2006-06-25 20:48:02 -04:00
/*
* HA - Proxy : High Availability - enabled HTTP / TCP proxy
2020-01-22 04:34:58 -05:00
* Copyright 2000 - 2020 Willy Tarreau < willy @ haproxy . org > .
2006-06-25 20:48:02 -04:00
*
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation ; either version
* 2 of the License , or ( at your option ) any later version .
*
2017-04-28 09:24:30 -04:00
* Please refer to RFC7230 - RFC7235 informations about HTTP protocol , and
* RFC6265 for informations about cookies usage . More generally , the IETF HTTP
2006-06-25 20:48:02 -04:00
* Working Group ' s web site should be consulted for protocol related changes :
*
* http : //ftp.ics.uci.edu/pub/ietf/http/
*
* Pending bugs ( may be not fixed because never reproduced ) :
* - solaris only : sometimes , an HTTP proxy with only a dispatch address causes
* the proxy to terminate ( no core ) if the client breaks the connection during
* the response . Seen on 1.1 .8 pre4 , but never reproduced . May not be related to
* the snprintf ( ) bug since requests were simple ( GET / HTTP / 1.0 ) , but may be
* related to missing setsid ( ) ( fixed in 1.1 .15 )
* - a proxy with an invalid config will prevent the startup even if disabled .
*
* ChangeLog has moved to the CHANGELOG file .
*
*/
2015-12-08 16:43:09 -05:00
# define _GNU_SOURCE
2006-06-25 20:48:02 -04:00
# include <stdio.h>
# include <stdlib.h>
# include <unistd.h>
# include <string.h>
# include <ctype.h>
2016-05-13 17:52:56 -04:00
# include <dirent.h>
# include <sys/stat.h>
2006-06-25 20:48:02 -04:00
# include <sys/time.h>
# include <sys/types.h>
# include <sys/socket.h>
# include <netinet/tcp.h>
# include <netinet/in.h>
# include <arpa/inet.h>
2017-04-05 16:33:04 -04:00
# include <net/if.h>
2006-06-25 20:48:02 -04:00
# include <netdb.h>
# include <fcntl.h>
# include <errno.h>
# include <signal.h>
# include <stdarg.h>
# include <sys/resource.h>
2020-04-18 10:02:47 -04:00
# include <sys/utsname.h>
2013-02-12 04:53:52 -05:00
# include <sys/wait.h>
2006-06-25 20:48:02 -04:00
# include <time.h>
# include <syslog.h>
BUG/MEDIUM: remove supplementary groups when changing gid
Without it, haproxy will retain the group membership of root, which may
give more access than intended to the process. For example, haproxy would
still be in the wheel group on Fedora 18, as seen with :
# haproxy -f /etc/haproxy/haproxy.cfg
# ps a -o pid,user,group,command | grep hapr
3545 haproxy haproxy haproxy -f /etc/haproxy/haproxy.cfg
4356 root root grep --color=auto hapr
# grep Group /proc/3545/status
Groups: 0 1 2 3 4 6 10
# getent group wheel
wheel:x:10:root,misc
[WT: The issue has been investigated by independent security research team
and realized by itself not being able to allow security exploitation.
Additionally, dropping groups is not allowed to unprivileged users,
though this mode of deployment is quite common. Thus a warning is
emitted in this case to inform the user. The fix could be backported
into all supported versions as the issue has always been there. ]
2013-01-12 12:35:19 -05:00
# include <grp.h>
2012-11-16 10:12:27 -05:00
# ifdef USE_CPU_AFFINITY
# include <sched.h>
2018-11-12 11:22:19 -05:00
# if defined(__FreeBSD__) || defined(__DragonFly__)
2015-09-17 15:26:40 -04:00
# include <sys/param.h>
2018-11-12 11:22:19 -05:00
# ifdef __FreeBSD__
2015-09-17 15:26:40 -04:00
# include <sys/cpuset.h>
2018-11-12 11:22:19 -05:00
# endif
2017-11-29 06:02:32 -05:00
# include <pthread_np.h>
2015-09-17 15:26:40 -04:00
# endif
2019-09-13 00:12:58 -04:00
# ifdef __APPLE__
# include <mach/mach_types.h>
# include <mach/thread_act.h>
# include <mach/thread_policy.h>
# endif
2012-11-16 10:12:27 -05:00
# endif
2006-06-25 20:48:02 -04:00
2019-04-15 13:38:50 -04:00
# if defined(USE_PRCTL)
# include <sys/prctl.h>
# endif
2006-06-25 20:48:02 -04:00
# ifdef DEBUG_FULL
# include <assert.h>
# endif
2017-11-20 09:58:35 -05:00
# if defined(USE_SYSTEMD)
# include <systemd/sd-daemon.h>
# endif
2006-06-25 20:48:02 -04:00
BUG/MEDIUM: random: initialize the random pool a bit better
Since the UUID sample fetch was created, some people noticed that in
certain virtualized environments they manage to get exact same UUIDs
on different instances started exactly at the same moment. It turns
out that the randoms were only initialized to spread the health checks
originally, not to provide "clean" randoms.
This patch changes this and collects more randomness from various
sources, including existing randoms, /dev/urandom when available,
RAND_bytes() when OpenSSL is available, as well as the timing for such
operations, then applies a SHA1 on all this to keep a 160 bits random
seed available, 32 of which are passed to srandom().
It's worth mentioning that there's no clean way to pass more than 32
bits to srandom() as even initstate() provides an opaque state that
must absolutely not be tampered with since known implementations
contain state information.
At least this allows to have up to 4 billion different sequences
from the boot, which is not that bad.
Note that the thread safety was still not addressed, which is another
issue for another patch.
This must be backported to all versions containing the UUID sample
fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
# include <import/sha1.h>
2020-06-09 03:07:15 -04:00
# include <haproxy/acl.h>
# include <haproxy/activity.h>
# include <haproxy/api.h>
# include <haproxy/arg.h>
# include <haproxy/auth.h>
2020-05-27 10:10:29 -04:00
# include <haproxy/base64.h>
2020-06-09 03:07:15 -04:00
# include <haproxy/capture-t.h>
2020-06-04 18:00:29 -04:00
# include <haproxy/cfgparse.h>
2020-06-02 04:22:45 -04:00
# include <haproxy/chunk.h>
2020-06-04 14:19:54 -04:00
# include <haproxy/cli.h>
2020-06-04 12:02:10 -04:00
# include <haproxy/connection.h>
2020-06-04 04:53:16 -04:00
# include <haproxy/dns.h>
2020-06-02 05:28:02 -04:00
# include <haproxy/dynbuf.h>
2020-05-27 10:10:29 -04:00
# include <haproxy/errors.h>
2020-06-09 03:07:15 -04:00
# include <haproxy/fd.h>
2020-06-04 15:29:29 -04:00
# include <haproxy/filters.h>
2020-06-09 03:07:15 -04:00
# include <haproxy/global.h>
2020-06-04 03:20:54 -04:00
# include <haproxy/hlua.h>
2020-06-04 05:40:28 -04:00
# include <haproxy/http_rules.h>
2020-05-27 12:01:47 -04:00
# include <haproxy/list.h>
2020-06-04 08:58:24 -04:00
# include <haproxy/listener.h>
2020-06-04 16:01:04 -04:00
# include <haproxy/log.h>
2020-06-04 08:07:37 -04:00
# include <haproxy/mworker.h>
2020-06-02 11:02:59 -04:00
# include <haproxy/namespace.h>
2020-06-02 10:48:09 -04:00
# include <haproxy/net_helper.h>
2020-05-27 10:26:00 -04:00
# include <haproxy/openssl-compat.h>
2020-06-04 09:06:28 -04:00
# include <haproxy/pattern.h>
2020-06-04 12:38:21 -04:00
# include <haproxy/peers.h>
2020-06-09 03:07:15 -04:00
# include <haproxy/pool.h>
# include <haproxy/protocol.h>
2020-06-04 16:29:18 -04:00
# include <haproxy/proxy.h>
2020-06-02 11:32:26 -04:00
# include <haproxy/regex.h>
2020-06-09 03:07:15 -04:00
# include <haproxy/sample.h>
2020-06-04 17:20:13 -04:00
# include <haproxy/server.h>
2020-06-04 12:58:52 -04:00
# include <haproxy/session.h>
2020-06-04 11:37:26 -04:00
# include <haproxy/signal.h>
2020-06-04 14:30:20 -04:00
# include <haproxy/ssl_sock.h>
2020-06-04 17:46:14 -04:00
# include <haproxy/stream.h>
2020-06-04 11:25:40 -04:00
# include <haproxy/task.h>
2020-05-28 09:29:19 -04:00
# include <haproxy/thread.h>
2020-06-09 03:07:15 -04:00
# include <haproxy/time.h>
# include <haproxy/tools.h>
# include <haproxy/uri_auth-t.h>
2020-06-04 10:25:31 -04:00
# include <haproxy/vars.h>
2020-06-09 03:07:15 -04:00
# include <haproxy/version.h>
2006-06-25 20:48:02 -04:00
2019-03-29 16:30:17 -04:00
/* array of init calls for older platforms */
DECLARE_INIT_STAGES ;
2010-01-03 15:12:30 -05:00
/* list of config files */
static struct list cfg_cfgfiles = LIST_HEAD_INIT ( cfg_cfgfiles ) ;
2006-06-25 20:48:02 -04:00
int pid ; /* current process id */
2007-11-26 10:13:36 -05:00
int relative_pid = 1 ; /* process id starting at 1 */
2017-11-10 13:08:14 -05:00
unsigned long pid_bit = 1 ; /* bit corresponding to the process id */
2019-02-02 11:11:28 -05:00
unsigned long all_proc_mask = 1 ; /* mask of all processes */
2006-06-25 20:48:02 -04:00
2020-03-12 12:24:53 -04:00
volatile unsigned long sleeping_thread_mask = 0 ; /* Threads that are about to sleep in poll() */
2020-03-12 12:28:01 -04:00
volatile unsigned long stopping_thread_mask = 0 ; /* Threads acknowledged stopping */
2020-03-12 12:24:53 -04:00
2006-06-25 20:48:02 -04:00
/* global options */
struct global global = {
2017-03-23 17:44:13 -04:00
. hard_stop_after = TICK_ETERNITY ,
2012-11-15 11:38:15 -05:00
. nbproc = 1 ,
2019-01-26 08:27:06 -05:00
. nbthread = 0 ,
2012-04-05 12:02:55 -04:00
. req_count = 0 ,
2011-10-12 11:50:54 -04:00
. logsrvs = LIST_HEAD_INIT ( global . logsrvs ) ,
2012-11-07 10:12:57 -05:00
. maxzlibmem = 0 ,
2012-11-09 11:05:39 -05:00
. comp_rate_lim = 0 ,
2014-01-29 06:24:34 -05:00
. ssl_server_verify = SSL_SERVER_VERIFY_REQUIRED ,
2010-10-22 11:59:25 -04:00
. unix_bind = {
. ux = {
. uid = - 1 ,
. gid = - 1 ,
. mode = 0 ,
}
} ,
2009-08-17 01:23:33 -04:00
. tune = {
2019-02-27 06:02:18 -05:00
. options = GTUNE_LISTENER_MQ ,
2018-12-12 00:19:42 -05:00
. bufsize = ( BUFSIZE + 2 * sizeof ( void * ) - 1 ) & - ( 2 * sizeof ( void * ) ) ,
2020-01-22 08:31:21 -05:00
. maxrewrite = MAXREWRITE ,
2018-12-12 00:19:42 -05:00
. chksize = ( BUFSIZE + 2 * sizeof ( void * ) - 1 ) & - ( 2 * sizeof ( void * ) ) ,
MAJOR: session: only wake up as many sessions as available buffers permit
We've already experimented with three wake up algorithms when releasing
buffers : the first naive one used to wake up far too many sessions,
causing many of them not to get any buffer. The second approach which
was still in use prior to this patch consisted in waking up either 1
or 2 sessions depending on the number of FDs we had released. And this
was still inaccurate. The third one tried to cover the accuracy issues
of the second and took into consideration the number of FDs the sessions
would be willing to use, but most of the time we ended up waking up too
many of them for nothing, or deadlocking by lack of buffers.
This patch completely removes the need to allocate two buffers at once.
Instead it splits allocations into critical and non-critical ones and
implements a reserve in the pool for this. The deadlock situation happens
when all buffers are be allocated for requests pending in a maxconn-limited
server queue, because then there's no more way to allocate buffers for
responses, and these responses are critical to release the servers's
connection in order to release the pending requests. In fact maxconn on
a server creates a dependence between sessions and particularly between
oldest session's responses and latest session's requests. Thus, it is
mandatory to get a free buffer for a response in order to release a
server connection which will permit to release a request buffer.
Since we definitely have non-symmetrical buffers, we need to implement
this logic in the buffer allocation mechanism. What this commit does is
implement a reserve of buffers which can only be allocated for responses
and that will never be allocated for requests. This is made possible by
the requester indicating how much margin it wants to leave after the
allocation succeeds. Thus it is a cooperative allocation mechanism : the
requester (process_session() in general) prefers not to get a buffer in
order to respect other's need for response buffers. The session management
code always knows if a buffer will be used for requests or responses, so
that is not difficult :
- either there's an applet on the initiator side and we really need
the request buffer (since currently the applet is called in the
context of the session)
- or we have a connection and we really need the response buffer (in
order to support building and sending an error message back)
This reserve ensures that we don't take all allocatable buffers for
requests waiting in a queue. The downside is that all the extra buffers
are really allocated to ensure they can be allocated. But with small
values it is not an issue.
With this change, we don't observe any more deadlocks even when running
with maxconn 1 on a server under severely constrained memory conditions.
The code becomes a bit tricky, it relies on the scheduler's run queue to
estimate how many sessions are already expected to run so that it doesn't
wake up everyone with too few resources. A better solution would probably
consist in having two queues, one for urgent requests and one for normal
requests. A failed allocation for a session dealing with an error, a
connection event, or the need for a response (or request when there's an
applet on the left) would go to the urgent request queue, while other
requests would go to the other queue. Urgent requests would be served
from 1 entry in the pool, while the regular ones would be served only
according to the reserve. Despite not yet having this, it works
remarkably well.
This mechanism is quite efficient, we don't perform too many wake up calls
anymore. For 1 million sessions elapsed during massive memory contention,
we observe about 4.5M calls to process_session() compared to 4.0M without
memory constraints. Previously we used to observe up to 16M calls, which
rougly means 12M failures.
During a test run under high memory constraints (limit enforced to 27 MB
instead of the 58 MB normally needed), performance used to drop by 53% prior
to this patch. Now with this patch instead it *increases* by about 1.5%.
The best effect of this change is that by limiting the memory usage to about
2/3 to 3/4 of what is needed by default, it's possible to increase performance
by up to about 18% mainly due to the fact that pools are reused more often
and remain hot in the CPU cache (observed on regular HTTP traffic with 20k
objects, buffers.limit = maxconn/10, buffers.reserve = limit/2).
Below is an example of scenario which used to cause a deadlock previously :
- connection is received
- two buffers are allocated in process_session() then released
- one is allocated when receiving an HTTP request
- the second buffer is allocated then released in process_session()
for request parsing then connection establishment.
- poll() says we can send, so the request buffer is sent and released
- process session gets notified that the connection is now established
and allocates two buffers then releases them
- all other sessions do the same till one cannot get the request buffer
without hitting the margin
- and now the server responds. stream_interface allocates the response
buffer and manages to get it since it's higher priority being for a
response.
- but process_session() cannot allocate the request buffer anymore
=> We could end up with all buffers used by responses so that none may
be allocated for a request in process_session().
When the applet processing leaves the session context, the test will have
to be changed so that we always allocate a response buffer regardless of
the left side (eg: H2->H1 gateway). A final improvement would consists in
being able to only retry the failed I/O operation without waking up a
task, but to date all experiments to achieve this have proven not to be
reliable enough.
2014-11-26 19:11:56 -05:00
. reserved_bufs = RESERVED_BUFS ,
2015-04-29 10:24:50 -04:00
. pattern_cache = DEFAULT_PAT_LRU_SIZE ,
MEDIUM: connections: Add a way to control the number of idling connections.
As by default we add all keepalive connections to the idle pool, if we run
into a pathological case, where all client don't do keepalive, but the server
does, and haproxy is configured to only reuse "safe" connections, we will
soon find ourself having lots of idling, unusable for new sessions, connections,
while we won't have any file descriptors available to create new connections.
To fix this, add 2 new global settings, "pool_low_ratio" and "pool_high_ratio".
pool-low-fd-ratio is the % of fds we're allowed to use (against the maximum
number of fds available to haproxy) before we stop adding connections to the
idle pool, and destroy them instead. The default is 20. pool-high-fd-ratio is
the % of fds we're allowed to use (against the maximum number of fds available
to haproxy) before we start killing idling connection in the event we have to
create a new outgoing connection, and no reuse is possible. The default is 25.
2019-04-16 13:07:22 -04:00
. pool_low_ratio = 20 ,
. pool_high_ratio = 25 ,
2019-07-19 03:36:45 -04:00
. max_http_hdr = MAX_HTTP_HDR ,
2012-09-03 06:10:29 -04:00
# ifdef USE_OPENSSL
2012-11-14 05:32:56 -05:00
. sslcachesize = SSLCACHESIZE ,
2012-11-07 10:54:34 -05:00
# endif
2012-11-09 06:33:10 -05:00
. comp_maxlevel = 1 ,
2014-02-12 10:35:14 -05:00
# ifdef DEFAULT_IDLE_TIMER
. idle_timer = DEFAULT_IDLE_TIMER ,
# else
. idle_timer = 1000 , /* 1 second */
# endif
2009-08-17 01:23:33 -04:00
} ,
2012-10-05 09:47:31 -04:00
# ifdef USE_OPENSSL
# ifdef DEFAULT_MAXSSLCONN
2012-09-06 05:58:37 -04:00
. maxsslconn = DEFAULT_MAXSSLCONN ,
2012-10-05 09:47:31 -04:00
# endif
2012-09-06 05:58:37 -04:00
# endif
2006-06-25 20:48:02 -04:00
/* others NULL OK */
} ;
/*********************************************************************/
int stopping ; /* non zero means stopping in progress */
2017-03-23 17:44:13 -04:00
int killed ; /* non zero means a hard-stop is triggered */
2010-08-31 09:39:26 -04:00
int jobs = 0 ; /* number of active jobs (conns, listeners, active tasks, ...) */
2018-11-16 10:57:20 -05:00
int unstoppable_jobs = 0 ; /* number of active jobs that can't be stopped during a soft stop */
2018-11-05 10:31:22 -05:00
int active_peers = 0 ; /* number of active peers (connection attempts and connected) */
2018-11-05 11:12:27 -05:00
int connected_peers = 0 ; /* number of connected peers (verified ones) */
2006-06-25 20:48:02 -04:00
/* Here we store informations about the pids of the processes we may pause
* or kill . We will send them a signal every 10 ms until we can bind to all
* our ports . With 200 retries , that ' s about 2 seconds .
*/
# define MAX_START_RETRIES 200
static int * oldpids = NULL ;
static int oldpids_sig ; /* use USR1 or TERM */
2017-04-05 16:33:04 -04:00
/* Path to the unix socket we use to retrieve listener sockets from the old process */
static const char * old_unixsocket ;
2017-06-01 11:38:53 -04:00
static char * cur_unixsocket = NULL ;
2017-06-01 11:38:52 -04:00
int atexit_flag = 0 ;
2010-08-25 06:58:59 -04:00
int nb_oldpids = 0 ;
2006-06-25 20:48:02 -04:00
const int zero = 0 ;
const int one = 1 ;
2007-10-11 14:48:58 -04:00
const struct linger nolinger = { . l_onoff = 1 , . l_linger = 0 } ;
2006-06-25 20:48:02 -04:00
2010-03-12 15:58:54 -05:00
char hostname [ MAX_HOSTNAME_LEN ] ;
2020-06-18 10:56:47 -04:00
char * localpeer = NULL ;
2006-06-25 20:48:02 -04:00
2020-06-05 08:08:41 -04:00
static char * * old_argv = NULL ; /* previous argv but cleaned up */
2017-06-01 11:38:51 -04:00
2018-09-11 04:06:26 -04:00
struct list proc_list = LIST_HEAD_INIT ( proc_list ) ;
int master = 0 ; /* 1 if in master, 0 if in child */
2019-03-01 04:09:28 -05:00
unsigned int rlim_fd_cur_at_boot = 0 ;
unsigned int rlim_fd_max_at_boot = 0 ;
2018-09-11 04:06:26 -04:00
BUG/MEDIUM: random: initialize the random pool a bit better
Since the UUID sample fetch was created, some people noticed that in
certain virtualized environments they manage to get exact same UUIDs
on different instances started exactly at the same moment. It turns
out that the randoms were only initialized to spread the health checks
originally, not to provide "clean" randoms.
This patch changes this and collects more randomness from various
sources, including existing randoms, /dev/urandom when available,
RAND_bytes() when OpenSSL is available, as well as the timing for such
operations, then applies a SHA1 on all this to keep a 160 bits random
seed available, 32 of which are passed to srandom().
It's worth mentioning that there's no clean way to pass more than 32
bits to srandom() as even initstate() provides an opaque state that
must absolutely not be tampered with since known implementations
contain state information.
At least this allows to have up to 4 billion different sequences
from the boot, which is not that bad.
Note that the thread safety was still not addressed, which is another
issue for another patch.
This must be backported to all versions containing the UUID sample
fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
/* per-boot randomness */
unsigned char boot_seed [ 20 ] ; /* per-boot random seed (160 bits initially) */
2018-11-19 12:46:18 -05:00
struct mworker_proc * proc_self = NULL ;
2018-09-11 04:06:26 -04:00
2018-09-11 04:06:18 -04:00
static void * run_thread_poll_loop ( void * data ) ;
2014-04-28 16:27:06 -04:00
/* bitfield of a few warnings to emit just once (WARN_*) */
unsigned int warned = 0 ;
2018-10-26 08:47:36 -04:00
/* master CLI configuration (-S flag) */
struct list mworker_cli_conf = LIST_HEAD_INIT ( mworker_cli_conf ) ;
2016-12-21 12:43:10 -05:00
/* These are strings to be reported in the output of "haproxy -vv". They may
* either be constants ( in which case must_free must be zero ) or dynamically
* allocated strings to pass to free ( ) on exit , and in this case must_free
* must be non - zero .
*/
struct list build_opts_list = LIST_HEAD_INIT ( build_opts_list ) ;
struct build_opts_str {
struct list list ;
const char * str ;
int must_free ;
} ;
2016-12-21 13:57:00 -05:00
/* These functions are called just after the point where the program exits
* after a config validity check , so they are generally suited for resource
* allocation and slow initializations that should be skipped during basic
* config checks . The functions must return 0 on success , or a combination
* of ERR_ * flags ( ERR_WARN , ERR_ABORT , ERR_FATAL , . . . ) . The 2 latter cause
* and immediate exit , so the function must have emitted any useful error .
*/
struct list post_check_list = LIST_HEAD_INIT ( post_check_list ) ;
struct post_check_fct {
struct list list ;
int ( * fct ) ( ) ;
} ;
2019-08-12 03:51:07 -04:00
/* These functions are called for each proxy just after the config validity
* check . The functions must return 0 on success , or a combination of ERR_ *
* flags ( ERR_WARN , ERR_ABORT , ERR_FATAL , . . . ) . The 2 latter cause and immediate
* exit , so the function must have emitted any useful error .
*/
struct list post_proxy_check_list = LIST_HEAD_INIT ( post_proxy_check_list ) ;
struct post_proxy_check_fct {
struct list list ;
int ( * fct ) ( struct proxy * ) ;
} ;
/* These functions are called for each server just after the config validity
* check . The functions must return 0 on success , or a combination of ERR_ *
* flags ( ERR_WARN , ERR_ABORT , ERR_FATAL , . . . ) . The 2 latter cause and immediate
* exit , so the function must have emitted any useful error .
*/
struct list post_server_check_list = LIST_HEAD_INIT ( post_server_check_list ) ;
struct post_server_check_fct {
struct list list ;
int ( * fct ) ( struct server * ) ;
} ;
2019-05-22 08:42:12 -04:00
/* These functions are called for each thread just after the thread creation
* and before running the init functions . They should be used to do per - thread
* ( re - ) allocations that are needed by subsequent functoins . They must return 0
* if an error occurred . */
struct list per_thread_alloc_list = LIST_HEAD_INIT ( per_thread_alloc_list ) ;
struct per_thread_alloc_fct {
2016-12-21 14:46:26 -05:00
struct list list ;
2019-05-22 08:42:12 -04:00
int ( * fct ) ( ) ;
2016-12-21 14:46:26 -05:00
} ;
2017-07-25 10:52:58 -04:00
/* These functions are called for each thread just after the thread creation
* and before running the scheduler . They should be used to do per - thread
* initializations . They must return 0 if an error occurred . */
struct list per_thread_init_list = LIST_HEAD_INIT ( per_thread_init_list ) ;
struct per_thread_init_fct {
struct list list ;
int ( * fct ) ( ) ;
} ;
2019-05-22 08:42:12 -04:00
/* These functions are called when freeing the global sections at the end of
* deinit , after everything is stopped . They don ' t return anything . They should
* not release shared resources that are possibly used by other deinit
* functions , only close / release what is private . Use the per_thread_free_list
* to release shared resources .
*/
struct list post_deinit_list = LIST_HEAD_INIT ( post_deinit_list ) ;
struct post_deinit_fct {
struct list list ;
void ( * fct ) ( ) ;
} ;
2019-07-31 02:44:12 -04:00
/* These functions are called when freeing a proxy during the deinit, after
* everything isg stopped . They don ' t return anything . They should not release
* the proxy itself or any shared resources that are possibly used by other
* deinit functions , only close / release what is private .
*/
struct list proxy_deinit_list = LIST_HEAD_INIT ( proxy_deinit_list ) ;
struct proxy_deinit_fct {
struct list list ;
void ( * fct ) ( struct proxy * ) ;
} ;
/* These functions are called when freeing a server during the deinit, after
* everything isg stopped . They don ' t return anything . They should not release
* the proxy itself or any shared resources that are possibly used by other
* deinit functions , only close / release what is private .
*/
struct list server_deinit_list = LIST_HEAD_INIT ( server_deinit_list ) ;
struct server_deinit_fct {
struct list list ;
void ( * fct ) ( struct server * ) ;
} ;
2019-05-22 08:42:12 -04:00
/* These functions are called when freeing the global sections at the end of
* deinit , after the thread deinit functions , to release unneeded memory
* allocations . They don ' t return anything , and they work in best effort mode
* as their sole goal is to make valgrind mostly happy .
*/
struct list per_thread_free_list = LIST_HEAD_INIT ( per_thread_free_list ) ;
struct per_thread_free_fct {
struct list list ;
int ( * fct ) ( ) ;
} ;
2017-07-25 10:52:58 -04:00
/* These functions are called for each thread just after the scheduler loop and
* before exiting the thread . They don ' t return anything and , as for post - deinit
* functions , they work in best effort mode as their sole goal is to make
* valgrind mostly happy . */
struct list per_thread_deinit_list = LIST_HEAD_INIT ( per_thread_deinit_list ) ;
struct per_thread_deinit_fct {
struct list list ;
void ( * fct ) ( ) ;
} ;
2006-06-25 20:48:02 -04:00
/*********************************************************************/
/* general purpose functions ***************************************/
/*********************************************************************/
2016-12-21 12:43:10 -05:00
/* used to register some build option strings at boot. Set must_free to
* non - zero if the string must be freed upon exit .
*/
void hap_register_build_opts ( const char * str , int must_free )
{
struct build_opts_str * b ;
b = calloc ( 1 , sizeof ( * b ) ) ;
if ( ! b ) {
fprintf ( stderr , " out of memory \n " ) ;
exit ( 1 ) ;
}
b - > str = str ;
b - > must_free = must_free ;
LIST_ADDQ ( & build_opts_list , & b - > list ) ;
}
2016-12-21 13:57:00 -05:00
/* used to register some initialization functions to call after the checks. */
void hap_register_post_check ( int ( * fct ) ( ) )
{
struct post_check_fct * b ;
b = calloc ( 1 , sizeof ( * b ) ) ;
if ( ! b ) {
fprintf ( stderr , " out of memory \n " ) ;
exit ( 1 ) ;
}
b - > fct = fct ;
LIST_ADDQ ( & post_check_list , & b - > list ) ;
}
2019-08-12 03:51:07 -04:00
/* used to register some initialization functions to call for each proxy after
* the checks .
*/
void hap_register_post_proxy_check ( int ( * fct ) ( struct proxy * ) )
{
struct post_proxy_check_fct * b ;
b = calloc ( 1 , sizeof ( * b ) ) ;
if ( ! b ) {
fprintf ( stderr , " out of memory \n " ) ;
exit ( 1 ) ;
}
b - > fct = fct ;
LIST_ADDQ ( & post_proxy_check_list , & b - > list ) ;
}
/* used to register some initialization functions to call for each server after
* the checks .
*/
void hap_register_post_server_check ( int ( * fct ) ( struct server * ) )
{
struct post_server_check_fct * b ;
b = calloc ( 1 , sizeof ( * b ) ) ;
if ( ! b ) {
fprintf ( stderr , " out of memory \n " ) ;
exit ( 1 ) ;
}
b - > fct = fct ;
LIST_ADDQ ( & post_server_check_list , & b - > list ) ;
}
2016-12-21 14:46:26 -05:00
/* used to register some de-initialization functions to call after everything
* has stopped .
*/
void hap_register_post_deinit ( void ( * fct ) ( ) )
{
struct post_deinit_fct * b ;
b = calloc ( 1 , sizeof ( * b ) ) ;
if ( ! b ) {
fprintf ( stderr , " out of memory \n " ) ;
exit ( 1 ) ;
}
b - > fct = fct ;
LIST_ADDQ ( & post_deinit_list , & b - > list ) ;
}
2019-07-31 02:44:12 -04:00
/* used to register some per proxy de-initialization functions to call after
* everything has stopped .
*/
void hap_register_proxy_deinit ( void ( * fct ) ( struct proxy * ) )
{
struct proxy_deinit_fct * b ;
b = calloc ( 1 , sizeof ( * b ) ) ;
if ( ! b ) {
fprintf ( stderr , " out of memory \n " ) ;
exit ( 1 ) ;
}
b - > fct = fct ;
LIST_ADDQ ( & proxy_deinit_list , & b - > list ) ;
}
/* used to register some per server de-initialization functions to call after
* everything has stopped .
*/
void hap_register_server_deinit ( void ( * fct ) ( struct server * ) )
{
struct server_deinit_fct * b ;
b = calloc ( 1 , sizeof ( * b ) ) ;
if ( ! b ) {
fprintf ( stderr , " out of memory \n " ) ;
exit ( 1 ) ;
}
b - > fct = fct ;
LIST_ADDQ ( & server_deinit_list , & b - > list ) ;
}
2019-05-22 08:42:12 -04:00
/* used to register some allocation functions to call for each thread. */
void hap_register_per_thread_alloc ( int ( * fct ) ( ) )
{
struct per_thread_alloc_fct * b ;
b = calloc ( 1 , sizeof ( * b ) ) ;
if ( ! b ) {
fprintf ( stderr , " out of memory \n " ) ;
exit ( 1 ) ;
}
b - > fct = fct ;
LIST_ADDQ ( & per_thread_alloc_list , & b - > list ) ;
}
2017-07-25 10:52:58 -04:00
/* used to register some initialization functions to call for each thread. */
void hap_register_per_thread_init ( int ( * fct ) ( ) )
{
struct per_thread_init_fct * b ;
b = calloc ( 1 , sizeof ( * b ) ) ;
if ( ! b ) {
fprintf ( stderr , " out of memory \n " ) ;
exit ( 1 ) ;
}
b - > fct = fct ;
LIST_ADDQ ( & per_thread_init_list , & b - > list ) ;
}
/* used to register some de-initialization functions to call for each thread. */
void hap_register_per_thread_deinit ( void ( * fct ) ( ) )
{
struct per_thread_deinit_fct * b ;
b = calloc ( 1 , sizeof ( * b ) ) ;
if ( ! b ) {
fprintf ( stderr , " out of memory \n " ) ;
exit ( 1 ) ;
}
b - > fct = fct ;
LIST_ADDQ ( & per_thread_deinit_list , & b - > list ) ;
}
2019-05-22 08:42:12 -04:00
/* used to register some free functions to call for each thread. */
void hap_register_per_thread_free ( int ( * fct ) ( ) )
{
struct per_thread_free_fct * b ;
b = calloc ( 1 , sizeof ( * b ) ) ;
if ( ! b ) {
fprintf ( stderr , " out of memory \n " ) ;
exit ( 1 ) ;
}
b - > fct = fct ;
LIST_ADDQ ( & per_thread_free_list , & b - > list ) ;
}
2016-12-21 12:19:57 -05:00
static void display_version ( )
2006-06-25 20:48:02 -04:00
{
2020-04-18 10:02:47 -04:00
struct utsname utsname ;
2019-11-21 12:07:30 -05:00
printf ( " HA-Proxy version %s %s - https://haproxy.org/ \n "
PRODUCT_STATUS " \n " , haproxy_version , haproxy_date ) ;
2019-11-21 12:48:20 -05:00
if ( strlen ( PRODUCT_URL_BUGS ) > 0 ) {
char base_version [ 20 ] ;
int dots = 0 ;
char * del ;
/* only retrieve the base version without distro-specific extensions */
for ( del = haproxy_version ; * del ; del + + ) {
if ( * del = = ' . ' )
dots + + ;
else if ( * del < ' 0 ' | | * del > ' 9 ' )
break ;
}
strlcpy2 ( base_version , haproxy_version , del - haproxy_version + 1 ) ;
if ( dots < 2 )
printf ( " Known bugs: https://github.com/haproxy/haproxy/issues?q=is:issue+is:open \n " ) ;
else
printf ( " Known bugs: " PRODUCT_URL_BUGS " \n " , base_version ) ;
}
2020-04-18 10:02:47 -04:00
if ( uname ( & utsname ) = = 0 ) {
printf ( " Running on: %s %s %s %s \n " , utsname . sysname , utsname . release , utsname . version , utsname . machine ) ;
}
2006-06-25 20:48:02 -04:00
}
2016-12-21 12:19:57 -05:00
static void display_build_opts ( )
2007-12-02 05:28:59 -05:00
{
2016-12-21 12:43:10 -05:00
struct build_opts_str * item ;
2007-12-02 05:28:59 -05:00
printf ( " Build options : "
# ifdef BUILD_TARGET
2008-01-02 14:48:34 -05:00
" \n TARGET = " BUILD_TARGET
2007-12-02 05:28:59 -05:00
# endif
# ifdef BUILD_CPU
2008-01-02 14:48:34 -05:00
" \n CPU = " BUILD_CPU
2007-12-02 05:28:59 -05:00
# endif
# ifdef BUILD_CC
2008-01-02 14:48:34 -05:00
" \n CC = " BUILD_CC
# endif
# ifdef BUILD_CFLAGS
" \n CFLAGS = " BUILD_CFLAGS
2007-12-02 05:28:59 -05:00
# endif
2008-01-02 14:48:34 -05:00
# ifdef BUILD_OPTIONS
" \n OPTIONS = " BUILD_OPTIONS
2019-03-27 08:20:08 -04:00
# endif
# ifdef BUILD_FEATURES
" \n \n Feature list : " BUILD_FEATURES
2007-12-02 05:28:59 -05:00
# endif
2009-08-17 01:23:33 -04:00
" \n \n Default settings : "
2019-03-13 05:03:07 -04:00
" \n bufsize = %d, maxrewrite = %d, maxpollevents = %d "
2009-08-17 01:23:33 -04:00
" \n \n " ,
2019-03-13 05:03:07 -04:00
BUFSIZE , MAXREWRITE , MAX_POLL_EVENTS ) ;
2009-10-03 12:57:08 -04:00
2016-12-21 12:43:10 -05:00
list_for_each_entry ( item , & build_opts_list , list ) {
puts ( item - > str ) ;
}
2010-01-29 11:50:44 -05:00
putchar ( ' \n ' ) ;
2009-10-03 12:57:08 -04:00
list_pollers ( stdout ) ;
putchar ( ' \n ' ) ;
2018-04-10 08:37:32 -04:00
list_mux_proto ( stdout ) ;
putchar ( ' \n ' ) ;
2019-03-19 03:08:10 -04:00
list_services ( stdout ) ;
putchar ( ' \n ' ) ;
2016-03-07 06:46:38 -05:00
list_filters ( stdout ) ;
putchar ( ' \n ' ) ;
2007-12-02 05:28:59 -05:00
}
2006-06-25 20:48:02 -04:00
/*
* This function prints the command line usage and exits
*/
2016-12-21 12:19:57 -05:00
static void usage ( char * name )
2006-06-25 20:48:02 -04:00
{
display_version ( ) ;
fprintf ( stderr ,
2016-05-13 17:52:56 -04:00
" Usage : %s [-f <cfgfile|cfgdir>]* [ -vdV "
2006-06-25 20:48:02 -04:00
" D ] [ -n <maxconn> ] [ -N <maxpconn> ] \n "
2015-10-08 05:58:48 -04:00
" [ -p <pidfile> ] [ -m <max megs> ] [ -C <dir> ] [-- <cfgfile>*] \n "
2007-12-02 05:28:59 -05:00
" -v displays version ; -vv shows known build options. \n "
2006-06-25 20:48:02 -04:00
" -d enters debug mode ; -db only disables background mode. \n "
2012-05-08 09:40:42 -04:00
" -dM[<byte>] poisons memory with <byte> (defaults to 0x50) \n "
2006-06-25 20:48:02 -04:00
" -V enters verbose mode (disables quiet mode) \n "
2011-09-10 13:26:56 -04:00
" -D goes daemon ; -C changes to <dir> before loading files. \n "
2017-06-01 11:38:50 -04:00
" -W master-worker mode. \n "
2017-11-20 09:58:35 -05:00
# if defined(USE_SYSTEMD)
" -Ws master-worker mode with systemd notify support. \n "
# endif
2006-06-25 20:48:02 -04:00
" -q quiet mode : don't display messages \n "
2009-06-22 10:02:30 -04:00
" -c check mode : only check config files and exit \n "
2019-03-13 05:03:07 -04:00
" -n sets the maximum total # of connections (uses ulimit -n) \n "
2006-06-25 20:48:02 -04:00
" -m limits the usable amount of memory (in MB) \n "
" -N sets the default, per-proxy maximum # of connections (%d) \n "
2010-09-23 12:30:22 -04:00
" -L set local peer name (default to hostname) \n "
2006-06-25 20:48:02 -04:00
" -p writes pids of all children to this file \n "
2019-05-22 13:24:06 -04:00
# if defined(USE_EPOLL)
2006-06-25 20:48:02 -04:00
" -de disables epoll() usage even when available \n "
# endif
2019-05-22 13:24:06 -04:00
# if defined(USE_KQUEUE)
2007-04-09 06:03:06 -04:00
" -dk disables kqueue() usage even when available \n "
# endif
2019-05-22 13:24:06 -04:00
# if defined(USE_EVPORTS)
2019-04-08 12:53:32 -04:00
" -dv disables event ports usage even when available \n "
# endif
2019-05-22 13:24:06 -04:00
# if defined(USE_POLL)
2006-06-25 20:48:02 -04:00
" -dp disables poll() usage even when available \n "
2009-01-25 10:03:28 -05:00
# endif
2019-05-22 13:24:06 -04:00
# if defined(USE_LINUX_SPLICE)
2009-01-25 10:03:28 -05:00
" -dS disables splice usage (broken on old kernels) \n "
2014-04-14 09:56:58 -04:00
# endif
# if defined(USE_GETADDRINFO)
" -dG disables getaddrinfo() usage \n "
2016-09-12 17:42:20 -04:00
# endif
# if defined(SO_REUSEPORT)
" -dR disables SO_REUSEPORT usage \n "
2006-06-25 20:48:02 -04:00
# endif
2016-11-07 15:03:16 -05:00
" -dr ignores server address resolution failures \n "
2014-01-29 06:24:34 -05:00
" -dV disables SSL verify on servers side \n "
2020-04-15 10:42:39 -04:00
" -dW fails if any warning is emitted \n "
2015-10-08 05:32:32 -04:00
" -sf/-st [pid ]* finishes/terminates old pids. \n "
2017-04-05 16:33:04 -04:00
" -x <unix_socket> get listening sockets from a unix socket \n "
2019-06-13 11:03:37 -04:00
" -S <bind>[,<bind options>...] new master CLI \n "
2006-06-25 20:48:02 -04:00
" \n " ,
2019-03-13 05:03:07 -04:00
name , cfg_maxpconn ) ;
2006-06-25 20:48:02 -04:00
exit ( 1 ) ;
}
/*********************************************************************/
/* more specific functions ***************************************/
/*********************************************************************/
2017-06-01 11:38:51 -04:00
/* sends the signal <sig> to all pids found in <oldpids>. Returns the number of
* pids the signal was correctly delivered to .
*/
2019-04-01 05:29:56 -04:00
int tell_old_pids ( int sig )
2017-06-01 11:38:51 -04:00
{
int p ;
int ret = 0 ;
for ( p = 0 ; p < nb_oldpids ; p + + )
if ( kill ( oldpids [ p ] , sig ) = = 0 )
ret + + ;
return ret ;
}
/*
* remove a pid forom the olpid array and decrease nb_oldpids
* return 1 pid was found otherwise return 0
*/
int delete_oldpid ( int pid )
{
int i ;
for ( i = 0 ; i < nb_oldpids ; i + + ) {
if ( oldpids [ i ] = = pid ) {
oldpids [ i ] = oldpids [ nb_oldpids - 1 ] ;
oldpids [ nb_oldpids - 1 ] = 0 ;
nb_oldpids - - ;
return 1 ;
}
}
return 0 ;
}
2017-06-01 11:38:53 -04:00
static void get_cur_unixsocket ( )
{
/* if -x was used, try to update the stat socket if not available anymore */
if ( global . stats_fe ) {
struct bind_conf * bind_conf ;
/* pass through all stats socket */
list_for_each_entry ( bind_conf , & global . stats_fe - > conf . bind , by_fe ) {
struct listener * l ;
list_for_each_entry ( l , & bind_conf - > listeners , by_bind ) {
if ( l - > addr . ss_family = = AF_UNIX & &
( bind_conf - > level & ACCESS_FD_LISTENERS ) ) {
const struct sockaddr_un * un ;
un = ( struct sockaddr_un * ) & l - > addr ;
/* priority to old_unixsocket */
if ( ! cur_unixsocket ) {
cur_unixsocket = strdup ( un - > sun_path ) ;
} else {
if ( old_unixsocket & & ! strcmp ( un - > sun_path , old_unixsocket ) ) {
free ( cur_unixsocket ) ;
cur_unixsocket = strdup ( old_unixsocket ) ;
return ;
}
}
}
}
}
}
if ( ! cur_unixsocket & & old_unixsocket )
cur_unixsocket = strdup ( old_unixsocket ) ;
}
2017-06-01 11:38:51 -04:00
/*
* When called , this function reexec haproxy with - sf followed by current
2018-11-15 13:41:50 -05:00
* children PIDs and possibly old children PIDs if they didn ' t leave yet .
2017-06-01 11:38:51 -04:00
*/
2018-12-14 15:11:31 -05:00
void mworker_reload ( )
2017-06-01 11:38:51 -04:00
{
2020-06-05 08:08:41 -04:00
char * * next_argv = NULL ;
int old_argc = 0 ; /* previous number of argument */
2017-06-01 11:38:51 -04:00
int next_argc = 0 ;
2020-06-05 08:08:41 -04:00
int i = 0 ;
2017-06-01 11:38:51 -04:00
char * msg = NULL ;
2019-03-01 04:21:55 -05:00
struct rlimit limit ;
2018-11-26 05:53:40 -05:00
struct per_thread_deinit_fct * ptdf ;
2017-06-01 11:38:51 -04:00
mworker_block_signals ( ) ;
2017-11-20 09:58:35 -05:00
# if defined(USE_SYSTEMD)
if ( global . tune . options & GTUNE_USE_SYSTEMD )
sd_notify ( 0 , " RELOADING=1 " ) ;
# endif
2017-06-01 11:38:51 -04:00
setenv ( " HAPROXY_MWORKER_REEXEC " , " 1 " , 1 ) ;
2018-09-11 04:06:26 -04:00
mworker_proc_list_to_env ( ) ; /* put the children description in the env */
2018-11-26 05:53:40 -05:00
/* during the reload we must ensure that every FDs that can't be
* reuse ( ie those that are not referenced in the proc_list )
* are closed or they will leak . */
/* close the listeners FD */
mworker_cli_proxy_stop ( ) ;
2019-06-24 11:40:48 -04:00
if ( getenv ( " HAPROXY_MWORKER_WAIT_ONLY " ) = = NULL ) {
/* close the poller FD and the thread waker pipe FD */
list_for_each_entry ( ptdf , & per_thread_deinit_list , list )
ptdf - > fct ( ) ;
if ( fdtab )
deinit_pollers ( ) ;
}
2019-05-09 08:13:35 -04:00
# if defined(USE_OPENSSL) && (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
2019-10-15 08:04:08 -04:00
/* close random device FDs */
RAND_keep_random_devices_open ( 0 ) ;
2019-05-03 04:11:32 -04:00
# endif
2018-11-26 05:53:40 -05:00
2019-03-01 04:21:55 -05:00
/* restore the initial FD limits */
limit . rlim_cur = rlim_fd_cur_at_boot ;
limit . rlim_max = rlim_fd_max_at_boot ;
if ( setrlimit ( RLIMIT_NOFILE , & limit ) = = - 1 ) {
getrlimit ( RLIMIT_NOFILE , & limit ) ;
ha_warning ( " Failed to restore initial FD limits (cur=%u max=%u), using cur=%u max=%u \n " ,
rlim_fd_cur_at_boot , rlim_fd_max_at_boot ,
( unsigned int ) limit . rlim_cur , ( unsigned int ) limit . rlim_max ) ;
}
2017-06-01 11:38:51 -04:00
/* compute length */
2020-06-05 08:08:41 -04:00
while ( old_argv [ old_argc ] )
old_argc + + ;
2017-06-01 11:38:51 -04:00
2017-06-01 11:38:53 -04:00
/* 1 for haproxy -sf, 2 for -x /socket */
2020-06-05 08:08:41 -04:00
next_argv = calloc ( old_argc + 1 + 2 + mworker_child_nb ( ) + nb_oldpids + 1 , sizeof ( char * ) ) ;
2017-06-01 11:38:51 -04:00
if ( next_argv = = NULL )
goto alloc_error ;
2020-06-05 08:08:41 -04:00
/* copy the program name */
next_argv [ next_argc + + ] = old_argv [ 0 ] ;
/* insert the new options just after argv[0] in case we have a -- */
2017-06-01 11:38:51 -04:00
/* add -sf <PID>* to argv */
2019-04-01 05:29:59 -04:00
if ( mworker_child_nb ( ) > 0 ) {
struct mworker_proc * child ;
2017-06-01 11:38:51 -04:00
next_argv [ next_argc + + ] = " -sf " ;
2019-04-01 05:29:59 -04:00
list_for_each_entry ( child , & proc_list , list ) {
2019-11-19 11:04:18 -05:00
if ( ! ( child - > options & ( PROC_O_TYPE_WORKER | PROC_O_TYPE_PROG ) ) | | child - > pid < = - 1 )
2019-04-01 05:29:59 -04:00
continue ;
2020-06-05 08:08:41 -04:00
if ( ( next_argv [ next_argc + + ] = memprintf ( & msg , " %d " , child - > pid ) ) = = NULL )
2017-06-01 11:38:51 -04:00
goto alloc_error ;
msg = NULL ;
}
}
2017-06-20 05:20:23 -04:00
/* add the -x option with the stat socket */
2017-06-01 11:38:53 -04:00
if ( cur_unixsocket ) {
2017-06-20 05:20:23 -04:00
next_argv [ next_argc + + ] = " -x " ;
next_argv [ next_argc + + ] = ( char * ) cur_unixsocket ;
2017-06-01 11:38:53 -04:00
}
2020-06-05 08:08:41 -04:00
/* copy the previous options */
for ( i = 1 ; i < old_argc ; i + + )
next_argv [ next_argc + + ] = old_argv [ i ] ;
2017-11-24 10:50:31 -05:00
ha_warning ( " Reexecuting Master process \n " ) ;
2019-08-26 04:37:39 -04:00
signal ( SIGPROF , SIG_IGN ) ;
2017-11-12 11:39:18 -05:00
execvp ( next_argv [ 0 ] , next_argv ) ;
2017-06-01 11:38:51 -04:00
2017-11-24 10:50:31 -05:00
ha_warning ( " Failed to reexecute the master process [%d]: %s \n " , pid , strerror ( errno ) ) ;
2020-06-08 04:01:13 -04:00
free ( next_argv ) ;
next_argv = NULL ;
2017-11-15 13:02:55 -05:00
return ;
2017-06-01 11:38:51 -04:00
alloc_error :
2020-06-05 08:08:41 -04:00
free ( next_argv ) ;
next_argv = NULL ;
2018-11-15 13:43:05 -05:00
ha_warning ( " Failed to reexecute the master process [%d]: Cannot allocate memory \n " , pid ) ;
2017-06-01 11:38:51 -04:00
return ;
}
2018-09-11 04:06:18 -04:00
static void mworker_loop ( )
{
# if defined(USE_SYSTEMD)
if ( global . tune . options & GTUNE_USE_SYSTEMD )
sd_notifyf ( 0 , " READY=1 \n MAINPID=%lu " , ( unsigned long ) getpid ( ) ) ;
# endif
2019-04-18 05:31:36 -04:00
/* Busy polling makes no sense in the master :-) */
global . tune . options & = ~ GTUNE_BUSY_POLLING ;
2018-09-11 04:06:18 -04:00
2018-09-11 04:06:26 -04:00
master = 1 ;
2019-12-11 08:24:07 -05:00
signal_unregister ( SIGTTIN ) ;
signal_unregister ( SIGTTOU ) ;
2018-11-20 11:36:53 -05:00
signal_unregister ( SIGUSR1 ) ;
signal_unregister ( SIGHUP ) ;
signal_unregister ( SIGQUIT ) ;
2018-09-11 04:06:18 -04:00
signal_register_fct ( SIGTERM , mworker_catch_sigterm , SIGTERM ) ;
signal_register_fct ( SIGUSR1 , mworker_catch_sigterm , SIGUSR1 ) ;
2019-12-11 08:24:07 -05:00
signal_register_fct ( SIGTTIN , mworker_broadcast_signal , SIGTTIN ) ;
signal_register_fct ( SIGTTOU , mworker_broadcast_signal , SIGTTOU ) ;
2018-09-11 04:06:18 -04:00
signal_register_fct ( SIGINT , mworker_catch_sigterm , SIGINT ) ;
signal_register_fct ( SIGHUP , mworker_catch_sighup , SIGHUP ) ;
signal_register_fct ( SIGUSR2 , mworker_catch_sighup , SIGUSR2 ) ;
signal_register_fct ( SIGCHLD , mworker_catch_sigchld , SIGCHLD ) ;
mworker_unblock_signals ( ) ;
mworker_cleanlisteners ( ) ;
2018-12-06 08:05:20 -05:00
mworker_cleantasks ( ) ;
2018-09-11 04:06:18 -04:00
2018-09-11 04:06:26 -04:00
mworker_catch_sigchld ( NULL ) ; /* ensure we clean the children in case
some SIGCHLD were lost */
2018-09-11 04:06:18 -04:00
global . nbthread = 1 ;
relative_pid = 1 ;
pid_bit = 1 ;
2019-02-02 11:11:28 -05:00
all_proc_mask = 1 ;
2018-09-11 04:06:18 -04:00
2018-12-14 09:52:39 -05:00
# ifdef USE_THREAD
tid_bit = 1 ;
all_threads_mask = 1 ;
# endif
2018-09-11 04:06:18 -04:00
jobs + + ; /* this is the "master" job, we want to take care of the
signals even if there is no listener so the poll loop don ' t
leave */
fork_poller ( ) ;
2019-05-03 03:27:30 -04:00
run_thread_poll_loop ( 0 ) ;
2018-09-11 04:06:18 -04:00
}
2017-06-01 11:38:51 -04:00
2017-06-01 11:38:52 -04:00
/*
* Reexec the process in failure mode , instead of exiting
*/
void reexec_on_failure ( )
{
if ( ! atexit_flag )
return ;
setenv ( " HAPROXY_MWORKER_WAIT_ONLY " , " 1 " , 1 ) ;
2017-11-24 10:50:31 -05:00
ha_warning ( " Reexecuting Master process in waitpid mode \n " ) ;
2017-06-01 11:38:52 -04:00
mworker_reload ( ) ;
}
2017-06-01 11:38:51 -04:00
2006-06-25 20:48:02 -04:00
/*
2010-08-27 12:26:11 -04:00
* upon SIGUSR1 , let ' s have a soft stop . Note that soft_stop ( ) broadcasts
* a signal zero to all subscribers . This means that it ' s as easy as
* subscribing to signal 0 to get informed about an imminent shutdown .
2006-06-25 20:48:02 -04:00
*/
2016-12-21 12:19:57 -05:00
static void sig_soft_stop ( struct sig_handler * sh )
2006-06-25 20:48:02 -04:00
{
soft_stop ( ) ;
2010-08-27 11:56:48 -04:00
signal_unregister_handler ( sh ) ;
2017-11-24 11:34:44 -05:00
pool_gc ( NULL ) ;
2006-06-25 20:48:02 -04:00
}
/*
* upon SIGTTOU , we pause everything
*/
2016-12-21 12:19:57 -05:00
static void sig_pause ( struct sig_handler * sh )
2006-06-25 20:48:02 -04:00
{
pause_proxies ( ) ;
2017-11-24 11:34:44 -05:00
pool_gc ( NULL ) ;
2006-06-25 20:48:02 -04:00
}
/*
* upon SIGTTIN , let ' s have a soft stop .
*/
2016-12-21 12:19:57 -05:00
static void sig_listen ( struct sig_handler * sh )
2006-06-25 20:48:02 -04:00
{
2011-07-24 12:28:10 -04:00
resume_proxies ( ) ;
2006-06-25 20:48:02 -04:00
}
/*
* this function dumps every server ' s state when the process receives SIGHUP .
*/
2016-12-21 12:19:57 -05:00
static void sig_dump_state ( struct sig_handler * sh )
2006-06-25 20:48:02 -04:00
{
2017-11-24 10:54:05 -05:00
struct proxy * p = proxies_list ;
2006-06-25 20:48:02 -04:00
2017-11-24 10:50:31 -05:00
ha_warning ( " SIGHUP received, dumping servers states. \n " ) ;
2006-06-25 20:48:02 -04:00
while ( p ) {
struct server * s = p - > srv ;
send_log ( p , LOG_NOTICE , " SIGHUP received, dumping servers states for proxy %s. \n " , p - > id ) ;
while ( s ) {
2012-10-29 11:51:55 -04:00
chunk_printf ( & trash ,
" SIGHUP: Server %s/%s is %s. Conn: %d act, %d pend, %lld tot. " ,
p - > id , s - > id ,
2017-08-31 08:41:55 -04:00
( s - > cur_state ! = SRV_ST_STOPPED ) ? " UP " : " DOWN " ,
2012-10-29 11:51:55 -04:00
s - > cur_sess , s - > nbpend , s - > counters . cum_sess ) ;
2018-07-13 04:54:26 -04:00
ha_warning ( " %s \n " , trash . area ) ;
send_log ( p , LOG_NOTICE , " %s \n " , trash . area ) ;
2006-06-25 20:48:02 -04:00
s = s - > next ;
}
2007-09-17 05:27:09 -04:00
/* FIXME: those info are a bit outdated. We should be able to distinguish between FE and BE. */
if ( ! p - > srv ) {
2012-10-29 11:51:55 -04:00
chunk_printf ( & trash ,
" SIGHUP: Proxy %s has no servers. Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld. " ,
p - > id ,
p - > feconn , p - > beconn , p - > totpend , p - > nbpend , p - > fe_counters . cum_conn , p - > be_counters . cum_conn ) ;
2007-09-17 05:27:09 -04:00
} else if ( p - > srv_act = = 0 ) {
2012-10-29 11:51:55 -04:00
chunk_printf ( & trash ,
" SIGHUP: Proxy %s %s ! Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld. " ,
p - > id ,
( p - > srv_bck ) ? " is running on backup servers " : " has no server available " ,
p - > feconn , p - > beconn , p - > totpend , p - > nbpend , p - > fe_counters . cum_conn , p - > be_counters . cum_conn ) ;
2006-06-25 20:48:02 -04:00
} else {
2012-10-29 11:51:55 -04:00
chunk_printf ( & trash ,
" SIGHUP: Proxy %s has %d active servers and %d backup servers available. "
" Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld. " ,
p - > id , p - > srv_act , p - > srv_bck ,
p - > feconn , p - > beconn , p - > totpend , p - > nbpend , p - > fe_counters . cum_conn , p - > be_counters . cum_conn ) ;
2006-06-25 20:48:02 -04:00
}
2018-07-13 04:54:26 -04:00
ha_warning ( " %s \n " , trash . area ) ;
send_log ( p , LOG_NOTICE , " %s \n " , trash . area ) ;
2006-06-25 20:48:02 -04:00
p = p - > next ;
}
}
2016-12-21 12:19:57 -05:00
static void dump ( struct sig_handler * sh )
2006-06-25 20:48:02 -04:00
{
2007-05-13 13:43:47 -04:00
/* dump memory usage then free everything possible */
dump_pools ( ) ;
2017-11-24 11:34:44 -05:00
pool_gc ( NULL ) ;
2006-06-25 20:48:02 -04:00
}
2017-12-28 10:09:36 -05:00
/*
* This function dup2 the stdio FDs ( 0 , 1 , 2 ) with < fd > , then closes < fd >
* If < fd > < 0 , it opens / dev / null and use it to dup
*
* In the case of chrooting , you have to open / dev / null before the chroot , and
* pass the < fd > to this function
*/
static void stdio_quiet ( int fd )
{
if ( fd < 0 )
fd = open ( " /dev/null " , O_RDWR , 0 ) ;
if ( fd > - 1 ) {
fclose ( stdin ) ;
fclose ( stdout ) ;
fclose ( stderr ) ;
dup2 ( fd , 0 ) ;
dup2 ( fd , 1 ) ;
dup2 ( fd , 2 ) ;
if ( fd > 2 )
close ( fd ) ;
return ;
}
ha_alert ( " Cannot open /dev/null \n " ) ;
exit ( EXIT_FAILURE ) ;
}
2018-11-15 13:41:50 -05:00
/* This function checks if cfg_cfgfiles contains directories.
* If it finds one , it adds all the files ( and only files ) it contains
* in cfg_cfgfiles in place of the directory ( and removes the directory ) .
* It adds the files in lexical order .
* It adds only files with . cfg extension .
2016-05-13 17:52:56 -04:00
* It doesn ' t add files with name starting with ' . '
*/
2016-12-21 12:19:57 -05:00
static void cfgfiles_expand_directories ( void )
2016-05-13 17:52:56 -04:00
{
struct wordlist * wl , * wlb ;
char * err = NULL ;
list_for_each_entry_safe ( wl , wlb , & cfg_cfgfiles , list ) {
struct stat file_stat ;
struct dirent * * dir_entries = NULL ;
int dir_entries_nb ;
int dir_entries_it ;
if ( stat ( wl - > s , & file_stat ) ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " Cannot open configuration file/directory %s : %s \n " ,
wl - > s ,
strerror ( errno ) ) ;
2016-05-13 17:52:56 -04:00
exit ( 1 ) ;
}
if ( ! S_ISDIR ( file_stat . st_mode ) )
continue ;
/* from this point wl->s is a directory */
dir_entries_nb = scandir ( wl - > s , & dir_entries , NULL , alphasort ) ;
if ( dir_entries_nb < 0 ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " Cannot open configuration directory %s : %s \n " ,
wl - > s ,
strerror ( errno ) ) ;
2016-05-13 17:52:56 -04:00
exit ( 1 ) ;
}
/* for each element in the directory wl->s */
for ( dir_entries_it = 0 ; dir_entries_it < dir_entries_nb ; dir_entries_it + + ) {
struct dirent * dir_entry = dir_entries [ dir_entries_it ] ;
char * filename = NULL ;
char * d_name_cfgext = strstr ( dir_entry - > d_name , " .cfg " ) ;
/* don't add filename that begin with .
2018-11-15 13:41:50 -05:00
* only add filename with . cfg extension
2016-05-13 17:52:56 -04:00
*/
if ( dir_entry - > d_name [ 0 ] = = ' . ' | |
! ( d_name_cfgext & & d_name_cfgext [ 4 ] = = ' \0 ' ) )
goto next_dir_entry ;
if ( ! memprintf ( & filename , " %s/%s " , wl - > s , dir_entry - > d_name ) ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " Cannot load configuration files %s : out of memory. \n " ,
filename ) ;
2016-05-13 17:52:56 -04:00
exit ( 1 ) ;
}
if ( stat ( filename , & file_stat ) ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " Cannot open configuration file %s : %s \n " ,
wl - > s ,
strerror ( errno ) ) ;
2016-05-13 17:52:56 -04:00
exit ( 1 ) ;
}
/* don't add anything else than regular file in cfg_cfgfiles
* this way we avoid loops
*/
if ( ! S_ISREG ( file_stat . st_mode ) )
goto next_dir_entry ;
if ( ! list_append_word ( & wl - > list , filename , & err ) ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " Cannot load configuration files %s : %s \n " ,
filename ,
err ) ;
2016-05-13 17:52:56 -04:00
exit ( 1 ) ;
}
next_dir_entry :
free ( filename ) ;
free ( dir_entry ) ;
}
free ( dir_entries ) ;
/* remove the current directory (wl) from cfg_cfgfiles */
free ( wl - > s ) ;
LIST_DEL ( & wl - > list ) ;
free ( wl ) ;
}
free ( err ) ;
}
2017-04-05 16:33:04 -04:00
static int get_old_sockets ( const char * unixsocket )
{
char * cmsgbuf = NULL , * tmpbuf = NULL ;
int * tmpfd = NULL ;
struct sockaddr_un addr ;
struct cmsghdr * cmsg ;
struct msghdr msghdr ;
struct iovec iov ;
struct xfer_sock_list * xfer_sock = NULL ;
2017-04-06 08:45:14 -04:00
struct timeval tv = { . tv_sec = 1 , . tv_usec = 0 } ;
2017-04-05 16:33:04 -04:00
int sock = - 1 ;
int ret = - 1 ;
int ret2 = - 1 ;
int fd_nb ;
int got_fd = 0 ;
int i = 0 ;
size_t maxoff = 0 , curoff = 0 ;
memset ( & msghdr , 0 , sizeof ( msghdr ) ) ;
cmsgbuf = malloc ( CMSG_SPACE ( sizeof ( int ) ) * MAX_SEND_FD ) ;
if ( ! cmsgbuf ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Failed to allocate memory to send sockets \n " ) ;
2017-04-05 16:33:04 -04:00
goto out ;
}
sock = socket ( PF_UNIX , SOCK_STREAM , 0 ) ;
if ( sock < 0 ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Failed to connect to the old process socket '%s' \n " ,
unixsocket ) ;
2017-04-05 16:33:04 -04:00
goto out ;
}
2019-12-11 10:29:10 -05:00
strncpy ( addr . sun_path , unixsocket , sizeof ( addr . sun_path ) - 1 ) ;
2017-04-05 16:33:04 -04:00
addr . sun_path [ sizeof ( addr . sun_path ) - 1 ] = 0 ;
addr . sun_family = PF_UNIX ;
ret = connect ( sock , ( struct sockaddr * ) & addr , sizeof ( addr ) ) ;
if ( ret < 0 ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Failed to connect to the old process socket '%s' \n " ,
unixsocket ) ;
2017-04-05 16:33:04 -04:00
goto out ;
}
2017-04-06 08:45:14 -04:00
setsockopt ( sock , SOL_SOCKET , SO_RCVTIMEO , ( void * ) & tv , sizeof ( tv ) ) ;
2017-04-05 16:33:04 -04:00
iov . iov_base = & fd_nb ;
iov . iov_len = sizeof ( fd_nb ) ;
msghdr . msg_iov = & iov ;
msghdr . msg_iovlen = 1 ;
send ( sock , " _getsocks \n " , strlen ( " _getsocks \n " ) , 0 ) ;
/* First, get the number of file descriptors to be received */
if ( recvmsg ( sock , & msghdr , MSG_WAITALL ) ! = sizeof ( fd_nb ) ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Failed to get the number of sockets to be transferred ! \n " ) ;
2017-04-05 16:33:04 -04:00
goto out ;
}
if ( fd_nb = = 0 ) {
ret = 0 ;
goto out ;
}
2017-11-04 10:13:01 -04:00
tmpbuf = malloc ( fd_nb * ( 1 + MAXPATHLEN + 1 + IFNAMSIZ + sizeof ( int ) ) ) ;
2017-04-05 16:33:04 -04:00
if ( tmpbuf = = NULL ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Failed to allocate memory while receiving sockets \n " ) ;
2017-04-05 16:33:04 -04:00
goto out ;
}
tmpfd = malloc ( fd_nb * sizeof ( int ) ) ;
if ( tmpfd = = NULL ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Failed to allocate memory while receiving sockets \n " ) ;
2017-04-05 16:33:04 -04:00
goto out ;
}
msghdr . msg_control = cmsgbuf ;
msghdr . msg_controllen = CMSG_SPACE ( sizeof ( int ) ) * MAX_SEND_FD ;
2017-11-04 10:13:01 -04:00
iov . iov_len = MAX_SEND_FD * ( 1 + MAXPATHLEN + 1 + IFNAMSIZ + sizeof ( int ) ) ;
2017-04-05 16:33:04 -04:00
do {
int ret3 ;
iov . iov_base = tmpbuf + curoff ;
ret = recvmsg ( sock , & msghdr , 0 ) ;
if ( ret = = - 1 & & errno = = EINTR )
continue ;
if ( ret < = 0 )
break ;
/* Send an ack to let the sender know we got the sockets
* and it can send some more
*/
do {
ret3 = send ( sock , & got_fd , sizeof ( got_fd ) , 0 ) ;
} while ( ret3 = = - 1 & & errno = = EINTR ) ;
for ( cmsg = CMSG_FIRSTHDR ( & msghdr ) ; cmsg ! = NULL ;
cmsg = CMSG_NXTHDR ( & msghdr , cmsg ) ) {
if ( cmsg - > cmsg_level = = SOL_SOCKET & &
cmsg - > cmsg_type = = SCM_RIGHTS ) {
size_t totlen = cmsg - > cmsg_len -
CMSG_LEN ( 0 ) ;
if ( totlen / sizeof ( int ) + got_fd > fd_nb ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Got to many sockets ! \n " ) ;
2017-04-05 16:33:04 -04:00
goto out ;
}
/*
* Be paranoid and use memcpy ( ) to avoid any
* potential alignement issue .
*/
memcpy ( & tmpfd [ got_fd ] , CMSG_DATA ( cmsg ) , totlen ) ;
got_fd + = totlen / sizeof ( int ) ;
}
}
curoff + = ret ;
} while ( got_fd < fd_nb ) ;
if ( got_fd ! = fd_nb ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " We didn't get the expected number of sockets (expecting %d got %d) \n " ,
fd_nb , got_fd ) ;
2017-04-05 16:33:04 -04:00
goto out ;
}
maxoff = curoff ;
curoff = 0 ;
for ( i = 0 ; i < got_fd ; i + + ) {
int fd = tmpfd [ i ] ;
socklen_t socklen ;
int len ;
xfer_sock = calloc ( 1 , sizeof ( * xfer_sock ) ) ;
if ( ! xfer_sock ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Failed to allocate memory in get_old_sockets() ! \n " ) ;
2017-04-05 16:33:04 -04:00
break ;
}
xfer_sock - > fd = - 1 ;
socklen = sizeof ( xfer_sock - > addr ) ;
if ( getsockname ( fd , ( struct sockaddr * ) & xfer_sock - > addr , & socklen ) ! = 0 ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Failed to get socket address \n " ) ;
2017-04-05 16:33:04 -04:00
free ( xfer_sock ) ;
2017-07-17 11:25:33 -04:00
xfer_sock = NULL ;
2017-04-05 16:33:04 -04:00
continue ;
}
if ( curoff > = maxoff ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Inconsistency while transferring sockets \n " ) ;
2017-04-05 16:33:04 -04:00
goto out ;
}
len = tmpbuf [ curoff + + ] ;
if ( len > 0 ) {
/* We have a namespace */
if ( curoff + len > maxoff ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Inconsistency while transferring sockets \n " ) ;
2017-04-05 16:33:04 -04:00
goto out ;
}
xfer_sock - > namespace = malloc ( len + 1 ) ;
if ( ! xfer_sock - > namespace ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Failed to allocate memory while transferring sockets \n " ) ;
2017-04-05 16:33:04 -04:00
goto out ;
}
memcpy ( xfer_sock - > namespace , & tmpbuf [ curoff ] , len ) ;
xfer_sock - > namespace [ len ] = 0 ;
curoff + = len ;
}
if ( curoff > = maxoff ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Inconsistency while transferring sockets \n " ) ;
2017-04-05 16:33:04 -04:00
goto out ;
}
len = tmpbuf [ curoff + + ] ;
if ( len > 0 ) {
/* We have an interface */
if ( curoff + len > maxoff ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Inconsistency while transferring sockets \n " ) ;
2017-04-05 16:33:04 -04:00
goto out ;
}
xfer_sock - > iface = malloc ( len + 1 ) ;
if ( ! xfer_sock - > iface ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Failed to allocate memory while transferring sockets \n " ) ;
2017-04-05 16:33:04 -04:00
goto out ;
}
memcpy ( xfer_sock - > iface , & tmpbuf [ curoff ] , len ) ;
2018-03-15 12:48:49 -04:00
xfer_sock - > iface [ len ] = 0 ;
2017-04-05 16:33:04 -04:00
curoff + = len ;
}
if ( curoff + sizeof ( int ) > maxoff ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Inconsistency while transferring sockets \n " ) ;
2017-04-05 16:33:04 -04:00
goto out ;
}
memcpy ( & xfer_sock - > options , & tmpbuf [ curoff ] ,
sizeof ( xfer_sock - > options ) ) ;
curoff + = sizeof ( xfer_sock - > options ) ;
xfer_sock - > fd = fd ;
if ( xfer_sock_list )
xfer_sock_list - > prev = xfer_sock ;
xfer_sock - > next = xfer_sock_list ;
xfer_sock - > prev = NULL ;
xfer_sock_list = xfer_sock ;
xfer_sock = NULL ;
}
ret2 = 0 ;
out :
/* If we failed midway make sure to close the remaining
* file descriptors
*/
if ( tmpfd ! = NULL & & i < got_fd ) {
for ( ; i < got_fd ; i + + ) {
close ( tmpfd [ i ] ) ;
}
}
free ( tmpbuf ) ;
free ( tmpfd ) ;
free ( cmsgbuf ) ;
if ( sock ! = - 1 )
close ( sock ) ;
if ( xfer_sock ) {
free ( xfer_sock - > namespace ) ;
free ( xfer_sock - > iface ) ;
if ( xfer_sock - > fd ! = - 1 )
close ( xfer_sock - > fd ) ;
free ( xfer_sock ) ;
}
return ( ret2 ) ;
}
2017-06-01 11:38:51 -04:00
/*
* copy and cleanup the current argv
BUG/MEDIUM: mworker: fix the copy of options in copy_argv()
The copy_argv() function, which is used to copy and remove some of the
arguments of the command line in order to re-exec() the master process,
is poorly implemented.
The function tries to remove the -x and the -sf/-st options but without
taking into account that some of the options could take a parameter
starting with a dash.
In issue #644, haproxy starts with "-L -xfoo" which is perfectly
correct. However, the re-exec is done without "-xfoo" because the master
tries to remove the "-x" option. Indeed, the copy_argv() function does
not know how much arguments an option can have, and just assume that
everything starting with a dash is an option. So haproxy is exec() with
"-L" but without a parameter, which is wrong and leads to the exit of
the master, with usage().
To fix this issue, copy_argv() must know how much parameters an option
takes, and copy or skip the parameters correctly.
This fix is a first step but it should evolve to a cleaner way of
declaring the options to avoid deduplication of the parsing code, so we
avoid new bugs.
Should be backported with care as far as 1.8, by removing the options
that does not exists in the previous versions.
2020-06-04 11:40:23 -04:00
* Remove the - sf / - st / - x parameters
2017-06-01 11:38:51 -04:00
* Return an allocated copy of argv
*/
static char * * copy_argv ( int argc , char * * argv )
{
BUG/MEDIUM: mworker: fix the copy of options in copy_argv()
The copy_argv() function, which is used to copy and remove some of the
arguments of the command line in order to re-exec() the master process,
is poorly implemented.
The function tries to remove the -x and the -sf/-st options but without
taking into account that some of the options could take a parameter
starting with a dash.
In issue #644, haproxy starts with "-L -xfoo" which is perfectly
correct. However, the re-exec is done without "-xfoo" because the master
tries to remove the "-x" option. Indeed, the copy_argv() function does
not know how much arguments an option can have, and just assume that
everything starting with a dash is an option. So haproxy is exec() with
"-L" but without a parameter, which is wrong and leads to the exit of
the master, with usage().
To fix this issue, copy_argv() must know how much parameters an option
takes, and copy or skip the parameters correctly.
This fix is a first step but it should evolve to a cleaner way of
declaring the options to avoid deduplication of the parsing code, so we
avoid new bugs.
Should be backported with care as far as 1.8, by removing the options
that does not exists in the previous versions.
2020-06-04 11:40:23 -04:00
char * * newargv , * * retargv ;
2017-06-01 11:38:51 -04:00
newargv = calloc ( argc + 2 , sizeof ( char * ) ) ;
if ( newargv = = NULL ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " Cannot allocate memory \n " ) ;
2017-06-01 11:38:51 -04:00
return NULL ;
}
BUG/MEDIUM: mworker: fix the copy of options in copy_argv()
The copy_argv() function, which is used to copy and remove some of the
arguments of the command line in order to re-exec() the master process,
is poorly implemented.
The function tries to remove the -x and the -sf/-st options but without
taking into account that some of the options could take a parameter
starting with a dash.
In issue #644, haproxy starts with "-L -xfoo" which is perfectly
correct. However, the re-exec is done without "-xfoo" because the master
tries to remove the "-x" option. Indeed, the copy_argv() function does
not know how much arguments an option can have, and just assume that
everything starting with a dash is an option. So haproxy is exec() with
"-L" but without a parameter, which is wrong and leads to the exit of
the master, with usage().
To fix this issue, copy_argv() must know how much parameters an option
takes, and copy or skip the parameters correctly.
This fix is a first step but it should evolve to a cleaner way of
declaring the options to avoid deduplication of the parsing code, so we
avoid new bugs.
Should be backported with care as far as 1.8, by removing the options
that does not exists in the previous versions.
2020-06-04 11:40:23 -04:00
retargv = newargv ;
2017-06-01 11:38:51 -04:00
BUG/MEDIUM: mworker: fix the copy of options in copy_argv()
The copy_argv() function, which is used to copy and remove some of the
arguments of the command line in order to re-exec() the master process,
is poorly implemented.
The function tries to remove the -x and the -sf/-st options but without
taking into account that some of the options could take a parameter
starting with a dash.
In issue #644, haproxy starts with "-L -xfoo" which is perfectly
correct. However, the re-exec is done without "-xfoo" because the master
tries to remove the "-x" option. Indeed, the copy_argv() function does
not know how much arguments an option can have, and just assume that
everything starting with a dash is an option. So haproxy is exec() with
"-L" but without a parameter, which is wrong and leads to the exit of
the master, with usage().
To fix this issue, copy_argv() must know how much parameters an option
takes, and copy or skip the parameters correctly.
This fix is a first step but it should evolve to a cleaner way of
declaring the options to avoid deduplication of the parsing code, so we
avoid new bugs.
Should be backported with care as far as 1.8, by removing the options
that does not exists in the previous versions.
2020-06-04 11:40:23 -04:00
/* first copy argv[0] */
* newargv + + = * argv + + ;
argc - - ;
while ( argc > 0 ) {
if ( * * argv ! = ' - ' ) {
/* non options are copied but will fail in the argument parser */
* newargv + + = * argv + + ;
argc - - ;
} else {
char * flag ;
flag = * argv + 1 ;
if ( flag [ 0 ] = = ' - ' & & flag [ 1 ] = = 0 ) {
/* "--\0" copy every arguments till the end of argv */
* newargv + + = * argv + + ;
argc - - ;
while ( argc > 0 ) {
* newargv + + = * argv + + ;
argc - - ;
}
} else {
switch ( * flag ) {
case ' s ' :
/* -sf / -st and their parameters are ignored */
if ( flag [ 1 ] = = ' f ' | | flag [ 1 ] = = ' t ' ) {
argc - - ;
argv + + ;
/* The list can't contain a negative value since the only
way to know the end of this list is by looking for the
next option or the end of the options */
while ( argc > 0 & & argv [ 0 ] [ 0 ] ! = ' - ' ) {
argc - - ;
argv + + ;
}
}
break ;
case ' x ' :
/* this option and its parameter are ignored */
argc - - ;
argv + + ;
if ( argc > 0 ) {
argc - - ;
argv + + ;
}
break ;
case ' C ' :
case ' n ' :
case ' m ' :
case ' N ' :
case ' L ' :
case ' f ' :
case ' p ' :
case ' S ' :
/* these options have only 1 parameter which must be copied and can start with a '-' */
* newargv + + = * argv + + ;
argc - - ;
if ( argc = = 0 )
goto error ;
* newargv + + = * argv + + ;
argc - - ;
break ;
default :
/* for other options just copy them without parameters, this is also done
* for options like " --foo " , but this will fail in the argument parser .
* */
* newargv + + = * argv + + ;
argc - - ;
break ;
}
2017-06-01 11:38:51 -04:00
}
}
}
2017-06-20 05:20:23 -04:00
BUG/MEDIUM: mworker: fix the copy of options in copy_argv()
The copy_argv() function, which is used to copy and remove some of the
arguments of the command line in order to re-exec() the master process,
is poorly implemented.
The function tries to remove the -x and the -sf/-st options but without
taking into account that some of the options could take a parameter
starting with a dash.
In issue #644, haproxy starts with "-L -xfoo" which is perfectly
correct. However, the re-exec is done without "-xfoo" because the master
tries to remove the "-x" option. Indeed, the copy_argv() function does
not know how much arguments an option can have, and just assume that
everything starting with a dash is an option. So haproxy is exec() with
"-L" but without a parameter, which is wrong and leads to the exit of
the master, with usage().
To fix this issue, copy_argv() must know how much parameters an option
takes, and copy or skip the parameters correctly.
This fix is a first step but it should evolve to a cleaner way of
declaring the options to avoid deduplication of the parsing code, so we
avoid new bugs.
Should be backported with care as far as 1.8, by removing the options
that does not exists in the previous versions.
2020-06-04 11:40:23 -04:00
return retargv ;
error :
free ( retargv ) ;
return NULL ;
2017-06-01 11:38:51 -04:00
}
BUG/MEDIUM: random: initialize the random pool a bit better
Since the UUID sample fetch was created, some people noticed that in
certain virtualized environments they manage to get exact same UUIDs
on different instances started exactly at the same moment. It turns
out that the randoms were only initialized to spread the health checks
originally, not to provide "clean" randoms.
This patch changes this and collects more randomness from various
sources, including existing randoms, /dev/urandom when available,
RAND_bytes() when OpenSSL is available, as well as the timing for such
operations, then applies a SHA1 on all this to keep a 160 bits random
seed available, 32 of which are passed to srandom().
It's worth mentioning that there's no clean way to pass more than 32
bits to srandom() as even initstate() provides an opaque state that
must absolutely not be tampered with since known implementations
contain state information.
At least this allows to have up to 4 billion different sequences
from the boot, which is not that bad.
Note that the thread safety was still not addressed, which is another
issue for another patch.
This must be backported to all versions containing the UUID sample
fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
/* Performs basic random seed initialization. The main issue with this is that
* srandom_r ( ) only takes 32 bits and purposely provides a reproducible sequence ,
* which means that there will only be 4 billion possible random sequences once
* srandom ( ) is called , regardless of the internal state . Not calling it is
* even worse as we ' ll always produce the same randoms sequences . What we do
* here is to create an initial sequence from various entropy sources , hash it
* using SHA1 and keep the resulting 160 bits available globally .
*
* We initialize the current process with the first 32 bits before starting the
* polling loop , where all this will be changed to have process specific and
* thread specific sequences .
BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG
This is the replacement of failed attempt to add thread safety and
per-process sequences of random numbers initally tried with commit
1c306aa84d ("BUG/MEDIUM: random: implement per-thread and per-process
random sequences").
This new version takes a completely different approach and doesn't try
to work around the horrible OS-specific and non-portable random API
anymore. Instead it implements "xoroshiro128**", a reputedly high
quality random number generator, which is one of the many variants of
xorshift, which passes all quality tests and which is described here:
http://prng.di.unimi.it/
While not cryptographically secure, it is fast and features a 2^128-1
period. It supports fast jumps allowing to cut the period into smaller
non-overlapping sequences, which we use here to support up to 2^32
processes each having their own, non-overlapping sequence of 2^96
numbers (~7*10^28). This is enough to provide 1 billion randoms per
second and per process for 2200 billion years.
The implementation was made thread-safe either by using a double 64-bit
CAS on platforms supporting it (x86_64, aarch64) or by using a local
lock for the time needed to perform the shift operations. This ensures
that all threads pick numbers from the same pool so that it is not
needed to assign per-thread ranges. For processes we use the fast jump
method to advance the sequence by 2^96 for each process.
Before this patch, the following config:
global
nbproc 8
frontend f
bind :4445
mode http
log stdout format raw daemon
log-format "%[uuid] %pid"
redirect location /
Would produce this output:
a4d0ad64-2645-4b74-b894-48acce0669af 12987
a4d0ad64-2645-4b74-b894-48acce0669af 12992
a4d0ad64-2645-4b74-b894-48acce0669af 12986
a4d0ad64-2645-4b74-b894-48acce0669af 12988
a4d0ad64-2645-4b74-b894-48acce0669af 12991
a4d0ad64-2645-4b74-b894-48acce0669af 12989
a4d0ad64-2645-4b74-b894-48acce0669af 12990
82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12987
82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12992
82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12986
(...)
And now produces:
f94b29b3-da74-4e03-a0c5-a532c635bad9 13011
47470c02-4862-4c33-80e7-a952899570e5 13014
86332123-539a-47bf-853f-8c8ea8b2a2b5 13013
8f9efa99-3143-47b2-83cf-d618c8dea711 13012
3cc0f5c7-d790-496b-8d39-bec77647af5b 13015
3ec64915-8f95-4374-9e66-e777dc8791e0 13009
0f9bf894-dcde-408c-b094-6e0bb3255452 13011
49c7bfde-3ffb-40e9-9a8d-8084d650ed8f 13014
e23f6f2e-35c5-4433-a294-b790ab902653 13012
There are multiple benefits to using this method. First, it doesn't
depend anymore on a non-portable API. Second it's thread safe. Third it
is fast and more proven than any hack we could attempt to try to work
around the deficiencies of the various implementations around.
This commit depends on previous patches "MINOR: tools: add 64-bit rotate
operators" and "BUG/MEDIUM: random: initialize the random pool a bit
better", all of which will need to be backported at least as far as
version 2.0. It doesn't require to backport the build fixes for circular
include files dependecy anymore.
2020-03-07 18:42:37 -05:00
*
* Before starting threads , it ' s still possible to call random ( ) as srandom ( )
* is initialized from this , but after threads and / or processes are started ,
* only ha_random ( ) is expected to be used to guarantee distinct sequences .
BUG/MEDIUM: random: initialize the random pool a bit better
Since the UUID sample fetch was created, some people noticed that in
certain virtualized environments they manage to get exact same UUIDs
on different instances started exactly at the same moment. It turns
out that the randoms were only initialized to spread the health checks
originally, not to provide "clean" randoms.
This patch changes this and collects more randomness from various
sources, including existing randoms, /dev/urandom when available,
RAND_bytes() when OpenSSL is available, as well as the timing for such
operations, then applies a SHA1 on all this to keep a 160 bits random
seed available, 32 of which are passed to srandom().
It's worth mentioning that there's no clean way to pass more than 32
bits to srandom() as even initstate() provides an opaque state that
must absolutely not be tampered with since known implementations
contain state information.
At least this allows to have up to 4 billion different sequences
from the boot, which is not that bad.
Note that the thread safety was still not addressed, which is another
issue for another patch.
This must be backported to all versions containing the UUID sample
fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
*/
static void ha_random_boot ( char * const * argv )
{
unsigned char message [ 256 ] ;
unsigned char * m = message ;
struct timeval tv ;
blk_SHA_CTX ctx ;
unsigned long l ;
int fd ;
int i ;
/* start with current time as pseudo-random seed */
gettimeofday ( & tv , NULL ) ;
write_u32 ( m , tv . tv_sec ) ; m + = 4 ;
write_u32 ( m , tv . tv_usec ) ; m + = 4 ;
/* PID and PPID add some OS-based randomness */
write_u16 ( m , getpid ( ) ) ; m + = 2 ;
write_u16 ( m , getppid ( ) ) ; m + = 2 ;
/* take up to 160 bits bytes from /dev/urandom if available (non-blocking) */
fd = open ( " /dev/urandom " , O_RDONLY ) ;
if ( fd > = 0 ) {
i = read ( fd , m , 20 ) ;
if ( i > 0 )
m + = i ;
close ( fd ) ;
}
/* take up to 160 bits bytes from openssl (non-blocking) */
# ifdef USE_OPENSSL
if ( RAND_bytes ( m , 20 ) = = 1 )
m + = 20 ;
# endif
/* take 160 bits from existing random in case it was already initialized */
for ( i = 0 ; i < 5 ; i + + ) {
write_u32 ( m , random ( ) ) ;
m + = 4 ;
}
/* stack address (benefit form operating system's ASLR) */
l = ( unsigned long ) & m ;
memcpy ( m , & l , sizeof ( l ) ) ; m + = sizeof ( l ) ;
/* argv address (benefit form operating system's ASLR) */
l = ( unsigned long ) & argv ;
memcpy ( m , & l , sizeof ( l ) ) ; m + = sizeof ( l ) ;
/* use tv_usec again after all the operations above */
gettimeofday ( & tv , NULL ) ;
write_u32 ( m , tv . tv_usec ) ; m + = 4 ;
/*
* At this point , ~ 84 - 92 bytes have been used
*/
/* finish with the hostname */
strncpy ( ( char * ) m , hostname , message + sizeof ( message ) - m ) ;
m + = strlen ( hostname ) ;
/* total message length */
l = m - message ;
memset ( & ctx , 0 , sizeof ( ctx ) ) ;
blk_SHA1_Init ( & ctx ) ;
blk_SHA1_Update ( & ctx , message , l ) ;
blk_SHA1_Final ( boot_seed , & ctx ) ;
srandom ( read_u32 ( boot_seed ) ) ;
BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG
This is the replacement of failed attempt to add thread safety and
per-process sequences of random numbers initally tried with commit
1c306aa84d ("BUG/MEDIUM: random: implement per-thread and per-process
random sequences").
This new version takes a completely different approach and doesn't try
to work around the horrible OS-specific and non-portable random API
anymore. Instead it implements "xoroshiro128**", a reputedly high
quality random number generator, which is one of the many variants of
xorshift, which passes all quality tests and which is described here:
http://prng.di.unimi.it/
While not cryptographically secure, it is fast and features a 2^128-1
period. It supports fast jumps allowing to cut the period into smaller
non-overlapping sequences, which we use here to support up to 2^32
processes each having their own, non-overlapping sequence of 2^96
numbers (~7*10^28). This is enough to provide 1 billion randoms per
second and per process for 2200 billion years.
The implementation was made thread-safe either by using a double 64-bit
CAS on platforms supporting it (x86_64, aarch64) or by using a local
lock for the time needed to perform the shift operations. This ensures
that all threads pick numbers from the same pool so that it is not
needed to assign per-thread ranges. For processes we use the fast jump
method to advance the sequence by 2^96 for each process.
Before this patch, the following config:
global
nbproc 8
frontend f
bind :4445
mode http
log stdout format raw daemon
log-format "%[uuid] %pid"
redirect location /
Would produce this output:
a4d0ad64-2645-4b74-b894-48acce0669af 12987
a4d0ad64-2645-4b74-b894-48acce0669af 12992
a4d0ad64-2645-4b74-b894-48acce0669af 12986
a4d0ad64-2645-4b74-b894-48acce0669af 12988
a4d0ad64-2645-4b74-b894-48acce0669af 12991
a4d0ad64-2645-4b74-b894-48acce0669af 12989
a4d0ad64-2645-4b74-b894-48acce0669af 12990
82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12987
82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12992
82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12986
(...)
And now produces:
f94b29b3-da74-4e03-a0c5-a532c635bad9 13011
47470c02-4862-4c33-80e7-a952899570e5 13014
86332123-539a-47bf-853f-8c8ea8b2a2b5 13013
8f9efa99-3143-47b2-83cf-d618c8dea711 13012
3cc0f5c7-d790-496b-8d39-bec77647af5b 13015
3ec64915-8f95-4374-9e66-e777dc8791e0 13009
0f9bf894-dcde-408c-b094-6e0bb3255452 13011
49c7bfde-3ffb-40e9-9a8d-8084d650ed8f 13014
e23f6f2e-35c5-4433-a294-b790ab902653 13012
There are multiple benefits to using this method. First, it doesn't
depend anymore on a non-portable API. Second it's thread safe. Third it
is fast and more proven than any hack we could attempt to try to work
around the deficiencies of the various implementations around.
This commit depends on previous patches "MINOR: tools: add 64-bit rotate
operators" and "BUG/MEDIUM: random: initialize the random pool a bit
better", all of which will need to be backported at least as far as
version 2.0. It doesn't require to backport the build fixes for circular
include files dependecy anymore.
2020-03-07 18:42:37 -05:00
ha_random_seed ( boot_seed , sizeof ( boot_seed ) ) ;
BUG/MEDIUM: random: initialize the random pool a bit better
Since the UUID sample fetch was created, some people noticed that in
certain virtualized environments they manage to get exact same UUIDs
on different instances started exactly at the same moment. It turns
out that the randoms were only initialized to spread the health checks
originally, not to provide "clean" randoms.
This patch changes this and collects more randomness from various
sources, including existing randoms, /dev/urandom when available,
RAND_bytes() when OpenSSL is available, as well as the timing for such
operations, then applies a SHA1 on all this to keep a 160 bits random
seed available, 32 of which are passed to srandom().
It's worth mentioning that there's no clean way to pass more than 32
bits to srandom() as even initstate() provides an opaque state that
must absolutely not be tampered with since known implementations
contain state information.
At least this allows to have up to 4 billion different sequences
from the boot, which is not that bad.
Note that the thread safety was still not addressed, which is another
issue for another patch.
This must be backported to all versions containing the UUID sample
fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
}
2019-03-01 08:19:31 -05:00
/* considers splicing proxies' maxconn, computes the ideal global.maxpipes
* setting , and returns it . It may return - 1 meaning " unlimited " if some
* unlimited proxies have been found and the global . maxconn value is not yet
* set . It may also return a value greater than maxconn if it ' s not yet set .
* Note that a value of zero means there is no need for pipes . - 1 is never
* returned if global . maxconn is valid .
*/
static int compute_ideal_maxpipes ( )
{
struct proxy * cur ;
int nbfe = 0 , nbbe = 0 ;
int unlimited = 0 ;
int pipes ;
int max ;
for ( cur = proxies_list ; cur ; cur = cur - > next ) {
if ( cur - > options2 & ( PR_O2_SPLIC_ANY ) ) {
if ( cur - > cap & PR_CAP_FE ) {
max = cur - > maxconn ;
nbfe + = max ;
if ( ! max ) {
unlimited = 1 ;
break ;
}
}
if ( cur - > cap & PR_CAP_BE ) {
max = cur - > fullconn ? cur - > fullconn : global . maxconn ;
nbbe + = max ;
if ( ! max ) {
unlimited = 1 ;
break ;
}
}
}
}
pipes = MAX ( nbfe , nbbe ) ;
if ( global . maxconn ) {
if ( pipes > global . maxconn | | unlimited )
pipes = global . maxconn ;
} else if ( unlimited ) {
pipes = - 1 ;
}
return pipes > = 4 ? pipes / 4 : pipes ;
}
2019-03-01 09:43:14 -05:00
/* considers global.maxsocks, global.maxpipes, async engines, SSL frontends and
* rlimits and computes an ideal maxconn . It ' s meant to be called only when
* maxsock contains the sum of listening FDs , before it is updated based on
2019-03-13 05:10:49 -04:00
* maxconn and pipes . If there are not enough FDs left , DEFAULT_MAXCONN ( by
* default 100 ) is returned as it is expected that it will even run on tight
* environments , and will maintain compatibility with previous packages that
* used to rely on this value as the default one . The system will emit a
* warning indicating how many FDs are missing anyway if needed .
2019-03-01 09:43:14 -05:00
*/
static int compute_ideal_maxconn ( )
{
int ssl_sides = ! ! global . ssl_used_frontend + ! ! global . ssl_used_backend ;
int engine_fds = global . ssl_used_async_engines * ssl_sides ;
int pipes = compute_ideal_maxpipes ( ) ;
2020-03-06 04:25:31 -05:00
int remain = MAX ( rlim_fd_cur_at_boot , rlim_fd_max_at_boot ) ;
2019-03-01 09:43:14 -05:00
int maxconn ;
/* we have to take into account these elements :
* - number of engine_fds , which inflates the number of FD needed per
* connection by this number .
* - number of pipes per connection on average : for the unlimited
* case , this is 0.5 pipe FDs per connection , otherwise it ' s a
* fixed value of 2 * pipes .
* - two FDs per connection
*/
/* subtract listeners and checks */
remain - = global . maxsock ;
2019-03-14 14:13:17 -04:00
/* one epoll_fd/kqueue_fd per thread */
remain - = global . nbthread ;
/* one wake-up pipe (2 fd) per thread */
remain - = 2 * global . nbthread ;
2019-03-01 09:43:14 -05:00
/* Fixed pipes values : we only subtract them if they're not larger
* than the remaining FDs because pipes are optional .
*/
if ( pipes > = 0 & & pipes * 2 < remain )
remain - = pipes * 2 ;
if ( pipes < 0 ) {
/* maxsock = maxconn * 2 + maxconn/4 * 2 + maxconn * engine_fds.
* = maxconn * ( 2 + 0.5 + engine_fds )
* = maxconn * ( 4 + 1 + 2 * engine_fds ) / 2
*/
maxconn = 2 * remain / ( 5 + 2 * engine_fds ) ;
} else {
/* maxsock = maxconn * 2 + maxconn * engine_fds.
* = maxconn * ( 2 + engine_fds )
*/
maxconn = remain / ( 2 + engine_fds ) ;
}
2019-03-13 05:10:49 -04:00
return MAX ( maxconn , DEFAULT_MAXCONN ) ;
2019-03-01 09:43:14 -05:00
}
2020-03-10 12:08:53 -04:00
/* computes the estimated maxsock value for the given maxconn based on the
* possibly set global . maxpipes and existing partial global . maxsock . It may
* temporarily change global . maxconn for the time needed to propagate the
* computations , and will reset it .
*/
static int compute_ideal_maxsock ( int maxconn )
{
int maxpipes = global . maxpipes ;
int maxsock = global . maxsock ;
if ( ! maxpipes ) {
int old_maxconn = global . maxconn ;
global . maxconn = maxconn ;
maxpipes = compute_ideal_maxpipes ( ) ;
global . maxconn = old_maxconn ;
}
maxsock + = maxconn * 2 ; /* each connection needs two sockets */
maxsock + = maxpipes * 2 ; /* each pipe needs two FDs */
maxsock + = global . nbthread ; /* one epoll_fd/kqueue_fd per thread */
maxsock + = 2 * global . nbthread ; /* one wake-up pipe (2 fd) per thread */
/* compute fd used by async engines */
if ( global . ssl_used_async_engines ) {
int sides = ! ! global . ssl_used_frontend + ! ! global . ssl_used_backend ;
maxsock + = maxconn * sides * global . ssl_used_async_engines ;
}
return maxsock ;
}
MEDIUM: init: always try to push the FD limit when maxconn is set from -m
When a maximum memory setting is passed to haproxy and maxconn is not set
and ulimit-n is not set, it is expected that maxconn will be set to the
highest value permitted by this memory setting, possibly affecting the
FD limit.
When maxconn was changed to be deduced from the current process's FD limit,
the automatic setting above was partially lost because it now remains
limited to the current FD limit in addition to being limited to the
memory usage. For unprivileged processes it does not change anything,
but for privileged processes the difference is important. Indeed, the
previous behavior ensured that the new FD limit could be enforced on
the process as long as the user had the privilege to do so. Now this
does not happen anymore, and some people rely on this for automatic
sizing in VM environments.
This patch implements the ability to verify if the setting will be
enforceable on the process or not. First it computes maxconn based on
the memory limits alone, then checks if the process is willing to accept
them, otherwise tries again by respecting the process' hard limit.
Thanks to this we now have the best of the pre-2.0 behavior and the
current one, in that privileged users will be able to get as high a
maxconn as they need just based on the memory limit, while unprivileged
users will still get as high a setting as permitted by the intersection
of the memory limit and the process' FD limit.
Ideally, after some observation period, this patch along with the
previous one "MINOR: init: move the maxsock calculation code to
compute_ideal_maxsock()" should be backported to 2.1 and 2.0.
Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
/* Tests if it is possible to set the current process' RLIMIT_NOFILE to
* < maxsock > , then sets it back to the previous value . Returns non - zero if the
* value is accepted , non - zero otherwise . This is used to determine if an
* automatic limit may be applied or not . When it is not , the caller knows that
* the highest we can do is the rlim_max at boot . In case of error , we return
* that the setting is possible , so that we defer the error processing to the
* final stage in charge of enforcing this .
*/
static int check_if_maxsock_permitted ( int maxsock )
{
struct rlimit orig_limit , test_limit ;
int ret ;
if ( getrlimit ( RLIMIT_NOFILE , & orig_limit ) ! = 0 )
return 1 ;
/* don't go further if we can't even set to what we have */
if ( setrlimit ( RLIMIT_NOFILE , & orig_limit ) ! = 0 )
return 1 ;
test_limit . rlim_max = MAX ( maxsock , orig_limit . rlim_max ) ;
test_limit . rlim_cur = test_limit . rlim_max ;
ret = setrlimit ( RLIMIT_NOFILE , & test_limit ) ;
if ( setrlimit ( RLIMIT_NOFILE , & orig_limit ) ! = 0 )
return 1 ;
return ret = = 0 ;
}
2006-06-25 20:48:02 -04:00
/*
* This function initializes all the necessary variables . It only returns
* if everything is OK . If something fails , it exits .
*/
2016-12-21 12:19:57 -05:00
static void init ( int argc , char * * argv )
2006-06-25 20:48:02 -04:00
{
int arg_mode = 0 ; /* MODE_DEBUG, ... */
char * tmp ;
char * cfg_pidfile = NULL ;
2009-07-20 03:30:05 -04:00
int err_code = 0 ;
2016-05-13 17:52:55 -04:00
char * err_msg = NULL ;
2010-01-03 15:12:30 -05:00
struct wordlist * wl ;
2010-12-22 11:08:21 -05:00
char * progname ;
2011-09-10 13:26:56 -04:00
char * change_dir = NULL ;
MAJOR: filters: Add filters support
This patch adds the support of filters in HAProxy. The main idea is to have a
way to "easely" extend HAProxy by adding some "modules", called filters, that
will be able to change HAProxy behavior in a programmatic way.
To do so, many entry points has been added in code to let filters to hook up to
different steps of the processing. A filter must define a flt_ops sutrctures
(see include/types/filters.h for details). This structure contains all available
callbacks that a filter can define:
struct flt_ops {
/*
* Callbacks to manage the filter lifecycle
*/
int (*init) (struct proxy *p);
void (*deinit)(struct proxy *p);
int (*check) (struct proxy *p);
/*
* Stream callbacks
*/
void (*stream_start) (struct stream *s);
void (*stream_accept) (struct stream *s);
void (*session_establish)(struct stream *s);
void (*stream_stop) (struct stream *s);
/*
* HTTP callbacks
*/
int (*http_start) (struct stream *s, struct http_msg *msg);
int (*http_start_body) (struct stream *s, struct http_msg *msg);
int (*http_start_chunk) (struct stream *s, struct http_msg *msg);
int (*http_data) (struct stream *s, struct http_msg *msg);
int (*http_last_chunk) (struct stream *s, struct http_msg *msg);
int (*http_end_chunk) (struct stream *s, struct http_msg *msg);
int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg);
int (*http_end_body) (struct stream *s, struct http_msg *msg);
void (*http_end) (struct stream *s, struct http_msg *msg);
void (*http_reset) (struct stream *s, struct http_msg *msg);
int (*http_pre_process) (struct stream *s, struct http_msg *msg);
int (*http_post_process) (struct stream *s, struct http_msg *msg);
void (*http_reply) (struct stream *s, short status,
const struct chunk *msg);
};
To declare and use a filter, in the configuration, the "filter" keyword must be
used in a listener/frontend section:
frontend test
...
filter <FILTER-NAME> [OPTIONS...]
The filter referenced by the <FILTER-NAME> must declare a configuration parser
on its own name to fill flt_ops and filter_conf field in the proxy's
structure. An exemple will be provided later to make it perfectly clear.
For now, filters cannot be used in backend section. But this is only a matter of
time. Documentation will also be added later. This is the first commit of a long
list about filters.
It is possible to have several filters on the same listener/frontend. These
filters are stored in an array of at most MAX_FILTERS elements (define in
include/types/filters.h). Again, this will be replaced later by a list of
filters.
The filter API has been highly refactored. Main changes are:
* Now, HA supports an infinite number of filters per proxy. To do so, filters
are stored in list.
* Because filters are stored in list, filters state has been moved from the
channel structure to the filter structure. This is cleaner because there is no
more info about filters in channel structure.
* It is possible to defined filters on backends only. For such filters,
stream_start/stream_stop callbacks are not called. Of course, it is possible
to mix frontend and backend filters.
* Now, TCP streams are also filtered. All callbacks without the 'http_' prefix
are called for all kind of streams. In addition, 2 new callbacks were added to
filter data exchanged through a TCP stream:
- tcp_data: it is called when new data are available or when old unprocessed
data are still waiting.
- tcp_forward_data: it is called when some data can be consumed.
* New callbacks attached to channel were added:
- channel_start_analyze: it is called when a filter is ready to process data
exchanged through a channel. 2 new analyzers (a frontend and a backend)
are attached to channels to call this callback. For a frontend filter, it
is called before any other analyzer. For a backend filter, it is called
when a backend is attached to a stream. So some processing cannot be
filtered in that case.
- channel_analyze: it is called before each analyzer attached to a channel,
expects analyzers responsible for data sending.
- channel_end_analyze: it is called when all other analyzers have finished
their processing. A new analyzers is attached to channels to call this
callback. For a TCP stream, this is always the last one called. For a HTTP
one, the callback is called when a request/response ends, so it is called
one time for each request/response.
* 'session_established' callback has been removed. Everything that is done in
this callback can be handled by 'channel_start_analyze' on the response
channel.
* 'http_pre_process' and 'http_post_process' callbacks have been replaced by
'channel_analyze'.
* 'http_start' callback has been replaced by 'http_headers'. This new one is
called just before headers sending and parsing of the body.
* 'http_end' callback has been replaced by 'channel_end_analyze'.
* It is possible to set a forwarder for TCP channels. It was already possible to
do it for HTTP ones.
* Forwarders can partially consumed forwardable data. For this reason a new
HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING.
Now all filters can define corresponding callbacks (http_forward_data
and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and
forward, to track, respectively, input data already parsed but not forwarded yet
by the filter and parsed data considered as forwarded by the filter. A any time,
we have the warranty that a filter cannot parse or forward more input than
previous ones. And, of course, it cannot forward more input than it has
parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD.
In addition, 2 functions has been added to change the 'next size' and the
'forward size' of a filter. When a filter parses input data, it can alter these
data, so the size of these data can vary. This action has an effet on all
previous filters that must be handled. To do so, the function
'filter_change_next_size' must be called, passing the size variation. In the
same spirit, if a filter alter forwarded data, it must call the function
'filter_change_forward_size'. 'filter_change_next_size' can be called in
'http_data' and 'tcp_data' callbacks and only these ones. And
'filter_change_forward_size' can be called in 'http_forward_data' and
'tcp_forward_data' callbacks and only these ones. The data changes are the
filter responsability, but with some limitation. It must not change already
parsed/forwarded data or data that previous filters have not parsed/forwarded
yet.
Because filters can be used on backends, when we the backend is set for a
stream, we add filters defined for this backend in the filter list of the
stream. But we must only do that when the backend and the frontend of the stream
are not the same. Else same filters are added a second time leading to undefined
behavior.
The HTTP compression code had to be moved.
So it simplifies http_response_forward_body function. To do so, the way the data
are forwarded has changed. Now, a filter (and only one) can forward data. In a
commit to come, this limitation will be removed to let all filters take part to
data forwarding. There are 2 new functions that filters should use to deal with
this feature:
* flt_set_http_data_forwarder: This function sets the filter (using its id)
that will forward data for the specified HTTP message. It is possible if it
was not already set by another filter _AND_ if no data was yet forwarded
(msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs.
* flt_http_data_forwarder: This function returns the filter id that will
forward data for the specified HTTP message. If there is no forwarder set, it
returns -1.
When an HTTP data forwarder is set for the response, the HTTP compression is
disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
struct proxy * px ;
2016-12-21 13:57:00 -05:00
struct post_check_fct * pcf ;
2019-03-01 09:43:14 -05:00
int ideal_maxconn ;
2006-06-25 20:48:02 -04:00
2017-10-24 07:53:54 -04:00
global . mode = MODE_STARTING ;
2020-06-05 08:08:41 -04:00
old_argv = copy_argv ( argc , argv ) ;
if ( ! old_argv ) {
BUG/MEDIUM: mworker: fix the copy of options in copy_argv()
The copy_argv() function, which is used to copy and remove some of the
arguments of the command line in order to re-exec() the master process,
is poorly implemented.
The function tries to remove the -x and the -sf/-st options but without
taking into account that some of the options could take a parameter
starting with a dash.
In issue #644, haproxy starts with "-L -xfoo" which is perfectly
correct. However, the re-exec is done without "-xfoo" because the master
tries to remove the "-x" option. Indeed, the copy_argv() function does
not know how much arguments an option can have, and just assume that
everything starting with a dash is an option. So haproxy is exec() with
"-L" but without a parameter, which is wrong and leads to the exit of
the master, with usage().
To fix this issue, copy_argv() must know how much parameters an option
takes, and copy or skip the parameters correctly.
This fix is a first step but it should evolve to a cleaner way of
declaring the options to avoid deduplication of the parsing code, so we
avoid new bugs.
Should be backported with care as far as 1.8, by removing the options
that does not exists in the previous versions.
2020-06-04 11:40:23 -04:00
ha_alert ( " failed to copy argv. \n " ) ;
exit ( 1 ) ;
}
2017-06-01 11:38:51 -04:00
2017-10-27 07:53:47 -04:00
if ( ! init_trash_buffers ( 1 ) ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " failed to initialize trash buffers. \n " ) ;
2017-07-26 08:59:46 -04:00
exit ( 1 ) ;
}
2012-05-16 08:16:48 -04:00
2010-09-23 12:30:22 -04:00
/* NB: POSIX does not make it mandatory for gethostname() to NULL-terminate
* the string in case of truncation , and at least FreeBSD appears not to do
* it .
*/
memset ( hostname , 0 , sizeof ( hostname ) ) ;
gethostname ( hostname , sizeof ( hostname ) - 1 ) ;
2020-06-18 10:56:47 -04:00
if ( ( localpeer = strdup ( hostname ) ) = = NULL ) {
ha_alert ( " Cannot allocate memory for local peer. \n " ) ;
exit ( EXIT_FAILURE ) ;
}
2018-04-17 10:46:13 -04:00
setenv ( " HAPROXY_LOCALPEER " , localpeer , 1 ) ;
2010-09-23 12:30:22 -04:00
2020-01-14 11:58:18 -05:00
/* we were in mworker mode, we should restart in mworker mode */
if ( getenv ( " HAPROXY_MWORKER_REEXEC " ) ! = NULL )
global . mode | = MODE_MWORKER ;
2006-06-25 20:48:02 -04:00
/*
* Initialize the previously static variables .
*/
2017-10-27 07:53:47 -04:00
2018-01-26 15:48:23 -05:00
totalconn = actconn = listeners = stopping = 0 ;
2017-03-23 17:44:13 -04:00
killed = 0 ;
2017-10-27 07:53:47 -04:00
2006-06-25 20:48:02 -04:00
# ifdef HAPROXY_MEMMAX
2015-12-14 06:46:07 -05:00
global . rlimit_memmax_all = HAPROXY_MEMMAX ;
2006-06-25 20:48:02 -04:00
# endif
2016-03-27 05:08:03 -04:00
tzset ( ) ;
2008-06-23 08:00:57 -04:00
tv_update_date ( - 1 , - 1 ) ;
2006-06-25 20:48:02 -04:00
start_date = now ;
BUG/MEDIUM: random: initialize the random pool a bit better
Since the UUID sample fetch was created, some people noticed that in
certain virtualized environments they manage to get exact same UUIDs
on different instances started exactly at the same moment. It turns
out that the randoms were only initialized to spread the health checks
originally, not to provide "clean" randoms.
This patch changes this and collects more randomness from various
sources, including existing randoms, /dev/urandom when available,
RAND_bytes() when OpenSSL is available, as well as the timing for such
operations, then applies a SHA1 on all this to keep a 160 bits random
seed available, 32 of which are passed to srandom().
It's worth mentioning that there's no clean way to pass more than 32
bits to srandom() as even initstate() provides an opaque state that
must absolutely not be tampered with since known implementations
contain state information.
At least this allows to have up to 4 billion different sequences
from the boot, which is not that bad.
Note that the thread safety was still not addressed, which is another
issue for another patch.
This must be backported to all versions containing the UUID sample
fetch function, i.e. as far as 2.0.
2020-03-06 12:57:15 -05:00
ha_random_boot ( argv ) ;
2014-02-14 05:59:04 -05:00
2013-01-11 09:49:37 -05:00
if ( init_acl ( ) ! = 0 )
exit ( 1 ) ;
2018-11-26 10:31:20 -05:00
2015-01-23 08:06:13 -05:00
/* Initialise lua. */
hlua_init ( ) ;
2016-11-09 05:36:17 -05:00
/* Initialize process vars */
vars_init ( & global . vars , SCOPE_PROC ) ;
2009-01-25 09:42:27 -05:00
global . tune . options | = GTUNE_USE_SELECT ; /* select() is always available */
2019-05-22 13:24:06 -04:00
# if defined(USE_POLL)
2009-01-25 09:42:27 -05:00
global . tune . options | = GTUNE_USE_POLL ;
2006-06-25 20:48:02 -04:00
# endif
2019-05-22 13:24:06 -04:00
# if defined(USE_EPOLL)
2009-01-25 09:42:27 -05:00
global . tune . options | = GTUNE_USE_EPOLL ;
2006-06-25 20:48:02 -04:00
# endif
2019-05-22 13:24:06 -04:00
# if defined(USE_KQUEUE)
2009-01-25 09:42:27 -05:00
global . tune . options | = GTUNE_USE_KQUEUE ;
2007-04-09 06:03:06 -04:00
# endif
2019-05-22 13:24:06 -04:00
# if defined(USE_EVPORTS)
2019-04-08 12:53:32 -04:00
global . tune . options | = GTUNE_USE_EVPORTS ;
# endif
2019-05-22 13:24:06 -04:00
# if defined(USE_LINUX_SPLICE)
2009-01-25 10:03:28 -05:00
global . tune . options | = GTUNE_USE_SPLICE ;
# endif
2014-04-14 09:56:58 -04:00
# if defined(USE_GETADDRINFO)
global . tune . options | = GTUNE_USE_GAI ;
# endif
2016-09-12 17:42:20 -04:00
# if defined(SO_REUSEPORT)
global . tune . options | = GTUNE_USE_REUSEPORT ;
# endif
2020-07-01 12:49:24 -04:00
# ifdef USE_THREAD
global . tune . options | = GTUNE_IDLE_POOL_SHARED ;
# endif
2006-06-25 20:48:02 -04:00
pid = getpid ( ) ;
progname = * argv ;
while ( ( tmp = strchr ( progname , ' / ' ) ) ! = NULL )
progname = tmp + 1 ;
2010-12-22 11:08:21 -05:00
/* the process name is used for the logs only */
2015-10-01 07:18:13 -04:00
chunk_initstr ( & global . log_tag , strdup ( progname ) ) ;
2010-12-22 11:08:21 -05:00
2006-06-25 20:48:02 -04:00
argc - - ; argv + + ;
while ( argc > 0 ) {
char * flag ;
if ( * * argv = = ' - ' ) {
flag = * argv + 1 ;
/* 1 arg */
if ( * flag = = ' v ' ) {
display_version ( ) ;
2007-12-02 05:28:59 -05:00
if ( flag [ 1 ] = = ' v ' ) /* -vv */
display_build_opts ( ) ;
2006-06-25 20:48:02 -04:00
exit ( 0 ) ;
}
2019-05-22 13:24:06 -04:00
# if defined(USE_EPOLL)
2006-06-25 20:48:02 -04:00
else if ( * flag = = ' d ' & & flag [ 1 ] = = ' e ' )
2009-01-25 09:42:27 -05:00
global . tune . options & = ~ GTUNE_USE_EPOLL ;
2006-06-25 20:48:02 -04:00
# endif
2019-05-22 13:24:06 -04:00
# if defined(USE_POLL)
2006-06-25 20:48:02 -04:00
else if ( * flag = = ' d ' & & flag [ 1 ] = = ' p ' )
2009-01-25 09:42:27 -05:00
global . tune . options & = ~ GTUNE_USE_POLL ;
2007-04-09 06:03:06 -04:00
# endif
2019-05-22 13:24:06 -04:00
# if defined(USE_KQUEUE)
2007-04-09 06:03:06 -04:00
else if ( * flag = = ' d ' & & flag [ 1 ] = = ' k ' )
2009-01-25 09:42:27 -05:00
global . tune . options & = ~ GTUNE_USE_KQUEUE ;
2009-01-25 10:03:28 -05:00
# endif
2019-05-22 13:24:06 -04:00
# if defined(USE_EVPORTS)
2019-04-08 12:53:32 -04:00
else if ( * flag = = ' d ' & & flag [ 1 ] = = ' v ' )
global . tune . options & = ~ GTUNE_USE_EVPORTS ;
# endif
2019-05-22 13:24:06 -04:00
# if defined(USE_LINUX_SPLICE)
2009-01-25 10:03:28 -05:00
else if ( * flag = = ' d ' & & flag [ 1 ] = = ' S ' )
global . tune . options & = ~ GTUNE_USE_SPLICE ;
2014-04-14 09:56:58 -04:00
# endif
# if defined(USE_GETADDRINFO)
else if ( * flag = = ' d ' & & flag [ 1 ] = = ' G ' )
global . tune . options & = ~ GTUNE_USE_GAI ;
2016-09-12 17:42:20 -04:00
# endif
# if defined(SO_REUSEPORT)
else if ( * flag = = ' d ' & & flag [ 1 ] = = ' R ' )
global . tune . options & = ~ GTUNE_USE_REUSEPORT ;
2006-06-25 20:48:02 -04:00
# endif
2014-01-29 06:24:34 -05:00
else if ( * flag = = ' d ' & & flag [ 1 ] = = ' V ' )
global . ssl_server_verify = SSL_SERVER_VERIFY_NONE ;
2006-06-25 20:48:02 -04:00
else if ( * flag = = ' V ' )
arg_mode | = MODE_VERBOSE ;
else if ( * flag = = ' d ' & & flag [ 1 ] = = ' b ' )
arg_mode | = MODE_FOREGROUND ;
2020-04-15 10:42:39 -04:00
else if ( * flag = = ' d ' & & flag [ 1 ] = = ' W ' )
arg_mode | = MODE_ZERO_WARNING ;
2012-05-08 09:40:42 -04:00
else if ( * flag = = ' d ' & & flag [ 1 ] = = ' M ' )
mem_poison_byte = flag [ 2 ] ? strtol ( flag + 2 , NULL , 0 ) : ' P ' ;
2016-11-07 15:03:16 -05:00
else if ( * flag = = ' d ' & & flag [ 1 ] = = ' r ' )
global . tune . options | = GTUNE_RESOLVE_DONTFAIL ;
2006-06-25 20:48:02 -04:00
else if ( * flag = = ' d ' )
arg_mode | = MODE_DEBUG ;
else if ( * flag = = ' c ' )
arg_mode | = MODE_CHECK ;
2017-06-01 11:38:50 -04:00
else if ( * flag = = ' D ' )
2009-05-18 10:29:51 -04:00
arg_mode | = MODE_DAEMON ;
2017-11-20 09:58:35 -05:00
else if ( * flag = = ' W ' & & flag [ 1 ] = = ' s ' ) {
2017-11-21 06:39:34 -05:00
arg_mode | = MODE_MWORKER | MODE_FOREGROUND ;
2017-11-20 09:58:35 -05:00
# if defined(USE_SYSTEMD)
global . tune . options | = GTUNE_USE_SYSTEMD ;
# else
2017-11-24 10:50:31 -05:00
ha_alert ( " master-worker mode with systemd support (-Ws) requested, but not compiled. Use master-worker mode (-W) if you are not using Type=notify in your unit file or recompile with USE_SYSTEMD=1. \n \n " ) ;
2017-11-20 09:58:35 -05:00
usage ( progname ) ;
# endif
}
2017-06-01 11:38:50 -04:00
else if ( * flag = = ' W ' )
arg_mode | = MODE_MWORKER ;
2006-06-25 20:48:02 -04:00
else if ( * flag = = ' q ' )
arg_mode | = MODE_QUIET ;
2017-04-05 16:33:04 -04:00
else if ( * flag = = ' x ' ) {
2020-06-04 17:41:29 -04:00
if ( argc < = 1 ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " Unix socket path expected with the -x flag \n \n " ) ;
2017-06-19 09:57:55 -04:00
usage ( progname ) ;
2017-04-05 16:33:04 -04:00
}
2017-06-19 10:37:19 -04:00
if ( old_unixsocket )
2017-11-24 10:50:31 -05:00
ha_warning ( " -x option already set, overwriting the value \n " ) ;
2017-04-05 16:33:04 -04:00
old_unixsocket = argv [ 1 ] ;
2017-06-19 10:37:19 -04:00
2017-04-05 16:33:04 -04:00
argv + + ;
argc - - ;
}
2018-10-26 08:47:36 -04:00
else if ( * flag = = ' S ' ) {
struct wordlist * c ;
2020-06-04 17:49:20 -04:00
if ( argc < = 1 ) {
2018-10-26 08:47:36 -04:00
ha_alert ( " Socket and optional bind parameters expected with the -S flag \n " ) ;
usage ( progname ) ;
}
if ( ( c = malloc ( sizeof ( * c ) ) ) = = NULL | | ( c - > s = strdup ( argv [ 1 ] ) ) = = NULL ) {
ha_alert ( " Cannot allocate memory \n " ) ;
exit ( EXIT_FAILURE ) ;
}
LIST_ADD ( & mworker_cli_conf , & c - > list ) ;
argv + + ;
argc - - ;
}
2006-06-25 20:48:02 -04:00
else if ( * flag = = ' s ' & & ( flag [ 1 ] = = ' f ' | | flag [ 1 ] = = ' t ' ) ) {
/* list of pids to finish ('f') or terminate ('t') */
if ( flag [ 1 ] = = ' f ' )
oldpids_sig = SIGUSR1 ; /* finish then exit */
else
oldpids_sig = SIGTERM ; /* terminate immediately */
2015-10-08 05:32:32 -04:00
while ( argc > 1 & & argv [ 1 ] [ 0 ] ! = ' - ' ) {
2018-02-05 18:15:44 -05:00
char * endptr = NULL ;
2015-10-08 05:32:32 -04:00
oldpids = realloc ( oldpids , ( nb_oldpids + 1 ) * sizeof ( int ) ) ;
if ( ! oldpids ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " Cannot allocate old pid : out of memory. \n " ) ;
2015-10-08 05:32:32 -04:00
exit ( 1 ) ;
2006-06-25 20:48:02 -04:00
}
2015-10-08 05:32:32 -04:00
argc - - ; argv + + ;
2018-02-05 18:15:44 -05:00
errno = 0 ;
oldpids [ nb_oldpids ] = strtol ( * argv , & endptr , 10 ) ;
if ( errno ) {
ha_alert ( " -%2s option: failed to parse {%s}: %s \n " ,
flag ,
* argv , strerror ( errno ) ) ;
exit ( 1 ) ;
} else if ( endptr & & strlen ( endptr ) ) {
2020-02-25 02:16:33 -05:00
while ( isspace ( ( unsigned char ) * endptr ) ) endptr + + ;
2018-02-17 14:53:11 -05:00
if ( * endptr ! = 0 ) {
2018-02-05 18:15:44 -05:00
ha_alert ( " -%2s option: some bytes unconsumed in PID list {%s} \n " ,
flag , endptr ) ;
exit ( 1 ) ;
2018-02-17 14:53:11 -05:00
}
2018-02-05 18:15:44 -05:00
}
2015-10-08 05:32:32 -04:00
if ( oldpids [ nb_oldpids ] < = 0 )
usage ( progname ) ;
nb_oldpids + + ;
2006-06-25 20:48:02 -04:00
}
}
2015-10-08 05:58:48 -04:00
else if ( flag [ 0 ] = = ' - ' & & flag [ 1 ] = = 0 ) { /* "--" */
/* now that's a cfgfile list */
argv + + ; argc - - ;
while ( argc > 0 ) {
2016-05-13 17:52:55 -04:00
if ( ! list_append_word ( & cfg_cfgfiles , * argv , & err_msg ) ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " Cannot load configuration file/directory %s : %s \n " ,
* argv ,
err_msg ) ;
2015-10-08 05:58:48 -04:00
exit ( 1 ) ;
}
argv + + ; argc - - ;
}
break ;
}
2006-06-25 20:48:02 -04:00
else { /* >=2 args */
argv + + ; argc - - ;
if ( argc = = 0 )
2011-09-10 13:20:23 -04:00
usage ( progname ) ;
2006-06-25 20:48:02 -04:00
switch ( * flag ) {
2011-09-10 13:26:56 -04:00
case ' C ' : change_dir = * argv ; break ;
2006-06-25 20:48:02 -04:00
case ' n ' : cfg_maxconn = atol ( * argv ) ; break ;
2015-12-14 06:46:07 -05:00
case ' m ' : global . rlimit_memmax_all = atol ( * argv ) ; break ;
2006-06-25 20:48:02 -04:00
case ' N ' : cfg_maxpconn = atol ( * argv ) ; break ;
2018-04-17 10:46:13 -04:00
case ' L ' :
2020-06-18 10:56:47 -04:00
free ( localpeer ) ;
if ( ( localpeer = strdup ( * argv ) ) = = NULL ) {
ha_alert ( " Cannot allocate memory for local peer. \n " ) ;
exit ( EXIT_FAILURE ) ;
}
2018-04-17 10:46:13 -04:00
setenv ( " HAPROXY_LOCALPEER " , localpeer , 1 ) ;
2020-06-18 12:24:05 -04:00
global . localpeer_cmdline = 1 ;
2018-04-17 10:46:13 -04:00
break ;
2009-06-22 10:02:30 -04:00
case ' f ' :
2016-05-13 17:52:55 -04:00
if ( ! list_append_word ( & cfg_cfgfiles , * argv , & err_msg ) ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " Cannot load configuration file/directory %s : %s \n " ,
* argv ,
err_msg ) ;
2009-06-22 10:02:30 -04:00
exit ( 1 ) ;
}
break ;
2006-06-25 20:48:02 -04:00
case ' p ' : cfg_pidfile = * argv ; break ;
2011-09-10 13:20:23 -04:00
default : usage ( progname ) ;
2006-06-25 20:48:02 -04:00
}
}
}
else
2011-09-10 13:20:23 -04:00
usage ( progname ) ;
2006-06-25 20:48:02 -04:00
argv + + ; argc - - ;
}
2017-10-24 07:53:54 -04:00
global . mode | = ( arg_mode & ( MODE_DAEMON | MODE_MWORKER | MODE_FOREGROUND | MODE_VERBOSE
2020-04-15 10:42:39 -04:00
| MODE_QUIET | MODE_CHECK | MODE_DEBUG | MODE_ZERO_WARNING ) ) ;
2006-06-25 20:48:02 -04:00
2018-11-21 09:48:31 -05:00
if ( getenv ( " HAPROXY_MWORKER_WAIT_ONLY " ) ) {
2017-06-01 11:38:52 -04:00
unsetenv ( " HAPROXY_MWORKER_WAIT_ONLY " ) ;
2018-11-21 09:48:31 -05:00
global . mode | = MODE_MWORKER_WAIT ;
global . mode & = ~ MODE_MWORKER ;
2017-06-01 11:38:52 -04:00
}
if ( ( global . mode & MODE_MWORKER ) & & ( getenv ( " HAPROXY_MWORKER_REEXEC " ) ! = NULL ) ) {
atexit_flag = 1 ;
atexit ( reexec_on_failure ) ;
}
2011-09-10 13:26:56 -04:00
if ( change_dir & & chdir ( change_dir ) < 0 ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " Could not change to directory %s : %s \n " , change_dir , strerror ( errno ) ) ;
2011-09-10 13:26:56 -04:00
exit ( 1 ) ;
}
2006-06-25 20:48:02 -04:00
global . maxsock = 10 ; /* reserve 10 fds ; will be incremented by socket eaters */
2009-06-22 09:48:36 -04:00
init_default_instance ( ) ;
2018-11-21 09:48:31 -05:00
/* in wait mode, we don't try to read the configuration files */
if ( ! ( global . mode & MODE_MWORKER_WAIT ) ) {
2019-05-20 05:15:37 -04:00
struct buffer * trash = get_trash_chunk ( ) ;
2009-12-06 07:10:44 -05:00
2018-11-21 09:48:31 -05:00
/* handle cfgfiles that are actually directories */
cfgfiles_expand_directories ( ) ;
if ( LIST_ISEMPTY ( & cfg_cfgfiles ) )
usage ( progname ) ;
list_for_each_entry ( wl , & cfg_cfgfiles , list ) {
int ret ;
2019-05-20 05:15:37 -04:00
if ( trash - > data )
chunk_appendf ( trash , " ; " ) ;
chunk_appendf ( trash , " %s " , wl - > s ) ;
2018-11-21 09:48:31 -05:00
ret = readcfgfile ( wl - > s ) ;
if ( ret = = - 1 ) {
ha_alert ( " Could not open configuration file %s : %s \n " ,
wl - > s , strerror ( errno ) ) ;
exit ( 1 ) ;
}
if ( ret & ( ERR_ABORT | ERR_FATAL ) )
ha_alert ( " Error(s) found in configuration file : %s \n " , wl - > s ) ;
err_code | = ret ;
if ( err_code & ERR_ABORT )
exit ( 1 ) ;
2009-12-06 07:10:44 -05:00
}
2007-10-14 17:40:01 -04:00
2018-11-21 09:48:31 -05:00
/* do not try to resolve arguments nor to spot inconsistencies when
* the configuration contains fatal errors caused by files not found
* or failed memory allocations .
*/
if ( err_code & ( ERR_ABORT | ERR_FATAL ) ) {
ha_alert ( " Fatal errors found in configuration. \n " ) ;
exit ( 1 ) ;
}
2019-05-20 05:15:37 -04:00
if ( trash - > data )
setenv ( " HAPROXY_CFGFILES " , trash - > area , 1 ) ;
MEDIUM: config: don't check config validity when there are fatal errors
Overall we do have an issue with the severity of a number of errors. Most
fatal errors are reported with ERR_FATAL (which prevents startup) and not
ERR_ABORT (which stops parsing ASAP), but check_config_validity() is still
called on ERR_FATAL, and will most of the time report bogus errors. This
is what caused smp_resolve_args() to be called on a number of unparsable
ACLs, and it also is what reports incorrect ordering or unresolvable
section names when certain entries could not be properly parsed.
This patch stops this domino effect by simply aborting before trying to
further check and resolve the configuration when it's already know that
there are fatal errors.
A concrete example comes from this config :
userlist users :
user foo insecure-password bar
listen foo
bind :1234
mode htttp
timeout client 10S
timeout server 10s
timeout connect 10s
stats uri /stats
stats http-request auth unless { http_auth(users) }
http-request redirect location /index.html if { path / }
It contains a colon after the userlist name, a typo in the client timeout value,
another one in "mode http" which cause some other configuration elements not to
be properly handled.
Previously it would confusingly report :
[ALERT] 108/114851 (20224) : parsing [err-report.cfg:1] : 'userlist' cannot handle unexpected argument ':'.
[ALERT] 108/114851 (20224) : parsing [err-report.cfg:6] : unknown proxy mode 'htttp'.
[ALERT] 108/114851 (20224) : parsing [err-report.cfg:7] : unexpected character 'S' in 'timeout client'
[ALERT] 108/114851 (20224) : Error(s) found in configuration file : err-report.cfg
[ALERT] 108/114851 (20224) : parsing [err-report.cfg:11] : unable to find userlist 'users' referenced in arg 1 of ACL keyword 'http_auth' in proxy 'foo'.
[WARNING] 108/114851 (20224) : config : missing timeouts for proxy 'foo'.
| While not properly invalid, you will certainly encounter various problems
| with such a configuration. To fix this, please ensure that all following
| timeouts are set to a non-zero value: 'client', 'connect', 'server'.
[WARNING] 108/114851 (20224) : config : 'stats' statement ignored for proxy 'foo' as it requires HTTP mode.
[WARNING] 108/114851 (20224) : config : 'http-request' rules ignored for proxy 'foo' as they require HTTP mode.
[ALERT] 108/114851 (20224) : Fatal errors found in configuration.
The "requires HTTP mode" errors are just pollution resulting from the
improper spelling of this mode earlier. The unresolved reference to the
userlist is caused by the extra colon on the declaration, and the warning
regarding the missing timeouts is caused by the wrong character.
Now it more accurately reports :
[ALERT] 108/114900 (20225) : parsing [err-report.cfg:1] : 'userlist' cannot handle unexpected argument ':'.
[ALERT] 108/114900 (20225) : parsing [err-report.cfg:6] : unknown proxy mode 'htttp'.
[ALERT] 108/114900 (20225) : parsing [err-report.cfg:7] : unexpected character 'S' in 'timeout client'
[ALERT] 108/114900 (20225) : Error(s) found in configuration file : err-report.cfg
[ALERT] 108/114900 (20225) : Fatal errors found in configuration.
Despite not really a fix, this patch should be backported at least to 1.7,
possibly even 1.6, and 1.5 since it hardens the config parser against
certain bad situations like the recently reported use-after-free and the
last null dereference.
2017-04-19 05:24:07 -04:00
}
2018-10-26 08:47:30 -04:00
if ( global . mode & MODE_MWORKER ) {
int proc ;
2018-11-19 12:46:18 -05:00
struct mworker_proc * tmproc ;
2019-04-12 10:15:00 -04:00
setenv ( " HAPROXY_MWORKER " , " 1 " , 1 ) ;
2018-11-19 12:46:18 -05:00
if ( getenv ( " HAPROXY_MWORKER_REEXEC " ) = = NULL ) {
2019-04-01 05:29:58 -04:00
tmproc = calloc ( 1 , sizeof ( * tmproc ) ) ;
2018-11-19 12:46:18 -05:00
if ( ! tmproc ) {
ha_alert ( " Cannot allocate process structures. \n " ) ;
exit ( EXIT_FAILURE ) ;
}
2019-04-12 10:09:23 -04:00
tmproc - > options | = PROC_O_TYPE_MASTER ; /* master */
2018-11-19 12:46:18 -05:00
tmproc - > reloads = 0 ;
tmproc - > relative_pid = 0 ;
tmproc - > pid = pid ;
tmproc - > timestamp = start_date . tv_sec ;
tmproc - > ipc_fd [ 0 ] = - 1 ;
tmproc - > ipc_fd [ 1 ] = - 1 ;
proc_self = tmproc ;
LIST_ADDQ ( & proc_list , & tmproc - > list ) ;
}
2018-10-26 08:47:30 -04:00
for ( proc = 0 ; proc < global . nbproc ; proc + + ) {
2019-04-01 05:29:58 -04:00
tmproc = calloc ( 1 , sizeof ( * tmproc ) ) ;
2018-10-26 08:47:30 -04:00
if ( ! tmproc ) {
ha_alert ( " Cannot allocate process structures. \n " ) ;
exit ( EXIT_FAILURE ) ;
}
2019-04-12 10:09:23 -04:00
tmproc - > options | = PROC_O_TYPE_WORKER ; /* worker */
2018-10-26 08:47:30 -04:00
tmproc - > pid = - 1 ;
tmproc - > reloads = 0 ;
2018-11-19 12:46:17 -05:00
tmproc - > timestamp = - 1 ;
2018-10-26 08:47:30 -04:00
tmproc - > relative_pid = 1 + proc ;
2018-11-06 11:37:12 -05:00
tmproc - > ipc_fd [ 0 ] = - 1 ;
tmproc - > ipc_fd [ 1 ] = - 1 ;
2018-10-26 08:47:30 -04:00
if ( mworker_cli_sockpair_new ( tmproc , proc ) < 0 ) {
exit ( EXIT_FAILURE ) ;
}
LIST_ADDQ ( & proc_list , & tmproc - > list ) ;
}
2018-11-21 09:48:31 -05:00
}
if ( global . mode & ( MODE_MWORKER | MODE_MWORKER_WAIT ) ) {
struct wordlist * it , * c ;
2018-10-26 08:47:33 -04:00
mworker_env_to_proc_list ( ) ; /* get the info of the children in the env */
2018-10-26 08:47:35 -04:00
2018-10-26 08:47:36 -04:00
2018-11-06 11:37:12 -05:00
if ( ! LIST_ISEMPTY ( & mworker_cli_conf ) ) {
2018-10-26 08:47:36 -04:00
2018-11-06 11:37:12 -05:00
if ( mworker_cli_proxy_create ( ) < 0 ) {
2018-10-26 08:47:36 -04:00
ha_alert ( " Can't create the master's CLI. \n " ) ;
exit ( EXIT_FAILURE ) ;
}
2018-11-06 11:37:12 -05:00
list_for_each_entry_safe ( c , it , & mworker_cli_conf , list ) {
if ( mworker_cli_proxy_new_listener ( c - > s ) < 0 ) {
ha_alert ( " Can't create the master's CLI. \n " ) ;
exit ( EXIT_FAILURE ) ;
}
LIST_DEL ( & c - > list ) ;
free ( c - > s ) ;
free ( c ) ;
}
}
2018-10-26 08:47:30 -04:00
}
2009-07-23 07:36:36 -04:00
err_code | = check_config_validity ( ) ;
2019-08-12 03:51:07 -04:00
for ( px = proxies_list ; px ; px = px - > next ) {
struct server * srv ;
struct post_proxy_check_fct * ppcf ;
struct post_server_check_fct * pscf ;
list_for_each_entry ( pscf , & post_server_check_list , list ) {
for ( srv = px - > srv ; srv ; srv = srv - > next )
err_code | = pscf - > fct ( srv ) ;
}
list_for_each_entry ( ppcf , & post_proxy_check_list , list )
err_code | = ppcf - > fct ( px ) ;
}
2009-07-23 07:36:36 -04:00
if ( err_code & ( ERR_ABORT | ERR_FATAL ) ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " Fatal errors found in configuration. \n " ) ;
2009-06-22 09:48:36 -04:00
exit ( 1 ) ;
}
2006-06-25 20:48:02 -04:00
2020-02-27 10:45:50 -05:00
err_code | = pattern_finalize_config ( ) ;
if ( err_code & ( ERR_ABORT | ERR_FATAL ) ) {
ha_alert ( " Failed to finalize pattern config. \n " ) ;
exit ( 1 ) ;
}
2019-04-11 08:47:08 -04:00
2015-12-14 06:46:07 -05:00
/* recompute the amount of per-process memory depending on nbproc and
* the shared SSL cache size ( allowed to exist in all processes ) .
*/
if ( global . rlimit_memmax_all ) {
# if defined (USE_OPENSSL) && !defined(USE_PRIVATE_CACHE)
int64_t ssl_cache_bytes = global . tune . sslcachesize * 200LL ;
global . rlimit_memmax =
( ( ( ( int64_t ) global . rlimit_memmax_all * 1048576LL ) -
ssl_cache_bytes ) / global . nbproc +
ssl_cache_bytes + 1048575LL ) / 1048576LL ;
# else
global . rlimit_memmax = global . rlimit_memmax_all / global . nbproc ;
# endif
}
2019-05-22 13:24:06 -04:00
# ifdef USE_NS
2014-11-17 09:11:45 -05:00
err_code | = netns_init ( ) ;
if ( err_code & ( ERR_ABORT | ERR_FATAL ) ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " Failed to initialize namespace support. \n " ) ;
2014-11-17 09:11:45 -05:00
exit ( 1 ) ;
}
# endif
2016-11-02 10:33:15 -04:00
/* Apply server states */
apply_server_state ( ) ;
2017-11-24 10:54:05 -05:00
for ( px = proxies_list ; px ; px = px - > next )
2016-11-02 10:33:15 -04:00
srv_compute_all_admin_states ( px ) ;
2016-11-02 10:34:05 -04:00
/* Apply servers' configured address */
err_code | = srv_init_addr ( ) ;
if ( err_code & ( ERR_ABORT | ERR_FATAL ) ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " Failed to initialize server(s) addr. \n " ) ;
2016-11-02 10:34:05 -04:00
exit ( 1 ) ;
}
2020-04-15 10:42:39 -04:00
if ( warned & WARN_ANY & & global . mode & MODE_ZERO_WARNING ) {
ha_alert ( " Some warnings were found and 'zero-warning' is set. Aborting. \n " ) ;
exit ( 1 ) ;
}
2006-06-25 20:48:02 -04:00
if ( global . mode & MODE_CHECK ) {
2012-02-02 11:48:18 -05:00
struct peers * pr ;
struct proxy * px ;
2020-04-15 10:06:11 -04:00
if ( warned & WARN_ANY )
qfprintf ( stdout , " Warnings were found. \n " ) ;
2017-07-13 03:07:09 -04:00
for ( pr = cfg_peers ; pr ; pr = pr - > next )
2012-02-02 11:48:18 -05:00
if ( pr - > peers_fe )
break ;
2017-11-24 10:54:05 -05:00
for ( px = proxies_list ; px ; px = px - > next )
2012-09-20 10:48:07 -04:00
if ( px - > state = = PR_STNEW & & ! LIST_ISEMPTY ( & px - > conf . listeners ) )
2012-02-02 11:48:18 -05:00
break ;
if ( pr | | px ) {
/* At least one peer or one listener has been found */
qfprintf ( stdout , " Configuration file is valid \n " ) ;
MINOR: haproxy: Make use of deinit_and_exit() for clean exits
Particularly cleanly deinit() after a configuration check to clean up the
output of valgrind which reports "possible losses" without a deinit() and
does not with a deinit(), converting actual losses into proper hard losses
which makes the whole stuff easier to analyze.
As an example, given an example configuration of the following:
frontend foo
bind *:8080
mode http
Running `haproxy -c -f cfg` within valgrind will report 4 possible losses:
$ valgrind --leak-check=full ./haproxy -c -f ./example.cfg
==21219== Memcheck, a memory error detector
==21219== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==21219== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==21219== Command: ./haproxy -c -f ./example.cfg
==21219==
[WARNING] 165/001100 (21219) : config : missing timeouts for frontend 'foo'.
| While not properly invalid, you will certainly encounter various problems
| with such a configuration. To fix this, please ensure that all following
| timeouts are set to a non-zero value: 'client', 'connect', 'server'.
Warnings were found.
Configuration file is valid
==21219==
==21219== HEAP SUMMARY:
==21219== in use at exit: 1,436,631 bytes in 130 blocks
==21219== total heap usage: 153 allocs, 23 frees, 1,447,758 bytes allocated
==21219==
==21219== 7 bytes in 1 blocks are possibly lost in loss record 5 of 54
==21219== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21219== by 0x5726489: strdup (strdup.c:42)
==21219== by 0x468FD9: bind_conf_alloc (listener.h:158)
==21219== by 0x468FD9: cfg_parse_listen (cfgparse-listen.c:557)
==21219== by 0x459DF3: readcfgfile (cfgparse.c:2167)
==21219== by 0x5056CD: init (haproxy.c:2021)
==21219== by 0x418232: main (haproxy.c:3121)
==21219==
==21219== 14 bytes in 1 blocks are possibly lost in loss record 9 of 54
==21219== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21219== by 0x5726489: strdup (strdup.c:42)
==21219== by 0x468F9B: bind_conf_alloc (listener.h:154)
==21219== by 0x468F9B: cfg_parse_listen (cfgparse-listen.c:557)
==21219== by 0x459DF3: readcfgfile (cfgparse.c:2167)
==21219== by 0x5056CD: init (haproxy.c:2021)
==21219== by 0x418232: main (haproxy.c:3121)
==21219==
==21219== 128 bytes in 1 blocks are possibly lost in loss record 35 of 54
==21219== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21219== by 0x468F90: bind_conf_alloc (listener.h:152)
==21219== by 0x468F90: cfg_parse_listen (cfgparse-listen.c:557)
==21219== by 0x459DF3: readcfgfile (cfgparse.c:2167)
==21219== by 0x5056CD: init (haproxy.c:2021)
==21219== by 0x418232: main (haproxy.c:3121)
==21219==
==21219== 608 bytes in 1 blocks are possibly lost in loss record 46 of 54
==21219== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21219== by 0x4B953A: create_listeners (listener.c:576)
==21219== by 0x4578F6: str2listener (cfgparse.c:192)
==21219== by 0x469039: cfg_parse_listen (cfgparse-listen.c:568)
==21219== by 0x459DF3: readcfgfile (cfgparse.c:2167)
==21219== by 0x5056CD: init (haproxy.c:2021)
==21219== by 0x418232: main (haproxy.c:3121)
==21219==
==21219== LEAK SUMMARY:
==21219== definitely lost: 0 bytes in 0 blocks
==21219== indirectly lost: 0 bytes in 0 blocks
==21219== possibly lost: 757 bytes in 4 blocks
==21219== still reachable: 1,435,874 bytes in 126 blocks
==21219== suppressed: 0 bytes in 0 blocks
==21219== Reachable blocks (those to which a pointer was found) are not shown.
==21219== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==21219==
==21219== For counts of detected and suppressed errors, rerun with: -v
==21219== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)
Re-running the same command with the patch applied will not report any
losses any more:
$ valgrind --leak-check=full ./haproxy -c -f ./example.cfg
==22124== Memcheck, a memory error detector
==22124== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==22124== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==22124== Command: ./haproxy -c -f ./example.cfg
==22124==
[WARNING] 165/001503 (22124) : config : missing timeouts for frontend 'foo'.
| While not properly invalid, you will certainly encounter various problems
| with such a configuration. To fix this, please ensure that all following
| timeouts are set to a non-zero value: 'client', 'connect', 'server'.
Warnings were found.
Configuration file is valid
==22124==
==22124== HEAP SUMMARY:
==22124== in use at exit: 313,864 bytes in 82 blocks
==22124== total heap usage: 153 allocs, 71 frees, 1,447,758 bytes allocated
==22124==
==22124== LEAK SUMMARY:
==22124== definitely lost: 0 bytes in 0 blocks
==22124== indirectly lost: 0 bytes in 0 blocks
==22124== possibly lost: 0 bytes in 0 blocks
==22124== still reachable: 313,864 bytes in 82 blocks
==22124== suppressed: 0 bytes in 0 blocks
==22124== Reachable blocks (those to which a pointer was found) are not shown.
==22124== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==22124==
==22124== For counts of detected and suppressed errors, rerun with: -v
==22124== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
It might be worth investigating what exactly HAProxy does to lose pointers
to the start of those 4 memory areas and then to be able to still free them
during deinit(). If HAProxy is able to free them, they ideally should be
"still reachable" and not "possibly lost".
2020-06-13 18:37:42 -04:00
deinit_and_exit ( 0 ) ;
2012-02-02 11:48:18 -05:00
}
qfprintf ( stdout , " Configuration file has no error but will not start (no listener) => exit(2). \n " ) ;
exit ( 2 ) ;
2006-06-25 20:48:02 -04:00
}
2012-08-27 18:06:31 -04:00
/* now we know the buffer size, we can initialize the channels and buffers */
2012-10-12 17:49:43 -04:00
init_buffer ( ) ;
2009-09-23 17:37:52 -04:00
2016-12-21 13:57:00 -05:00
list_for_each_entry ( pcf , & post_check_list , list ) {
err_code | = pcf - > fct ( ) ;
if ( err_code & ( ERR_ABORT | ERR_FATAL ) )
exit ( 1 ) ;
}
2006-06-25 20:48:02 -04:00
if ( cfg_maxconn > 0 )
global . maxconn = cfg_maxconn ;
2019-03-01 03:39:42 -05:00
if ( global . stats_fe )
global . maxsock + = global . stats_fe - > maxconn ;
if ( cfg_peers ) {
/* peers also need to bypass global maxconn */
struct peers * p = cfg_peers ;
for ( p = cfg_peers ; p ; p = p - > next )
if ( p - > peers_fe )
global . maxsock + = p - > peers_fe - > maxconn ;
}
2006-06-25 20:48:02 -04:00
if ( cfg_pidfile ) {
2008-08-03 06:19:50 -04:00
free ( global . pidfile ) ;
2006-06-25 20:48:02 -04:00
global . pidfile = strdup ( cfg_pidfile ) ;
}
2015-01-15 15:45:22 -05:00
/* Now we want to compute the maxconn and possibly maxsslconn values.
2019-03-01 09:43:14 -05:00
* It ' s a bit tricky . Maxconn defaults to the pre - computed value based
* on rlim_fd_cur and the number of FDs in use due to the configuration ,
* and maxsslconn defaults to DEFAULT_MAXSSLCONN . On top of that we can
* enforce a lower limit based on memmax .
2015-01-15 15:45:22 -05:00
*
* If memmax is set , then it depends on which values are set . If
* maxsslconn is set , we use memmax to determine how many cleartext
* connections may be added , and set maxconn to the sum of the two .
* If maxconn is set and not maxsslconn , maxsslconn is computed from
* the remaining amount of memory between memmax and the cleartext
* connections . If neither are set , then it is considered that all
* connections are SSL - capable , and maxconn is computed based on this ,
* then maxsslconn accordingly . We need to know if SSL is used on the
* frontends , backends , or both , because when it ' s used on both sides ,
* we need twice the value for maxsslconn , but we only count the
* handshake once since it is not performed on the two sides at the
* same time ( frontend - side is terminated before backend - side begins ) .
* The SSL stack is supposed to have filled ssl_session_cost and
2015-01-28 13:03:21 -05:00
* ssl_handshake_cost during its initialization . In any case , if
* SYSTEM_MAXCONN is set , we still enforce it as an upper limit for
* maxconn in order to protect the system .
2015-01-15 15:45:22 -05:00
*/
2019-03-01 09:43:14 -05:00
ideal_maxconn = compute_ideal_maxconn ( ) ;
2015-01-15 15:45:22 -05:00
if ( ! global . rlimit_memmax ) {
if ( global . maxconn = = 0 ) {
2019-03-01 09:43:14 -05:00
global . maxconn = ideal_maxconn ;
2015-01-15 15:45:22 -05:00
if ( global . mode & ( MODE_VERBOSE | MODE_DEBUG ) )
fprintf ( stderr , " Note: setting global.maxconn to %d. \n " , global . maxconn ) ;
}
}
# ifdef USE_OPENSSL
else if ( ! global . maxconn & & ! global . maxsslconn & &
( global . ssl_used_frontend | | global . ssl_used_backend ) ) {
/* memmax is set, compute everything automatically. Here we want
* to ensure that all SSL connections will be served . We take
* care of the number of sides where SSL is used , and consider
* the worst case : SSL used on both sides and doing a handshake
* simultaneously . Note that we can ' t have more than maxconn
* handshakes at a time by definition , so for the worst case of
* two SSL conns per connection , we count a single handshake .
*/
int sides = ! ! global . ssl_used_frontend + ! ! global . ssl_used_backend ;
int64_t mem = global . rlimit_memmax * 1048576ULL ;
MEDIUM: init: always try to push the FD limit when maxconn is set from -m
When a maximum memory setting is passed to haproxy and maxconn is not set
and ulimit-n is not set, it is expected that maxconn will be set to the
highest value permitted by this memory setting, possibly affecting the
FD limit.
When maxconn was changed to be deduced from the current process's FD limit,
the automatic setting above was partially lost because it now remains
limited to the current FD limit in addition to being limited to the
memory usage. For unprivileged processes it does not change anything,
but for privileged processes the difference is important. Indeed, the
previous behavior ensured that the new FD limit could be enforced on
the process as long as the user had the privilege to do so. Now this
does not happen anymore, and some people rely on this for automatic
sizing in VM environments.
This patch implements the ability to verify if the setting will be
enforceable on the process or not. First it computes maxconn based on
the memory limits alone, then checks if the process is willing to accept
them, otherwise tries again by respecting the process' hard limit.
Thanks to this we now have the best of the pre-2.0 behavior and the
current one, in that privileged users will be able to get as high a
maxconn as they need just based on the memory limit, while unprivileged
users will still get as high a setting as permitted by the intersection
of the memory limit and the process' FD limit.
Ideally, after some observation period, this patch along with the
previous one "MINOR: init: move the maxsock calculation code to
compute_ideal_maxsock()" should be backported to 2.1 and 2.0.
Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
int retried = 0 ;
2015-01-15 15:45:22 -05:00
mem - = global . tune . sslcachesize * 200 ; // about 200 bytes per SSL cache entry
mem - = global . maxzlibmem ;
mem = mem * MEM_USABLE_RATIO ;
MEDIUM: init: always try to push the FD limit when maxconn is set from -m
When a maximum memory setting is passed to haproxy and maxconn is not set
and ulimit-n is not set, it is expected that maxconn will be set to the
highest value permitted by this memory setting, possibly affecting the
FD limit.
When maxconn was changed to be deduced from the current process's FD limit,
the automatic setting above was partially lost because it now remains
limited to the current FD limit in addition to being limited to the
memory usage. For unprivileged processes it does not change anything,
but for privileged processes the difference is important. Indeed, the
previous behavior ensured that the new FD limit could be enforced on
the process as long as the user had the privilege to do so. Now this
does not happen anymore, and some people rely on this for automatic
sizing in VM environments.
This patch implements the ability to verify if the setting will be
enforceable on the process or not. First it computes maxconn based on
the memory limits alone, then checks if the process is willing to accept
them, otherwise tries again by respecting the process' hard limit.
Thanks to this we now have the best of the pre-2.0 behavior and the
current one, in that privileged users will be able to get as high a
maxconn as they need just based on the memory limit, while unprivileged
users will still get as high a setting as permitted by the intersection
of the memory limit and the process' FD limit.
Ideally, after some observation period, this patch along with the
previous one "MINOR: init: move the maxsock calculation code to
compute_ideal_maxsock()" should be backported to 2.1 and 2.0.
Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
/* Principle: we test once to set maxconn according to the free
* memory . If it results in values the system rejects , we try a
* second time by respecting rlim_fd_max . If it fails again , we
* go back to the initial value and will let the final code
* dealing with rlimit report the error . That ' s up to 3 attempts .
*/
do {
global . maxconn = mem /
( ( STREAM_MAX_COST + 2 * global . tune . bufsize ) + // stream + 2 buffers per stream
sides * global . ssl_session_max_cost + // SSL buffers, one per side
global . ssl_handshake_max_cost ) ; // 1 handshake per connection max
if ( retried = = 1 )
global . maxconn = MIN ( global . maxconn , ideal_maxconn ) ;
global . maxconn = round_2dig ( global . maxconn ) ;
2015-01-28 13:03:21 -05:00
# ifdef SYSTEM_MAXCONN
MEDIUM: init: always try to push the FD limit when maxconn is set from -m
When a maximum memory setting is passed to haproxy and maxconn is not set
and ulimit-n is not set, it is expected that maxconn will be set to the
highest value permitted by this memory setting, possibly affecting the
FD limit.
When maxconn was changed to be deduced from the current process's FD limit,
the automatic setting above was partially lost because it now remains
limited to the current FD limit in addition to being limited to the
memory usage. For unprivileged processes it does not change anything,
but for privileged processes the difference is important. Indeed, the
previous behavior ensured that the new FD limit could be enforced on
the process as long as the user had the privilege to do so. Now this
does not happen anymore, and some people rely on this for automatic
sizing in VM environments.
This patch implements the ability to verify if the setting will be
enforceable on the process or not. First it computes maxconn based on
the memory limits alone, then checks if the process is willing to accept
them, otherwise tries again by respecting the process' hard limit.
Thanks to this we now have the best of the pre-2.0 behavior and the
current one, in that privileged users will be able to get as high a
maxconn as they need just based on the memory limit, while unprivileged
users will still get as high a setting as permitted by the intersection
of the memory limit and the process' FD limit.
Ideally, after some observation period, this patch along with the
previous one "MINOR: init: move the maxsock calculation code to
compute_ideal_maxsock()" should be backported to 2.1 and 2.0.
Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
if ( global . maxconn > SYSTEM_MAXCONN )
global . maxconn = SYSTEM_MAXCONN ;
2015-01-28 13:03:21 -05:00
# endif /* SYSTEM_MAXCONN */
MEDIUM: init: always try to push the FD limit when maxconn is set from -m
When a maximum memory setting is passed to haproxy and maxconn is not set
and ulimit-n is not set, it is expected that maxconn will be set to the
highest value permitted by this memory setting, possibly affecting the
FD limit.
When maxconn was changed to be deduced from the current process's FD limit,
the automatic setting above was partially lost because it now remains
limited to the current FD limit in addition to being limited to the
memory usage. For unprivileged processes it does not change anything,
but for privileged processes the difference is important. Indeed, the
previous behavior ensured that the new FD limit could be enforced on
the process as long as the user had the privilege to do so. Now this
does not happen anymore, and some people rely on this for automatic
sizing in VM environments.
This patch implements the ability to verify if the setting will be
enforceable on the process or not. First it computes maxconn based on
the memory limits alone, then checks if the process is willing to accept
them, otherwise tries again by respecting the process' hard limit.
Thanks to this we now have the best of the pre-2.0 behavior and the
current one, in that privileged users will be able to get as high a
maxconn as they need just based on the memory limit, while unprivileged
users will still get as high a setting as permitted by the intersection
of the memory limit and the process' FD limit.
Ideally, after some observation period, this patch along with the
previous one "MINOR: init: move the maxsock calculation code to
compute_ideal_maxsock()" should be backported to 2.1 and 2.0.
Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
global . maxsslconn = sides * global . maxconn ;
if ( check_if_maxsock_permitted ( compute_ideal_maxsock ( global . maxconn ) ) )
break ;
} while ( retried + + < 2 ) ;
2015-01-15 15:45:22 -05:00
if ( global . mode & ( MODE_VERBOSE | MODE_DEBUG ) )
fprintf ( stderr , " Note: setting global.maxconn to %d and global.maxsslconn to %d. \n " ,
global . maxconn , global . maxsslconn ) ;
}
else if ( ! global . maxsslconn & &
( global . ssl_used_frontend | | global . ssl_used_backend ) ) {
/* memmax and maxconn are known, compute maxsslconn automatically.
* maxsslconn being forced , we don ' t know how many of it will be
* on each side if both sides are being used . The worst case is
* when all connections use only one SSL instance because
* handshakes may be on two sides at the same time .
*/
int sides = ! ! global . ssl_used_frontend + ! ! global . ssl_used_backend ;
int64_t mem = global . rlimit_memmax * 1048576ULL ;
int64_t sslmem ;
mem - = global . tune . sslcachesize * 200 ; // about 200 bytes per SSL cache entry
mem - = global . maxzlibmem ;
mem = mem * MEM_USABLE_RATIO ;
REORG/MAJOR: session: rename the "session" entity to "stream"
With HTTP/2, we'll have to support multiplexed streams. A stream is in
fact the largest part of what we currently call a session, it has buffers,
logs, etc.
In order to catch any error, this commit removes any reference to the
struct session and tries to rename most "session" occurrences in function
names to "stream" and "sess" to "strm" when that's related to a session.
The files stream.{c,h} were added and session.{c,h} removed.
The session will be reintroduced later and a few parts of the stream
will progressively be moved overthere. It will more or less contain
only what we need in an embryonic session.
Sample fetch functions and converters will have to change a bit so
that they'll use an L5 (session) instead of what's currently called
"L4" which is in fact L6 for now.
Once all changes are completed, we should see approximately this :
L7 - http_txn
L6 - stream
L5 - session
L4 - connection | applet
There will be at most one http_txn per stream, and a same session will
possibly be referenced by multiple streams. A connection will point to
a session and to a stream. The session will hold all the information
we need to keep even when we don't yet have a stream.
Some more cleanup is needed because some code was already far from
being clean. The server queue management still refers to sessions at
many places while comments talk about connections. This will have to
be cleaned up once we have a server-side connection pool manager.
Stream flags "SN_*" still need to be renamed, it doesn't seem like
any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
sslmem = mem - global . maxconn * ( int64_t ) ( STREAM_MAX_COST + 2 * global . tune . bufsize ) ;
2015-01-15 15:45:22 -05:00
global . maxsslconn = sslmem / ( global . ssl_session_max_cost + global . ssl_handshake_max_cost ) ;
global . maxsslconn = round_2dig ( global . maxsslconn ) ;
if ( sslmem < = 0 | | global . maxsslconn < sides ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " Cannot compute the automatic maxsslconn because global.maxconn is already too "
" high for the global.memmax value (%d MB). The absolute maximum possible value "
" without SSL is %d, but %d was found and SSL is in use. \n " ,
global . rlimit_memmax ,
( int ) ( mem / ( STREAM_MAX_COST + 2 * global . tune . bufsize ) ) ,
global . maxconn ) ;
2015-01-15 15:45:22 -05:00
exit ( 1 ) ;
}
if ( global . maxsslconn > sides * global . maxconn )
global . maxsslconn = sides * global . maxconn ;
if ( global . mode & ( MODE_VERBOSE | MODE_DEBUG ) )
fprintf ( stderr , " Note: setting global.maxsslconn to %d \n " , global . maxsslconn ) ;
}
# endif
else if ( ! global . maxconn ) {
/* memmax and maxsslconn are known/unused, compute maxconn automatically */
int sides = ! ! global . ssl_used_frontend + ! ! global . ssl_used_backend ;
int64_t mem = global . rlimit_memmax * 1048576ULL ;
int64_t clearmem ;
MEDIUM: init: always try to push the FD limit when maxconn is set from -m
When a maximum memory setting is passed to haproxy and maxconn is not set
and ulimit-n is not set, it is expected that maxconn will be set to the
highest value permitted by this memory setting, possibly affecting the
FD limit.
When maxconn was changed to be deduced from the current process's FD limit,
the automatic setting above was partially lost because it now remains
limited to the current FD limit in addition to being limited to the
memory usage. For unprivileged processes it does not change anything,
but for privileged processes the difference is important. Indeed, the
previous behavior ensured that the new FD limit could be enforced on
the process as long as the user had the privilege to do so. Now this
does not happen anymore, and some people rely on this for automatic
sizing in VM environments.
This patch implements the ability to verify if the setting will be
enforceable on the process or not. First it computes maxconn based on
the memory limits alone, then checks if the process is willing to accept
them, otherwise tries again by respecting the process' hard limit.
Thanks to this we now have the best of the pre-2.0 behavior and the
current one, in that privileged users will be able to get as high a
maxconn as they need just based on the memory limit, while unprivileged
users will still get as high a setting as permitted by the intersection
of the memory limit and the process' FD limit.
Ideally, after some observation period, this patch along with the
previous one "MINOR: init: move the maxsock calculation code to
compute_ideal_maxsock()" should be backported to 2.1 and 2.0.
Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
int retried = 0 ;
2015-01-15 15:45:22 -05:00
if ( global . ssl_used_frontend | | global . ssl_used_backend )
mem - = global . tune . sslcachesize * 200 ; // about 200 bytes per SSL cache entry
mem - = global . maxzlibmem ;
mem = mem * MEM_USABLE_RATIO ;
clearmem = mem ;
if ( sides )
clearmem - = ( global . ssl_session_max_cost + global . ssl_handshake_max_cost ) * ( int64_t ) global . maxsslconn ;
MEDIUM: init: always try to push the FD limit when maxconn is set from -m
When a maximum memory setting is passed to haproxy and maxconn is not set
and ulimit-n is not set, it is expected that maxconn will be set to the
highest value permitted by this memory setting, possibly affecting the
FD limit.
When maxconn was changed to be deduced from the current process's FD limit,
the automatic setting above was partially lost because it now remains
limited to the current FD limit in addition to being limited to the
memory usage. For unprivileged processes it does not change anything,
but for privileged processes the difference is important. Indeed, the
previous behavior ensured that the new FD limit could be enforced on
the process as long as the user had the privilege to do so. Now this
does not happen anymore, and some people rely on this for automatic
sizing in VM environments.
This patch implements the ability to verify if the setting will be
enforceable on the process or not. First it computes maxconn based on
the memory limits alone, then checks if the process is willing to accept
them, otherwise tries again by respecting the process' hard limit.
Thanks to this we now have the best of the pre-2.0 behavior and the
current one, in that privileged users will be able to get as high a
maxconn as they need just based on the memory limit, while unprivileged
users will still get as high a setting as permitted by the intersection
of the memory limit and the process' FD limit.
Ideally, after some observation period, this patch along with the
previous one "MINOR: init: move the maxsock calculation code to
compute_ideal_maxsock()" should be backported to 2.1 and 2.0.
Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
/* Principle: we test once to set maxconn according to the free
* memory . If it results in values the system rejects , we try a
* second time by respecting rlim_fd_max . If it fails again , we
* go back to the initial value and will let the final code
* dealing with rlimit report the error . That ' s up to 3 attempts .
*/
do {
global . maxconn = clearmem / ( STREAM_MAX_COST + 2 * global . tune . bufsize ) ;
if ( retried = = 1 )
global . maxconn = MIN ( global . maxconn , ideal_maxconn ) ;
global . maxconn = round_2dig ( global . maxconn ) ;
2015-01-28 13:03:21 -05:00
# ifdef SYSTEM_MAXCONN
MEDIUM: init: always try to push the FD limit when maxconn is set from -m
When a maximum memory setting is passed to haproxy and maxconn is not set
and ulimit-n is not set, it is expected that maxconn will be set to the
highest value permitted by this memory setting, possibly affecting the
FD limit.
When maxconn was changed to be deduced from the current process's FD limit,
the automatic setting above was partially lost because it now remains
limited to the current FD limit in addition to being limited to the
memory usage. For unprivileged processes it does not change anything,
but for privileged processes the difference is important. Indeed, the
previous behavior ensured that the new FD limit could be enforced on
the process as long as the user had the privilege to do so. Now this
does not happen anymore, and some people rely on this for automatic
sizing in VM environments.
This patch implements the ability to verify if the setting will be
enforceable on the process or not. First it computes maxconn based on
the memory limits alone, then checks if the process is willing to accept
them, otherwise tries again by respecting the process' hard limit.
Thanks to this we now have the best of the pre-2.0 behavior and the
current one, in that privileged users will be able to get as high a
maxconn as they need just based on the memory limit, while unprivileged
users will still get as high a setting as permitted by the intersection
of the memory limit and the process' FD limit.
Ideally, after some observation period, this patch along with the
previous one "MINOR: init: move the maxsock calculation code to
compute_ideal_maxsock()" should be backported to 2.1 and 2.0.
Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
if ( global . maxconn > SYSTEM_MAXCONN )
global . maxconn = SYSTEM_MAXCONN ;
2015-01-28 13:03:21 -05:00
# endif /* SYSTEM_MAXCONN */
2015-01-15 15:45:22 -05:00
MEDIUM: init: always try to push the FD limit when maxconn is set from -m
When a maximum memory setting is passed to haproxy and maxconn is not set
and ulimit-n is not set, it is expected that maxconn will be set to the
highest value permitted by this memory setting, possibly affecting the
FD limit.
When maxconn was changed to be deduced from the current process's FD limit,
the automatic setting above was partially lost because it now remains
limited to the current FD limit in addition to being limited to the
memory usage. For unprivileged processes it does not change anything,
but for privileged processes the difference is important. Indeed, the
previous behavior ensured that the new FD limit could be enforced on
the process as long as the user had the privilege to do so. Now this
does not happen anymore, and some people rely on this for automatic
sizing in VM environments.
This patch implements the ability to verify if the setting will be
enforceable on the process or not. First it computes maxconn based on
the memory limits alone, then checks if the process is willing to accept
them, otherwise tries again by respecting the process' hard limit.
Thanks to this we now have the best of the pre-2.0 behavior and the
current one, in that privileged users will be able to get as high a
maxconn as they need just based on the memory limit, while unprivileged
users will still get as high a setting as permitted by the intersection
of the memory limit and the process' FD limit.
Ideally, after some observation period, this patch along with the
previous one "MINOR: init: move the maxsock calculation code to
compute_ideal_maxsock()" should be backported to 2.1 and 2.0.
Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
if ( clearmem < = 0 | | ! global . maxconn ) {
ha_alert ( " Cannot compute the automatic maxconn because global.maxsslconn is already too "
" high for the global.memmax value (%d MB). The absolute maximum possible value "
" is %d, but %d was found. \n " ,
global . rlimit_memmax ,
2017-11-24 10:50:31 -05:00
( int ) ( mem / ( global . ssl_session_max_cost + global . ssl_handshake_max_cost ) ) ,
MEDIUM: init: always try to push the FD limit when maxconn is set from -m
When a maximum memory setting is passed to haproxy and maxconn is not set
and ulimit-n is not set, it is expected that maxconn will be set to the
highest value permitted by this memory setting, possibly affecting the
FD limit.
When maxconn was changed to be deduced from the current process's FD limit,
the automatic setting above was partially lost because it now remains
limited to the current FD limit in addition to being limited to the
memory usage. For unprivileged processes it does not change anything,
but for privileged processes the difference is important. Indeed, the
previous behavior ensured that the new FD limit could be enforced on
the process as long as the user had the privilege to do so. Now this
does not happen anymore, and some people rely on this for automatic
sizing in VM environments.
This patch implements the ability to verify if the setting will be
enforceable on the process or not. First it computes maxconn based on
the memory limits alone, then checks if the process is willing to accept
them, otherwise tries again by respecting the process' hard limit.
Thanks to this we now have the best of the pre-2.0 behavior and the
current one, in that privileged users will be able to get as high a
maxconn as they need just based on the memory limit, while unprivileged
users will still get as high a setting as permitted by the intersection
of the memory limit and the process' FD limit.
Ideally, after some observation period, this patch along with the
previous one "MINOR: init: move the maxsock calculation code to
compute_ideal_maxsock()" should be backported to 2.1 and 2.0.
Thanks to Baptiste for raising the issue.
2020-03-10 12:54:54 -04:00
global . maxsslconn ) ;
exit ( 1 ) ;
}
if ( check_if_maxsock_permitted ( compute_ideal_maxsock ( global . maxconn ) ) )
break ;
} while ( retried + + < 2 ) ;
2015-01-15 15:45:22 -05:00
if ( global . mode & ( MODE_VERBOSE | MODE_DEBUG ) ) {
if ( sides & & global . maxsslconn > sides * global . maxconn ) {
fprintf ( stderr , " Note: global.maxsslconn is forced to %d which causes global.maxconn "
" to be limited to %d. Better reduce global.maxsslconn to get more "
" room for extra connections. \n " , global . maxsslconn , global . maxconn ) ;
}
fprintf ( stderr , " Note: setting global.maxconn to %d \n " , global . maxconn ) ;
}
}
2006-06-25 20:48:02 -04:00
2020-03-10 12:08:53 -04:00
global . maxsock = compute_ideal_maxsock ( global . maxconn ) ;
global . hardmaxconn = global . maxconn ;
2020-06-19 10:20:59 -04:00
if ( ! global . maxpipes )
global . maxpipes = compute_ideal_maxpipes ( ) ;
2006-06-25 20:48:02 -04:00
MEDIUM: connections: Add a way to control the number of idling connections.
As by default we add all keepalive connections to the idle pool, if we run
into a pathological case, where all client don't do keepalive, but the server
does, and haproxy is configured to only reuse "safe" connections, we will
soon find ourself having lots of idling, unusable for new sessions, connections,
while we won't have any file descriptors available to create new connections.
To fix this, add 2 new global settings, "pool_low_ratio" and "pool_high_ratio".
pool-low-fd-ratio is the % of fds we're allowed to use (against the maximum
number of fds available to haproxy) before we stop adding connections to the
idle pool, and destroy them instead. The default is 20. pool-high-fd-ratio is
the % of fds we're allowed to use (against the maximum number of fds available
to haproxy) before we start killing idling connection in the event we have to
create a new outgoing connection, and no reuse is possible. The default is 25.
2019-04-16 13:07:22 -04:00
/* update connection pool thresholds */
global . tune . pool_low_count = ( ( long long ) global . maxsock * global . tune . pool_low_ratio + 99 ) / 100 ;
global . tune . pool_high_count = ( ( long long ) global . maxsock * global . tune . pool_high_ratio + 99 ) / 100 ;
MEDIUM: config: don't enforce a low frontend maxconn value anymore
Historically the default frontend's maxconn used to be quite low (2000),
which was sufficient two decades ago but often proved to be a problem
when users had purposely set the global maxconn value but forgot to set
the frontend's.
There is no point in keeping this arbitrary limit for frontends : when
the global maxconn is lower, it's already too high and when the global
maxconn is much higher, it becomes a limiting factor which causes trouble
in production.
This commit allows the value to be set to zero, which becomes the new
default value, to mean it's not directly limited, or in fact it's set
to the global maxconn. Since this operation used to be performed before
computing a possibly automatic global maxconn based on memory limits,
the calculation of the maxconn value and its propagation to the backends'
fullconn has now moved to a dedicated function, proxy_adjust_all_maxconn(),
which is called once the global maxconn is stabilized.
This comes with two benefits :
1) a configuration missing "maxconn" in the defaults section will not
limit itself to a magically hardcoded value but will scale up to the
global maxconn ;
2) when the global maxconn is not set and memory limits are used instead,
the frontends' maxconn automatically adapts, and the backends' fullconn
as well.
2019-02-27 11:25:52 -05:00
proxy_adjust_all_maxconn ( ) ;
2007-06-03 11:16:49 -04:00
if ( global . tune . maxpollevents < = 0 )
global . tune . maxpollevents = MAX_POLL_EVENTS ;
2018-05-24 12:59:04 -04:00
if ( global . tune . runqueue_depth < = 0 )
global . tune . runqueue_depth = RUNQUEUE_DEPTH ;
2009-03-21 15:43:57 -04:00
if ( global . tune . recv_enough = = 0 )
global . tune . recv_enough = MIN_RECV_AT_ONCE_ENOUGH ;
2009-08-17 01:23:33 -04:00
if ( global . tune . maxrewrite > = global . tune . bufsize / 2 )
global . tune . maxrewrite = global . tune . bufsize / 2 ;
2006-06-25 20:48:02 -04:00
if ( arg_mode & ( MODE_DEBUG | MODE_FOREGROUND ) ) {
/* command line debug mode inhibits configuration mode */
2017-06-01 11:38:50 -04:00
global . mode & = ~ ( MODE_DAEMON | MODE_QUIET ) ;
2012-10-26 10:04:28 -04:00
global . mode | = ( arg_mode & ( MODE_DEBUG | MODE_FOREGROUND ) ) ;
2006-06-25 20:48:02 -04:00
}
2012-10-26 10:04:28 -04:00
2017-06-01 11:38:50 -04:00
if ( arg_mode & MODE_DAEMON ) {
2012-10-26 10:04:28 -04:00
/* command line daemon mode inhibits foreground and debug modes mode */
global . mode & = ~ ( MODE_DEBUG | MODE_FOREGROUND ) ;
2017-06-01 11:38:50 -04:00
global . mode | = arg_mode & MODE_DAEMON ;
2012-10-26 10:04:28 -04:00
}
global . mode | = ( arg_mode & ( MODE_QUIET | MODE_VERBOSE ) ) ;
2006-06-25 20:48:02 -04:00
2017-06-01 11:38:50 -04:00
if ( ( global . mode & MODE_DEBUG ) & & ( global . mode & ( MODE_DAEMON | MODE_QUIET ) ) ) {
2017-11-24 10:50:31 -05:00
ha_warning ( " <debug> mode incompatible with <quiet> and <daemon>. Keeping <debug> only. \n " ) ;
2017-06-01 11:38:50 -04:00
global . mode & = ~ ( MODE_DAEMON | MODE_QUIET ) ;
2006-06-25 20:48:02 -04:00
}
2017-06-01 11:38:50 -04:00
if ( ( global . nbproc > 1 ) & & ! ( global . mode & ( MODE_DAEMON | MODE_MWORKER ) ) ) {
2006-06-25 20:48:02 -04:00
if ( ! ( global . mode & ( MODE_FOREGROUND | MODE_DEBUG ) ) )
2017-11-24 10:50:31 -05:00
ha_warning ( " <nbproc> is only meaningful in daemon mode or master-worker mode. Setting limit to 1 process. \n " ) ;
2006-06-25 20:48:02 -04:00
global . nbproc = 1 ;
}
if ( global . nbproc < 1 )
global . nbproc = 1 ;
2017-08-29 09:37:10 -04:00
if ( global . nbthread < 1 )
global . nbthread = 1 ;
2017-08-29 10:46:57 -04:00
/* Realloc trash buffers because global.tune.bufsize may have changed */
2017-10-27 07:53:47 -04:00
if ( ! init_trash_buffers ( 0 ) ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " failed to initialize trash buffers. \n " ) ;
2017-08-29 10:46:57 -04:00
exit ( 1 ) ;
}
2017-11-14 16:02:30 -05:00
if ( ! init_log_buffers ( ) ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " failed to initialize log buffers. \n " ) ;
2017-11-14 16:02:30 -05:00
exit ( 1 ) ;
}
2007-04-15 18:25:25 -04:00
/*
* Note : we could register external pollers here .
* Built - in pollers have been registered before main ( ) .
*/
2007-04-08 10:39:58 -04:00
2009-01-25 09:42:27 -05:00
if ( ! ( global . tune . options & GTUNE_USE_KQUEUE ) )
2007-04-09 06:03:06 -04:00
disable_poller ( " kqueue " ) ;
2019-04-08 12:53:32 -04:00
if ( ! ( global . tune . options & GTUNE_USE_EVPORTS ) )
disable_poller ( " evports " ) ;
2009-01-25 09:42:27 -05:00
if ( ! ( global . tune . options & GTUNE_USE_EPOLL ) )
2007-04-08 10:39:58 -04:00
disable_poller ( " epoll " ) ;
2009-01-25 09:42:27 -05:00
if ( ! ( global . tune . options & GTUNE_USE_POLL ) )
2007-04-08 10:39:58 -04:00
disable_poller ( " poll " ) ;
2009-01-25 09:42:27 -05:00
if ( ! ( global . tune . options & GTUNE_USE_SELECT ) )
2007-04-08 10:39:58 -04:00
disable_poller ( " select " ) ;
/* Note: we could disable any poller by name here */
2016-03-07 06:46:38 -05:00
if ( global . mode & ( MODE_VERBOSE | MODE_DEBUG ) ) {
2007-04-09 13:29:56 -04:00
list_pollers ( stderr ) ;
2016-03-07 06:46:38 -05:00
fprintf ( stderr , " \n " ) ;
list_filters ( stderr ) ;
}
2007-04-09 13:29:56 -04:00
2007-04-08 10:39:58 -04:00
if ( ! init_pollers ( ) ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " No polling mechanism available. \n "
" It is likely that haproxy was built with TARGET=generic and that FD_SETSIZE \n "
" is too low on this platform to support maxconn and the number of listeners \n "
" and servers. You should rebuild haproxy specifying your system using TARGET= \n "
" in order to support other polling systems (poll, epoll, kqueue) or reduce the \n "
" global maxconn setting to accommodate the system's limitation. For reference, \n "
" FD_SETSIZE=%d on this system, global.maxconn=%d resulting in a maximum of \n "
" %d file descriptors. You should thus reduce global.maxconn by %d. Also, \n "
" check build settings using 'haproxy -vv'. \n \n " ,
FD_SETSIZE , global . maxconn , global . maxsock , ( global . maxsock + 1 - FD_SETSIZE ) / 2 ) ;
2007-04-08 10:39:58 -04:00
exit ( 1 ) ;
}
2007-04-09 13:29:56 -04:00
if ( global . mode & ( MODE_VERBOSE | MODE_DEBUG ) ) {
printf ( " Using %s() as the polling mechanism. \n " , cur_poller . name ) ;
2007-04-08 10:39:58 -04:00
}
2009-10-02 16:51:14 -04:00
if ( ! global . node )
global . node = strdup ( hostname ) ;
2015-01-23 06:08:30 -05:00
if ( ! hlua_post_init ( ) )
exit ( 1 ) ;
2015-05-12 11:23:58 -04:00
2016-05-13 17:52:55 -04:00
free ( err_msg ) ;
2006-06-25 20:48:02 -04:00
}
2011-07-15 00:14:11 -04:00
static void deinit_acl_cond ( struct acl_cond * cond )
2011-07-15 00:14:09 -04:00
{
struct acl_term_suite * suite , * suiteb ;
struct acl_term * term , * termb ;
2011-07-15 00:14:11 -04:00
if ( ! cond )
return ;
list_for_each_entry_safe ( suite , suiteb , & cond - > suites , list ) {
list_for_each_entry_safe ( term , termb , & suite - > terms , list ) {
LIST_DEL ( & term - > list ) ;
free ( term ) ;
2011-07-15 00:14:09 -04:00
}
2011-07-15 00:14:11 -04:00
LIST_DEL ( & suite - > list ) ;
free ( suite ) ;
}
free ( cond ) ;
}
2019-12-17 05:25:46 -05:00
static void deinit_act_rules ( struct list * rules )
2011-07-15 00:14:11 -04:00
{
2019-12-17 05:25:46 -05:00
struct act_rule * rule , * ruleb ;
2011-07-15 00:14:11 -04:00
2019-12-17 05:25:46 -05:00
list_for_each_entry_safe ( rule , ruleb , rules , list ) {
LIST_DEL ( & rule - > list ) ;
deinit_acl_cond ( rule - > cond ) ;
2019-12-17 05:48:42 -05:00
if ( rule - > release_ptr )
rule - > release_ptr ( rule ) ;
2019-12-17 05:25:46 -05:00
free ( rule ) ;
2011-07-15 00:14:09 -04:00
}
}
2011-07-15 00:14:11 -04:00
static void deinit_stick_rules ( struct list * rules )
{
struct sticking_rule * rule , * ruleb ;
list_for_each_entry_safe ( rule , ruleb , rules , list ) {
LIST_DEL ( & rule - > list ) ;
deinit_acl_cond ( rule - > cond ) ;
2016-10-26 05:34:47 -04:00
release_sample_expr ( rule - > expr ) ;
2011-07-15 00:14:11 -04:00
free ( rule ) ;
}
}
2017-03-23 17:44:13 -04:00
void deinit ( void )
2006-06-25 20:48:02 -04:00
{
2017-11-24 10:54:05 -05:00
struct proxy * p = proxies_list , * p0 ;
2006-06-25 20:48:02 -04:00
struct cap_hdr * h , * h_next ;
struct server * s , * s_next ;
struct listener * l , * l_next ;
2007-06-16 18:36:03 -04:00
struct acl_cond * cond , * condb ;
[MEDIUM] Fix memory freeing at exit
New functions implemented:
- deinit_pollers: called at the end of deinit())
- prune_acl: called via list_for_each_entry_safe
Add missing pool_destroy2 calls:
- p->hdr_idx_pool
- pool2_tree64
Implement all task stopping:
- health-check: needs new "struct task" in the struct server
- queue processing: queue_mgt
- appsess_refresh: appsession_refresh
before (idle system):
==6079== LEAK SUMMARY:
==6079== definitely lost: 1,112 bytes in 75 blocks.
==6079== indirectly lost: 53,356 bytes in 2,090 blocks.
==6079== possibly lost: 52 bytes in 1 blocks.
==6079== still reachable: 150,996 bytes in 504 blocks.
==6079== suppressed: 0 bytes in 0 blocks.
after (idle system):
==6945== LEAK SUMMARY:
==6945== definitely lost: 7,644 bytes in 137 blocks.
==6945== indirectly lost: 9,913 bytes in 587 blocks.
==6945== possibly lost: 0 bytes in 0 blocks.
==6945== still reachable: 0 bytes in 0 blocks.
==6945== suppressed: 0 bytes in 0 blocks.
before (running system for ~2m):
==9343== LEAK SUMMARY:
==9343== definitely lost: 1,112 bytes in 75 blocks.
==9343== indirectly lost: 54,199 bytes in 2,122 blocks.
==9343== possibly lost: 52 bytes in 1 blocks.
==9343== still reachable: 151,128 bytes in 509 blocks.
==9343== suppressed: 0 bytes in 0 blocks.
after (running system for ~2m):
==11616== LEAK SUMMARY:
==11616== definitely lost: 7,644 bytes in 137 blocks.
==11616== indirectly lost: 9,981 bytes in 591 blocks.
==11616== possibly lost: 0 bytes in 0 blocks.
==11616== still reachable: 4 bytes in 1 blocks.
==11616== suppressed: 0 bytes in 0 blocks.
Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
struct acl * acl , * aclb ;
2008-05-31 07:53:23 -04:00
struct switching_rule * rule , * ruleb ;
2012-04-05 15:09:48 -04:00
struct server_rule * srule , * sruleb ;
2008-06-07 17:08:56 -04:00
struct redirect_rule * rdr , * rdrb ;
2010-01-03 15:03:22 -05:00
struct wordlist * wl , * wlb ;
2008-05-31 07:53:23 -04:00
struct uri_auth * uap , * ua = NULL ;
2011-10-12 11:50:54 -04:00
struct logsrv * log , * logb ;
2012-02-08 10:37:49 -05:00
struct logformat_node * lf , * lfb ;
2012-09-13 11:54:29 -04:00
struct bind_conf * bind_conf , * bind_back ;
2016-12-21 12:43:10 -05:00
struct build_opts_str * bol , * bolb ;
2016-12-21 14:46:26 -05:00
struct post_deinit_fct * pdf ;
2019-07-31 02:44:12 -04:00
struct proxy_deinit_fct * pxdf ;
struct server_deinit_fct * srvdf ;
2008-05-31 07:53:23 -04:00
2010-08-27 11:56:48 -04:00
deinit_signals ( ) ;
2006-06-25 20:48:02 -04:00
while ( p ) {
2012-10-04 02:01:43 -04:00
free ( p - > conf . file ) ;
2008-08-03 06:19:50 -04:00
free ( p - > id ) ;
free ( p - > cookie_name ) ;
free ( p - > cookie_domain ) ;
2020-01-21 05:06:48 -05:00
free ( p - > cookie_attrs ) ;
2019-01-14 09:23:54 -05:00
free ( p - > lbprm . arg_str ) ;
2008-08-03 06:19:50 -04:00
free ( p - > capture_name ) ;
free ( p - > monitor_uri ) ;
2011-07-15 00:14:08 -04:00
free ( p - > rdp_cookie_name ) ;
2013-04-12 12:13:46 -04:00
if ( p - > conf . logformat_string ! = default_http_log_format & &
p - > conf . logformat_string ! = default_tcp_log_format & &
p - > conf . logformat_string ! = clf_http_log_format )
free ( p - > conf . logformat_string ) ;
free ( p - > conf . lfs_file ) ;
free ( p - > conf . uniqueid_format_string ) ;
free ( p - > conf . uif_file ) ;
2019-01-14 10:55:42 -05:00
if ( ( p - > lbprm . algo & BE_LB_LKUP ) = = BE_LB_LKUP_MAP )
free ( p - > lbprm . map . srv ) ;
2006-06-25 20:48:02 -04:00
2015-09-25 13:17:44 -04:00
if ( p - > conf . logformat_sd_string ! = default_rfc5424_sd_log_format )
free ( p - > conf . logformat_sd_string ) ;
free ( p - > conf . lfsd_file ) ;
2007-11-30 14:51:32 -05:00
list_for_each_entry_safe ( cond , condb , & p - > mon_fail_cond , list ) {
LIST_DEL ( & cond - > list ) ;
prune_acl_cond ( cond ) ;
free ( cond ) ;
}
2008-05-31 07:53:23 -04:00
/* build a list of unique uri_auths */
if ( ! ua )
ua = p - > uri_auth ;
else {
/* check if p->uri_auth is unique */
for ( uap = ua ; uap ; uap = uap - > next )
if ( uap = = p - > uri_auth )
break ;
2008-06-24 05:14:45 -04:00
if ( ! uap & & p - > uri_auth ) {
2008-05-31 07:53:23 -04:00
/* add it, if it is */
p - > uri_auth - > next = ua ;
ua = p - > uri_auth ;
}
}
2007-06-16 18:36:03 -04:00
[MEDIUM] Fix memory freeing at exit
New functions implemented:
- deinit_pollers: called at the end of deinit())
- prune_acl: called via list_for_each_entry_safe
Add missing pool_destroy2 calls:
- p->hdr_idx_pool
- pool2_tree64
Implement all task stopping:
- health-check: needs new "struct task" in the struct server
- queue processing: queue_mgt
- appsess_refresh: appsession_refresh
before (idle system):
==6079== LEAK SUMMARY:
==6079== definitely lost: 1,112 bytes in 75 blocks.
==6079== indirectly lost: 53,356 bytes in 2,090 blocks.
==6079== possibly lost: 52 bytes in 1 blocks.
==6079== still reachable: 150,996 bytes in 504 blocks.
==6079== suppressed: 0 bytes in 0 blocks.
after (idle system):
==6945== LEAK SUMMARY:
==6945== definitely lost: 7,644 bytes in 137 blocks.
==6945== indirectly lost: 9,913 bytes in 587 blocks.
==6945== possibly lost: 0 bytes in 0 blocks.
==6945== still reachable: 0 bytes in 0 blocks.
==6945== suppressed: 0 bytes in 0 blocks.
before (running system for ~2m):
==9343== LEAK SUMMARY:
==9343== definitely lost: 1,112 bytes in 75 blocks.
==9343== indirectly lost: 54,199 bytes in 2,122 blocks.
==9343== possibly lost: 52 bytes in 1 blocks.
==9343== still reachable: 151,128 bytes in 509 blocks.
==9343== suppressed: 0 bytes in 0 blocks.
after (running system for ~2m):
==11616== LEAK SUMMARY:
==11616== definitely lost: 7,644 bytes in 137 blocks.
==11616== indirectly lost: 9,981 bytes in 591 blocks.
==11616== possibly lost: 0 bytes in 0 blocks.
==11616== still reachable: 4 bytes in 1 blocks.
==11616== suppressed: 0 bytes in 0 blocks.
Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
list_for_each_entry_safe ( acl , aclb , & p - > acl , list ) {
LIST_DEL ( & acl - > list ) ;
prune_acl ( acl ) ;
free ( acl ) ;
}
2012-04-05 15:09:48 -04:00
list_for_each_entry_safe ( srule , sruleb , & p - > server_rules , list ) {
LIST_DEL ( & srule - > list ) ;
prune_acl_cond ( srule - > cond ) ;
free ( srule - > cond ) ;
free ( srule ) ;
}
2008-05-31 07:53:23 -04:00
list_for_each_entry_safe ( rule , ruleb , & p - > switching_rules , list ) {
LIST_DEL ( & rule - > list ) ;
2014-04-22 19:21:56 -04:00
if ( rule - > cond ) {
prune_acl_cond ( rule - > cond ) ;
free ( rule - > cond ) ;
}
2019-04-29 18:38:36 -04:00
free ( rule - > file ) ;
2008-05-31 07:53:23 -04:00
free ( rule ) ;
}
2008-06-07 17:08:56 -04:00
list_for_each_entry_safe ( rdr , rdrb , & p - > redirect_rules , list ) {
LIST_DEL ( & rdr - > list ) ;
2010-01-03 14:03:03 -05:00
if ( rdr - > cond ) {
prune_acl_cond ( rdr - > cond ) ;
free ( rdr - > cond ) ;
}
2008-06-07 17:08:56 -04:00
free ( rdr - > rdr_str ) ;
2013-11-29 06:15:45 -05:00
list_for_each_entry_safe ( lf , lfb , & rdr - > rdr_fmt , list ) {
LIST_DEL ( & lf - > list ) ;
free ( lf ) ;
}
2008-06-07 17:08:56 -04:00
free ( rdr ) ;
}
2011-10-12 11:50:54 -04:00
list_for_each_entry_safe ( log , logb , & p - > logsrvs , list ) {
LIST_DEL ( & log - > list ) ;
free ( log ) ;
}
2012-02-08 10:37:49 -05:00
list_for_each_entry_safe ( lf , lfb , & p - > logformat , list ) {
LIST_DEL ( & lf - > list ) ;
2019-04-29 18:40:02 -04:00
release_sample_expr ( lf - > expr ) ;
free ( lf - > arg ) ;
2012-02-08 10:37:49 -05:00
free ( lf ) ;
}
2015-09-25 13:17:44 -04:00
list_for_each_entry_safe ( lf , lfb , & p - > logformat_sd , list ) {
LIST_DEL ( & lf - > list ) ;
2019-04-29 18:40:02 -04:00
release_sample_expr ( lf - > expr ) ;
free ( lf - > arg ) ;
2015-09-25 13:17:44 -04:00
free ( lf ) ;
}
2019-12-17 05:25:46 -05:00
deinit_act_rules ( & p - > tcp_req . inspect_rules ) ;
deinit_act_rules ( & p - > tcp_rep . inspect_rules ) ;
deinit_act_rules ( & p - > tcp_req . l4_rules ) ;
deinit_act_rules ( & p - > tcp_req . l5_rules ) ;
deinit_act_rules ( & p - > http_req_rules ) ;
deinit_act_rules ( & p - > http_res_rules ) ;
2020-01-22 03:26:35 -05:00
deinit_act_rules ( & p - > http_after_res_rules ) ;
2011-07-15 00:14:09 -04:00
2011-07-15 00:14:11 -04:00
deinit_stick_rules ( & p - > storersp_rules ) ;
deinit_stick_rules ( & p - > sticking_rules ) ;
2006-06-25 20:48:02 -04:00
h = p - > req_cap ;
while ( h ) {
h_next = h - > next ;
2008-08-03 06:19:50 -04:00
free ( h - > name ) ;
2017-11-24 11:34:44 -05:00
pool_destroy ( h - > pool ) ;
2006-06-25 20:48:02 -04:00
free ( h ) ;
h = h_next ;
} /* end while(h) */
h = p - > rsp_cap ;
while ( h ) {
h_next = h - > next ;
2008-08-03 06:19:50 -04:00
free ( h - > name ) ;
2017-11-24 11:34:44 -05:00
pool_destroy ( h - > pool ) ;
2006-06-25 20:48:02 -04:00
free ( h ) ;
h = h_next ;
} /* end while(h) */
[MEDIUM] Fix memory freeing at exit
New functions implemented:
- deinit_pollers: called at the end of deinit())
- prune_acl: called via list_for_each_entry_safe
Add missing pool_destroy2 calls:
- p->hdr_idx_pool
- pool2_tree64
Implement all task stopping:
- health-check: needs new "struct task" in the struct server
- queue processing: queue_mgt
- appsess_refresh: appsession_refresh
before (idle system):
==6079== LEAK SUMMARY:
==6079== definitely lost: 1,112 bytes in 75 blocks.
==6079== indirectly lost: 53,356 bytes in 2,090 blocks.
==6079== possibly lost: 52 bytes in 1 blocks.
==6079== still reachable: 150,996 bytes in 504 blocks.
==6079== suppressed: 0 bytes in 0 blocks.
after (idle system):
==6945== LEAK SUMMARY:
==6945== definitely lost: 7,644 bytes in 137 blocks.
==6945== indirectly lost: 9,913 bytes in 587 blocks.
==6945== possibly lost: 0 bytes in 0 blocks.
==6945== still reachable: 0 bytes in 0 blocks.
==6945== suppressed: 0 bytes in 0 blocks.
before (running system for ~2m):
==9343== LEAK SUMMARY:
==9343== definitely lost: 1,112 bytes in 75 blocks.
==9343== indirectly lost: 54,199 bytes in 2,122 blocks.
==9343== possibly lost: 52 bytes in 1 blocks.
==9343== still reachable: 151,128 bytes in 509 blocks.
==9343== suppressed: 0 bytes in 0 blocks.
after (running system for ~2m):
==11616== LEAK SUMMARY:
==11616== definitely lost: 7,644 bytes in 137 blocks.
==11616== indirectly lost: 9,981 bytes in 591 blocks.
==11616== possibly lost: 0 bytes in 0 blocks.
==11616== still reachable: 4 bytes in 1 blocks.
==11616== suppressed: 0 bytes in 0 blocks.
Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
2006-06-25 20:48:02 -04:00
s = p - > srv ;
while ( s ) {
s_next = s - > next ;
[MEDIUM] Fix memory freeing at exit
New functions implemented:
- deinit_pollers: called at the end of deinit())
- prune_acl: called via list_for_each_entry_safe
Add missing pool_destroy2 calls:
- p->hdr_idx_pool
- pool2_tree64
Implement all task stopping:
- health-check: needs new "struct task" in the struct server
- queue processing: queue_mgt
- appsess_refresh: appsession_refresh
before (idle system):
==6079== LEAK SUMMARY:
==6079== definitely lost: 1,112 bytes in 75 blocks.
==6079== indirectly lost: 53,356 bytes in 2,090 blocks.
==6079== possibly lost: 52 bytes in 1 blocks.
==6079== still reachable: 150,996 bytes in 504 blocks.
==6079== suppressed: 0 bytes in 0 blocks.
after (idle system):
==6945== LEAK SUMMARY:
==6945== definitely lost: 7,644 bytes in 137 blocks.
==6945== indirectly lost: 9,913 bytes in 587 blocks.
==6945== possibly lost: 0 bytes in 0 blocks.
==6945== still reachable: 0 bytes in 0 blocks.
==6945== suppressed: 0 bytes in 0 blocks.
before (running system for ~2m):
==9343== LEAK SUMMARY:
==9343== definitely lost: 1,112 bytes in 75 blocks.
==9343== indirectly lost: 54,199 bytes in 2,122 blocks.
==9343== possibly lost: 52 bytes in 1 blocks.
==9343== still reachable: 151,128 bytes in 509 blocks.
==9343== suppressed: 0 bytes in 0 blocks.
after (running system for ~2m):
==11616== LEAK SUMMARY:
==11616== definitely lost: 7,644 bytes in 137 blocks.
==11616== indirectly lost: 9,981 bytes in 591 blocks.
==11616== possibly lost: 0 bytes in 0 blocks.
==11616== still reachable: 4 bytes in 1 blocks.
==11616== suppressed: 0 bytes in 0 blocks.
Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
2019-04-29 18:56:20 -04:00
2019-05-07 13:05:35 -04:00
task_destroy ( s - > warmup ) ;
2011-10-31 06:53:20 -04:00
2008-08-03 06:19:50 -04:00
free ( s - > id ) ;
free ( s - > cookie ) ;
MAJOR: dns: Refactor the DNS code
This is a huge patch with many changes, all about the DNS. Initially, the idea
was to update the DNS part to ease the threads support integration. But quickly,
I started to refactor some parts. And after several iterations, it was
impossible for me to commit the different parts atomically. So, instead of
adding tens of patches, often reworking the same parts, it was easier to merge
all my changes in a uniq patch. Here are all changes made on the DNS.
First, the DNS initialization has been refactored. The DNS configuration parsing
remains untouched, in cfgparse.c. But all checks have been moved in a post-check
callback. In the function dns_finalize_config, for each resolvers, the
nameservers configuration is tested and the task used to manage DNS resolutions
is created. The links between the backend's servers and the resolvers are also
created at this step. Here no connection are kept alive. So there is no needs
anymore to reopen them after HAProxy fork. Connections used to send DNS queries
will be opened on demand.
Then, the way DNS requesters are linked to a DNS resolution has been
reworked. The resolution used by a requester is now referenced into the
dns_requester structure and the resolution pointers in server and dns_srvrq
structures have been removed. wait and curr list of requesters, for a DNS
resolution, have been replaced by a uniq list. And Finally, the way a requester
is removed from a DNS resolution has been simplified. Now everything is done in
dns_unlink_resolution.
srv_set_fqdn function has been simplified. Now, there is only 1 way to set the
server's FQDN, independently it is done by the CLI or when a SRV record is
resolved.
The static DNS resolutions pool has been replaced by a dynamoc pool. The part
has been modified by Baptiste Assmann.
The way the DNS resolutions are triggered by the task or by a health-check has
been totally refactored. Now, all timeouts are respected. Especially
hold.valid. The default frequency to wake up a resolvers is now configurable
using "timeout resolve" parameter.
Now, as documented, as long as invalid repsonses are received, we really wait
all name servers responses before retrying.
As far as possible, resources allocated during DNS configuration parsing are
releases when HAProxy is shutdown.
Beside all these changes, the code has been cleaned to ease code review and the
doc has been updated.
2017-09-27 05:00:59 -04:00
free ( s - > hostname_dn ) ;
2014-09-05 04:08:23 -04:00
free ( ( char * ) s - > conf . file ) ;
2018-11-22 12:50:54 -05:00
free ( s - > idle_conns ) ;
free ( s - > safe_conns ) ;
2020-02-13 13:12:07 -05:00
free ( s - > available_conns ) ;
2019-02-18 10:41:17 -05:00
free ( s - > curr_idle_thr ) ;
2016-12-22 15:16:08 -05:00
2020-03-27 13:55:49 -04:00
if ( s - > use_ssl = = 1 | | s - > check . use_ssl = = 1 | | ( s - > proxy - > options & PR_O_TCPCHK_SSL ) ) {
2016-12-22 15:16:08 -05:00
if ( xprt_get ( XPRT_SSL ) & & xprt_get ( XPRT_SSL ) - > destroy_srv )
xprt_get ( XPRT_SSL ) - > destroy_srv ( s ) ;
}
2017-11-07 04:42:54 -05:00
HA_SPIN_DESTROY ( & s - > lock ) ;
2019-07-31 02:44:12 -04:00
list_for_each_entry ( srvdf , & server_deinit_list , list )
srvdf - > fct ( s ) ;
2006-06-25 20:48:02 -04:00
free ( s ) ;
s = s_next ;
} /* end while(s) */
[MEDIUM] Fix memory freeing at exit
New functions implemented:
- deinit_pollers: called at the end of deinit())
- prune_acl: called via list_for_each_entry_safe
Add missing pool_destroy2 calls:
- p->hdr_idx_pool
- pool2_tree64
Implement all task stopping:
- health-check: needs new "struct task" in the struct server
- queue processing: queue_mgt
- appsess_refresh: appsession_refresh
before (idle system):
==6079== LEAK SUMMARY:
==6079== definitely lost: 1,112 bytes in 75 blocks.
==6079== indirectly lost: 53,356 bytes in 2,090 blocks.
==6079== possibly lost: 52 bytes in 1 blocks.
==6079== still reachable: 150,996 bytes in 504 blocks.
==6079== suppressed: 0 bytes in 0 blocks.
after (idle system):
==6945== LEAK SUMMARY:
==6945== definitely lost: 7,644 bytes in 137 blocks.
==6945== indirectly lost: 9,913 bytes in 587 blocks.
==6945== possibly lost: 0 bytes in 0 blocks.
==6945== still reachable: 0 bytes in 0 blocks.
==6945== suppressed: 0 bytes in 0 blocks.
before (running system for ~2m):
==9343== LEAK SUMMARY:
==9343== definitely lost: 1,112 bytes in 75 blocks.
==9343== indirectly lost: 54,199 bytes in 2,122 blocks.
==9343== possibly lost: 52 bytes in 1 blocks.
==9343== still reachable: 151,128 bytes in 509 blocks.
==9343== suppressed: 0 bytes in 0 blocks.
after (running system for ~2m):
==11616== LEAK SUMMARY:
==11616== definitely lost: 7,644 bytes in 137 blocks.
==11616== indirectly lost: 9,981 bytes in 591 blocks.
==11616== possibly lost: 0 bytes in 0 blocks.
==11616== still reachable: 4 bytes in 1 blocks.
==11616== suppressed: 0 bytes in 0 blocks.
Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
2012-09-20 10:48:07 -04:00
list_for_each_entry_safe ( l , l_next , & p - > conf . listeners , by_fe ) {
2017-04-05 19:05:05 -04:00
/*
* Zombie proxy , the listener just pretend to be up
* because they still hold an opened fd .
* Close it and give the listener its real state .
*/
if ( p - > state = = PR_STSTOPPED & & l - > state > = LI_ZOMBIE ) {
close ( l - > fd ) ;
l - > state = LI_INIT ;
}
2010-09-03 04:38:17 -04:00
unbind_listener ( l ) ;
delete_listener ( l ) ;
2012-09-20 10:48:07 -04:00
LIST_DEL ( & l - > by_fe ) ;
LIST_DEL ( & l - > by_bind ) ;
2010-02-05 14:31:44 -05:00
free ( l - > name ) ;
free ( l - > counters ) ;
2006-06-25 20:48:02 -04:00
free ( l ) ;
2012-09-20 10:48:07 -04:00
}
[MEDIUM] Fix memory freeing at exit
New functions implemented:
- deinit_pollers: called at the end of deinit())
- prune_acl: called via list_for_each_entry_safe
Add missing pool_destroy2 calls:
- p->hdr_idx_pool
- pool2_tree64
Implement all task stopping:
- health-check: needs new "struct task" in the struct server
- queue processing: queue_mgt
- appsess_refresh: appsession_refresh
before (idle system):
==6079== LEAK SUMMARY:
==6079== definitely lost: 1,112 bytes in 75 blocks.
==6079== indirectly lost: 53,356 bytes in 2,090 blocks.
==6079== possibly lost: 52 bytes in 1 blocks.
==6079== still reachable: 150,996 bytes in 504 blocks.
==6079== suppressed: 0 bytes in 0 blocks.
after (idle system):
==6945== LEAK SUMMARY:
==6945== definitely lost: 7,644 bytes in 137 blocks.
==6945== indirectly lost: 9,913 bytes in 587 blocks.
==6945== possibly lost: 0 bytes in 0 blocks.
==6945== still reachable: 0 bytes in 0 blocks.
==6945== suppressed: 0 bytes in 0 blocks.
before (running system for ~2m):
==9343== LEAK SUMMARY:
==9343== definitely lost: 1,112 bytes in 75 blocks.
==9343== indirectly lost: 54,199 bytes in 2,122 blocks.
==9343== possibly lost: 52 bytes in 1 blocks.
==9343== still reachable: 151,128 bytes in 509 blocks.
==9343== suppressed: 0 bytes in 0 blocks.
after (running system for ~2m):
==11616== LEAK SUMMARY:
==11616== definitely lost: 7,644 bytes in 137 blocks.
==11616== indirectly lost: 9,981 bytes in 591 blocks.
==11616== possibly lost: 0 bytes in 0 blocks.
==11616== still reachable: 4 bytes in 1 blocks.
==11616== suppressed: 0 bytes in 0 blocks.
Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
2012-09-20 10:48:07 -04:00
/* Release unused SSL configs. */
2012-09-13 11:54:29 -04:00
list_for_each_entry_safe ( bind_conf , bind_back , & p - > conf . bind , by_fe ) {
2016-12-22 11:30:54 -05:00
if ( bind_conf - > xprt - > destroy_bind_conf )
bind_conf - > xprt - > destroy_bind_conf ( bind_conf ) ;
2012-09-13 11:54:29 -04:00
free ( bind_conf - > file ) ;
free ( bind_conf - > arg ) ;
LIST_DEL ( & bind_conf - > by_fe ) ;
free ( bind_conf ) ;
}
2012-09-07 10:58:00 -04:00
MAJOR: filters: Add filters support
This patch adds the support of filters in HAProxy. The main idea is to have a
way to "easely" extend HAProxy by adding some "modules", called filters, that
will be able to change HAProxy behavior in a programmatic way.
To do so, many entry points has been added in code to let filters to hook up to
different steps of the processing. A filter must define a flt_ops sutrctures
(see include/types/filters.h for details). This structure contains all available
callbacks that a filter can define:
struct flt_ops {
/*
* Callbacks to manage the filter lifecycle
*/
int (*init) (struct proxy *p);
void (*deinit)(struct proxy *p);
int (*check) (struct proxy *p);
/*
* Stream callbacks
*/
void (*stream_start) (struct stream *s);
void (*stream_accept) (struct stream *s);
void (*session_establish)(struct stream *s);
void (*stream_stop) (struct stream *s);
/*
* HTTP callbacks
*/
int (*http_start) (struct stream *s, struct http_msg *msg);
int (*http_start_body) (struct stream *s, struct http_msg *msg);
int (*http_start_chunk) (struct stream *s, struct http_msg *msg);
int (*http_data) (struct stream *s, struct http_msg *msg);
int (*http_last_chunk) (struct stream *s, struct http_msg *msg);
int (*http_end_chunk) (struct stream *s, struct http_msg *msg);
int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg);
int (*http_end_body) (struct stream *s, struct http_msg *msg);
void (*http_end) (struct stream *s, struct http_msg *msg);
void (*http_reset) (struct stream *s, struct http_msg *msg);
int (*http_pre_process) (struct stream *s, struct http_msg *msg);
int (*http_post_process) (struct stream *s, struct http_msg *msg);
void (*http_reply) (struct stream *s, short status,
const struct chunk *msg);
};
To declare and use a filter, in the configuration, the "filter" keyword must be
used in a listener/frontend section:
frontend test
...
filter <FILTER-NAME> [OPTIONS...]
The filter referenced by the <FILTER-NAME> must declare a configuration parser
on its own name to fill flt_ops and filter_conf field in the proxy's
structure. An exemple will be provided later to make it perfectly clear.
For now, filters cannot be used in backend section. But this is only a matter of
time. Documentation will also be added later. This is the first commit of a long
list about filters.
It is possible to have several filters on the same listener/frontend. These
filters are stored in an array of at most MAX_FILTERS elements (define in
include/types/filters.h). Again, this will be replaced later by a list of
filters.
The filter API has been highly refactored. Main changes are:
* Now, HA supports an infinite number of filters per proxy. To do so, filters
are stored in list.
* Because filters are stored in list, filters state has been moved from the
channel structure to the filter structure. This is cleaner because there is no
more info about filters in channel structure.
* It is possible to defined filters on backends only. For such filters,
stream_start/stream_stop callbacks are not called. Of course, it is possible
to mix frontend and backend filters.
* Now, TCP streams are also filtered. All callbacks without the 'http_' prefix
are called for all kind of streams. In addition, 2 new callbacks were added to
filter data exchanged through a TCP stream:
- tcp_data: it is called when new data are available or when old unprocessed
data are still waiting.
- tcp_forward_data: it is called when some data can be consumed.
* New callbacks attached to channel were added:
- channel_start_analyze: it is called when a filter is ready to process data
exchanged through a channel. 2 new analyzers (a frontend and a backend)
are attached to channels to call this callback. For a frontend filter, it
is called before any other analyzer. For a backend filter, it is called
when a backend is attached to a stream. So some processing cannot be
filtered in that case.
- channel_analyze: it is called before each analyzer attached to a channel,
expects analyzers responsible for data sending.
- channel_end_analyze: it is called when all other analyzers have finished
their processing. A new analyzers is attached to channels to call this
callback. For a TCP stream, this is always the last one called. For a HTTP
one, the callback is called when a request/response ends, so it is called
one time for each request/response.
* 'session_established' callback has been removed. Everything that is done in
this callback can be handled by 'channel_start_analyze' on the response
channel.
* 'http_pre_process' and 'http_post_process' callbacks have been replaced by
'channel_analyze'.
* 'http_start' callback has been replaced by 'http_headers'. This new one is
called just before headers sending and parsing of the body.
* 'http_end' callback has been replaced by 'channel_end_analyze'.
* It is possible to set a forwarder for TCP channels. It was already possible to
do it for HTTP ones.
* Forwarders can partially consumed forwardable data. For this reason a new
HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING.
Now all filters can define corresponding callbacks (http_forward_data
and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and
forward, to track, respectively, input data already parsed but not forwarded yet
by the filter and parsed data considered as forwarded by the filter. A any time,
we have the warranty that a filter cannot parse or forward more input than
previous ones. And, of course, it cannot forward more input than it has
parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD.
In addition, 2 functions has been added to change the 'next size' and the
'forward size' of a filter. When a filter parses input data, it can alter these
data, so the size of these data can vary. This action has an effet on all
previous filters that must be handled. To do so, the function
'filter_change_next_size' must be called, passing the size variation. In the
same spirit, if a filter alter forwarded data, it must call the function
'filter_change_forward_size'. 'filter_change_next_size' can be called in
'http_data' and 'tcp_data' callbacks and only these ones. And
'filter_change_forward_size' can be called in 'http_forward_data' and
'tcp_forward_data' callbacks and only these ones. The data changes are the
filter responsability, but with some limitation. It must not change already
parsed/forwarded data or data that previous filters have not parsed/forwarded
yet.
Because filters can be used on backends, when we the backend is set for a
stream, we add filters defined for this backend in the filter list of the
stream. But we must only do that when the backend and the frontend of the stream
are not the same. Else same filters are added a second time leading to undefined
behavior.
The HTTP compression code had to be moved.
So it simplifies http_response_forward_body function. To do so, the way the data
are forwarded has changed. Now, a filter (and only one) can forward data. In a
commit to come, this limitation will be removed to let all filters take part to
data forwarding. There are 2 new functions that filters should use to deal with
this feature:
* flt_set_http_data_forwarder: This function sets the filter (using its id)
that will forward data for the specified HTTP message. It is possible if it
was not already set by another filter _AND_ if no data was yet forwarded
(msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs.
* flt_http_data_forwarder: This function returns the filter id that will
forward data for the specified HTTP message. If there is no forwarder set, it
returns -1.
When an HTTP data forwarder is set for the response, the HTTP compression is
disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
flt_deinit ( p ) ;
2019-07-31 02:44:12 -04:00
list_for_each_entry ( pxdf , & proxy_deinit_list , list )
pxdf - > fct ( p ) ;
2010-02-05 14:31:44 -05:00
free ( p - > desc ) ;
free ( p - > fwdfor_hdr_name ) ;
2019-04-17 16:51:06 -04:00
task_destroy ( p - > task ) ;
2010-01-29 11:58:21 -05:00
2017-11-24 11:34:44 -05:00
pool_destroy ( p - > req_cap_pool ) ;
pool_destroy ( p - > rsp_cap_pool ) ;
2019-05-07 08:16:18 -04:00
if ( p - > table )
pool_destroy ( p - > table - > pool ) ;
2010-01-29 11:50:44 -05:00
2007-05-13 18:39:29 -04:00
p0 = p ;
2006-06-25 20:48:02 -04:00
p = p - > next ;
2017-11-07 04:42:54 -05:00
HA_SPIN_DESTROY ( & p0 - > lbprm . lock ) ;
HA_SPIN_DESTROY ( & p0 - > lock ) ;
2007-05-13 18:39:29 -04:00
free ( p0 ) ;
2006-06-25 20:48:02 -04:00
} /* end while(p) */
2007-10-16 06:25:14 -04:00
2008-05-31 07:53:23 -04:00
while ( ua ) {
uap = ua ;
ua = ua - > next ;
2008-08-03 06:19:50 -04:00
free ( uap - > uri_prefix ) ;
free ( uap - > auth_realm ) ;
2009-10-02 16:51:14 -04:00
free ( uap - > node ) ;
free ( uap - > desc ) ;
2008-05-31 07:53:23 -04:00
2010-01-29 13:29:32 -05:00
userlist_free ( uap - > userlist ) ;
2019-12-17 05:25:46 -05:00
deinit_act_rules ( & uap - > http_req_rules ) ;
2010-01-29 13:29:32 -05:00
2008-05-31 07:53:23 -04:00
free ( uap ) ;
}
2010-01-29 11:50:44 -05:00
userlist_free ( userlist ) ;
2015-09-25 07:02:25 -04:00
cfg_unregister_sections ( ) ;
2017-07-26 09:33:35 -04:00
deinit_log_buffers ( ) ;
2015-09-25 07:02:25 -04:00
2007-10-16 06:25:14 -04:00
protocol_unbind_all ( ) ;
2016-12-21 14:46:26 -05:00
list_for_each_entry ( pdf , & post_deinit_list , list )
pdf - > fct ( ) ;
2010-12-29 11:05:48 -05:00
free ( global . log_send_hostname ) ; global . log_send_hostname = NULL ;
2015-10-01 07:18:13 -04:00
chunk_destroy ( & global . log_tag ) ;
2008-08-03 06:19:50 -04:00
free ( global . chroot ) ; global . chroot = NULL ;
free ( global . pidfile ) ; global . pidfile = NULL ;
2009-10-02 16:51:14 -04:00
free ( global . node ) ; global . node = NULL ;
free ( global . desc ) ; global . desc = NULL ;
2008-08-03 06:19:50 -04:00
free ( oldpids ) ; oldpids = NULL ;
2020-06-18 10:56:47 -04:00
free ( localpeer ) ; localpeer = NULL ;
2019-04-17 16:51:06 -04:00
task_destroy ( idle_conn_task ) ;
2019-02-14 12:29:09 -05:00
idle_conn_task = NULL ;
2008-05-31 07:53:23 -04:00
2011-10-12 11:50:54 -04:00
list_for_each_entry_safe ( log , logb , & global . logsrvs , list ) {
LIST_DEL ( & log - > list ) ;
free ( log ) ;
}
2010-01-03 15:12:30 -05:00
list_for_each_entry_safe ( wl , wlb , & cfg_cfgfiles , list ) {
2016-05-13 17:52:55 -04:00
free ( wl - > s ) ;
2010-01-03 15:12:30 -05:00
LIST_DEL ( & wl - > list ) ;
free ( wl ) ;
}
2016-12-21 12:43:10 -05:00
list_for_each_entry_safe ( bol , bolb , & build_opts_list , list ) {
if ( bol - > must_free )
free ( ( void * ) bol - > str ) ;
LIST_DEL ( & bol - > list ) ;
free ( bol ) ;
}
2016-11-09 05:36:17 -05:00
vars_prune ( & global . vars , NULL , NULL ) ;
2018-11-26 09:57:34 -05:00
pool_destroy_all ( ) ;
[MEDIUM] Fix memory freeing at exit
New functions implemented:
- deinit_pollers: called at the end of deinit())
- prune_acl: called via list_for_each_entry_safe
Add missing pool_destroy2 calls:
- p->hdr_idx_pool
- pool2_tree64
Implement all task stopping:
- health-check: needs new "struct task" in the struct server
- queue processing: queue_mgt
- appsess_refresh: appsession_refresh
before (idle system):
==6079== LEAK SUMMARY:
==6079== definitely lost: 1,112 bytes in 75 blocks.
==6079== indirectly lost: 53,356 bytes in 2,090 blocks.
==6079== possibly lost: 52 bytes in 1 blocks.
==6079== still reachable: 150,996 bytes in 504 blocks.
==6079== suppressed: 0 bytes in 0 blocks.
after (idle system):
==6945== LEAK SUMMARY:
==6945== definitely lost: 7,644 bytes in 137 blocks.
==6945== indirectly lost: 9,913 bytes in 587 blocks.
==6945== possibly lost: 0 bytes in 0 blocks.
==6945== still reachable: 0 bytes in 0 blocks.
==6945== suppressed: 0 bytes in 0 blocks.
before (running system for ~2m):
==9343== LEAK SUMMARY:
==9343== definitely lost: 1,112 bytes in 75 blocks.
==9343== indirectly lost: 54,199 bytes in 2,122 blocks.
==9343== possibly lost: 52 bytes in 1 blocks.
==9343== still reachable: 151,128 bytes in 509 blocks.
==9343== suppressed: 0 bytes in 0 blocks.
after (running system for ~2m):
==11616== LEAK SUMMARY:
==11616== definitely lost: 7,644 bytes in 137 blocks.
==11616== indirectly lost: 9,981 bytes in 591 blocks.
==11616== possibly lost: 0 bytes in 0 blocks.
==11616== still reachable: 4 bytes in 1 blocks.
==11616== suppressed: 0 bytes in 0 blocks.
Still not perfect but significant improvement.
2008-05-29 17:53:44 -04:00
deinit_pollers ( ) ;
2006-06-25 20:48:02 -04:00
} /* end deinit() */
2020-06-15 12:43:46 -04:00
__attribute__ ( ( noreturn ) ) void deinit_and_exit ( int status )
2020-06-13 18:37:41 -04:00
{
deinit ( ) ;
exit ( status ) ;
}
2018-11-06 11:37:16 -05:00
2011-07-25 10:33:49 -04:00
/* Runs the polling loop */
2020-03-03 08:59:56 -05:00
void run_poll_loop ( )
2007-04-08 10:39:58 -04:00
{
2019-05-28 10:44:05 -04:00
int next , wake ;
2007-04-08 10:39:58 -04:00
2008-06-23 08:00:57 -04:00
tv_update_date ( 0 , 1 ) ;
2007-04-08 10:39:58 -04:00
while ( 1 ) {
MINOR: tasks: split wake_expired_tasks() in two parts to avoid useless wakeups
We used to have wake_expired_tasks() wake up tasks and return the next
expiration delay. The problem this causes is that we have to call it just
before poll() in order to consider latest timers, but this also means that
we don't wake up all newly expired tasks upon return from poll(), which
thus systematically requires a second poll() round.
This is visible when running any scheduled task like a health check, as there
are systematically two poll() calls, one with the interval, nothing is done
after it, and another one with a zero delay, and the task is called:
listen test
bind *:8001
server s1 127.0.0.1:1111 check
09:37:38.200959 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8696843}) = 0
09:37:38.200967 epoll_wait(3, [], 200, 1000) = 0
09:37:39.202459 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8712467}) = 0
>> nothing run here, as the expired task was not woken up yet.
09:37:39.202497 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8715766}) = 0
09:37:39.202505 epoll_wait(3, [], 200, 0) = 0
09:37:39.202513 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8719064}) = 0
>> now the expired task was woken up
09:37:39.202522 socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 7
09:37:39.202537 fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
09:37:39.202565 setsockopt(7, SOL_TCP, TCP_NODELAY, [1], 4) = 0
09:37:39.202577 setsockopt(7, SOL_TCP, TCP_QUICKACK, [0], 4) = 0
09:37:39.202585 connect(7, {sa_family=AF_INET, sin_port=htons(1111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress)
09:37:39.202659 epoll_ctl(3, EPOLL_CTL_ADD, 7, {EPOLLOUT, {u32=7, u64=7}}) = 0
09:37:39.202673 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8814713}) = 0
09:37:39.202683 epoll_wait(3, [{EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=7, u64=7}}], 200, 1000) = 1
09:37:39.202693 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8818617}) = 0
09:37:39.202701 getsockopt(7, SOL_SOCKET, SO_ERROR, [111], [4]) = 0
09:37:39.202715 close(7) = 0
Let's instead split the function in two parts:
- the first part, wake_expired_tasks(), called just before
process_runnable_tasks(), wakes up all expired tasks; it doesn't
compute any timeout.
- the second part, next_timer_expiry(), called just before poll(),
only computes the next timeout for the current thread.
Thanks to this, all expired tasks are properly woken up when leaving
poll, and each poll call's timeout remains up to date:
09:41:16.270449 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10223556}) = 0
09:41:16.270457 epoll_wait(3, [], 200, 999) = 0
09:41:17.270130 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10238572}) = 0
09:41:17.270157 socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 7
09:41:17.270194 fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
09:41:17.270204 setsockopt(7, SOL_TCP, TCP_NODELAY, [1], 4) = 0
09:41:17.270216 setsockopt(7, SOL_TCP, TCP_QUICKACK, [0], 4) = 0
09:41:17.270224 connect(7, {sa_family=AF_INET, sin_port=htons(1111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress)
09:41:17.270299 epoll_ctl(3, EPOLL_CTL_ADD, 7, {EPOLLOUT, {u32=7, u64=7}}) = 0
09:41:17.270314 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10337841}) = 0
09:41:17.270323 epoll_wait(3, [{EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=7, u64=7}}], 200, 1000) = 1
09:41:17.270332 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10341860}) = 0
09:41:17.270340 getsockopt(7, SOL_SOCKET, SO_ERROR, [111], [4]) = 0
09:41:17.270367 close(7) = 0
This may be backported to 2.1 and 2.0 though it's unlikely to bring any
user-visible improvement except to clarify debugging.
2019-12-11 02:12:23 -05:00
wake_expired_tasks ( ) ;
2018-06-07 03:46:01 -04:00
/* check if we caught some signals and process them in the
first thread */
2020-06-19 06:06:34 -04:00
if ( signal_queue_len & & tid = = 0 ) {
activity [ tid ] . wake_signal + + ;
2018-06-07 03:46:01 -04:00
signal_process_queue ( ) ;
2020-06-19 06:06:34 -04:00
}
/* Process a few tasks */
process_runnable_tasks ( ) ;
2009-05-10 03:01:21 -04:00
2019-06-02 05:11:29 -04:00
/* also stop if we failed to cleanly stop all tasks */
if ( killed > 1 )
break ;
2015-04-13 14:44:19 -04:00
/* expire immediately if events are pending */
2019-05-28 10:44:05 -04:00
wake = 1 ;
2019-07-24 12:07:06 -04:00
if ( thread_has_tasks ( ) )
2018-01-20 13:30:13 -05:00
activity [ tid ] . wake_tasks + + ;
2018-07-26 11:55:11 -04:00
else {
2019-03-08 12:51:17 -05:00
_HA_ATOMIC_OR ( & sleeping_thread_mask , tid_bit ) ;
__ha_barrier_atomic_store ( ) ;
2020-03-23 04:33:32 -04:00
if ( thread_has_tasks ( ) ) {
2018-07-26 11:55:11 -04:00
activity [ tid ] . wake_tasks + + ;
2019-03-08 12:51:17 -05:00
_HA_ATOMIC_AND ( & sleeping_thread_mask , ~ tid_bit ) ;
2018-07-26 11:55:11 -04:00
} else
2019-05-28 10:44:05 -04:00
wake = 0 ;
2018-07-26 11:55:11 -04:00
}
2015-04-13 14:44:19 -04:00
2020-03-23 04:27:28 -04:00
if ( ! wake ) {
BUG/MINOR: soft-stop: always wake up waiting threads on stopping
Currently the soft-stop can lead to old processes remaining alive for as
long as two seconds after receiving a soft-stop signal. What happens is
that when receiving SIGUSR1, one thread (usually the first one) wakes up,
handles the signal, sets "stopping", goes into runn_poll_loop(), and
discovers that stopping is set, so its also sets itself in the
stopping_thread_mask bit mask. After this it sees that other threads are
not yet willing to stop, so it continues to wait.
From there, other threads which were waiting in poll() expire after one
second on poll timeout and enter run_poll_loop() in turn. That's already
one second of wait time. They discover each in turn that they're stopping
and see that other threads are not yet stopping, so they go back waiting.
After the end of the first second, all threads know they're stopping and
have set their bit in stopping_thread_mask. It's only now that those who
started to wait first wake up again on timeout to discover that all other
ones are stopping, and can now quit. One second later all threads will
have done it and the process will quit.
This is effectively strictly larger than one second and up to two seconds.
What the current patch does is simple, when the first thread stops, it sets
its own bit into stopping_thread_mask then wakes up all other threads to do
also set theirs. This kills the first second which corresponds to the time
to discover the stopping state. Second, when a thread exists, it wakes all
other ones again because some might have gone back sleeping waiting for
"jobs" to go down to zero (i.e. closing the last connection). This kills
the last second of wait time.
Thanks to this, as SIGUSR1 now acts instantly again if there's no active
connection, or it stops immediately after the last connection has left if
one was still present.
This should be backported as far as 2.0.
2020-05-13 07:51:01 -04:00
int i ;
if ( stopping ) {
2020-05-13 08:30:25 -04:00
if ( _HA_ATOMIC_OR ( & stopping_thread_mask , tid_bit ) = = tid_bit ) {
/* notify all threads that stopping was just set */
for ( i = 0 ; i < global . nbthread ; i + + )
2020-06-29 13:23:19 -04:00
if ( ( ( all_threads_mask & ~ stopping_thread_mask ) > > i ) & 1 )
2020-05-13 08:30:25 -04:00
wake_thread ( i ) ;
}
BUG/MINOR: soft-stop: always wake up waiting threads on stopping
Currently the soft-stop can lead to old processes remaining alive for as
long as two seconds after receiving a soft-stop signal. What happens is
that when receiving SIGUSR1, one thread (usually the first one) wakes up,
handles the signal, sets "stopping", goes into runn_poll_loop(), and
discovers that stopping is set, so its also sets itself in the
stopping_thread_mask bit mask. After this it sees that other threads are
not yet willing to stop, so it continues to wait.
From there, other threads which were waiting in poll() expire after one
second on poll timeout and enter run_poll_loop() in turn. That's already
one second of wait time. They discover each in turn that they're stopping
and see that other threads are not yet stopping, so they go back waiting.
After the end of the first second, all threads know they're stopping and
have set their bit in stopping_thread_mask. It's only now that those who
started to wait first wake up again on timeout to discover that all other
ones are stopping, and can now quit. One second later all threads will
have done it and the process will quit.
This is effectively strictly larger than one second and up to two seconds.
What the current patch does is simple, when the first thread stops, it sets
its own bit into stopping_thread_mask then wakes up all other threads to do
also set theirs. This kills the first second which corresponds to the time
to discover the stopping state. Second, when a thread exists, it wakes all
other ones again because some might have gone back sleeping waiting for
"jobs" to go down to zero (i.e. closing the last connection). This kills
the last second of wait time.
Thanks to this, as SIGUSR1 now acts instantly again if there's no active
connection, or it stops immediately after the last connection has left if
one was still present.
This should be backported as far as 2.0.
2020-05-13 07:51:01 -04:00
}
2020-03-23 04:27:28 -04:00
/* stop when there's nothing left to do */
if ( ( jobs - unstoppable_jobs ) = = 0 & &
BUG/MINOR: soft-stop: always wake up waiting threads on stopping
Currently the soft-stop can lead to old processes remaining alive for as
long as two seconds after receiving a soft-stop signal. What happens is
that when receiving SIGUSR1, one thread (usually the first one) wakes up,
handles the signal, sets "stopping", goes into runn_poll_loop(), and
discovers that stopping is set, so its also sets itself in the
stopping_thread_mask bit mask. After this it sees that other threads are
not yet willing to stop, so it continues to wait.
From there, other threads which were waiting in poll() expire after one
second on poll timeout and enter run_poll_loop() in turn. That's already
one second of wait time. They discover each in turn that they're stopping
and see that other threads are not yet stopping, so they go back waiting.
After the end of the first second, all threads know they're stopping and
have set their bit in stopping_thread_mask. It's only now that those who
started to wait first wake up again on timeout to discover that all other
ones are stopping, and can now quit. One second later all threads will
have done it and the process will quit.
This is effectively strictly larger than one second and up to two seconds.
What the current patch does is simple, when the first thread stops, it sets
its own bit into stopping_thread_mask then wakes up all other threads to do
also set theirs. This kills the first second which corresponds to the time
to discover the stopping state. Second, when a thread exists, it wakes all
other ones again because some might have gone back sleeping waiting for
"jobs" to go down to zero (i.e. closing the last connection). This kills
the last second of wait time.
Thanks to this, as SIGUSR1 now acts instantly again if there's no active
connection, or it stops immediately after the last connection has left if
one was still present.
This should be backported as far as 2.0.
2020-05-13 07:51:01 -04:00
( stopping_thread_mask & all_threads_mask ) = = all_threads_mask ) {
/* wake all threads waiting on jobs==0 */
for ( i = 0 ; i < global . nbthread ; i + + )
if ( ( ( all_threads_mask & ~ tid_bit ) > > i ) & 1 )
wake_thread ( i ) ;
2020-03-23 04:27:28 -04:00
break ;
BUG/MINOR: soft-stop: always wake up waiting threads on stopping
Currently the soft-stop can lead to old processes remaining alive for as
long as two seconds after receiving a soft-stop signal. What happens is
that when receiving SIGUSR1, one thread (usually the first one) wakes up,
handles the signal, sets "stopping", goes into runn_poll_loop(), and
discovers that stopping is set, so its also sets itself in the
stopping_thread_mask bit mask. After this it sees that other threads are
not yet willing to stop, so it continues to wait.
From there, other threads which were waiting in poll() expire after one
second on poll timeout and enter run_poll_loop() in turn. That's already
one second of wait time. They discover each in turn that they're stopping
and see that other threads are not yet stopping, so they go back waiting.
After the end of the first second, all threads know they're stopping and
have set their bit in stopping_thread_mask. It's only now that those who
started to wait first wake up again on timeout to discover that all other
ones are stopping, and can now quit. One second later all threads will
have done it and the process will quit.
This is effectively strictly larger than one second and up to two seconds.
What the current patch does is simple, when the first thread stops, it sets
its own bit into stopping_thread_mask then wakes up all other threads to do
also set theirs. This kills the first second which corresponds to the time
to discover the stopping state. Second, when a thread exists, it wakes all
other ones again because some might have gone back sleeping waiting for
"jobs" to go down to zero (i.e. closing the last connection). This kills
the last second of wait time.
Thanks to this, as SIGUSR1 now acts instantly again if there's no active
connection, or it stops immediately after the last connection has left if
one was still present.
This should be backported as far as 2.0.
2020-05-13 07:51:01 -04:00
}
2020-03-23 04:27:28 -04:00
}
MINOR: tasks: split wake_expired_tasks() in two parts to avoid useless wakeups
We used to have wake_expired_tasks() wake up tasks and return the next
expiration delay. The problem this causes is that we have to call it just
before poll() in order to consider latest timers, but this also means that
we don't wake up all newly expired tasks upon return from poll(), which
thus systematically requires a second poll() round.
This is visible when running any scheduled task like a health check, as there
are systematically two poll() calls, one with the interval, nothing is done
after it, and another one with a zero delay, and the task is called:
listen test
bind *:8001
server s1 127.0.0.1:1111 check
09:37:38.200959 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8696843}) = 0
09:37:38.200967 epoll_wait(3, [], 200, 1000) = 0
09:37:39.202459 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8712467}) = 0
>> nothing run here, as the expired task was not woken up yet.
09:37:39.202497 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8715766}) = 0
09:37:39.202505 epoll_wait(3, [], 200, 0) = 0
09:37:39.202513 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8719064}) = 0
>> now the expired task was woken up
09:37:39.202522 socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 7
09:37:39.202537 fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
09:37:39.202565 setsockopt(7, SOL_TCP, TCP_NODELAY, [1], 4) = 0
09:37:39.202577 setsockopt(7, SOL_TCP, TCP_QUICKACK, [0], 4) = 0
09:37:39.202585 connect(7, {sa_family=AF_INET, sin_port=htons(1111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress)
09:37:39.202659 epoll_ctl(3, EPOLL_CTL_ADD, 7, {EPOLLOUT, {u32=7, u64=7}}) = 0
09:37:39.202673 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8814713}) = 0
09:37:39.202683 epoll_wait(3, [{EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=7, u64=7}}], 200, 1000) = 1
09:37:39.202693 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=8818617}) = 0
09:37:39.202701 getsockopt(7, SOL_SOCKET, SO_ERROR, [111], [4]) = 0
09:37:39.202715 close(7) = 0
Let's instead split the function in two parts:
- the first part, wake_expired_tasks(), called just before
process_runnable_tasks(), wakes up all expired tasks; it doesn't
compute any timeout.
- the second part, next_timer_expiry(), called just before poll(),
only computes the next timeout for the current thread.
Thanks to this, all expired tasks are properly woken up when leaving
poll, and each poll call's timeout remains up to date:
09:41:16.270449 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10223556}) = 0
09:41:16.270457 epoll_wait(3, [], 200, 999) = 0
09:41:17.270130 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10238572}) = 0
09:41:17.270157 socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 7
09:41:17.270194 fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
09:41:17.270204 setsockopt(7, SOL_TCP, TCP_NODELAY, [1], 4) = 0
09:41:17.270216 setsockopt(7, SOL_TCP, TCP_QUICKACK, [0], 4) = 0
09:41:17.270224 connect(7, {sa_family=AF_INET, sin_port=htons(1111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress)
09:41:17.270299 epoll_ctl(3, EPOLL_CTL_ADD, 7, {EPOLLOUT, {u32=7, u64=7}}) = 0
09:41:17.270314 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10337841}) = 0
09:41:17.270323 epoll_wait(3, [{EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=7, u64=7}}], 200, 1000) = 1
09:41:17.270332 clock_gettime(CLOCK_THREAD_CPUTIME_ID, {tv_sec=0, tv_nsec=10341860}) = 0
09:41:17.270340 getsockopt(7, SOL_SOCKET, SO_ERROR, [111], [4]) = 0
09:41:17.270367 close(7) = 0
This may be backported to 2.1 and 2.0 though it's unlikely to bring any
user-visible improvement except to clarify debugging.
2019-12-11 02:12:23 -05:00
/* If we have to sleep, measure how long */
next = wake ? TICK_ETERNITY : next_timer_expiry ( ) ;
2008-06-29 16:40:23 -04:00
/* The poller will ensure it returns around <next> */
2019-05-28 10:44:05 -04:00
cur_poller . poll ( & cur_poller , next , wake ) ;
2017-10-03 08:46:45 -04:00
2018-01-20 13:30:13 -05:00
activity [ tid ] . loops + + ;
2007-04-08 10:39:58 -04:00
}
}
MAJOR: threads: Start threads to experiment multithreading
[WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be
broken for a while, when compiled with threads.
When nbthread parameter is greater than 1, HAProxy will create the corresponding
number of threads. If nbthread is set to 1, nothing should be done. So if there
are concurrency issues (and be sure there will be, unfortunatly), an obvious
workaround is to disable the multithreading...
Each created threads will run a polling loop. So, in a certain way, it is pretty
similar to the nbproc mode ("outside" the bugs and the lock
contention). Nevertheless, there are an init and a deinit steps for each thread
to deal with per-thread allocation.
Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in
many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
static void * run_thread_poll_loop ( void * data )
{
2019-05-22 08:42:12 -04:00
struct per_thread_alloc_fct * ptaf ;
MAJOR: threads: Start threads to experiment multithreading
[WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be
broken for a while, when compiled with threads.
When nbthread parameter is greater than 1, HAProxy will create the corresponding
number of threads. If nbthread is set to 1, nothing should be done. So if there
are concurrency issues (and be sure there will be, unfortunatly), an obvious
workaround is to disable the multithreading...
Each created threads will run a polling loop. So, in a certain way, it is pretty
similar to the nbproc mode ("outside" the bugs and the lock
contention). Nevertheless, there are an init and a deinit steps for each thread
to deal with per-thread allocation.
Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in
many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
struct per_thread_init_fct * ptif ;
struct per_thread_deinit_fct * ptdf ;
2019-05-22 08:42:12 -04:00
struct per_thread_free_fct * ptff ;
MEDIUM: init/threads: don't use spinlocks during the init phase
PiBa-NL found some pathological cases where starting threads can hinder
each other and cause a measurable slow down. This problem is reproducible
with the following config (haproxy must be built with -DDEBUG_DEV) :
global
stats socket /tmp/sock1 mode 666 level admin
nbthread 64
backend stopme
timeout server 1s
option tcp-check
tcp-check send "debug dev exit\n"
server cli unix@/tmp/sock1 check
This will cause the process to be stopped once the checks are ready to
start. Binding all these to just a few cores magnifies the problem.
Starting them in loops shows a significant time difference among the
commits :
# before startup serialization
$ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e186161 -db -f slow-init.cfg >/dev/null 2>&1; done
real 0m1.581s
user 0m0.621s
sys 0m5.339s
# after startup serialization
$ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e4d7c9dd -db -f slow-init.cfg >/dev/null 2>&1; done
real 0m2.366s
user 0m0.894s
sys 0m8.238s
In order to address this, let's use plain mutexes and cond_wait during
the init phase. With this done, waiting threads now sleep and the problem
completely disappeared :
$ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy -db -f slow-init.cfg >/dev/null 2>&1; done
real 0m0.161s
user 0m0.079s
sys 0m0.149s
2019-06-11 03:16:41 -04:00
static int init_left = 0 ;
2020-06-05 02:40:51 -04:00
__decl_thread ( static pthread_mutex_t init_mutex = PTHREAD_MUTEX_INITIALIZER ) ;
__decl_thread ( static pthread_cond_t init_cond = PTHREAD_COND_INITIALIZER ) ;
MAJOR: threads: Start threads to experiment multithreading
[WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be
broken for a while, when compiled with threads.
When nbthread parameter is greater than 1, HAProxy will create the corresponding
number of threads. If nbthread is set to 1, nothing should be done. So if there
are concurrency issues (and be sure there will be, unfortunatly), an obvious
workaround is to disable the multithreading...
Each created threads will run a polling loop. So, in a certain way, it is pretty
similar to the nbproc mode ("outside" the bugs and the lock
contention). Nevertheless, there are an init and a deinit steps for each thread
to deal with per-thread allocation.
Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in
many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
2019-05-03 03:27:30 -04:00
ha_set_tid ( ( unsigned long ) data ) ;
2019-09-24 02:25:15 -04:00
sched = & task_per_thread [ tid ] ;
2019-05-03 11:21:18 -04:00
2019-05-21 13:46:58 -04:00
# if (_POSIX_TIMERS > 0) && defined(_POSIX_THREAD_CPUTIME)
2019-05-03 11:21:18 -04:00
# ifdef USE_THREAD
2019-05-20 12:57:53 -04:00
pthread_getcpuclockid ( pthread_self ( ) , & ti - > clock_id ) ;
2019-05-20 14:23:06 -04:00
# else
2019-05-20 12:57:53 -04:00
ti - > clock_id = CLOCK_THREAD_CPUTIME_ID ;
2019-05-21 09:14:08 -04:00
# endif
2019-05-03 11:21:18 -04:00
# endif
2019-06-07 08:41:11 -04:00
/* Now, initialize one thread init at a time. This is better since
* some init code is a bit tricky and may release global resources
* after reallocating them locally . This will also ensure there is
* no race on file descriptors allocation .
*/
MEDIUM: init/threads: don't use spinlocks during the init phase
PiBa-NL found some pathological cases where starting threads can hinder
each other and cause a measurable slow down. This problem is reproducible
with the following config (haproxy must be built with -DDEBUG_DEV) :
global
stats socket /tmp/sock1 mode 666 level admin
nbthread 64
backend stopme
timeout server 1s
option tcp-check
tcp-check send "debug dev exit\n"
server cli unix@/tmp/sock1 check
This will cause the process to be stopped once the checks are ready to
start. Binding all these to just a few cores magnifies the problem.
Starting them in loops shows a significant time difference among the
commits :
# before startup serialization
$ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e186161 -db -f slow-init.cfg >/dev/null 2>&1; done
real 0m1.581s
user 0m0.621s
sys 0m5.339s
# after startup serialization
$ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e4d7c9dd -db -f slow-init.cfg >/dev/null 2>&1; done
real 0m2.366s
user 0m0.894s
sys 0m8.238s
In order to address this, let's use plain mutexes and cond_wait during
the init phase. With this done, waiting threads now sleep and the problem
completely disappeared :
$ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy -db -f slow-init.cfg >/dev/null 2>&1; done
real 0m0.161s
user 0m0.079s
sys 0m0.149s
2019-06-11 03:16:41 -04:00
# ifdef USE_THREAD
pthread_mutex_lock ( & init_mutex ) ;
# endif
/* The first thread must set the number of threads left */
if ( ! init_left )
init_left = global . nbthread ;
init_left - - ;
2019-05-03 11:21:18 -04:00
MAJOR: threads: Start threads to experiment multithreading
[WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be
broken for a while, when compiled with threads.
When nbthread parameter is greater than 1, HAProxy will create the corresponding
number of threads. If nbthread is set to 1, nothing should be done. So if there
are concurrency issues (and be sure there will be, unfortunatly), an obvious
workaround is to disable the multithreading...
Each created threads will run a polling loop. So, in a certain way, it is pretty
similar to the nbproc mode ("outside" the bugs and the lock
contention). Nevertheless, there are an init and a deinit steps for each thread
to deal with per-thread allocation.
Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in
many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
tv_update_date ( - 1 , - 1 ) ;
2019-05-22 08:42:12 -04:00
/* per-thread alloc calls performed here are not allowed to snoop on
* other threads , so they are free to initialize at their own rhythm
* as long as they act as if they were alone . None of them may rely
* on resources initialized by the other ones .
*/
list_for_each_entry ( ptaf , & per_thread_alloc_list , list ) {
if ( ! ptaf - > fct ( ) ) {
ha_alert ( " failed to allocate resources for thread %u. \n " , tid ) ;
exit ( 1 ) ;
}
}
2019-05-20 04:50:43 -04:00
/* per-thread init calls performed here are not allowed to snoop on
* other threads , so they are free to initialize at their own rhythm
* as long as they act as if they were alone .
*/
MAJOR: threads: Start threads to experiment multithreading
[WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be
broken for a while, when compiled with threads.
When nbthread parameter is greater than 1, HAProxy will create the corresponding
number of threads. If nbthread is set to 1, nothing should be done. So if there
are concurrency issues (and be sure there will be, unfortunatly), an obvious
workaround is to disable the multithreading...
Each created threads will run a polling loop. So, in a certain way, it is pretty
similar to the nbproc mode ("outside" the bugs and the lock
contention). Nevertheless, there are an init and a deinit steps for each thread
to deal with per-thread allocation.
Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in
many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
list_for_each_entry ( ptif , & per_thread_init_list , list ) {
if ( ! ptif - > fct ( ) ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " failed to initialize thread %u. \n " , tid ) ;
MAJOR: threads: Start threads to experiment multithreading
[WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be
broken for a while, when compiled with threads.
When nbthread parameter is greater than 1, HAProxy will create the corresponding
number of threads. If nbthread is set to 1, nothing should be done. So if there
are concurrency issues (and be sure there will be, unfortunatly), an obvious
workaround is to disable the multithreading...
Each created threads will run a polling loop. So, in a certain way, it is pretty
similar to the nbproc mode ("outside" the bugs and the lock
contention). Nevertheless, there are an init and a deinit steps for each thread
to deal with per-thread allocation.
Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in
many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
exit ( 1 ) ;
}
}
BUG/MEDIUM: init/threads: prevent initialized threads from starting before others
Since commit 6ec902a ("MINOR: threads: serialize threads initialization")
we now serialize threads initialization. But doing so has emphasized another
race which is that some threads may actually start the loop before others
are done initializing.
As soon as all threads enter the first thread_release() call, their rdv
bit is cleared and they're all waiting for all others' rdv to be cleared
as well, with their harmless bit set. The first one to notice the cleared
mask will progress through thread_isolate(), take rdv again preventing
most others from noticing its short pass to zero, and this first one will
be able to run all the way through the initialization till the last call
to thread_release() which it happily crosses, being the only one with the
rdv bit, leaving the room for one or a few others to do the same. This
results in some threads entering the loop before others are done with
their initialization, which is particularly bad. PiBa-NL reported that
some regtests fail for him due to this (which was impossible to reproduce
here, but races are racy by definition). However placing some printf()
in the initialization code definitely shows this unsychronized startup.
This patch takes a different approach in three steps :
- first, we don't start with thread_release() anymore and we don't
set the rdv mask anymore in the main call. This was initially done
to let all threads start toghether, which we don't want. Instead
we just start with thread_isolate(). Since all threads are harmful
by default, they all wait for each other's readiness before starting.
- second, we don't release with thread_release() but with
thread_sync_release(), meaning that we don't leave the function until
other ones have reached the point in the function where they decide
to leave it as well.
- third, it makes sure we don't start the listeners using
protocol_enable_all() before all threads have allocated their local
FD tables or have initialized their pollers, otherwise startup could
be racy as well. It's worth noting that it is even possible to limit
this call to thread #0 as it only needs to be performed once.
This now guarantees that all thread init calls start only after all threads
are ready, and that no thread enters the polling loop before all others have
completed their initialization.
Please check GH issues #111 and #117 for more context.
No backport is needed, though if some new init races are reported in
1.9 (or even 1.8) which do not affect 2.0, then it may make sense to
carefully backport this small series.
2019-06-10 03:51:04 -04:00
/* enabling protocols will result in fd_insert() calls to be performed,
* we want all threads to have already allocated their local fd tables
MEDIUM: init/threads: don't use spinlocks during the init phase
PiBa-NL found some pathological cases where starting threads can hinder
each other and cause a measurable slow down. This problem is reproducible
with the following config (haproxy must be built with -DDEBUG_DEV) :
global
stats socket /tmp/sock1 mode 666 level admin
nbthread 64
backend stopme
timeout server 1s
option tcp-check
tcp-check send "debug dev exit\n"
server cli unix@/tmp/sock1 check
This will cause the process to be stopped once the checks are ready to
start. Binding all these to just a few cores magnifies the problem.
Starting them in loops shows a significant time difference among the
commits :
# before startup serialization
$ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e186161 -db -f slow-init.cfg >/dev/null 2>&1; done
real 0m1.581s
user 0m0.621s
sys 0m5.339s
# after startup serialization
$ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e4d7c9dd -db -f slow-init.cfg >/dev/null 2>&1; done
real 0m2.366s
user 0m0.894s
sys 0m8.238s
In order to address this, let's use plain mutexes and cond_wait during
the init phase. With this done, waiting threads now sleep and the problem
completely disappeared :
$ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy -db -f slow-init.cfg >/dev/null 2>&1; done
real 0m0.161s
user 0m0.079s
sys 0m0.149s
2019-06-11 03:16:41 -04:00
* before doing so , thus only the last thread does it .
BUG/MEDIUM: init/threads: prevent initialized threads from starting before others
Since commit 6ec902a ("MINOR: threads: serialize threads initialization")
we now serialize threads initialization. But doing so has emphasized another
race which is that some threads may actually start the loop before others
are done initializing.
As soon as all threads enter the first thread_release() call, their rdv
bit is cleared and they're all waiting for all others' rdv to be cleared
as well, with their harmless bit set. The first one to notice the cleared
mask will progress through thread_isolate(), take rdv again preventing
most others from noticing its short pass to zero, and this first one will
be able to run all the way through the initialization till the last call
to thread_release() which it happily crosses, being the only one with the
rdv bit, leaving the room for one or a few others to do the same. This
results in some threads entering the loop before others are done with
their initialization, which is particularly bad. PiBa-NL reported that
some regtests fail for him due to this (which was impossible to reproduce
here, but races are racy by definition). However placing some printf()
in the initialization code definitely shows this unsychronized startup.
This patch takes a different approach in three steps :
- first, we don't start with thread_release() anymore and we don't
set the rdv mask anymore in the main call. This was initially done
to let all threads start toghether, which we don't want. Instead
we just start with thread_isolate(). Since all threads are harmful
by default, they all wait for each other's readiness before starting.
- second, we don't release with thread_release() but with
thread_sync_release(), meaning that we don't leave the function until
other ones have reached the point in the function where they decide
to leave it as well.
- third, it makes sure we don't start the listeners using
protocol_enable_all() before all threads have allocated their local
FD tables or have initialized their pollers, otherwise startup could
be racy as well. It's worth noting that it is even possible to limit
this call to thread #0 as it only needs to be performed once.
This now guarantees that all thread init calls start only after all threads
are ready, and that no thread enters the polling loop before all others have
completed their initialization.
Please check GH issues #111 and #117 for more context.
No backport is needed, though if some new init races are reported in
1.9 (or even 1.8) which do not affect 2.0, then it may make sense to
carefully backport this small series.
2019-06-10 03:51:04 -04:00
*/
MEDIUM: init/threads: don't use spinlocks during the init phase
PiBa-NL found some pathological cases where starting threads can hinder
each other and cause a measurable slow down. This problem is reproducible
with the following config (haproxy must be built with -DDEBUG_DEV) :
global
stats socket /tmp/sock1 mode 666 level admin
nbthread 64
backend stopme
timeout server 1s
option tcp-check
tcp-check send "debug dev exit\n"
server cli unix@/tmp/sock1 check
This will cause the process to be stopped once the checks are ready to
start. Binding all these to just a few cores magnifies the problem.
Starting them in loops shows a significant time difference among the
commits :
# before startup serialization
$ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e186161 -db -f slow-init.cfg >/dev/null 2>&1; done
real 0m1.581s
user 0m0.621s
sys 0m5.339s
# after startup serialization
$ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e4d7c9dd -db -f slow-init.cfg >/dev/null 2>&1; done
real 0m2.366s
user 0m0.894s
sys 0m8.238s
In order to address this, let's use plain mutexes and cond_wait during
the init phase. With this done, waiting threads now sleep and the problem
completely disappeared :
$ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy -db -f slow-init.cfg >/dev/null 2>&1; done
real 0m0.161s
user 0m0.079s
sys 0m0.149s
2019-06-11 03:16:41 -04:00
if ( init_left = = 0 )
2019-06-10 04:14:52 -04:00
protocol_enable_all ( ) ;
2019-06-07 08:41:11 -04:00
MEDIUM: init/threads: don't use spinlocks during the init phase
PiBa-NL found some pathological cases where starting threads can hinder
each other and cause a measurable slow down. This problem is reproducible
with the following config (haproxy must be built with -DDEBUG_DEV) :
global
stats socket /tmp/sock1 mode 666 level admin
nbthread 64
backend stopme
timeout server 1s
option tcp-check
tcp-check send "debug dev exit\n"
server cli unix@/tmp/sock1 check
This will cause the process to be stopped once the checks are ready to
start. Binding all these to just a few cores magnifies the problem.
Starting them in loops shows a significant time difference among the
commits :
# before startup serialization
$ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e186161 -db -f slow-init.cfg >/dev/null 2>&1; done
real 0m1.581s
user 0m0.621s
sys 0m5.339s
# after startup serialization
$ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy-e4d7c9dd -db -f slow-init.cfg >/dev/null 2>&1; done
real 0m2.366s
user 0m0.894s
sys 0m8.238s
In order to address this, let's use plain mutexes and cond_wait during
the init phase. With this done, waiting threads now sleep and the problem
completely disappeared :
$ time for i in {1..20}; do taskset -c 0,1,2,3 ./haproxy -db -f slow-init.cfg >/dev/null 2>&1; done
real 0m0.161s
user 0m0.079s
sys 0m0.149s
2019-06-11 03:16:41 -04:00
# ifdef USE_THREAD
pthread_cond_broadcast ( & init_cond ) ;
pthread_mutex_unlock ( & init_mutex ) ;
/* now wait for other threads to finish starting */
pthread_mutex_lock ( & init_mutex ) ;
while ( init_left )
pthread_cond_wait ( & init_cond , & init_mutex ) ;
pthread_mutex_unlock ( & init_mutex ) ;
# endif
2019-05-20 04:50:43 -04:00
2019-12-06 10:31:45 -05:00
# if defined(PR_SET_NO_NEW_PRIVS) && defined(USE_PRCTL)
/* Let's refrain from using setuid executables. This way the impact of
* an eventual vulnerability in a library remains limited . It may
* impact external checks but who cares about them anyway ? In the
* worst case it ' s possible to disable the option . Obviously we do this
* in workers only . We can ' t hard - fail on this one as it really is
* implementation dependent though we ' re interested in feedback , hence
* the warning .
*/
if ( ! ( global . tune . options & GTUNE_INSECURE_SETUID ) & & ! master ) {
static int warn_fail ;
if ( prctl ( PR_SET_NO_NEW_PRIVS , 1 , 0 , 0 , 0 ) = = - 1 & & ! _HA_ATOMIC_XADD ( & warn_fail , 1 ) ) {
ha_warning ( " Failed to disable setuid, please report to developers with detailed "
" information about your operating system. You can silence this warning "
" by adding 'insecure-setuid-wanted' in the 'global' section. \n " ) ;
}
}
# endif
MEDIUM: init: prevent process and thread creation at runtime
Some concerns are regularly raised about the risk to inherit some Lua
files which make use of a fork (e.g. via os.execute()) as well as
whether or not some of bugs we fix might or not be exploitable to run
some code. Given that haproxy is event-driven, any foreground activity
completely stops processing and is easy to detect, but background
activity is a different story. A Lua script could very well discretely
fork a sub-process connecting to a remote location and taking commands,
and some injected code could also try to hide its activity by creating
a process or a thread without blocking the rest of the processing. While
such activities should be extremely limited when run in an empty chroot
without any permission, it would be better to get a higher assurance
they cannot happen.
This patch introduces something very simple: it limits the number of
processes and threads to zero in the workers after the last thread was
created. By doing so, it effectively instructs the system to fail on
any fork() or clone() syscall. Thus any undesired activity has to happen
in the foreground and is way easier to detect.
This will obviously break external checks (whose concept is already
totally insecure), and for this reason a new option
"insecure-fork-wanted" was added to disable this protection, and it
is suggested in the fork() error report from the checks. It is
obviously recommended not to use it and to reconsider the reasons
leading to it being enabled in the first place.
If for any reason we fail to disable forks, we still start because it
could be imaginable that some operating systems refuse to set this
limit to zero, but in this case we emit a warning, that may or may not
be reported since we're after the fork point. Ideally over the long
term it should be conditionned by strict-limits and cause a hard fail.
2019-12-03 01:07:36 -05:00
# if defined(RLIMIT_NPROC)
/* all threads have started, it's now time to prevent any new thread
* or process from starting . Obviously we do this in workers only . We
* can ' t hard - fail on this one as it really is implementation dependent
* though we ' re interested in feedback , hence the warning .
*/
if ( ! ( global . tune . options & GTUNE_INSECURE_FORK ) & & ! master ) {
struct rlimit limit = { . rlim_cur = 0 , . rlim_max = 0 } ;
static int warn_fail ;
if ( setrlimit ( RLIMIT_NPROC , & limit ) = = - 1 & & ! _HA_ATOMIC_XADD ( & warn_fail , 1 ) ) {
ha_warning ( " Failed to disable forks, please report to developers with detailed "
" information about your operating system. You can silence this warning "
" by adding 'insecure-fork-wanted' in the 'global' section. \n " ) ;
}
}
# endif
MAJOR: threads: Start threads to experiment multithreading
[WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be
broken for a while, when compiled with threads.
When nbthread parameter is greater than 1, HAProxy will create the corresponding
number of threads. If nbthread is set to 1, nothing should be done. So if there
are concurrency issues (and be sure there will be, unfortunatly), an obvious
workaround is to disable the multithreading...
Each created threads will run a polling loop. So, in a certain way, it is pretty
similar to the nbproc mode ("outside" the bugs and the lock
contention). Nevertheless, there are an init and a deinit steps for each thread
to deal with per-thread allocation.
Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in
many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
run_poll_loop ( ) ;
list_for_each_entry ( ptdf , & per_thread_deinit_list , list )
ptdf - > fct ( ) ;
2019-05-22 08:42:12 -04:00
list_for_each_entry ( ptff , & per_thread_free_list , list )
ptff - > fct ( ) ;
2017-10-27 07:53:47 -04:00
# ifdef USE_THREAD
2019-03-08 12:51:17 -05:00
_HA_ATOMIC_AND ( & all_threads_mask , ~ tid_bit ) ;
2017-10-27 07:53:47 -04:00
if ( tid > 0 )
pthread_exit ( NULL ) ;
MAJOR: threads: Start threads to experiment multithreading
[WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be
broken for a while, when compiled with threads.
When nbthread parameter is greater than 1, HAProxy will create the corresponding
number of threads. If nbthread is set to 1, nothing should be done. So if there
are concurrency issues (and be sure there will be, unfortunatly), an obvious
workaround is to disable the multithreading...
Each created threads will run a polling loop. So, in a certain way, it is pretty
similar to the nbproc mode ("outside" the bugs and the lock
contention). Nevertheless, there are an init and a deinit steps for each thread
to deal with per-thread allocation.
Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in
many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
# endif
2017-10-27 07:53:47 -04:00
return NULL ;
}
MAJOR: threads: Start threads to experiment multithreading
[WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be
broken for a while, when compiled with threads.
When nbthread parameter is greater than 1, HAProxy will create the corresponding
number of threads. If nbthread is set to 1, nothing should be done. So if there
are concurrency issues (and be sure there will be, unfortunatly), an obvious
workaround is to disable the multithreading...
Each created threads will run a polling loop. So, in a certain way, it is pretty
similar to the nbproc mode ("outside" the bugs and the lock
contention). Nevertheless, there are an init and a deinit steps for each thread
to deal with per-thread allocation.
Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in
many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
2019-11-17 09:47:16 -05:00
/* set uid/gid depending on global settings */
static void set_identity ( const char * program_name )
{
if ( global . gid ) {
if ( getgroups ( 0 , NULL ) > 0 & & setgroups ( 0 , NULL ) = = - 1 )
ha_warning ( " [%s.main()] Failed to drop supplementary groups. Using 'gid'/'group' "
" without 'uid'/'user' is generally useless. \n " , program_name ) ;
if ( setgid ( global . gid ) = = - 1 ) {
ha_alert ( " [%s.main()] Cannot set gid %d. \n " , program_name , global . gid ) ;
protocol_unbind_all ( ) ;
exit ( 1 ) ;
}
}
if ( global . uid & & setuid ( global . uid ) = = - 1 ) {
ha_alert ( " [%s.main()] Cannot set uid %d. \n " , program_name , global . uid ) ;
protocol_unbind_all ( ) ;
exit ( 1 ) ;
}
}
2006-06-25 20:48:02 -04:00
int main ( int argc , char * * argv )
{
int err , retry ;
struct rlimit limit ;
2010-10-22 10:06:11 -04:00
char errmsg [ 100 ] ;
2012-09-05 02:02:48 -04:00
int pidfd = - 1 ;
2006-06-25 20:48:02 -04:00
2018-02-03 09:15:21 -05:00
setvbuf ( stdout , NULL , _IONBF , 0 ) ;
2018-11-25 12:43:29 -05:00
2019-02-07 04:39:36 -05:00
/* this can only safely be done here, though it's optimized away by
* the compiler .
*/
if ( MAX_PROCS < 1 | | MAX_PROCS > LONGBITS ) {
ha_alert ( " MAX_PROCS value must be between 1 and %d inclusive; "
" HAProxy was built with value %d, please fix it and rebuild. \n " ,
LONGBITS , MAX_PROCS ) ;
exit ( 1 ) ;
}
2019-03-01 04:09:28 -05:00
/* take a copy of initial limits before we possibly change them */
getrlimit ( RLIMIT_NOFILE , & limit ) ;
rlim_fd_cur_at_boot = limit . rlim_cur ;
rlim_fd_max_at_boot = limit . rlim_max ;
2018-11-25 12:43:29 -05:00
/* process all initcalls in order of potential dependency */
RUN_INITCALLS ( STG_PREPARE ) ;
RUN_INITCALLS ( STG_LOCK ) ;
RUN_INITCALLS ( STG_ALLOC ) ;
RUN_INITCALLS ( STG_POOL ) ;
RUN_INITCALLS ( STG_REGISTER ) ;
RUN_INITCALLS ( STG_INIT ) ;
2010-10-22 10:06:11 -04:00
init ( argc , argv ) ;
2010-08-27 11:56:48 -04:00
signal_register_fct ( SIGQUIT , dump , SIGQUIT ) ;
signal_register_fct ( SIGUSR1 , sig_soft_stop , SIGUSR1 ) ;
signal_register_fct ( SIGHUP , sig_dump_state , SIGHUP ) ;
2017-06-01 11:38:51 -04:00
signal_register_fct ( SIGUSR2 , NULL , 0 ) ;
2006-06-25 20:48:02 -04:00
2010-03-17 13:02:46 -04:00
/* Always catch SIGPIPE even on platforms which define MSG_NOSIGNAL.
* Some recent FreeBSD setups report broken pipes , and MSG_NOSIGNAL
* was defined there , so let ' s stay on the safe side .
2006-06-25 20:48:02 -04:00
*/
2010-08-27 11:56:48 -04:00
signal_register_fct ( SIGPIPE , NULL , 0 ) ;
2006-06-25 20:48:02 -04:00
2011-02-16 05:10:36 -05:00
/* ulimits */
if ( ! global . rlimit_nofile )
global . rlimit_nofile = global . maxsock ;
if ( global . rlimit_nofile ) {
2019-03-01 04:32:05 -05:00
limit . rlim_cur = global . rlimit_nofile ;
limit . rlim_max = MAX ( rlim_fd_max_at_boot , limit . rlim_cur ) ;
2011-02-16 05:10:36 -05:00
if ( setrlimit ( RLIMIT_NOFILE , & limit ) = = - 1 ) {
2016-06-21 05:48:18 -04:00
getrlimit ( RLIMIT_NOFILE , & limit ) ;
2019-10-27 15:08:11 -04:00
if ( global . tune . options & GTUNE_STRICT_LIMITS ) {
ha_alert ( " [%s.main()] Cannot raise FD limit to %d, limit is %d. \n " ,
argv [ 0 ] , global . rlimit_nofile , ( int ) limit . rlim_cur ) ;
if ( ! ( global . mode & MODE_MWORKER ) )
exit ( 1 ) ;
}
else {
/* try to set it to the max possible at least */
limit . rlim_cur = limit . rlim_max ;
if ( setrlimit ( RLIMIT_NOFILE , & limit ) ! = - 1 )
getrlimit ( RLIMIT_NOFILE , & limit ) ;
ha_warning ( " [%s.main()] Cannot raise FD limit to %d, limit is %d. "
" This will fail in >= v2.3 \n " ,
argv [ 0 ] , global . rlimit_nofile , ( int ) limit . rlim_cur ) ;
global . rlimit_nofile = limit . rlim_cur ;
}
2011-02-16 05:10:36 -05:00
}
}
if ( global . rlimit_memmax ) {
limit . rlim_cur = limit . rlim_max =
2015-12-14 06:46:07 -05:00
global . rlimit_memmax * 1048576ULL ;
2011-02-16 05:10:36 -05:00
# ifdef RLIMIT_AS
if ( setrlimit ( RLIMIT_AS , & limit ) = = - 1 ) {
2019-10-27 15:08:11 -04:00
if ( global . tune . options & GTUNE_STRICT_LIMITS ) {
ha_alert ( " [%s.main()] Cannot fix MEM limit to %d megs. \n " ,
argv [ 0 ] , global . rlimit_memmax ) ;
if ( ! ( global . mode & MODE_MWORKER ) )
exit ( 1 ) ;
}
else
ha_warning ( " [%s.main()] Cannot fix MEM limit to %d megs. "
" This will fail in >= v2.3 \n " ,
argv [ 0 ] , global . rlimit_memmax ) ;
2011-02-16 05:10:36 -05:00
}
# else
if ( setrlimit ( RLIMIT_DATA , & limit ) = = - 1 ) {
2019-10-27 15:08:11 -04:00
if ( global . tune . options & GTUNE_STRICT_LIMITS ) {
ha_alert ( " [%s.main()] Cannot fix MEM limit to %d megs. \n " ,
argv [ 0 ] , global . rlimit_memmax ) ;
if ( ! ( global . mode & MODE_MWORKER ) )
exit ( 1 ) ;
}
else
2020-07-02 09:38:35 -04:00
ha_warning ( " [%s.main()] Cannot fix MEM limit to %d megs. "
2019-10-27 15:08:11 -04:00
" This will fail in >= v2.3 \n " ,
argv [ 0 ] , global . rlimit_memmax ) ;
2011-02-16 05:10:36 -05:00
}
# endif
}
2017-04-05 16:33:04 -04:00
if ( old_unixsocket ) {
2017-06-01 11:38:53 -04:00
if ( strcmp ( " /dev/null " , old_unixsocket ) ! = 0 ) {
if ( get_old_sockets ( old_unixsocket ) ! = 0 ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " Failed to get the sockets from the old process! \n " ) ;
2017-06-01 11:38:53 -04:00
if ( ! ( global . mode & MODE_MWORKER ) )
exit ( 1 ) ;
}
2017-04-05 16:33:04 -04:00
}
}
2017-06-01 11:38:53 -04:00
get_cur_unixsocket ( ) ;
2006-06-25 20:48:02 -04:00
/* We will loop at most 100 times with 10 ms delay each time.
* That ' s at most 1 second . We only send a signal to old pids
* if we cannot grab at least one port .
*/
retry = MAX_START_RETRIES ;
err = ERR_NONE ;
while ( retry > = 0 ) {
struct timeval w ;
err = start_proxies ( retry = = 0 | | nb_oldpids = = 0 ) ;
2007-12-20 17:05:50 -05:00
/* exit the loop on no error or fatal error */
if ( ( err & ( ERR_RETRYABLE | ERR_FATAL ) ) ! = ERR_RETRYABLE )
2006-06-25 20:48:02 -04:00
break ;
2010-08-25 06:58:59 -04:00
if ( nb_oldpids = = 0 | | retry = = 0 )
2006-06-25 20:48:02 -04:00
break ;
/* FIXME-20060514: Solaris and OpenBSD do not support shutdown() on
* listening sockets . So on those platforms , it would be wiser to
* simply send SIGUSR1 , which will not be undoable .
*/
2010-08-25 06:58:59 -04:00
if ( tell_old_pids ( SIGTTOU ) = = 0 ) {
/* no need to wait if we can't contact old pids */
retry = 0 ;
continue ;
}
2006-06-25 20:48:02 -04:00
/* give some time to old processes to stop listening */
w . tv_sec = 0 ;
w . tv_usec = 10 * 1000 ;
select ( 0 , NULL , NULL , NULL , & w ) ;
retry - - ;
}
/* Note: start_proxies() sends an alert when it fails. */
2009-02-04 11:05:23 -05:00
if ( ( err & ~ ERR_WARN ) ! = ERR_NONE ) {
2009-06-09 08:36:00 -04:00
if ( retry ! = MAX_START_RETRIES & & nb_oldpids ) {
protocol_unbind_all ( ) ; /* cleanup everything we can */
2006-06-25 20:48:02 -04:00
tell_old_pids ( SIGTTIN ) ;
2009-06-09 08:36:00 -04:00
}
2006-06-25 20:48:02 -04:00
exit ( 1 ) ;
}
2018-11-21 09:48:31 -05:00
if ( ! ( global . mode & MODE_MWORKER_WAIT ) & & listeners = = 0 ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " [%s.main()] No enabled listener found (check for 'bind' directives) ! Exiting. \n " , argv [ 0 ] ) ;
2006-06-25 20:48:02 -04:00
/* Note: we don't have to send anything to the old pids because we
* never stopped them . */
exit ( 1 ) ;
}
2010-10-22 10:06:11 -04:00
err = protocol_bind_all ( errmsg , sizeof ( errmsg ) ) ;
if ( ( err & ~ ERR_WARN ) ! = ERR_NONE ) {
if ( ( err & ERR_ALERT ) | | ( err & ERR_WARN ) )
2017-11-24 10:50:31 -05:00
ha_alert ( " [%s.main()] %s. \n " , argv [ 0 ] , errmsg ) ;
2010-10-22 10:06:11 -04:00
2017-11-24 10:50:31 -05:00
ha_alert ( " [%s.main()] Some protocols failed to start their listeners! Exiting. \n " , argv [ 0 ] ) ;
2007-10-16 06:25:14 -04:00
protocol_unbind_all ( ) ; /* cleanup everything we can */
if ( nb_oldpids )
tell_old_pids ( SIGTTIN ) ;
exit ( 1 ) ;
2010-10-22 10:06:11 -04:00
} else if ( err & ERR_WARN ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " [%s.main()] %s. \n " , argv [ 0 ] , errmsg ) ;
2007-10-16 06:25:14 -04:00
}
2017-04-05 16:33:04 -04:00
/* Ok, all listener should now be bound, close any leftover sockets
* the previous process gave us , we don ' t need them anymore
*/
while ( xfer_sock_list ! = NULL ) {
struct xfer_sock_list * tmpxfer = xfer_sock_list - > next ;
close ( xfer_sock_list - > fd ) ;
free ( xfer_sock_list - > iface ) ;
free ( xfer_sock_list - > namespace ) ;
free ( xfer_sock_list ) ;
xfer_sock_list = tmpxfer ;
}
2007-10-16 06:25:14 -04:00
2006-06-25 20:48:02 -04:00
/* prepare pause/play signals */
2010-08-27 11:56:48 -04:00
signal_register_fct ( SIGTTOU , sig_pause , SIGTTOU ) ;
signal_register_fct ( SIGTTIN , sig_listen , SIGTTIN ) ;
2006-06-25 20:48:02 -04:00
/* MODE_QUIET can inhibit alerts and warnings below this line */
2017-12-25 15:03:31 -05:00
if ( getenv ( " HAPROXY_MWORKER_REEXEC " ) ! = NULL ) {
/* either stdin/out/err are already closed or should stay as they are. */
if ( ( global . mode & MODE_DAEMON ) ) {
/* daemon mode re-executing, stdin/stdout/stderr are already closed so keep quiet */
global . mode & = ~ MODE_VERBOSE ;
global . mode | = MODE_QUIET ; /* ensure that we won't say anything from now */
}
} else {
if ( ( global . mode & MODE_QUIET ) & & ! ( global . mode & MODE_VERBOSE ) ) {
/* detach from the tty */
2017-12-28 10:09:36 -05:00
stdio_quiet ( - 1 ) ;
2017-12-25 15:03:31 -05:00
}
2006-06-25 20:48:02 -04:00
}
/* open log & pid files before the chroot */
2017-11-06 05:00:03 -05:00
if ( ( global . mode & MODE_DAEMON | | global . mode & MODE_MWORKER ) & & global . pidfile ! = NULL ) {
2006-06-25 20:48:02 -04:00
unlink ( global . pidfile ) ;
pidfd = open ( global . pidfile , O_CREAT | O_WRONLY | O_TRUNC , 0644 ) ;
if ( pidfd < 0 ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " [%s.main()] Cannot create pidfile %s \n " , argv [ 0 ] , global . pidfile ) ;
2006-06-25 20:48:02 -04:00
if ( nb_oldpids )
tell_old_pids ( SIGTTIN ) ;
2007-10-16 06:25:14 -04:00
protocol_unbind_all ( ) ;
2006-06-25 20:48:02 -04:00
exit ( 1 ) ;
}
}
2007-03-24 12:24:39 -04:00
if ( ( global . last_checks & LSTCHK_NETADM ) & & global . uid ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " [%s.main()] Some configuration options require full privileges, so global.uid cannot be changed. \n "
" " , argv [ 0 ] ) ;
2007-10-16 06:25:14 -04:00
protocol_unbind_all ( ) ;
2007-03-24 12:24:39 -04:00
exit ( 1 ) ;
}
2009-02-04 12:02:48 -05:00
/* If the user is not root, we'll still let him try the configuration
* but we inform him that unexpected behaviour may occur .
*/
if ( ( global . last_checks & LSTCHK_NETADM ) & & getuid ( ) )
2017-11-24 10:50:31 -05:00
ha_warning ( " [%s.main()] Some options which require full privileges "
" might not work well. \n "
" " , argv [ 0 ] ) ;
2009-02-04 12:02:48 -05:00
2017-06-01 11:38:50 -04:00
if ( ( global . mode & ( MODE_MWORKER | MODE_DAEMON ) ) = = 0 ) {
/* chroot if needed */
if ( global . chroot ! = NULL ) {
if ( chroot ( global . chroot ) = = - 1 | | chdir ( " / " ) = = - 1 ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " [%s.main()] Cannot chroot(%s). \n " , argv [ 0 ] , global . chroot ) ;
2017-06-01 11:38:50 -04:00
if ( nb_oldpids )
tell_old_pids ( SIGTTIN ) ;
protocol_unbind_all ( ) ;
exit ( 1 ) ;
}
2007-10-15 12:57:08 -04:00
}
}
2018-11-21 09:48:31 -05:00
if ( nb_oldpids & & ! ( global . mode & MODE_MWORKER_WAIT ) )
2010-08-25 06:58:59 -04:00
nb_oldpids = tell_old_pids ( oldpids_sig ) ;
2006-06-25 20:48:02 -04:00
2019-05-07 11:49:33 -04:00
/* send a SIGTERM to workers who have a too high reloads number */
if ( ( global . mode & MODE_MWORKER ) & & ! ( global . mode & MODE_MWORKER_WAIT ) )
mworker_kill_max_reloads ( SIGTERM ) ;
2017-06-20 05:20:33 -04:00
if ( ( getenv ( " HAPROXY_MWORKER_REEXEC " ) = = NULL ) ) {
nb_oldpids = 0 ;
free ( oldpids ) ;
oldpids = NULL ;
}
2006-06-25 20:48:02 -04:00
/* Note that any error at this stage will be fatal because we will not
* be able to restart the old pids .
*/
2019-11-17 09:47:16 -05:00
if ( ( global . mode & ( MODE_MWORKER | MODE_DAEMON ) ) = = 0 )
set_identity ( argv [ 0 ] ) ;
2019-04-15 13:38:50 -04:00
2006-06-25 20:48:02 -04:00
/* check ulimits */
limit . rlim_cur = limit . rlim_max = 0 ;
getrlimit ( RLIMIT_NOFILE , & limit ) ;
if ( limit . rlim_cur < global . maxsock ) {
2019-10-27 15:08:11 -04:00
if ( global . tune . options & GTUNE_STRICT_LIMITS ) {
ha_alert ( " [%s.main()] FD limit (%d) too low for maxconn=%d/maxsock=%d. "
" Please raise 'ulimit-n' to %d or more to avoid any trouble. \n " ,
argv [ 0 ] , ( int ) limit . rlim_cur , global . maxconn , global . maxsock ,
global . maxsock ) ;
if ( ! ( global . mode & MODE_MWORKER ) )
exit ( 1 ) ;
}
else
ha_alert ( " [%s.main()] FD limit (%d) too low for maxconn=%d/maxsock=%d. "
" Please raise 'ulimit-n' to %d or more to avoid any trouble. "
" This will fail in >= v2.3 \n " ,
argv [ 0 ] , ( int ) limit . rlim_cur , global . maxconn , global . maxsock ,
global . maxsock ) ;
2006-06-25 20:48:02 -04:00
}
2018-11-21 09:48:31 -05:00
if ( global . mode & ( MODE_DAEMON | MODE_MWORKER | MODE_MWORKER_WAIT ) ) {
2009-02-04 16:05:05 -05:00
struct proxy * px ;
2015-05-01 13:13:41 -04:00
struct peers * curpeers ;
2006-06-25 20:48:02 -04:00
int ret = 0 ;
int proc ;
2017-12-28 10:09:36 -05:00
int devnullfd = - 1 ;
2006-06-25 20:48:02 -04:00
2017-06-01 11:38:50 -04:00
/*
* if daemon + mworker : must fork here to let a master
* process live in background before forking children
*/
2017-06-01 11:38:51 -04:00
if ( ( getenv ( " HAPROXY_MWORKER_REEXEC " ) = = NULL )
& & ( global . mode & MODE_MWORKER )
& & ( global . mode & MODE_DAEMON ) ) {
2017-06-01 11:38:50 -04:00
ret = fork ( ) ;
if ( ret < 0 ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " [%s.main()] Cannot fork. \n " , argv [ 0 ] ) ;
2017-06-01 11:38:50 -04:00
protocol_unbind_all ( ) ;
exit ( 1 ) ; /* there has been an error */
2018-07-04 09:31:23 -04:00
} else if ( ret > 0 ) { /* parent leave to daemonize */
2017-06-01 11:38:50 -04:00
exit ( 0 ) ;
2018-07-04 09:31:23 -04:00
} else /* change the process group ID in the child (master process) */
setsid ( ) ;
2017-06-01 11:38:50 -04:00
}
2017-06-01 11:38:55 -04:00
2017-11-06 05:00:04 -05:00
/* if in master-worker mode, write the PID of the father */
if ( global . mode & MODE_MWORKER ) {
char pidstr [ 100 ] ;
2019-06-22 01:41:38 -04:00
snprintf ( pidstr , sizeof ( pidstr ) , " %d \n " , ( int ) getpid ( ) ) ;
2018-01-23 13:20:19 -05:00
if ( pidfd > = 0 )
2020-03-14 06:03:20 -04:00
DISGUISE ( write ( pidfd , pidstr , strlen ( pidstr ) ) ) ;
2017-11-06 05:00:04 -05:00
}
2006-06-25 20:48:02 -04:00
/* the father launches the required number of processes */
2018-11-21 09:48:31 -05:00
if ( ! ( global . mode & MODE_MWORKER_WAIT ) ) {
2019-04-01 05:30:02 -04:00
if ( global . mode & MODE_MWORKER )
mworker_ext_launch_all ( ) ;
2018-11-21 09:48:31 -05:00
for ( proc = 0 ; proc < global . nbproc ; proc + + ) {
ret = fork ( ) ;
if ( ret < 0 ) {
ha_alert ( " [%s.main()] Cannot fork. \n " , argv [ 0 ] ) ;
protocol_unbind_all ( ) ;
exit ( 1 ) ; /* there has been an error */
}
BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG
This is the replacement of failed attempt to add thread safety and
per-process sequences of random numbers initally tried with commit
1c306aa84d ("BUG/MEDIUM: random: implement per-thread and per-process
random sequences").
This new version takes a completely different approach and doesn't try
to work around the horrible OS-specific and non-portable random API
anymore. Instead it implements "xoroshiro128**", a reputedly high
quality random number generator, which is one of the many variants of
xorshift, which passes all quality tests and which is described here:
http://prng.di.unimi.it/
While not cryptographically secure, it is fast and features a 2^128-1
period. It supports fast jumps allowing to cut the period into smaller
non-overlapping sequences, which we use here to support up to 2^32
processes each having their own, non-overlapping sequence of 2^96
numbers (~7*10^28). This is enough to provide 1 billion randoms per
second and per process for 2200 billion years.
The implementation was made thread-safe either by using a double 64-bit
CAS on platforms supporting it (x86_64, aarch64) or by using a local
lock for the time needed to perform the shift operations. This ensures
that all threads pick numbers from the same pool so that it is not
needed to assign per-thread ranges. For processes we use the fast jump
method to advance the sequence by 2^96 for each process.
Before this patch, the following config:
global
nbproc 8
frontend f
bind :4445
mode http
log stdout format raw daemon
log-format "%[uuid] %pid"
redirect location /
Would produce this output:
a4d0ad64-2645-4b74-b894-48acce0669af 12987
a4d0ad64-2645-4b74-b894-48acce0669af 12992
a4d0ad64-2645-4b74-b894-48acce0669af 12986
a4d0ad64-2645-4b74-b894-48acce0669af 12988
a4d0ad64-2645-4b74-b894-48acce0669af 12991
a4d0ad64-2645-4b74-b894-48acce0669af 12989
a4d0ad64-2645-4b74-b894-48acce0669af 12990
82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12987
82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12992
82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12986
(...)
And now produces:
f94b29b3-da74-4e03-a0c5-a532c635bad9 13011
47470c02-4862-4c33-80e7-a952899570e5 13014
86332123-539a-47bf-853f-8c8ea8b2a2b5 13013
8f9efa99-3143-47b2-83cf-d618c8dea711 13012
3cc0f5c7-d790-496b-8d39-bec77647af5b 13015
3ec64915-8f95-4374-9e66-e777dc8791e0 13009
0f9bf894-dcde-408c-b094-6e0bb3255452 13011
49c7bfde-3ffb-40e9-9a8d-8084d650ed8f 13014
e23f6f2e-35c5-4433-a294-b790ab902653 13012
There are multiple benefits to using this method. First, it doesn't
depend anymore on a non-portable API. Second it's thread safe. Third it
is fast and more proven than any hack we could attempt to try to work
around the deficiencies of the various implementations around.
This commit depends on previous patches "MINOR: tools: add 64-bit rotate
operators" and "BUG/MEDIUM: random: initialize the random pool a bit
better", all of which will need to be backported at least as far as
version 2.0. It doesn't require to backport the build fixes for circular
include files dependecy anymore.
2020-03-07 18:42:37 -05:00
else if ( ret = = 0 ) { /* child breaks here */
ha_random_jump96 ( relative_pid ) ;
2018-11-21 09:48:31 -05:00
break ;
BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG
This is the replacement of failed attempt to add thread safety and
per-process sequences of random numbers initally tried with commit
1c306aa84d ("BUG/MEDIUM: random: implement per-thread and per-process
random sequences").
This new version takes a completely different approach and doesn't try
to work around the horrible OS-specific and non-portable random API
anymore. Instead it implements "xoroshiro128**", a reputedly high
quality random number generator, which is one of the many variants of
xorshift, which passes all quality tests and which is described here:
http://prng.di.unimi.it/
While not cryptographically secure, it is fast and features a 2^128-1
period. It supports fast jumps allowing to cut the period into smaller
non-overlapping sequences, which we use here to support up to 2^32
processes each having their own, non-overlapping sequence of 2^96
numbers (~7*10^28). This is enough to provide 1 billion randoms per
second and per process for 2200 billion years.
The implementation was made thread-safe either by using a double 64-bit
CAS on platforms supporting it (x86_64, aarch64) or by using a local
lock for the time needed to perform the shift operations. This ensures
that all threads pick numbers from the same pool so that it is not
needed to assign per-thread ranges. For processes we use the fast jump
method to advance the sequence by 2^96 for each process.
Before this patch, the following config:
global
nbproc 8
frontend f
bind :4445
mode http
log stdout format raw daemon
log-format "%[uuid] %pid"
redirect location /
Would produce this output:
a4d0ad64-2645-4b74-b894-48acce0669af 12987
a4d0ad64-2645-4b74-b894-48acce0669af 12992
a4d0ad64-2645-4b74-b894-48acce0669af 12986
a4d0ad64-2645-4b74-b894-48acce0669af 12988
a4d0ad64-2645-4b74-b894-48acce0669af 12991
a4d0ad64-2645-4b74-b894-48acce0669af 12989
a4d0ad64-2645-4b74-b894-48acce0669af 12990
82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12987
82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12992
82d5f6cd-f6c1-4f85-a89c-36ae85d26fb9 12986
(...)
And now produces:
f94b29b3-da74-4e03-a0c5-a532c635bad9 13011
47470c02-4862-4c33-80e7-a952899570e5 13014
86332123-539a-47bf-853f-8c8ea8b2a2b5 13013
8f9efa99-3143-47b2-83cf-d618c8dea711 13012
3cc0f5c7-d790-496b-8d39-bec77647af5b 13015
3ec64915-8f95-4374-9e66-e777dc8791e0 13009
0f9bf894-dcde-408c-b094-6e0bb3255452 13011
49c7bfde-3ffb-40e9-9a8d-8084d650ed8f 13014
e23f6f2e-35c5-4433-a294-b790ab902653 13012
There are multiple benefits to using this method. First, it doesn't
depend anymore on a non-portable API. Second it's thread safe. Third it
is fast and more proven than any hack we could attempt to try to work
around the deficiencies of the various implementations around.
This commit depends on previous patches "MINOR: tools: add 64-bit rotate
operators" and "BUG/MEDIUM: random: initialize the random pool a bit
better", all of which will need to be backported at least as far as
version 2.0. It doesn't require to backport the build fixes for circular
include files dependecy anymore.
2020-03-07 18:42:37 -05:00
}
2018-11-21 09:48:31 -05:00
if ( pidfd > = 0 & & ! ( global . mode & MODE_MWORKER ) ) {
char pidstr [ 100 ] ;
snprintf ( pidstr , sizeof ( pidstr ) , " %d \n " , ret ) ;
2020-03-14 06:03:20 -04:00
DISGUISE ( write ( pidfd , pidstr , strlen ( pidstr ) ) ) ;
2018-11-21 09:48:31 -05:00
}
if ( global . mode & MODE_MWORKER ) {
struct mworker_proc * child ;
2018-11-21 12:04:53 -05:00
ha_notice ( " New worker #%d (%d) forked \n " , relative_pid , ret ) ;
2018-11-21 09:48:31 -05:00
/* find the right mworker_proc */
list_for_each_entry ( child , & proc_list , list ) {
if ( child - > relative_pid = = relative_pid & &
2019-04-12 10:09:23 -04:00
child - > reloads = = 0 & & child - > options & PROC_O_TYPE_WORKER ) {
2018-11-21 09:48:31 -05:00
child - > timestamp = now . tv_sec ;
child - > pid = ret ;
2019-06-12 13:11:33 -04:00
child - > version = strdup ( haproxy_version ) ;
2018-11-21 09:48:31 -05:00
break ;
}
2018-10-26 08:47:30 -04:00
}
}
2018-09-11 04:06:26 -04:00
2018-11-21 09:48:31 -05:00
relative_pid + + ; /* each child will get a different one */
pid_bit < < = 1 ;
}
} else {
/* wait mode */
global . nbproc = 1 ;
proc = 1 ;
2006-06-25 20:48:02 -04:00
}
2012-11-16 10:12:27 -05:00
# ifdef USE_CPU_AFFINITY
if ( proc < global . nbproc & & /* child */
2019-02-07 04:39:36 -05:00
proc < MAX_PROCS & & /* only the first 32/64 processes may be pinned */
2017-11-22 10:50:41 -05:00
global . cpu_map . proc [ proc ] ) /* only do this if the process has a CPU map */
2015-09-17 15:26:40 -04:00
# ifdef __FreeBSD__
2017-08-16 11:29:11 -04:00
{
cpuset_t cpuset ;
int i ;
2017-11-22 10:50:41 -05:00
unsigned long cpu_map = global . cpu_map . proc [ proc ] ;
2017-08-16 11:29:11 -04:00
CPU_ZERO ( & cpuset ) ;
while ( ( i = ffsl ( cpu_map ) ) > 0 ) {
CPU_SET ( i - 1 , & cpuset ) ;
2018-03-12 16:47:39 -04:00
cpu_map & = ~ ( 1UL < < ( i - 1 ) ) ;
2017-08-16 11:29:11 -04:00
}
ret = cpuset_setaffinity ( CPU_LEVEL_WHICH , CPU_WHICH_PID , - 1 , sizeof ( cpuset ) , & cpuset ) ;
}
2019-09-13 00:12:58 -04:00
# elif defined(__linux__)
2017-11-22 10:50:41 -05:00
sched_setaffinity ( 0 , sizeof ( unsigned long ) , ( void * ) & global . cpu_map . proc [ proc ] ) ;
2015-09-17 15:26:40 -04:00
# endif
2012-11-16 10:12:27 -05:00
# endif
2006-06-25 20:48:02 -04:00
/* close the pidfile both in children and father */
2012-09-05 02:02:48 -04:00
if ( pidfd > = 0 ) {
//lseek(pidfd, 0, SEEK_SET); /* debug: emulate eglibc bug */
close ( pidfd ) ;
}
2010-08-25 06:49:05 -04:00
/* We won't ever use this anymore */
free ( global . pidfile ) ; global . pidfile = NULL ;
2006-06-25 20:48:02 -04:00
2015-05-01 11:01:08 -04:00
if ( proc = = global . nbproc ) {
2018-11-21 09:48:31 -05:00
if ( global . mode & ( MODE_MWORKER | MODE_MWORKER_WAIT ) ) {
2017-11-28 17:26:08 -05:00
if ( ( ! ( global . mode & MODE_QUIET ) | | ( global . mode & MODE_VERBOSE ) ) & &
( global . mode & MODE_DAEMON ) ) {
/* detach from the tty, this is required to properly daemonize. */
2017-12-28 10:09:36 -05:00
if ( ( getenv ( " HAPROXY_MWORKER_REEXEC " ) = = NULL ) )
stdio_quiet ( - 1 ) ;
2017-11-28 17:26:08 -05:00
global . mode & = ~ MODE_VERBOSE ;
global . mode | = MODE_QUIET ; /* ensure that we won't say anything from now */
}
2018-09-11 04:06:18 -04:00
mworker_loop ( ) ;
2017-06-07 09:04:47 -04:00
/* should never get there */
exit ( EXIT_FAILURE ) ;
2015-05-01 11:01:08 -04:00
}
2017-06-08 13:05:48 -04:00
# if defined(USE_OPENSSL) && !defined(OPENSSL_NO_DH)
2017-01-20 20:10:18 -05:00
ssl_free_dh ( ) ;
# endif
2017-06-07 09:04:47 -04:00
exit ( 0 ) ; /* parent must leave */
2015-05-01 11:01:08 -04:00
}
2017-06-01 11:38:52 -04:00
/* child must never use the atexit function */
atexit_flag = 0 ;
2018-09-11 04:06:26 -04:00
/* close useless master sockets */
if ( global . mode & MODE_MWORKER ) {
struct mworker_proc * child , * it ;
master = 0 ;
2018-10-26 08:47:45 -04:00
mworker_cli_proxy_stop ( ) ;
2018-09-11 04:06:26 -04:00
/* free proc struct of other processes */
list_for_each_entry_safe ( child , it , & proc_list , list ) {
2018-10-26 08:47:30 -04:00
/* close the FD of the master side for all
* workers , we don ' t need to close the worker
* side of other workers since it ' s done with
* the bind_proc */
2018-11-25 14:03:39 -05:00
if ( child - > ipc_fd [ 0 ] > = 0 )
close ( child - > ipc_fd [ 0 ] ) ;
2018-10-26 08:47:30 -04:00
if ( child - > relative_pid = = relative_pid & &
child - > reloads = = 0 ) {
/* keep this struct if this is our pid */
proc_self = child ;
2018-09-11 04:06:26 -04:00
continue ;
2018-10-26 08:47:30 -04:00
}
2018-09-11 04:06:26 -04:00
LIST_DEL ( & child - > list ) ;
2019-05-16 14:23:22 -04:00
mworker_free_child ( child ) ;
child = NULL ;
2018-09-11 04:06:26 -04:00
}
}
BUG/MEDIUM: threads/mworker: fix a race on startup
Marc Fournier reported an interesting case when using threads with the
master-worker mode : sometimes, a listener would have its FD closed
during startup. Sometimes it could even be health checks seeing this.
What happens is that after the threads are created, and the pollers
enabled on each threads, the master-worker pipe is registered, and at
the same time a close() is performed on the write side of this pipe
since the children must not use it.
But since this is replicated in every thread, what happens is that the
first thread closes the pipe, thus releases the FD, and the next thread
starting a listener in parallel gets this FD reassigned. Then another
thread closes the FD again, which this time corresponds to the listener.
It can also happen with the health check sockets if they're started
early enough.
This patch splits the mworker_pipe_register() function in two, so that
the close() of the write side of the FD is performed very early after the
fork() and long before threads are created (we don't need to delay it
anyway). Only the pipe registration is done in the threaded code since
it is important that the pollers are properly allocated for this.
The mworker_pipe_register() function now takes care of registering the
pipe only once, and this is guaranteed by a new surrounding lock.
The call to protocol_enable_all() looks fragile in theory since it
scans the list of proxies and their listeners, though in practice
all threads scan the same list and take the same locks for each
listener so it's not possible that any of them escapes the process
and finishes before all listeners are started. And the operation is
idempotent.
This fix must be backported to 1.8. Thanks to Marc for providing very
detailed traces clearly showing the problem.
2018-01-23 13:01:49 -05:00
2017-12-28 10:09:36 -05:00
if ( ! ( global . mode & MODE_QUIET ) | | ( global . mode & MODE_VERBOSE ) ) {
devnullfd = open ( " /dev/null " , O_RDWR , 0 ) ;
if ( devnullfd < 0 ) {
ha_alert ( " Cannot open /dev/null \n " ) ;
exit ( EXIT_FAILURE ) ;
}
}
2017-06-01 11:38:50 -04:00
/* Must chroot and setgid/setuid in the children */
/* chroot if needed */
if ( global . chroot ! = NULL ) {
if ( chroot ( global . chroot ) = = - 1 | | chdir ( " / " ) = = - 1 ) {
2017-11-24 10:50:31 -05:00
ha_alert ( " [%s.main()] Cannot chroot1(%s). \n " , argv [ 0 ] , global . chroot ) ;
2017-06-01 11:38:50 -04:00
if ( nb_oldpids )
tell_old_pids ( SIGTTIN ) ;
protocol_unbind_all ( ) ;
exit ( 1 ) ;
}
}
free ( global . chroot ) ;
global . chroot = NULL ;
2019-11-17 09:47:16 -05:00
set_identity ( argv [ 0 ] ) ;
2017-06-01 11:38:50 -04:00
2017-05-26 12:19:55 -04:00
/* pass through every cli socket, and check if it's bound to
* the current process and if it exposes listeners sockets .
* Caution : the GTUNE_SOCKET_TRANSFER is now set after the fork .
* */
if ( global . stats_fe ) {
struct bind_conf * bind_conf ;
list_for_each_entry ( bind_conf , & global . stats_fe - > conf . bind , by_fe ) {
if ( bind_conf - > level & ACCESS_FD_LISTENERS ) {
if ( ! bind_conf - > bind_proc | | bind_conf - > bind_proc & ( 1UL < < proc ) ) {
global . tune . options | = GTUNE_SOCKET_TRANSFER ;
break ;
}
}
}
}
2009-02-04 16:05:05 -05:00
/* we might have to unbind some proxies from some processes */
2017-11-24 10:54:05 -05:00
px = proxies_list ;
2009-02-04 16:05:05 -05:00
while ( px ! = NULL ) {
if ( px - > bind_proc & & px - > state ! = PR_STSTOPPED ) {
2017-04-05 19:05:05 -04:00
if ( ! ( px - > bind_proc & ( 1UL < < proc ) ) ) {
if ( global . tune . options & GTUNE_SOCKET_TRANSFER )
zombify_proxy ( px ) ;
else
stop_proxy ( px ) ;
}
2009-02-04 16:05:05 -05:00
}
px = px - > next ;
}
2015-05-01 13:13:41 -04:00
/* we might have to unbind some peers sections from some processes */
2017-07-13 03:07:09 -04:00
for ( curpeers = cfg_peers ; curpeers ; curpeers = curpeers - > next ) {
2015-05-01 13:13:41 -04:00
if ( ! curpeers - > peers_fe )
continue ;
if ( curpeers - > peers_fe - > bind_proc & ( 1UL < < proc ) )
continue ;
stop_proxy ( curpeers - > peers_fe ) ;
/* disable this peer section so that it kills itself */
2015-09-28 10:39:25 -04:00
signal_unregister_handler ( curpeers - > sighandler ) ;
2019-04-17 16:51:06 -04:00
task_destroy ( curpeers - > sync_task ) ;
2015-09-28 10:39:25 -04:00
curpeers - > sync_task = NULL ;
2019-04-17 16:51:06 -04:00
task_destroy ( curpeers - > peers_fe - > task ) ;
2015-09-28 10:39:25 -04:00
curpeers - > peers_fe - > task = NULL ;
2015-05-01 13:13:41 -04:00
curpeers - > peers_fe = NULL ;
}
2018-11-13 10:18:23 -05:00
/*
* This is only done in daemon mode because we might want the
* logs on stdout in mworker mode . If we ' re NOT in QUIET mode ,
* we should now close the 3 first FDs to ensure that we can
* detach from the TTY . We MUST NOT do it in other cases since
* it would have already be done , and 0 - 2 would have been
* affected to listening sockets
2006-06-25 20:48:02 -04:00
*/
2018-11-13 10:18:23 -05:00
if ( ( global . mode & MODE_DAEMON ) & &
( ! ( global . mode & MODE_QUIET ) | | ( global . mode & MODE_VERBOSE ) ) ) {
2006-06-25 20:48:02 -04:00
/* detach from the tty */
2017-12-28 10:09:36 -05:00
stdio_quiet ( devnullfd ) ;
2008-11-16 01:40:34 -05:00
global . mode & = ~ MODE_VERBOSE ;
2006-06-25 20:48:02 -04:00
global . mode | = MODE_QUIET ; /* ensure that we won't say anything from now */
}
pid = getpid ( ) ; /* update child's pid */
2018-07-04 09:31:23 -04:00
if ( ! ( global . mode & MODE_MWORKER ) ) /* in mworker mode we don't want a new pgid for the children */
setsid ( ) ;
2007-04-09 13:29:56 -04:00
fork_poller ( ) ;
2006-06-25 20:48:02 -04:00
}
2019-11-17 09:47:15 -05:00
/* try our best to re-enable core dumps depending on system capabilities.
* What is addressed here :
* - remove file size limits
* - remove core size limits
* - mark the process dumpable again if it lost it due to user / group
*/
if ( global . tune . options & GTUNE_SET_DUMPABLE ) {
limit . rlim_cur = limit . rlim_max = RLIM_INFINITY ;
# if defined(RLIMIT_FSIZE)
if ( setrlimit ( RLIMIT_FSIZE , & limit ) = = - 1 ) {
if ( global . tune . options & GTUNE_STRICT_LIMITS ) {
ha_alert ( " [%s.main()] Failed to set the raise the maximum "
" file size. \n " , argv [ 0 ] ) ;
if ( ! ( global . mode & MODE_MWORKER ) )
exit ( 1 ) ;
}
else
ha_warning ( " [%s.main()] Failed to set the raise the maximum "
" file size. This will fail in >= v2.3 \n " , argv [ 0 ] ) ;
}
# endif
# if defined(RLIMIT_CORE)
if ( setrlimit ( RLIMIT_CORE , & limit ) = = - 1 ) {
if ( global . tune . options & GTUNE_STRICT_LIMITS ) {
ha_alert ( " [%s.main()] Failed to set the raise the core "
" dump size. \n " , argv [ 0 ] ) ;
if ( ! ( global . mode & MODE_MWORKER ) )
exit ( 1 ) ;
}
else
ha_warning ( " [%s.main()] Failed to set the raise the core "
" dump size. This will fail in >= v2.3 \n " , argv [ 0 ] ) ;
}
# endif
# if defined(USE_PRCTL)
if ( prctl ( PR_SET_DUMPABLE , 1 , 0 , 0 , 0 ) = = - 1 )
ha_warning ( " [%s.main()] Failed to set the dumpable flag, "
" no core will be dumped. \n " , argv [ 0 ] ) ;
# endif
}
2017-10-24 07:53:54 -04:00
global . mode & = ~ MODE_STARTING ;
2007-04-08 10:39:58 -04:00
/*
* That ' s it : the central polling loop . Run until we stop .
*/
MAJOR: threads: Start threads to experiment multithreading
[WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be
broken for a while, when compiled with threads.
When nbthread parameter is greater than 1, HAProxy will create the corresponding
number of threads. If nbthread is set to 1, nothing should be done. So if there
are concurrency issues (and be sure there will be, unfortunatly), an obvious
workaround is to disable the multithreading...
Each created threads will run a polling loop. So, in a certain way, it is pretty
similar to the nbproc mode ("outside" the bugs and the lock
contention). Nevertheless, there are an init and a deinit steps for each thread
to deal with per-thread allocation.
Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in
many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
# ifdef USE_THREAD
2017-10-27 07:53:47 -04:00
{
2018-06-07 03:46:01 -04:00
sigset_t blocked_sig , old_sig ;
2019-05-03 03:22:44 -04:00
int i ;
2018-06-07 03:46:01 -04:00
/* ensure the signals will be blocked in every thread */
sigfillset ( & blocked_sig ) ;
sigdelset ( & blocked_sig , SIGPROF ) ;
sigdelset ( & blocked_sig , SIGBUS ) ;
sigdelset ( & blocked_sig , SIGFPE ) ;
sigdelset ( & blocked_sig , SIGILL ) ;
sigdelset ( & blocked_sig , SIGSEGV ) ;
pthread_sigmask ( SIG_SETMASK , & blocked_sig , & old_sig ) ;
2017-10-27 07:53:47 -04:00
/* Create nbthread-1 thread. The first thread is the current process */
2019-09-13 00:03:12 -04:00
ha_thread_info [ 0 ] . pthread = pthread_self ( ) ;
2017-10-27 07:53:47 -04:00
for ( i = 1 ; i < global . nbthread ; i + + )
2019-09-13 00:03:12 -04:00
pthread_create ( & ha_thread_info [ i ] . pthread , NULL , & run_thread_poll_loop , ( void * ) ( long ) i ) ;
2017-10-27 07:53:47 -04:00
2017-10-16 09:49:32 -04:00
# ifdef USE_CPU_AFFINITY
2017-10-27 07:53:47 -04:00
/* Now the CPU affinity for all threads */
2019-07-16 09:10:34 -04:00
if ( global . cpu_map . proc_t1 [ relative_pid - 1 ] )
global . cpu_map . thread [ 0 ] & = global . cpu_map . proc_t1 [ relative_pid - 1 ] ;
2017-10-27 07:53:47 -04:00
for ( i = 0 ; i < global . nbthread ; i + + ) {
2017-11-22 10:50:41 -05:00
if ( global . cpu_map . proc [ relative_pid - 1 ] )
2019-05-03 03:41:23 -04:00
global . cpu_map . thread [ i ] & = global . cpu_map . proc [ relative_pid - 1 ] ;
2017-10-16 09:49:32 -04:00
2018-01-20 12:19:22 -05:00
if ( i < MAX_THREADS & & /* only the first 32/64 threads may be pinned */
2019-05-03 03:41:23 -04:00
global . cpu_map . thread [ i ] ) { /* only do this if the thread has a THREAD map */
2019-09-13 00:12:58 -04:00
# if defined(__APPLE__)
int j ;
unsigned long cpu_map = global . cpu_map . thread [ i ] ;
while ( ( j = ffsl ( cpu_map ) ) > 0 ) {
thread_affinity_policy_data_t cpu_set = { j - 1 } ;
thread_port_t mthread = pthread_mach_thread_np ( ha_thread_info [ i ] . pthread ) ;
thread_policy_set ( mthread , THREAD_AFFINITY_POLICY , ( thread_policy_t ) & cpu_set , 1 ) ;
cpu_map & = ~ ( 1UL < < ( j - 1 ) ) ;
}
# else
2017-12-01 12:19:43 -05:00
# if defined(__FreeBSD__) || defined(__NetBSD__)
cpuset_t cpuset ;
# else
cpu_set_t cpuset ;
# endif
int j ;
2019-05-03 03:41:23 -04:00
unsigned long cpu_map = global . cpu_map . thread [ i ] ;
2017-12-01 12:19:43 -05:00
CPU_ZERO ( & cpuset ) ;
while ( ( j = ffsl ( cpu_map ) ) > 0 ) {
CPU_SET ( j - 1 , & cpuset ) ;
2018-03-12 16:47:39 -04:00
cpu_map & = ~ ( 1UL < < ( j - 1 ) ) ;
2017-12-01 12:19:43 -05:00
}
2019-09-13 00:03:12 -04:00
pthread_setaffinity_np ( ha_thread_info [ i ] . pthread ,
2017-12-01 12:19:43 -05:00
sizeof ( cpuset ) , & cpuset ) ;
2019-09-13 00:12:58 -04:00
# endif
2017-12-01 12:19:43 -05:00
}
MAJOR: threads: Start threads to experiment multithreading
[WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be
broken for a while, when compiled with threads.
When nbthread parameter is greater than 1, HAProxy will create the corresponding
number of threads. If nbthread is set to 1, nothing should be done. So if there
are concurrency issues (and be sure there will be, unfortunatly), an obvious
workaround is to disable the multithreading...
Each created threads will run a polling loop. So, in a certain way, it is pretty
similar to the nbproc mode ("outside" the bugs and the lock
contention). Nevertheless, there are an init and a deinit steps for each thread
to deal with per-thread allocation.
Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in
many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
}
2017-10-27 07:53:47 -04:00
# endif /* !USE_CPU_AFFINITY */
2018-06-07 03:46:01 -04:00
/* when multithreading we need to let only the thread 0 handle the signals */
2018-09-11 04:06:23 -04:00
haproxy_unblock_signals ( ) ;
2018-06-07 03:46:01 -04:00
2017-10-27 07:53:47 -04:00
/* Finally, start the poll loop for the first thread */
2019-05-03 03:27:30 -04:00
run_thread_poll_loop ( 0 ) ;
2017-10-27 07:53:47 -04:00
/* Wait the end of other threads */
for ( i = 1 ; i < global . nbthread ; i + + )
2019-09-13 00:03:12 -04:00
pthread_join ( ha_thread_info [ i ] . pthread , NULL ) ;
2006-06-25 20:48:02 -04:00
2017-05-30 09:34:30 -04:00
# if defined(DEBUG_THREAD) || defined(DEBUG_FULL)
show_lock_stats ( ) ;
# endif
MAJOR: threads: Start threads to experiment multithreading
[WARNING] For now, HAProxy is not thread-safe, so from this commit, it will be
broken for a while, when compiled with threads.
When nbthread parameter is greater than 1, HAProxy will create the corresponding
number of threads. If nbthread is set to 1, nothing should be done. So if there
are concurrency issues (and be sure there will be, unfortunatly), an obvious
workaround is to disable the multithreading...
Each created threads will run a polling loop. So, in a certain way, it is pretty
similar to the nbproc mode ("outside" the bugs and the lock
contention). Nevertheless, there are an init and a deinit steps for each thread
to deal with per-thread allocation.
Each thread has a tid (thread-id), numbered from 0 to (nbtread-1). It is used in
many place to do bitwise operations or to improve debugging information.
2017-08-29 09:38:48 -04:00
}
2017-10-27 07:53:47 -04:00
# else /* ! USE_THREAD */
2018-09-11 04:06:23 -04:00
haproxy_unblock_signals ( ) ;
2019-05-03 03:27:30 -04:00
run_thread_poll_loop ( 0 ) ;
2017-10-16 09:49:32 -04:00
# endif
MINOR: haproxy: Make use of deinit_and_exit() for clean exits
Particularly cleanly deinit() after a configuration check to clean up the
output of valgrind which reports "possible losses" without a deinit() and
does not with a deinit(), converting actual losses into proper hard losses
which makes the whole stuff easier to analyze.
As an example, given an example configuration of the following:
frontend foo
bind *:8080
mode http
Running `haproxy -c -f cfg` within valgrind will report 4 possible losses:
$ valgrind --leak-check=full ./haproxy -c -f ./example.cfg
==21219== Memcheck, a memory error detector
==21219== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==21219== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==21219== Command: ./haproxy -c -f ./example.cfg
==21219==
[WARNING] 165/001100 (21219) : config : missing timeouts for frontend 'foo'.
| While not properly invalid, you will certainly encounter various problems
| with such a configuration. To fix this, please ensure that all following
| timeouts are set to a non-zero value: 'client', 'connect', 'server'.
Warnings were found.
Configuration file is valid
==21219==
==21219== HEAP SUMMARY:
==21219== in use at exit: 1,436,631 bytes in 130 blocks
==21219== total heap usage: 153 allocs, 23 frees, 1,447,758 bytes allocated
==21219==
==21219== 7 bytes in 1 blocks are possibly lost in loss record 5 of 54
==21219== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21219== by 0x5726489: strdup (strdup.c:42)
==21219== by 0x468FD9: bind_conf_alloc (listener.h:158)
==21219== by 0x468FD9: cfg_parse_listen (cfgparse-listen.c:557)
==21219== by 0x459DF3: readcfgfile (cfgparse.c:2167)
==21219== by 0x5056CD: init (haproxy.c:2021)
==21219== by 0x418232: main (haproxy.c:3121)
==21219==
==21219== 14 bytes in 1 blocks are possibly lost in loss record 9 of 54
==21219== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21219== by 0x5726489: strdup (strdup.c:42)
==21219== by 0x468F9B: bind_conf_alloc (listener.h:154)
==21219== by 0x468F9B: cfg_parse_listen (cfgparse-listen.c:557)
==21219== by 0x459DF3: readcfgfile (cfgparse.c:2167)
==21219== by 0x5056CD: init (haproxy.c:2021)
==21219== by 0x418232: main (haproxy.c:3121)
==21219==
==21219== 128 bytes in 1 blocks are possibly lost in loss record 35 of 54
==21219== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21219== by 0x468F90: bind_conf_alloc (listener.h:152)
==21219== by 0x468F90: cfg_parse_listen (cfgparse-listen.c:557)
==21219== by 0x459DF3: readcfgfile (cfgparse.c:2167)
==21219== by 0x5056CD: init (haproxy.c:2021)
==21219== by 0x418232: main (haproxy.c:3121)
==21219==
==21219== 608 bytes in 1 blocks are possibly lost in loss record 46 of 54
==21219== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21219== by 0x4B953A: create_listeners (listener.c:576)
==21219== by 0x4578F6: str2listener (cfgparse.c:192)
==21219== by 0x469039: cfg_parse_listen (cfgparse-listen.c:568)
==21219== by 0x459DF3: readcfgfile (cfgparse.c:2167)
==21219== by 0x5056CD: init (haproxy.c:2021)
==21219== by 0x418232: main (haproxy.c:3121)
==21219==
==21219== LEAK SUMMARY:
==21219== definitely lost: 0 bytes in 0 blocks
==21219== indirectly lost: 0 bytes in 0 blocks
==21219== possibly lost: 757 bytes in 4 blocks
==21219== still reachable: 1,435,874 bytes in 126 blocks
==21219== suppressed: 0 bytes in 0 blocks
==21219== Reachable blocks (those to which a pointer was found) are not shown.
==21219== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==21219==
==21219== For counts of detected and suppressed errors, rerun with: -v
==21219== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)
Re-running the same command with the patch applied will not report any
losses any more:
$ valgrind --leak-check=full ./haproxy -c -f ./example.cfg
==22124== Memcheck, a memory error detector
==22124== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==22124== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==22124== Command: ./haproxy -c -f ./example.cfg
==22124==
[WARNING] 165/001503 (22124) : config : missing timeouts for frontend 'foo'.
| While not properly invalid, you will certainly encounter various problems
| with such a configuration. To fix this, please ensure that all following
| timeouts are set to a non-zero value: 'client', 'connect', 'server'.
Warnings were found.
Configuration file is valid
==22124==
==22124== HEAP SUMMARY:
==22124== in use at exit: 313,864 bytes in 82 blocks
==22124== total heap usage: 153 allocs, 71 frees, 1,447,758 bytes allocated
==22124==
==22124== LEAK SUMMARY:
==22124== definitely lost: 0 bytes in 0 blocks
==22124== indirectly lost: 0 bytes in 0 blocks
==22124== possibly lost: 0 bytes in 0 blocks
==22124== still reachable: 313,864 bytes in 82 blocks
==22124== suppressed: 0 bytes in 0 blocks
==22124== Reachable blocks (those to which a pointer was found) are not shown.
==22124== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==22124==
==22124== For counts of detected and suppressed errors, rerun with: -v
==22124== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
It might be worth investigating what exactly HAProxy does to lose pointers
to the start of those 4 memory areas and then to be able to still free them
during deinit(). If HAProxy is able to free them, they ideally should be
"still reachable" and not "possibly lost".
2020-06-13 18:37:42 -04:00
deinit_and_exit ( 0 ) ;
2006-06-25 20:48:02 -04:00
}
/*
* Local variables :
* c - indent - level : 8
* c - basic - offset : 8
* End :
*/
