: dns: use Additional records from SRV responses - CLEANUP: Consistently `unsigned int` for bitfields - CLEANUP: pattern: remove the pat_time definition - BUG/MINOR: http_act: don't check capture id in backend - BUG/MINOR: ssl: fix build on development versions of openssl-1.1.x
2020-01-22 04:34:58 -05:00
* Copyright 2000-2020 Willy Tarreau <willy@haproxy.org>.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
DOC: update RFC references A few doc and code comment updates bumping RFC references to the new ones.
2017-04-28 09:24:30 -04:00
* Please refer to RFC7230 - RFC7235 informations about HTTP protocol, and
* RFC6265 for informations about cookies usage. More generally, the IETF HTTP
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
* Working Group's web site should be consulted for protocol related changes :
*
* http://ftp.ics.uci.edu/pub/ietf/http/
*
* Pending bugs (may be not fixed because never reproduced) :
* - solaris only : sometimes, an HTTP proxy with only a dispatch address causes
* the proxy to terminate (no core) if the client breaks the connection during
* the response. Seen on 1.1.8pre4, but never reproduced. May not be related to
* the snprintf() bug since requests were simple (GET / HTTP/1.0), but may be
* related to missing setsid() (fixed in 1.1.15)
* - a proxy with an invalid config will prevent the startup even if disabled.
*
* ChangeLog has moved to the CHANGELOG file.
*
*/
CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro. In order to properly enable sched_setaffinity, in some versions of Linux, it is rather _GNU_SOURCE than __USE_GNU (spotted on Alpine Linux for instance), also for the sake of consistency as __USE_GNU seems not used across the code and for last, it seems on Linux it is the best way to enable non portable code. On Linux glibc's based versions, it seems _GNU_SOURCE defines __USE_GNU it should be safe enough.
2015-12-08 16:43:09 -05:00
#define _GNU_SOURCE
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <ctype.h>
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
#include <dirent.h>
#include <sys/stat.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/tcp.h>
#include <netinet/in.h>
#include <arpa/inet.h>
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
#include <net/if.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <netdb.h>
#include <fcntl.h>
#include <errno.h>
#include <signal.h>
#include <stdarg.h>
#include <sys/resource.h>
MINOR: version: Show uname output in display_version() This patch adds the sysname, release, version and machine fields from the uname results to the version output. It intentionally leaves out the machine name, because it is usually not useful and users might not want to expose their machine names for privacy reasons. May be backported if it is considered useful for debugging.
2020-04-18 10:02:47 -04:00
#include <sys/utsname.h>
MEDIUM: New cli option -Ds for systemd compatibility This patch adds a new option "-Ds" which is exactly like "-D", but instead of forking n times to get n jobs running and then exiting, prefers to wait for all the children it just created. With this done, haproxy becomes more systemd-compliant, without changing anything for other systems. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2013-02-12 04:53:52 -05:00
#include <sys/wait.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <time.h>
#include <syslog.h>
BUG/MEDIUM: remove supplementary groups when changing gid Without it, haproxy will retain the group membership of root, which may give more access than intended to the process. For example, haproxy would still be in the wheel group on Fedora 18, as seen with : # haproxy -f /etc/haproxy/haproxy.cfg # ps a -o pid,user,group,command | grep hapr 3545 haproxy haproxy haproxy -f /etc/haproxy/haproxy.cfg 4356 root root grep --color=auto hapr # grep Group /proc/3545/status Groups: 0 1 2 3 4 6 10 # getent group wheel wheel:x:10:root,misc [WT: The issue has been investigated by independent security research team and realized by itself not being able to allow security exploitation. Additionally, dropping groups is not allowed to unprivileged users, though this mode of deployment is quite common. Thus a warning is emitted in this case to inform the user. The fix could be backported into all supported versions as the issue has always been there. ]
2013-01-12 12:35:19 -05:00
#include <grp.h>
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
#ifdef USE_CPU_AFFINITY
#include <sched.h>
BUILD/MEDIUM: threads/affinity: DragonFly build fix DragonFlyBSD does not have a build on its own, it has always used the FreeBSD's. To be able to support the cpu affinity, it needs few more headers.
2018-11-12 11:22:19 -05:00
#if defined(__FreeBSD__) || defined(__DragonFly__)
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#include <sys/param.h>
BUILD/MEDIUM: threads/affinity: DragonFly build fix DragonFlyBSD does not have a build on its own, it has always used the FreeBSD's. To be able to support the cpu affinity, it needs few more headers.
2018-11-12 11:22:19 -05:00
#ifdef __FreeBSD__
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#include <sys/cpuset.h>
BUILD/MEDIUM: threads/affinity: DragonFly build fix DragonFlyBSD does not have a build on its own, it has always used the FreeBSD's. To be able to support the cpu affinity, it needs few more headers.
2018-11-12 11:22:19 -05:00
#endif
BUILD/MINOR: haproxy : FreeBSD/cpu affinity needs pthread_np header for pthread_*_np calls, pthread_np.h is needed under FreeBSD.
2017-11-29 06:02:32 -05:00
#include <pthread_np.h>
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#endif
BUILD/MEDIUM: threads: enable cpu_affinity on osx Enable it but on a per thread basis only using Darwin native API.
2019-09-13 00:12:58 -04:00
#ifdef __APPLE__
#include <mach/mach_types.h>
#include <mach/thread_act.h>
#include <mach/thread_policy.h>
#endif
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: init: add a "set-dumpable" global directive to enable core dumps It's always a pain to get a core dump when enabling user/group setting (which disables the dumpable flag on Linux), when using a chroot and/or when haproxy is started by a service management tool which requires complex operations to just raise the core dump limit. This patch introduces a new "set-dumpable" global directive to work around these troubles by doing the following : - remove file size limits (equivalent of ulimit -f unlimited) - remove core size limits (equivalent of ulimit -c unlimited) - mark the process dumpable again (equivalent of suid_dumpable=1) Some of these will depend on the operating system. This way it becomes much easier to retrieve a core file. Temporarily moving the chroot to a user-writable place generally enough.
2019-04-15 13:38:50 -04:00
#if defined(USE_PRCTL)
#include <sys/prctl.h>
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#ifdef DEBUG_FULL
#include <assert.h>
#endif
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
#include <systemd/sd-daemon.h>
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
BUG/MEDIUM: random: initialize the random pool a bit better Since the UUID sample fetch was created, some people noticed that in certain virtualized environments they manage to get exact same UUIDs on different instances started exactly at the same moment. It turns out that the randoms were only initialized to spread the health checks originally, not to provide "clean" randoms. This patch changes this and collects more randomness from various sources, including existing randoms, /dev/urandom when available, RAND_bytes() when OpenSSL is available, as well as the timing for such operations, then applies a SHA1 on all this to keep a 160 bits random seed available, 32 of which are passed to srandom(). It's worth mentioning that there's no clean way to pass more than 32 bits to srandom() as even initstate() provides an opaque state that must absolutely not be tampered with since known implementations contain state information. At least this allows to have up to 4 billion different sequences from the boot, which is not that bad. Note that the thread safety was still not addressed, which is another issue for another patch. This must be backported to all versions containing the UUID sample fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
#include <import/sha1.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/base64.h>
#include <common/cfgparse.h>
REORG: buffers: split buffers into chunk,buffer,channel Many parts of the channel definition still make use of the "buffer" word.
2012-08-24 13:22:53 -04:00
#include <common/chunk.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/compat.h>
#include <common/config.h>
#include <common/defaults.h>
[MINOR] move error codes to common/errors.h It's useful to be able to share error codes between C files, so move the codes currently only used in protocols to a generic file.
2007-10-28 06:14:07 -04:00
#include <common/errors.h>
MINOR: init: process all initcalls in order at boot time main() now iterates over all initcall stages at boot time. This will allow to move init code from constructors to initcalls.
2018-11-25 12:43:29 -05:00
#include <common/initcall.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/memory.h>
#include <common/mini-clist.h>
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 09:11:45 -05:00
#include <common/namespace.h>
BUG/MEDIUM: random: initialize the random pool a bit better Since the UUID sample fetch was created, some people noticed that in certain virtualized environments they manage to get exact same UUIDs on different instances started exactly at the same moment. It turns out that the randoms were only initialized to spread the health checks originally, not to provide "clean" randoms. This patch changes this and collects more randomness from various sources, including existing randoms, /dev/urandom when available, RAND_bytes() when OpenSSL is available, as well as the timing for such operations, then applies a SHA1 on all this to keep a 160 bits random seed available, 32 of which are passed to srandom(). It's worth mentioning that there's no clean way to pass more than 32 bits to srandom() as even initstate() provides an opaque state that must absolutely not be tampered with since known implementations contain state information. At least this allows to have up to 4 billion different sequences from the boot, which is not that bad. Note that the thread safety was still not addressed, which is another issue for another patch. This must be backported to all versions containing the UUID sample fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
#include <common/net_helper.h>
CLEANUP: ssl: make inclusion of openssl headers safe It's always a pain to have to stuff lots of #ifdef USE_OPENSSL around ssl headers, it even results in some of them appearing in a random order and multiple times just to benefit form an existing ifdef block. Let's make these headers safe for inclusion when USE_OPENSSL is not defined, they now perform the test themselves and do nothing if USE_OPENSSL is not defined. This allows to remove no less than 8 such ifdef blocks and make include blocks more readable.
2019-05-10 03:58:43 -04:00
#include <common/openssl-compat.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/regex.h>
#include <common/standard.h>
#include <common/time.h>
#include <common/uri_auth.h>
#include <common/version.h>
MINOR: threads: Add nbthread parameter It is only parsed and initialized for now. It will be used later. This parameter is only available when support for threads was built in.
2017-08-29 09:37:10 -04:00
#include <common/hathreads.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <types/capture.h>
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
#include <types/cli.h>
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
#include <types/filters.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <types/global.h>
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
#include <types/acl.h>
[MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate The peers and the stats socket are control sockets, they must not be limited by traffic rules.
2011-09-07 12:00:47 -04:00
#include <types/peers.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
#include <proto/acl.h>
REORG: time/activity: move activity measurements to activity.{c,h} At the moment the situation with activity measurement is quite tricky because the struct activity is defined in global.h and declared in haproxy.c, with operations made in time.h and relying on freq_ctr which are defined in freq_ctr.h which itself includes time.h. It's barely possible to touch any of these files without breaking all the circular dependency. Let's move all this stuff to activity.{c,h} and be done with it. The measurement of active and stolen time is now done in a dedicated function called just after tv_before_poll() instead of mixing the two, which used to be a lazy (but convenient) decision. No code was changed, stuff was just moved around.
2018-11-22 02:31:09 -05:00
#include <proto/activity.h>
MEDIUM: sample: pass an empty list instead of a null for fetch args ACL and sample fetches use args list and it is really not convenient to check for null args everywhere. Now for empty args we pass a constant list of end of lists. It will allow us to remove many useless checks.
2012-10-19 13:49:09 -04:00
#include <proto/arg.h>
MEDIUM: applet: implement a run queue for active appctx The new function is called for each round of polling in order to call any active appctx. For now we pick the stream interface from the appctx's owner. At the moment there's no appctx queued yet, but we have everything needed to queue them and remove them.
2015-04-19 03:59:31 -04:00
#include <proto/auth.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/backend.h>
REORG: buffers: split buffers into chunk,buffer,channel Many parts of the channel definition still make use of the "buffer" word.
2012-08-24 13:22:53 -04:00
#include <proto/channel.h>
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
#include <proto/cli.h>
MAJOR: session: detach the connections from the stream interfaces We will need to be able to switch server connections on a session and to keep idle connections. In order to achieve this, the preliminary requirement is that the connections can survive the session and be detached from them. Right now they're still allocated at exactly the same place, so when there is a session, there are always 2 connections. We could soon improve on this by allocating the outgoing connection only during a connect(). This current patch touches a lot of code and intentionally does not change any functionnality. Performance tests show no regression (even a very minor improvement). The doc has not yet been updated.
2012-10-26 14:10:28 -04:00
#include <proto/connection.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/fd.h>
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
#include <proto/filters.h>
MEDIUM: lua: lua integration in the build and init system. This is the first step of the lua integration. We add the useful files in the HAProxy project. These files contains the main includes, the Makefile options and empty initialisation function. Is is the LUA skeleton.
2015-01-23 08:06:13 -05:00
#include <proto/hlua.h>
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
#include <proto/http_rules.h>
REORG: split "protocols" files into protocol and listener It was becoming confusing to have protocols and listeners in the same files, split them.
2012-09-12 16:58:11 -04:00
#include <proto/listener.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/log.h>
REORG: mworker: move serializing functions to mworker.c Move the 2 following functions to mworker.c: void mworker_proc_list_to_env() void mworker_env_to_proc_list()
2019-04-01 05:29:53 -04:00
#include <proto/mworker.h>
MINOR: pattern: Each pattern is identified by unique id. The pattern reference are stored with two identifiers: the unique_id and the reference. The reference identify a file. Each file with the same name point to the same reference. We can register many times one file. If the file is modified, all his dependencies are also modified. The reference can be used with map or acl. The unique_id identify inline acl. The unique id is unique for each acl. You cannot force the same id in the configuration file, because this repport an error. The format of the acl and map listing through the "socket" has changed for displaying these new ids.
2014-03-11 09:29:22 -04:00
#include <proto/pattern.h>
REORG: split "protocols" files into protocol and listener It was becoming confusing to have protocols and listeners in the same files, split them.
2012-09-12 16:58:11 -04:00
#include <proto/protocol.h>
REORG: proto_htx: Move HTX analyzers & co to http_ana.{c,h} files The old module proto_http does not exist anymore. All code dedicated to the HTTP analysis is now grouped in the file proto_htx.c. So, to finish the polishing after removing the legacy HTTP code, proto_htx.{c,h} files have been moved in http_ana.{c,h} files. In addition, all HTX analyzers and related functions prefixed with "htx_" have been renamed to start with "http_" instead.
2019-07-16 08:54:53 -04:00
#include <proto/http_ana.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/proxy.h>
#include <proto/queue.h>
#include <proto/server.h>
MINOR: session: start to reintroduce struct session There is now a pointer to the session in the stream, which is NULL for now. The session pool is created as well. Some parts will move from the stream to the session now.
2015-04-03 07:53:24 -04:00
#include <proto/session.h>
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
#include <proto/stream.h>
[MEDIUM] call signal_process_queue from run_poll_loop Now we check for asynchronous pending signals. There's no user yet so this cannot cause any trouble.
2009-05-10 03:01:21 -04:00
#include <proto/signal.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/task.h>
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
#include <proto/dns.h>
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
#include <proto/vars.h>
MEDIUM: ssl: add basic support for OpenSSL crypto engine This patch adds the global 'ssl-engine' keyword. First arg is an engine identifier followed by a list of default_algorithms the engine will operate. If the openssl version is too old, an error is reported when the option is used.
2017-01-20 20:10:18 -05:00
#include <proto/ssl_sock.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
BUILD: re-implement an initcall variant without using executable sections The current initcall implementation relies on dedicated sections (one section per init stage) to store the initcall descriptors. Then upon startup, these sections are scanned from beginning to end and all items found there are called in sequence. On platforms like AIX or Cygwin it seems difficult to figure the beginning and end of sections as the linker doesn't seem to provide the corresponding symbols. In order to replace this, this patch simply implements an array of single linked (one per init stage) which are fed using constructors for each register call. These constructors are declared static, with a name depending on their line number in the file, in order to avoid name clashes. The final effect is the same, except that the method is slightly more expensive in that it explicitly produces code to register these initcalls : $ size haproxy.sections haproxy.constructor text data bss dec hex filename 4060312 249176 1457652 5767140 57ffe4 haproxy.sections 4062862 260408 1457652 5780922 5835ba haproxy.constructor This mechanism is enabled as an alternative to the default one when build option USE_OBSOLETE_LINKER is set. This option is currently enabled by default only on AIX and Cygwin, and may be attempted for any target which fails to build complaining about missing symbols __start_init_* and/or __stop_init_*. Once confirmed as a reliable fix, this will likely have to be backported to 1.9 where AIX and Cygwin do not build anymore.
2019-03-29 16:30:17 -04:00
/* array of init calls for older platforms */
DECLARE_INIT_STAGES;
[MEDIUM] config: remove the limitation of 10 config files Now we use a linked list, there is no limit anymore.
2010-01-03 15:12:30 -05:00
/* list of config files */
static struct list cfg_cfgfiles = LIST_HEAD_INIT(cfg_cfgfiles);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
int pid; /* current process id */
[BUG] relative_pid was not initialized
2007-11-26 10:13:36 -05:00
int relative_pid = 1; /* process id starting at 1 */
CLEANUP: global: introduce variable pid_bit to avoid shifts with relative_pid At a number of places, bitmasks are used for process affinity and to map listeners to processes. Every time 1UL<<(relative_pid-1) is used. Let's create a "pid_bit" variable corresponding to this value to clean this up.
2017-11-10 13:08:14 -05:00
unsigned long pid_bit = 1; /* bit corresponding to the process id */
MINOR: config: keep an all_proc_mask like we have all_threads_mask This simplifies some mask comparisons at various places where nbits(global.nbproc) was used.
2019-02-02 11:11:28 -05:00
unsigned long all_proc_mask = 1; /* mask of all processes */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
BUG/MINOR: haproxy: always initialize sleeping_thread_mask Surprizingly the variable was never initialized, though on most platforms it's zeroed at boot, and it is relatively harmless anyway since in the worst case the bits are updated around poll(). This was introduced by commit 79321b95a85 and needs to be backported as far as 1.9.
2020-03-12 12:24:53 -04:00
volatile unsigned long sleeping_thread_mask = 0; /* Threads that are about to sleep in poll() */
BUG/MINOR: haproxy/threads: try to make all threads leave together There's a small issue with soft stop combined with the incoming connection load balancing. A thread may dispatch a connection to another one at the moment stopping=1 is set, and the second one could stop by seeing (jobs - unstoppable_jobs) == 0 in run_poll_loop(), without ever picking these connections from the queue. This is visible in that it may occasionally cause a connection drop on reload since no remaining thread will ever pick that connection anymore. In order to address this, this patch adds a stopping_thread_mask variable by which threads acknowledge their willingness to stop when their runqueue is empty. And all threads will only stop at this moment, so that if finally some late work arrives in the thread's queue, it still has a chance to process it. This should be backported to 2.1 and 2.0.
2020-03-12 12:28:01 -04:00
volatile unsigned long stopping_thread_mask = 0; /* Threads acknowledged stopping */
BUG/MINOR: haproxy: always initialize sleeping_thread_mask Surprizingly the variable was never initialized, though on most platforms it's zeroed at boot, and it is relatively harmless anyway since in the worst case the bits are updated around poll(). This was introduced by commit 79321b95a85 and needs to be backported as far as 1.9.
2020-03-12 12:24:53 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* global options */
struct global global = {
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
.hard_stop_after = TICK_ETERNITY,
MINOR: global: don't prevent nbproc from being redefined Having nbproc preinitialized to zero is really annoying as it prevents some checks from being correctly performed. Also the check to prevent nbproc from being redefined is totally useless, so let's preset it to 1 and remove the test.
2012-11-15 11:38:15 -05:00
.nbproc = 1,
MAJOR: threads: enable one thread per CPU by default Threads have long matured by now, still for most users their usage is not trivial. It's about time to enable them by default on platforms where we know the number of CPUs bound. This patch does this, it counts the number of CPUs the process is bound to upon startup, and enables as many threads by default. Of course, "nbthread" still overrides this, but if it's not set the default behaviour is to start one thread per CPU. The default number of threads is reported in "haproxy -vv". Simply using "taskset -c" is now enough to adjust this number of threads so that there is no more need for playing with cpu-map. And thanks to the previous patches on the listener, the vast majority of configurations will not need to duplicate "bind" lines with the "process x/y" statement anymore either, so a simple config will automatically adapt to the number of processors available.
2019-01-26 08:27:06 -05:00
.nbthread = 0,
MEDIUM: log: New format-log flags: %Fi %Fp %Si %Sp %Ts %rt %H %pid %Fi: Frontend IP %Fp: Frontend Port %Si: Server IP %Sp: Server Port %Ts: Timestamp %rt: HTTP request counter %H: hostname %pid: PID +X: Hexadecimal represenation The +X mode in logformat displays hexadecimal for the following flags %Ci %Cp %Fi %Fp %Bi %Bp %Si %Sp %Ts %ct %pid rename logformat_write_string() to lf_text() Optimize size computation
2012-04-05 12:02:55 -04:00
.req_count = 0,
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
.logsrvs = LIST_HEAD_INIT(global.logsrvs),
MEDIUM: compression: limit RAM usage With the global maxzlibmem option, you are able ton control the maximum amount of RAM usable for HTTP compression. A test is done before each zlib allocation, if the there isn't available memory, the test fail and so the zlib initialization, so data won't be compressed.
2012-11-07 10:12:57 -05:00
.maxzlibmem = 0,
MINOR: compression: maximum compression rate limit This patch adds input and output rate calcutation on the HTTP compresion feature. Compression can be limited with a maximum rate value in kilobytes per second. The rate is set with the global 'maxcomprate' option. You can change this value dynamicaly with 'set rate-limit http-compression global' on the UNIX socket.
2012-11-09 11:05:39 -05:00
.comp_rate_lim = 0,
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
.ssl_server_verify = SSL_SERVER_VERIFY_REQUIRED,
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
.unix_bind = {
.ux = {
.uid = -1,
.gid = -1,
.mode = 0,
}
},
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
.tune = {
MINOR: config: add global tune.listener.multi-queue setting tune.listener.multi-queue { on | off } Enables ('on') or disables ('off') the listener's multi-queue accept which spreads the incoming traffic to all threads a "bind" line is allowed to run on instead of taking them for itself. This provides a smoother traffic distribution and scales much better, especially in environments where threads may be unevenly loaded due to external activity (network interrupts colliding with one thread for example). This option is enabled by default, but it may be forcefully disabled for troubleshooting or for situations where it is estimated that the operating system already provides a good enough distribution and connections are extremely short-lived.
2019-02-27 06:02:18 -05:00
.options = GTUNE_LISTENER_MQ,
MINOR: config: round up global.tune.bufsize to the next multiple of 2 void* Since HTX casts the buffer to a struct and stores relative pointers at the end, it is mandatory that its end is properly aligned. This patch enforces a buffer size rounding up to the next multiple of two void*, thus 8 on 32-bit and 16 on 64-bit, to match what malloc() already does on the beginning of the buffer. In pratice it will never be really noticeable since default sizes already are such multiples.
2018-12-12 00:19:42 -05:00
.bufsize = (BUFSIZE + 2*sizeof(void *) - 1) & -(2*sizeof(void *)),
MINOR: global: Set default tune.maxrewrite value during global structure init When the global structure is initialized, instead of setting tune.maxrewrite to -1, its default value can be immediately set. This way, it is always defined during the configuration validity check. Otherwise, the only way to have it at this stage, it is to explicity set it in the global section.
2020-01-22 08:31:21 -05:00
.maxrewrite = MAXREWRITE,
MINOR: config: round up global.tune.bufsize to the next multiple of 2 void* Since HTX casts the buffer to a struct and stores relative pointers at the end, it is mandatory that its end is properly aligned. This patch enforces a buffer size rounding up to the next multiple of two void*, thus 8 on 32-bit and 16 on 64-bit, to match what malloc() already does on the beginning of the buffer. In pratice it will never be really noticeable since default sizes already are such multiples.
2018-12-12 00:19:42 -05:00
.chksize = (BUFSIZE + 2*sizeof(void *) - 1) & -(2*sizeof(void *)),
MAJOR: session: only wake up as many sessions as available buffers permit We've already experimented with three wake up algorithms when releasing buffers : the first naive one used to wake up far too many sessions, causing many of them not to get any buffer. The second approach which was still in use prior to this patch consisted in waking up either 1 or 2 sessions depending on the number of FDs we had released. And this was still inaccurate. The third one tried to cover the accuracy issues of the second and took into consideration the number of FDs the sessions would be willing to use, but most of the time we ended up waking up too many of them for nothing, or deadlocking by lack of buffers. This patch completely removes the need to allocate two buffers at once. Instead it splits allocations into critical and non-critical ones and implements a reserve in the pool for this. The deadlock situation happens when all buffers are be allocated for requests pending in a maxconn-limited server queue, because then there's no more way to allocate buffers for responses, and these responses are critical to release the servers's connection in order to release the pending requests. In fact maxconn on a server creates a dependence between sessions and particularly between oldest session's responses and latest session's requests. Thus, it is mandatory to get a free buffer for a response in order to release a server connection which will permit to release a request buffer. Since we definitely have non-symmetrical buffers, we need to implement this logic in the buffer allocation mechanism. What this commit does is implement a reserve of buffers which can only be allocated for responses and that will never be allocated for requests. This is made possible by the requester indicating how much margin it wants to leave after the allocation succeeds. Thus it is a cooperative allocation mechanism : the requester (process_session() in general) prefers not to get a buffer in order to respect other's need for response buffers. The session management code always knows if a buffer will be used for requests or responses, so that is not difficult : - either there's an applet on the initiator side and we really need the request buffer (since currently the applet is called in the context of the session) - or we have a connection and we really need the response buffer (in order to support building and sending an error message back) This reserve ensures that we don't take all allocatable buffers for requests waiting in a queue. The downside is that all the extra buffers are really allocated to ensure they can be allocated. But with small values it is not an issue. With this change, we don't observe any more deadlocks even when running with maxconn 1 on a server under severely constrained memory conditions. The code becomes a bit tricky, it relies on the scheduler's run queue to estimate how many sessions are already expected to run so that it doesn't wake up everyone with too few resources. A better solution would probably consist in having two queues, one for urgent requests and one for normal requests. A failed allocation for a session dealing with an error, a connection event, or the need for a response (or request when there's an applet on the left) would go to the urgent request queue, while other requests would go to the other queue. Urgent requests would be served from 1 entry in the pool, while the regular ones would be served only according to the reserve. Despite not yet having this, it works remarkably well. This mechanism is quite efficient, we don't perform too many wake up calls anymore. For 1 million sessions elapsed during massive memory contention, we observe about 4.5M calls to process_session() compared to 4.0M without memory constraints. Previously we used to observe up to 16M calls, which rougly means 12M failures. During a test run under high memory constraints (limit enforced to 27 MB instead of the 58 MB normally needed), performance used to drop by 53% prior to this patch. Now with this patch instead it *increases* by about 1.5%. The best effect of this change is that by limiting the memory usage to about 2/3 to 3/4 of what is needed by default, it's possible to increase performance by up to about 18% mainly due to the fact that pools are reused more often and remain hot in the CPU cache (observed on regular HTTP traffic with 20k objects, buffers.limit = maxconn/10, buffers.reserve = limit/2). Below is an example of scenario which used to cause a deadlock previously : - connection is received - two buffers are allocated in process_session() then released - one is allocated when receiving an HTTP request - the second buffer is allocated then released in process_session() for request parsing then connection establishment. - poll() says we can send, so the request buffer is sent and released - process session gets notified that the connection is now established and allocates two buffers then releases them - all other sessions do the same till one cannot get the request buffer without hitting the margin - and now the server responds. stream_interface allocates the response buffer and manages to get it since it's higher priority being for a response. - but process_session() cannot allocate the request buffer anymore => We could end up with all buffers used by responses so that none may be allocated for a request in process_session(). When the applet processing leaves the session context, the test will have to be changed so that we always allocate a response buffer regardless of the left side (eg: H2->H1 gateway). A final improvement would consists in being able to only retry the failed I/O operation without waking up a task, but to date all experiments to achieve this have proven not to be reliable enough.
2014-11-26 19:11:56 -05:00
.reserved_bufs = RESERVED_BUFS,
MAJOR: pattern: add LRU-based cache on pattern matching The principle of this cache is to have a global cache for all pattern matching operations which rely on lists (reg, sub, dir, dom, ...). The input data, the expression and a random seed are used as a hashing key. The cached entries contains a pointer to the expression and a revision number for that expression so that we don't accidently used obsolete data after a pattern update or a very unlikely hash collision. Regarding the risk of collisions, 10k entries at 10k req/s mean 1% risk of a collision after 60 years, that's already much less than the memory's reliability in most machines and more durable than most admin's life expectancy. A collision will result in a valid result to be returned for a different entry from the same list. If this is not acceptable, the cache can be disabled using tune.pattern.cache-size. A test on a file containing 10k small regex showed that the regex matching was limited to 6k/s instead of 70k with regular strings. When enabling the LRU cache, the performance was back to 70k/s.
2015-04-29 10:24:50 -04:00
.pattern_cache = DEFAULT_PAT_LRU_SIZE,
MEDIUM: connections: Add a way to control the number of idling connections. As by default we add all keepalive connections to the idle pool, if we run into a pathological case, where all client don't do keepalive, but the server does, and haproxy is configured to only reuse "safe" connections, we will soon find ourself having lots of idling, unusable for new sessions, connections, while we won't have any file descriptors available to create new connections. To fix this, add 2 new global settings, "pool_low_ratio" and "pool_high_ratio". pool-low-fd-ratio is the % of fds we're allowed to use (against the maximum number of fds available to haproxy) before we stop adding connections to the idle pool, and destroy them instead. The default is 20. pool-high-fd-ratio is the % of fds we're allowed to use (against the maximum number of fds available to haproxy) before we start killing idling connection in the event we have to create a new outgoing connection, and no reuse is possible. The default is 25.
2019-04-16 13:07:22 -04:00
.pool_low_ratio = 20,
.pool_high_ratio = 25,
MINOR: global: Preset tune.max_http_hdr to its default value By default, this tune parameter is set to MAX_HTTP_HDR. This assignment is done after the configuration parsing, when we check the configuration validity. So during the configuration parsing, its value is 0. Now, it is set to MAX_HTTP_HDR from the start. So, it is possible to rely on it during the configuration parsing.
2019-07-19 03:36:45 -04:00
.max_http_hdr = MAX_HTTP_HDR,
MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size. This new global setting allows the user to change the SSL cache size in number of sessions. It defaults to 20000.
2012-09-03 06:10:29 -04:00
#ifdef USE_OPENSSL
MINOR: build: allow packagers to specify the ssl cache size This is done by passing the default value to SSLCACHESIZE in sessions. User can use tune.sslcachesize to change this value. By default, it is set to 20000 sessions as openssl internal cache size. Currently, a session entry size is between 592 and 616 bytes depending on the arch.
2012-11-14 05:32:56 -05:00
.sslcachesize = SSLCACHESIZE,
MINOR: compression: memlevel and windowsize The window size and the memlevel of the zlib are now configurable using global options tune.zlib.memlevel and tune.zlib.windowsize. It affects the memory consumption of the zlib.
2012-11-07 10:54:34 -05:00
#endif
MINOR: compression: tune.comp.maxlevel This option allows you to set the maximum compression level usable by the compression algorithm. It affects CPU usage.
2012-11-09 06:33:10 -05:00
.comp_maxlevel = 1,
MINOR: config: make the stream interface idle timer user-configurable The new tune.idletimer value allows one to set a different value for idle stream detection. The default value remains set to one second. It is possible to disable it using zero, and to change the default value at build time using DEFAULT_IDLE_TIMER.
2014-02-12 10:35:14 -05:00
#ifdef DEFAULT_IDLE_TIMER
.idle_timer = DEFAULT_IDLE_TIMER,
#else
.idle_timer = 1000, /* 1 second */
#endif
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
},
MINOR: ssl: add defines LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS. These ones are used to set the default ciphers suite on "bind" lines and "server" lines respectively, instead of using OpenSSL's defaults. These are probably mainly useful for distro packagers.
2012-10-05 09:47:31 -04:00
#ifdef USE_OPENSSL
#ifdef DEFAULT_MAXSSLCONN
MEDIUM: config: implement maxsslconn in the global section SSL connections take a huge amount of memory, and unfortunately openssl does not check malloc() returns and easily segfaults when too many connections are used. The only solution against this is to provide a global maxsslconn setting to reject SSL connections above the limit in order to avoid reaching unsafe limits.
2012-09-06 05:58:37 -04:00
.maxsslconn = DEFAULT_MAXSSLCONN,
MINOR: ssl: add defines LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS. These ones are used to set the default ciphers suite on "bind" lines and "server" lines respectively, instead of using OpenSSL's defaults. These are probably mainly useful for distro packagers.
2012-10-05 09:47:31 -04:00
#endif
MEDIUM: config: implement maxsslconn in the global section SSL connections take a huge amount of memory, and unfortunately openssl does not check malloc() returns and easily segfaults when too many connections are used. The only solution against this is to provide a global maxsslconn setting to reject SSL connections above the limit in order to avoid reaching unsafe limits.
2012-09-06 05:58:37 -04:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* others NULL OK */
};
/*********************************************************************/
int stopping; /* non zero means stopping in progress */
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
int killed; /* non zero means a hard-stop is triggered */
[MINOR] support a global jobs counter This counter is incremented for each incoming connection and each active listener, and is used to prevent haproxy from stopping upon SIGUSR1. It will thus be possible for some tasks in increment this counter in order to prevent haproxy from dying until they have completed their job.
2010-08-31 09:39:26 -04:00
int jobs = 0; /* number of active jobs (conns, listeners, active tasks, ...) */
MEDIUM: jobs: support unstoppable jobs for soft stop This patch allows a process to properly quit when some jobs are still active, this feature is handled by the unstoppable_jobs variable, which must be atomically incremented. During each new iteration of run_poll_loop() the break condition of the loop is now (jobs - unstoppable_jobs) == 0. The unique usage of this at the moment is to handle the socketpair CLI of a the worker during the stopping of the process. During the soft stop, we could mark the CLI listener as an unstoppable job and still handle new connections till every other jobs are stopped.
2018-11-16 10:57:20 -05:00
int unstoppable_jobs = 0; /* number of active jobs that can't be stopped during a soft stop */
MINOR: stats: report the number of active peers in "show info" Peers are the last type of activity which can maintain a job present, so it's important to report that such an entity is still active to explain why the job count may be higher than zero. Here by "ActivePeers" we report peers sessions, which include both established connections and outgoing connection attempts.
2018-11-05 10:31:22 -05:00
int active_peers = 0; /* number of active peers (connection attempts and connected) */
MINOR: stats: report the number of currently connected peers The active peers output indicates both the number of established peers connections and the number of peers connection attempts. The new counter "ConnectedPeers" also indicates the number of currently connected peers. This helps detect that some peers cannot be reached for example. It's worth mentioning that this value changes over time because unused peers are often disconnected and reconnected. Most of the time it should be equal to ActivePeers.
2018-11-05 11:12:27 -05:00
int connected_peers = 0; /* number of connected peers (verified ones) */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* Here we store informations about the pids of the processes we may pause
* or kill. We will send them a signal every 10 ms until we can bind to all
* our ports. With 200 retries, that's about 2 seconds.
*/
#define MAX_START_RETRIES 200
static int *oldpids = NULL;
static int oldpids_sig; /* use USR1 or TERM */
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
/* Path to the unix socket we use to retrieve listener sockets from the old process */
static const char *old_unixsocket;
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
static char *cur_unixsocket = NULL;
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
int atexit_flag = 0;
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
int nb_oldpids = 0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
const int zero = 0;
const int one = 1;
[MINOR] add the "nolinger" option to disable data lingering The following patch will give the ability to tweak socket linger mode. You can use this option with "option nolinger" inside fronted or backend configuration declaration. This will help in environments where lots of FIN_WAIT sockets are encountered.
2007-10-11 14:48:58 -04:00
const struct linger nolinger = { .l_onoff = 1, .l_linger = 0 };
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MINOR] force null-termination of hostname Marcello Gorlani reported that at least on FreeBSD, a long hostname was reported with garbage on the stats page. POSIX does not make it mandatory for gethostname() to NULL-terminate the string in case of truncation, and at least FreeBSD appears not to do it. So let's force null-termination to keep safe.
2010-03-12 15:58:54 -05:00
char hostname[MAX_HOSTNAME_LEN];
[MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management Add cmdline option -L to configure local peer name
2010-09-23 12:30:22 -04:00
char localpeer[MAX_HOSTNAME_LEN];
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
static char **next_argv = NULL;
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
struct list proc_list = LIST_HEAD_INIT(proc_list);
int master = 0; /* 1 if in master, 0 if in child */
MINOR: global: keep a copy of the initial rlim_fd_cur and rlim_fd_max values Let's keep a copy of these initial values. They will be useful to compute automatic maxconn, as well as to restore proper limits when doing an execve() on external checks.
2019-03-01 04:09:28 -05:00
unsigned int rlim_fd_cur_at_boot = 0;
unsigned int rlim_fd_max_at_boot = 0;
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
BUG/MEDIUM: random: initialize the random pool a bit better Since the UUID sample fetch was created, some people noticed that in certain virtualized environments they manage to get exact same UUIDs on different instances started exactly at the same moment. It turns out that the randoms were only initialized to spread the health checks originally, not to provide "clean" randoms. This patch changes this and collects more randomness from various sources, including existing randoms, /dev/urandom when available, RAND_bytes() when OpenSSL is available, as well as the timing for such operations, then applies a SHA1 on all this to keep a 160 bits random seed available, 32 of which are passed to srandom(). It's worth mentioning that there's no clean way to pass more than 32 bits to srandom() as even initstate() provides an opaque state that must absolutely not be tampered with since known implementations contain state information. At least this allows to have up to 4 billion different sequences from the boot, which is not that bad. Note that the thread safety was still not addressed, which is another issue for another patch. This must be backported to all versions containing the UUID sample fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
/* per-boot randomness */
unsigned char boot_seed[20]; /* per-boot random seed (160 bits initially) */
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
struct mworker_proc *proc_self = NULL;
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
static void *run_thread_poll_loop(void *data);
MINOR: config: add minimum support for emitting warnings only once This is useful to explain to users what to do during a migration.
2014-04-28 16:27:06 -04:00
/* bitfield of a few warnings to emit just once (WARN_*) */
unsigned int warned = 0;
MEDIUM: mworker: create CLI listeners from argv[] This patch introduces mworker_cli_proxy_new_listener() which allows the creation of new listeners for the CLI proxy. Using this function it is possible to create new listeners from the program arguments with -Sa <unix_socket>. It is allowed to create multiple listeners with several -Sa.
2018-10-26 08:47:36 -04:00
/* master CLI configuration (-S flag) */
struct list mworker_cli_conf = LIST_HEAD_INIT(mworker_cli_conf);
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
/* These are strings to be reported in the output of "haproxy -vv". They may
* either be constants (in which case must_free must be zero) or dynamically
* allocated strings to pass to free() on exit, and in this case must_free
* must be non-zero.
*/
struct list build_opts_list = LIST_HEAD_INIT(build_opts_list);
struct build_opts_str {
struct list list;
const char *str;
int must_free;
};
MINOR: haproxy: add a registration for post-check functions There's a significant amount of late initialization calls which are performed after the point where we exit in check mode. These calls are used to allocate resource and perform certain slow operations. Let's have a way to register some functions which need to be called there instead of having this multitude of #ifdef in the init path.
2016-12-21 13:57:00 -05:00
/* These functions are called just after the point where the program exits
* after a config validity check, so they are generally suited for resource
* allocation and slow initializations that should be skipped during basic
* config checks. The functions must return 0 on success, or a combination
* of ERR_* flags (ERR_WARN, ERR_ABORT, ERR_FATAL, ...). The 2 latter cause
* and immediate exit, so the function must have emitted any useful error.
*/
struct list post_check_list = LIST_HEAD_INIT(post_check_list);
struct post_check_fct {
struct list list;
int (*fct)();
};
MINOR: config: Support per-proxy and per-server post-check functions callbacks Most of times, when a keyword is added in proxy section or on the server line, we need to have a post-parser callback to check the config validity for the proxy or the server which uses this keyword. It is possible to register a global post-parser callback. But all these callbacks need to loop on the proxies and servers to do their job. It is neither handy nor efficient. Instead, it is now possible to register per-proxy and per-server post-check callbacks.
2019-08-12 03:51:07 -04:00
/* These functions are called for each proxy just after the config validity
* check. The functions must return 0 on success, or a combination of ERR_*
* flags (ERR_WARN, ERR_ABORT, ERR_FATAL, ...). The 2 latter cause and immediate
* exit, so the function must have emitted any useful error.
*/
struct list post_proxy_check_list = LIST_HEAD_INIT(post_proxy_check_list);
struct post_proxy_check_fct {
struct list list;
int (*fct)(struct proxy *);
};
/* These functions are called for each server just after the config validity
* check. The functions must return 0 on success, or a combination of ERR_*
* flags (ERR_WARN, ERR_ABORT, ERR_FATAL, ...). The 2 latter cause and immediate
* exit, so the function must have emitted any useful error.
*/
struct list post_server_check_list = LIST_HEAD_INIT(post_server_check_list);
struct post_server_check_fct {
struct list list;
int (*fct)(struct server *);
};
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
/* These functions are called for each thread just after the thread creation
* and before running the init functions. They should be used to do per-thread
* (re-)allocations that are needed by subsequent functoins. They must return 0
* if an error occurred. */
struct list per_thread_alloc_list = LIST_HEAD_INIT(per_thread_alloc_list);
struct per_thread_alloc_fct {
MINOR: haproxy: add a registration for post-deinit functions The 3 device detection engines stop at the same place in deinit() with the usual #ifdefs. Similar to the other functions we can have some late deinitialization functions. These functions do not return anything however so we have to use a different type.
2016-12-21 14:46:26 -05:00
struct list list;
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
int (*fct)();
MINOR: haproxy: add a registration for post-deinit functions The 3 device detection engines stop at the same place in deinit() with the usual #ifdefs. Similar to the other functions we can have some late deinitialization functions. These functions do not return anything however so we have to use a different type.
2016-12-21 14:46:26 -05:00
};
MINOR: threads: Add mechanism to register per-thread init/deinit functions hap_register_per_thread_init and hap_register_per_thread_deinit functions has been added to register functions to do, for each thread, respectively, some initialization and deinitialization. These functions are added in the global lists per_thread_init_list and per_thread_deinit_list. These functions are called only when HAProxy is started with more than 1 thread (global.nbthread > 1).
2017-07-25 10:52:58 -04:00
/* These functions are called for each thread just after the thread creation
* and before running the scheduler. They should be used to do per-thread
* initializations. They must return 0 if an error occurred. */
struct list per_thread_init_list = LIST_HEAD_INIT(per_thread_init_list);
struct per_thread_init_fct {
struct list list;
int (*fct)();
};
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
/* These functions are called when freeing the global sections at the end of
* deinit, after everything is stopped. They don't return anything. They should
* not release shared resources that are possibly used by other deinit
* functions, only close/release what is private. Use the per_thread_free_list
* to release shared resources.
*/
struct list post_deinit_list = LIST_HEAD_INIT(post_deinit_list);
struct post_deinit_fct {
struct list list;
void (*fct)();
};
MINOR: config: Support per-proxy and per-server deinit functions callbacks Most of times, when any allocation is done during configuration parsing because of a new keyword in proxy section or on the server line, we must add a call in the deinit() function to release allocated ressources. It is now possible to register a post-deinit callback because, at this stage, the proxies and the servers are already releases. Now, it is possible to register deinit callbacks per-proxy or per-server. These callbacks will be called for each proxy and server before releasing them.
2019-07-31 02:44:12 -04:00
/* These functions are called when freeing a proxy during the deinit, after
* everything isg stopped. They don't return anything. They should not release
* the proxy itself or any shared resources that are possibly used by other
* deinit functions, only close/release what is private.
*/
struct list proxy_deinit_list = LIST_HEAD_INIT(proxy_deinit_list);
struct proxy_deinit_fct {
struct list list;
void (*fct)(struct proxy *);
};
/* These functions are called when freeing a server during the deinit, after
* everything isg stopped. They don't return anything. They should not release
* the proxy itself or any shared resources that are possibly used by other
* deinit functions, only close/release what is private.
*/
struct list server_deinit_list = LIST_HEAD_INIT(server_deinit_list);
struct server_deinit_fct {
struct list list;
void (*fct)(struct server *);
};
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
/* These functions are called when freeing the global sections at the end of
* deinit, after the thread deinit functions, to release unneeded memory
* allocations. They don't return anything, and they work in best effort mode
* as their sole goal is to make valgrind mostly happy.
*/
struct list per_thread_free_list = LIST_HEAD_INIT(per_thread_free_list);
struct per_thread_free_fct {
struct list list;
int (*fct)();
};
MINOR: threads: Add mechanism to register per-thread init/deinit functions hap_register_per_thread_init and hap_register_per_thread_deinit functions has been added to register functions to do, for each thread, respectively, some initialization and deinitialization. These functions are added in the global lists per_thread_init_list and per_thread_deinit_list. These functions are called only when HAProxy is started with more than 1 thread (global.nbthread > 1).
2017-07-25 10:52:58 -04:00
/* These functions are called for each thread just after the scheduler loop and
* before exiting the thread. They don't return anything and, as for post-deinit
* functions, they work in best effort mode as their sole goal is to make
* valgrind mostly happy. */
struct list per_thread_deinit_list = LIST_HEAD_INIT(per_thread_deinit_list);
struct per_thread_deinit_fct {
struct list list;
void (*fct)();
};
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*********************************************************************/
/* general purpose functions ***************************************/
/*********************************************************************/
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
/* used to register some build option strings at boot. Set must_free to
* non-zero if the string must be freed upon exit.
*/
void hap_register_build_opts(const char *str, int must_free)
{
struct build_opts_str *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->str = str;
b->must_free = must_free;
LIST_ADDQ(&build_opts_list, &b->list);
}
MINOR: haproxy: add a registration for post-check functions There's a significant amount of late initialization calls which are performed after the point where we exit in check mode. These calls are used to allocate resource and perform certain slow operations. Let's have a way to register some functions which need to be called there instead of having this multitude of #ifdef in the init path.
2016-12-21 13:57:00 -05:00
/* used to register some initialization functions to call after the checks. */
void hap_register_post_check(int (*fct)())
{
struct post_check_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&post_check_list, &b->list);
}
MINOR: config: Support per-proxy and per-server post-check functions callbacks Most of times, when a keyword is added in proxy section or on the server line, we need to have a post-parser callback to check the config validity for the proxy or the server which uses this keyword. It is possible to register a global post-parser callback. But all these callbacks need to loop on the proxies and servers to do their job. It is neither handy nor efficient. Instead, it is now possible to register per-proxy and per-server post-check callbacks.
2019-08-12 03:51:07 -04:00
/* used to register some initialization functions to call for each proxy after
* the checks.
*/
void hap_register_post_proxy_check(int (*fct)(struct proxy *))
{
struct post_proxy_check_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&post_proxy_check_list, &b->list);
}
/* used to register some initialization functions to call for each server after
* the checks.
*/
void hap_register_post_server_check(int (*fct)(struct server *))
{
struct post_server_check_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&post_server_check_list, &b->list);
}
MINOR: haproxy: add a registration for post-deinit functions The 3 device detection engines stop at the same place in deinit() with the usual #ifdefs. Similar to the other functions we can have some late deinitialization functions. These functions do not return anything however so we have to use a different type.
2016-12-21 14:46:26 -05:00
/* used to register some de-initialization functions to call after everything
* has stopped.
*/
void hap_register_post_deinit(void (*fct)())
{
struct post_deinit_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&post_deinit_list, &b->list);
}
MINOR: config: Support per-proxy and per-server deinit functions callbacks Most of times, when any allocation is done during configuration parsing because of a new keyword in proxy section or on the server line, we must add a call in the deinit() function to release allocated ressources. It is now possible to register a post-deinit callback because, at this stage, the proxies and the servers are already releases. Now, it is possible to register deinit callbacks per-proxy or per-server. These callbacks will be called for each proxy and server before releasing them.
2019-07-31 02:44:12 -04:00
/* used to register some per proxy de-initialization functions to call after
* everything has stopped.
*/
void hap_register_proxy_deinit(void (*fct)(struct proxy *))
{
struct proxy_deinit_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&proxy_deinit_list, &b->list);
}
/* used to register some per server de-initialization functions to call after
* everything has stopped.
*/
void hap_register_server_deinit(void (*fct)(struct server *))
{
struct server_deinit_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&server_deinit_list, &b->list);
}
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
/* used to register some allocation functions to call for each thread. */
void hap_register_per_thread_alloc(int (*fct)())
{
struct per_thread_alloc_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&per_thread_alloc_list, &b->list);
}
MINOR: threads: Add mechanism to register per-thread init/deinit functions hap_register_per_thread_init and hap_register_per_thread_deinit functions has been added to register functions to do, for each thread, respectively, some initialization and deinitialization. These functions are added in the global lists per_thread_init_list and per_thread_deinit_list. These functions are called only when HAProxy is started with more than 1 thread (global.nbthread > 1).
2017-07-25 10:52:58 -04:00
/* used to register some initialization functions to call for each thread. */
void hap_register_per_thread_init(int (*fct)())
{
struct per_thread_init_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&per_thread_init_list, &b->list);
}
/* used to register some de-initialization functions to call for each thread. */
void hap_register_per_thread_deinit(void (*fct)())
{
struct per_thread_deinit_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&per_thread_deinit_list, &b->list);
}
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
/* used to register some free functions to call for each thread. */
void hap_register_per_thread_free(int (*fct)())
{
struct per_thread_free_fct *b;
b = calloc(1, sizeof(*b));
if (!b) {
fprintf(stderr, "out of memory\n");
exit(1);
}
b->fct = fct;
LIST_ADDQ(&per_thread_free_list, &b->list);
}
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void display_version()
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
MINOR: version: Show uname output in display_version() This patch adds the sysname, release, version and machine fields from the uname results to the version output. It intentionally leaves out the machine name, because it is usually not useful and users might not want to expose their machine names for privacy reasons. May be backported if it is considered useful for debugging.
2020-04-18 10:02:47 -04:00
struct utsname utsname;
MINOR: version: report the version status in "haproxy -v" As discussed on Discourse here: https://discourse.haproxy.org/t/haproxy-branch-support-lifetime/4466 it's not always easy for end users to know the lifecycle of the version they are using. This patch introduces a "Status" line in the output of "haproxy -vv" indicating whether it's a development, stable, long-term supported version, possibly with an estimated end of life for the branch when it can be anticipated (e.g. for stable versions). This field should be adjusted when creating a major release to reflect the new status. It may make sense to backport this to other branches to clarify the situation.
2019-11-21 12:07:30 -05:00
printf("HA-Proxy version %s %s - https://haproxy.org/\n"
PRODUCT_STATUS "\n", haproxy_version, haproxy_date);
MINOR: version: emit the link to the known bugs in output of "haproxy -v" The link to the known bugs page for the current version is built and reported there. When it is a development version (less than 2 dots), instead a link to github open issues is reported as there's no way to be sure about the current situation in this case and it's better that users report their trouble there.
2019-11-21 12:48:20 -05:00
if (strlen(PRODUCT_URL_BUGS) > 0) {
char base_version[20];
int dots = 0;
char *del;
/* only retrieve the base version without distro-specific extensions */
for (del = haproxy_version; *del; del++) {
if (*del == '.')
dots++;
else if (*del < '0' || *del > '9')
break;
}
strlcpy2(base_version, haproxy_version, del - haproxy_version + 1);
if (dots < 2)
printf("Known bugs: https://github.com/haproxy/haproxy/issues?q=is:issue+is:open\n");
else
printf("Known bugs: " PRODUCT_URL_BUGS "\n", base_version);
}
MINOR: version: Show uname output in display_version() This patch adds the sysname, release, version and machine fields from the uname results to the version output. It intentionally leaves out the machine name, because it is usually not useful and users might not want to expose their machine names for privacy reasons. May be backported if it is considered useful for debugging.
2020-04-18 10:02:47 -04:00
if (uname(&utsname) == 0) {
printf("Running on: %s %s %s %s\n", utsname.sysname, utsname.release, utsname.version, utsname.machine);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void display_build_opts()
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
{
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
struct build_opts_str *item;
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
printf("Build options :"
#ifdef BUILD_TARGET
[BUILD] major rework of the GNU Makefile The build process was getting annoying under some conditions, especially on platforms which are used to set CFLAGS, as well as those which set a lot of complex defines. The new Makefile takes care of this situation by not mixing TARGET, CPU and user values, and by making privileging the pre-setting of common variables with the ability to override them. Now CFLAGS and LDFLAGS are set by default and may be overridden without the risk of breaking useful defines. Options are better dealt with, and as a bonus, it was possible to merge the FreeBSD and OpenBSD targets into the common GNU Makefile. The report of build options by "haproxy -vv" has been slightly adapted to the new mode. Options implied by architecture are not reported, only user-specified options are. It is also possible to add options which will not be reported in order not to mangle the output when specifying dirty informations such as URLs... The Makefile was copiously documented and it should be easier to build for any target now. Backwards compatibility with older build processes was kept, and warnings are emitted for deprecated build options.
2008-01-02 14:48:34 -05:00
"\n TARGET = " BUILD_TARGET
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
#endif
#ifdef BUILD_CPU
[BUILD] major rework of the GNU Makefile The build process was getting annoying under some conditions, especially on platforms which are used to set CFLAGS, as well as those which set a lot of complex defines. The new Makefile takes care of this situation by not mixing TARGET, CPU and user values, and by making privileging the pre-setting of common variables with the ability to override them. Now CFLAGS and LDFLAGS are set by default and may be overridden without the risk of breaking useful defines. Options are better dealt with, and as a bonus, it was possible to merge the FreeBSD and OpenBSD targets into the common GNU Makefile. The report of build options by "haproxy -vv" has been slightly adapted to the new mode. Options implied by architecture are not reported, only user-specified options are. It is also possible to add options which will not be reported in order not to mangle the output when specifying dirty informations such as URLs... The Makefile was copiously documented and it should be easier to build for any target now. Backwards compatibility with older build processes was kept, and warnings are emitted for deprecated build options.
2008-01-02 14:48:34 -05:00
"\n CPU = " BUILD_CPU
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
#endif
#ifdef BUILD_CC
[BUILD] major rework of the GNU Makefile The build process was getting annoying under some conditions, especially on platforms which are used to set CFLAGS, as well as those which set a lot of complex defines. The new Makefile takes care of this situation by not mixing TARGET, CPU and user values, and by making privileging the pre-setting of common variables with the ability to override them. Now CFLAGS and LDFLAGS are set by default and may be overridden without the risk of breaking useful defines. Options are better dealt with, and as a bonus, it was possible to merge the FreeBSD and OpenBSD targets into the common GNU Makefile. The report of build options by "haproxy -vv" has been slightly adapted to the new mode. Options implied by architecture are not reported, only user-specified options are. It is also possible to add options which will not be reported in order not to mangle the output when specifying dirty informations such as URLs... The Makefile was copiously documented and it should be easier to build for any target now. Backwards compatibility with older build processes was kept, and warnings are emitted for deprecated build options.
2008-01-02 14:48:34 -05:00
"\n CC = " BUILD_CC
#endif
#ifdef BUILD_CFLAGS
"\n CFLAGS = " BUILD_CFLAGS
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
#endif
[BUILD] major rework of the GNU Makefile The build process was getting annoying under some conditions, especially on platforms which are used to set CFLAGS, as well as those which set a lot of complex defines. The new Makefile takes care of this situation by not mixing TARGET, CPU and user values, and by making privileging the pre-setting of common variables with the ability to override them. Now CFLAGS and LDFLAGS are set by default and may be overridden without the risk of breaking useful defines. Options are better dealt with, and as a bonus, it was possible to merge the FreeBSD and OpenBSD targets into the common GNU Makefile. The report of build options by "haproxy -vv" has been slightly adapted to the new mode. Options implied by architecture are not reported, only user-specified options are. It is also possible to add options which will not be reported in order not to mangle the output when specifying dirty informations such as URLs... The Makefile was copiously documented and it should be easier to build for any target now. Backwards compatibility with older build processes was kept, and warnings are emitted for deprecated build options.
2008-01-02 14:48:34 -05:00
#ifdef BUILD_OPTIONS
"\n OPTIONS = " BUILD_OPTIONS
BUILD: report the whole feature set with their status in haproxy -vv It's not convenient not to know the status of default options, and requires the user to know what option is enabled by default in each target. With this patch, a new "Features list" line is added to the output of "haproxy -vv" to report the whole list of known features with their respective status. They're prefixed with a "+" when enabled or a "-" when disabled. The "USE_" prefix is removed for clarity.
2019-03-27 08:20:08 -04:00
#endif
#ifdef BUILD_FEATURES
"\n\nFeature list : " BUILD_FEATURES
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
#endif
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
"\n\nDefault settings :"
MINOR: config: remove obsolete use of DEFAULT_MAXCONN at various places This entry was still set to 2000 but never used anymore. The only places where it appeared was as an alias to SYSTEM_MAXCONN which forces it, so let's turn these ones to SYSTEM_MAXCONN and remove the default value for DEFAULT_MAXCONN. SYSTEM_MAXCONN still defines the upper bound however.
2019-03-13 05:03:07 -04:00
"\n bufsize = %d, maxrewrite = %d, maxpollevents = %d"
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
"\n\n",
MINOR: config: remove obsolete use of DEFAULT_MAXCONN at various places This entry was still set to 2000 but never used anymore. The only places where it appeared was as an alias to SYSTEM_MAXCONN which forces it, so let's turn these ones to SYSTEM_MAXCONN and remove the default value for DEFAULT_MAXCONN. SYSTEM_MAXCONN still defines the upper bound however.
2019-03-13 05:03:07 -04:00
BUFSIZE, MAXREWRITE, MAX_POLL_EVENTS);
[MINOR] report list of supported pollers with -vv During troubleshooting, it's often useful to get the list of supported pollers but until now it was required to have a working configuration first. Since the pollers are known before main() is called, let's list them with the build options.
2009-10-03 12:57:08 -04:00
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
list_for_each_entry(item, &build_opts_list, list) {
puts(item->str);
}
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
putchar('\n');
[MINOR] report list of supported pollers with -vv During troubleshooting, it's often useful to get the list of supported pollers but until now it was required to have a working configuration first. Since the pollers are known before main() is called, let's list them with the build options.
2009-10-03 12:57:08 -04:00
list_pollers(stdout);
putchar('\n');
MINOR: mux: Print the list of existing mux protocols during HA startup This is done in verbose/debug mode and when build options are reported.
2018-04-10 08:37:32 -04:00
list_mux_proto(stdout);
putchar('\n');
MINOR: init: report the list of optionally available services It's never easy to guess what services are built in. We currently have the prometheus exporter in contrib/ which is the only extension for now. Let's enumerate all available ones just like we do for filterr and pollers.
2019-03-19 03:08:10 -04:00
list_services(stdout);
putchar('\n');
MINOR: filters: Print the list of existing filters during HA startup This is done in verbose/debug mode and when build options are reported.
2016-03-07 06:46:38 -05:00
list_filters(stdout);
putchar('\n');
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* This function prints the command line usage and exits
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void usage(char *name)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
display_version();
fprintf(stderr,
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
"Usage : %s [-f <cfgfile|cfgdir>]* [ -vdV"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
"D ] [ -n <maxconn> ] [ -N <maxpconn> ]\n"
MEDIUM: init: support a list of files on the command line HAProxy could already support being passed a file list on the command line, by passing multiple times "-f" followed by a file name. People have been complaining that it made it hard to pass file lists from init scripts. This patch introduces an end of arguments using the common "--" tag, after which only file names may appear. These files are then added to the existing list of other files specified using -f and are loaded in their declaration order. Thus it becomes possible to do something like this : haproxy -sf $(pidof haproxy) -- /etc/haproxy/global.cfg /etc/haproxy/customers/*.cfg
2015-10-08 05:58:48 -04:00
" [ -p <pidfile> ] [ -m <max megs> ] [ -C <dir> ] [-- <cfgfile>*]\n"
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
" -v displays version ; -vv shows known build options.\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -d enters debug mode ; -db only disables background mode.\n"
MEDIUM: memory: add the ability to poison memory at run time From time to time, some bugs are discovered that are caused by non-initialized memory areas. It happens that most platforms return a zero-filled area upon first malloc() thus hiding potential bugs. This patch also replaces malloc() in pools with calloc() to ensure that all platforms exhibit the same behaviour upon startup. In order to catch these bugs more easily, add a -dM command line flag to enable memory poisonning. Optionally, passing -dM<byte> forces the poisonning byte to <byte>.
2012-05-08 09:40:42 -04:00
" -dM[<byte>] poisons memory with <byte> (defaults to 0x50)\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -V enters verbose mode (disables quiet mode)\n"
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
" -D goes daemon ; -C changes to <dir> before loading files.\n"
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
" -W master-worker mode.\n"
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
" -Ws master-worker mode with systemd notify support.\n"
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -q quiet mode : don't display messages\n"
[MEDIUM] config: support loading multiple configuration files We now support up to 10 distinct configuration files. They are all loaded in the order defined by -f <file1> -f <file2> ... This can be useful in order to store global, private, public, etc... configurations in distinct files.
2009-06-22 10:02:30 -04:00
" -c check mode : only check config files and exit\n"
MINOR: config: remove obsolete use of DEFAULT_MAXCONN at various places This entry was still set to 2000 but never used anymore. The only places where it appeared was as an alias to SYSTEM_MAXCONN which forces it, so let's turn these ones to SYSTEM_MAXCONN and remove the default value for DEFAULT_MAXCONN. SYSTEM_MAXCONN still defines the upper bound however.
2019-03-13 05:03:07 -04:00
" -n sets the maximum total # of connections (uses ulimit -n)\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -m limits the usable amount of memory (in MB)\n"
" -N sets the default, per-proxy maximum # of connections (%d)\n"
[MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management Add cmdline option -L to configure local peer name
2010-09-23 12:30:22 -04:00
" -L set local peer name (default to hostname)\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -p writes pids of all children to this file\n"
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_EPOLL)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -de disables epoll() usage even when available\n"
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_KQUEUE)
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
" -dk disables kqueue() usage even when available\n"
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_EVPORTS)
MAJOR: polling: add event ports support (Solaris) Event ports are kqueue/epoll polling class for Solaris. Code is based on https://github.com/joyent/haproxy-1.8/tree/joyent/dev-v1.8.8. Event ports are available only on SunOS systems derived from Solaris 10 and later (including illumos systems).
2019-04-08 12:53:32 -04:00
" -dv disables event ports usage even when available\n"
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_POLL)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
" -dp disables poll() usage even when available\n"
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_LINUX_SPLICE)
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
" -dS disables splice usage (broken on old kernels)\n"
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
#endif
#if defined(USE_GETADDRINFO)
" -dG disables getaddrinfo() usage\n"
MEDIUM: make SO_REUSEPORT configurable With Linux officially introducing SO_REUSEPORT support in 3.9 and its mainstream adoption we have seen more people running into strange SO_REUSEPORT related issues (a process management issue turning into hard to diagnose problems because the kernel load-balances between the new and an obsolete haproxy instance). Also some people simply want the guarantee that the bind fails when the old process is still bound. This change makes SO_REUSEPORT configurable, introducing the command line argument "-dR" and the noreuseport configuration directive. A backport to 1.6 should be considered.
2016-09-12 17:42:20 -04:00
#endif
#if defined(SO_REUSEPORT)
" -dR disables SO_REUSEPORT usage\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
MINOR: init: add -dr to ignore server address resolution failures It is very common when validating a configuration out of production not to have access to the same resolvers and to fail on server address resolution, making it difficult to test a configuration. This option simply appends the "none" method to the list of address resolution methods for all servers, ensuring that even if the libc fails to resolve an address, the startup sequence is not interrupted.
2016-11-07 15:03:16 -05:00
" -dr ignores server address resolution failures\n"
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
" -dV disables SSL verify on servers side\n"
MINOR: init: add -dW and "zero-warning" to reject configs with warnings Since some systems switched to service managers which hide all warnings by default, some users are not aware of some possibly important warnings and get caught too late with errors that could have been detected earlier. This patch adds a new global keyword, "zero-warning" and an equivalent command-line option "-dW" to refuse to start in case any warning is detected. It is recommended to use these with configurations that are managed by humans in order to catch mistakes very early.
2020-04-15 10:42:39 -04:00
" -dW fails if any warning is emitted\n"
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
" -sf/-st [pid ]* finishes/terminates old pids.\n"
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
" -x <unix_socket> get listening sockets from a unix socket\n"
MINOR: doc: update the manpage and usage message about -S Add -S in the manpage, and update the usage message. Should be backported to 1.9.
2019-06-13 11:03:37 -04:00
" -S <bind>[,<bind options>...] new master CLI\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
"\n",
MINOR: config: remove obsolete use of DEFAULT_MAXCONN at various places This entry was still set to 2000 but never used anymore. The only places where it appeared was as an alias to SYSTEM_MAXCONN which forces it, so let's turn these ones to SYSTEM_MAXCONN and remove the default value for DEFAULT_MAXCONN. SYSTEM_MAXCONN still defines the upper bound however.
2019-03-13 05:03:07 -04:00
name, cfg_maxpconn);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
exit(1);
}
/*********************************************************************/
/* more specific functions ***************************************/
/*********************************************************************/
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/* sends the signal <sig> to all pids found in <oldpids>. Returns the number of
* pids the signal was correctly delivered to.
*/
REORG: mworker: move signal handlers and related functions Move the following functions to mworker.c: void mworker_catch_sighup(struct sig_handler *sh); void mworker_catch_sigterm(struct sig_handler *sh); void mworker_catch_sigchld(struct sig_handler *sh); static void mworker_kill(int sig); int current_child(int pid);
2019-04-01 05:29:56 -04:00
int tell_old_pids(int sig)
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
{
int p;
int ret = 0;
for (p = 0; p < nb_oldpids; p++)
if (kill(oldpids[p], sig) == 0)
ret++;
return ret;
}
/*
* remove a pid forom the olpid array and decrease nb_oldpids
* return 1 pid was found otherwise return 0
*/
int delete_oldpid(int pid)
{
int i;
for (i = 0; i < nb_oldpids; i++) {
if (oldpids[i] == pid) {
oldpids[i] = oldpids[nb_oldpids - 1];
oldpids[nb_oldpids - 1] = 0;
nb_oldpids--;
return 1;
}
}
return 0;
}
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
static void get_cur_unixsocket()
{
/* if -x was used, try to update the stat socket if not available anymore */
if (global.stats_fe) {
struct bind_conf *bind_conf;
/* pass through all stats socket */
list_for_each_entry(bind_conf, &global.stats_fe->conf.bind, by_fe) {
struct listener *l;
list_for_each_entry(l, &bind_conf->listeners, by_bind) {
if (l->addr.ss_family == AF_UNIX &&
(bind_conf->level & ACCESS_FD_LISTENERS)) {
const struct sockaddr_un *un;
un = (struct sockaddr_un *)&l->addr;
/* priority to old_unixsocket */
if (!cur_unixsocket) {
cur_unixsocket = strdup(un->sun_path);
} else {
if (old_unixsocket && !strcmp(un->sun_path, old_unixsocket)) {
free(cur_unixsocket);
cur_unixsocket = strdup(old_unixsocket);
return;
}
}
}
}
}
}
if (!cur_unixsocket && old_unixsocket)
cur_unixsocket = strdup(old_unixsocket);
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/*
* When called, this function reexec haproxy with -sf followed by current
CLEANUP: Fix some typos in the haproxy subsystem Fix some typos in the code comments of the haproxy subsystem.
2018-11-15 13:41:50 -05:00
* children PIDs and possibly old children PIDs if they didn't leave yet.
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
*/
MINOR: cli: implements 'reload' on master CLI The reload command reload the haproxy master like it is done with a kill -USR2 on the master process.
2018-12-14 15:11:31 -05:00
void mworker_reload()
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
{
int next_argc = 0;
char *msg = NULL;
BUG/MINOR: mworker: be careful to restore the original rlim_fd_cur/max on reload When the master re-execs itself on reload, it doesn't restore the initial rlim_fd_cur/rlim_fd_max values, which have been modified by the ulimit-n or global maxconn directives. This is a problem, because if these values were set really low it could prevent the process from restarting, and if they were set very high, this could have some implications on the restart time, or later on the computed maxconn. Let's simply reset these values to the ones we had at boot to maintain the system in a consistent state. A backport could be performed to 1.9 and maybe 1.8. This patch depends on the two previous ones.
2019-03-01 04:21:55 -05:00
struct rlimit limit;
BUG/MEDIUM: mworker: fix FD leak upon reload We reintroduced some FDs leaking by using a poller and some listeners in the master. The master proxy needs to be stopped to avoid leaking its listeners, the polling loop needs to be deinit, and the thread waker pipe need to be closed too. No backport needed.
2018-11-26 05:53:40 -05:00
struct per_thread_deinit_fct *ptdf;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
mworker_block_signals();
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
if (global.tune.options & GTUNE_USE_SYSTEMD)
sd_notify(0, "RELOADING=1");
#endif
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
setenv("HAPROXY_MWORKER_REEXEC", "1", 1);
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
mworker_proc_list_to_env(); /* put the children description in the env */
BUG/MEDIUM: mworker: fix FD leak upon reload We reintroduced some FDs leaking by using a poller and some listeners in the master. The master proxy needs to be stopped to avoid leaking its listeners, the polling loop needs to be deinit, and the thread waker pipe need to be closed too. No backport needed.
2018-11-26 05:53:40 -05:00
/* during the reload we must ensure that every FDs that can't be
* reuse (ie those that are not referenced in the proc_list)
* are closed or they will leak. */
/* close the listeners FD */
mworker_cli_proxy_stop();
BUG/MEDIUM: mworker: don't call the thread and fdtab deinit Before switching to wait mode, the per thread deinit should not be called, because we didn't initiate threads and fdtab. The problem is that the master could crash if we try to reload HAProxy The commit 944e619 ("MEDIUM: mworker: wait mode use standard init code path") removed the deinit code by accident, but its fix 7c756a8 ("BUG/MEDIUM: mworker: fix FD leak upon reload") was incomplete and did not took care of the WAIT_MODE. This fix must be backported in 1.9 and 2.0
2019-06-24 11:40:48 -04:00
if (getenv("HAPROXY_MWORKER_WAIT_ONLY") == NULL) {
/* close the poller FD and the thread waker pipe FD */
list_for_each_entry(ptdf, &per_thread_deinit_list, list)
ptdf->fct();
if (fdtab)
deinit_pollers();
}
CLEANUP: ssl: remove 57 occurrences of useless tests on LIBRESSL_VERSION_NUMBER They were all check to comply with the advertised openssl version. Now that libressl doesn't pretend to be a more recent openssl anymore, we can simply rely on the regular openssl version tests without having to deal with exceptions for libressl.
2019-05-09 08:13:35 -04:00
#if defined(USE_OPENSSL) && (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
BUG/MINOR: mworker/ssl: close openssl FDs unconditionally Patch 56996da ("BUG/MINOR: mworker/ssl: close OpenSSL FDs on reload") fixes a issue where the /dev/random FD was leaked by OpenSSL upon a reload in master worker mode. Indeed the FD was not flagged with CLOEXEC. The fix was checking if ssl_used_frontend or ssl_used_backend were set to close the FD. This is wrong, indeed the lua init code creates an SSL server without increasing the backend value, so the deinit is never done when you don't use SSL in your configuration. To reproduce the problem you just need to build haproxy with openssl and lua with an openssl which does not use the getrandom() syscall. No openssl nor lua configuration are required for haproxy. This patch must be backported as far as 1.8. Fix issue #314.
2019-10-15 08:04:08 -04:00
/* close random device FDs */
RAND_keep_random_devices_open(0);
BUG/MINOR: mworker/ssl: close OpenSSL FDs on reload From OpenSSL 1.1.1, the default behaviour is to maintain open FDs to any random devices that get used by the random number library. As a result, those FDs leak when the master re-execs on reload; since those FDs are not marked FD_CLOEXEC or O_CLOEXEC, they also get inherited by children. Eventually both master and children run out of FDs. OpenSSL 1.1.1 introduces a new function to control whether the random devices are kept open. When clearing the keep-open flag, it also closes any currently open FDs, so it can be used to clean-up open FDs too. Therefore, a call to this function is made in mworker_reload prior to re-exec. The call is guarded by whether SSL is in use, because it will cause initialisation of the OpenSSL random number library if that has not already been done. This should be backported to 1.9 and 1.8.
2019-05-03 04:11:32 -04:00
#endif
BUG/MEDIUM: mworker: fix FD leak upon reload We reintroduced some FDs leaking by using a poller and some listeners in the master. The master proxy needs to be stopped to avoid leaking its listeners, the polling loop needs to be deinit, and the thread waker pipe need to be closed too. No backport needed.
2018-11-26 05:53:40 -05:00
BUG/MINOR: mworker: be careful to restore the original rlim_fd_cur/max on reload When the master re-execs itself on reload, it doesn't restore the initial rlim_fd_cur/rlim_fd_max values, which have been modified by the ulimit-n or global maxconn directives. This is a problem, because if these values were set really low it could prevent the process from restarting, and if they were set very high, this could have some implications on the restart time, or later on the computed maxconn. Let's simply reset these values to the ones we had at boot to maintain the system in a consistent state. A backport could be performed to 1.9 and maybe 1.8. This patch depends on the two previous ones.
2019-03-01 04:21:55 -05:00
/* restore the initial FD limits */
limit.rlim_cur = rlim_fd_cur_at_boot;
limit.rlim_max = rlim_fd_max_at_boot;
if (setrlimit(RLIMIT_NOFILE, &limit) == -1) {
getrlimit(RLIMIT_NOFILE, &limit);
ha_warning("Failed to restore initial FD limits (cur=%u max=%u), using cur=%u max=%u\n",
rlim_fd_cur_at_boot, rlim_fd_max_at_boot,
(unsigned int)limit.rlim_cur, (unsigned int)limit.rlim_max);
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/* compute length */
while (next_argv[next_argc])
next_argc++;
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
/* 1 for haproxy -sf, 2 for -x /socket */
MINOR: mworker: don't use children variable anymore The children variable is still used in haproxy, it is not required anymore since we have the information about the current workers in the mworker_proc linked list. The oldpids array is also replaced by this linked list when we generated the arguments for the master reexec.
2019-04-01 05:29:59 -04:00
next_argv = realloc(next_argv, (next_argc + 1 + 2 + mworker_child_nb() + nb_oldpids + 1) * sizeof(char *));
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
if (next_argv == NULL)
goto alloc_error;
/* add -sf <PID>* to argv */
MINOR: mworker: don't use children variable anymore The children variable is still used in haproxy, it is not required anymore since we have the information about the current workers in the mworker_proc linked list. The oldpids array is also replaced by this linked list when we generated the arguments for the master reexec.
2019-04-01 05:29:59 -04:00
if (mworker_child_nb() > 0) {
struct mworker_proc *child;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
next_argv[next_argc++] = "-sf";
MINOR: mworker: don't use children variable anymore The children variable is still used in haproxy, it is not required anymore since we have the information about the current workers in the mworker_proc linked list. The oldpids array is also replaced by this linked list when we generated the arguments for the master reexec.
2019-04-01 05:29:59 -04:00
list_for_each_entry(child, &proc_list, list) {
BUG/MEDIUM: mworker: don't fill the -sf argument with -1 during the reexec Upon a reexec_on_failure, if the process tried to exit after the initialization of the process structure but before it was filled with a PID, the PID in the mworker_proc structure is set to -1. In this particular case the -sf argument is filled with -1 and haproxy will exit with the usage message because of that argument. Should be backported in 2.0.
2019-11-19 11:04:18 -05:00
if (!(child->options & (PROC_O_TYPE_WORKER|PROC_O_TYPE_PROG)) || child->pid <= -1 )
MINOR: mworker: don't use children variable anymore The children variable is still used in haproxy, it is not required anymore since we have the information about the current workers in the mworker_proc linked list. The oldpids array is also replaced by this linked list when we generated the arguments for the master reexec.
2019-04-01 05:29:59 -04:00
continue;
next_argv[next_argc] = memprintf(&msg, "%d", child->pid);
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
if (next_argv[next_argc] == NULL)
goto alloc_error;
msg = NULL;
MINOR: mworker: don't use children variable anymore The children variable is still used in haproxy, it is not required anymore since we have the information about the current workers in the mworker_proc linked list. The oldpids array is also replaced by this linked list when we generated the arguments for the master reexec.
2019-04-01 05:29:59 -04:00
next_argc++;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
}
}
MINOR: mworker: don't use children variable anymore The children variable is still used in haproxy, it is not required anymore since we have the information about the current workers in the mworker_proc linked list. The oldpids array is also replaced by this linked list when we generated the arguments for the master reexec.
2019-04-01 05:29:59 -04:00
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
next_argv[next_argc] = NULL;
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
/* add the -x option with the stat socket */
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
if (cur_unixsocket) {
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
next_argv[next_argc++] = "-x";
next_argv[next_argc++] = (char *)cur_unixsocket;
next_argv[next_argc++] = NULL;
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
}
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Reexecuting Master process\n");
BUG/MINOR: mworker: disable SIGPROF on re-exec If haproxy is built with profiling enabled with -pg, it is possible to see the master quit during a reload while it's re-executing itself with error code 155 (signal 27) saying "Profile timer expired)". This happens if the SIGPROF signal is delivered during the execve() call while the handler was already unregistered. The issue itself is not directly inside haproxy but it's easy to address. This patch disables this signal before calling execvp() during a master reload. A simple test for this consists in running this little script with haproxy started in master-worker mode : $ while usleep 50000; do killall -USR2 haproxy; done This fix should be backported to all versions using the master-worker model.
2019-08-26 04:37:39 -04:00
signal(SIGPROF, SIG_IGN);
BUG/MEDIUM: mworker: Fix re-exec when haproxy is started from PATH If haproxy is started using the name of the binary only (i.e. not using a relative or absolute path) the `execv` in `mworker_reload` fails with `ENOENT`, because it does not examine the `PATH`: [WARNING] 315/161139 (7) : Reexecuting Master process [WARNING] 315/161139 (7) : Cannot allocate memory [WARNING] 315/161139 (7) : Failed to reexecute the master processs [7] The error messages are misleading, because the return value of `execv` is not checked. This should be fixed in a separate commit. Once this happened the master process ignores any further signals sent by the administrator. Replace `execv` with `execvp` to establish the expected behaviour. This bug was introduced in commit 73b85e75b3963086be889e1fb40a59e7ef2ad63b.
2017-11-12 11:39:18 -05:00
execvp(next_argv[0], next_argv);
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to reexecute the master process [%d]: %s\n", pid, strerror(errno));
MINOR: mworker: display an accurate error when the reexec fail When the master worker fail the execvp, it returns the wrong error "Cannot allocate memory". We now display the accurate error corresponding to the errno value.
2017-11-15 13:02:55 -05:00
return;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
alloc_error:
MINOR: Fix an error message thrown when we run out of memory Fixes a typo in an error message that can be seen by the end user when the haproxy subsystem runs out of memory.
2018-11-15 13:43:05 -05:00
ha_warning("Failed to reexecute the master process [%d]: Cannot allocate memory\n", pid);
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
return;
}
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
static void mworker_loop()
{
#if defined(USE_SYSTEMD)
if (global.tune.options & GTUNE_USE_SYSTEMD)
sd_notifyf(0, "READY=1\nMAINPID=%lu", (unsigned long)getpid());
#endif
BUG/MINOR: mworker: disable busy polling in the master process When enabling busy polling, we don't want the master to use it, or it wastes a dedicated processor to this! Must be backported to 1.9.
2019-04-18 05:31:36 -04:00
/* Busy polling makes no sense in the master :-) */
global.tune.options &= ~GTUNE_BUSY_POLLING;
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
master = 1;
BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers If a new process is started with -sf and it fails to bind, it may send a SIGTTOU to the master process in hope that it will temporarily unbind. Unfortunately this one doesn't catch it and stops to background instead of forwarding the signal to the workers. The same is true for SIGTTIN. This commit simply implements an extra signal handler for the master to deal with such signals that must be passed down to the workers. It must be backported as far as 1.8, though there the code differs in that it's entirely in haproxy.c and doesn't require an extra sig handler.
2019-12-11 08:24:07 -05:00
signal_unregister(SIGTTIN);
signal_unregister(SIGTTOU);
BUG/MEDIUM: mworker: unregister the signals of main() The signal_register_fct() does not remove the handlers assigned to a signal, but add a new handler to a list. We accidentality inherited the handlers of the main() function in the master process which is a problem because they act on the proxies. The side effect was to stop the MASTER proxy which handle the master CLI on a SIGUSR1, and to display some debug info when doing a SIGHUP and a SIGQUIT.
2018-11-20 11:36:53 -05:00
signal_unregister(SIGUSR1);
signal_unregister(SIGHUP);
signal_unregister(SIGQUIT);
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
signal_register_fct(SIGTERM, mworker_catch_sigterm, SIGTERM);
signal_register_fct(SIGUSR1, mworker_catch_sigterm, SIGUSR1);
BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers If a new process is started with -sf and it fails to bind, it may send a SIGTTOU to the master process in hope that it will temporarily unbind. Unfortunately this one doesn't catch it and stops to background instead of forwarding the signal to the workers. The same is true for SIGTTIN. This commit simply implements an extra signal handler for the master to deal with such signals that must be passed down to the workers. It must be backported as far as 1.8, though there the code differs in that it's entirely in haproxy.c and doesn't require an extra sig handler.
2019-12-11 08:24:07 -05:00
signal_register_fct(SIGTTIN, mworker_broadcast_signal, SIGTTIN);
signal_register_fct(SIGTTOU, mworker_broadcast_signal, SIGTTOU);
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
signal_register_fct(SIGINT, mworker_catch_sigterm, SIGINT);
signal_register_fct(SIGHUP, mworker_catch_sighup, SIGHUP);
signal_register_fct(SIGUSR2, mworker_catch_sighup, SIGUSR2);
signal_register_fct(SIGCHLD, mworker_catch_sigchld, SIGCHLD);
mworker_unblock_signals();
mworker_cleanlisteners();
BUG/MEDIUM: mworker: stop every tasks in the master The master is not supposed to run (at the moment) any task before the polling loop, the created tasks should be run only in the workers but in the master they should be disabled or removed. No backport needed.
2018-12-06 08:05:20 -05:00
mworker_cleantasks();
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
mworker_catch_sigchld(NULL); /* ensure we clean the children in case
some SIGCHLD were lost */
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
global.nbthread = 1;
relative_pid = 1;
pid_bit = 1;
MINOR: config: keep an all_proc_mask like we have all_threads_mask This simplifies some mask comparisons at various places where nbits(global.nbproc) was used.
2019-02-02 11:11:28 -05:00
all_proc_mask = 1;
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
MINOR: mworker: set all_threads_mask and pid_bit to 1 Reinit the all_threads_mask and pid_bit to 1 before the master polling loop, this process is monothread.
2018-12-14 09:52:39 -05:00
#ifdef USE_THREAD
tid_bit = 1;
all_threads_mask = 1;
#endif
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
jobs++; /* this is the "master" job, we want to take care of the
signals even if there is no listener so the poll loop don't
leave */
fork_poller();
MINOR: init/threads: remove the useless tids[] array It's still obscure how we managed to initialize an array of integers with values always equal to the index, just to retrieve the value from an opaque pointer to the index instead of directly using it! I suspect it's a leftover from the very early threading experiments. This commit gets rid of this and simply passes the thread ID as the argument to run_thread_poll_loop(), thus significantly simplifying the few call places and removing the need to allocate then free an array of identity.
2019-05-03 03:27:30 -04:00
run_thread_poll_loop(0);
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
/*
* Reexec the process in failure mode, instead of exiting
*/
void reexec_on_failure()
{
if (!atexit_flag)
return;
setenv("HAPROXY_MWORKER_WAIT_ONLY", "1", 1);
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Reexecuting Master process in waitpid mode\n");
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
mworker_reload();
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
[MEDIUM] signals: support redistribution of signal zero when stopping Signal zero is never delivered by the system. However having a signal to which functions and tasks can subscribe to be notified of a stopping event is useful. So this patch does two things : 1) allow signal zero to be delivered from any function of signal handler 2) make soft_stop() deliver this signal so that tasks can be notified of a stopping condition.
2010-08-27 12:26:11 -04:00
* upon SIGUSR1, let's have a soft stop. Note that soft_stop() broadcasts
* a signal zero to all subscribers. This means that it's as easy as
* subscribing to signal 0 to get informed about an imminent shutdown.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void sig_soft_stop(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
soft_stop();
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
signal_unregister_handler(sh);
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_gc(NULL);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/*
* upon SIGTTOU, we pause everything
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void sig_pause(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
pause_proxies();
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_gc(NULL);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/*
* upon SIGTTIN, let's have a soft stop.
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void sig_listen(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
[MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c Managing listeners state is difficult because they have their own state and can at the same time have theirs dictated by their proxy. The pause is not done properly, as the proxy code is fiddling with sockets. By introducing new functions such as pause_listener()/resume_listener(), we make it a bit more obvious how/when they're supposed to be used. The listen_proxies() function was also renamed to resume_proxies() since it's only used for pause/resume. This patch is the first in a series aiming at getting rid of the maintain_proxies mess. In the end, proxies should not call enable_listener()/disable_listener() anymore.
2011-07-24 12:28:10 -04:00
resume_proxies();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/*
* this function dumps every server's state when the process receives SIGHUP.
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void sig_dump_state(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
struct proxy *p = proxies_list;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("SIGHUP received, dumping servers states.\n");
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
while (p) {
struct server *s = p->srv;
send_log(p, LOG_NOTICE, "SIGHUP received, dumping servers states for proxy %s.\n", p->id);
while (s) {
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_printf(&trash,
"SIGHUP: Server %s/%s is %s. Conn: %d act, %d pend, %lld tot.",
p->id, s->id,
MEDIUM: check: server states and weight propagation re-work The server state and weight was reworked to handle "pending" values updated by checks/CLI/LUA/agent. These values are commited to be propagated to the LB stack. In further dev related to multi-thread, the commit will be handled into a sync point. Pending values are named using the prefix 'next_' Current values used by the LB stack are named 'cur_'
2017-08-31 08:41:55 -04:00
(s->cur_state != SRV_ST_STOPPED) ? "UP" : "DOWN",
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
s->cur_sess, s->nbpend, s->counters.cum_sess);
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
ha_warning("%s\n", trash.area);
send_log(p, LOG_NOTICE, "%s\n", trash.area);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
s = s->next;
}
[MINOR] fix the SIGHUP message not to alert on server-less proxies The SIGHUP message was designed long before it was possible to have no server in a proxy. Remove the alert in case there's no server.
2007-09-17 05:27:09 -04:00
/* FIXME: those info are a bit outdated. We should be able to distinguish between FE and BE. */
if (!p->srv) {
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_printf(&trash,
"SIGHUP: Proxy %s has no servers. Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld.",
p->id,
p->feconn, p->beconn, p->totpend, p->nbpend, p->fe_counters.cum_conn, p->be_counters.cum_conn);
[MINOR] fix the SIGHUP message not to alert on server-less proxies The SIGHUP message was designed long before it was possible to have no server in a proxy. Remove the alert in case there's no server.
2007-09-17 05:27:09 -04:00
} else if (p->srv_act == 0) {
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_printf(&trash,
"SIGHUP: Proxy %s %s ! Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld.",
p->id,
(p->srv_bck) ? "is running on backup servers" : "has no server available",
p->feconn, p->beconn, p->totpend, p->nbpend, p->fe_counters.cum_conn, p->be_counters.cum_conn);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else {
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_printf(&trash,
"SIGHUP: Proxy %s has %d active servers and %d backup servers available."
" Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld.",
p->id, p->srv_act, p->srv_bck,
p->feconn, p->beconn, p->totpend, p->nbpend, p->fe_counters.cum_conn, p->be_counters.cum_conn);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
ha_warning("%s\n", trash.area);
send_log(p, LOG_NOTICE, "%s\n", trash.area);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
p = p->next;
}
}
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void dump(struct sig_handler *sh)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
[MAJOR] migrated task, tree64 and session to pool2 task and tree64 are already very close in size and are merged together. Overall performance gained slightly by this simple change.
2007-05-13 13:43:47 -04:00
/* dump memory usage then free everything possible */
dump_pools();
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_gc(NULL);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
/*
* This function dup2 the stdio FDs (0,1,2) with <fd>, then closes <fd>
* If <fd> < 0, it opens /dev/null and use it to dup
*
* In the case of chrooting, you have to open /dev/null before the chroot, and
* pass the <fd> to this function
*/
static void stdio_quiet(int fd)
{
if (fd < 0)
fd = open("/dev/null", O_RDWR, 0);
if (fd > -1) {
fclose(stdin);
fclose(stdout);
fclose(stderr);
dup2(fd, 0);
dup2(fd, 1);
dup2(fd, 2);
if (fd > 2)
close(fd);
return;
}
ha_alert("Cannot open /dev/null\n");
exit(EXIT_FAILURE);
}
CLEANUP: Fix some typos in the haproxy subsystem Fix some typos in the code comments of the haproxy subsystem.
2018-11-15 13:41:50 -05:00
/* This function checks if cfg_cfgfiles contains directories.
* If it finds one, it adds all the files (and only files) it contains
* in cfg_cfgfiles in place of the directory (and removes the directory).
* It adds the files in lexical order.
* It adds only files with .cfg extension.
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
* It doesn't add files with name starting with '.'
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void cfgfiles_expand_directories(void)
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
{
struct wordlist *wl, *wlb;
char *err = NULL;
list_for_each_entry_safe(wl, wlb, &cfg_cfgfiles, list) {
struct stat file_stat;
struct dirent **dir_entries = NULL;
int dir_entries_nb;
int dir_entries_it;
if (stat(wl->s, &file_stat)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot open configuration file/directory %s : %s\n",
wl->s,
strerror(errno));
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
if (!S_ISDIR(file_stat.st_mode))
continue;
/* from this point wl->s is a directory */
dir_entries_nb = scandir(wl->s, &dir_entries, NULL, alphasort);
if (dir_entries_nb < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot open configuration directory %s : %s\n",
wl->s,
strerror(errno));
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
/* for each element in the directory wl->s */
for (dir_entries_it = 0; dir_entries_it < dir_entries_nb; dir_entries_it++) {
struct dirent *dir_entry = dir_entries[dir_entries_it];
char *filename = NULL;
char *d_name_cfgext = strstr(dir_entry->d_name, ".cfg");
/* don't add filename that begin with .
CLEANUP: Fix some typos in the haproxy subsystem Fix some typos in the code comments of the haproxy subsystem.
2018-11-15 13:41:50 -05:00
* only add filename with .cfg extension
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
*/
if (dir_entry->d_name[0] == '.' ||
!(d_name_cfgext && d_name_cfgext[4] == '\0'))
goto next_dir_entry;
if (!memprintf(&filename, "%s/%s", wl->s, dir_entry->d_name)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot load configuration files %s : out of memory.\n",
filename);
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
if (stat(filename, &file_stat)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot open configuration file %s : %s\n",
wl->s,
strerror(errno));
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
/* don't add anything else than regular file in cfg_cfgfiles
* this way we avoid loops
*/
if (!S_ISREG(file_stat.st_mode))
goto next_dir_entry;
if (!list_append_word(&wl->list, filename, &err)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot load configuration files %s : %s\n",
filename,
err);
MEDIUM: init: allow directory as argument of -f If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (respecting LC_COLLATE). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir |-- dir1 ||-- .6.cfg ||-- 1.cfg ||-- 2 ||-- 3.cfg ||-- 4.cfg -> 1.cfg ||-- 5 -> 1.cfg ||-- 7.cfg -> . |`-- dir4 |`-- 8.cfg |-- dir2 ||-- 10.cfg |`-- 9.cfg |-- dir3 |`-- 11.cfg |-- link -> dir3/ |-- root1 |-- root2 `-- root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload.
2016-05-13 17:52:56 -04:00
exit(1);
}
next_dir_entry:
free(filename);
free(dir_entry);
}
free(dir_entries);
/* remove the current directory (wl) from cfg_cfgfiles */
free(wl->s);
LIST_DEL(&wl->list);
free(wl);
}
free(err);
}
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
static int get_old_sockets(const char *unixsocket)
{
char *cmsgbuf = NULL, *tmpbuf = NULL;
int *tmpfd = NULL;
struct sockaddr_un addr;
struct cmsghdr *cmsg;
struct msghdr msghdr;
struct iovec iov;
struct xfer_sock_list *xfer_sock = NULL;
MINOR: socket transfer: Set a timeout on the socket. Make sure we're not stuck forever by setting a timeout on the socket.
2017-04-06 08:45:14 -04:00
struct timeval tv = { .tv_sec = 1, .tv_usec = 0 };
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
int sock = -1;
int ret = -1;
int ret2 = -1;
int fd_nb;
int got_fd = 0;
int i = 0;
size_t maxoff = 0, curoff = 0;
memset(&msghdr, 0, sizeof(msghdr));
cmsgbuf = malloc(CMSG_SPACE(sizeof(int)) * MAX_SEND_FD);
if (!cmsgbuf) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory to send sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
sock = socket(PF_UNIX, SOCK_STREAM, 0);
if (sock < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to connect to the old process socket '%s'\n",
unixsocket);
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
BUILD/MINOR: unix sockets: silence an absurd gcc warning about strncpy() Apparently gcc developers decided that strncpy() semantics are no longer valid and now deserve a warning, especially if used exactly as designed. This results in issue #304. Let's just remove one to the target size to please her majesty gcc, the God of C Compilers, who tries hard to make users completely eliminate any use of string.h and reimplement it by themselves at much higher risks. Pfff.... This can be backported to stable version, the fix is harmless since it ignores the last zero that is already set on next line.
2019-12-11 10:29:10 -05:00
strncpy(addr.sun_path, unixsocket, sizeof(addr.sun_path) - 1);
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
addr.sun_path[sizeof(addr.sun_path) - 1] = 0;
addr.sun_family = PF_UNIX;
ret = connect(sock, (struct sockaddr *)&addr, sizeof(addr));
if (ret < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to connect to the old process socket '%s'\n",
unixsocket);
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
MINOR: socket transfer: Set a timeout on the socket. Make sure we're not stuck forever by setting a timeout on the socket.
2017-04-06 08:45:14 -04:00
setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (void *)&tv, sizeof(tv));
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
iov.iov_base = &fd_nb;
iov.iov_len = sizeof(fd_nb);
msghdr.msg_iov = &iov;
msghdr.msg_iovlen = 1;
send(sock, "_getsocks\n", strlen("_getsocks\n"), 0);
/* First, get the number of file descriptors to be received */
if (recvmsg(sock, &msghdr, MSG_WAITALL) != sizeof(fd_nb)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to get the number of sockets to be transferred !\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
if (fd_nb == 0) {
ret = 0;
goto out;
}
BUILD: use MAXPATHLEN instead of NAME_MAX. This fixes building on at least Solaris, where NAME_MAX doesn't exist.
2017-11-04 10:13:01 -04:00
tmpbuf = malloc(fd_nb * (1 + MAXPATHLEN + 1 + IFNAMSIZ + sizeof(int)));
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
if (tmpbuf == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory while receiving sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
tmpfd = malloc(fd_nb * sizeof(int));
if (tmpfd == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory while receiving sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
msghdr.msg_control = cmsgbuf;
msghdr.msg_controllen = CMSG_SPACE(sizeof(int)) * MAX_SEND_FD;
BUILD: use MAXPATHLEN instead of NAME_MAX. This fixes building on at least Solaris, where NAME_MAX doesn't exist.
2017-11-04 10:13:01 -04:00
iov.iov_len = MAX_SEND_FD * (1 + MAXPATHLEN + 1 + IFNAMSIZ + sizeof(int));
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
do {
int ret3;
iov.iov_base = tmpbuf + curoff;
ret = recvmsg(sock, &msghdr, 0);
if (ret == -1 && errno == EINTR)
continue;
if (ret <= 0)
break;
/* Send an ack to let the sender know we got the sockets
* and it can send some more
*/
do {
ret3 = send(sock, &got_fd, sizeof(got_fd), 0);
} while (ret3 == -1 && errno == EINTR);
for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg != NULL;
cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
if (cmsg->cmsg_level == SOL_SOCKET &&
cmsg->cmsg_type == SCM_RIGHTS) {
size_t totlen = cmsg->cmsg_len -
CMSG_LEN(0);
if (totlen / sizeof(int) + got_fd > fd_nb) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Got to many sockets !\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
/*
* Be paranoid and use memcpy() to avoid any
* potential alignement issue.
*/
memcpy(&tmpfd[got_fd], CMSG_DATA(cmsg), totlen);
got_fd += totlen / sizeof(int);
}
}
curoff += ret;
} while (got_fd < fd_nb);
if (got_fd != fd_nb) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("We didn't get the expected number of sockets (expecting %d got %d)\n",
fd_nb, got_fd);
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
maxoff = curoff;
curoff = 0;
for (i = 0; i < got_fd; i++) {
int fd = tmpfd[i];
socklen_t socklen;
int len;
xfer_sock = calloc(1, sizeof(*xfer_sock));
if (!xfer_sock) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory in get_old_sockets() !\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
break;
}
xfer_sock->fd = -1;
socklen = sizeof(xfer_sock->addr);
if (getsockname(fd, (struct sockaddr *)&xfer_sock->addr, &socklen) != 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to get socket address\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
free(xfer_sock);
BUG/MINOR: Prevent a use-after-free on error scenario on option "-x". This was introduced with recent commit f73629d ("MINOR: global: Add an option to get the old listening sockets."). No backport is needed.
2017-07-17 11:25:33 -04:00
xfer_sock = NULL;
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
continue;
}
if (curoff >= maxoff) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Inconsistency while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
len = tmpbuf[curoff++];
if (len > 0) {
/* We have a namespace */
if (curoff + len > maxoff) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Inconsistency while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
xfer_sock->namespace = malloc(len + 1);
if (!xfer_sock->namespace) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
memcpy(xfer_sock->namespace, &tmpbuf[curoff], len);
xfer_sock->namespace[len] = 0;
curoff += len;
}
if (curoff >= maxoff) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Inconsistency while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
len = tmpbuf[curoff++];
if (len > 0) {
/* We have an interface */
if (curoff + len > maxoff) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Inconsistency while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
xfer_sock->iface = malloc(len + 1);
if (!xfer_sock->iface) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Failed to allocate memory while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
memcpy(xfer_sock->iface, &tmpbuf[curoff], len);
BUG/MINOR: seemless reload: Fix crash when an interface is specified. When doing a seemless reload, while receiving the sockets from the old process the new process will die if the socket has been bound to a specific interface. This happens because the code that tries to parse the informations bogusly try to set xfer_sock->namespace, while it should be setting wfer_sock->iface. This should be backported to 1.8.
2018-03-15 12:48:49 -04:00
xfer_sock->iface[len] = 0;
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
curoff += len;
}
if (curoff + sizeof(int) > maxoff) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Inconsistency while transferring sockets\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
goto out;
}
memcpy(&xfer_sock->options, &tmpbuf[curoff],
sizeof(xfer_sock->options));
curoff += sizeof(xfer_sock->options);
xfer_sock->fd = fd;
if (xfer_sock_list)
xfer_sock_list->prev = xfer_sock;
xfer_sock->next = xfer_sock_list;
xfer_sock->prev = NULL;
xfer_sock_list = xfer_sock;
xfer_sock = NULL;
}
ret2 = 0;
out:
/* If we failed midway make sure to close the remaining
* file descriptors
*/
if (tmpfd != NULL && i < got_fd) {
for (; i < got_fd; i++) {
close(tmpfd[i]);
}
}
free(tmpbuf);
free(tmpfd);
free(cmsgbuf);
if (sock != -1)
close(sock);
if (xfer_sock) {
free(xfer_sock->namespace);
free(xfer_sock->iface);
if (xfer_sock->fd != -1)
close(xfer_sock->fd);
free(xfer_sock);
}
return (ret2);
}
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
/*
* copy and cleanup the current argv
* Remove the -sf /-st parameters
* Return an allocated copy of argv
*/
static char **copy_argv(int argc, char **argv)
{
char **newargv;
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
int i = 0, j = 0;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
newargv = calloc(argc + 2, sizeof(char *));
if (newargv == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Cannot allocate memory\n");
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
return NULL;
}
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
while (i < argc) {
/* -sf or -st or -x */
BUG/MEDIUM: mworker: execvp failure depending on argv[0] The copy_argv() function lacks a check on '-' to remove the -x, -sf and -st parameters. When reloading a master process with a path starting by /st, /sf, or /x.. the copy_argv() function skipped argv[0] leading to an execvp() without the binary.
2018-01-09 17:12:27 -05:00
if (i > 0 && argv[i][0] == '-' &&
((argv[i][1] == 's' && (argv[i][2] == 'f' || argv[i][2] == 't')) || argv[i][1] == 'x' )) {
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
/* list of pids to finish ('f') or terminate ('t') or unix socket (-x) */
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
i++;
while (i < argc && argv[i][0] != '-') {
i++;
}
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
continue;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
}
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
newargv[j++] = argv[i++];
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
}
MINOR: mworker: don't copy -x argument anymore in copy_argv() Don't copy the -x argument anymore in copy_argv() since it's already allocated in mworker_reload(). Make the copy_argv() more consistent when used with multiple arguments to strip. It prevents multiple -x on reload, which is not supported.
2017-06-20 05:20:23 -04:00
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
return newargv;
}
BUG/MEDIUM: random: initialize the random pool a bit better Since the UUID sample fetch was created, some people noticed that in certain virtualized environments they manage to get exact same UUIDs on different instances started exactly at the same moment. It turns out that the randoms were only initialized to spread the health checks originally, not to provide "clean" randoms. This patch changes this and collects more randomness from various sources, including existing randoms, /dev/urandom when available, RAND_bytes() when OpenSSL is available, as well as the timing for such operations, then applies a SHA1 on all this to keep a 160 bits random seed available, 32 of which are passed to srandom(). It's worth mentioning that there's no clean way to pass more than 32 bits to srandom() as even initstate() provides an opaque state that must absolutely not be tampered with since known implementations contain state information. At least this allows to have up to 4 billion different sequences from the boot, which is not that bad. Note that the thread safety was still not addressed, which is another issue for another patch. This must be backported to all versions containing the UUID sample fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
/* Performs basic random seed initialization. The main issue with this is that
* srandom_r() only takes 32 bits and purposely provides a reproducible sequence,
* which means that there will only be 4 billion possible random sequences once
* srandom() is called, regardless of the internal state. Not calling it is
* even worse as we'll always produce the same randoms sequences. What we do
* here is to create an initial sequence from various entropy sources, hash it
* using SHA1 and keep the resulting 160 bits available globally.
*
* We initialize the current process with the first 32 bits before starting the
* polling loop, where all this will be changed to have process specific and
* thread specific sequences.
BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG This is the replacement of failed attempt to add thread safety and per-process sequences of random numbers initally tried with commit 1c306aa84d ("BUG/MEDIUM: random: implement per-thread and per-process random sequences"). This new version takes a completely different approach and doesn't try to work around the horrible OS-specific and non-portable random API anymore. Instead it implements "xoroshiro128**", a reputedly high quality random number generator, which is one of the many variants of xorshift, which passes all quality tests and which is described here: http://prng.di.unimi.it/ While not cryptographically secure, it is fast and features a 2^128-1 period. It supports fast jumps allowing to cut the period into smaller non-overlapping sequences, which we use here to support up to 2^32 processes each having their own, non-overlapping sequence of 2^96 numbers (~7*10^28). This is enough to provide 1 billion randoms per second and per process for 2200 billion years. The implementation was made thread-safe either by using a double 64-bit CAS on platforms supporting it (x86_64, aarch64) or by using a local lock for the time needed to perform the shift operations. This ensures that all threads pick numbers from the same pool so that it is not needed to assign per-thread ranges. For processes we use the fast jump method to advance the sequence by 2^96 for each process. Before this patch, the following config: global nbproc 8 frontend f bind :4445 mode http log stdout format raw daemon log-format "%[uuid] %pid" redirect location / Would produce this output: a4d0ad64-2645-4b74-b894-48acce0669af 12987 a4d0ad64-2645-4b74-b894-48acce0669af 12992 a4d0ad64-2645-4b74-b894-48acce0669af 12986 a4d0ad64-2645-4b74-b894-48acce0669af 12988 a4d0ad64-2645-4b74-b894-48acce0669af 12991 a4d0ad64-2645-4b74-b894-48acce0669af 12989 a4d0ad64-2645-4b74-b894-48acce0669af 12990 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12987 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12992 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12986 (...) And now produces: f94b29b3-da74-4e03-a0c5-a532c635bad9 13011 47470c02-4862-4c33-80e7-a952899570e5 13014 86332123-539a-47bf-853f-8c8ea8b2a2b5 13013 8f9efa99-3143-47b2-83cf-d618c8dea711 13012 3cc0f5c7-d790-496b-8d39-bec77647af5b 13015 3ec64915-8f95-4374-9e66-e777dc8791e0 13009 0f9bf894-dcde-408c-b094-6e0bb3255452 13011 49c7bfde-3ffb-40e9-9a8d-8084d650ed8f 13014 e23f6f2e-35c5-4433-a294-b790ab902653 13012 There are multiple benefits to using this method. First, it doesn't depend anymore on a non-portable API. Second it's thread safe. Third it is fast and more proven than any hack we could attempt to try to work around the deficiencies of the various implementations around. This commit depends on previous patches "MINOR: tools: add 64-bit rotate operators" and "BUG/MEDIUM: random: initialize the random pool a bit better", all of which will need to be backported at least as far as version 2.0. It doesn't require to backport the build fixes for circular include files dependecy anymore.
2020-03-07 18:42:37 -05:00
*
* Before starting threads, it's still possible to call random() as srandom()
* is initialized from this, but after threads and/or processes are started,
* only ha_random() is expected to be used to guarantee distinct sequences.
BUG/MEDIUM: random: initialize the random pool a bit better Since the UUID sample fetch was created, some people noticed that in certain virtualized environments they manage to get exact same UUIDs on different instances started exactly at the same moment. It turns out that the randoms were only initialized to spread the health checks originally, not to provide "clean" randoms. This patch changes this and collects more randomness from various sources, including existing randoms, /dev/urandom when available, RAND_bytes() when OpenSSL is available, as well as the timing for such operations, then applies a SHA1 on all this to keep a 160 bits random seed available, 32 of which are passed to srandom(). It's worth mentioning that there's no clean way to pass more than 32 bits to srandom() as even initstate() provides an opaque state that must absolutely not be tampered with since known implementations contain state information. At least this allows to have up to 4 billion different sequences from the boot, which is not that bad. Note that the thread safety was still not addressed, which is another issue for another patch. This must be backported to all versions containing the UUID sample fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
*/
static void ha_random_boot(char *const *argv)
{
unsigned char message[256];
unsigned char *m = message;
struct timeval tv;
blk_SHA_CTX ctx;
unsigned long l;
int fd;
int i;
/* start with current time as pseudo-random seed */
gettimeofday(&tv, NULL);
write_u32(m, tv.tv_sec); m += 4;
write_u32(m, tv.tv_usec); m += 4;
/* PID and PPID add some OS-based randomness */
write_u16(m, getpid()); m += 2;
write_u16(m, getppid()); m += 2;
/* take up to 160 bits bytes from /dev/urandom if available (non-blocking) */
fd = open("/dev/urandom", O_RDONLY);
if (fd >= 0) {
i = read(fd, m, 20);
if (i > 0)
m += i;
close(fd);
}
/* take up to 160 bits bytes from openssl (non-blocking) */
#ifdef USE_OPENSSL
if (RAND_bytes(m, 20) == 1)
m += 20;
#endif
/* take 160 bits from existing random in case it was already initialized */
for (i = 0; i < 5; i++) {
write_u32(m, random());
m += 4;
}
/* stack address (benefit form operating system's ASLR) */
l = (unsigned long)&m;
memcpy(m, &l, sizeof(l)); m += sizeof(l);
/* argv address (benefit form operating system's ASLR) */
l = (unsigned long)&argv;
memcpy(m, &l, sizeof(l)); m += sizeof(l);
/* use tv_usec again after all the operations above */
gettimeofday(&tv, NULL);
write_u32(m, tv.tv_usec); m += 4;
/*
* At this point, ~84-92 bytes have been used
*/
/* finish with the hostname */
strncpy((char *)m, hostname, message + sizeof(message) - m);
m += strlen(hostname);
/* total message length */
l = m - message;
memset(&ctx, 0, sizeof(ctx));
blk_SHA1_Init(&ctx);
blk_SHA1_Update(&ctx, message, l);
blk_SHA1_Final(boot_seed, &ctx);
srandom(read_u32(boot_seed));
BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG This is the replacement of failed attempt to add thread safety and per-process sequences of random numbers initally tried with commit 1c306aa84d ("BUG/MEDIUM: random: implement per-thread and per-process random sequences"). This new version takes a completely different approach and doesn't try to work around the horrible OS-specific and non-portable random API anymore. Instead it implements "xoroshiro128**", a reputedly high quality random number generator, which is one of the many variants of xorshift, which passes all quality tests and which is described here: http://prng.di.unimi.it/ While not cryptographically secure, it is fast and features a 2^128-1 period. It supports fast jumps allowing to cut the period into smaller non-overlapping sequences, which we use here to support up to 2^32 processes each having their own, non-overlapping sequence of 2^96 numbers (~7*10^28). This is enough to provide 1 billion randoms per second and per process for 2200 billion years. The implementation was made thread-safe either by using a double 64-bit CAS on platforms supporting it (x86_64, aarch64) or by using a local lock for the time needed to perform the shift operations. This ensures that all threads pick numbers from the same pool so that it is not needed to assign per-thread ranges. For processes we use the fast jump method to advance the sequence by 2^96 for each process. Before this patch, the following config: global nbproc 8 frontend f bind :4445 mode http log stdout format raw daemon log-format "%[uuid] %pid" redirect location / Would produce this output: a4d0ad64-2645-4b74-b894-48acce0669af 12987 a4d0ad64-2645-4b74-b894-48acce0669af 12992 a4d0ad64-2645-4b74-b894-48acce0669af 12986 a4d0ad64-2645-4b74-b894-48acce0669af 12988 a4d0ad64-2645-4b74-b894-48acce0669af 12991 a4d0ad64-2645-4b74-b894-48acce0669af 12989 a4d0ad64-2645-4b74-b894-48acce0669af 12990 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12987 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12992 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12986 (...) And now produces: f94b29b3-da74-4e03-a0c5-a532c635bad9 13011 47470c02-4862-4c33-80e7-a952899570e5 13014 86332123-539a-47bf-853f-8c8ea8b2a2b5 13013 8f9efa99-3143-47b2-83cf-d618c8dea711 13012 3cc0f5c7-d790-496b-8d39-bec77647af5b 13015 3ec64915-8f95-4374-9e66-e777dc8791e0 13009 0f9bf894-dcde-408c-b094-6e0bb3255452 13011 49c7bfde-3ffb-40e9-9a8d-8084d650ed8f 13014 e23f6f2e-35c5-4433-a294-b790ab902653 13012 There are multiple benefits to using this method. First, it doesn't depend anymore on a non-portable API. Second it's thread safe. Third it is fast and more proven than any hack we could attempt to try to work around the deficiencies of the various implementations around. This commit depends on previous patches "MINOR: tools: add 64-bit rotate operators" and "BUG/MEDIUM: random: initialize the random pool a bit better", all of which will need to be backported at least as far as version 2.0. It doesn't require to backport the build fixes for circular include files dependecy anymore.
2020-03-07 18:42:37 -05:00
ha_random_seed(boot_seed, sizeof(boot_seed));
BUG/MEDIUM: random: initialize the random pool a bit better Since the UUID sample fetch was created, some people noticed that in certain virtualized environments they manage to get exact same UUIDs on different instances started exactly at the same moment. It turns out that the randoms were only initialized to spread the health checks originally, not to provide "clean" randoms. This patch changes this and collects more randomness from various sources, including existing randoms, /dev/urandom when available, RAND_bytes() when OpenSSL is available, as well as the timing for such operations, then applies a SHA1 on all this to keep a 160 bits random seed available, 32 of which are passed to srandom(). It's worth mentioning that there's no clean way to pass more than 32 bits to srandom() as even initstate() provides an opaque state that must absolutely not be tampered with since known implementations contain state information. At least this allows to have up to 4 billion different sequences from the boot, which is not that bad. Note that the thread safety was still not addressed, which is another issue for another patch. This must be backported to all versions containing the UUID sample fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
}
MINOR: init: make the maxpipe computation more accurate The default number of pipes is adjusted based on the sum of frontends and backends maxconn/fullconn settings. Now that it is possible to have a null maxconn on a frontend to indicate "unlimited" with commit c8d5b95e6 ("MEDIUM: config: don't enforce a low frontend maxconn value anymore"), the sum of maxconn may remain low and limited to the only frontends/backends where this limit is set. This patch considers this new unlimited case when doing the check, and automatically switches to the default value which is maxconn/4 in this case. All the calculation was moved to a distinct function for ease of use. This function also supports returning unlimited (-1) when the value depends on global.maxconn and this latter is not yet set.
2019-03-01 08:19:31 -05:00
/* considers splicing proxies' maxconn, computes the ideal global.maxpipes
* setting, and returns it. It may return -1 meaning "unlimited" if some
* unlimited proxies have been found and the global.maxconn value is not yet
* set. It may also return a value greater than maxconn if it's not yet set.
* Note that a value of zero means there is no need for pipes. -1 is never
* returned if global.maxconn is valid.
*/
static int compute_ideal_maxpipes()
{
struct proxy *cur;
int nbfe = 0, nbbe = 0;
int unlimited = 0;
int pipes;
int max;
for (cur = proxies_list; cur; cur = cur->next) {
if (cur->options2 & (PR_O2_SPLIC_ANY)) {
if (cur->cap & PR_CAP_FE) {
max = cur->maxconn;
nbfe += max;
if (!max) {
unlimited = 1;
break;
}
}
if (cur->cap & PR_CAP_BE) {
max = cur->fullconn ? cur->fullconn : global.maxconn;
nbbe += max;
if (!max) {
unlimited = 1;
break;
}
}
}
}
pipes = MAX(nbfe, nbbe);
if (global.maxconn) {
if (pipes > global.maxconn || unlimited)
pipes = global.maxconn;
} else if (unlimited) {
pipes = -1;
}
return pipes >= 4 ? pipes / 4 : pipes;
}
MEDIUM: init: make the global maxconn default to what rlim_fd_cur permits The global maxconn value is often a pain to configure : - in development the user never has the permissions to increase the rlim_cur value too high and gets warnings all the time ; - in some production environments, users may have limited actions on it or may only be able to act on rlim_fd_cur using ulimit -n. This is sometimes particularly true in containers or whatever environment where the user has no privilege to upgrade the limits. - keeping config homogenous between machines is even less easy. We already had the ability to automatically compute maxconn from the memory limits when they were set. This patch goes a bit further by also computing the limit permitted by the configured limit on the number of FDs. For this it simply reverses the rlim_fd_cur calculation to determine maxconn based on the number of reserved sockets for listeners & checks, the number of SSL engines and the number of pipes (absolute or relative). This way it becomes possible to make maxconn always be the highest possible value resulting in maxsock matching what was set using "ulimit -n", without ever setting it. Note that we adjust to the soft limit, not the hard one, since it's what is configured with ulimit -n. This allows users to also limit to low values if needed. Just like before, the calculated value is reported in verbose mode.
2019-03-01 09:43:14 -05:00
/* considers global.maxsocks, global.maxpipes, async engines, SSL frontends and
* rlimits and computes an ideal maxconn. It's meant to be called only when
* maxsock contains the sum of listening FDs, before it is updated based on
MINOR: config: continue to rely on DEFAULT_MAXCONN to set the minimum maxconn Some packages used to rely on DEFAULT_MAXCONN to set the default global maxconn value to use regardless of the initial ulimit. The recent changes made the lowest bound set to 100 so that it is compatible with almost any environment. Now that DEFAULT_MAXCONN is not needed for anything else, we can use it for the lowest bound set when maxconn is not configured. This way it retains its original purpose of setting the default maxconn value eventhough most of the time the effective value will be higher thanks to the automatic computation based on "ulimit -n".
2019-03-13 05:10:49 -04:00
* maxconn and pipes. If there are not enough FDs left, DEFAULT_MAXCONN (by
* default 100) is returned as it is expected that it will even run on tight
* environments, and will maintain compatibility with previous packages that
* used to rely on this value as the default one. The system will emit a
* warning indicating how many FDs are missing anyway if needed.
MEDIUM: init: make the global maxconn default to what rlim_fd_cur permits The global maxconn value is often a pain to configure : - in development the user never has the permissions to increase the rlim_cur value too high and gets warnings all the time ; - in some production environments, users may have limited actions on it or may only be able to act on rlim_fd_cur using ulimit -n. This is sometimes particularly true in containers or whatever environment where the user has no privilege to upgrade the limits. - keeping config homogenous between machines is even less easy. We already had the ability to automatically compute maxconn from the memory limits when they were set. This patch goes a bit further by also computing the limit permitted by the configured limit on the number of FDs. For this it simply reverses the rlim_fd_cur calculation to determine maxconn based on the number of reserved sockets for listeners & checks, the number of SSL engines and the number of pipes (absolute or relative). This way it becomes possible to make maxconn always be the highest possible value resulting in maxsock matching what was set using "ulimit -n", without ever setting it. Note that we adjust to the soft limit, not the hard one, since it's what is configured with ulimit -n. This allows users to also limit to low values if needed. Just like before, the calculated value is reported in verbose mode.
2019-03-01 09:43:14 -05:00
*/
static int compute_ideal_maxconn()
{
int ssl_sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
int engine_fds = global.ssl_used_async_engines * ssl_sides;
int pipes = compute_ideal_maxpipes();
BUG/MINOR: init: make the automatic maxconn consider the max of soft/hard limits James Stroehmann reported something working as documented but that can be considered as a regression in the way the automatic maxconn is calculated from the process' limits : https://www.mail-archive.com/haproxy@formilux.org/msg36523.html The purpose of the changes in 2.0 was to have maxconn default to the highest possible value permitted to the user based on the ulimit -n setting, however the calculation starts from the soft limit, which can be lower than what users were allowed to with previous versions where the default value of 2000 would force a higher ulimit -n as long as it fitted in the hard limit. Usually this is not noticeable if the user changes the limits, because quite commonly setting a new value restricts both the soft and hard values. Let's instead always use the max between the hard and soft limits, as we know these values are permitted. This was tried on the following setup: $ cat ulimit-n.cfg global stats socket /tmp/sock1 level admin $ ulimit -n 1024 Before the change the limits would show like this: $ socat - /tmp/sock1 <<< "show info" | grep -im2 ^Max Maxsock: 1023 Maxconn: 489 After the change the limits are now much better and more in line with the default settings in earlier versions: $ socat - /tmp/sock1 <<< "show info" | grep -im2 ^Max Maxsock: 4095 Maxconn: 2025 The difference becomes even more obvious when running moderately large configs with hundreds of checked servers and hundreds of listeners: $ cat ulimit-n.cfg global stats socket /tmp/sock1 level admin listen l bind :10000-10300 server-template srv- 300 0.0.0.0 check disabled Before After Maxsock 1024 4096 Maxconn 189 1725 This issue is tagged as minor since a trivial config change fixes it, but it would help new users to have it backported as far as 2.0.
2020-03-06 04:25:31 -05:00
int remain = MAX(rlim_fd_cur_at_boot, rlim_fd_max_at_boot);
MEDIUM: init: make the global maxconn default to what rlim_fd_cur permits The global maxconn value is often a pain to configure : - in development the user never has the permissions to increase the rlim_cur value too high and gets warnings all the time ; - in some production environments, users may have limited actions on it or may only be able to act on rlim_fd_cur using ulimit -n. This is sometimes particularly true in containers or whatever environment where the user has no privilege to upgrade the limits. - keeping config homogenous between machines is even less easy. We already had the ability to automatically compute maxconn from the memory limits when they were set. This patch goes a bit further by also computing the limit permitted by the configured limit on the number of FDs. For this it simply reverses the rlim_fd_cur calculation to determine maxconn based on the number of reserved sockets for listeners & checks, the number of SSL engines and the number of pipes (absolute or relative). This way it becomes possible to make maxconn always be the highest possible value resulting in maxsock matching what was set using "ulimit -n", without ever setting it. Note that we adjust to the soft limit, not the hard one, since it's what is configured with ulimit -n. This allows users to also limit to low values if needed. Just like before, the calculated value is reported in verbose mode.
2019-03-01 09:43:14 -05:00
int maxconn;
/* we have to take into account these elements :
* - number of engine_fds, which inflates the number of FD needed per
* connection by this number.
* - number of pipes per connection on average : for the unlimited
* case, this is 0.5 pipe FDs per connection, otherwise it's a
* fixed value of 2*pipes.
* - two FDs per connection
*/
/* subtract listeners and checks */
remain -= global.maxsock;
BUG/MEDIUM: init/threads: consider epoll_fd/pipes for automatic maxconn calculation This is the equivalent of the previous patch for the automatic maxconn calculation. This doesn't need any backport.
2019-03-14 14:13:17 -04:00
/* one epoll_fd/kqueue_fd per thread */
remain -= global.nbthread;
/* one wake-up pipe (2 fd) per thread */
remain -= 2 * global.nbthread;
MEDIUM: init: make the global maxconn default to what rlim_fd_cur permits The global maxconn value is often a pain to configure : - in development the user never has the permissions to increase the rlim_cur value too high and gets warnings all the time ; - in some production environments, users may have limited actions on it or may only be able to act on rlim_fd_cur using ulimit -n. This is sometimes particularly true in containers or whatever environment where the user has no privilege to upgrade the limits. - keeping config homogenous between machines is even less easy. We already had the ability to automatically compute maxconn from the memory limits when they were set. This patch goes a bit further by also computing the limit permitted by the configured limit on the number of FDs. For this it simply reverses the rlim_fd_cur calculation to determine maxconn based on the number of reserved sockets for listeners & checks, the number of SSL engines and the number of pipes (absolute or relative). This way it becomes possible to make maxconn always be the highest possible value resulting in maxsock matching what was set using "ulimit -n", without ever setting it. Note that we adjust to the soft limit, not the hard one, since it's what is configured with ulimit -n. This allows users to also limit to low values if needed. Just like before, the calculated value is reported in verbose mode.
2019-03-01 09:43:14 -05:00
/* Fixed pipes values : we only subtract them if they're not larger
* than the remaining FDs because pipes are optional.
*/
if (pipes >= 0 && pipes * 2 < remain)
remain -= pipes * 2;
if (pipes < 0) {
/* maxsock = maxconn * 2 + maxconn/4 * 2 + maxconn * engine_fds.
* = maxconn * (2 + 0.5 + engine_fds)
* = maxconn * (4 + 1 + 2*engine_fds) / 2
*/
maxconn = 2 * remain / (5 + 2 * engine_fds);
} else {
/* maxsock = maxconn * 2 + maxconn * engine_fds.
* = maxconn * (2 + engine_fds)
*/
maxconn = remain / (2 + engine_fds);
}
MINOR: config: continue to rely on DEFAULT_MAXCONN to set the minimum maxconn Some packages used to rely on DEFAULT_MAXCONN to set the default global maxconn value to use regardless of the initial ulimit. The recent changes made the lowest bound set to 100 so that it is compatible with almost any environment. Now that DEFAULT_MAXCONN is not needed for anything else, we can use it for the lowest bound set when maxconn is not configured. This way it retains its original purpose of setting the default maxconn value eventhough most of the time the effective value will be higher thanks to the automatic computation based on "ulimit -n".
2019-03-13 05:10:49 -04:00
return MAX(maxconn, DEFAULT_MAXCONN);
MEDIUM: init: make the global maxconn default to what rlim_fd_cur permits The global maxconn value is often a pain to configure : - in development the user never has the permissions to increase the rlim_cur value too high and gets warnings all the time ; - in some production environments, users may have limited actions on it or may only be able to act on rlim_fd_cur using ulimit -n. This is sometimes particularly true in containers or whatever environment where the user has no privilege to upgrade the limits. - keeping config homogenous between machines is even less easy. We already had the ability to automatically compute maxconn from the memory limits when they were set. This patch goes a bit further by also computing the limit permitted by the configured limit on the number of FDs. For this it simply reverses the rlim_fd_cur calculation to determine maxconn based on the number of reserved sockets for listeners & checks, the number of SSL engines and the number of pipes (absolute or relative). This way it becomes possible to make maxconn always be the highest possible value resulting in maxsock matching what was set using "ulimit -n", without ever setting it. Note that we adjust to the soft limit, not the hard one, since it's what is configured with ulimit -n. This allows users to also limit to low values if needed. Just like before, the calculated value is reported in verbose mode.
2019-03-01 09:43:14 -05:00
}
MINOR: init: move the maxsock calculation code to compute_ideal_maxsock() The maxsock value is currently derived from global.maxconn and a few other settings, some of which also depend on global.maxconn. This makes it difficult to check if a limit is already too high or not during the maxconn automatic sizing. Let's move this code into a new function, compute_ideal_maxsock() which now takes a maxconn in argument. It performs the same operations and returns the maxsock value if global.maxconn were to be set to that value. It now replaces the previous code to compute maxsock.
2020-03-10 12:08:53 -04:00
/* computes the estimated maxsock value for the given maxconn based on the
* possibly set global.maxpipes and existing partial global.maxsock. It may
* temporarily change global.maxconn for the time needed to propagate the
* computations, and will reset it.
*/
static int compute_ideal_maxsock(int maxconn)
{
int maxpipes = global.maxpipes;
int maxsock = global.maxsock;
if (!maxpipes) {
int old_maxconn = global.maxconn;
global.maxconn = maxconn;
maxpipes = compute_ideal_maxpipes();
global.maxconn = old_maxconn;
}
maxsock += maxconn * 2; /* each connection needs two sockets */
maxsock += maxpipes * 2; /* each pipe needs two FDs */
maxsock += global.nbthread; /* one epoll_fd/kqueue_fd per thread */
maxsock += 2 * global.nbthread; /* one wake-up pipe (2 fd) per thread */
/* compute fd used by async engines */
if (global.ssl_used_async_engines) {
int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
maxsock += maxconn * sides * global.ssl_used_async_engines;
}
return maxsock;
}
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
/* Tests if it is possible to set the current process' RLIMIT_NOFILE to
* <maxsock>, then sets it back to the previous value. Returns non-zero if the
* value is accepted, non-zero otherwise. This is used to determine if an
* automatic limit may be applied or not. When it is not, the caller knows that
* the highest we can do is the rlim_max at boot. In case of error, we return
* that the setting is possible, so that we defer the error processing to the
* final stage in charge of enforcing this.
*/
static int check_if_maxsock_permitted(int maxsock)
{
struct rlimit orig_limit, test_limit;
int ret;
if (getrlimit(RLIMIT_NOFILE, &orig_limit) != 0)
return 1;
/* don't go further if we can't even set to what we have */
if (setrlimit(RLIMIT_NOFILE, &orig_limit) != 0)
return 1;
test_limit.rlim_max = MAX(maxsock, orig_limit.rlim_max);
test_limit.rlim_cur = test_limit.rlim_max;
ret = setrlimit(RLIMIT_NOFILE, &test_limit);
if (setrlimit(RLIMIT_NOFILE, &orig_limit) != 0)
return 1;
return ret == 0;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* This function initializes all the necessary variables. It only returns
* if everything is OK. If something fails, it exits.
*/
CLEANUP: haproxy: statify unexported functions haproxy.c is a real mess. Let's start to clean it up by declaring static all functions which are not exported (ie almost all of them).
2016-12-21 12:19:57 -05:00
static void init(int argc, char **argv)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
int arg_mode = 0; /* MODE_DEBUG, ... */
char *tmp;
char *cfg_pidfile = NULL;
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
int err_code = 0;
MEDIUM: init: use list_append_word in haproxy.c replace LIST_ADDQ with list_append_word
2016-05-13 17:52:55 -04:00
char *err_msg = NULL;
[MEDIUM] config: remove the limitation of 10 config files Now we use a linked list, there is no limit anymore.
2010-01-03 15:12:30 -05:00
struct wordlist *wl;
[MINOR] log: ability to override the syslog tag One of the requirements we have is to run multiple instances of haproxy on a single host; this is so that we can split the responsibilities (and change permissions) between product teams. An issue we ran up against is how we would distinguish between the logs generated by each instance. The solution we came up with (please let me know if there is a better way) is to override the application tag written to syslog. We can then configure syslog to write these to different files. I have attached a patch adding a global option 'log-tag' to override the default syslog tag 'haproxy' (actually defaults to argv[0]).
2010-12-22 11:08:21 -05:00
char *progname;
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
char *change_dir = NULL;
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
struct proxy *px;
MINOR: haproxy: add a registration for post-check functions There's a significant amount of late initialization calls which are performed after the point where we exit in check mode. These calls are used to allocate resource and perform certain slow operations. Let's have a way to register some functions which need to be called there instead of having this multitude of #ifdef in the init path.
2016-12-21 13:57:00 -05:00
struct post_check_fct *pcf;
MEDIUM: init: make the global maxconn default to what rlim_fd_cur permits The global maxconn value is often a pain to configure : - in development the user never has the permissions to increase the rlim_cur value too high and gets warnings all the time ; - in some production environments, users may have limited actions on it or may only be able to act on rlim_fd_cur using ulimit -n. This is sometimes particularly true in containers or whatever environment where the user has no privilege to upgrade the limits. - keeping config homogenous between machines is even less easy. We already had the ability to automatically compute maxconn from the memory limits when they were set. This patch goes a bit further by also computing the limit permitted by the configured limit on the number of FDs. For this it simply reverses the rlim_fd_cur calculation to determine maxconn based on the number of reserved sockets for listeners & checks, the number of SSL engines and the number of pipes (absolute or relative). This way it becomes possible to make maxconn always be the highest possible value resulting in maxsock matching what was set using "ulimit -n", without ever setting it. Note that we adjust to the soft limit, not the hard one, since it's what is configured with ulimit -n. This allows users to also limit to low values if needed. Just like before, the calculated value is reported in verbose mode.
2019-03-01 09:43:14 -05:00
int ideal_maxconn;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: startup: Extend the scope the MODE_STARTING flag Now, MODE_STARTING is set at the begining to init function and it is removed just before the polling loop. So more alerts or warnings are saved.
2017-10-24 07:53:54 -04:00
global.mode = MODE_STARTING;
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
next_argv = copy_argv(argc, argv);
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
if (!init_trash_buffers(1)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("failed to initialize trash buffers.\n");
MINOR: chunks: Use dedicated function to init/deinit trash buffers Now, we use init_trash_buffers and deinit_trash_buffers to, respectively, initialize and deinitialize trash buffers (trash, trash_buf1 and trash_buf2). These functions have been introduced to be used by threads, to deal with thread-local trash buffers.
2017-07-26 08:59:46 -04:00
exit(1);
}
BUG/MAJOR: trash must always be the size of a buffer Before it was possible to resize the buffers using global.tune.bufsize, the trash has always been the size of a buffer by design. Unfortunately, the recent buffer sizing at runtime forgot to adjust the trash, resulting in it being too short for content rewriting if buffers were enlarged from the default value. The bug was encountered in 1.4 so the fix must be backported there.
2012-05-16 08:16:48 -04:00
[MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management Add cmdline option -L to configure local peer name
2010-09-23 12:30:22 -04:00
/* NB: POSIX does not make it mandatory for gethostname() to NULL-terminate
* the string in case of truncation, and at least FreeBSD appears not to do
* it.
*/
memset(hostname, 0, sizeof(hostname));
gethostname(hostname, sizeof(hostname) - 1);
memset(localpeer, 0, sizeof(localpeer));
memcpy(localpeer, hostname, (sizeof(hostname) > sizeof(localpeer) ? sizeof(localpeer) : sizeof(hostname)) - 1);
MINOR: export localpeer as an environment variable Export localpeer as the environment variable $HAPROXY_LOCALPEER, allowing to use this variable in the configuration file. It's useful to use this variable in the case of synchronized configuration between peers.
2018-04-17 10:46:13 -04:00
setenv("HAPROXY_LOCALPEER", localpeer, 1);
[MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management Add cmdline option -L to configure local peer name
2010-09-23 12:30:22 -04:00
BUG/MEDIUM: mworker: remain in mworker mode during reload If you reload an haproxy started in master-worker mode with "master-worker" in the configuration, and no "-W" argument, the new process lost the fact that is was in master-worker mode resulting in weird behaviors. The bigest problem is that if it is reloaded with an bad configuration, the master will exits instead of remaining in waitpid mode. This problem was discovered in bug #443. Should be backported in every version using the master-worker mode. (as far as 1.8)
2020-01-14 11:58:18 -05:00
/* we were in mworker mode, we should restart in mworker mode */
if (getenv("HAPROXY_MWORKER_REEXEC") != NULL)
global.mode |= MODE_MWORKER;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* Initialize the previously static variables.
*/
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
MEDIUM: polling: start to move maxfd computation to the pollers Since only select() and poll() still make use of maxfd, let's move its computation right there in the pollers themselves, and only during each fd update pass. The computation doesn't need a lock anymore, only a few atomic ops. It will be accurate, be done much less often and will not be required anymore in the FD's fast patch. This provides a small performance increase of about 1% in connection rate when using epoll since we get rid of this computation which was performed under a lock.
2018-01-26 15:48:23 -05:00
totalconn = actconn = listeners = stopping = 0;
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
killed = 0;
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#ifdef HAPROXY_MEMMAX
BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced When memmax is forced using "-m", the per-process memory limit is enforced using setrlimit(), but this value is not used to compute the automatic maxconn limit. In addition, the per-process memory limit didn't consider the fact that the shared SSL cache only needs to be accounted once. The doc was also fixed to clearly state that "-m" is global and not per process. It makes sense because people who use -m want to protect the system's resources regardless of whatever appears in the configuration.
2015-12-14 06:46:07 -05:00
global.rlimit_memmax_all = HAPROXY_MEMMAX;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
BUG/MINOR: log: GMT offset not updated when entering/leaving DST GMT offset used in local time formats was computed at startup, but was not updated when DST status changed while running. For example these two RFC5424 syslog traces where emitted 5 seconds apart, just before and after DST changed: <14>1 2016-03-27T01:59:58+01:00 bunch-VirtualBox haproxy 2098 - - Connect ... <14>1 2016-03-27T03:00:03+01:00 bunch-VirtualBox haproxy 2098 - - Connect ... It looked like they were emitted more than 1 hour apart, unlike with the fix: <14>1 2016-03-27T01:59:58+01:00 bunch-VirtualBox haproxy 3381 - - Connect ... <14>1 2016-03-27T03:00:03+02:00 bunch-VirtualBox haproxy 3381 - - Connect ... This patch should be backported to 1.6 and partially to 1.5 (no fix needed in log.c).
2016-03-27 05:08:03 -04:00
tzset();
[MEDIUM] further improve monotonic clock by check forward jumps The first implementation of the monotonic clock did not verify forward jumps. The consequence is that a fast changing time may expire a lot of tasks. While it does seem minor, in fact it is problematic because most machines which boot with a wrong date are in the past and suddenly see their time jump by several years in the future. The solution is to check if we spent more apparent time in a poller than allowed (with a margin applied). The margin is currently set to 1000 ms. It should be large enough for any poll() to complete. Tests with randomly jumping clock show that the result is quite accurate (error less than 1 second at every change of more than one second).
2008-06-23 08:00:57 -04:00
tv_update_date(-1,-1);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
start_date = now;
BUG/MEDIUM: random: initialize the random pool a bit better Since the UUID sample fetch was created, some people noticed that in certain virtualized environments they manage to get exact same UUIDs on different instances started exactly at the same moment. It turns out that the randoms were only initialized to spread the health checks originally, not to provide "clean" randoms. This patch changes this and collects more randomness from various sources, including existing randoms, /dev/urandom when available, RAND_bytes() when OpenSSL is available, as well as the timing for such operations, then applies a SHA1 on all this to keep a 160 bits random seed available, 32 of which are passed to srandom(). It's worth mentioning that there's no clean way to pass more than 32 bits to srandom() as even initstate() provides an opaque state that must absolutely not be tampered with since known implementations contain state information. At least this allows to have up to 4 billion different sequences from the boot, which is not that bad. Note that the thread safety was still not addressed, which is another issue for another patch. This must be backported to all versions containing the UUID sample fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
ha_random_boot(argv);
MINOR: sample: add a rand() sample fetch to return a sample. Sometimes it can be useful to generate a random value, at least for debugging purposes, but also to take routing decisions or to pass such a value to a backend server.
2014-02-14 05:59:04 -05:00
MAJOR: acl: make all ACLs reference the fetch function via a sample. ACL fetch functions used to directly reference a fetch function. Now that all ACL fetches have their sample fetches equivalent, we can make ACLs reference a sample fetch keyword instead. In order to simplify the code, a sample keyword name may be NULL if it is the same as the ACL's, which is the most common case. A minor change appeared, http_auth always expects one argument though the ACL allowed it to be missing and reported as such afterwards, so fix the ACL to match this. This is not really a bug.
2013-01-11 09:49:37 -05:00
if (init_acl() != 0)
exit(1);
MEDIUM: initcall: use initcalls for a few initialization functions signal_init(), init_log(), init_stream(), and init_task() all used to only preset some values and lists. This needs to be done very early to provide a reliable interface to all other users. The calls used to be explicit in haproxy.c:init(). Now they're placed in initcalls at the STG_PREPARE stage. The functions are not exported anymore.
2018-11-26 10:31:20 -05:00
MEDIUM: lua: lua integration in the build and init system. This is the first step of the lua integration. We add the useful files in the HAProxy project. These files contains the main includes, the Makefile options and empty initialisation function. Is is the LUA skeleton.
2015-01-23 08:06:13 -05:00
/* Initialise lua. */
hlua_init();
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
/* Initialize process vars */
vars_init(&global.vars, SCOPE_PROC);
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options |= GTUNE_USE_SELECT; /* select() is always available */
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_POLL)
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options |= GTUNE_USE_POLL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_EPOLL)
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options |= GTUNE_USE_EPOLL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_KQUEUE)
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options |= GTUNE_USE_KQUEUE;
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_EVPORTS)
MAJOR: polling: add event ports support (Solaris) Event ports are kqueue/epoll polling class for Solaris. Code is based on https://github.com/joyent/haproxy-1.8/tree/joyent/dev-v1.8.8. Event ports are available only on SunOS systems derived from Solaris 10 and later (including illumos systems).
2019-04-08 12:53:32 -04:00
global.tune.options |= GTUNE_USE_EVPORTS;
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_LINUX_SPLICE)
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
global.tune.options |= GTUNE_USE_SPLICE;
#endif
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
#if defined(USE_GETADDRINFO)
global.tune.options |= GTUNE_USE_GAI;
#endif
MEDIUM: make SO_REUSEPORT configurable With Linux officially introducing SO_REUSEPORT support in 3.9 and its mainstream adoption we have seen more people running into strange SO_REUSEPORT related issues (a process management issue turning into hard to diagnose problems because the kernel load-balances between the new and an obsolete haproxy instance). Also some people simply want the guarantee that the bind fails when the old process is still bound. This change makes SO_REUSEPORT configurable, introducing the command line argument "-dR" and the noreuseport configuration directive. A backport to 1.6 should be considered.
2016-09-12 17:42:20 -04:00
#if defined(SO_REUSEPORT)
global.tune.options |= GTUNE_USE_REUSEPORT;
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
pid = getpid();
progname = *argv;
while ((tmp = strchr(progname, '/')) != NULL)
progname = tmp + 1;
[MINOR] log: ability to override the syslog tag One of the requirements we have is to run multiple instances of haproxy on a single host; this is so that we can split the responsibilities (and change permissions) between product teams. An issue we ran up against is how we would distinguish between the logs generated by each instance. The solution we came up with (please let me know if there is a better way) is to override the application tag written to syslog. We can then configure syslog to write these to different files. I have attached a patch adding a global option 'log-tag' to override the default syslog tag 'haproxy' (actually defaults to argv[0]).
2010-12-22 11:08:21 -05:00
/* the process name is used for the logs only */
BUG/MEDIUM: logs: segfault writing to log from Lua Michael Ezzell reported a bug causing haproxy to segfault during startup when trying to send syslog message from Lua. The function __send_log() can be called with *p that is NULL and/or when the configuration is not fully parsed, as is the case with Lua. This patch fixes this problem by using individual vectors instead of the pre-generated strings log_htp and log_htp_rfc5424. Also, this patch fixes a problem causing haproxy to write the wrong pid in the logs -- the log_htp(_rfc5424) strings were generated at the haproxy start, but "pid" value would be changed after haproxy is started in daemon/systemd mode.
2015-10-01 07:18:13 -04:00
chunk_initstr(&global.log_tag, strdup(progname));
[MINOR] log: ability to override the syslog tag One of the requirements we have is to run multiple instances of haproxy on a single host; this is so that we can split the responsibilities (and change permissions) between product teams. An issue we ran up against is how we would distinguish between the logs generated by each instance. The solution we came up with (please let me know if there is a better way) is to override the application tag written to syslog. We can then configure syslog to write these to different files. I have attached a patch adding a global option 'log-tag' to override the default syslog tag 'haproxy' (actually defaults to argv[0]).
2010-12-22 11:08:21 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
argc--; argv++;
while (argc > 0) {
char *flag;
if (**argv == '-') {
flag = *argv+1;
/* 1 arg */
if (*flag == 'v') {
display_version();
[MINOR] store the build options to report with -vv Sometimes it is useful to find out how a given binary version was built. The build compiler and options are now provided for this, and it's possible to get them with the -vv option.
2007-12-02 05:28:59 -05:00
if (flag[1] == 'v') /* -vv */
display_build_opts();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
exit(0);
}
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_EPOLL)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'd' && flag[1] == 'e')
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_EPOLL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_POLL)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'd' && flag[1] == 'p')
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_POLL;
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_KQUEUE)
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
else if (*flag == 'd' && flag[1] == 'k')
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_KQUEUE;
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_EVPORTS)
MAJOR: polling: add event ports support (Solaris) Event ports are kqueue/epoll polling class for Solaris. Code is based on https://github.com/joyent/haproxy-1.8/tree/joyent/dev-v1.8.8. Event ports are available only on SunOS systems derived from Solaris 10 and later (including illumos systems).
2019-04-08 12:53:32 -04:00
else if (*flag == 'd' && flag[1] == 'v')
global.tune.options &= ~GTUNE_USE_EVPORTS;
#endif
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#if defined(USE_LINUX_SPLICE)
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
else if (*flag == 'd' && flag[1] == 'S')
global.tune.options &= ~GTUNE_USE_SPLICE;
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
#endif
#if defined(USE_GETADDRINFO)
else if (*flag == 'd' && flag[1] == 'G')
global.tune.options &= ~GTUNE_USE_GAI;
MEDIUM: make SO_REUSEPORT configurable With Linux officially introducing SO_REUSEPORT support in 3.9 and its mainstream adoption we have seen more people running into strange SO_REUSEPORT related issues (a process management issue turning into hard to diagnose problems because the kernel load-balances between the new and an obsolete haproxy instance). Also some people simply want the guarantee that the bind fails when the old process is still bound. This change makes SO_REUSEPORT configurable, introducing the command line argument "-dR" and the noreuseport configuration directive. A backport to 1.6 should be considered.
2016-09-12 17:42:20 -04:00
#endif
#if defined(SO_REUSEPORT)
else if (*flag == 'd' && flag[1] == 'R')
global.tune.options &= ~GTUNE_USE_REUSEPORT;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
else if (*flag == 'd' && flag[1] == 'V')
global.ssl_server_verify = SSL_SERVER_VERIFY_NONE;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'V')
arg_mode |= MODE_VERBOSE;
else if (*flag == 'd' && flag[1] == 'b')
arg_mode |= MODE_FOREGROUND;
MINOR: init: add -dW and "zero-warning" to reject configs with warnings Since some systems switched to service managers which hide all warnings by default, some users are not aware of some possibly important warnings and get caught too late with errors that could have been detected earlier. This patch adds a new global keyword, "zero-warning" and an equivalent command-line option "-dW" to refuse to start in case any warning is detected. It is recommended to use these with configurations that are managed by humans in order to catch mistakes very early.
2020-04-15 10:42:39 -04:00
else if (*flag == 'd' && flag[1] == 'W')
arg_mode |= MODE_ZERO_WARNING;
MEDIUM: memory: add the ability to poison memory at run time From time to time, some bugs are discovered that are caused by non-initialized memory areas. It happens that most platforms return a zero-filled area upon first malloc() thus hiding potential bugs. This patch also replaces malloc() in pools with calloc() to ensure that all platforms exhibit the same behaviour upon startup. In order to catch these bugs more easily, add a -dM command line flag to enable memory poisonning. Optionally, passing -dM<byte> forces the poisonning byte to <byte>.
2012-05-08 09:40:42 -04:00
else if (*flag == 'd' && flag[1] == 'M')
mem_poison_byte = flag[2] ? strtol(flag + 2, NULL, 0) : 'P';
MINOR: init: add -dr to ignore server address resolution failures It is very common when validating a configuration out of production not to have access to the same resolvers and to fail on server address resolution, making it difficult to test a configuration. This option simply appends the "none" method to the list of address resolution methods for all servers, ensuring that even if the libc fails to resolve an address, the startup sequence is not interrupted.
2016-11-07 15:03:16 -05:00
else if (*flag == 'd' && flag[1] == 'r')
global.tune.options |= GTUNE_RESOLVE_DONTFAIL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'd')
arg_mode |= MODE_DEBUG;
else if (*flag == 'c')
arg_mode |= MODE_CHECK;
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
else if (*flag == 'D')
[MINOR] startup: don't imply -q with -D It is recommended to have -D in init scripts, but -D also implies quiet mode, which hides warning messages, and both options are now completely unrelated. Remove the implication to get warnings with -D.
2009-05-18 10:29:51 -04:00
arg_mode |= MODE_DAEMON;
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
else if (*flag == 'W' && flag[1] == 's') {
BUG/MINOR: systemd: ignore daemon mode Since we switched to notify mode in the systemd unit file in commit d6942c8, haproxy won't start if the daemon keyword is present in the configuration. This change makes sure that haproxy remains in foreground when using systemd mode and adds a note in the documentation.
2017-11-21 06:39:34 -05:00
arg_mode |= MODE_MWORKER | MODE_FOREGROUND;
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
#if defined(USE_SYSTEMD)
global.tune.options |= GTUNE_USE_SYSTEMD;
#else
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("master-worker mode with systemd support (-Ws) requested, but not compiled. Use master-worker mode (-W) if you are not using Type=notify in your unit file or recompile with USE_SYSTEMD=1.\n\n");
MEDIUM: mworker: Add systemd `Type=notify` support This patch adds support for `Type=notify` to the systemd unit. Supporting `Type=notify` improves both starting as well as reloading of the unit, because systemd will be let known when the action completed. See this quote from `systemd.service(5)`: > Note however that reloading a daemon by sending a signal (as with the > example line above) is usually not a good choice, because this is an > asynchronous operation and hence not suitable to order reloads of > multiple services against each other. It is strongly recommended to > set ExecReload= to a command that not only triggers a configuration > reload of the daemon, but also synchronously waits for it to complete. By making systemd aware of a reload in progress it is able to wait until the reload actually succeeded. This patch introduces both a new `USE_SYSTEMD` build option which controls including the sd-daemon library as well as a `-Ws` runtime option which runs haproxy in master-worker mode with systemd support. When haproxy is running in master-worker mode with systemd support it will send status messages to systemd using `sd_notify(3)` in the following cases: - The master process forked off the worker processes (READY=1) - The master process entered the `mworker_reload()` function (RELOADING=1) - The master process received the SIGUSR1 or SIGTERM signal (STOPPING=1) Change the unit file to specify `Type=notify` and replace master-worker mode (`-W`) with master-worker mode with systemd support (`-Ws`). Future evolutions of this feature could include making use of the `STATUS` feature of `sd_notify()` to send information about the number of active connections to systemd. This would require bidirectional communication between the master and the workers and thus is left for future work.
2017-11-20 09:58:35 -05:00
usage(progname);
#endif
}
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
else if (*flag == 'W')
arg_mode |= MODE_MWORKER;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 'q')
arg_mode |= MODE_QUIET;
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
else if (*flag == 'x') {
BUG/MEDIUM: fix segfault when no argument to -x option This patch fixes a segfault in the command line parser. When haproxy is launched with -x with no argument and -x is the latest option in argv it segfaults. Use usage() insteads of exit() on error.
2017-06-19 09:57:55 -04:00
if (argc <= 1 || argv[1][0] == '-') {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Unix socket path expected with the -x flag\n\n");
BUG/MEDIUM: fix segfault when no argument to -x option This patch fixes a segfault in the command line parser. When haproxy is launched with -x with no argument and -x is the latest option in argv it segfaults. Use usage() insteads of exit() on error.
2017-06-19 09:57:55 -04:00
usage(progname);
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
}
MINOR: warning on multiple -x Multiple use of the -x option is useless, emit a warning.
2017-06-19 10:37:19 -04:00
if (old_unixsocket)
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("-x option already set, overwriting the value\n");
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
old_unixsocket = argv[1];
MINOR: warning on multiple -x Multiple use of the -x option is useless, emit a warning.
2017-06-19 10:37:19 -04:00
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
argv++;
argc--;
}
MEDIUM: mworker: create CLI listeners from argv[] This patch introduces mworker_cli_proxy_new_listener() which allows the creation of new listeners for the CLI proxy. Using this function it is possible to create new listeners from the program arguments with -Sa <unix_socket>. It is allowed to create multiple listeners with several -Sa.
2018-10-26 08:47:36 -04:00
else if (*flag == 'S') {
struct wordlist *c;
if (argc <= 1 || argv[1][0] == '-') {
ha_alert("Socket and optional bind parameters expected with the -S flag\n");
usage(progname);
}
if ((c = malloc(sizeof(*c))) == NULL || (c->s = strdup(argv[1])) == NULL) {
ha_alert("Cannot allocate memory\n");
exit(EXIT_FAILURE);
}
LIST_ADD(&mworker_cli_conf, &c->list);
argv++;
argc--;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (*flag == 's' && (flag[1] == 'f' || flag[1] == 't')) {
/* list of pids to finish ('f') or terminate ('t') */
if (flag[1] == 'f')
oldpids_sig = SIGUSR1; /* finish then exit */
else
oldpids_sig = SIGTERM; /* terminate immediately */
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
while (argc > 1 && argv[1][0] != '-') {
MINOR: init: emit warning when -sf/-sd cannot parse argument Previously, -sf and -sd command line parsing used atol which cannot detect errors. I had a problem where I was doing -sf "$pid1 $pid2 $pid" and it was sending the gracefully terminate signal only to the first pid. The change uses strtol and checks endptr and errno to see if the parsing worked. It will exit when the pid list is not parsed. [wt: this should be backported to 1.8]
2018-02-05 18:15:44 -05:00
char * endptr = NULL;
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
oldpids = realloc(oldpids, (nb_oldpids + 1) * sizeof(int));
if (!oldpids) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot allocate old pid : out of memory.\n");
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
exit(1);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
argc--; argv++;
MINOR: init: emit warning when -sf/-sd cannot parse argument Previously, -sf and -sd command line parsing used atol which cannot detect errors. I had a problem where I was doing -sf "$pid1 $pid2 $pid" and it was sending the gracefully terminate signal only to the first pid. The change uses strtol and checks endptr and errno to see if the parsing worked. It will exit when the pid list is not parsed. [wt: this should be backported to 1.8]
2018-02-05 18:15:44 -05:00
errno = 0;
oldpids[nb_oldpids] = strtol(*argv, &endptr, 10);
if (errno) {
ha_alert("-%2s option: failed to parse {%s}: %s\n",
flag,
*argv, strerror(errno));
exit(1);
} else if (endptr && strlen(endptr)) {
BUILD: general: always pass unsigned chars to is* functions The isalnum(), isalpha(), isdigit() etc functions from ctype.h are supposed to take an int in argument which must either reflect an unsigned char or EOF. In practice on some platforms they're implemented as macros referencing an array, and when passed a char, they either cause a warning "array subscript has type 'char'" when lucky, or cause random segfaults when unlucky. It's quite unconvenient by the way since none of them may return true for negative values. The recent introduction of cygwin to the list of regularly tested build platforms revealed a lot of breakage there due to the same issues again. So this patch addresses the problem all over the code at once. It adds unsigned char casts to every valid use case, and also drops the unneeded double cast to int that was sometimes added on top of it. It may be backported by dropping irrelevant changes if that helps better support uncommon platforms. It's unlikely to fix bugs on platforms which would already not emit any warning though.
2020-02-25 02:16:33 -05:00
while (isspace((unsigned char)*endptr)) endptr++;
BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st The codes tries to strip trailing spaces of arguments but due to missing brackets, it will always exit. It can be reproduced with this (silly) example: $ haproxy -f /etc/haproxy/haproxy.cfg -sf 1234 "1235 " 1236 $ echo $? 1 This was introduced in commit 236062f7c ("MINOR: init: emit warning when -sf/-sd cannot parse argument") Signed-off-by: Aurélien Nephtali <aurelien.nephtali@gmail.com>
2018-02-17 14:53:11 -05:00
if (*endptr != 0) {
MINOR: init: emit warning when -sf/-sd cannot parse argument Previously, -sf and -sd command line parsing used atol which cannot detect errors. I had a problem where I was doing -sf "$pid1 $pid2 $pid" and it was sending the gracefully terminate signal only to the first pid. The change uses strtol and checks endptr and errno to see if the parsing worked. It will exit when the pid list is not parsed. [wt: this should be backported to 1.8]
2018-02-05 18:15:44 -05:00
ha_alert("-%2s option: some bytes unconsumed in PID list {%s}\n",
flag, endptr);
exit(1);
BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st The codes tries to strip trailing spaces of arguments but due to missing brackets, it will always exit. It can be reproduced with this (silly) example: $ haproxy -f /etc/haproxy/haproxy.cfg -sf 1234 "1235 " 1236 $ echo $? 1 This was introduced in commit 236062f7c ("MINOR: init: emit warning when -sf/-sd cannot parse argument") Signed-off-by: Aurélien Nephtali <aurelien.nephtali@gmail.com>
2018-02-17 14:53:11 -05:00
}
MINOR: init: emit warning when -sf/-sd cannot parse argument Previously, -sf and -sd command line parsing used atol which cannot detect errors. I had a problem where I was doing -sf "$pid1 $pid2 $pid" and it was sending the gracefully terminate signal only to the first pid. The change uses strtol and checks endptr and errno to see if the parsing worked. It will exit when the pid list is not parsed. [wt: this should be backported to 1.8]
2018-02-05 18:15:44 -05:00
}
MEDIUM: init: support more command line arguments after pid list Given that all command line arguments start with a '-' and that no pid number can start with this character, there's no constraint to make the pid list the last argument. Let's relax this rule.
2015-10-08 05:32:32 -04:00
if (oldpids[nb_oldpids] <= 0)
usage(progname);
nb_oldpids++;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
MEDIUM: init: support a list of files on the command line HAProxy could already support being passed a file list on the command line, by passing multiple times "-f" followed by a file name. People have been complaining that it made it hard to pass file lists from init scripts. This patch introduces an end of arguments using the common "--" tag, after which only file names may appear. These files are then added to the existing list of other files specified using -f and are loaded in their declaration order. Thus it becomes possible to do something like this : haproxy -sf $(pidof haproxy) -- /etc/haproxy/global.cfg /etc/haproxy/customers/*.cfg
2015-10-08 05:58:48 -04:00
else if (flag[0] == '-' && flag[1] == 0) { /* "--" */
/* now that's a cfgfile list */
argv++; argc--;
while (argc > 0) {
MEDIUM: init: use list_append_word in haproxy.c replace LIST_ADDQ with list_append_word
2016-05-13 17:52:55 -04:00
if (!list_append_word(&cfg_cfgfiles, *argv, &err_msg)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot load configuration file/directory %s : %s\n",
*argv,
err_msg);
MEDIUM: init: support a list of files on the command line HAProxy could already support being passed a file list on the command line, by passing multiple times "-f" followed by a file name. People have been complaining that it made it hard to pass file lists from init scripts. This patch introduces an end of arguments using the common "--" tag, after which only file names may appear. These files are then added to the existing list of other files specified using -f and are loaded in their declaration order. Thus it becomes possible to do something like this : haproxy -sf $(pidof haproxy) -- /etc/haproxy/global.cfg /etc/haproxy/customers/*.cfg
2015-10-08 05:58:48 -04:00
exit(1);
}
argv++; argc--;
}
break;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else { /* >=2 args */
argv++; argc--;
if (argc == 0)
[CLEANUP] startup: report only the basename in the usage message Don't write the full path to the program, just the program name.
2011-09-10 13:20:23 -04:00
usage(progname);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
switch (*flag) {
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
case 'C' : change_dir = *argv; break;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
case 'n' : cfg_maxconn = atol(*argv); break;
BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced When memmax is forced using "-m", the per-process memory limit is enforced using setrlimit(), but this value is not used to compute the automatic maxconn limit. In addition, the per-process memory limit didn't consider the fact that the shared SSL cache only needs to be accounted once. The doc was also fixed to clearly state that "-m" is global and not per process. It makes sense because people who use -m want to protect the system's resources regardless of whatever appears in the configuration.
2015-12-14 06:46:07 -05:00
case 'm' : global.rlimit_memmax_all = atol(*argv); break;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
case 'N' : cfg_maxpconn = atol(*argv); break;
MINOR: export localpeer as an environment variable Export localpeer as the environment variable $HAPROXY_LOCALPEER, allowing to use this variable in the configuration file. It's useful to use this variable in the case of synchronized configuration between peers.
2018-04-17 10:46:13 -04:00
case 'L' :
strncpy(localpeer, *argv, sizeof(localpeer) - 1);
setenv("HAPROXY_LOCALPEER", localpeer, 1);
break;
[MEDIUM] config: support loading multiple configuration files We now support up to 10 distinct configuration files. They are all loaded in the order defined by -f <file1> -f <file2> ... This can be useful in order to store global, private, public, etc... configurations in distinct files.
2009-06-22 10:02:30 -04:00
case 'f' :
MEDIUM: init: use list_append_word in haproxy.c replace LIST_ADDQ with list_append_word
2016-05-13 17:52:55 -04:00
if (!list_append_word(&cfg_cfgfiles, *argv, &err_msg)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot load configuration file/directory %s : %s\n",
*argv,
err_msg);
[MEDIUM] config: support loading multiple configuration files We now support up to 10 distinct configuration files. They are all loaded in the order defined by -f <file1> -f <file2> ... This can be useful in order to store global, private, public, etc... configurations in distinct files.
2009-06-22 10:02:30 -04:00
exit(1);
}
break;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
case 'p' : cfg_pidfile = *argv; break;
[CLEANUP] startup: report only the basename in the usage message Don't write the full path to the program, just the program name.
2011-09-10 13:20:23 -04:00
default: usage(progname);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
}
else
[CLEANUP] startup: report only the basename in the usage message Don't write the full path to the program, just the program name.
2011-09-10 13:20:23 -04:00
usage(progname);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
argv++; argc--;
}
MINOR: startup: Extend the scope the MODE_STARTING flag Now, MODE_STARTING is set at the begining to init function and it is removed just before the polling loop. So more alerts or warnings are saved.
2017-10-24 07:53:54 -04:00
global.mode |= (arg_mode & (MODE_DAEMON | MODE_MWORKER | MODE_FOREGROUND | MODE_VERBOSE
MINOR: init: add -dW and "zero-warning" to reject configs with warnings Since some systems switched to service managers which hide all warnings by default, some users are not aware of some possibly important warnings and get caught too late with errors that could have been detected earlier. This patch adds a new global keyword, "zero-warning" and an equivalent command-line option "-dW" to refuse to start in case any warning is detected. It is recommended to use these with configurations that are managed by humans in order to catch mistakes very early.
2020-04-15 10:42:39 -04:00
| MODE_QUIET | MODE_CHECK | MODE_DEBUG | MODE_ZERO_WARNING));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (getenv("HAPROXY_MWORKER_WAIT_ONLY")) {
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
unsetenv("HAPROXY_MWORKER_WAIT_ONLY");
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
global.mode |= MODE_MWORKER_WAIT;
global.mode &= ~MODE_MWORKER;
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
}
if ((global.mode & MODE_MWORKER) && (getenv("HAPROXY_MWORKER_REEXEC") != NULL)) {
atexit_flag = 1;
atexit(reexec_on_failure);
}
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
if (change_dir && chdir(change_dir) < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Could not change to directory %s : %s\n", change_dir, strerror(errno));
[MINOR] startup: add an option to change to a new directory Passing -C <dir> causes haproxy to chdir to <dir> before loading any file. The argument may be passed anywhere on the command line. A typical use case is : $ haproxy -C /etc/haproxy -f global.cfg -f haproxy.cfg
2011-09-10 13:26:56 -04:00
exit(1);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.maxsock = 10; /* reserve 10 fds ; will be incremented by socket eaters */
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
init_default_instance();
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
/* in wait mode, we don't try to read the configuration files */
if (!(global.mode & MODE_MWORKER_WAIT)) {
MINOR: init: setenv HAPROXY_CFGFILES Set the HAPROXY_CFGFILES environment variable which contains the list of configuration files used to start haproxy, separated by semicolon.
2019-05-20 05:15:37 -04:00
struct buffer *trash = get_trash_chunk();
[BUG] config: fix error message when config file is not found Cameron Simpson reported an annoying case where haproxy simply reports "Error(s) found in configuration file" when the file is not found or not readable. Fortunately the parsing function still returns -1 in case of open error, so we're able to detect the issue from the caller and report the corresponding errno message.
2009-12-06 07:10:44 -05:00
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
/* handle cfgfiles that are actually directories */
cfgfiles_expand_directories();
if (LIST_ISEMPTY(&cfg_cfgfiles))
usage(progname);
list_for_each_entry(wl, &cfg_cfgfiles, list) {
int ret;
MINOR: init: setenv HAPROXY_CFGFILES Set the HAPROXY_CFGFILES environment variable which contains the list of configuration files used to start haproxy, separated by semicolon.
2019-05-20 05:15:37 -04:00
if (trash->data)
chunk_appendf(trash, ";");
chunk_appendf(trash, "%s", wl->s);
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
ret = readcfgfile(wl->s);
if (ret == -1) {
ha_alert("Could not open configuration file %s : %s\n",
wl->s, strerror(errno));
exit(1);
}
if (ret & (ERR_ABORT|ERR_FATAL))
ha_alert("Error(s) found in configuration file : %s\n", wl->s);
err_code |= ret;
if (err_code & ERR_ABORT)
exit(1);
[BUG] config: fix error message when config file is not found Cameron Simpson reported an annoying case where haproxy simply reports "Error(s) found in configuration file" when the file is not found or not readable. Fortunately the parsing function still returns -1 in case of open error, so we're able to detect the issue from the caller and report the corresponding errno message.
2009-12-06 07:10:44 -05:00
}
[MEDIUM] Spread health checks even more When one server appears at the same position in multiple backends, it receives all the checks from all the backends exactly at the same time because the health-checks are only spread within a backend but not globally. Attached patch implements per-server start delay in a different way. Checks are now spread globally - not locally to one backend. It also makes them start faster - IMHO there is no need to add a 'server->inter' when calculating first execution. Calculation were moved from cfgparse.c to checks.c. There is a new function start_checks() and now it is not called when haproxy is started in MODE_CHECK. With this patch it is also possible to set a global 'spread-checks' parameter. It takes a percentage value (1..50, probably something near 5..10 is a good idea) so haproxy adds or removes that many percent to the original interval after each check. My test shows that with 18 backends, 54 servers total and 10000ms/5% it takes about 45m to mix them completely. I decided to use rand/srand pseudo-random number generator. I am aware it is not recommend for a good randomness but a) we do not need a good random generator here b) it is probably the most portable one.
2007-10-14 17:40:01 -04:00
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
/* do not try to resolve arguments nor to spot inconsistencies when
* the configuration contains fatal errors caused by files not found
* or failed memory allocations.
*/
if (err_code & (ERR_ABORT|ERR_FATAL)) {
ha_alert("Fatal errors found in configuration.\n");
exit(1);
}
MINOR: init: setenv HAPROXY_CFGFILES Set the HAPROXY_CFGFILES environment variable which contains the list of configuration files used to start haproxy, separated by semicolon.
2019-05-20 05:15:37 -04:00
if (trash->data)
setenv("HAPROXY_CFGFILES", trash->area, 1);
MEDIUM: config: don't check config validity when there are fatal errors Overall we do have an issue with the severity of a number of errors. Most fatal errors are reported with ERR_FATAL (which prevents startup) and not ERR_ABORT (which stops parsing ASAP), but check_config_validity() is still called on ERR_FATAL, and will most of the time report bogus errors. This is what caused smp_resolve_args() to be called on a number of unparsable ACLs, and it also is what reports incorrect ordering or unresolvable section names when certain entries could not be properly parsed. This patch stops this domino effect by simply aborting before trying to further check and resolve the configuration when it's already know that there are fatal errors. A concrete example comes from this config : userlist users : user foo insecure-password bar listen foo bind :1234 mode htttp timeout client 10S timeout server 10s timeout connect 10s stats uri /stats stats http-request auth unless { http_auth(users) } http-request redirect location /index.html if { path / } It contains a colon after the userlist name, a typo in the client timeout value, another one in "mode http" which cause some other configuration elements not to be properly handled. Previously it would confusingly report : [ALERT] 108/114851 (20224) : parsing [err-report.cfg:1] : 'userlist' cannot handle unexpected argument ':'. [ALERT] 108/114851 (20224) : parsing [err-report.cfg:6] : unknown proxy mode 'htttp'. [ALERT] 108/114851 (20224) : parsing [err-report.cfg:7] : unexpected character 'S' in 'timeout client' [ALERT] 108/114851 (20224) : Error(s) found in configuration file : err-report.cfg [ALERT] 108/114851 (20224) : parsing [err-report.cfg:11] : unable to find userlist 'users' referenced in arg 1 of ACL keyword 'http_auth' in proxy 'foo'. [WARNING] 108/114851 (20224) : config : missing timeouts for proxy 'foo'. | While not properly invalid, you will certainly encounter various problems | with such a configuration. To fix this, please ensure that all following | timeouts are set to a non-zero value: 'client', 'connect', 'server'. [WARNING] 108/114851 (20224) : config : 'stats' statement ignored for proxy 'foo' as it requires HTTP mode. [WARNING] 108/114851 (20224) : config : 'http-request' rules ignored for proxy 'foo' as they require HTTP mode. [ALERT] 108/114851 (20224) : Fatal errors found in configuration. The "requires HTTP mode" errors are just pollution resulting from the improper spelling of this mode earlier. The unresolved reference to the userlist is caused by the extra colon on the declaration, and the warning regarding the missing timeouts is caused by the wrong character. Now it more accurately reports : [ALERT] 108/114900 (20225) : parsing [err-report.cfg:1] : 'userlist' cannot handle unexpected argument ':'. [ALERT] 108/114900 (20225) : parsing [err-report.cfg:6] : unknown proxy mode 'htttp'. [ALERT] 108/114900 (20225) : parsing [err-report.cfg:7] : unexpected character 'S' in 'timeout client' [ALERT] 108/114900 (20225) : Error(s) found in configuration file : err-report.cfg [ALERT] 108/114900 (20225) : Fatal errors found in configuration. Despite not really a fix, this patch should be backported at least to 1.7, possibly even 1.6, and 1.5 since it hardens the config parser against certain bad situations like the recently reported use-after-free and the last null dereference.
2017-04-19 05:24:07 -04:00
}
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
if (global.mode & MODE_MWORKER) {
int proc;
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
struct mworker_proc *tmproc;
MINOR: mworker: export HAPROXY_MWORKER=1 when running in mworker mode Export HAPROXY_MWORKER=1 in an environment variable when running in mworker mode.
2019-04-12 10:15:00 -04:00
setenv("HAPROXY_MWORKER", "1", 1);
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
if (getenv("HAPROXY_MWORKER_REEXEC") == NULL) {
MINOR: mworker: calloc mworker_proc structures Initialize mworker_proc structures to 0 with calloc instead of just doing a malloc.
2019-04-01 05:29:58 -04:00
tmproc = calloc(1, sizeof(*tmproc));
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
if (!tmproc) {
ha_alert("Cannot allocate process structures.\n");
exit(EXIT_FAILURE);
}
CLEANUP: mworker: remove the type field in mworker_proc Since the introduction of the options field, we can use it to store the type of process. type = 'm' is replaced by PROC_O_TYPE_MASTER type = 'w' is replaced by PROC_O_TYPE_WORKER type = 'e' is replaced by PROC_O_TYPE_PROG The old values are still used in the HAPROXY_PROCESSES environment variable to pass the information during a reload.
2019-04-12 10:09:23 -04:00
tmproc->options |= PROC_O_TYPE_MASTER; /* master */
MINOR: cli: show master information in 'show proc' Displays the master information in show proc.
2018-11-19 12:46:18 -05:00
tmproc->reloads = 0;
tmproc->relative_pid = 0;
tmproc->pid = pid;
tmproc->timestamp = start_date.tv_sec;
tmproc->ipc_fd[0] = -1;
tmproc->ipc_fd[1] = -1;
proc_self = tmproc;
LIST_ADDQ(&proc_list, &tmproc->list);
}
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
for (proc = 0; proc < global.nbproc; proc++) {
MINOR: mworker: calloc mworker_proc structures Initialize mworker_proc structures to 0 with calloc instead of just doing a malloc.
2019-04-01 05:29:58 -04:00
tmproc = calloc(1, sizeof(*tmproc));
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
if (!tmproc) {
ha_alert("Cannot allocate process structures.\n");
exit(EXIT_FAILURE);
}
CLEANUP: mworker: remove the type field in mworker_proc Since the introduction of the options field, we can use it to store the type of process. type = 'm' is replaced by PROC_O_TYPE_MASTER type = 'w' is replaced by PROC_O_TYPE_WORKER type = 'e' is replaced by PROC_O_TYPE_PROG The old values are still used in the HAPROXY_PROCESSES environment variable to pass the information during a reload.
2019-04-12 10:09:23 -04:00
tmproc->options |= PROC_O_TYPE_WORKER; /* worker */
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
tmproc->pid = -1;
tmproc->reloads = 0;
MINOR: cli: displays uptime in `show proc` Displays the uptime of the workers in `show proc`
2018-11-19 12:46:17 -05:00
tmproc->timestamp = -1;
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
tmproc->relative_pid = 1 + proc;
MEDIUM: mworker: does not create the CLI proxy when no listener Does not create the CLI proxy if no -S argument was specified. It prevents a warning that says that the MASTER proxy does not have any bind option.
2018-11-06 11:37:12 -05:00
tmproc->ipc_fd[0] = -1;
tmproc->ipc_fd[1] = -1;
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
if (mworker_cli_sockpair_new(tmproc, proc) < 0) {
exit(EXIT_FAILURE);
}
LIST_ADDQ(&proc_list, &tmproc->list);
}
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
}
if (global.mode & (MODE_MWORKER|MODE_MWORKER_WAIT)) {
struct wordlist *it, *c;
MEDIUM: mworker: move proc_list gen before proxies startup We need to generate the process list before starting the proxies, because it will be used to create a proxy in the master
2018-10-26 08:47:33 -04:00
mworker_env_to_proc_list(); /* get the info of the children in the env */
MEDIUM: mworker: proxy for the master CLI This patch implements a listen proxy within the master. It uses the sockpair of all the workers as servers. In the current state of the code, the proxy is only doing round robin on the CLI of the workers. A CLI mode will be needed to know to which CLI send the requests.
2018-10-26 08:47:35 -04:00
MEDIUM: mworker: create CLI listeners from argv[] This patch introduces mworker_cli_proxy_new_listener() which allows the creation of new listeners for the CLI proxy. Using this function it is possible to create new listeners from the program arguments with -Sa <unix_socket>. It is allowed to create multiple listeners with several -Sa.
2018-10-26 08:47:36 -04:00
MEDIUM: mworker: does not create the CLI proxy when no listener Does not create the CLI proxy if no -S argument was specified. It prevents a warning that says that the MASTER proxy does not have any bind option.
2018-11-06 11:37:12 -05:00
if (!LIST_ISEMPTY(&mworker_cli_conf)) {
MEDIUM: mworker: create CLI listeners from argv[] This patch introduces mworker_cli_proxy_new_listener() which allows the creation of new listeners for the CLI proxy. Using this function it is possible to create new listeners from the program arguments with -Sa <unix_socket>. It is allowed to create multiple listeners with several -Sa.
2018-10-26 08:47:36 -04:00
MEDIUM: mworker: does not create the CLI proxy when no listener Does not create the CLI proxy if no -S argument was specified. It prevents a warning that says that the MASTER proxy does not have any bind option.
2018-11-06 11:37:12 -05:00
if (mworker_cli_proxy_create() < 0) {
MEDIUM: mworker: create CLI listeners from argv[] This patch introduces mworker_cli_proxy_new_listener() which allows the creation of new listeners for the CLI proxy. Using this function it is possible to create new listeners from the program arguments with -Sa <unix_socket>. It is allowed to create multiple listeners with several -Sa.
2018-10-26 08:47:36 -04:00
ha_alert("Can't create the master's CLI.\n");
exit(EXIT_FAILURE);
}
MEDIUM: mworker: does not create the CLI proxy when no listener Does not create the CLI proxy if no -S argument was specified. It prevents a warning that says that the MASTER proxy does not have any bind option.
2018-11-06 11:37:12 -05:00
list_for_each_entry_safe(c, it, &mworker_cli_conf, list) {
if (mworker_cli_proxy_new_listener(c->s) < 0) {
ha_alert("Can't create the master's CLI.\n");
exit(EXIT_FAILURE);
}
LIST_DEL(&c->list);
free(c->s);
free(c);
}
}
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
}
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
err_code |= check_config_validity();
MINOR: config: Support per-proxy and per-server post-check functions callbacks Most of times, when a keyword is added in proxy section or on the server line, we need to have a post-parser callback to check the config validity for the proxy or the server which uses this keyword. It is possible to register a global post-parser callback. But all these callbacks need to loop on the proxies and servers to do their job. It is neither handy nor efficient. Instead, it is now possible to register per-proxy and per-server post-check callbacks.
2019-08-12 03:51:07 -04:00
for (px = proxies_list; px; px = px->next) {
struct server *srv;
struct post_proxy_check_fct *ppcf;
struct post_server_check_fct *pscf;
list_for_each_entry(pscf, &post_server_check_list, list) {
for (srv = px->srv; srv; srv = srv->next)
err_code |= pscf->fct(srv);
}
list_for_each_entry(ppcf, &post_proxy_check_list, list)
err_code |= ppcf->fct(px);
}
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
if (err_code & (ERR_ABORT|ERR_FATAL)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Fatal errors found in configuration.\n");
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
exit(1);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
OPTIM: startup: fast unique_id allocation for acl. pattern_finalize_config() uses an inefficient algorithm which is a problem with very large configuration files. This affects startup, and therefore reload time. When haproxy is deployed as a router in a Kubernetes cluster the generated configuration file may be large and reloads are frequently occuring, which makes this a significant issue. The old algorithm is O(n^2) * allocate missing uids - O(n^2) * sort linked list - O(n^2) The new algorithm is O(n log n): * find the user allocated uids - O(n) * store them for efficient lookup - O(n log n) * allocate missing uids - n times O(log n) * sort all uids - O(n log n) * convert back to linked list - O(n) Performance examples, startup time in seconds: pat_refs old new 1000 0.02 0.01 10000 2.1 0.04 20000 12.3 0.07 30000 27.9 0.10 40000 52.5 0.14 50000 77.5 0.17 Please backport to 1.8, 2.0 and 2.1.
2020-02-27 10:45:50 -05:00
err_code |= pattern_finalize_config();
if (err_code & (ERR_ABORT|ERR_FATAL)) {
ha_alert("Failed to finalize pattern config.\n");
exit(1);
}
BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity Pavlos Parissis reported an interesting case where some map identifiers were not assigned (appearing as -1 in show map). It turns out that it only happens for log-format expressions parsed in check_config_validity() that involve maps (log-format, use_backend, unique-id-header), as in the sample configuration below : frontend foo bind :8001 unique-id-format %[src,map(addr.lst)] log-format %[src,map(addr.lst)] use_backend %[src,map(addr.lst)] The reason stems from the initial introduction of unique IDs in 1.5 via commit af5a29d5f ("MINOR: pattern: Each pattern is identified by unique id.") : the unique_id assignment was done before calling check_config_validity() so all maps loaded after this call are not properly configured. From what the function does, it seems they will not be able to use a cache, will not have a unique_id assigned and will not be updatable from the CLI. This fix must be backported to all supported versions.
2019-04-11 08:47:08 -04:00
BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced When memmax is forced using "-m", the per-process memory limit is enforced using setrlimit(), but this value is not used to compute the automatic maxconn limit. In addition, the per-process memory limit didn't consider the fact that the shared SSL cache only needs to be accounted once. The doc was also fixed to clearly state that "-m" is global and not per process. It makes sense because people who use -m want to protect the system's resources regardless of whatever appears in the configuration.
2015-12-14 06:46:07 -05:00
/* recompute the amount of per-process memory depending on nbproc and
* the shared SSL cache size (allowed to exist in all processes).
*/
if (global.rlimit_memmax_all) {
#if defined (USE_OPENSSL) && !defined(USE_PRIVATE_CACHE)
int64_t ssl_cache_bytes = global.tune.sslcachesize * 200LL;
global.rlimit_memmax =
((((int64_t)global.rlimit_memmax_all * 1048576LL) -
ssl_cache_bytes) / global.nbproc +
ssl_cache_bytes + 1048575LL) / 1048576LL;
#else
global.rlimit_memmax = global.rlimit_memmax_all / global.nbproc;
#endif
}
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#ifdef USE_NS
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 09:11:45 -05:00
err_code |= netns_init();
if (err_code & (ERR_ABORT|ERR_FATAL)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Failed to initialize namespace support.\n");
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 09:11:45 -05:00
exit(1);
}
#endif
MINOR: init: move apply_server_state in haproxy.c before MODE_CHECK Currently, the function which applies server states provided by the "old" process is applied after configuration sanity check. This results in the impossibility to check the validity of the state file during a regular config check, implying a full start is required, which can be a problem sometimes. This patch moves the loading of server_state file before MODE_CHECK.
2016-11-02 10:33:15 -04:00
/* Apply server states */
apply_server_state();
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
for (px = proxies_list; px; px = px->next)
MINOR: init: move apply_server_state in haproxy.c before MODE_CHECK Currently, the function which applies server states provided by the "old" process is applied after configuration sanity check. This results in the impossibility to check the validity of the state file during a regular config check, implying a full start is required, which can be a problem sometimes. This patch moves the loading of server_state file before MODE_CHECK.
2016-11-02 10:33:15 -04:00
srv_compute_all_admin_states(px);
MAJOR: server: postpone address resolution Server addresses are not resolved anymore upon the first pass so that we don't fail if an address cannot be resolved by the libc. Instead they are processed all at once after the configuration is fully loaded, by the new function srv_init_addr(). This function only acts on the server's address if this address uses an FQDN, which appears in server->hostname. For now the function does two things, to followup with HAProxy's historical default behavior: 1. apply server IP address found in server-state file if runtime DNS resolution is enabled for this server 2. use the DNS resolver provided by the libc If none of the 2 options above can find an IP address, then an error is returned. All of this will be needed to support the new server parameter "init-addr". For now, the biggest user-visible change is that all server resolution errors are dumped at once instead of causing a startup failure one by one.
2016-11-02 10:34:05 -04:00
/* Apply servers' configured address */
err_code |= srv_init_addr();
if (err_code & (ERR_ABORT|ERR_FATAL)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Failed to initialize server(s) addr.\n");
MAJOR: server: postpone address resolution Server addresses are not resolved anymore upon the first pass so that we don't fail if an address cannot be resolved by the libc. Instead they are processed all at once after the configuration is fully loaded, by the new function srv_init_addr(). This function only acts on the server's address if this address uses an FQDN, which appears in server->hostname. For now the function does two things, to followup with HAProxy's historical default behavior: 1. apply server IP address found in server-state file if runtime DNS resolution is enabled for this server 2. use the DNS resolver provided by the libc If none of the 2 options above can find an IP address, then an error is returned. All of this will be needed to support the new server parameter "init-addr". For now, the biggest user-visible change is that all server resolution errors are dumped at once instead of causing a startup failure one by one.
2016-11-02 10:34:05 -04:00
exit(1);
}
MINOR: init: add -dW and "zero-warning" to reject configs with warnings Since some systems switched to service managers which hide all warnings by default, some users are not aware of some possibly important warnings and get caught too late with errors that could have been detected earlier. This patch adds a new global keyword, "zero-warning" and an equivalent command-line option "-dW" to refuse to start in case any warning is detected. It is recommended to use these with configurations that are managed by humans in order to catch mistakes very early.
2020-04-15 10:42:39 -04:00
if (warned & WARN_ANY && global.mode & MODE_ZERO_WARNING) {
ha_alert("Some warnings were found and 'zero-warning' is set. Aborting.\n");
exit(1);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (global.mode & MODE_CHECK) {
MEDIUM: improve config check return codes When checking a configuration file using "-c -f xxx", sometimes it is reported that a config is valid while it will later fail (eg: no enabled listener). Instead, let's improve the return values : - return 0 if config is 100% OK - return 1 if config has errors - return 2 if config is OK but no listener nor peer is enabled
2012-02-02 11:48:18 -05:00
struct peers *pr;
struct proxy *px;
MINOR: init: report in "haproxy -c" whether there were warnings or not This helps quickly checking if the config produces any warning. For this we reuse the "warned" bit field to add a new WARN_ANY bit that is set by ha_warning(). The rest of the bit field was also cleaned from unused bits.
2020-04-15 10:06:11 -04:00
if (warned & WARN_ANY)
qfprintf(stdout, "Warnings were found.\n");
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
for (pr = cfg_peers; pr; pr = pr->next)
MEDIUM: improve config check return codes When checking a configuration file using "-c -f xxx", sometimes it is reported that a config is valid while it will later fail (eg: no enabled listener). Instead, let's improve the return values : - return 0 if config is 100% OK - return 1 if config has errors - return 2 if config is OK but no listener nor peer is enabled
2012-02-02 11:48:18 -05:00
if (pr->peers_fe)
break;
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
for (px = proxies_list; px; px = px->next)
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
if (px->state == PR_STNEW && !LIST_ISEMPTY(&px->conf.listeners))
MEDIUM: improve config check return codes When checking a configuration file using "-c -f xxx", sometimes it is reported that a config is valid while it will later fail (eg: no enabled listener). Instead, let's improve the return values : - return 0 if config is 100% OK - return 1 if config has errors - return 2 if config is OK but no listener nor peer is enabled
2012-02-02 11:48:18 -05:00
break;
if (pr || px) {
/* At least one peer or one listener has been found */
qfprintf(stdout, "Configuration file is valid\n");
exit(0);
}
qfprintf(stdout, "Configuration file has no error but will not start (no listener) => exit(2).\n");
exit(2);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
CLEANUP: channel: use "channel" instead of "buffer" in function names This is a massive rename of most functions which should make use of the word "channel" instead of the word "buffer" in their names. In concerns the following ones (new names) : unsigned long long channel_forward(struct channel *buf, unsigned long long bytes); static inline void channel_init(struct channel *buf) static inline int channel_input_closed(struct channel *buf) static inline int channel_output_closed(struct channel *buf) static inline void channel_check_timeouts(struct channel *b) static inline void channel_erase(struct channel *buf) static inline void channel_shutr_now(struct channel *buf) static inline void channel_shutw_now(struct channel *buf) static inline void channel_abort(struct channel *buf) static inline void channel_stop_hijacker(struct channel *buf) static inline void channel_auto_connect(struct channel *buf) static inline void channel_dont_connect(struct channel *buf) static inline void channel_auto_close(struct channel *buf) static inline void channel_dont_close(struct channel *buf) static inline void channel_auto_read(struct channel *buf) static inline void channel_dont_read(struct channel *buf) unsigned long long channel_forward(struct channel *buf, unsigned long long bytes) Some functions provided by channel.[ch] have kept their "buffer" name because they are really designed to act on the buffer according to some information gathered from the channel. They have been moved together to the same place in the file for better readability but they were not changed at all. The "buffer" memory pool was also renamed "channel".
2012-08-27 18:06:31 -04:00
/* now we know the buffer size, we can initialize the channels and buffers */
MAJOR: channel: replace the struct buffer with a pointer to a buffer With this commit, we now separate the channel from the buffer. This will allow us to replace buffers on the fly without touching the channel. Since nobody is supposed to keep a reference to a buffer anymore, doing so is not a problem and will also permit some copy-less data manipulation. Interestingly, these changes have shown a 2% performance increase on some workloads, probably due to a better cache placement of data.
2012-10-12 17:49:43 -04:00
init_buffer();
[BUG] variable buffer size ignored at initialization time Commit 27a674efb84bde8c045b87c9634f123e2f8925dc introduced the ability to configure buffer sizes. Unfortunately, the pool was created before the conf was read, so that is was always set to the default size. In order to fix that, we delay the call to init_buffer(), which is not a problem since nothing uses it during the initialization.
2009-09-23 17:37:52 -04:00
MINOR: haproxy: add a registration for post-check functions There's a significant amount of late initialization calls which are performed after the point where we exit in check mode. These calls are used to allocate resource and perform certain slow operations. Let's have a way to register some functions which need to be called there instead of having this multitude of #ifdef in the init path.
2016-12-21 13:57:00 -05:00
list_for_each_entry(pcf, &post_check_list, list) {
err_code |= pcf->fct();
if (err_code & (ERR_ABORT|ERR_FATAL))
exit(1);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (cfg_maxconn > 0)
global.maxconn = cfg_maxconn;
MINOR: init: move some maxsock updates earlier We'll need to know the global maxsock before the maxconn calculation. Actually only two components were calculated too late, the peers FD and the stats FD. Let's move them a few lines upward.
2019-03-01 03:39:42 -05:00
if (global.stats_fe)
global.maxsock += global.stats_fe->maxconn;
if (cfg_peers) {
/* peers also need to bypass global maxconn */
struct peers *p = cfg_peers;
for (p = cfg_peers; p; p = p->next)
if (p->peers_fe)
global.maxsock += p->peers_fe->maxconn;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (cfg_pidfile) {
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(global.pidfile);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.pidfile = strdup(cfg_pidfile);
}
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
/* Now we want to compute the maxconn and possibly maxsslconn values.
MEDIUM: init: make the global maxconn default to what rlim_fd_cur permits The global maxconn value is often a pain to configure : - in development the user never has the permissions to increase the rlim_cur value too high and gets warnings all the time ; - in some production environments, users may have limited actions on it or may only be able to act on rlim_fd_cur using ulimit -n. This is sometimes particularly true in containers or whatever environment where the user has no privilege to upgrade the limits. - keeping config homogenous between machines is even less easy. We already had the ability to automatically compute maxconn from the memory limits when they were set. This patch goes a bit further by also computing the limit permitted by the configured limit on the number of FDs. For this it simply reverses the rlim_fd_cur calculation to determine maxconn based on the number of reserved sockets for listeners & checks, the number of SSL engines and the number of pipes (absolute or relative). This way it becomes possible to make maxconn always be the highest possible value resulting in maxsock matching what was set using "ulimit -n", without ever setting it. Note that we adjust to the soft limit, not the hard one, since it's what is configured with ulimit -n. This allows users to also limit to low values if needed. Just like before, the calculated value is reported in verbose mode.
2019-03-01 09:43:14 -05:00
* It's a bit tricky. Maxconn defaults to the pre-computed value based
* on rlim_fd_cur and the number of FDs in use due to the configuration,
* and maxsslconn defaults to DEFAULT_MAXSSLCONN. On top of that we can
* enforce a lower limit based on memmax.
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
*
* If memmax is set, then it depends on which values are set. If
* maxsslconn is set, we use memmax to determine how many cleartext
* connections may be added, and set maxconn to the sum of the two.
* If maxconn is set and not maxsslconn, maxsslconn is computed from
* the remaining amount of memory between memmax and the cleartext
* connections. If neither are set, then it is considered that all
* connections are SSL-capable, and maxconn is computed based on this,
* then maxsslconn accordingly. We need to know if SSL is used on the
* frontends, backends, or both, because when it's used on both sides,
* we need twice the value for maxsslconn, but we only count the
* handshake once since it is not performed on the two sides at the
* same time (frontend-side is terminated before backend-side begins).
* The SSL stack is supposed to have filled ssl_session_cost and
MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn when possible") resulted in a case where if enough memory is available, a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting in possibly overflowing other systems resources (eg: kernel socket buffers, conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN if it is defined. Note that the value is set to DEFAULT_MAXCONN since SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
2015-01-28 13:03:21 -05:00
* ssl_handshake_cost during its initialization. In any case, if
* SYSTEM_MAXCONN is set, we still enforce it as an upper limit for
* maxconn in order to protect the system.
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
*/
MEDIUM: init: make the global maxconn default to what rlim_fd_cur permits The global maxconn value is often a pain to configure : - in development the user never has the permissions to increase the rlim_cur value too high and gets warnings all the time ; - in some production environments, users may have limited actions on it or may only be able to act on rlim_fd_cur using ulimit -n. This is sometimes particularly true in containers or whatever environment where the user has no privilege to upgrade the limits. - keeping config homogenous between machines is even less easy. We already had the ability to automatically compute maxconn from the memory limits when they were set. This patch goes a bit further by also computing the limit permitted by the configured limit on the number of FDs. For this it simply reverses the rlim_fd_cur calculation to determine maxconn based on the number of reserved sockets for listeners & checks, the number of SSL engines and the number of pipes (absolute or relative). This way it becomes possible to make maxconn always be the highest possible value resulting in maxsock matching what was set using "ulimit -n", without ever setting it. Note that we adjust to the soft limit, not the hard one, since it's what is configured with ulimit -n. This allows users to also limit to low values if needed. Just like before, the calculated value is reported in verbose mode.
2019-03-01 09:43:14 -05:00
ideal_maxconn = compute_ideal_maxconn();
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
if (!global.rlimit_memmax) {
if (global.maxconn == 0) {
MEDIUM: init: make the global maxconn default to what rlim_fd_cur permits The global maxconn value is often a pain to configure : - in development the user never has the permissions to increase the rlim_cur value too high and gets warnings all the time ; - in some production environments, users may have limited actions on it or may only be able to act on rlim_fd_cur using ulimit -n. This is sometimes particularly true in containers or whatever environment where the user has no privilege to upgrade the limits. - keeping config homogenous between machines is even less easy. We already had the ability to automatically compute maxconn from the memory limits when they were set. This patch goes a bit further by also computing the limit permitted by the configured limit on the number of FDs. For this it simply reverses the rlim_fd_cur calculation to determine maxconn based on the number of reserved sockets for listeners & checks, the number of SSL engines and the number of pipes (absolute or relative). This way it becomes possible to make maxconn always be the highest possible value resulting in maxsock matching what was set using "ulimit -n", without ever setting it. Note that we adjust to the soft limit, not the hard one, since it's what is configured with ulimit -n. This allows users to also limit to low values if needed. Just like before, the calculated value is reported in verbose mode.
2019-03-01 09:43:14 -05:00
global.maxconn = ideal_maxconn;
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
if (global.mode & (MODE_VERBOSE|MODE_DEBUG))
fprintf(stderr, "Note: setting global.maxconn to %d.\n", global.maxconn);
}
}
#ifdef USE_OPENSSL
else if (!global.maxconn && !global.maxsslconn &&
(global.ssl_used_frontend || global.ssl_used_backend)) {
/* memmax is set, compute everything automatically. Here we want
* to ensure that all SSL connections will be served. We take
* care of the number of sides where SSL is used, and consider
* the worst case : SSL used on both sides and doing a handshake
* simultaneously. Note that we can't have more than maxconn
* handshakes at a time by definition, so for the worst case of
* two SSL conns per connection, we count a single handshake.
*/
int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
int64_t mem = global.rlimit_memmax * 1048576ULL;
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
int retried = 0;
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
mem -= global.tune.sslcachesize * 200; // about 200 bytes per SSL cache entry
mem -= global.maxzlibmem;
mem = mem * MEM_USABLE_RATIO;
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
/* Principle: we test once to set maxconn according to the free
* memory. If it results in values the system rejects, we try a
* second time by respecting rlim_fd_max. If it fails again, we
* go back to the initial value and will let the final code
* dealing with rlimit report the error. That's up to 3 attempts.
*/
do {
global.maxconn = mem /
((STREAM_MAX_COST + 2 * global.tune.bufsize) + // stream + 2 buffers per stream
sides * global.ssl_session_max_cost + // SSL buffers, one per side
global.ssl_handshake_max_cost); // 1 handshake per connection max
if (retried == 1)
global.maxconn = MIN(global.maxconn, ideal_maxconn);
global.maxconn = round_2dig(global.maxconn);
MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn when possible") resulted in a case where if enough memory is available, a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting in possibly overflowing other systems resources (eg: kernel socket buffers, conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN if it is defined. Note that the value is set to DEFAULT_MAXCONN since SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
2015-01-28 13:03:21 -05:00
#ifdef SYSTEM_MAXCONN
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
if (global.maxconn > SYSTEM_MAXCONN)
global.maxconn = SYSTEM_MAXCONN;
MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn when possible") resulted in a case where if enough memory is available, a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting in possibly overflowing other systems resources (eg: kernel socket buffers, conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN if it is defined. Note that the value is set to DEFAULT_MAXCONN since SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
2015-01-28 13:03:21 -05:00
#endif /* SYSTEM_MAXCONN */
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
global.maxsslconn = sides * global.maxconn;
if (check_if_maxsock_permitted(compute_ideal_maxsock(global.maxconn)))
break;
} while (retried++ < 2);
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
if (global.mode & (MODE_VERBOSE|MODE_DEBUG))
fprintf(stderr, "Note: setting global.maxconn to %d and global.maxsslconn to %d.\n",
global.maxconn, global.maxsslconn);
}
else if (!global.maxsslconn &&
(global.ssl_used_frontend || global.ssl_used_backend)) {
/* memmax and maxconn are known, compute maxsslconn automatically.
* maxsslconn being forced, we don't know how many of it will be
* on each side if both sides are being used. The worst case is
* when all connections use only one SSL instance because
* handshakes may be on two sides at the same time.
*/
int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
int64_t mem = global.rlimit_memmax * 1048576ULL;
int64_t sslmem;
mem -= global.tune.sslcachesize * 200; // about 200 bytes per SSL cache entry
mem -= global.maxzlibmem;
mem = mem * MEM_USABLE_RATIO;
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
sslmem = mem - global.maxconn * (int64_t)(STREAM_MAX_COST + 2 * global.tune.bufsize);
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
global.maxsslconn = sslmem / (global.ssl_session_max_cost + global.ssl_handshake_max_cost);
global.maxsslconn = round_2dig(global.maxsslconn);
if (sslmem <= 0 || global.maxsslconn < sides) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Cannot compute the automatic maxsslconn because global.maxconn is already too "
"high for the global.memmax value (%d MB). The absolute maximum possible value "
"without SSL is %d, but %d was found and SSL is in use.\n",
global.rlimit_memmax,
(int)(mem / (STREAM_MAX_COST + 2 * global.tune.bufsize)),
global.maxconn);
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
exit(1);
}
if (global.maxsslconn > sides * global.maxconn)
global.maxsslconn = sides * global.maxconn;
if (global.mode & (MODE_VERBOSE|MODE_DEBUG))
fprintf(stderr, "Note: setting global.maxsslconn to %d\n", global.maxsslconn);
}
#endif
else if (!global.maxconn) {
/* memmax and maxsslconn are known/unused, compute maxconn automatically */
int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
int64_t mem = global.rlimit_memmax * 1048576ULL;
int64_t clearmem;
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
int retried = 0;
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
if (global.ssl_used_frontend || global.ssl_used_backend)
mem -= global.tune.sslcachesize * 200; // about 200 bytes per SSL cache entry
mem -= global.maxzlibmem;
mem = mem * MEM_USABLE_RATIO;
clearmem = mem;
if (sides)
clearmem -= (global.ssl_session_max_cost + global.ssl_handshake_max_cost) * (int64_t)global.maxsslconn;
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
/* Principle: we test once to set maxconn according to the free
* memory. If it results in values the system rejects, we try a
* second time by respecting rlim_fd_max. If it fails again, we
* go back to the initial value and will let the final code
* dealing with rlimit report the error. That's up to 3 attempts.
*/
do {
global.maxconn = clearmem / (STREAM_MAX_COST + 2 * global.tune.bufsize);
if (retried == 1)
global.maxconn = MIN(global.maxconn, ideal_maxconn);
global.maxconn = round_2dig(global.maxconn);
MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn when possible") resulted in a case where if enough memory is available, a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting in possibly overflowing other systems resources (eg: kernel socket buffers, conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN if it is defined. Note that the value is set to DEFAULT_MAXCONN since SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
2015-01-28 13:03:21 -05:00
#ifdef SYSTEM_MAXCONN
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
if (global.maxconn > SYSTEM_MAXCONN)
global.maxconn = SYSTEM_MAXCONN;
MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn when possible") resulted in a case where if enough memory is available, a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting in possibly overflowing other systems resources (eg: kernel socket buffers, conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN if it is defined. Note that the value is set to DEFAULT_MAXCONN since SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
2015-01-28 13:03:21 -05:00
#endif /* SYSTEM_MAXCONN */
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
if (clearmem <= 0 || !global.maxconn) {
ha_alert("Cannot compute the automatic maxconn because global.maxsslconn is already too "
"high for the global.memmax value (%d MB). The absolute maximum possible value "
"is %d, but %d was found.\n",
global.rlimit_memmax,
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
(int)(mem / (global.ssl_session_max_cost + global.ssl_handshake_max_cost)),
MEDIUM: init: always try to push the FD limit when maxconn is set from -m When a maximum memory setting is passed to haproxy and maxconn is not set and ulimit-n is not set, it is expected that maxconn will be set to the highest value permitted by this memory setting, possibly affecting the FD limit. When maxconn was changed to be deduced from the current process's FD limit, the automatic setting above was partially lost because it now remains limited to the current FD limit in addition to being limited to the memory usage. For unprivileged processes it does not change anything, but for privileged processes the difference is important. Indeed, the previous behavior ensured that the new FD limit could be enforced on the process as long as the user had the privilege to do so. Now this does not happen anymore, and some people rely on this for automatic sizing in VM environments. This patch implements the ability to verify if the setting will be enforceable on the process or not. First it computes maxconn based on the memory limits alone, then checks if the process is willing to accept them, otherwise tries again by respecting the process' hard limit. Thanks to this we now have the best of the pre-2.0 behavior and the current one, in that privileged users will be able to get as high a maxconn as they need just based on the memory limit, while unprivileged users will still get as high a setting as permitted by the intersection of the memory limit and the process' FD limit. Ideally, after some observation period, this patch along with the previous one "MINOR: init: move the maxsock calculation code to compute_ideal_maxsock()" should be backported to 2.1 and 2.0. Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
global.maxsslconn);
exit(1);
}
if (check_if_maxsock_permitted(compute_ideal_maxsock(global.maxconn)))
break;
} while (retried++ < 2);
MAJOR: init: automatically set maxconn and/or maxsslconn when possible If a memory size limit is enforced using "-n" on the command line and one or both of maxconn / maxsslconn are not set, instead of using the build-time values, haproxy now computes the number of sessions that can be allocated depending on a number of parameters among which : - global.maxconn (if set) - global.maxsslconn (if set) - maxzlibmem - tune.ssl.cachesize - presence of SSL in at least one frontend (bind lines) - presence of SSL in at least one backend (server lines) - tune.bufsize - tune.cookie_len The purpose is to ensure that not haproxy will not run out of memory when maxing out all parameters. If neither maxconn nor maxsslconn are used, it will consider that 100% of the sessions involve SSL on sides where it's supported. That means that it will typically optimize maxconn for SSL offloading or SSL bridging on all connections. This generally means that the simple act of enabling SSL in a frontend or in a backend will significantly reduce the global maxconn but in exchange of that, it will guarantee that it will not fail. All metrics may be enforced using #defines to accomodate variations in SSL libraries or various allocation sizes.
2015-01-15 15:45:22 -05:00
if (global.mode & (MODE_VERBOSE|MODE_DEBUG)) {
if (sides && global.maxsslconn > sides * global.maxconn) {
fprintf(stderr, "Note: global.maxsslconn is forced to %d which causes global.maxconn "
"to be limited to %d. Better reduce global.maxsslconn to get more "
"room for extra connections.\n", global.maxsslconn, global.maxconn);
}
fprintf(stderr, "Note: setting global.maxconn to %d\n", global.maxconn);
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: init: move the maxsock calculation code to compute_ideal_maxsock() The maxsock value is currently derived from global.maxconn and a few other settings, some of which also depend on global.maxconn. This makes it difficult to check if a limit is already too high or not during the maxconn automatic sizing. Let's move this code into a new function, compute_ideal_maxsock() which now takes a maxconn in argument. It performs the same operations and returns the maxsock value if global.maxconn were to be set to that value. It now replaces the previous code to compute maxsock.
2020-03-10 12:08:53 -04:00
global.maxsock = compute_ideal_maxsock(global.maxconn);
global.hardmaxconn = global.maxconn;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: connections: Add a way to control the number of idling connections. As by default we add all keepalive connections to the idle pool, if we run into a pathological case, where all client don't do keepalive, but the server does, and haproxy is configured to only reuse "safe" connections, we will soon find ourself having lots of idling, unusable for new sessions, connections, while we won't have any file descriptors available to create new connections. To fix this, add 2 new global settings, "pool_low_ratio" and "pool_high_ratio". pool-low-fd-ratio is the % of fds we're allowed to use (against the maximum number of fds available to haproxy) before we stop adding connections to the idle pool, and destroy them instead. The default is 20. pool-high-fd-ratio is the % of fds we're allowed to use (against the maximum number of fds available to haproxy) before we start killing idling connection in the event we have to create a new outgoing connection, and no reuse is possible. The default is 25.
2019-04-16 13:07:22 -04:00
/* update connection pool thresholds */
global.tune.pool_low_count = ((long long)global.maxsock * global.tune.pool_low_ratio + 99) / 100;
global.tune.pool_high_count = ((long long)global.maxsock * global.tune.pool_high_ratio + 99) / 100;
MEDIUM: config: don't enforce a low frontend maxconn value anymore Historically the default frontend's maxconn used to be quite low (2000), which was sufficient two decades ago but often proved to be a problem when users had purposely set the global maxconn value but forgot to set the frontend's. There is no point in keeping this arbitrary limit for frontends : when the global maxconn is lower, it's already too high and when the global maxconn is much higher, it becomes a limiting factor which causes trouble in production. This commit allows the value to be set to zero, which becomes the new default value, to mean it's not directly limited, or in fact it's set to the global maxconn. Since this operation used to be performed before computing a possibly automatic global maxconn based on memory limits, the calculation of the maxconn value and its propagation to the backends' fullconn has now moved to a dedicated function, proxy_adjust_all_maxconn(), which is called once the global maxconn is stabilized. This comes with two benefits : 1) a configuration missing "maxconn" in the defaults section will not limit itself to a magically hardcoded value but will scale up to the global maxconn ; 2) when the global maxconn is not set and memory limits are used instead, the frontends' maxconn automatically adapts, and the backends' fullconn as well.
2019-02-27 11:25:52 -05:00
proxy_adjust_all_maxconn();
[MEDIUM] limit the number of events returned by *poll* By default, epoll/kqueue used to return as many events as possible. This could sometimes cause huge latencies (latencies of up to 400 ms have been observed with many thousands of fds at once). Limiting the number of events returned also reduces the latency by avoiding too many blind processing. The value is set to 200 by default and can be changed in the global section using the tune.maxpollevents parameter.
2007-06-03 11:16:49 -04:00
if (global.tune.maxpollevents <= 0)
global.tune.maxpollevents = MAX_POLL_EVENTS;
MINOR: tasks: Make the number of tasks to run at once configurable. Instead of hardcoding 200, make the number of tasks to be run configurable using tune.runqueue-depth. 200 is still the default.
2018-05-24 12:59:04 -04:00
if (global.tune.runqueue_depth <= 0)
global.tune.runqueue_depth = RUNQUEUE_DEPTH;
[OPTIM] stream_sock: don't retry to read after a large read If we get very large data at once, it's almost certain that it's worthless trying to read again, because we got everything we could get. Doing this has made all -EAGAIN disappear from splice reads. The threshold has been put in the global tunable structures so that if we one day want to make it accessible from user config, it will be easy to do so.
2009-03-21 15:43:57 -04:00
if (global.tune.recv_enough == 0)
global.tune.recv_enough = MIN_RECV_AT_ONCE_ENOUGH;
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
if (global.tune.maxrewrite >= global.tune.bufsize / 2)
global.tune.maxrewrite = global.tune.bufsize / 2;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (arg_mode & (MODE_DEBUG | MODE_FOREGROUND)) {
/* command line debug mode inhibits configuration mode */
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
global.mode &= ~(MODE_DAEMON | MODE_QUIET);
BUG/MEDIUM: command-line option -D must have precedence over "debug" From the beginning it has been said that -D must always be used on the command line from startup scripts so that haproxy does not accidentally stay in foreground when loaded from init script... Except that this has not been true for a long time now. The fix is easy and must be backported to 1.4 too which is affected.
2012-10-26 10:04:28 -04:00
global.mode |= (arg_mode & (MODE_DEBUG | MODE_FOREGROUND));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
BUG/MEDIUM: command-line option -D must have precedence over "debug" From the beginning it has been said that -D must always be used on the command line from startup scripts so that haproxy does not accidentally stay in foreground when loaded from init script... Except that this has not been true for a long time now. The fix is easy and must be backported to 1.4 too which is affected.
2012-10-26 10:04:28 -04:00
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (arg_mode & MODE_DAEMON) {
BUG/MEDIUM: command-line option -D must have precedence over "debug" From the beginning it has been said that -D must always be used on the command line from startup scripts so that haproxy does not accidentally stay in foreground when loaded from init script... Except that this has not been true for a long time now. The fix is easy and must be backported to 1.4 too which is affected.
2012-10-26 10:04:28 -04:00
/* command line daemon mode inhibits foreground and debug modes mode */
global.mode &= ~(MODE_DEBUG | MODE_FOREGROUND);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
global.mode |= arg_mode & MODE_DAEMON;
BUG/MEDIUM: command-line option -D must have precedence over "debug" From the beginning it has been said that -D must always be used on the command line from startup scripts so that haproxy does not accidentally stay in foreground when loaded from init script... Except that this has not been true for a long time now. The fix is easy and must be backported to 1.4 too which is affected.
2012-10-26 10:04:28 -04:00
}
global.mode |= (arg_mode & (MODE_QUIET | MODE_VERBOSE));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if ((global.mode & MODE_DEBUG) && (global.mode & (MODE_DAEMON | MODE_QUIET))) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("<debug> mode incompatible with <quiet> and <daemon>. Keeping <debug> only.\n");
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
global.mode &= ~(MODE_DAEMON | MODE_QUIET);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if ((global.nbproc > 1) && !(global.mode & (MODE_DAEMON | MODE_MWORKER))) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (!(global.mode & (MODE_FOREGROUND | MODE_DEBUG)))
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("<nbproc> is only meaningful in daemon mode or master-worker mode. Setting limit to 1 process.\n");
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.nbproc = 1;
}
if (global.nbproc < 1)
global.nbproc = 1;
MINOR: threads: Add nbthread parameter It is only parsed and initialized for now. It will be used later. This parameter is only available when support for threads was built in.
2017-08-29 09:37:10 -04:00
if (global.nbthread < 1)
global.nbthread = 1;
MEDIUM: chunks: Realloc trash buffers only after the config is parsed and checked Trash buffers are reallocated when "tune.bufsize" parameter is changed. Here, we just move the realloc after the configuration parsing. Given that the config parser doesn't rely on the trash size, it should be harmless.
2017-08-29 10:46:57 -04:00
/* Realloc trash buffers because global.tune.bufsize may have changed */
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
if (!init_trash_buffers(0)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("failed to initialize trash buffers.\n");
MEDIUM: chunks: Realloc trash buffers only after the config is parsed and checked Trash buffers are reallocated when "tune.bufsize" parameter is changed. Here, we just move the realloc after the configuration parsing. Given that the config parser doesn't rely on the trash size, it should be harmless.
2017-08-29 10:46:57 -04:00
exit(1);
}
BUG/MINOR: Allocate the log buffers before the proxies startup Since the commit cd7879adc ("BUG/MEDIUM: threads: Run the poll loop on the main thread too"), the log buffers are allocated after the proxies startup. So log messages produced during this startup was ignored. To fix the bug, we restore the initialization of these buffers before proxies startup. This is specific to threads, no backport is needed.
2017-11-14 16:02:30 -05:00
if (!init_log_buffers()) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("failed to initialize log buffers.\n");
BUG/MINOR: Allocate the log buffers before the proxies startup Since the commit cd7879adc ("BUG/MEDIUM: threads: Run the poll loop on the main thread too"), the log buffers are allocated after the proxies startup. So log messages produced during this startup was ignored. To fix the bug, we restore the initialization of these buffers before proxies startup. This is specific to threads, no backport is needed.
2017-11-14 16:02:30 -05:00
exit(1);
}
[MAJOR] auto-registering of pollers at load time Gcc provides __attribute__((constructor)) which is very convenient to execute functions at startup right before main(). All the pollers have been converted to have their register() function declared like this, so that it is not necessary anymore to call them from a centralized file.
2007-04-15 18:25:25 -04:00
/*
* Note: we could register external pollers here.
* Built-in pollers have been registered before main().
*/
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
if (!(global.tune.options & GTUNE_USE_KQUEUE))
[MAJOR] implemented support for FreeBSD's kqueue() polling mechanism It has not been tested yet, but at least it builds.
2007-04-09 06:03:06 -04:00
disable_poller("kqueue");
MAJOR: polling: add event ports support (Solaris) Event ports are kqueue/epoll polling class for Solaris. Code is based on https://github.com/joyent/haproxy-1.8/tree/joyent/dev-v1.8.8. Event ports are available only on SunOS systems derived from Solaris 10 and later (including illumos systems).
2019-04-08 12:53:32 -04:00
if (!(global.tune.options & GTUNE_USE_EVPORTS))
disable_poller("evports");
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
if (!(global.tune.options & GTUNE_USE_EPOLL))
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
disable_poller("epoll");
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
if (!(global.tune.options & GTUNE_USE_POLL))
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
disable_poller("poll");
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
if (!(global.tune.options & GTUNE_USE_SELECT))
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
disable_poller("select");
/* Note: we could disable any poller by name here */
MINOR: filters: Print the list of existing filters during HA startup This is done in verbose/debug mode and when build options are reported.
2016-03-07 06:46:38 -05:00
if (global.mode & (MODE_VERBOSE|MODE_DEBUG)) {
[MAJOR] delay registering of listener sockets at startup Some pollers such as kqueue lose their FD across fork(), meaning that the registered file descriptors are lost too. Now when the proxies are started by start_proxies(), the file descriptors are not registered yet, leaving enough time for the fork() to take place and to get a new pollfd. It will be the first call to maintain_proxies that will register them.
2007-04-09 13:29:56 -04:00
list_pollers(stderr);
MINOR: filters: Print the list of existing filters during HA startup This is done in verbose/debug mode and when build options are reported.
2016-03-07 06:46:38 -05:00
fprintf(stderr, "\n");
list_filters(stderr);
}
[MAJOR] delay registering of listener sockets at startup Some pollers such as kqueue lose their FD across fork(), meaning that the registered file descriptors are lost too. Now when the proxies are started by start_proxies(), the file descriptors are not registered yet, leaving enough time for the fork() to take place and to get a new pollfd. It will be the first call to maintain_proxies that will register them.
2007-04-09 13:29:56 -04:00
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
if (!init_pollers()) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("No polling mechanism available.\n"
" It is likely that haproxy was built with TARGET=generic and that FD_SETSIZE\n"
" is too low on this platform to support maxconn and the number of listeners\n"
" and servers. You should rebuild haproxy specifying your system using TARGET=\n"
" in order to support other polling systems (poll, epoll, kqueue) or reduce the\n"
" global maxconn setting to accommodate the system's limitation. For reference,\n"
" FD_SETSIZE=%d on this system, global.maxconn=%d resulting in a maximum of\n"
" %d file descriptors. You should thus reduce global.maxconn by %d. Also,\n"
" check build settings using 'haproxy -vv'.\n\n",
FD_SETSIZE, global.maxconn, global.maxsock, (global.maxsock + 1 - FD_SETSIZE) / 2);
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
exit(1);
}
[MAJOR] delay registering of listener sockets at startup Some pollers such as kqueue lose their FD across fork(), meaning that the registered file descriptors are lost too. Now when the proxies are started by start_proxies(), the file descriptors are not registered yet, leaving enough time for the fork() to take place and to get a new pollfd. It will be the first call to maintain_proxies that will register them.
2007-04-09 13:29:56 -04:00
if (global.mode & (MODE_VERBOSE|MODE_DEBUG)) {
printf("Using %s() as the polling mechanism.\n", cur_poller.name);
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
}
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
if (!global.node)
global.node = strdup(hostname);
MINOR: lua: post initialisation bindings This system permits to execute some lua function after than HAProxy complete his initialisation. These functions are executed between the end of the configuration parsing and check and the begin of the scheduler.
2015-01-23 06:08:30 -05:00
if (!hlua_post_init())
exit(1);
MINOR: init: add 51Degrees initialisation code This creates a dataset using the file given in global._51d_data_file_path.
2015-05-12 11:23:58 -04:00
MEDIUM: init: use list_append_word in haproxy.c replace LIST_ADDQ with list_append_word
2016-05-13 17:52:55 -04:00
free(err_msg);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
static void deinit_acl_cond(struct acl_cond *cond)
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
{
struct acl_term_suite *suite, *suiteb;
struct acl_term *term, *termb;
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
if (!cond)
return;
list_for_each_entry_safe(suite, suiteb, &cond->suites, list) {
list_for_each_entry_safe(term, termb, &suite->terms, list) {
LIST_DEL(&term->list);
free(term);
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
}
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
LIST_DEL(&suite->list);
free(suite);
}
free(cond);
}
BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules Functions to deinitialize the HTTP rules are buggy. These functions does not check the action name to release the right part in the arg union. Only few info are released. For auth rules, the realm is released and there is no problem here. But the regex <arg.hdr_add.re> is always unconditionally released. So it is easy to make these functions crash. For instance, with the following rule HAProxy crashes during the deinit : http-request set-map(/path/to/map) %[src] %[req.hdr(X-Value)] For now, These functions are simply removed and we rely on the deinit function used for TCP rules (renamed as deinit_act_rules()). This patch fixes the bug. But arguments used by actions are not released at all, this part will be addressed later. This patch must be backported to all stable versions.
2019-12-17 05:25:46 -05:00
static void deinit_act_rules(struct list *rules)
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
{
BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules Functions to deinitialize the HTTP rules are buggy. These functions does not check the action name to release the right part in the arg union. Only few info are released. For auth rules, the realm is released and there is no problem here. But the regex <arg.hdr_add.re> is always unconditionally released. So it is easy to make these functions crash. For instance, with the following rule HAProxy crashes during the deinit : http-request set-map(/path/to/map) %[src] %[req.hdr(X-Value)] For now, These functions are simply removed and we rely on the deinit function used for TCP rules (renamed as deinit_act_rules()). This patch fixes the bug. But arguments used by actions are not released at all, this part will be addressed later. This patch must be backported to all stable versions.
2019-12-17 05:25:46 -05:00
struct act_rule *rule, *ruleb;
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules Functions to deinitialize the HTTP rules are buggy. These functions does not check the action name to release the right part in the arg union. Only few info are released. For auth rules, the realm is released and there is no problem here. But the regex <arg.hdr_add.re> is always unconditionally released. So it is easy to make these functions crash. For instance, with the following rule HAProxy crashes during the deinit : http-request set-map(/path/to/map) %[src] %[req.hdr(X-Value)] For now, These functions are simply removed and we rely on the deinit function used for TCP rules (renamed as deinit_act_rules()). This patch fixes the bug. But arguments used by actions are not released at all, this part will be addressed later. This patch must be backported to all stable versions.
2019-12-17 05:25:46 -05:00
list_for_each_entry_safe(rule, ruleb, rules, list) {
LIST_DEL(&rule->list);
deinit_acl_cond(rule->cond);
MINOR: actions: Add a function pointer to release args used by actions Arguments used by actions are never released during HAProxy deinit. Now, it is possible to specify a function to do so. ".release_ptr" field in the act_rule structure may be set during the configuration parsing to a specific deinit function depending on the action type.
2019-12-17 05:48:42 -05:00
if (rule->release_ptr)
rule->release_ptr(rule);
BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules Functions to deinitialize the HTTP rules are buggy. These functions does not check the action name to release the right part in the arg union. Only few info are released. For auth rules, the realm is released and there is no problem here. But the regex <arg.hdr_add.re> is always unconditionally released. So it is easy to make these functions crash. For instance, with the following rule HAProxy crashes during the deinit : http-request set-map(/path/to/map) %[src] %[req.hdr(X-Value)] For now, These functions are simply removed and we rely on the deinit function used for TCP rules (renamed as deinit_act_rules()). This patch fixes the bug. But arguments used by actions are not released at all, this part will be addressed later. This patch must be backported to all stable versions.
2019-12-17 05:25:46 -05:00
free(rule);
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
}
}
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
static void deinit_stick_rules(struct list *rules)
{
struct sticking_rule *rule, *ruleb;
list_for_each_entry_safe(rule, ruleb, rules, list) {
LIST_DEL(&rule->list);
deinit_acl_cond(rule->cond);
REORG: sample: move code to release a sample expression in sample.c This code has been moved from haproxy.c to sample.c and the function release_sample_expr can now be called from anywhere to release a sample expression. This function will be used by the stream processing offload engine (SPOE).
2016-10-26 05:34:47 -04:00
release_sample_expr(rule->expr);
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
free(rule);
}
}
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
void deinit(void)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
struct proxy *p = proxies_list, *p0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
struct cap_hdr *h,*h_next;
struct server *s,*s_next;
struct listener *l,*l_next;
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
struct acl_cond *cond, *condb;
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
struct acl *acl, *aclb;
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
struct switching_rule *rule, *ruleb;
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
struct server_rule *srule, *sruleb;
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
struct redirect_rule *rdr, *rdrb;
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
struct wordlist *wl, *wlb;
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
struct uri_auth *uap, *ua = NULL;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
struct logsrv *log, *logb;
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
struct logformat_node *lf, *lfb;
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
struct bind_conf *bind_conf, *bind_back;
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
struct build_opts_str *bol, *bolb;
MINOR: haproxy: add a registration for post-deinit functions The 3 device detection engines stop at the same place in deinit() with the usual #ifdefs. Similar to the other functions we can have some late deinitialization functions. These functions do not return anything however so we have to use a different type.
2016-12-21 14:46:26 -05:00
struct post_deinit_fct *pdf;
MINOR: config: Support per-proxy and per-server deinit functions callbacks Most of times, when any allocation is done during configuration parsing because of a new keyword in proxy section or on the server line, we must add a call in the deinit() function to release allocated ressources. It is now possible to register a post-deinit callback because, at this stage, the proxies and the servers are already releases. Now, it is possible to register deinit callbacks per-proxy or per-server. These callbacks will be called for each proxy and server before releasing them.
2019-07-31 02:44:12 -04:00
struct proxy_deinit_fct *pxdf;
struct server_deinit_fct *srvdf;
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
deinit_signals();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
while (p) {
BUG/MINOR: config: use a copy of the file name in proxy configurations Each proxy contains a reference to the original config file and line number where it was declared. The pointer used is just a reference to the one passed to the function instead of being duplicated. The effect is that it is not valid anymore at the end of the parsing and that all proxies will be enumerated as coming from the same file on some late configuration errors. This may happen for exmaple when reporting SSL certificate issues. By copying using strdup(), we avoid this issue. 1.4 has the same issue, though no report of the proxy file name is done out of the config section. Anyway a backport is recommended to ease post-mortem analysis.
2012-10-04 02:01:43 -04:00
free(p->conf.file);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(p->id);
free(p->cookie_name);
free(p->cookie_domain);
MINOR: proxy/http-ana: Add support of extra attributes for the cookie directive It is now possible to insert any attribute when a cookie is inserted by HAProxy. Any value may be set, no check is performed except the syntax validity (CTRL chars and ';' are forbidden). For instance, it may be used to add the SameSite attribute: cookie SRV insert attr "SameSite=Strict" The attr option may be repeated to add several attributes. This patch should fix the issue #361.
2020-01-21 05:06:48 -05:00
free(p->cookie_attrs);
MINOR: backend: move url_param_name/len to lbprm.arg_str/len This one is exclusively used by LB parameters, when using URL param hashing. Let's move it to the lbprm struct under a more generic name.
2019-01-14 09:23:54 -05:00
free(p->lbprm.arg_str);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(p->capture_name);
free(p->monitor_uri);
[MINOR] Free rdp_cookie_name on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:08 -04:00
free(p->rdp_cookie_name);
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (p->conf.logformat_string != default_http_log_format &&
p->conf.logformat_string != default_tcp_log_format &&
p->conf.logformat_string != clf_http_log_format)
free(p->conf.logformat_string);
free(p->conf.lfs_file);
free(p->conf.uniqueid_format_string);
free(p->conf.uif_file);
MEDIUM: backend: move all LB algo parameters into an union Since all of them are exclusive, let's move them to an union instead of eating memory with the sum of all of them. We're using a transparent union to limit the code changes. Doing so reduces the struct lbprm from 392 bytes to 372, and thanks to these changes, the struct proxy is now down to 6480 bytes vs 6624 before the changes (144 bytes saved per proxy).
2019-01-14 10:55:42 -05:00
if ((p->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_MAP)
free(p->lbprm.map.srv);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: logs: add a new RFC5424 log-format for the structured-data This patch adds a new RFC5424-specific log-format for the structured-data that is automatically send by __send_log() when the sender is in RFC5424 mode. A new statement "log-format-sd" should be used in order to set log-format for the structured-data part in RFC5424 formatted syslog messages. Example: log-format-sd [exampleSDID@1234\ bytes=\"%B\"\ status=\"%ST\"]
2015-09-25 13:17:44 -04:00
if (p->conf.logformat_sd_string != default_rfc5424_sd_log_format)
free(p->conf.logformat_sd_string);
free(p->conf.lfsd_file);
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
list_for_each_entry_safe(cond, condb, &p->mon_fail_cond, list) {
LIST_DEL(&cond->list);
prune_acl_cond(cond);
free(cond);
}
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
/* build a list of unique uri_auths */
if (!ua)
ua = p->uri_auth;
else {
/* check if p->uri_auth is unique */
for (uap = ua; uap; uap=uap->next)
if (uap == p->uri_auth)
break;
[BUG] we could segfault during exit while freeing uri_auths The following config makes haproxy segfault on exit : defaults mode http balance roundrobin listen no-stats bind :8001 listen stats bind :8002 stats uri /stats The simple fix is to ensure that p->uri_auth is not NULL before dereferencing it.
2008-06-24 05:14:45 -04:00
if (!uap && p->uri_auth) {
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
/* add it, if it is */
p->uri_auth->next = ua;
ua = p->uri_auth;
}
}
[MINOR] improve memory freeing upon exit The deinit() function is specialized in memory area freeing. There were a ton of information that were not released at the exit time, which made valgrind complain. Now, most of the entries are freed. However, it seems like regfree() does not completely free a regex (12 bytes lost per regex).
2007-06-16 18:36:03 -04:00
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
list_for_each_entry_safe(acl, aclb, &p->acl, list) {
LIST_DEL(&acl->list);
prune_acl(acl);
free(acl);
}
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
list_for_each_entry_safe(srule, sruleb, &p->server_rules, list) {
LIST_DEL(&srule->list);
prune_acl_cond(srule->cond);
free(srule->cond);
free(srule);
}
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
list_for_each_entry_safe(rule, ruleb, &p->switching_rules, list) {
LIST_DEL(&rule->list);
MEDIUM: config: relax use_backend check to make the condition optional Since it became possible to use log-format expressions in use_backend, having a mandatory condition becomes annoying because configurations are full of "if TRUE". Let's relax the check to accept no condition like many other keywords (eg: redirect).
2014-04-22 19:21:56 -04:00
if (rule->cond) {
prune_acl_cond(rule->cond);
free(rule->cond);
}
BUG/MINOR: haproxy: fix rule->file memory leak When using the "use_backend" configuration directive, the configuration file name stored as rule->file was not freed in some situations. This was introduced in commit 4ed1c95 ("MINOR: http/conf: store the use_backend configuration file and line for logs"). This patch should be backported to 1.9, 1.8 and 1.7.
2019-04-29 18:38:36 -04:00
free(rule->file);
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
free(rule);
}
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
list_for_each_entry_safe(rdr, rdrb, &p->redirect_rules, list) {
LIST_DEL(&rdr->list);
[MINOR] redirect: add support for unconditional rules Sometimes it's useful to be able to specify an unconditional redirect rule without adding "if TRUE".
2010-01-03 14:03:03 -05:00
if (rdr->cond) {
prune_acl_cond(rdr->cond);
free(rdr->cond);
}
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
free(rdr->rdr_str);
MEDIUM: http: The redirect strings follows the log format rules. We handle "http-request redirect" with a log-format string now, but we leave "redirect" unaffected. Note that the control of the special "/" case is move from the runtime execution to the configuration parsing. If the format rule list is empty, the build_logline() function does nothing.
2013-11-29 06:15:45 -05:00
list_for_each_entry_safe(lf, lfb, &rdr->rdr_fmt, list) {
LIST_DEL(&lf->list);
free(lf);
}
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
free(rdr);
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
list_for_each_entry_safe(log, logb, &p->logsrvs, list) {
LIST_DEL(&log->list);
free(log);
}
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
list_for_each_entry_safe(lf, lfb, &p->logformat, list) {
LIST_DEL(&lf->list);
BUG/MINOR: log: properly free memory on logformat parse error and deinit() This patch may be backported to all supported versions.
2019-04-29 18:40:02 -04:00
release_sample_expr(lf->expr);
free(lf->arg);
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
free(lf);
}
MEDIUM: logs: add a new RFC5424 log-format for the structured-data This patch adds a new RFC5424-specific log-format for the structured-data that is automatically send by __send_log() when the sender is in RFC5424 mode. A new statement "log-format-sd" should be used in order to set log-format for the structured-data part in RFC5424 formatted syslog messages. Example: log-format-sd [exampleSDID@1234\ bytes=\"%B\"\ status=\"%ST\"]
2015-09-25 13:17:44 -04:00
list_for_each_entry_safe(lf, lfb, &p->logformat_sd, list) {
LIST_DEL(&lf->list);
BUG/MINOR: log: properly free memory on logformat parse error and deinit() This patch may be backported to all supported versions.
2019-04-29 18:40:02 -04:00
release_sample_expr(lf->expr);
free(lf->arg);
MEDIUM: logs: add a new RFC5424 log-format for the structured-data This patch adds a new RFC5424-specific log-format for the structured-data that is automatically send by __send_log() when the sender is in RFC5424 mode. A new statement "log-format-sd" should be used in order to set log-format for the structured-data part in RFC5424 formatted syslog messages. Example: log-format-sd [exampleSDID@1234\ bytes=\"%B\"\ status=\"%ST\"]
2015-09-25 13:17:44 -04:00
free(lf);
}
BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules Functions to deinitialize the HTTP rules are buggy. These functions does not check the action name to release the right part in the arg union. Only few info are released. For auth rules, the realm is released and there is no problem here. But the regex <arg.hdr_add.re> is always unconditionally released. So it is easy to make these functions crash. For instance, with the following rule HAProxy crashes during the deinit : http-request set-map(/path/to/map) %[src] %[req.hdr(X-Value)] For now, These functions are simply removed and we rely on the deinit function used for TCP rules (renamed as deinit_act_rules()). This patch fixes the bug. But arguments used by actions are not released at all, this part will be addressed later. This patch must be backported to all stable versions.
2019-12-17 05:25:46 -05:00
deinit_act_rules(&p->tcp_req.inspect_rules);
deinit_act_rules(&p->tcp_rep.inspect_rules);
deinit_act_rules(&p->tcp_req.l4_rules);
deinit_act_rules(&p->tcp_req.l5_rules);
deinit_act_rules(&p->http_req_rules);
deinit_act_rules(&p->http_res_rules);
MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding This patch introduces the 'http-after-response' rules. These rules are evaluated at the end of the response analysis, just before the data forwarding, on ALL HTTP responses, the server ones but also all responses generated by HAProxy. Thanks to this ruleset, it is now possible for instance to add some headers to the responses generated by the stats applet. Following actions are supported : * allow * add-header * del-header * replace-header * replace-value * set-header * set-status * set-var * strict-mode * unset-var
2020-01-22 03:26:35 -05:00
deinit_act_rules(&p->http_after_res_rules);
[MINOR] Free tcp rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:09 -04:00
[MINOR] Free stick rules on denint() The motivation for this is that when soft-restart is merged it will be come more important to free all relevant memory in deinit() Discovered using valgrind.
2011-07-15 00:14:11 -04:00
deinit_stick_rules(&p->storersp_rules);
deinit_stick_rules(&p->sticking_rules);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
h = p->req_cap;
while (h) {
h_next = h->next;
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(h->name);
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_destroy(h->pool);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
free(h);
h = h_next;
}/* end while(h) */
h = p->rsp_cap;
while (h) {
h_next = h->next;
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(h->name);
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_destroy(h->pool);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
free(h);
h = h_next;
}/* end while(h) */
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
s = p->srv;
while (s) {
s_next = s->next;
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
BUG/MINOR: checks: free memory allocated for tasklets The check->wait_list.task and agent->wait_list.task were not freed properly on deinit(). This patch should be backported to 1.9.
2019-04-29 18:56:20 -04:00
CLEANUP: task: remove unneeded tests before task_destroy() Since previous commit it's not needed anymore to test a task pointer before calling task_destory() so let's just remove these tests from the various callers before they become confusing. The function's arguments were also documented. The same should probably be done with tasklet_free() which involves a test in roughly half of the call places.
2019-05-07 13:05:35 -04:00
task_destroy(s->warmup);
BUG/MEDIUM: checks: fix slowstart behaviour when server tracking is in use Ludovic Levesque reported and diagnosed an annoying bug. When a server is configured to track another one and has a slowstart interval set, it's assigned a minimal weight when the tracked server goes back up but keeps this weight forever. This is because the throttling during the warmup phase is only computed in the health checking function. After several attempts to resolve the issue, the only real solution is to split the check processing task in two tasks, one for the checks and one for the warmup. Each server with a slowstart setting has a warmum task which is responsible for updating the server's weight after a down to up transition. The task does not run in othe situations. In the end, the fix is neither complex nor long and should be backported to 1.4 since the issue was detected there first.
2011-10-31 06:53:20 -04:00
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(s->id);
free(s->cookie);
MAJOR: dns: Refactor the DNS code This is a huge patch with many changes, all about the DNS. Initially, the idea was to update the DNS part to ease the threads support integration. But quickly, I started to refactor some parts. And after several iterations, it was impossible for me to commit the different parts atomically. So, instead of adding tens of patches, often reworking the same parts, it was easier to merge all my changes in a uniq patch. Here are all changes made on the DNS. First, the DNS initialization has been refactored. The DNS configuration parsing remains untouched, in cfgparse.c. But all checks have been moved in a post-check callback. In the function dns_finalize_config, for each resolvers, the nameservers configuration is tested and the task used to manage DNS resolutions is created. The links between the backend's servers and the resolvers are also created at this step. Here no connection are kept alive. So there is no needs anymore to reopen them after HAProxy fork. Connections used to send DNS queries will be opened on demand. Then, the way DNS requesters are linked to a DNS resolution has been reworked. The resolution used by a requester is now referenced into the dns_requester structure and the resolution pointers in server and dns_srvrq structures have been removed. wait and curr list of requesters, for a DNS resolution, have been replaced by a uniq list. And Finally, the way a requester is removed from a DNS resolution has been simplified. Now everything is done in dns_unlink_resolution. srv_set_fqdn function has been simplified. Now, there is only 1 way to set the server's FQDN, independently it is done by the CLI or when a SRV record is resolved. The static DNS resolutions pool has been replaced by a dynamoc pool. The part has been modified by Baptiste Assmann. The way the DNS resolutions are triggered by the task or by a health-check has been totally refactored. Now, all timeouts are respected. Especially hold.valid. The default frequency to wake up a resolvers is now configurable using "timeout resolve" parameter. Now, as documented, as long as invalid repsonses are received, we really wait all name servers responses before retrying. As far as possible, resources allocated during DNS configuration parsing are releases when HAProxy is shutdown. Beside all these changes, the code has been cleaned to ease code review and the doc has been updated.
2017-09-27 05:00:59 -04:00
free(s->hostname_dn);
MINOR: deinit: fix memory leak deinit() did not free the conf.file member of server objects.
2014-09-05 04:08:23 -04:00
free((char*)s->conf.file);
MINOR: servers: Free [idle|safe|priv]_conns on exit. Don't forget to free idle_conns, safe_conns and priv_conns on exit. This can be backported to 1.8.
2018-11-22 12:50:54 -05:00
free(s->idle_conns);
free(s->safe_conns);
MEDIUM: servers: Split the connections into idle, safe, and available. Revamp the server connection lists. We know have 3 lists : - idle_conns, which contains idling connections - safe_conns, which contains idling connections that are safe to use even for the first request - available_conns, which contains connections that are not idling, but can still accept new streams (those are HTTP/2 or fastcgi, and are always considered safe).
2020-02-13 13:12:07 -05:00
free(s->available_conns);
BUG/MEDIUM: servers: Add a per-thread counter of idle connections. Add a per-thread counter of idling connections, and use it to determine how many connections we should kill after the timeout, instead of using the global counter, or we're likely to just kill most of the connections. This should be backported to 1.9.
2019-02-18 10:41:17 -05:00
free(s->curr_idle_thr);
MINOR: ssl_sock: implement and use prepare_srv()/destroy_srv() Now we can simply check the transport layer at run time and decide whether or not to initialize or destroy these entries. This removes other ifdefs and includes from cfgparse.c, haproxy.c and hlua.c.
2016-12-22 15:16:08 -05:00
BUG/MINOR: checks: Respect the no-check-ssl option This options is used to force a non-SSL connection to check a SSL server or to invert a check-ssl option inherited from the default section. The use_ssl field in the check structure is used to know if a SSL connection must be used (use_ssl=1) or not (use_ssl=0). The server configuration is used by default. The problem is that we cannot distinguish the default case (no specific SSL check option) and the case of an explicit non-SSL check. In both, use_ssl is set to 0. So the server configuration is always used. For a SSL server, when no-check-ssl option is set, the check is still performed using a SSL configuration. To fix the bug, instead of a boolean value (0=TCP, 1=SSL), we use a ternary value : * 0 = use server config * 1 = force SSL * -1 = force non-SSL The same is done for the server parameter. It is not really necessary for now. But it is a good way to know is the server no-ssl option is set. In addition, the PR_O_TCPCHK_SSL proxy option is no longer used to set use_ssl to 1 for a check. Instead the flag is directly tested to prepare or destroy the server SSL context. This patch should be backported as far as 1.8.
2020-03-27 13:55:49 -04:00
if (s->use_ssl == 1 || s->check.use_ssl == 1 || (s->proxy->options & PR_O_TCPCHK_SSL)) {
MINOR: ssl_sock: implement and use prepare_srv()/destroy_srv() Now we can simply check the transport layer at run time and decide whether or not to initialize or destroy these entries. This removes other ifdefs and includes from cfgparse.c, haproxy.c and hlua.c.
2016-12-22 15:16:08 -05:00
if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->destroy_srv)
xprt_get(XPRT_SSL)->destroy_srv(s);
}
BUILD: threads: Rename SPIN/RWLOCK macros using HA_ prefix This remove any name conflicts, especially on Solaris.
2017-11-07 04:42:54 -05:00
HA_SPIN_DESTROY(&s->lock);
MINOR: config: Support per-proxy and per-server deinit functions callbacks Most of times, when any allocation is done during configuration parsing because of a new keyword in proxy section or on the server line, we must add a call in the deinit() function to release allocated ressources. It is now possible to register a post-deinit callback because, at this stage, the proxies and the servers are already releases. Now, it is possible to register deinit callbacks per-proxy or per-server. These callbacks will be called for each proxy and server before releasing them.
2019-07-31 02:44:12 -04:00
list_for_each_entry(srvdf, &server_deinit_list, list)
srvdf->fct(s);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
free(s);
s = s_next;
}/* end while(s) */
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
list_for_each_entry_safe(l, l_next, &p->conf.listeners, by_fe) {
MINOR: proxy: Don't close FDs if not our proxy. When running with multiple process, if some proxies are just assigned to some processes, the other processes will just close the file descriptors for the listening sockets. However, we may still have to provide those sockets when reloading, so instead we just try hard to pretend those proxies are dead, while keeping the sockets opened. A new global option, no-reused-socket", has been added, to restore the old behavior of closing the sockets not bound to this process.
2017-04-05 19:05:05 -04:00
/*
* Zombie proxy, the listener just pretend to be up
* because they still hold an opened fd.
* Close it and give the listener its real state.
*/
if (p->state == PR_STSTOPPED && l->state >= LI_ZOMBIE) {
close(l->fd);
l->state = LI_INIT;
}
[BUG] deinit: unbind listeners before freeing them In deinit(), it is possible that we first free the listeners, then unbind them all. Right now this situation can't happen because the only way to call deinit() is to pass via a soft-stop which will already unbind all protocols. But later this might become a problem.
2010-09-03 04:38:17 -04:00
unbind_listener(l);
delete_listener(l);
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
LIST_DEL(&l->by_fe);
LIST_DEL(&l->by_bind);
[BUG] cfgparse memory leak and missing free calls in deinit() Thich patch fixes cfgparser not to leak memory on each default server statement and adds several missing free calls in deinit(): - free(l->name) - free(l->counters) - free(p->desc); - free(p->fwdfor_hdr_name); None of them are critical, hopefully.
2010-02-05 14:31:44 -05:00
free(l->name);
free(l->counters);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
free(l);
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
}
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
/* Release unused SSL configs. */
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
list_for_each_entry_safe(bind_conf, bind_back, &p->conf.bind, by_fe) {
MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf() Instead of hard-coding all SSL destruction in cfgparse.c and haproxy.c, we now register this new function as the transport layer's destroy_bind_conf() and call it only when defined. This removes some non-obvious SSL-specific code and #ifdefs from cfgparse.c and haproxy.c
2016-12-22 11:30:54 -05:00
if (bind_conf->xprt->destroy_bind_conf)
bind_conf->xprt->destroy_bind_conf(bind_conf);
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
free(bind_conf->file);
free(bind_conf->arg);
LIST_DEL(&bind_conf->by_fe);
free(bind_conf);
}
MEDIUM: config: centralize handling of SSL config per bind line SSL config holds many parameters which are per bind line and not per listener. Let's use a per-bind line config instead of having it replicated for each listener. At the moment we only do this for the SSL part but this should probably evolved to handle more of the configuration and maybe even the state per bind line.
2012-09-07 10:58:00 -04:00
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
flt_deinit(p);
MINOR: config: Support per-proxy and per-server deinit functions callbacks Most of times, when any allocation is done during configuration parsing because of a new keyword in proxy section or on the server line, we must add a call in the deinit() function to release allocated ressources. It is now possible to register a post-deinit callback because, at this stage, the proxies and the servers are already releases. Now, it is possible to register deinit callbacks per-proxy or per-server. These callbacks will be called for each proxy and server before releasing them.
2019-07-31 02:44:12 -04:00
list_for_each_entry(pxdf, &proxy_deinit_list, list)
pxdf->fct(p);
[BUG] cfgparse memory leak and missing free calls in deinit() Thich patch fixes cfgparser not to leak memory on each default server statement and adds several missing free calls in deinit(): - free(l->name) - free(l->counters) - free(p->desc); - free(p->fwdfor_hdr_name); None of them are critical, hopefully.
2010-02-05 14:31:44 -05:00
free(p->desc);
free(p->fwdfor_hdr_name);
MEDIUM: tasks: Merge task_delete() and task_free() into task_destroy(). task_delete() was never used without calling task_free() just after, and task_free() was only used on error pathes to destroy a just-created task, so merge them into task_destroy(), that will remove the task from the wait queue, and make sure the task is either destroyed immediately if it's not in the run queue, or destroyed when it's supposed to run.
2019-04-17 16:51:06 -04:00
task_destroy(p->task);
[MINOR] http-request: allow/deny/auth support for frontend/backend/listen Use the generic auth framework to control access to frontends/backends/listens
2010-01-29 11:58:21 -05:00
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_destroy(p->req_cap_pool);
pool_destroy(p->rsp_cap_pool);
BUG/MEDIUM: stick-table: fix regression caused by a change in proxy struct In commit 1b8e68e ("MEDIUM: stick-table: Stop handling stick-tables as proxies."), the ->table member of proxy struct was replaced by a pointer that is not always checked and in some situations can cause a segfault, eg. during reload or while using "show table" on CLI socket. No backport is needed.
2019-05-07 08:16:18 -04:00
if (p->table)
pool_destroy(p->table->pool);
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
[MAJOR] call garbage collector when doing soft stop When we're interrupted by another instance, it is very likely that the other one will need some memory. Now we know how to free what is not used, so let's do it. Also only free non-null pointers. Previously, pool_destroy() did implicitly check for this case which was incidentely needed.
2007-05-13 18:39:29 -04:00
p0 = p;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
p = p->next;
BUILD: threads: Rename SPIN/RWLOCK macros using HA_ prefix This remove any name conflicts, especially on Solaris.
2017-11-07 04:42:54 -05:00
HA_SPIN_DESTROY(&p0->lbprm.lock);
HA_SPIN_DESTROY(&p0->lock);
[MAJOR] call garbage collector when doing soft stop When we're interrupted by another instance, it is very likely that the other one will need some memory. Now we know how to free what is not used, so let's do it. Also only free non-null pointers. Previously, pool_destroy() did implicitly check for this case which was incidentely needed.
2007-05-13 18:39:29 -04:00
free(p0);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}/* end while(p) */
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
while (ua) {
uap = ua;
ua = ua->next;
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(uap->uri_prefix);
free(uap->auth_realm);
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
free(uap->node);
free(uap->desc);
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
userlist_free(uap->userlist);
BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules Functions to deinitialize the HTTP rules are buggy. These functions does not check the action name to release the right part in the arg union. Only few info are released. For auth rules, the realm is released and there is no problem here. But the regex <arg.hdr_add.re> is always unconditionally released. So it is easy to make these functions crash. For instance, with the following rule HAProxy crashes during the deinit : http-request set-map(/path/to/map) %[src] %[req.hdr(X-Value)] For now, These functions are simply removed and we rely on the deinit function used for TCP rules (renamed as deinit_act_rules()). This patch fixes the bug. But arguments used by actions are not released at all, this part will be addressed later. This patch must be backported to all stable versions.
2019-12-17 05:25:46 -05:00
deinit_act_rules(&uap->http_req_rules);
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
free(uap);
}
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
userlist_free(userlist);
BUG/MEDIUM: main: Freeing a bunch of static pointers static_table_key, get_http_auth_buff and swap_buffer static variables are now freed during deinit and the two previously new functions are called as well. In addition, the 'trash' string buffer is cleared.
2015-09-25 07:02:25 -04:00
cfg_unregister_sections();
MINOR: logs: Use dedicated function to init/deinit log buffers Now, we use init_log_buffers and deinit_log_buffers to, respectively, initialize and deinitialize log buffers used for syslog messages. These functions have been introduced to be used by threads, to deal with thread-local log buffers.
2017-07-26 09:33:35 -04:00
deinit_log_buffers();
BUG/MEDIUM: main: Freeing a bunch of static pointers static_table_key, get_http_auth_buff and swap_buffer static variables are now freed during deinit and the two previously new functions are called as well. In addition, the 'trash' string buffer is cleared.
2015-09-25 07:02:25 -04:00
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
protocol_unbind_all();
MINOR: haproxy: add a registration for post-deinit functions The 3 device detection engines stop at the same place in deinit() with the usual #ifdefs. Similar to the other functions we can have some late deinitialization functions. These functions do not return anything however so we have to use a different type.
2016-12-21 14:46:26 -05:00
list_for_each_entry(pdf, &post_deinit_list, list)
pdf->fct();
[MINOR] log: add support for passing the forwarded hostname Haproxy does not include the hostname rather the IP of the machine in the syslog headers it sends. Unfortunately this means that for each log line rsyslog does a reverse dns on the client IP and in the case of non-routable IPs one gets the public hostname not the internal one. While this is valid according to RFC3164 as one might imagine this is troublsome if you have some machines with public IPs, internal IPs, no reverse DNS entries, etc and you want a standardized hostname based log directory structure. The rfc says the preferred value is the hostname. This patch adds a global "log-send-hostname" statement which accepts an optional string to force the host name. If unset, the local host name is used.
2010-12-29 11:05:48 -05:00
free(global.log_send_hostname); global.log_send_hostname = NULL;
BUG/MEDIUM: logs: segfault writing to log from Lua Michael Ezzell reported a bug causing haproxy to segfault during startup when trying to send syslog message from Lua. The function __send_log() can be called with *p that is NULL and/or when the configuration is not fully parsed, as is the case with Lua. This patch fixes this problem by using individual vectors instead of the pre-generated strings log_htp and log_htp_rfc5424. Also, this patch fixes a problem causing haproxy to write the wrong pid in the logs -- the log_htp(_rfc5424) strings were generated at the haproxy start, but "pid" value would be changed after haproxy is started in daemon/systemd mode.
2015-10-01 07:18:13 -04:00
chunk_destroy(&global.log_tag);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(global.chroot); global.chroot = NULL;
free(global.pidfile); global.pidfile = NULL;
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
free(global.node); global.node = NULL;
free(global.desc); global.desc = NULL;
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(oldpids); oldpids = NULL;
MEDIUM: tasks: Merge task_delete() and task_free() into task_destroy(). task_delete() was never used without calling task_free() just after, and task_free() was only used on error pathes to destroy a just-created task, so merge them into task_destroy(), that will remove the task from the wait queue, and make sure the task is either destroyed immediately if it's not in the run queue, or destroyed when it's supposed to run.
2019-04-17 16:51:06 -04:00
task_destroy(idle_conn_task);
MEDIUM: servers: Reorganize the way idle connections are cleaned. Instead of having one task per thread and per server that does clean the idling connections, have only one global task for every servers. That tasks parses all the servers that currently have idling connections, and remove half of them, to put them in a per-thread list of connections to kill. For each thread that does have connections to kill, wake a task to do so, so that the cleaning will be done in the context of said thread.
2019-02-14 12:29:09 -05:00
idle_conn_task = NULL;
[MEDIUM] Fix memory freeing at exit, part 2 - free oldpids - call free(exp->preg), not only regfree(exp->preg): req_exp, rsp_exp - build a list of unique uri_auths and eventually free it - prune_acl_cond/free for switching_rules - add a callback pointer to free ptr from acl_pattern (used for regexs) and execute it ==1180== malloc/free: in use at exit: 0 bytes in 0 blocks. ==1180== malloc/free: 5,599 allocs, 5,599 frees, 4,220,556 bytes allocated. ==1180== All heap blocks were freed -- no leaks are possible.
2008-05-31 07:53:23 -04:00
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
list_for_each_entry_safe(log, logb, &global.logsrvs, list) {
LIST_DEL(&log->list);
free(log);
}
[MEDIUM] config: remove the limitation of 10 config files Now we use a linked list, there is no limit anymore.
2010-01-03 15:12:30 -05:00
list_for_each_entry_safe(wl, wlb, &cfg_cfgfiles, list) {
MEDIUM: init: use list_append_word in haproxy.c replace LIST_ADDQ with list_append_word
2016-05-13 17:52:55 -04:00
free(wl->s);
[MEDIUM] config: remove the limitation of 10 config files Now we use a linked list, there is no limit anymore.
2010-01-03 15:12:30 -05:00
LIST_DEL(&wl->list);
free(wl);
}
MINOR: haproxy: add a registration for build options Many extensions now report some build options to ease debugging, but this is now being done at the expense of code maintainability. Let's provide a registration function to do this so that we can start to remove most of the #ifdefs from haproxy.c (18 currently just for a single function).
2016-12-21 12:43:10 -05:00
list_for_each_entry_safe(bol, bolb, &build_opts_list, list) {
if (bol->must_free)
free((void *)bol->str);
LIST_DEL(&bol->list);
free(bol);
}
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
vars_prune(&global.vars, NULL, NULL);
MEDIUM: memory: use pool_destroy_all() to destroy all pools on deinit() Instead of exporting a number of pools and having to manually delete them in deinit() or to have dedicated destructors to remove them, let's simply kill all pools on deinit(). For this a new function pool_destroy_all() was introduced. As its name implies, it destroys and frees all pools (provided they don't have any user anymore of course). This allowed to remove 4 implicit destructors, 2 explicit ones, and 11 individual calls to pool_destroy(). In addition it properly removes the mux_pt_ctx pool which was not cleared on exit (no backport needed here since it's 1.9 only). The sig_handler pool doesn't need to be exported anymore and became static now.
2018-11-26 09:57:34 -05:00
pool_destroy_all();
[MEDIUM] Fix memory freeing at exit New functions implemented: - deinit_pollers: called at the end of deinit()) - prune_acl: called via list_for_each_entry_safe Add missing pool_destroy2 calls: - p->hdr_idx_pool - pool2_tree64 Implement all task stopping: - health-check: needs new "struct task" in the struct server - queue processing: queue_mgt - appsess_refresh: appsession_refresh before (idle system): ==6079== LEAK SUMMARY: ==6079== definitely lost: 1,112 bytes in 75 blocks. ==6079== indirectly lost: 53,356 bytes in 2,090 blocks. ==6079== possibly lost: 52 bytes in 1 blocks. ==6079== still reachable: 150,996 bytes in 504 blocks. ==6079== suppressed: 0 bytes in 0 blocks. after (idle system): ==6945== LEAK SUMMARY: ==6945== definitely lost: 7,644 bytes in 137 blocks. ==6945== indirectly lost: 9,913 bytes in 587 blocks. ==6945== possibly lost: 0 bytes in 0 blocks. ==6945== still reachable: 0 bytes in 0 blocks. ==6945== suppressed: 0 bytes in 0 blocks. before (running system for ~2m): ==9343== LEAK SUMMARY: ==9343== definitely lost: 1,112 bytes in 75 blocks. ==9343== indirectly lost: 54,199 bytes in 2,122 blocks. ==9343== possibly lost: 52 bytes in 1 blocks. ==9343== still reachable: 151,128 bytes in 509 blocks. ==9343== suppressed: 0 bytes in 0 blocks. after (running system for ~2m): ==11616== LEAK SUMMARY: ==11616== definitely lost: 7,644 bytes in 137 blocks. ==11616== indirectly lost: 9,981 bytes in 591 blocks. ==11616== possibly lost: 0 bytes in 0 blocks. ==11616== still reachable: 4 bytes in 1 blocks. ==11616== suppressed: 0 bytes in 0 blocks. Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
deinit_pollers();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} /* end deinit() */
MEDIUM: mworker: leave when the master die When the master die, the worker should exit too, this is achieved by checking if the FD of the socketpair/pipe was closed between the master and the worker. In the former architecture of the master-worker, there was only a pipe between the master and the workers, and it was easy to check an EOF on the pipe FD to exit() the worker. With the new architecture, we use a socketpair by process, and this socketpair is also used to accept new connections with the listener_accept() callback. This accept callback can't handle the EOF and the exit of the process, because it's very specific to the master worker. This is why we transformed the mworker_pipe_handler() function in a wrapper which check if there is an EOF and exit the process, and if not call listener_accept() to achieve the accept.
2018-11-06 11:37:16 -05:00
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
/* Runs the polling loop */
MINOR: haproxy: export run_poll_loop This will help refine debug traces.
2020-03-03 08:59:56 -05:00
void run_poll_loop()
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
{
MEDIUM: poller: separate the wait time from the wake events We have been abusing the do_poll()'s timeout for a while, making it zero whenever there is some known activity. The problem this poses is that it complicates activity diagnostic by incrementing the poll_exp field for each known activity. It also requires extra computations that could be avoided. This change passes a "wake" argument to say that the poller must not sleep. This simplifies the operations and allows one to differenciate expirations from activity.
2019-05-28 10:44:05 -04:00
int next, wake;
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
[MEDIUM] further improve monotonic clock by check forward jumps The first implementation of the monotonic clock did not verify forward jumps. The consequence is that a fast changing time may expire a lot of tasks. While it does seem minor, in fact it is problematic because most machines which boot with a wrong date are in the past and suddenly see their time jump by several years in the future. The solution is to check if we spent more apparent time in a poller than allowed (with a margin applied). The margin is currently set to 1000 ms. It should be large enough for any poll() to complete. Tests with randomly jumping clock show that the result is quite accurate (error less than 1 second at every change of more than one second).
2008-06-23 08:00:57 -04:00
tv_update_date(0,1);
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
while (1) {
MINOR: tasks: split wake_expired_tasks() in two parts to avoid useless wakeups We used to have wake_expired_tasks() wake up tasks and return the next expiration delay. The problem this causes is that we have to call it just before poll() in order to consider latest timers, but this also means that we don't wake up all newly expired tasks upon return from poll(), which thus systematically requires a second poll() round. This is visible when running any scheduled task like a health check, as there are systematically two poll() calls, one with the interval, nothing is done after it, and another one with a zero delay, and the task is called: listen test bind *:8001 server s1 127.0.0.1:1111 check 09:37:38.200959 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8696843}) = 0 09:37:38.200967 epoll_wait(3, [], 200, 1000) = 0 09:37:39.202459 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8712467}) = 0 >> nothing run here, as the expired task was not woken up yet. 09:37:39.202497 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8715766}) = 0 09:37:39.202505 epoll_wait(3, [], 200, 0) = 0 09:37:39.202513 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8719064}) = 0 >> now the expired task was woken up 09:37:39.202522 socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 7 09:37:39.202537 fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 09:37:39.202565 setsockopt(7, SOL_TCP, TCP_NODELAY, [1], 4) = 0 09:37:39.202577 setsockopt(7, SOL_TCP, TCP_QUICKACK, [0], 4) = 0 09:37:39.202585 connect(7, {sa_family=AF_INET, sin_port=htons(1111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress) 09:37:39.202659 epoll_ctl(3, EPOLL_CTL_ADD, 7, {EPOLLOUT, {u32=7, u64=7}}) = 0 09:37:39.202673 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8814713}) = 0 09:37:39.202683 epoll_wait(3, [{EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=7, u64=7}}], 200, 1000) = 1 09:37:39.202693 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8818617}) = 0 09:37:39.202701 getsockopt(7, SOL_SOCKET, SO_ERROR, [111], [4]) = 0 09:37:39.202715 close(7) = 0 Let's instead split the function in two parts: - the first part, wake_expired_tasks(), called just before process_runnable_tasks(), wakes up all expired tasks; it doesn't compute any timeout. - the second part, next_timer_expiry(), called just before poll(), only computes the next timeout for the current thread. Thanks to this, all expired tasks are properly woken up when leaving poll, and each poll call's timeout remains up to date: 09:41:16.270449 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10223556}) = 0 09:41:16.270457 epoll_wait(3, [], 200, 999) = 0 09:41:17.270130 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10238572}) = 0 09:41:17.270157 socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 7 09:41:17.270194 fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 09:41:17.270204 setsockopt(7, SOL_TCP, TCP_NODELAY, [1], 4) = 0 09:41:17.270216 setsockopt(7, SOL_TCP, TCP_QUICKACK, [0], 4) = 0 09:41:17.270224 connect(7, {sa_family=AF_INET, sin_port=htons(1111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress) 09:41:17.270299 epoll_ctl(3, EPOLL_CTL_ADD, 7, {EPOLLOUT, {u32=7, u64=7}}) = 0 09:41:17.270314 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10337841}) = 0 09:41:17.270323 epoll_wait(3, [{EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=7, u64=7}}], 200, 1000) = 1 09:41:17.270332 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10341860}) = 0 09:41:17.270340 getsockopt(7, SOL_SOCKET, SO_ERROR, [111], [4]) = 0 09:41:17.270367 close(7) = 0 This may be backported to 2.1 and 2.0 though it's unlikely to bring any user-visible improvement except to clarify debugging.
2019-12-11 02:12:23 -05:00
wake_expired_tasks();
MAJOR: poll: only rely on wake_expired_tasks() to compute the wait delay Actually, HAProxy uses the function "process_runnable_tasks" and "wake_expired_tasks" to get the next task which can expires. If a task is added with "task_schedule" or other method during the execution of an other task, the expiration of this new task is not taken into account, and the execution of this task can be too late. Actualy, HAProxy seems to be no sensitive to this bug. This fix moves the call to process_runnable_tasks() before the timeout calculation and ensures that all wakeups are processed together. Only wake_expired_tasks() needs to return a timeout now.
2014-12-15 07:26:01 -05:00
/* Process a few tasks */
process_runnable_tasks();
BUG/MEDIUM: threads: handle signal queue only in thread 0 Signals were handled in all threads which caused some signals to be lost from time to time. To avoid complicated lock system (threads+signals), we prefer handling the signals in one thread avoiding concurrent access. The side effect of this bug was that some process were not leaving from time to time during a reload. This patch must be backported in 1.8.
2018-06-07 03:46:01 -04:00
/* check if we caught some signals and process them in the
first thread */
if (tid == 0)
signal_process_queue();
[MEDIUM] call signal_process_queue from run_poll_loop Now we check for asynchronous pending signals. There's no user yet so this cannot cause any trouble.
2009-05-10 03:01:21 -04:00
BUG/MINOR: deinit/threads: make hard-stop-after perform a clean exit As reported in GH issue #99, when hard-stop-after triggers and threads are in use, the chance that any thread releases the resources in use by the other ones is non-null. Thus no thread should be allowed to deinit() nor exit by itself. Here we take a different approach. We simply use a 3rd possible value for the "killed" variable so that all threads know they must break out of the run-poll-loop and immediately stop. This patch was tested by commenting the stream_shutdown() calls in hard_stop() to increase the chances to see a stream use released resources. With this fix applied, it never crashes anymore. This fix should be backported to 1.9 and 1.8.
2019-06-02 05:11:29 -04:00
/* also stop if we failed to cleanly stop all tasks */
if (killed > 1)
break;
CLEANUP: poll: move the conditions for waiting out of the poll functions The poll() functions have become a bit dirty because they now check the size of the signal queue, the FD cache and the number of tasks. It's not their job, this must be moved to the caller. In the end it simplifies the code because the expiration date is now set to now_ms if we must not wait, and this achieves in exactly the same result and is cleaner. The change looks large due to the change of indent for blocks which were inside an "if" block.
2015-04-13 14:44:19 -04:00
/* expire immediately if events are pending */
MEDIUM: poller: separate the wait time from the wake events We have been abusing the do_poll()'s timeout for a while, making it zero whenever there is some known activity. The problem this poses is that it complicates activity diagnostic by incrementing the poll_exp field for each known activity. It also requires extra computations that could be avoided. This change passes a "wake" argument to say that the poller must not sleep. This simplifies the operations and allows one to differenciate expirations from activity.
2019-05-28 10:44:05 -04:00
wake = 1;
MAJOR: fd: Get rid of the fd cache. Now that the architecture was changed so that attempts to receive/send data always come from the upper layers, instead of them only trying to do so when the lower layer let them know they could try, we can finally get rid of the fd cache. We don't really need it anymore, and removing it gives us a small performance boost.
2019-07-24 12:07:06 -04:00
if (thread_has_tasks())
MINOR: global: add some global activity counters to help debugging A number of counters have been added at special places helping better understanding certain bug reports. These counters are maintained per thread and are shown using "show activity" on the CLI. The "clear counters" commands also reset these counters. The output is sent as a single write(), which currently produces up to about 7 kB of data for 64 threads. If more counters are added, it may be necessary to write into multiple buffers, or to reset the counters. To backport to 1.8 to help collect more detailed bug reports.
2018-01-20 13:30:13 -05:00
activity[tid].wake_tasks++;
BUG/MEDIUM: threads: handle signal queue only in thread 0 Signals were handled in all threads which caused some signals to be lost from time to time. To avoid complicated lock system (threads+signals), we prefer handling the signals in one thread avoiding concurrent access. The side effect of this bug was that some process were not leaving from time to time during a reload. This patch must be backported in 1.8.
2018-06-07 03:46:01 -04:00
else if (signal_queue_len && tid == 0)
MINOR: global: add some global activity counters to help debugging A number of counters have been added at special places helping better understanding certain bug reports. These counters are maintained per thread and are shown using "show activity" on the CLI. The "clear counters" commands also reset these counters. The output is sent as a single write(), which currently produces up to about 7 kB of data for 64 threads. If more counters are added, it may be necessary to write into multiple buffers, or to reset the counters. To backport to 1.8 to help collect more detailed bug reports.
2018-01-20 13:30:13 -05:00
activity[tid].wake_signal++;
MINOR: pollers: Add a way to wake a thread sleeping in the poller. Add a new pipe, one per thread, so that we can write on it to wake a thread sleeping in a poller, and use it to wake threads supposed to take care of a task, if they are all sleeping.
2018-07-26 11:55:11 -04:00
else {
MEDIUM: threads: Use the new _HA_ATOMIC_* macros. Use the new _HA_ATOMIC_* macros and add barriers where needed.
2019-03-08 12:51:17 -05:00
_HA_ATOMIC_OR(&sleeping_thread_mask, tid_bit);
__ha_barrier_atomic_store();
CLEANUP: haproxy/threads: don't check global_tasks_mask twice In run_thread_poll_loop() we test both for (global_tasks_mask & tid_bit) and thread_has_tasks(), but the former is useless since this test is already part of the latter.
2020-03-23 04:33:32 -04:00
if (thread_has_tasks()) {
MINOR: pollers: Add a way to wake a thread sleeping in the poller. Add a new pipe, one per thread, so that we can write on it to wake a thread sleeping in a poller, and use it to wake threads supposed to take care of a task, if they are all sleeping.
2018-07-26 11:55:11 -04:00
activity[tid].wake_tasks++;
MEDIUM: threads: Use the new _HA_ATOMIC_* macros. Use the new _HA_ATOMIC_* macros and add barriers where needed.
2019-03-08 12:51:17 -05:00
_HA_ATOMIC_AND(&sleeping_thread_mask, ~tid_bit);
MINOR: pollers: Add a way to wake a thread sleeping in the poller. Add a new pipe, one per thread, so that we can write on it to wake a thread sleeping in a poller, and use it to wake threads supposed to take care of a task, if they are all sleeping.
2018-07-26 11:55:11 -04:00
} else
MEDIUM: poller: separate the wait time from the wake events We have been abusing the do_poll()'s timeout for a while, making it zero whenever there is some known activity. The problem this poses is that it complicates activity diagnostic by incrementing the poll_exp field for each known activity. It also requires extra computations that could be avoided. This change passes a "wake" argument to say that the poller must not sleep. This simplifies the operations and allows one to differenciate expirations from activity.
2019-05-28 10:44:05 -04:00
wake = 0;
MINOR: pollers: Add a way to wake a thread sleeping in the poller. Add a new pipe, one per thread, so that we can write on it to wake a thread sleeping in a poller, and use it to wake threads supposed to take care of a task, if they are all sleeping.
2018-07-26 11:55:11 -04:00
}
CLEANUP: poll: move the conditions for waiting out of the poll functions The poll() functions have become a bit dirty because they now check the size of the signal queue, the FD cache and the number of tasks. It's not their job, this must be moved to the caller. In the end it simplifies the code because the expiration date is now set to now_ms if we must not wait, and this achieves in exactly the same result and is cleaner. The change looks large due to the change of indent for blocks which were inside an "if" block.
2015-04-13 14:44:19 -04:00
BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection Commit 4b3f27b ("BUG/MINOR: haproxy/threads: try to make all threads leave together") improved the soft-stop synchronization but it left a small race open because it looks at tasks_run_queue, which can drop to zero then back to one while another thread picks the task from the run queue to insert it into the tasklet_list. The risk is very low but not null. In addition the condition didn't consider the possible presence of signals in the queue. This patch moves the stopping detection just after the "wake" calculation which already takes care of the various queues' sizes and signals. It avoids needlessly duplicating these tests. The bug was discovered during a code review but will probably never be observed. This fix may be backported to 2.1 and 2.0 along with the commit above.
2020-03-23 04:27:28 -04:00
if (!wake) {
BUG/MINOR: soft-stop: always wake up waiting threads on stopping Currently the soft-stop can lead to old processes remaining alive for as long as two seconds after receiving a soft-stop signal. What happens is that when receiving SIGUSR1, one thread (usually the first one) wakes up, handles the signal, sets "stopping", goes into runn_poll_loop(), and discovers that stopping is set, so its also sets itself in the stopping_thread_mask bit mask. After this it sees that other threads are not yet willing to stop, so it continues to wait. From there, other threads which were waiting in poll() expire after one second on poll timeout and enter run_poll_loop() in turn. That's already one second of wait time. They discover each in turn that they're stopping and see that other threads are not yet stopping, so they go back waiting. After the end of the first second, all threads know they're stopping and have set their bit in stopping_thread_mask. It's only now that those who started to wait first wake up again on timeout to discover that all other ones are stopping, and can now quit. One second later all threads will have done it and the process will quit. This is effectively strictly larger than one second and up to two seconds. What the current patch does is simple, when the first thread stops, it sets its own bit into stopping_thread_mask then wakes up all other threads to do also set theirs. This kills the first second which corresponds to the time to discover the stopping state. Second, when a thread exists, it wakes all other ones again because some might have gone back sleeping waiting for "jobs" to go down to zero (i.e. closing the last connection). This kills the last second of wait time. Thanks to this, as SIGUSR1 now acts instantly again if there's no active connection, or it stops immediately after the last connection has left if one was still present. This should be backported as far as 2.0.
2020-05-13 07:51:01 -04:00
int i;
if (stopping) {
MINOR: soft-stop: let the first stopper only signal other threads When the first thread stops and wakes others up, it's possible some of them will also start to wake others in parallel. Let's make give this notification task to the very first one instead since it's enough and can reduce the amount of needless (though harmless) wakeup calls.
2020-05-13 08:30:25 -04:00
if (_HA_ATOMIC_OR(&stopping_thread_mask, tid_bit) == tid_bit) {
/* notify all threads that stopping was just set */
for (i = 0; i < global.nbthread; i++)
if ((all_threads_mask >> i) & 1)
wake_thread(i);
}
BUG/MINOR: soft-stop: always wake up waiting threads on stopping Currently the soft-stop can lead to old processes remaining alive for as long as two seconds after receiving a soft-stop signal. What happens is that when receiving SIGUSR1, one thread (usually the first one) wakes up, handles the signal, sets "stopping", goes into runn_poll_loop(), and discovers that stopping is set, so its also sets itself in the stopping_thread_mask bit mask. After this it sees that other threads are not yet willing to stop, so it continues to wait. From there, other threads which were waiting in poll() expire after one second on poll timeout and enter run_poll_loop() in turn. That's already one second of wait time. They discover each in turn that they're stopping and see that other threads are not yet stopping, so they go back waiting. After the end of the first second, all threads know they're stopping and have set their bit in stopping_thread_mask. It's only now that those who started to wait first wake up again on timeout to discover that all other ones are stopping, and can now quit. One second later all threads will have done it and the process will quit. This is effectively strictly larger than one second and up to two seconds. What the current patch does is simple, when the first thread stops, it sets its own bit into stopping_thread_mask then wakes up all other threads to do also set theirs. This kills the first second which corresponds to the time to discover the stopping state. Second, when a thread exists, it wakes all other ones again because some might have gone back sleeping waiting for "jobs" to go down to zero (i.e. closing the last connection). This kills the last second of wait time. Thanks to this, as SIGUSR1 now acts instantly again if there's no active connection, or it stops immediately after the last connection has left if one was still present. This should be backported as far as 2.0.
2020-05-13 07:51:01 -04:00
}
BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection Commit 4b3f27b ("BUG/MINOR: haproxy/threads: try to make all threads leave together") improved the soft-stop synchronization but it left a small race open because it looks at tasks_run_queue, which can drop to zero then back to one while another thread picks the task from the run queue to insert it into the tasklet_list. The risk is very low but not null. In addition the condition didn't consider the possible presence of signals in the queue. This patch moves the stopping detection just after the "wake" calculation which already takes care of the various queues' sizes and signals. It avoids needlessly duplicating these tests. The bug was discovered during a code review but will probably never be observed. This fix may be backported to 2.1 and 2.0 along with the commit above.
2020-03-23 04:27:28 -04:00
/* stop when there's nothing left to do */
if ((jobs - unstoppable_jobs) == 0 &&
BUG/MINOR: soft-stop: always wake up waiting threads on stopping Currently the soft-stop can lead to old processes remaining alive for as long as two seconds after receiving a soft-stop signal. What happens is that when receiving SIGUSR1, one thread (usually the first one) wakes up, handles the signal, sets "stopping", goes into runn_poll_loop(), and discovers that stopping is set, so its also sets itself in the stopping_thread_mask bit mask. After this it sees that other threads are not yet willing to stop, so it continues to wait. From there, other threads which were waiting in poll() expire after one second on poll timeout and enter run_poll_loop() in turn. That's already one second of wait time. They discover each in turn that they're stopping and see that other threads are not yet stopping, so they go back waiting. After the end of the first second, all threads know they're stopping and have set their bit in stopping_thread_mask. It's only now that those who started to wait first wake up again on timeout to discover that all other ones are stopping, and can now quit. One second later all threads will have done it and the process will quit. This is effectively strictly larger than one second and up to two seconds. What the current patch does is simple, when the first thread stops, it sets its own bit into stopping_thread_mask then wakes up all other threads to do also set theirs. This kills the first second which corresponds to the time to discover the stopping state. Second, when a thread exists, it wakes all other ones again because some might have gone back sleeping waiting for "jobs" to go down to zero (i.e. closing the last connection). This kills the last second of wait time. Thanks to this, as SIGUSR1 now acts instantly again if there's no active connection, or it stops immediately after the last connection has left if one was still present. This should be backported as far as 2.0.
2020-05-13 07:51:01 -04:00
(stopping_thread_mask & all_threads_mask) == all_threads_mask) {
/* wake all threads waiting on jobs==0 */
for (i = 0; i < global.nbthread; i++)
if (((all_threads_mask & ~tid_bit) >> i) & 1)
wake_thread(i);
BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection Commit 4b3f27b ("BUG/MINOR: haproxy/threads: try to make all threads leave together") improved the soft-stop synchronization but it left a small race open because it looks at tasks_run_queue, which can drop to zero then back to one while another thread picks the task from the run queue to insert it into the tasklet_list. The risk is very low but not null. In addition the condition didn't consider the possible presence of signals in the queue. This patch moves the stopping detection just after the "wake" calculation which already takes care of the various queues' sizes and signals. It avoids needlessly duplicating these tests. The bug was discovered during a code review but will probably never be observed. This fix may be backported to 2.1 and 2.0 along with the commit above.
2020-03-23 04:27:28 -04:00
break;
BUG/MINOR: soft-stop: always wake up waiting threads on stopping Currently the soft-stop can lead to old processes remaining alive for as long as two seconds after receiving a soft-stop signal. What happens is that when receiving SIGUSR1, one thread (usually the first one) wakes up, handles the signal, sets "stopping", goes into runn_poll_loop(), and discovers that stopping is set, so its also sets itself in the stopping_thread_mask bit mask. After this it sees that other threads are not yet willing to stop, so it continues to wait. From there, other threads which were waiting in poll() expire after one second on poll timeout and enter run_poll_loop() in turn. That's already one second of wait time. They discover each in turn that they're stopping and see that other threads are not yet stopping, so they go back waiting. After the end of the first second, all threads know they're stopping and have set their bit in stopping_thread_mask. It's only now that those who started to wait first wake up again on timeout to discover that all other ones are stopping, and can now quit. One second later all threads will have done it and the process will quit. This is effectively strictly larger than one second and up to two seconds. What the current patch does is simple, when the first thread stops, it sets its own bit into stopping_thread_mask then wakes up all other threads to do also set theirs. This kills the first second which corresponds to the time to discover the stopping state. Second, when a thread exists, it wakes all other ones again because some might have gone back sleeping waiting for "jobs" to go down to zero (i.e. closing the last connection). This kills the last second of wait time. Thanks to this, as SIGUSR1 now acts instantly again if there's no active connection, or it stops immediately after the last connection has left if one was still present. This should be backported as far as 2.0.
2020-05-13 07:51:01 -04:00
}
BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection Commit 4b3f27b ("BUG/MINOR: haproxy/threads: try to make all threads leave together") improved the soft-stop synchronization but it left a small race open because it looks at tasks_run_queue, which can drop to zero then back to one while another thread picks the task from the run queue to insert it into the tasklet_list. The risk is very low but not null. In addition the condition didn't consider the possible presence of signals in the queue. This patch moves the stopping detection just after the "wake" calculation which already takes care of the various queues' sizes and signals. It avoids needlessly duplicating these tests. The bug was discovered during a code review but will probably never be observed. This fix may be backported to 2.1 and 2.0 along with the commit above.
2020-03-23 04:27:28 -04:00
}
MINOR: tasks: split wake_expired_tasks() in two parts to avoid useless wakeups We used to have wake_expired_tasks() wake up tasks and return the next expiration delay. The problem this causes is that we have to call it just before poll() in order to consider latest timers, but this also means that we don't wake up all newly expired tasks upon return from poll(), which thus systematically requires a second poll() round. This is visible when running any scheduled task like a health check, as there are systematically two poll() calls, one with the interval, nothing is done after it, and another one with a zero delay, and the task is called: listen test bind *:8001 server s1 127.0.0.1:1111 check 09:37:38.200959 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8696843}) = 0 09:37:38.200967 epoll_wait(3, [], 200, 1000) = 0 09:37:39.202459 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8712467}) = 0 >> nothing run here, as the expired task was not woken up yet. 09:37:39.202497 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8715766}) = 0 09:37:39.202505 epoll_wait(3, [], 200, 0) = 0 09:37:39.202513 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8719064}) = 0 >> now the expired task was woken up 09:37:39.202522 socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 7 09:37:39.202537 fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 09:37:39.202565 setsockopt(7, SOL_TCP, TCP_NODELAY, [1], 4) = 0 09:37:39.202577 setsockopt(7, SOL_TCP, TCP_QUICKACK, [0], 4) = 0 09:37:39.202585 connect(7, {sa_family=AF_INET, sin_port=htons(1111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress) 09:37:39.202659 epoll_ctl(3, EPOLL_CTL_ADD, 7, {EPOLLOUT, {u32=7, u64=7}}) = 0 09:37:39.202673 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8814713}) = 0 09:37:39.202683 epoll_wait(3, [{EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=7, u64=7}}], 200, 1000) = 1 09:37:39.202693 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8818617}) = 0 09:37:39.202701 getsockopt(7, SOL_SOCKET, SO_ERROR, [111], [4]) = 0 09:37:39.202715 close(7) = 0 Let's instead split the function in two parts: - the first part, wake_expired_tasks(), called just before process_runnable_tasks(), wakes up all expired tasks; it doesn't compute any timeout. - the second part, next_timer_expiry(), called just before poll(), only computes the next timeout for the current thread. Thanks to this, all expired tasks are properly woken up when leaving poll, and each poll call's timeout remains up to date: 09:41:16.270449 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10223556}) = 0 09:41:16.270457 epoll_wait(3, [], 200, 999) = 0 09:41:17.270130 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10238572}) = 0 09:41:17.270157 socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 7 09:41:17.270194 fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 09:41:17.270204 setsockopt(7, SOL_TCP, TCP_NODELAY, [1], 4) = 0 09:41:17.270216 setsockopt(7, SOL_TCP, TCP_QUICKACK, [0], 4) = 0 09:41:17.270224 connect(7, {sa_family=AF_INET, sin_port=htons(1111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress) 09:41:17.270299 epoll_ctl(3, EPOLL_CTL_ADD, 7, {EPOLLOUT, {u32=7, u64=7}}) = 0 09:41:17.270314 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10337841}) = 0 09:41:17.270323 epoll_wait(3, [{EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=7, u64=7}}], 200, 1000) = 1 09:41:17.270332 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10341860}) = 0 09:41:17.270340 getsockopt(7, SOL_SOCKET, SO_ERROR, [111], [4]) = 0 09:41:17.270367 close(7) = 0 This may be backported to 2.1 and 2.0 though it's unlikely to bring any user-visible improvement except to clarify debugging.
2019-12-11 02:12:23 -05:00
/* If we have to sleep, measure how long */
next = wake ? TICK_ETERNITY : next_timer_expiry();
[MAJOR] use an ebtree instead of a list for the run queue We now insert tasks in a certain sequence in the run queue. The sorting key currently is the arrival order. It will now be possible to apply a "nice" value to any task so that it goes forwards or backwards in the run queue. The calls to wake_expired_tasks() and maintain_proxies() have been moved to the main run_poll_loop(), because they had nothing to do in process_runnable_tasks(). The task_wakeup() function is not inlined anymore, as it was only used at one place. The qlist member of the task structure has been removed now. The run_queue list has been replaced for an integer indicating the number of tasks in the run queue.
2008-06-29 16:40:23 -04:00
/* The poller will ensure it returns around <next> */
MEDIUM: poller: separate the wait time from the wake events We have been abusing the do_poll()'s timeout for a while, making it zero whenever there is some known activity. The problem this poses is that it complicates activity diagnostic by incrementing the poll_exp field for each known activity. It also requires extra computations that could be avoided. This change passes a "wake" argument to say that the poller must not sleep. This simplifies the operations and allows one to differenciate expirations from activity.
2019-05-28 10:44:05 -04:00
cur_poller.poll(&cur_poller, next, wake);
MAJOR: servers: propagate server status changes asynchronously. In order to prepare multi-thread development, code was re-worked to propagate changes asynchronoulsy. Servers with pending status changes are registered in a list and this one is processed and emptied only once 'run poll' loop. Operational status changes are performed before administrative status changes. In a case of multiple operational status change or admin status change in the same 'run poll' loop iteration, those changes are merged to reach only the targeted status.
2017-10-03 08:46:45 -04:00
MINOR: global: add some global activity counters to help debugging A number of counters have been added at special places helping better understanding certain bug reports. These counters are maintained per thread and are shown using "show activity" on the CLI. The "clear counters" commands also reset these counters. The output is sent as a single write(), which currently produces up to about 7 kB of data for 64 threads. If more counters are added, it may be necessary to write into multiple buffers, or to reset the counters. To backport to 1.8 to help collect more detailed bug reports.
2018-01-20 13:30:13 -05:00
activity[tid].loops++;
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
}
}
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
static void *run_thread_poll_loop(void *data)
{
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
struct per_thread_alloc_fct *ptaf;
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
struct per_thread_init_fct *ptif;
struct per_thread_deinit_fct *ptdf;
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
struct per_thread_free_fct *ptff;
MEDIUM: init/threads: don't use spinlocks during the init phase PiBa-NL found some pathological cases where starting threads can hinder each other and cause a measurable slow down. This problem is reproducible with the following config (haproxy must be built with -DDEBUG_DEV) : global stats socket /tmp/sock1 mode 666 level admin nbthread 64 backend stopme timeout server 1s option tcp-check tcp-check send "debug dev exit\n" server cli unix@/tmp/sock1 check This will cause the process to be stopped once the checks are ready to start. Binding all these to just a few cores magnifies the problem. Starting them in loops shows a significant time difference among the commits : # before startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e186161 -db -f slow-init.cfg >/dev/null 2>&1; done real 0m1.581s user 0m0.621s sys 0m5.339s # after startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e4d7c9dd -db -f slow-init.cfg >/dev/null 2>&1; done real 0m2.366s user 0m0.894s sys 0m8.238s In order to address this, let's use plain mutexes and cond_wait during the init phase. With this done, waiting threads now sleep and the problem completely disappeared : $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy -db -f slow-init.cfg >/dev/null 2>&1; done real 0m0.161s user 0m0.079s sys 0m0.149s
2019-06-11 03:16:41 -04:00
static int init_left = 0;
__decl_hathreads(static pthread_mutex_t init_mutex = PTHREAD_MUTEX_INITIALIZER);
__decl_hathreads(static pthread_cond_t init_cond = PTHREAD_COND_INITIALIZER);
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
MINOR: init/threads: remove the useless tids[] array It's still obscure how we managed to initialize an array of integers with values always equal to the index, just to retrieve the value from an opaque pointer to the index instead of directly using it! I suspect it's a leftover from the very early threading experiments. This commit gets rid of this and simply passes the thread ID as the argument to run_thread_poll_loop(), thus significantly simplifying the few call places and removing the need to allocate then free an array of identity.
2019-05-03 03:27:30 -04:00
ha_set_tid((unsigned long)data);
MINOR: task: introduce a thread-local "sched" variable for local scheduler stuff The aim is to rassemble all scheduler information related to the current thread. It simply points to task_per_thread[tid] without having to perform the operation at each time. We save around 1.2 kB of code on performance sensitive paths and increase the request rate by almost 1%.
2019-09-24 02:25:15 -04:00
sched = &task_per_thread[tid];
MINOR: threads: add each thread's clockid into the global thread_info This is the per-thread CPU runtime clock, it will be used to measure the CPU usage of each thread and by the lockup detection mechanism. It must only be retrieved at the beginning of run_thread_poll_loop() since the thread must already have been started for this. But it must be done before performing any per-thread initcall so that all thread init functions have access to the clock ID. Note that it could make sense to always have this clockid available even in non-threaded situations and place the process' clock there instead. But it would add portability issues which are currently easy to deal with by disabling threads so it may not be worth it for now.
2019-05-03 11:21:18 -04:00
CLEANUP: time: refine the test on _POSIX_TIMERS The clock_gettime() man page says we must check that _POSIX_TIMERS is defined to a value greater than zero, not just that it's simply defined so let's fix this right now.
2019-05-21 13:46:58 -04:00
#if (_POSIX_TIMERS > 0) && defined(_POSIX_THREAD_CPUTIME)
MINOR: threads: add each thread's clockid into the global thread_info This is the per-thread CPU runtime clock, it will be used to measure the CPU usage of each thread and by the lockup detection mechanism. It must only be retrieved at the beginning of run_thread_poll_loop() since the thread must already have been started for this. But it must be done before performing any per-thread initcall so that all thread init functions have access to the clock ID. Note that it could make sense to always have this clockid available even in non-threaded situations and place the process' clock there instead. But it would add portability issues which are currently easy to deal with by disabling threads so it may not be worth it for now.
2019-05-03 11:21:18 -04:00
#ifdef USE_THREAD
MINOR: threads: add a thread-local thread_info pointer "ti" Since we're likely to access this thread_info struct more frequently in the future, let's reserve the thread-local symbol to access it directly and avoid always having to combine thread_info and tid. This pointer is set when tid is set.
2019-05-20 12:57:53 -04:00
pthread_getcpuclockid(pthread_self(), &ti->clock_id);
MINOR: threads: always place the clockid in the struct thread_info It will be easier to deal with the internal API to always have it.
2019-05-20 14:23:06 -04:00
#else
MINOR: threads: add a thread-local thread_info pointer "ti" Since we're likely to access this thread_info struct more frequently in the future, let's reserve the thread-local symbol to access it directly and avoid always having to combine thread_info and tid. This pointer is set when tid is set.
2019-05-20 12:57:53 -04:00
ti->clock_id = CLOCK_THREAD_CPUTIME_ID;
BUILD: threads: only assign the clock_id when supported I took extreme care to always check for _POSIX_THREAD_CPUTIME before manipulating clock_id, except at one place (run_thread_poll_loop) as found by Manu, breaking Solaris. Now fixed, no backport needed.
2019-05-21 09:14:08 -04:00
#endif
MINOR: threads: add each thread's clockid into the global thread_info This is the per-thread CPU runtime clock, it will be used to measure the CPU usage of each thread and by the lockup detection mechanism. It must only be retrieved at the beginning of run_thread_poll_loop() since the thread must already have been started for this. But it must be done before performing any per-thread initcall so that all thread init functions have access to the clock ID. Note that it could make sense to always have this clockid available even in non-threaded situations and place the process' clock there instead. But it would add portability issues which are currently easy to deal with by disabling threads so it may not be worth it for now.
2019-05-03 11:21:18 -04:00
#endif
MINOR: threads: serialize threads initialization There is no point in initializing threads in parallel when we know that it's the moment where some global variables are turned to thread-local ones, and/or that some global variables are updated (like global_now or trash_size). Some FDs might be created/destroyed/reallocated and could be tricky to follow as well (think about epoll_fd for example). Instead of having to be extremely careful about all these, and to trigger false positives in thread sanitizers, let's simply initialize one thread at a time. The init step is very fast so nobody should even notice, and we won't have any more doubts about what might have happened when analysing a dump. See GH issues #111 and #117 for some background on this.
2019-06-07 08:41:11 -04:00
/* Now, initialize one thread init at a time. This is better since
* some init code is a bit tricky and may release global resources
* after reallocating them locally. This will also ensure there is
* no race on file descriptors allocation.
*/
MEDIUM: init/threads: don't use spinlocks during the init phase PiBa-NL found some pathological cases where starting threads can hinder each other and cause a measurable slow down. This problem is reproducible with the following config (haproxy must be built with -DDEBUG_DEV) : global stats socket /tmp/sock1 mode 666 level admin nbthread 64 backend stopme timeout server 1s option tcp-check tcp-check send "debug dev exit\n" server cli unix@/tmp/sock1 check This will cause the process to be stopped once the checks are ready to start. Binding all these to just a few cores magnifies the problem. Starting them in loops shows a significant time difference among the commits : # before startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e186161 -db -f slow-init.cfg >/dev/null 2>&1; done real 0m1.581s user 0m0.621s sys 0m5.339s # after startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e4d7c9dd -db -f slow-init.cfg >/dev/null 2>&1; done real 0m2.366s user 0m0.894s sys 0m8.238s In order to address this, let's use plain mutexes and cond_wait during the init phase. With this done, waiting threads now sleep and the problem completely disappeared : $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy -db -f slow-init.cfg >/dev/null 2>&1; done real 0m0.161s user 0m0.079s sys 0m0.149s
2019-06-11 03:16:41 -04:00
#ifdef USE_THREAD
pthread_mutex_lock(&init_mutex);
#endif
/* The first thread must set the number of threads left */
if (!init_left)
init_left = global.nbthread;
init_left--;
MINOR: threads: add each thread's clockid into the global thread_info This is the per-thread CPU runtime clock, it will be used to measure the CPU usage of each thread and by the lockup detection mechanism. It must only be retrieved at the beginning of run_thread_poll_loop() since the thread must already have been started for this. But it must be done before performing any per-thread initcall so that all thread init functions have access to the clock ID. Note that it could make sense to always have this clockid available even in non-threaded situations and place the process' clock there instead. But it would add portability issues which are currently easy to deal with by disabling threads so it may not be worth it for now.
2019-05-03 11:21:18 -04:00
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
tv_update_date(-1,-1);
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
/* per-thread alloc calls performed here are not allowed to snoop on
* other threads, so they are free to initialize at their own rhythm
* as long as they act as if they were alone. None of them may rely
* on resources initialized by the other ones.
*/
list_for_each_entry(ptaf, &per_thread_alloc_list, list) {
if (!ptaf->fct()) {
ha_alert("failed to allocate resources for thread %u.\n", tid);
exit(1);
}
}
MINOR: threads/init: synchronize the threads startup It's a bit dangerous to let threads initialize at different speeds on startup. Some are still in their init functions while others area already running. It was even subject to some race condition bugs like the one fixed by commit 1605c7ae6 ("BUG/MEDIUM: threads/mworker: fix a race on startup"). Here in order to secure all this, we take a very simplistic approach consisting in using half of the rendez-vous point, which is made exactly for this purpose : we first initialize the mask of the threads requesting a rendez-vous to the mask of all threads, and we simply call thread_release() once the init is complete. This guarantees that no thread will go further than the initialization code during this time. This could even safely be backported if any other issue related to an init race was discovered in a stable release.
2019-05-20 04:50:43 -04:00
/* per-thread init calls performed here are not allowed to snoop on
* other threads, so they are free to initialize at their own rhythm
* as long as they act as if they were alone.
*/
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
list_for_each_entry(ptif, &per_thread_init_list, list) {
if (!ptif->fct()) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("failed to initialize thread %u.\n", tid);
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
exit(1);
}
}
BUG/MEDIUM: init/threads: prevent initialized threads from starting before others Since commit 6ec902a ("MINOR: threads: serialize threads initialization") we now serialize threads initialization. But doing so has emphasized another race which is that some threads may actually start the loop before others are done initializing. As soon as all threads enter the first thread_release() call, their rdv bit is cleared and they're all waiting for all others' rdv to be cleared as well, with their harmless bit set. The first one to notice the cleared mask will progress through thread_isolate(), take rdv again preventing most others from noticing its short pass to zero, and this first one will be able to run all the way through the initialization till the last call to thread_release() which it happily crosses, being the only one with the rdv bit, leaving the room for one or a few others to do the same. This results in some threads entering the loop before others are done with their initialization, which is particularly bad. PiBa-NL reported that some regtests fail for him due to this (which was impossible to reproduce here, but races are racy by definition). However placing some printf() in the initialization code definitely shows this unsychronized startup. This patch takes a different approach in three steps : - first, we don't start with thread_release() anymore and we don't set the rdv mask anymore in the main call. This was initially done to let all threads start toghether, which we don't want. Instead we just start with thread_isolate(). Since all threads are harmful by default, they all wait for each other's readiness before starting. - second, we don't release with thread_release() but with thread_sync_release(), meaning that we don't leave the function until other ones have reached the point in the function where they decide to leave it as well. - third, it makes sure we don't start the listeners using protocol_enable_all() before all threads have allocated their local FD tables or have initialized their pollers, otherwise startup could be racy as well. It's worth noting that it is even possible to limit this call to thread #0 as it only needs to be performed once. This now guarantees that all thread init calls start only after all threads are ready, and that no thread enters the polling loop before all others have completed their initialization. Please check GH issues #111 and #117 for more context. No backport is needed, though if some new init races are reported in 1.9 (or even 1.8) which do not affect 2.0, then it may make sense to carefully backport this small series.
2019-06-10 03:51:04 -04:00
/* enabling protocols will result in fd_insert() calls to be performed,
* we want all threads to have already allocated their local fd tables
MEDIUM: init/threads: don't use spinlocks during the init phase PiBa-NL found some pathological cases where starting threads can hinder each other and cause a measurable slow down. This problem is reproducible with the following config (haproxy must be built with -DDEBUG_DEV) : global stats socket /tmp/sock1 mode 666 level admin nbthread 64 backend stopme timeout server 1s option tcp-check tcp-check send "debug dev exit\n" server cli unix@/tmp/sock1 check This will cause the process to be stopped once the checks are ready to start. Binding all these to just a few cores magnifies the problem. Starting them in loops shows a significant time difference among the commits : # before startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e186161 -db -f slow-init.cfg >/dev/null 2>&1; done real 0m1.581s user 0m0.621s sys 0m5.339s # after startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e4d7c9dd -db -f slow-init.cfg >/dev/null 2>&1; done real 0m2.366s user 0m0.894s sys 0m8.238s In order to address this, let's use plain mutexes and cond_wait during the init phase. With this done, waiting threads now sleep and the problem completely disappeared : $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy -db -f slow-init.cfg >/dev/null 2>&1; done real 0m0.161s user 0m0.079s sys 0m0.149s
2019-06-11 03:16:41 -04:00
* before doing so, thus only the last thread does it.
BUG/MEDIUM: init/threads: prevent initialized threads from starting before others Since commit 6ec902a ("MINOR: threads: serialize threads initialization") we now serialize threads initialization. But doing so has emphasized another race which is that some threads may actually start the loop before others are done initializing. As soon as all threads enter the first thread_release() call, their rdv bit is cleared and they're all waiting for all others' rdv to be cleared as well, with their harmless bit set. The first one to notice the cleared mask will progress through thread_isolate(), take rdv again preventing most others from noticing its short pass to zero, and this first one will be able to run all the way through the initialization till the last call to thread_release() which it happily crosses, being the only one with the rdv bit, leaving the room for one or a few others to do the same. This results in some threads entering the loop before others are done with their initialization, which is particularly bad. PiBa-NL reported that some regtests fail for him due to this (which was impossible to reproduce here, but races are racy by definition). However placing some printf() in the initialization code definitely shows this unsychronized startup. This patch takes a different approach in three steps : - first, we don't start with thread_release() anymore and we don't set the rdv mask anymore in the main call. This was initially done to let all threads start toghether, which we don't want. Instead we just start with thread_isolate(). Since all threads are harmful by default, they all wait for each other's readiness before starting. - second, we don't release with thread_release() but with thread_sync_release(), meaning that we don't leave the function until other ones have reached the point in the function where they decide to leave it as well. - third, it makes sure we don't start the listeners using protocol_enable_all() before all threads have allocated their local FD tables or have initialized their pollers, otherwise startup could be racy as well. It's worth noting that it is even possible to limit this call to thread #0 as it only needs to be performed once. This now guarantees that all thread init calls start only after all threads are ready, and that no thread enters the polling loop before all others have completed their initialization. Please check GH issues #111 and #117 for more context. No backport is needed, though if some new init races are reported in 1.9 (or even 1.8) which do not affect 2.0, then it may make sense to carefully backport this small series.
2019-06-10 03:51:04 -04:00
*/
MEDIUM: init/threads: don't use spinlocks during the init phase PiBa-NL found some pathological cases where starting threads can hinder each other and cause a measurable slow down. This problem is reproducible with the following config (haproxy must be built with -DDEBUG_DEV) : global stats socket /tmp/sock1 mode 666 level admin nbthread 64 backend stopme timeout server 1s option tcp-check tcp-check send "debug dev exit\n" server cli unix@/tmp/sock1 check This will cause the process to be stopped once the checks are ready to start. Binding all these to just a few cores magnifies the problem. Starting them in loops shows a significant time difference among the commits : # before startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e186161 -db -f slow-init.cfg >/dev/null 2>&1; done real 0m1.581s user 0m0.621s sys 0m5.339s # after startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e4d7c9dd -db -f slow-init.cfg >/dev/null 2>&1; done real 0m2.366s user 0m0.894s sys 0m8.238s In order to address this, let's use plain mutexes and cond_wait during the init phase. With this done, waiting threads now sleep and the problem completely disappeared : $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy -db -f slow-init.cfg >/dev/null 2>&1; done real 0m0.161s user 0m0.079s sys 0m0.149s
2019-06-11 03:16:41 -04:00
if (init_left == 0)
OPTIM/MINOR: init/threads: only call protocol_enable_all() on first thread There's no point in calling this on each and every thread since the first thread passing there will enable the listeners, and the next ones will simply scan all of them in turn to discover that they are already initialized. Let's only initilize them on the first thread. This could slightly speed up start up on very large configurations, eventhough most of the time is still spent in the main thread binding the sockets. A few measurements have constantly shown that this decreases the startup time by ~0.1s for 150k listeners. Starting all of them in parallel doesn't provide better results and can still expose some undesired races.
2019-06-10 04:14:52 -04:00
protocol_enable_all();
MINOR: threads: serialize threads initialization There is no point in initializing threads in parallel when we know that it's the moment where some global variables are turned to thread-local ones, and/or that some global variables are updated (like global_now or trash_size). Some FDs might be created/destroyed/reallocated and could be tricky to follow as well (think about epoll_fd for example). Instead of having to be extremely careful about all these, and to trigger false positives in thread sanitizers, let's simply initialize one thread at a time. The init step is very fast so nobody should even notice, and we won't have any more doubts about what might have happened when analysing a dump. See GH issues #111 and #117 for some background on this.
2019-06-07 08:41:11 -04:00
MEDIUM: init/threads: don't use spinlocks during the init phase PiBa-NL found some pathological cases where starting threads can hinder each other and cause a measurable slow down. This problem is reproducible with the following config (haproxy must be built with -DDEBUG_DEV) : global stats socket /tmp/sock1 mode 666 level admin nbthread 64 backend stopme timeout server 1s option tcp-check tcp-check send "debug dev exit\n" server cli unix@/tmp/sock1 check This will cause the process to be stopped once the checks are ready to start. Binding all these to just a few cores magnifies the problem. Starting them in loops shows a significant time difference among the commits : # before startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e186161 -db -f slow-init.cfg >/dev/null 2>&1; done real 0m1.581s user 0m0.621s sys 0m5.339s # after startup serialization $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e4d7c9dd -db -f slow-init.cfg >/dev/null 2>&1; done real 0m2.366s user 0m0.894s sys 0m8.238s In order to address this, let's use plain mutexes and cond_wait during the init phase. With this done, waiting threads now sleep and the problem completely disappeared : $ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy -db -f slow-init.cfg >/dev/null 2>&1; done real 0m0.161s user 0m0.079s sys 0m0.149s
2019-06-11 03:16:41 -04:00
#ifdef USE_THREAD
pthread_cond_broadcast(&init_cond);
pthread_mutex_unlock(&init_mutex);
/* now wait for other threads to finish starting */
pthread_mutex_lock(&init_mutex);
while (init_left)
pthread_cond_wait(&init_cond, &init_mutex);
pthread_mutex_unlock(&init_mutex);
#endif
MINOR: threads/init: synchronize the threads startup It's a bit dangerous to let threads initialize at different speeds on startup. Some are still in their init functions while others area already running. It was even subject to some race condition bugs like the one fixed by commit 1605c7ae6 ("BUG/MEDIUM: threads/mworker: fix a race on startup"). Here in order to secure all this, we take a very simplistic approach consisting in using half of the rendez-vous point, which is made exactly for this purpose : we first initialize the mask of the threads requesting a rendez-vous to the mask of all threads, and we simply call thread_release() once the init is complete. This guarantees that no thread will go further than the initialization code during this time. This could even safely be backported if any other issue related to an init race was discovered in a stable release.
2019-05-20 04:50:43 -04:00
MEDIUM: init: set NO_NEW_PRIVS by default when supported HAProxy doesn't need to call executables at run time (except when using external checks which are strongly recommended against), and is even expected to isolate itself into an empty chroot. As such, there basically is no valid reason to allow a setuid executable to be called without the user being fully aware of the risks. In a situation where haproxy would need to call external checks and/or disable chroot, exploiting a vulnerability in a library or in haproxy itself could lead to the execution of an external program. On Linux it is possible to lock the process so that any setuid bit present on such an executable is ignored. This significantly reduces the risk of privilege escalation in such a situation. This is what haproxy does by default. In case this causes a problem to an external check (for example one which would need the "ping" command), then it is possible to disable this protection by explicitly adding this directive in the global section. If enabled, it is possible to turn it back off by prefixing it with the "no" keyword. Before the option: $ socat - /tmp/sock1 <<< "expert-mode on; debug dev exec sudo /bin/id" uid=0(root) gid=0(root) groups=0(root After the option: $ socat - /tmp/sock1 <<< "expert-mode on; debug dev exec sudo /bin/id" sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
2019-12-06 10:31:45 -05:00
#if defined(PR_SET_NO_NEW_PRIVS) && defined(USE_PRCTL)
/* Let's refrain from using setuid executables. This way the impact of
* an eventual vulnerability in a library remains limited. It may
* impact external checks but who cares about them anyway ? In the
* worst case it's possible to disable the option. Obviously we do this
* in workers only. We can't hard-fail on this one as it really is
* implementation dependent though we're interested in feedback, hence
* the warning.
*/
if (!(global.tune.options & GTUNE_INSECURE_SETUID) && !master) {
static int warn_fail;
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1 && !_HA_ATOMIC_XADD(&warn_fail, 1)) {
ha_warning("Failed to disable setuid, please report to developers with detailed "
"information about your operating system. You can silence this warning "
"by adding 'insecure-setuid-wanted' in the 'global' section.\n");
}
}
#endif
MEDIUM: init: prevent process and thread creation at runtime Some concerns are regularly raised about the risk to inherit some Lua files which make use of a fork (e.g. via os.execute()) as well as whether or not some of bugs we fix might or not be exploitable to run some code. Given that haproxy is event-driven, any foreground activity completely stops processing and is easy to detect, but background activity is a different story. A Lua script could very well discretely fork a sub-process connecting to a remote location and taking commands, and some injected code could also try to hide its activity by creating a process or a thread without blocking the rest of the processing. While such activities should be extremely limited when run in an empty chroot without any permission, it would be better to get a higher assurance they cannot happen. This patch introduces something very simple: it limits the number of processes and threads to zero in the workers after the last thread was created. By doing so, it effectively instructs the system to fail on any fork() or clone() syscall. Thus any undesired activity has to happen in the foreground and is way easier to detect. This will obviously break external checks (whose concept is already totally insecure), and for this reason a new option "insecure-fork-wanted" was added to disable this protection, and it is suggested in the fork() error report from the checks. It is obviously recommended not to use it and to reconsider the reasons leading to it being enabled in the first place. If for any reason we fail to disable forks, we still start because it could be imaginable that some operating systems refuse to set this limit to zero, but in this case we emit a warning, that may or may not be reported since we're after the fork point. Ideally over the long term it should be conditionned by strict-limits and cause a hard fail.
2019-12-03 01:07:36 -05:00
#if defined(RLIMIT_NPROC)
/* all threads have started, it's now time to prevent any new thread
* or process from starting. Obviously we do this in workers only. We
* can't hard-fail on this one as it really is implementation dependent
* though we're interested in feedback, hence the warning.
*/
if (!(global.tune.options & GTUNE_INSECURE_FORK) && !master) {
struct rlimit limit = { .rlim_cur = 0, .rlim_max = 0 };
static int warn_fail;
if (setrlimit(RLIMIT_NPROC, &limit) == -1 && !_HA_ATOMIC_XADD(&warn_fail, 1)) {
ha_warning("Failed to disable forks, please report to developers with detailed "
"information about your operating system. You can silence this warning "
"by adding 'insecure-fork-wanted' in the 'global' section.\n");
}
}
#endif
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
run_poll_loop();
list_for_each_entry(ptdf, &per_thread_deinit_list, list)
ptdf->fct();
BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks We currently have the ability to register functions to be called early on thread creation and at thread deinitialization. It turns out this is not sufficient because certain such functions may use resources that are being allocated by the other ones, thus creating a race condition depending only on the linking order. For example the mworker needs to register a file descriptor while the pollers will reallocate the fd_updt[] array. Similarly logs and trashes may be used by some init functions while it's unclear whether they have been deduplicated. The same issue happens on deinit, if the fd_updt[] or trash is released before some functions finish to use them, we'll get into trouble. This patch creates a couple of early and late callbacks for per-thread allocation/freeing of resources. A few init functions were moved there, and the fd init code was split between the two (since it used to both allocate and initialize at once). This way the init/deinit sequence is expected to be safe now. This patch should be backported to 1.9 as at least the trash/log issue seems to be present. The run_thread_poll_loop() code is a bit different there as the mworker is not a callback, but it will have no effect and it's enough to drop the mworker changes. This bug was reported by Ilya Shipitsin in github issue #104.
2019-05-22 08:42:12 -04:00
list_for_each_entry(ptff, &per_thread_free_list, list)
ptff->fct();
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
#ifdef USE_THREAD
MEDIUM: threads: Use the new _HA_ATOMIC_* macros. Use the new _HA_ATOMIC_* macros and add barriers where needed.
2019-03-08 12:51:17 -05:00
_HA_ATOMIC_AND(&all_threads_mask, ~tid_bit);
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
if (tid > 0)
pthread_exit(NULL);
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
#endif
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
return NULL;
}
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
MINOR: init: avoid code duplication while setting identify since the introduction of mworker, the setuid/setgid was duplicated in two places; try to improve that by creating a dedicated function. this patch does not introduce any functional change. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-11-17 09:47:16 -05:00
/* set uid/gid depending on global settings */
static void set_identity(const char *program_name)
{
if (global.gid) {
if (getgroups(0, NULL) > 0 && setgroups(0, NULL) == -1)
ha_warning("[%s.main()] Failed to drop supplementary groups. Using 'gid'/'group'"
" without 'uid'/'user' is generally useless.\n", program_name);
if (setgid(global.gid) == -1) {
ha_alert("[%s.main()] Cannot set gid %d.\n", program_name, global.gid);
protocol_unbind_all();
exit(1);
}
}
if (global.uid && setuid(global.uid) == -1) {
ha_alert("[%s.main()] Cannot set uid %d.\n", program_name, global.uid);
protocol_unbind_all();
exit(1);
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
int main(int argc, char **argv)
{
int err, retry;
struct rlimit limit;
[MEDIUM] Enhance message errors management on binds
2010-10-22 10:06:11 -04:00
char errmsg[100];
BUG/MEDIUM: workaround an eglibc bug which truncates the pidfiles when nbproc > 1 Thomas Heil reported that when using nbproc > 1, his pidfiles were regularly truncated. The issue could be tracked down to the presence of a call to lseek(pidfile, 0, SEEK_SET) just before the close() call in the children, resulting in the file being truncated by the children while the parent was feeding it. This unexpected lseek() is transparently performed by fclose(). Since there is no way to have the file automatically closed during the fork, the only solution is to bypass the libc and use open/write/close instead of fprintf() and fclose(). The issue was observed on eglibc 2.15.
2012-09-05 02:02:48 -04:00
int pidfd = -1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: init: make stdout unbuffered printf is unusable for debugging without this, and printf() is not used for anything else.
2018-02-03 09:15:21 -05:00
setvbuf(stdout, NULL, _IONBF, 0);
MINOR: init: process all initcalls in order at boot time main() now iterates over all initcall stages at boot time. This will allow to move init code from constructors to initcalls.
2018-11-25 12:43:29 -05:00
MINOR: config: make MAX_PROCS configurable at build time For some embedded systems, it's pointless to have 32- or even 64- large arrays of processes when it's known that much fewer processes will be used in the worst case. Let's introduce this MAX_PROCS define which contains the highest number of processes allowed to run at once. It still defaults to LONGBITS but may be lowered.
2019-02-07 04:39:36 -05:00
/* this can only safely be done here, though it's optimized away by
* the compiler.
*/
if (MAX_PROCS < 1 || MAX_PROCS > LONGBITS) {
ha_alert("MAX_PROCS value must be between 1 and %d inclusive; "
"HAProxy was built with value %d, please fix it and rebuild.\n",
LONGBITS, MAX_PROCS);
exit(1);
}
MINOR: global: keep a copy of the initial rlim_fd_cur and rlim_fd_max values Let's keep a copy of these initial values. They will be useful to compute automatic maxconn, as well as to restore proper limits when doing an execve() on external checks.
2019-03-01 04:09:28 -05:00
/* take a copy of initial limits before we possibly change them */
getrlimit(RLIMIT_NOFILE, &limit);
rlim_fd_cur_at_boot = limit.rlim_cur;
rlim_fd_max_at_boot = limit.rlim_max;
MINOR: init: process all initcalls in order at boot time main() now iterates over all initcall stages at boot time. This will allow to move init code from constructors to initcalls.
2018-11-25 12:43:29 -05:00
/* process all initcalls in order of potential dependency */
RUN_INITCALLS(STG_PREPARE);
RUN_INITCALLS(STG_LOCK);
RUN_INITCALLS(STG_ALLOC);
RUN_INITCALLS(STG_POOL);
RUN_INITCALLS(STG_REGISTER);
RUN_INITCALLS(STG_INIT);
[MEDIUM] Enhance message errors management on binds
2010-10-22 10:06:11 -04:00
init(argc, argv);
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
signal_register_fct(SIGQUIT, dump, SIGQUIT);
signal_register_fct(SIGUSR1, sig_soft_stop, SIGUSR1);
signal_register_fct(SIGHUP, sig_dump_state, SIGHUP);
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
signal_register_fct(SIGUSR2, NULL, 0);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[BUG] init: unconditionally catch SIGPIPE Apparently some systems define MSG_NOSIGNAL but do not necessarily check it (or maybe binaries are built somewhere and used on older versions). There were reports of very recent FreeBSD setups causing SIGPIPEs, while older ones catch the signal. Recent FreeBSD manpages indeed define MSG_NOSIGNAL. So let's now unconditionnaly catch the signal. It's useless not to do it for the rare cases where it's not needed (linux 2.4 and below).
2010-03-17 13:02:46 -04:00
/* Always catch SIGPIPE even on platforms which define MSG_NOSIGNAL.
* Some recent FreeBSD setups report broken pipes, and MSG_NOSIGNAL
* was defined there, so let's stay on the safe side.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
signal_register_fct(SIGPIPE, NULL, 0);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
/* ulimits */
if (!global.rlimit_nofile)
global.rlimit_nofile = global.maxsock;
if (global.rlimit_nofile) {
BUG/MINOR: init: never lower rlim_fd_max If a ulimit-n value is set, we must not lower the rlim_max value if the new value is lower, we must only adjust the rlim_cur one. The effect is that on very low values, this could prevent a master-worker reload, or make an external check fail by lack of FDs. This may be backported to 1.9 and earlier, but it depends on this patch "MINOR: global: keep a copy of the initial rlim_fd_cur and rlim_fd_max values".
2019-03-01 04:32:05 -05:00
limit.rlim_cur = global.rlimit_nofile;
limit.rlim_max = MAX(rlim_fd_max_at_boot, limit.rlim_cur);
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
if (setrlimit(RLIMIT_NOFILE, &limit) == -1) {
BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual limits global.rlimit_nofile contains the mxa number of file descriptors that can be allocated, except if the user is not allowed to reach this limit, where it still contains the initially requested value. It is important that this value always matches what is really configured so that it is properly reported in the stats and that we can use it later to close all FDs without wasting time closing impossible FDs. This fix may be backported to 1.6 and 1.5.
2016-06-21 05:48:18 -04:00
getrlimit(RLIMIT_NOFILE, &limit);
MINOR: init: always fail when setrlimit fails this patch introduces a strict-limits parameter which enforces the setrlimit setting instead of a warning. This option can be forcingly disable with the "no" keyword. The general aim of this patch is to avoid bad surprises on a production environment where you change the maxconn for example, a new fd limit is calculated, but cannot be set because of sysfs setting. In that case you might want to have an explicit failure to be aware of it before seeing your traffic going down. During a global rollout it is also useful to explictly fail as most progressive rollout would simply check the general health check of the process. As discussed, plan to use the strict by default mode starting from v2.3. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-10-27 15:08:11 -04:00
if (global.tune.options & GTUNE_STRICT_LIMITS) {
ha_alert("[%s.main()] Cannot raise FD limit to %d, limit is %d.\n",
argv[0], global.rlimit_nofile, (int)limit.rlim_cur);
if (!(global.mode & MODE_MWORKER))
exit(1);
}
else {
/* try to set it to the max possible at least */
limit.rlim_cur = limit.rlim_max;
if (setrlimit(RLIMIT_NOFILE, &limit) != -1)
getrlimit(RLIMIT_NOFILE, &limit);
ha_warning("[%s.main()] Cannot raise FD limit to %d, limit is %d. "
"This will fail in >= v2.3\n",
argv[0], global.rlimit_nofile, (int)limit.rlim_cur);
global.rlimit_nofile = limit.rlim_cur;
}
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
}
}
if (global.rlimit_memmax) {
limit.rlim_cur = limit.rlim_max =
BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced When memmax is forced using "-m", the per-process memory limit is enforced using setrlimit(), but this value is not used to compute the automatic maxconn limit. In addition, the per-process memory limit didn't consider the fact that the shared SSL cache only needs to be accounted once. The doc was also fixed to clearly state that "-m" is global and not per process. It makes sense because people who use -m want to protect the system's resources regardless of whatever appears in the configuration.
2015-12-14 06:46:07 -05:00
global.rlimit_memmax * 1048576ULL;
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
#ifdef RLIMIT_AS
if (setrlimit(RLIMIT_AS, &limit) == -1) {
MINOR: init: always fail when setrlimit fails this patch introduces a strict-limits parameter which enforces the setrlimit setting instead of a warning. This option can be forcingly disable with the "no" keyword. The general aim of this patch is to avoid bad surprises on a production environment where you change the maxconn for example, a new fd limit is calculated, but cannot be set because of sysfs setting. In that case you might want to have an explicit failure to be aware of it before seeing your traffic going down. During a global rollout it is also useful to explictly fail as most progressive rollout would simply check the general health check of the process. As discussed, plan to use the strict by default mode starting from v2.3. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-10-27 15:08:11 -04:00
if (global.tune.options & GTUNE_STRICT_LIMITS) {
ha_alert("[%s.main()] Cannot fix MEM limit to %d megs.\n",
argv[0], global.rlimit_memmax);
if (!(global.mode & MODE_MWORKER))
exit(1);
}
else
ha_warning("[%s.main()] Cannot fix MEM limit to %d megs."
"This will fail in >= v2.3\n",
argv[0], global.rlimit_memmax);
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
}
#else
if (setrlimit(RLIMIT_DATA, &limit) == -1) {
MINOR: init: always fail when setrlimit fails this patch introduces a strict-limits parameter which enforces the setrlimit setting instead of a warning. This option can be forcingly disable with the "no" keyword. The general aim of this patch is to avoid bad surprises on a production environment where you change the maxconn for example, a new fd limit is calculated, but cannot be set because of sysfs setting. In that case you might want to have an explicit failure to be aware of it before seeing your traffic going down. During a global rollout it is also useful to explictly fail as most progressive rollout would simply check the general health check of the process. As discussed, plan to use the strict by default mode starting from v2.3. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-10-27 15:08:11 -04:00
if (global.tune.options & GTUNE_STRICT_LIMITS) {
ha_alert("[%s.main()] Cannot fix MEM limit to %d megs.\n",
argv[0], global.rlimit_memmax);
if (!(global.mode & MODE_MWORKER))
exit(1);
}
else
ha_warning("[%s.main()] Cannot fix MEM limit to %d megs.",
"This will fail in >= v2.3\n",
argv[0], global.rlimit_memmax);
[BUG] startup: set the rlimits before binding ports, not after. As reported by the Loadbalancer.org team, it was not possible to bind more than 1024 ports. This is because the process' limits were set after trying to bind the sockets, which defeats their purpose. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:10:36 -05:00
}
#endif
}
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
if (old_unixsocket) {
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
if (strcmp("/dev/null", old_unixsocket) != 0) {
if (get_old_sockets(old_unixsocket) != 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Failed to get the sockets from the old process!\n");
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
if (!(global.mode & MODE_MWORKER))
exit(1);
}
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
}
}
MEDIUM: mworker: try to guess the next stats socket to use with -x In master worker mode, you can't specify the stats socket where you get your listeners FDs on a reload, because the command line of the re-exec is launched by the master. To solve the problem, when -x is found on the command line, its parameter is rewritten on a reexec with the first stats socket with the capability to send sockets. It tries to reuse the original parameter if it has this capability.
2017-06-01 11:38:53 -04:00
get_cur_unixsocket();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* We will loop at most 100 times with 10 ms delay each time.
* That's at most 1 second. We only send a signal to old pids
* if we cannot grab at least one port.
*/
retry = MAX_START_RETRIES;
err = ERR_NONE;
while (retry >= 0) {
struct timeval w;
err = start_proxies(retry == 0 || nb_oldpids == 0);
[BUG] hot reconfiguration failed because of a wrong error check The error check in return of start_proxies checked for exact ERR_RETRYABLE but did not consider the return as a bit field. The function returned both ERR_RETRYABLE and ERR_ALERT, hence the problem.
2007-12-20 17:05:50 -05:00
/* exit the loop on no error or fatal error */
if ((err & (ERR_RETRYABLE|ERR_FATAL)) != ERR_RETRYABLE)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
break;
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
if (nb_oldpids == 0 || retry == 0)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
break;
/* FIXME-20060514: Solaris and OpenBSD do not support shutdown() on
* listening sockets. So on those platforms, it would be wiser to
* simply send SIGUSR1, which will not be undoable.
*/
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
if (tell_old_pids(SIGTTOU) == 0) {
/* no need to wait if we can't contact old pids */
retry = 0;
continue;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* give some time to old processes to stop listening */
w.tv_sec = 0;
w.tv_usec = 10*1000;
select(0, NULL, NULL, NULL, &w);
retry--;
}
/* Note: start_proxies() sends an alert when it fails. */
[BUG] we must not exit if protocol binding only returns a warning Right now, protocol binding cannot return a warning, but when this will happen, we must not exit but just print the warning.
2009-02-04 11:05:23 -05:00
if ((err & ~ERR_WARN) != ERR_NONE) {
[BUG] ensure that we correctly re-start old process in case of error When a new process fails to grab some ports, it sends a signal to the old process in order to release them. Then it tries to bind again. If it still fails (eg: one of the ports is bound to a completely different process), it must send the continue signal to the old process so that this one re-binds to the ports. This is correctly done, but the newly bound ports are not released first, which sometimes causes the old process to remain running with no port bound. The fix simply consists in unbinding all ports before sending the signal to the old process.
2009-06-09 08:36:00 -04:00
if (retry != MAX_START_RETRIES && nb_oldpids) {
protocol_unbind_all(); /* cleanup everything we can */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
tell_old_pids(SIGTTIN);
[BUG] ensure that we correctly re-start old process in case of error When a new process fails to grab some ports, it sends a signal to the old process in order to release them. Then it tries to bind again. If it still fails (eg: one of the ports is bound to a completely different process), it must send the continue signal to the old process so that this one re-binds to the ports. This is correctly done, but the newly bound ports are not released first, which sometimes causes the old process to remain running with no port bound. The fix simply consists in unbinding all ports before sending the signal to the old process.
2009-06-09 08:36:00 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
exit(1);
}
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (!(global.mode & MODE_MWORKER_WAIT) && listeners == 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] No enabled listener found (check for 'bind' directives) ! Exiting.\n", argv[0]);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* Note: we don't have to send anything to the old pids because we
* never stopped them. */
exit(1);
}
[MEDIUM] Enhance message errors management on binds
2010-10-22 10:06:11 -04:00
err = protocol_bind_all(errmsg, sizeof(errmsg));
if ((err & ~ERR_WARN) != ERR_NONE) {
if ((err & ERR_ALERT) || (err & ERR_WARN))
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] %s.\n", argv[0], errmsg);
[MEDIUM] Enhance message errors management on binds
2010-10-22 10:06:11 -04:00
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Some protocols failed to start their listeners! Exiting.\n", argv[0]);
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
protocol_unbind_all(); /* cleanup everything we can */
if (nb_oldpids)
tell_old_pids(SIGTTIN);
exit(1);
[MEDIUM] Enhance message errors management on binds
2010-10-22 10:06:11 -04:00
} else if (err & ERR_WARN) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] %s.\n", argv[0], errmsg);
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
}
MINOR: global: Add an option to get the old listening sockets. Add the "-x" flag, that takes a path to a unix socket as an argument. If used, haproxy will connect to the socket, and asks to get all the listening sockets from the old process. Any failure is fatal. This is needed to get seamless reloads on linux.
2017-04-05 16:33:04 -04:00
/* Ok, all listener should now be bound, close any leftover sockets
* the previous process gave us, we don't need them anymore
*/
while (xfer_sock_list != NULL) {
struct xfer_sock_list *tmpxfer = xfer_sock_list->next;
close(xfer_sock_list->fd);
free(xfer_sock_list->iface);
free(xfer_sock_list->namespace);
free(xfer_sock_list);
xfer_sock_list = tmpxfer;
}
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* prepare pause/play signals */
[MEDIUM] signals: add support for registering functions and tasks The two new functions below make it possible to register any number of functions or tasks to a system signal. They will be called in the registration order when the signal is received. struct sig_handler *signal_register_fct(int sig, void (*fct)(struct sig_handler *), int arg); struct sig_handler *signal_register_task(int sig, struct task *task, int reason);
2010-08-27 11:56:48 -04:00
signal_register_fct(SIGTTOU, sig_pause, SIGTTOU);
signal_register_fct(SIGTTIN, sig_listen, SIGTTIN);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* MODE_QUIET can inhibit alerts and warnings below this line */
BUG/MEDIUM: mworker: don't close stdio several time This patch makes sure that a frontend socket that gets created after initialization won't be closed when the master gets re-executed. When used in daemon mode, the master-worker is closing the FDs 0, 1, 2 after the fork of the children. When the master was reloading, those FDs were assigned again during the parsing of the configuration (probably for some listeners), and the workers were closing them thinking it was the stdio. This patch must be backported to 1.8.
2017-12-25 15:03:31 -05:00
if (getenv("HAPROXY_MWORKER_REEXEC") != NULL) {
/* either stdin/out/err are already closed or should stay as they are. */
if ((global.mode & MODE_DAEMON)) {
/* daemon mode re-executing, stdin/stdout/stderr are already closed so keep quiet */
global.mode &= ~MODE_VERBOSE;
global.mode |= MODE_QUIET; /* ensure that we won't say anything from now */
}
} else {
if ((global.mode & MODE_QUIET) && !(global.mode & MODE_VERBOSE)) {
/* detach from the tty */
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
stdio_quiet(-1);
BUG/MEDIUM: mworker: don't close stdio several time This patch makes sure that a frontend socket that gets created after initialization won't be closed when the master gets re-executed. When used in daemon mode, the master-worker is closing the FDs 0, 1, 2 after the fork of the children. When the master was reloading, those FDs were assigned again during the parsing of the configuration (probably for some listeners), and the workers were closing them thinking it was the stdio. This patch must be backported to 1.8.
2017-12-25 15:03:31 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/* open log & pid files before the chroot */
MINOR: mworker: allow pidfile in mworker + foreground This patch allows the use of the pidfile in master-worker mode without using the background option.
2017-11-06 05:00:03 -05:00
if ((global.mode & MODE_DAEMON || global.mode & MODE_MWORKER) && global.pidfile != NULL) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
unlink(global.pidfile);
pidfd = open(global.pidfile, O_CREAT | O_WRONLY | O_TRUNC, 0644);
if (pidfd < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot create pidfile %s\n", argv[0], global.pidfile);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (nb_oldpids)
tell_old_pids(SIGTTIN);
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
protocol_unbind_all();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
exit(1);
}
}
[MEDIUM] check for cttproxy support when required Previously, use of the "usesrc" keyword could silently fail if either the module was not loaded, or the user did not have enough permissions. Now the errors are better diagnosed and more appropriate advices are given.
2007-03-24 12:24:39 -04:00
if ((global.last_checks & LSTCHK_NETADM) && global.uid) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Some configuration options require full privileges, so global.uid cannot be changed.\n"
"", argv[0]);
[MAJOR] added generic protocol support A new generic protocol mechanism has been added. It provides an easy method to implement new protocols with different listeners (eg: unix sockets). The listeners are automatically started at the right moment and enabled after the possible fork().
2007-10-16 06:25:14 -04:00
protocol_unbind_all();
[MEDIUM] check for cttproxy support when required Previously, use of the "usesrc" keyword could silently fail if either the module was not loaded, or the user did not have enough permissions. Now the errors are better diagnosed and more appropriate advices are given.
2007-03-24 12:24:39 -04:00
exit(1);
}
[BUG] inform the user when root is expected but not set When a plain user runs haproxy as non-root but some options require root, let's inform him.
2009-02-04 12:02:48 -05:00
/* If the user is not root, we'll still let him try the configuration
* but we inform him that unexpected behaviour may occur.
*/
if ((global.last_checks & LSTCHK_NETADM) && getuid())
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("[%s.main()] Some options which require full privileges"
" might not work well.\n"
"", argv[0]);
[BUG] inform the user when root is expected but not set When a plain user runs haproxy as non-root but some options require root, let's inform him.
2009-02-04 12:02:48 -05:00
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if ((global.mode & (MODE_MWORKER|MODE_DAEMON)) == 0) {
/* chroot if needed */
if (global.chroot != NULL) {
if (chroot(global.chroot) == -1 || chdir("/") == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot chroot(%s).\n", argv[0], global.chroot);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (nb_oldpids)
tell_old_pids(SIGTTIN);
protocol_unbind_all();
exit(1);
}
[MEDIUM] fixed call to chroot() during startup It wasn't very wise to chroot() early during the startup. Also, the exit() was missing if the chroot() failed.
2007-10-15 12:57:08 -04:00
}
}
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (nb_oldpids && !(global.mode & MODE_MWORKER_WAIT))
[MINOR] startup: don't wait for nothing when no old pid remains In case of binding failure during startup, we wait for some time sending signals to old pids so that they release the ports we need. But if there aren't any old pids anymore, it's useless to wait, we prefer to fail fast. Along with this change, we now have the number of old pids really found in the nb_oldpids variable.
2010-08-25 06:58:59 -04:00
nb_oldpids = tell_old_pids(oldpids_sig);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: mworker: support a configurable maximum number of reloads This patch implements a new global parameter for the master-worker mode. When setting the mworker-max-reloads value, a worker receive a SIGTERM if its number of reloads is greater than this value.
2019-05-07 11:49:33 -04:00
/* send a SIGTERM to workers who have a too high reloads number */
if ((global.mode & MODE_MWORKER) && !(global.mode & MODE_MWORKER_WAIT))
mworker_kill_max_reloads(SIGTERM);
BUG/MEDIUM: mworker: don't reuse PIDs passed to the master When starting the master worker with -sf or -st, the PIDs will be reused on the next reload, which is a problem if new processes on the system took those PIDs. This patch ensures that we don't register old PIDs in the reload system when launching the master worker.
2017-06-20 05:20:33 -04:00
if ((getenv("HAPROXY_MWORKER_REEXEC") == NULL)) {
nb_oldpids = 0;
free(oldpids);
oldpids = NULL;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* Note that any error at this stage will be fatal because we will not
* be able to restart the old pids.
*/
MINOR: init: avoid code duplication while setting identify since the introduction of mworker, the setuid/setgid was duplicated in two places; try to improve that by creating a dedicated function. this patch does not introduce any functional change. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-11-17 09:47:16 -05:00
if ((global.mode & (MODE_MWORKER | MODE_DAEMON)) == 0)
set_identity(argv[0]);
MINOR: init: add a "set-dumpable" global directive to enable core dumps It's always a pain to get a core dump when enabling user/group setting (which disables the dumpable flag on Linux), when using a chroot and/or when haproxy is started by a service management tool which requires complex operations to just raise the core dump limit. This patch introduces a new "set-dumpable" global directive to work around these troubles by doing the following : - remove file size limits (equivalent of ulimit -f unlimited) - remove core size limits (equivalent of ulimit -c unlimited) - mark the process dumpable again (equivalent of suid_dumpable=1) Some of these will depend on the operating system. This way it becomes much easier to retrieve a core file. Temporarily moving the chroot to a user-writable place generally enough.
2019-04-15 13:38:50 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* check ulimits */
limit.rlim_cur = limit.rlim_max = 0;
getrlimit(RLIMIT_NOFILE, &limit);
if (limit.rlim_cur < global.maxsock) {
MINOR: init: always fail when setrlimit fails this patch introduces a strict-limits parameter which enforces the setrlimit setting instead of a warning. This option can be forcingly disable with the "no" keyword. The general aim of this patch is to avoid bad surprises on a production environment where you change the maxconn for example, a new fd limit is calculated, but cannot be set because of sysfs setting. In that case you might want to have an explicit failure to be aware of it before seeing your traffic going down. During a global rollout it is also useful to explictly fail as most progressive rollout would simply check the general health check of the process. As discussed, plan to use the strict by default mode starting from v2.3. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-10-27 15:08:11 -04:00
if (global.tune.options & GTUNE_STRICT_LIMITS) {
ha_alert("[%s.main()] FD limit (%d) too low for maxconn=%d/maxsock=%d. "
"Please raise 'ulimit-n' to %d or more to avoid any trouble.\n",
argv[0], (int)limit.rlim_cur, global.maxconn, global.maxsock,
global.maxsock);
if (!(global.mode & MODE_MWORKER))
exit(1);
}
else
ha_alert("[%s.main()] FD limit (%d) too low for maxconn=%d/maxsock=%d. "
"Please raise 'ulimit-n' to %d or more to avoid any trouble."
"This will fail in >= v2.3\n",
argv[0], (int)limit.rlim_cur, global.maxconn, global.maxsock,
global.maxsock);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (global.mode & (MODE_DAEMON | MODE_MWORKER | MODE_MWORKER_WAIT)) {
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
struct proxy *px;
MEDIUM: init: stop any peers section not bound to the correct process This will prevent the peers section from remaining in listen state on the incorrect process. The peers_fe pointer is set to NULL, which will tell the peers task to commit suicide if it was already scheduled.
2015-05-01 13:13:41 -04:00
struct peers *curpeers;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
int ret = 0;
int proc;
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
int devnullfd = -1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
/*
* if daemon + mworker: must fork here to let a master
* process live in background before forking children
*/
MEDIUM: mworker: handle reload and signals The master-worker will reload itself on SIGUSR2/SIGHUP It's inherited from the systemd wrapper, when the SIGUSR2 signal is received, the master process will reexecute itself with the -sf flag followed by the PIDs of the children. In the systemd wrapper, the children were using a pipe to notify when the config has been parsed and when the new process is ready. The goal was to ensure that the process couldn't reload during the parsing of the configuration, before signals were send to old process. With the new mworker model, the master parses the configuration and is aware of all the children. We don't need a pipe, but we need to block those signals before the end of a reload, to ensure that the process won't be killed during a reload. The SIGUSR1 signal is forwarded to the children to soft-stop HAProxy. The SIGTERM and SIGINT signals are forwarded to the children in order to terminate them.
2017-06-01 11:38:51 -04:00
if ((getenv("HAPROXY_MWORKER_REEXEC") == NULL)
&& (global.mode & MODE_MWORKER)
&& (global.mode & MODE_DAEMON)) {
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
ret = fork();
if (ret < 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot fork.\n", argv[0]);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
protocol_unbind_all();
exit(1); /* there has been an error */
MINOR: startup: change session/process group settings Change the way the process groups are set. Indeed setsid() was called for every processes which caused the worker to have a different process group than the master. This patch behave in a better way: - In daemon mode only, each child do a setsid() - In master worker + daemon mode, the setsid() is done in the master before forking the children - In any foreground mode, we don't do a setsid() Could be backported in 1.8 but the master-worker mode is mostly used with systemd which rely on cgroups so that won't affect much people.
2018-07-04 09:31:23 -04:00
} else if (ret > 0) { /* parent leave to daemonize */
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
exit(0);
MINOR: startup: change session/process group settings Change the way the process groups are set. Indeed setsid() was called for every processes which caused the worker to have a different process group than the master. This patch behave in a better way: - In daemon mode only, each child do a setsid() - In master worker + daemon mode, the setsid() is done in the master before forking the children - In any foreground mode, we don't do a setsid() Could be backported in 1.8 but the master-worker mode is mostly used with systemd which rely on cgroups so that won't affect much people.
2018-07-04 09:31:23 -04:00
} else /* change the process group ID in the child (master process) */
setsid();
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
}
MEDIUM: mworker: workers exit when the master leaves This patch ensure that the children will exit when the master quits, even if the master didn't send any signal. The master and the workers are connected through a pipe, when the pipe closes the children leave.
2017-06-01 11:38:55 -04:00
MINOR: mworker: write parent pid in the pidfile The first pid in the pidfile is now the parent, it's more convenient for supervising the processus. You can now reload haproxy in master-worker mode with convenient command like: kill -USR2 $(head -1 /tmp/haproxy.pid)
2017-11-06 05:00:04 -05:00
/* if in master-worker mode, write the PID of the father */
if (global.mode & MODE_MWORKER) {
char pidstr[100];
BUILD: mworker: silence two printf format warnings around getpid() getpid() is documented as returning a pit pid_t result, not necessarily an int. This causes a build warning on Solaris 10 because of '%d' or '%u' are used in the format passed to snprintf(). Let's just cast the result as an int (respectively unsigned int). This can be backported to 2.0 and possibly older versions though it really has no impact.
2019-06-22 01:41:38 -04:00
snprintf(pidstr, sizeof(pidstr), "%d\n", (int)getpid());
BUG/MINOR: mworker: only write to pidfile if it exists A missing test causes a write(-1, $PID) to appear in strace output when in master-worker mode. This is totally harmless though. This fix must be backported to 1.8.
2018-01-23 13:20:19 -05:00
if (pidfd >= 0)
MINOR: use DISGUISE() everywhere we deliberately want to ignore a result It's more generic and versatile than the previous shut_your_big_mouth_gcc() that was used to silence annoying warnings as it's not limited to ignoring syscalls returns only. This allows us to get rid of the aforementioned function and the shut_your_big_mouth_gcc_int variable, that started to look ugly in multi-threaded environments.
2020-03-14 06:03:20 -04:00
DISGUISE(write(pidfd, pidstr, strlen(pidstr)));
MINOR: mworker: write parent pid in the pidfile The first pid in the pidfile is now the parent, it's more convenient for supervising the processus. You can now reload haproxy in master-worker mode with convenient command like: kill -USR2 $(head -1 /tmp/haproxy.pid)
2017-11-06 05:00:04 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* the father launches the required number of processes */
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (!(global.mode & MODE_MWORKER_WAIT)) {
MEDIUM: mworker-prog: implement program for master-worker This patch implements the external binary support in the master worker. To configure an external process, you need to use the program section, for example: program dataplane-api command ./dataplane_api Those processes are launched at the same time as the workers. During a reload of HAProxy, those processes are dealing with the same sequence as a worker: - the master is re-executed - the master sends a USR1 signal to the program - the master launches a new instance of the program During a stop, or restart, a SIGTERM is sent to the program.
2019-04-01 05:30:02 -04:00
if (global.mode & MODE_MWORKER)
mworker_ext_launch_all();
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
for (proc = 0; proc < global.nbproc; proc++) {
ret = fork();
if (ret < 0) {
ha_alert("[%s.main()] Cannot fork.\n", argv[0]);
protocol_unbind_all();
exit(1); /* there has been an error */
}
BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG This is the replacement of failed attempt to add thread safety and per-process sequences of random numbers initally tried with commit 1c306aa84d ("BUG/MEDIUM: random: implement per-thread and per-process random sequences"). This new version takes a completely different approach and doesn't try to work around the horrible OS-specific and non-portable random API anymore. Instead it implements "xoroshiro128**", a reputedly high quality random number generator, which is one of the many variants of xorshift, which passes all quality tests and which is described here: http://prng.di.unimi.it/ While not cryptographically secure, it is fast and features a 2^128-1 period. It supports fast jumps allowing to cut the period into smaller non-overlapping sequences, which we use here to support up to 2^32 processes each having their own, non-overlapping sequence of 2^96 numbers (~7*10^28). This is enough to provide 1 billion randoms per second and per process for 2200 billion years. The implementation was made thread-safe either by using a double 64-bit CAS on platforms supporting it (x86_64, aarch64) or by using a local lock for the time needed to perform the shift operations. This ensures that all threads pick numbers from the same pool so that it is not needed to assign per-thread ranges. For processes we use the fast jump method to advance the sequence by 2^96 for each process. Before this patch, the following config: global nbproc 8 frontend f bind :4445 mode http log stdout format raw daemon log-format "%[uuid] %pid" redirect location / Would produce this output: a4d0ad64-2645-4b74-b894-48acce0669af 12987 a4d0ad64-2645-4b74-b894-48acce0669af 12992 a4d0ad64-2645-4b74-b894-48acce0669af 12986 a4d0ad64-2645-4b74-b894-48acce0669af 12988 a4d0ad64-2645-4b74-b894-48acce0669af 12991 a4d0ad64-2645-4b74-b894-48acce0669af 12989 a4d0ad64-2645-4b74-b894-48acce0669af 12990 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12987 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12992 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12986 (...) And now produces: f94b29b3-da74-4e03-a0c5-a532c635bad9 13011 47470c02-4862-4c33-80e7-a952899570e5 13014 86332123-539a-47bf-853f-8c8ea8b2a2b5 13013 8f9efa99-3143-47b2-83cf-d618c8dea711 13012 3cc0f5c7-d790-496b-8d39-bec77647af5b 13015 3ec64915-8f95-4374-9e66-e777dc8791e0 13009 0f9bf894-dcde-408c-b094-6e0bb3255452 13011 49c7bfde-3ffb-40e9-9a8d-8084d650ed8f 13014 e23f6f2e-35c5-4433-a294-b790ab902653 13012 There are multiple benefits to using this method. First, it doesn't depend anymore on a non-portable API. Second it's thread safe. Third it is fast and more proven than any hack we could attempt to try to work around the deficiencies of the various implementations around. This commit depends on previous patches "MINOR: tools: add 64-bit rotate operators" and "BUG/MEDIUM: random: initialize the random pool a bit better", all of which will need to be backported at least as far as version 2.0. It doesn't require to backport the build fixes for circular include files dependecy anymore.
2020-03-07 18:42:37 -05:00
else if (ret == 0) { /* child breaks here */
ha_random_jump96(relative_pid);
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
break;
BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG This is the replacement of failed attempt to add thread safety and per-process sequences of random numbers initally tried with commit 1c306aa84d ("BUG/MEDIUM: random: implement per-thread and per-process random sequences"). This new version takes a completely different approach and doesn't try to work around the horrible OS-specific and non-portable random API anymore. Instead it implements "xoroshiro128**", a reputedly high quality random number generator, which is one of the many variants of xorshift, which passes all quality tests and which is described here: http://prng.di.unimi.it/ While not cryptographically secure, it is fast and features a 2^128-1 period. It supports fast jumps allowing to cut the period into smaller non-overlapping sequences, which we use here to support up to 2^32 processes each having their own, non-overlapping sequence of 2^96 numbers (~7*10^28). This is enough to provide 1 billion randoms per second and per process for 2200 billion years. The implementation was made thread-safe either by using a double 64-bit CAS on platforms supporting it (x86_64, aarch64) or by using a local lock for the time needed to perform the shift operations. This ensures that all threads pick numbers from the same pool so that it is not needed to assign per-thread ranges. For processes we use the fast jump method to advance the sequence by 2^96 for each process. Before this patch, the following config: global nbproc 8 frontend f bind :4445 mode http log stdout format raw daemon log-format "%[uuid] %pid" redirect location / Would produce this output: a4d0ad64-2645-4b74-b894-48acce0669af 12987 a4d0ad64-2645-4b74-b894-48acce0669af 12992 a4d0ad64-2645-4b74-b894-48acce0669af 12986 a4d0ad64-2645-4b74-b894-48acce0669af 12988 a4d0ad64-2645-4b74-b894-48acce0669af 12991 a4d0ad64-2645-4b74-b894-48acce0669af 12989 a4d0ad64-2645-4b74-b894-48acce0669af 12990 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12987 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12992 82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12986 (...) And now produces: f94b29b3-da74-4e03-a0c5-a532c635bad9 13011 47470c02-4862-4c33-80e7-a952899570e5 13014 86332123-539a-47bf-853f-8c8ea8b2a2b5 13013 8f9efa99-3143-47b2-83cf-d618c8dea711 13012 3cc0f5c7-d790-496b-8d39-bec77647af5b 13015 3ec64915-8f95-4374-9e66-e777dc8791e0 13009 0f9bf894-dcde-408c-b094-6e0bb3255452 13011 49c7bfde-3ffb-40e9-9a8d-8084d650ed8f 13014 e23f6f2e-35c5-4433-a294-b790ab902653 13012 There are multiple benefits to using this method. First, it doesn't depend anymore on a non-portable API. Second it's thread safe. Third it is fast and more proven than any hack we could attempt to try to work around the deficiencies of the various implementations around. This commit depends on previous patches "MINOR: tools: add 64-bit rotate operators" and "BUG/MEDIUM: random: initialize the random pool a bit better", all of which will need to be backported at least as far as version 2.0. It doesn't require to backport the build fixes for circular include files dependecy anymore.
2020-03-07 18:42:37 -05:00
}
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (pidfd >= 0 && !(global.mode & MODE_MWORKER)) {
char pidstr[100];
snprintf(pidstr, sizeof(pidstr), "%d\n", ret);
MINOR: use DISGUISE() everywhere we deliberately want to ignore a result It's more generic and versatile than the previous shut_your_big_mouth_gcc() that was used to silence annoying warnings as it's not limited to ignoring syscalls returns only. This allows us to get rid of the aforementioned function and the shut_your_big_mouth_gcc_int variable, that started to look ugly in multi-threaded environments.
2020-03-14 06:03:20 -04:00
DISGUISE(write(pidfd, pidstr, strlen(pidstr)));
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
}
if (global.mode & MODE_MWORKER) {
struct mworker_proc *child;
MINOR: mworker: use ha_notice to announce a new worker Displays the PID and the relative PID when we fork a new worker with ha_notice().
2018-11-21 12:04:53 -05:00
ha_notice("New worker #%d (%d) forked\n", relative_pid, ret);
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
/* find the right mworker_proc */
list_for_each_entry(child, &proc_list, list) {
if (child->relative_pid == relative_pid &&
CLEANUP: mworker: remove the type field in mworker_proc Since the introduction of the options field, we can use it to store the type of process. type = 'm' is replaced by PROC_O_TYPE_MASTER type = 'w' is replaced by PROC_O_TYPE_WORKER type = 'e' is replaced by PROC_O_TYPE_PROG The old values are still used in the HAPROXY_PROCESSES environment variable to pass the information during a reload.
2019-04-12 10:09:23 -04:00
child->reloads == 0 && child->options & PROC_O_TYPE_WORKER) {
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
child->timestamp = now.tv_sec;
child->pid = ret;
MINOR: mworker: add the HAProxy version in "show proc" Displays the HAProxy version so you can compare the version of old processes and new ones.
2019-06-12 13:11:33 -04:00
child->version = strdup(haproxy_version);
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
break;
}
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
}
}
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
relative_pid++; /* each child will get a different one */
pid_bit <<= 1;
}
} else {
/* wait mode */
global.nbproc = 1;
proc = 1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
#ifdef USE_CPU_AFFINITY
if (proc < global.nbproc && /* child */
MINOR: config: make MAX_PROCS configurable at build time For some embedded systems, it's pointless to have 32- or even 64- large arrays of processes when it's known that much fewer processes will be used in the worst case. Let's introduce this MAX_PROCS define which contains the highest number of processes allowed to run at once. It still defaults to LONGBITS but may be lowered.
2019-02-07 04:39:36 -05:00
proc < MAX_PROCS && /* only the first 32/64 processes may be pinned */
MINOR: config: Add the threads support in cpu-map directive Now, it is possible to bind CPU at the thread level instead of the process level by defining a thread set in "cpu-map" directives. Thus, its format is now: cpu-map [auto:]<process-set>[/<thread-set>] <cpu-set>... where <process-set> and <thread-set> must follow the format: all | odd | even | number[-[number]] Having a process range and a thread range in same time with the "auto:" prefix is not supported. Only one range is supported, the other one must be a fixed number. But it is allowed when there is no "auto:" prefix. Because it is possible to define a mapping for a process and another for a thread on this process, threads will be bound on the intersection of their mapping and the one of the process on which they are attached. If the intersection is null, no specific binding will be set for the threads.
2017-11-22 10:50:41 -05:00
global.cpu_map.proc[proc]) /* only do this if the process has a CPU map */
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#ifdef __FreeBSD__
MINOR: init: Fix CPU affinity setting on FreeBSD. Use a cpuset_t instead of assuming the cpu mask is an unsigned long. This should fix setting the CPU affinity on FreeBSD >= 11. This patch should be backported to stable releases.
2017-08-16 11:29:11 -04:00
{
cpuset_t cpuset;
int i;
MINOR: config: Add the threads support in cpu-map directive Now, it is possible to bind CPU at the thread level instead of the process level by defining a thread set in "cpu-map" directives. Thus, its format is now: cpu-map [auto:]<process-set>[/<thread-set>] <cpu-set>... where <process-set> and <thread-set> must follow the format: all | odd | even | number[-[number]] Having a process range and a thread range in same time with the "auto:" prefix is not supported. Only one range is supported, the other one must be a fixed number. But it is allowed when there is no "auto:" prefix. Because it is possible to define a mapping for a process and another for a thread on this process, threads will be bound on the intersection of their mapping and the one of the process on which they are attached. If the intersection is null, no specific binding will be set for the threads.
2017-11-22 10:50:41 -05:00
unsigned long cpu_map = global.cpu_map.proc[proc];
MINOR: init: Fix CPU affinity setting on FreeBSD. Use a cpuset_t instead of assuming the cpu mask is an unsigned long. This should fix setting the CPU affinity on FreeBSD >= 11. This patch should be backported to stable releases.
2017-08-16 11:29:11 -04:00
CPU_ZERO(&cpuset);
while ((i = ffsl(cpu_map)) > 0) {
CPU_SET(i - 1, &cpuset);
BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc Krishna Kumar reported a 100% cpu usage with a configuration using cpu-map and a high number of threads, Indeed, this minimal configuration to reproduce the issue : global nbthread 40 cpu-map auto:1/1-40 0-39 frontend test bind :8000 This is due to a wrong type in a shift operator (int vs unsigned long int), causing an endless loop while applying the cpu affinity on threads. The same issue may also occur with nbproc under FreeBSD. This commit addresses both cases. This patch must be backported to 1.8.
2018-03-12 16:47:39 -04:00
cpu_map &= ~(1UL << (i - 1));
MINOR: init: Fix CPU affinity setting on FreeBSD. Use a cpuset_t instead of assuming the cpu mask is an unsigned long. This should fix setting the CPU affinity on FreeBSD >= 11. This patch should be backported to stable releases.
2017-08-16 11:29:11 -04:00
}
ret = cpuset_setaffinity(CPU_LEVEL_WHICH, CPU_WHICH_PID, -1, sizeof(cpuset), &cpuset);
}
BUILD/MEDIUM: threads: enable cpu_affinity on osx Enable it but on a per thread basis only using Darwin native API.
2019-09-13 00:12:58 -04:00
#elif defined(__linux__)
MINOR: config: Add the threads support in cpu-map directive Now, it is possible to bind CPU at the thread level instead of the process level by defining a thread set in "cpu-map" directives. Thus, its format is now: cpu-map [auto:]<process-set>[/<thread-set>] <cpu-set>... where <process-set> and <thread-set> must follow the format: all | odd | even | number[-[number]] Having a process range and a thread range in same time with the "auto:" prefix is not supported. Only one range is supported, the other one must be a fixed number. But it is allowed when there is no "auto:" prefix. Because it is possible to define a mapping for a process and another for a thread on this process, threads will be bound on the intersection of their mapping and the one of the process on which they are attached. If the intersection is null, no specific binding will be set for the threads.
2017-11-22 10:50:41 -05:00
sched_setaffinity(0, sizeof(unsigned long), (void *)&global.cpu_map.proc[proc]);
MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
2015-09-17 15:26:40 -04:00
#endif
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* close the pidfile both in children and father */
BUG/MEDIUM: workaround an eglibc bug which truncates the pidfiles when nbproc > 1 Thomas Heil reported that when using nbproc > 1, his pidfiles were regularly truncated. The issue could be tracked down to the presence of a call to lseek(pidfile, 0, SEEK_SET) just before the close() call in the children, resulting in the file being truncated by the children while the parent was feeding it. This unexpected lseek() is transparently performed by fclose(). Since there is no way to have the file automatically closed during the fork, the only solution is to bypass the libc and use open/write/close instead of fprintf() and fclose(). The issue was observed on eglibc 2.15.
2012-09-05 02:02:48 -04:00
if (pidfd >= 0) {
//lseek(pidfd, 0, SEEK_SET); /* debug: emulate eglibc bug */
close(pidfd);
}
[MINOR] startup: release unused structs after forking Don't keep the old pid list or chroot place after startup, they won't be used anymore.
2010-08-25 06:49:05 -04:00
/* We won't ever use this anymore */
free(global.pidfile); global.pidfile = NULL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: init: don't stop proxies in parent process when exiting That's pointless, and that's confusing when debugging.
2015-05-01 11:01:08 -04:00
if (proc == global.nbproc) {
MEDIUM: mworker: wait mode use standard init code path The mworker waitpid mode (which is used when a reload failed to apply the new configuration) was still using a specific initialisation path. That's a problem since we use a polling loop in the master now, the master proxy is not initialized and the master CLI is not activated. This patch removes the initialisation code of the wait mode and introduce the MODE_MWORKER_WAIT in order to use the same init path as the MODE_MWORKER with some exceptions. It allows to use the master proxy and the master CLI during the waitpid mode.
2018-11-21 09:48:31 -05:00
if (global.mode & (MODE_MWORKER|MODE_MWORKER_WAIT)) {
BUG/MINOR: mworker: detach from tty when in daemon mode This allows a calling script to show the first startup output and know when to stop reading from stdout so haproxy can daemonize. To be backpored to 1.8.
2017-11-28 17:26:08 -05:00
if ((!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
(global.mode & MODE_DAEMON)) {
/* detach from the tty, this is required to properly daemonize. */
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
if ((getenv("HAPROXY_MWORKER_REEXEC") == NULL))
stdio_quiet(-1);
BUG/MINOR: mworker: detach from tty when in daemon mode This allows a calling script to show the first startup output and know when to stop reading from stdout so haproxy can daemonize. To be backpored to 1.8.
2017-11-28 17:26:08 -05:00
global.mode &= ~MODE_VERBOSE;
global.mode |= MODE_QUIET; /* ensure that we won't say anything from now */
}
MEDIUM: mworker: use the haproxy poll loop In order to reorganize the code of the master worker, the mworker_wait() function which was the main function was split. This function was handling a wait() loop, but it does not need it anymore since the code will use the poll loop of haproxy instead. The function was split in several functions: - mworker_catch_sigterm() which is a signal handler for SIGTERM ans SIGUSR1 that sends the signals to the workers - mworker_catch_sigchld() which is the code handling the leaving of a child - mworker_catch_sighup which basically call the mworker_restart() function - mworker_loop() which is the function calling the main poll loop in the master
2018-09-11 04:06:18 -04:00
mworker_loop();
BUG/MEDIUM: misplaced exit and wrong exit code Commit cb11fd2 ("MEDIUM: mworker: wait mode on reload failure") introduced a regression, when HAProxy is used in daemon mode, it exits 1 after forking its children. HAProxy should exit(0), the exit(EXIT_FAILURE) was expected to be use when the master fail in master-worker mode. Thanks to Emmanuel Hocdet for reporting this bug. No backport needed.
2017-06-07 09:04:47 -04:00
/* should never get there */
exit(EXIT_FAILURE);
MEDIUM: init: don't stop proxies in parent process when exiting That's pointless, and that's confusing when debugging.
2015-05-01 11:01:08 -04:00
}
BUG/MEDIUM: build without openssl broken The commit 872f9c213 ("MEDIUM: ssl: add basic support for OpenSSL crypto engine") broke the build without openssl support. The ssl_free_dh() function is not defined when USE_OPENSSL is not defined and leads to a compilation failure.
2017-06-08 13:05:48 -04:00
#if defined(USE_OPENSSL) && !defined(OPENSSL_NO_DH)
MEDIUM: ssl: add basic support for OpenSSL crypto engine This patch adds the global 'ssl-engine' keyword. First arg is an engine identifier followed by a list of default_algorithms the engine will operate. If the openssl version is too old, an error is reported when the option is used.
2017-01-20 20:10:18 -05:00
ssl_free_dh();
#endif
BUG/MEDIUM: misplaced exit and wrong exit code Commit cb11fd2 ("MEDIUM: mworker: wait mode on reload failure") introduced a regression, when HAProxy is used in daemon mode, it exits 1 after forking its children. HAProxy should exit(0), the exit(EXIT_FAILURE) was expected to be use when the master fail in master-worker mode. Thanks to Emmanuel Hocdet for reporting this bug. No backport needed.
2017-06-07 09:04:47 -04:00
exit(0); /* parent must leave */
MEDIUM: init: don't stop proxies in parent process when exiting That's pointless, and that's confusing when debugging.
2015-05-01 11:01:08 -04:00
}
MEDIUM: mworker: wait mode on reload failure In Master Worker mode, when the reloading of the configuration fail, the process is exiting leaving the children without their father. To handle this, we register an exit function with atexit(3), which is reexecuting the binary in a special mode. This particular mode of HAProxy don't reload the configuration, it only loops on wait().
2017-06-01 11:38:52 -04:00
/* child must never use the atexit function */
atexit_flag = 0;
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
/* close useless master sockets */
if (global.mode & MODE_MWORKER) {
struct mworker_proc *child, *it;
master = 0;
MEDIUM: mworker: stop the master proxy in the workers The master proxy which handles the CLI should not be used or shown in the stats of the workers. This proxy is now disabled after the fork.
2018-10-26 08:47:45 -04:00
mworker_cli_proxy_stop();
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
/* free proc struct of other processes */
list_for_each_entry_safe(child, it, &proc_list, list) {
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
/* close the FD of the master side for all
* workers, we don't need to close the worker
* side of other workers since it's done with
* the bind_proc */
BUG/MINOR: mworker: Do not attempt to close(2) fd -1 Valgrind reports: ==3389== Warning: invalid file descriptor -1 in syscall close() Check for >= 0 before closing. This bug was introduced in commit ce83b4a5dd48c000dec68f9d551945d21e9ac7ac and is specific to 1.9. No backport needed.
2018-11-25 14:03:39 -05:00
if (child->ipc_fd[0] >= 0)
close(child->ipc_fd[0]);
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
if (child->relative_pid == relative_pid &&
child->reloads == 0) {
/* keep this struct if this is our pid */
proc_self = child;
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
continue;
MEDIUM: mworker: each worker socketpair is a CLI listener The init code of the mworker_proc structs has been moved before the init of the listeners. Each socketpair is now connected to a CLI within the workers, which allows the master to access their CLI. The inherited flag of the worker side socketpair is removed so the socket can be closed in the master.
2018-10-26 08:47:30 -04:00
}
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
LIST_DEL(&child->list);
BUG/MINOR: mworker: Fix memory leak of mworker_proc members The struct mworker_proc is not uniformly freed everywhere, sometimes leading to leaks of the `id` string (and possibly the other strings). Introduce a mworker_free_child function instead of duplicating the freeing logic everywhere to prevent this kind of issues. This leak was reported in issue #96. It looks like the leaks have been introduced in commit 9a1ee7ac31c56fd7d881adf2ef4659f336e50c9f, which is specific to 2.0-dev. Backporting `mworker_free_child` might be helpful to ease backporting other fixes, though.
2019-05-16 14:23:22 -04:00
mworker_free_child(child);
child = NULL;
MEDIUM: mworker: replace the master pipe by socketpairs In order to communicate with the workers, the master pipe has been replaced by a socketpair() per worker. The goal is to use these sockets as stats sockets and be able to access them from the master. When reloading, the master serialize the information of the workers and put them in a environment variable. Once the master has been reexecuted it unserialize that information and it is capable of closing the FDs of the leaving children.
2018-09-11 04:06:26 -04:00
}
}
BUG/MEDIUM: threads/mworker: fix a race on startup Marc Fournier reported an interesting case when using threads with the master-worker mode : sometimes, a listener would have its FD closed during startup. Sometimes it could even be health checks seeing this. What happens is that after the threads are created, and the pollers enabled on each threads, the master-worker pipe is registered, and at the same time a close() is performed on the write side of this pipe since the children must not use it. But since this is replicated in every thread, what happens is that the first thread closes the pipe, thus releases the FD, and the next thread starting a listener in parallel gets this FD reassigned. Then another thread closes the FD again, which this time corresponds to the listener. It can also happen with the health check sockets if they're started early enough. This patch splits the mworker_pipe_register() function in two, so that the close() of the write side of the FD is performed very early after the fork() and long before threads are created (we don't need to delay it anyway). Only the pipe registration is done in the threaded code since it is important that the pollers are properly allocated for this. The mworker_pipe_register() function now takes care of registering the pipe only once, and this is guaranteed by a new surrounding lock. The call to protocol_enable_all() looks fragile in theory since it scans the list of proxies and their listeners, though in practice all threads scan the same list and take the same locks for each listener so it's not possible that any of them escapes the process and finishes before all listeners are started. And the operation is idempotent. This fix must be backported to 1.8. Thanks to Marc for providing very detailed traces clearly showing the problem.
2018-01-23 13:01:49 -05:00
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
if (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) {
devnullfd = open("/dev/null", O_RDWR, 0);
if (devnullfd < 0) {
ha_alert("Cannot open /dev/null\n");
exit(EXIT_FAILURE);
}
}
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
/* Must chroot and setgid/setuid in the children */
/* chroot if needed */
if (global.chroot != NULL) {
if (chroot(global.chroot) == -1 || chdir("/") == -1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("[%s.main()] Cannot chroot1(%s).\n", argv[0], global.chroot);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
if (nb_oldpids)
tell_old_pids(SIGTTIN);
protocol_unbind_all();
exit(1);
}
}
free(global.chroot);
global.chroot = NULL;
MINOR: init: avoid code duplication while setting identify since the introduction of mworker, the setuid/setgid was duplicated in two places; try to improve that by creating a dedicated function. this patch does not introduce any functional change. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-11-17 09:47:16 -05:00
set_identity(argv[0]);
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
MEDIUM: proxy: zombify proxies only when the expose-fd socket is bound When HAProxy is running with multiple processes and some listeners arebound to processes, the unused sockets were not closed in the other processes. The aim was to be able to send those listening sockets using the -x option. However to ensure the previous behavior which was to close those sockets, we provided the "no-unused-socket" global option. This patch changes this behavior, it will close unused sockets which are not in the same process as an expose-fd socket, making the "no-unused-socket" option useless. The "no-unused-socket" option was removed in this patch.
2017-05-26 12:19:55 -04:00
/* pass through every cli socket, and check if it's bound to
* the current process and if it exposes listeners sockets.
* Caution: the GTUNE_SOCKET_TRANSFER is now set after the fork.
* */
if (global.stats_fe) {
struct bind_conf *bind_conf;
list_for_each_entry(bind_conf, &global.stats_fe->conf.bind, by_fe) {
if (bind_conf->level & ACCESS_FD_LISTENERS) {
if (!bind_conf->bind_proc || bind_conf->bind_proc & (1UL << proc)) {
global.tune.options |= GTUNE_SOCKET_TRANSFER;
break;
}
}
}
}
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
/* we might have to unbind some proxies from some processes */
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
px = proxies_list;
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
while (px != NULL) {
if (px->bind_proc && px->state != PR_STSTOPPED) {
MINOR: proxy: Don't close FDs if not our proxy. When running with multiple process, if some proxies are just assigned to some processes, the other processes will just close the file descriptors for the listening sockets. However, we may still have to provide those sockets when reloading, so instead we just try hard to pretend those proxies are dead, while keeping the sockets opened. A new global option, no-reused-socket", has been added, to restore the old behavior of closing the sockets not bound to this process.
2017-04-05 19:05:05 -04:00
if (!(px->bind_proc & (1UL << proc))) {
if (global.tune.options & GTUNE_SOCKET_TRANSFER)
zombify_proxy(px);
else
stop_proxy(px);
}
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
}
px = px->next;
}
MEDIUM: init: stop any peers section not bound to the correct process This will prevent the peers section from remaining in listen state on the incorrect process. The peers_fe pointer is set to NULL, which will tell the peers task to commit suicide if it was already scheduled.
2015-05-01 13:13:41 -04:00
/* we might have to unbind some peers sections from some processes */
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
for (curpeers = cfg_peers; curpeers; curpeers = curpeers->next) {
MEDIUM: init: stop any peers section not bound to the correct process This will prevent the peers section from remaining in listen state on the incorrect process. The peers_fe pointer is set to NULL, which will tell the peers task to commit suicide if it was already scheduled.
2015-05-01 13:13:41 -04:00
if (!curpeers->peers_fe)
continue;
if (curpeers->peers_fe->bind_proc & (1UL << proc))
continue;
stop_proxy(curpeers->peers_fe);
/* disable this peer section so that it kills itself */
MEDIUM: init: completely deallocate unused peers When peers are stopped due to not being running on the appropriate process, we want to completely release them and unregister their signals and task in order to ensure there's no way they may be called in the future. Note: ideally we should have a list of all tables attached to a peers section being disabled in order to unregister them and void their sync_task. It doesn't appear to be *that* easy for now.
2015-09-28 10:39:25 -04:00
signal_unregister_handler(curpeers->sighandler);
MEDIUM: tasks: Merge task_delete() and task_free() into task_destroy(). task_delete() was never used without calling task_free() just after, and task_free() was only used on error pathes to destroy a just-created task, so merge them into task_destroy(), that will remove the task from the wait queue, and make sure the task is either destroyed immediately if it's not in the run queue, or destroyed when it's supposed to run.
2019-04-17 16:51:06 -04:00
task_destroy(curpeers->sync_task);
MEDIUM: init: completely deallocate unused peers When peers are stopped due to not being running on the appropriate process, we want to completely release them and unregister their signals and task in order to ensure there's no way they may be called in the future. Note: ideally we should have a list of all tables attached to a peers section being disabled in order to unregister them and void their sync_task. It doesn't appear to be *that* easy for now.
2015-09-28 10:39:25 -04:00
curpeers->sync_task = NULL;
MEDIUM: tasks: Merge task_delete() and task_free() into task_destroy(). task_delete() was never used without calling task_free() just after, and task_free() was only used on error pathes to destroy a just-created task, so merge them into task_destroy(), that will remove the task from the wait queue, and make sure the task is either destroyed immediately if it's not in the run queue, or destroyed when it's supposed to run.
2019-04-17 16:51:06 -04:00
task_destroy(curpeers->peers_fe->task);
MEDIUM: init: completely deallocate unused peers When peers are stopped due to not being running on the appropriate process, we want to completely release them and unregister their signals and task in order to ensure there's no way they may be called in the future. Note: ideally we should have a list of all tables attached to a peers section being disabled in order to unregister them and void their sync_task. It doesn't appear to be *that* easy for now.
2015-09-28 10:39:25 -04:00
curpeers->peers_fe->task = NULL;
MEDIUM: init: stop any peers section not bound to the correct process This will prevent the peers section from remaining in listen state on the incorrect process. The peers_fe pointer is set to NULL, which will tell the peers task to commit suicide if it was already scheduled.
2015-05-01 13:13:41 -04:00
curpeers->peers_fe = NULL;
}
MINOR: mworker: only close std{in,out,err} in daemon mode This allows to output messages when we are not in daemon mode which is useful to use log stdout in master worker mode.
2018-11-13 10:18:23 -05:00
/*
* This is only done in daemon mode because we might want the
* logs on stdout in mworker mode. If we're NOT in QUIET mode,
* we should now close the 3 first FDs to ensure that we can
* detach from the TTY. We MUST NOT do it in other cases since
* it would have already be done, and 0-2 would have been
* affected to listening sockets
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
MINOR: mworker: only close std{in,out,err} in daemon mode This allows to output messages when we are not in daemon mode which is useful to use log stdout in master worker mode.
2018-11-13 10:18:23 -05:00
if ((global.mode & MODE_DAEMON) &&
(!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE))) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* detach from the tty */
MINOR: don't close stdio anymore Closing the standard IO FDs (0,1,2) can be troublesome, especially in the case of the master-worker. Instead of closing those FDs, they are now pointing to /dev/null which prevents sending debugging messages to the wrong FDs. This patch could be backported in 1.8.
2017-12-28 10:09:36 -05:00
stdio_quiet(devnullfd);
[BUG] critical errors should be reported even in daemon mode Josh Goebel reported that haproxy silently dies when it fails to chroot. In fact, it does so when in daemon mode, because daemon mode has been disabling output for ages. Since the code has been reworked, this could have been changed because there is no reason for this anymore, hence this patch. (cherry picked from commit 304d6fb00fe32fca1bd932a301d4afb7d54c92bc) (cherry picked from commit 50b7f7f12c67322c793f50a6be009f0fd0eec1bb)
2008-11-16 01:40:34 -05:00
global.mode &= ~MODE_VERBOSE;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.mode |= MODE_QUIET; /* ensure that we won't say anything from now */
}
pid = getpid(); /* update child's pid */
MINOR: startup: change session/process group settings Change the way the process groups are set. Indeed setsid() was called for every processes which caused the worker to have a different process group than the master. This patch behave in a better way: - In daemon mode only, each child do a setsid() - In master worker + daemon mode, the setsid() is done in the master before forking the children - In any foreground mode, we don't do a setsid() Could be backported in 1.8 but the master-worker mode is mostly used with systemd which rely on cgroups so that won't affect much people.
2018-07-04 09:31:23 -04:00
if (!(global.mode & MODE_MWORKER)) /* in mworker mode we don't want a new pgid for the children */
setsid();
[MAJOR] delay registering of listener sockets at startup Some pollers such as kqueue lose their FD across fork(), meaning that the registered file descriptors are lost too. Now when the proxies are started by start_proxies(), the file descriptors are not registered yet, leaving enough time for the fork() to take place and to get a new pollfd. It will be the first call to maintain_proxies that will register them.
2007-04-09 13:29:56 -04:00
fork_poller();
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
BUG/MINOR: init: fix set-dumpable when using uid/gid in mworker mode used with uid/gid settings, it was not possible to get a coredump despite the set-dumpable option. indeed prctl(2) manual page specifies the dumpable attribute is reverted to `/proc/sys/fs/suid_dumpable` in a few conditions such as process effective user and group are changed. this patch moves the whole set-dumpable logic before the polling code in order to catch all possible cases where we could have changed the uid/gid. It however does not cover the possible segfault at startup. this patch should be backported in 2.0. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-11-17 09:47:15 -05:00
/* try our best to re-enable core dumps depending on system capabilities.
* What is addressed here :
* - remove file size limits
* - remove core size limits
* - mark the process dumpable again if it lost it due to user/group
*/
if (global.tune.options & GTUNE_SET_DUMPABLE) {
limit.rlim_cur = limit.rlim_max = RLIM_INFINITY;
#if defined(RLIMIT_FSIZE)
if (setrlimit(RLIMIT_FSIZE, &limit) == -1) {
if (global.tune.options & GTUNE_STRICT_LIMITS) {
ha_alert("[%s.main()] Failed to set the raise the maximum "
"file size.\n", argv[0]);
if (!(global.mode & MODE_MWORKER))
exit(1);
}
else
ha_warning("[%s.main()] Failed to set the raise the maximum "
"file size. This will fail in >= v2.3\n", argv[0]);
}
#endif
#if defined(RLIMIT_CORE)
if (setrlimit(RLIMIT_CORE, &limit) == -1) {
if (global.tune.options & GTUNE_STRICT_LIMITS) {
ha_alert("[%s.main()] Failed to set the raise the core "
"dump size.\n", argv[0]);
if (!(global.mode & MODE_MWORKER))
exit(1);
}
else
ha_warning("[%s.main()] Failed to set the raise the core "
"dump size. This will fail in >= v2.3\n", argv[0]);
}
#endif
#if defined(USE_PRCTL)
if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1)
ha_warning("[%s.main()] Failed to set the dumpable flag, "
"no core will be dumped.\n", argv[0]);
#endif
}
MINOR: startup: Extend the scope the MODE_STARTING flag Now, MODE_STARTING is set at the begining to init function and it is removed just before the polling loop. So more alerts or warnings are saved.
2017-10-24 07:53:54 -04:00
global.mode &= ~MODE_STARTING;
[MAJOR] modularize the polling mechanisms select, poll and epoll now have their dedicated functions and have been split into distinct files. Several FD manipulation primitives have been provided with each poller. The rest of the code needs to be cleaned to remove traces of StaticReadEvent/StaticWriteEvent. A trick involving a macro has temporarily been used right now. Some work needs to be done to factorize tests and sets everywhere.
2007-04-08 10:39:58 -04:00
/*
* That's it : the central polling loop. Run until we stop.
*/
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
#ifdef USE_THREAD
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
{
BUG/MEDIUM: threads: handle signal queue only in thread 0 Signals were handled in all threads which caused some signals to be lost from time to time. To avoid complicated lock system (threads+signals), we prefer handling the signals in one thread avoiding concurrent access. The side effect of this bug was that some process were not leaving from time to time during a reload. This patch must be backported in 1.8.
2018-06-07 03:46:01 -04:00
sigset_t blocked_sig, old_sig;
MINOR: init/threads: make the threads array global Currently the thread array is a local variable inside a function block and there is no access to it from outside, which often complicates debugging. Let's make it global and export it. Also the allocation return is now checked.
2019-05-03 03:22:44 -04:00
int i;
BUG/MEDIUM: threads: handle signal queue only in thread 0 Signals were handled in all threads which caused some signals to be lost from time to time. To avoid complicated lock system (threads+signals), we prefer handling the signals in one thread avoiding concurrent access. The side effect of this bug was that some process were not leaving from time to time during a reload. This patch must be backported in 1.8.
2018-06-07 03:46:01 -04:00
/* ensure the signals will be blocked in every thread */
sigfillset(&blocked_sig);
sigdelset(&blocked_sig, SIGPROF);
sigdelset(&blocked_sig, SIGBUS);
sigdelset(&blocked_sig, SIGFPE);
sigdelset(&blocked_sig, SIGILL);
sigdelset(&blocked_sig, SIGSEGV);
pthread_sigmask(SIG_SETMASK, &blocked_sig, &old_sig);
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
/* Create nbthread-1 thread. The first thread is the current process */
BUILD/MEDIUM: threads: rename thread_info struct to ha_thread_info On Darwin, the thread_info name exists as a standard function thus we need to rename our array to ha_thread_info to fix this conflict.
2019-09-13 00:03:12 -04:00
ha_thread_info[0].pthread = pthread_self();
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
for (i = 1; i < global.nbthread; i++)
BUILD/MEDIUM: threads: rename thread_info struct to ha_thread_info On Darwin, the thread_info name exists as a standard function thus we need to rename our array to ha_thread_info to fix this conflict.
2019-09-13 00:03:12 -04:00
pthread_create(&ha_thread_info[i].pthread, NULL, &run_thread_poll_loop, (void *)(long)i);
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
MINOR: threads: Add thread-map config parameter in the global section By default, no affinity is set for threads. To bind threads on CPU, you must define a "thread-map" in the global section. The format is the same than the "cpu-map" parameter, with a small difference. The process number must be defined, with the same format than cpu-map ("all", "even", "odd" or a number between 1 and 31/63). A thread will be bound on the intersection of its mapping and the one of the process on which it is attached. If the intersection is null, no specific bind will be set for the thread.
2017-10-16 09:49:32 -04:00
#ifdef USE_CPU_AFFINITY
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
/* Now the CPU affinity for all threads */
BUG/MEDIUM: threads: cpu-map designating a single thread/process are ignored Since commit 81492c989 ("MINOR: threads: flatten the per-thread cpu-map"), we don't keep the proc*thread matrix anymore to represent the full binding possibilities, but only the proc and thread ones. The problem is that the per-process binding is not the same for each thread and for the process, and the proc[] array was assumed to store the per-proc first thread value when doing this change. Worse, the logic present there tries to deal with thread ranges and process ranges in a way which automatically exclused the other possibility (since ranges cannot be used on both) but as such fails to apply changes if neither the process nor the thread is expressed as a range. The real problem comes from the fact that specifying cpu-map 1/1 doesn't yet reveal if the per-process mask or the per-thread mask needs to be updated. In practice it's the thread one but then the current storage doesn't allow to store the binding of the first thread of each other process in nbproc>1 configurations. When removing the proc*thread matrix, what ought to have been kept was both the thread column for process 1 and the process line for threads 1, but instead only the thread column was kept. This patch reintroduces the storage of the configuration for the first thread of each process so that it is again possible to store either the per-thread or per-process configuration. As a partial workaround for existing configurations, it is possible to systematically indicate at least two processes or two threads at once and map them by pairs or more so that at least two values are present in the range. E.g : # set processes 1-4 to cpus 0-3 : cpu-map auto:1-4/1 0 1 2 3 # or: cpu-map 1-2/1 0 1 cpu-map 2-3/1 2 3 # set threads 1-4 to cpus 0-3 : cpu-map auto:1/1-4 0 1 2 3 # or : cpu-map 1/1-2 0 1 cpu-map 3/3-4 2 3 This fix must be backported to 2.0.
2019-07-16 09:10:34 -04:00
if (global.cpu_map.proc_t1[relative_pid-1])
global.cpu_map.thread[0] &= global.cpu_map.proc_t1[relative_pid-1];
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
for (i = 0; i < global.nbthread; i++) {
MINOR: config: Add the threads support in cpu-map directive Now, it is possible to bind CPU at the thread level instead of the process level by defining a thread set in "cpu-map" directives. Thus, its format is now: cpu-map [auto:]<process-set>[/<thread-set>] <cpu-set>... where <process-set> and <thread-set> must follow the format: all | odd | even | number[-[number]] Having a process range and a thread range in same time with the "auto:" prefix is not supported. Only one range is supported, the other one must be a fixed number. But it is allowed when there is no "auto:" prefix. Because it is possible to define a mapping for a process and another for a thread on this process, threads will be bound on the intersection of their mapping and the one of the process on which they are attached. If the intersection is null, no specific binding will be set for the threads.
2017-11-22 10:50:41 -05:00
if (global.cpu_map.proc[relative_pid-1])
MINOR: threads: flatten the per-thread cpu-map When we initially experimented with threads and processes support, we needed to implement arrays of threads per process for cpu-map, but this is not needed anymore since we support either threads or processes. Let's simply make the thread-based cpu-map per thread and not per thread and per process since that's not used anymore. Doing so reduces the global struct from 33kB to 1.5kB.
2019-05-03 03:41:23 -04:00
global.cpu_map.thread[i] &= global.cpu_map.proc[relative_pid-1];
MINOR: threads: Add thread-map config parameter in the global section By default, no affinity is set for threads. To bind threads on CPU, you must define a "thread-map" in the global section. The format is the same than the "cpu-map" parameter, with a small difference. The process number must be defined, with the same format than cpu-map ("all", "even", "odd" or a number between 1 and 31/63). A thread will be bound on the intersection of its mapping and the one of the process on which it is attached. If the intersection is null, no specific bind will be set for the thread.
2017-10-16 09:49:32 -04:00
MINOR: threads: add a MAX_THREADS define instead of LONGBITS This one allows not to inflate some structures when threads are disabled. Now struct global is 1.4 kB instead of 33 kB. Should be backported to 1.8 for ease of backporting of upcoming patches.
2018-01-20 12:19:22 -05:00
if (i < MAX_THREADS && /* only the first 32/64 threads may be pinned */
MINOR: threads: flatten the per-thread cpu-map When we initially experimented with threads and processes support, we needed to implement arrays of threads per process for cpu-map, but this is not needed anymore since we support either threads or processes. Let's simply make the thread-based cpu-map per thread and not per thread and per process since that's not used anymore. Doing so reduces the global struct from 33kB to 1.5kB.
2019-05-03 03:41:23 -04:00
global.cpu_map.thread[i]) {/* only do this if the thread has a THREAD map */
BUILD/MEDIUM: threads: enable cpu_affinity on osx Enable it but on a per thread basis only using Darwin native API.
2019-09-13 00:12:58 -04:00
#if defined(__APPLE__)
int j;
unsigned long cpu_map = global.cpu_map.thread[i];
while ((j = ffsl(cpu_map)) > 0) {
thread_affinity_policy_data_t cpu_set = { j - 1 };
thread_port_t mthread = pthread_mach_thread_np(ha_thread_info[i].pthread);
thread_policy_set(mthread, THREAD_AFFINITY_POLICY, (thread_policy_t)&cpu_set, 1);
cpu_map &= ~(1UL << (j - 1));
}
#else
MINOR: threads: Fix pthread_setaffinity_np on FreeBSD. As with the call to cpuset_setaffinity(), FreeBSD expects the argument to pthread_setaffinity_np() to be a cpuset_t, not an unsigned long, so the call was silently failing. This should probably be backported to 1.8.
2017-12-01 12:19:43 -05:00
#if defined(__FreeBSD__) || defined(__NetBSD__)
cpuset_t cpuset;
#else
cpu_set_t cpuset;
#endif
int j;
MINOR: threads: flatten the per-thread cpu-map When we initially experimented with threads and processes support, we needed to implement arrays of threads per process for cpu-map, but this is not needed anymore since we support either threads or processes. Let's simply make the thread-based cpu-map per thread and not per thread and per process since that's not used anymore. Doing so reduces the global struct from 33kB to 1.5kB.
2019-05-03 03:41:23 -04:00
unsigned long cpu_map = global.cpu_map.thread[i];
MINOR: threads: Fix pthread_setaffinity_np on FreeBSD. As with the call to cpuset_setaffinity(), FreeBSD expects the argument to pthread_setaffinity_np() to be a cpuset_t, not an unsigned long, so the call was silently failing. This should probably be backported to 1.8.
2017-12-01 12:19:43 -05:00
CPU_ZERO(&cpuset);
while ((j = ffsl(cpu_map)) > 0) {
CPU_SET(j - 1, &cpuset);
BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc Krishna Kumar reported a 100% cpu usage with a configuration using cpu-map and a high number of threads, Indeed, this minimal configuration to reproduce the issue : global nbthread 40 cpu-map auto:1/1-40 0-39 frontend test bind :8000 This is due to a wrong type in a shift operator (int vs unsigned long int), causing an endless loop while applying the cpu affinity on threads. The same issue may also occur with nbproc under FreeBSD. This commit addresses both cases. This patch must be backported to 1.8.
2018-03-12 16:47:39 -04:00
cpu_map &= ~(1UL << (j - 1));
MINOR: threads: Fix pthread_setaffinity_np on FreeBSD. As with the call to cpuset_setaffinity(), FreeBSD expects the argument to pthread_setaffinity_np() to be a cpuset_t, not an unsigned long, so the call was silently failing. This should probably be backported to 1.8.
2017-12-01 12:19:43 -05:00
}
BUILD/MEDIUM: threads: rename thread_info struct to ha_thread_info On Darwin, the thread_info name exists as a standard function thus we need to rename our array to ha_thread_info to fix this conflict.
2019-09-13 00:03:12 -04:00
pthread_setaffinity_np(ha_thread_info[i].pthread,
MINOR: threads: Fix pthread_setaffinity_np on FreeBSD. As with the call to cpuset_setaffinity(), FreeBSD expects the argument to pthread_setaffinity_np() to be a cpuset_t, not an unsigned long, so the call was silently failing. This should probably be backported to 1.8.
2017-12-01 12:19:43 -05:00
sizeof(cpuset), &cpuset);
BUILD/MEDIUM: threads: enable cpu_affinity on osx Enable it but on a per thread basis only using Darwin native API.
2019-09-13 00:12:58 -04:00
#endif
MINOR: threads: Fix pthread_setaffinity_np on FreeBSD. As with the call to cpuset_setaffinity(), FreeBSD expects the argument to pthread_setaffinity_np() to be a cpuset_t, not an unsigned long, so the call was silently failing. This should probably be backported to 1.8.
2017-12-01 12:19:43 -05:00
}
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
}
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
#endif /* !USE_CPU_AFFINITY */
BUG/MEDIUM: threads: handle signal queue only in thread 0 Signals were handled in all threads which caused some signals to be lost from time to time. To avoid complicated lock system (threads+signals), we prefer handling the signals in one thread avoiding concurrent access. The side effect of this bug was that some process were not leaving from time to time during a reload. This patch must be backported in 1.8.
2018-06-07 03:46:01 -04:00
/* when multithreading we need to let only the thread 0 handle the signals */
MEDIUM: startup: unify signal init between daemon and mworker mode The signals are now unblocked only once the configuration have been parsed.
2018-09-11 04:06:23 -04:00
haproxy_unblock_signals();
BUG/MEDIUM: threads: handle signal queue only in thread 0 Signals were handled in all threads which caused some signals to be lost from time to time. To avoid complicated lock system (threads+signals), we prefer handling the signals in one thread avoiding concurrent access. The side effect of this bug was that some process were not leaving from time to time during a reload. This patch must be backported in 1.8.
2018-06-07 03:46:01 -04:00
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
/* Finally, start the poll loop for the first thread */
MINOR: init/threads: remove the useless tids[] array It's still obscure how we managed to initialize an array of integers with values always equal to the index, just to retrieve the value from an opaque pointer to the index instead of directly using it! I suspect it's a leftover from the very early threading experiments. This commit gets rid of this and simply passes the thread ID as the argument to run_thread_poll_loop(), thus significantly simplifying the few call places and removing the need to allocate then free an array of identity.
2019-05-03 03:27:30 -04:00
run_thread_poll_loop(0);
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
/* Wait the end of other threads */
for (i = 1; i < global.nbthread; i++)
BUILD/MEDIUM: threads: rename thread_info struct to ha_thread_info On Darwin, the thread_info name exists as a standard function thus we need to rename our array to ha_thread_info to fix this conflict.
2019-09-13 00:03:12 -04:00
pthread_join(ha_thread_info[i].pthread, NULL);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: threads/signal: Add a lock to make signals thread-safe A global lock has been added to protect the signal processing. So when a signal it triggered, only one thread will catch it.
2017-05-30 09:34:30 -04:00
#if defined(DEBUG_THREAD) || defined(DEBUG_FULL)
show_lock_stats();
#endif
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
}
BUG/MEDIUM: threads: Run the poll loop on the main thread too There was a flaw in the way the threads was created. the main one was just used to create all the others and just wait to exit. Now, it is used to run a poll loop. So we only create nbthread-1 threads. This also fixes a bug about the compression filter when there is only 1 thread (nbthread == 1 or no threads support). The bug was in the way thread-local resources was initialized. per-thread init/deinit callbacks were never called for the main process. So, with nthread set to 1, some buffers remained uninitialized.
2017-10-27 07:53:47 -04:00
#else /* ! USE_THREAD */
MEDIUM: startup: unify signal init between daemon and mworker mode The signals are now unblocked only once the configuration have been parsed.
2018-09-11 04:06:23 -04:00
haproxy_unblock_signals();
MINOR: init/threads: remove the useless tids[] array It's still obscure how we managed to initialize an array of integers with values always equal to the index, just to retrieve the value from an opaque pointer to the index instead of directly using it! I suspect it's a leftover from the very early threading experiments. This commit gets rid of this and simply passes the thread ID as the argument to run_thread_poll_loop(), thus significantly simplifying the few call places and removing the need to allocate then free an array of identity.
2019-05-03 03:27:30 -04:00
run_thread_poll_loop(0);
MINOR: threads: Add thread-map config parameter in the global section By default, no affinity is set for threads. To bind threads on CPU, you must define a "thread-map" in the global section. The format is the same than the "cpu-map" parameter, with a small difference. The process number must be defined, with the same format than cpu-map ("all", "even", "odd" or a number between 1 and 31/63). A thread will be bound on the intersection of its mapping and the one of the process on which it is attached. If the intersection is null, no specific bind will be set for the thread.
2017-10-16 09:49:32 -04:00
#endif
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
/* Do some cleanup */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
deinit();
MAJOR: threads: Start threads to experiment multithreading [WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be broken for a while, when compiled with threads. When nbthread parameter is greater than 1, HAProxy will create the corresponding number of threads. If nbthread is set to 1, nothing should be done. So if there are concurrency issues (and be sure there will be, unfortunatly), an obvious workaround is to disable the multithreading... Each created threads will run a polling loop. So, in a certain way, it is pretty similar to the nbproc mode ("outside" the bugs and the lock contention). Nevertheless, there are an init and a deinit steps for each thread to deal with per-thread allocation. Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
exit(0);
}
MINOR: init: report the compiler version in haproxy -vv Some portability issues were met a few times in the past depending on compiler versions, but this one was not reported in haproxy -vv output while it's trivial to add it. This patch tries to be the most accurate by explicitly reporting the clang version if detected, otherwise the gcc version.
2020-04-15 11:00:03 -04:00
#if defined(__clang_version__)
REGISTER_BUILD_OPTS("Built with clang compiler version " __clang_version__);
#elif defined(__VERSION__)
REGISTER_BUILD_OPTS("Built with gcc compiler version " __VERSION__);
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/
Reference in a new issue Copy permalink