8163 Commits

Author SHA1 Message Date
Willy Tarreau
3c63fd828a [MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate
The peers and the stats socket are control sockets, they must not be
limited by traffic rules.
2011-09-07 22:47:42 +02:00
Willy Tarreau
3ae65a16b9 [BUG] peers: don't pre-allocate 65000 connections to each peer
This made sense a long time ago but since the maxconn is dynamically
computed from the tracking tables, it does not make any sense anymore
and will harm future changes.
2011-09-07 22:47:42 +02:00
Willy Tarreau
f5b22875cd [MEDIUM] stats: add the ability to adjust the global maxconnrate
Using "set rate-limit connections global <xxx>" on the CLI, we can now
adjust the per-process connection rate limiting (equal to global.maxconnrate).
2011-09-07 22:47:42 +02:00
Willy Tarreau
9cd552d8f4 [MINOR] stats: report the current and max global connection rates
The HTML page reports the current process connection rate, and the
"show info" command on the stats socket also reports the conn rate
limit and the max conn rate that was once reached.

Note that the max value can be cleared using "clear counters".
2011-09-07 22:47:42 +02:00
Willy Tarreau
81c25d0ee6 [MEDIUM] add support for global.maxconnrate to limit the per-process conn rate.
This one enforces a per-process connection rate limit, regardless of what
may be set per frontend. It can be a way to limit the CPU usage of a process
being severely attacked.

The side effect is that the global process connection rate is now measured
for each incoming connection, so it will be possible to report it.
2011-09-07 22:47:42 +02:00
Willy Tarreau
91886b692a [MEDIUM] stats: add the "set maxconn" setting to the command line interface
This option permits to change the global maxconn setting within the
limit that was set by the initial value, which is now reported as the
hard maxconn value. This allows to immediately accept more concurrent
connections or to stop accepting new ones until the value passes below
the indicated setting.

The main use of this option is on systems where many haproxy instances
are loaded and admins need to re-adjust resource sharing at run time
to regain a bit of fairness between processes.
2011-09-07 22:47:41 +02:00
Willy Tarreau
abacc2cfd1 [CLEANUP] remove a useless test in manage_global_listener_queue()
The test for the empty list was done twice.
2011-09-07 18:09:27 +02:00
Willy Tarreau
c2adf8b906 [MEDIUM] stats: disable complex socket reservation for stats socket
The way the unix socket is initialized is awkward. Some of the settings are put
in the sockets itself, other ones in the backend. And more importantly the
global.maxsock value is adjusted so that the stats socket evades the global
maxconn value. This complexifies maxsock computations for nothing, since the
stats socket is not supposed to receive hundreds of concurrent connections when
the global maxconn is very low. What is needed however is to ensure that there
are always connections left for the stats socket even when traffic sockets are
saturated, but this guarantee is not offered anymore by current code.

So as of now, the stats socket is subject to the global maxconn limitation just
as any other socket until a reservation mechanism is implemented.
2011-09-07 18:05:48 +02:00
Willy Tarreau
46fa8355c0 [CLEANUP] remove dirty left-over of a debugging message
This debug message was added in commit e9b2602a and not noticed once
committed.
2011-09-07 11:55:40 +02:00
Willy Tarreau
b48f958e05 [CLEANUP] cfgparse: fix reported options for the "bind" keyword 2011-09-05 01:17:06 +02:00
Willy Tarreau
ad14f753ea [MINOR] http: take a capture of bad content-lengths.
Sometimes a bad content-length header is encountered and this causes
an abort. It's hard to debug without a trace, so let's take a capture
of the contents when this happens.
2011-09-05 00:54:57 +02:00
Willy Tarreau
3b8c08a174 [MINOR] http: take a capture of truncated responses
If a server starts to respond but stops before the body, then we
capture the truncated response. We don't do this on the request
because it would happen too often upon stupid attacks.
2011-09-05 00:54:56 +02:00
Willy Tarreau
fec4d89b24 [MINOR] http: take a capture of too large requests and responses
It's hard to prove a request or response is too large if there is no
capture, so let's take a snapshot of those too.
2011-09-05 00:54:56 +02:00
Willy Tarreau
509433391a [MINOR] stats: display "<NONE>" instead of the frontend name when unknown
"show sess" should display "<NONE>" instead of the frontend's name as
the backend's.
2011-09-05 00:54:56 +02:00
Willy Tarreau
588bd4f813 [BUG] http: trailing white spaces must also be trimmed after headers
Trailing spaces after headers were not trimmed, only the leading ones
were. An issue was detected today with a content-length value which
was padded with spaces and which was rejected. Recent updates to the
http-bis draft made it a lot more clear that such spaces must be ignored,
so this is what this patch does.

It should be backported to 1.4.
2011-09-05 00:54:56 +02:00
Willy Tarreau
631f01c2f1 [MINOR] make use of addr_to_str() and get_host_port() to replace many inet_ntop()
Many inet_ntop calls were partially right, which was hard to detect given
the complex combinations. Some of them were relying on the listener's proto
instead of the address itself, which could have been different when dealing
with an accept-proxy connection.

The new addr_to_str() function does the dirty job and returns the family, which
makes it particularly suited to calls from switch/case statements. A large number
of if/else statements were removed and the stats output could even be cleaned up
in the case of session dump.

As a side effect of doing this, the resulting code is smaller by almost 1kB.
All changed parts have been tested and provided expected output.
2011-09-05 00:54:36 +02:00
Willy Tarreau
86ad42c5b7 [MINOR] make use of set_host_port() and get_host_port() to get rid of family mismatches
This also simplifies the code and makes it more auditable.
2011-09-05 00:54:35 +02:00
Willy Tarreau
542a31d6c3 [BUG] backend: risk of picking a wrong port when mapping is used with crossed families
A similar issue as the previous one causes port mapping to fail in some
combinations of client and server address families. Using the macros fixes
the issue.
2011-08-27 12:07:49 +02:00
Willy Tarreau
48da04a6af [BUG] checks: use the correct destination port for sending checks
In the number of switch/case statements added for IPv6 changes,
one was wrong and caused the check port to be ignored for outgoing
connection because the socket's family was not taken at the right
place. Use the set_host_port() macro instead to fix the issue.

The same cleanup could be performed at a number of other places
and should follow shortly.

Special thanks to Stephane Bakhos of Techboom for reporting a
detailed analysis of this bug.
2011-08-27 11:51:36 +02:00
Willy Tarreau
e17a8d02d9 [BUG] possible crash in 'show table' on stats socket
Patch d5b9fd95 was missing an initialisation of "ctx.table.target", which caused
"show table" to segfault if it was issued after a "show errors" (target pointer == -1).
2011-08-24 08:23:34 +02:00
Willy Tarreau
c9ebc446b8 [CLEANUP] update the year in the copyright banner
It was still 2010 !
2011-08-23 00:23:54 +02:00
Willy Tarreau
43d8fb2d3a [REORG] build: move syscall redefinition to specific places
Some older libc don't define splice() and and don't define _syscall*()
either, which causes build errors if splicing is enabled.

To solve this, we now split the syscall redefinition into two layers :
  - one file per syscall (epoll, splice)
  - one common file to declare the _syscall*() macros

The code is cleaner because files using the syscalls just have to include
their respective file. It's not adviced to merge multiple syscall families
into a same file if all are not intended to be used simultaneously, because
defining unused static functions causes warnings to be emitted during build.

As a result, the new USE_MY_SPLICE parameter was added in order to be able
to define the splice() syscall separately.
2011-08-23 00:11:25 +02:00
Willy Tarreau
87cf51406c [MEDIUM] http: make x-forwarded-for addition conditional
If "option forwardfor" has the "if-none" argument, then the header is
only added when the request did not already have one. This option has
security implications, and should not be set blindly.
2011-08-19 22:57:24 +02:00
Willy Tarreau
1ee51a6581 [BUG] check: http-check expect + regex would crash in defaults section
Manoj Kumar reported a case where haproxy would crash upon start-up. The
cause was an "http-check expect" statement declared in the defaults section,
which caused a NULL regex to be used during the check. This statement is not
allowed in defaults sections precisely because this requires saving a copy
of the regex in the default proxy. But the check was not made to prevent it
from being declared there, hence the issue.

Instead of adding code to detect its abnormal use, we decided to implement
it. It was not that much complex because the expect_str part was not used
with regexes, so it could hold the string form of the regex in order to
compile it again for every backend (there's no way to clone regexes).

This patch has been tested and works. So it's both a bugfix and a minor
feature enhancement.

It should be backported to 1.4 though it's not critical since the config
was not supposed to be supported.
2011-08-19 20:14:01 +02:00
Simon Horman
8effd3de5b [MINOR] Use DPRINTF in assign_server()
Use DPRINTF in assign_server() rather than open-coding its logic.
2011-08-18 23:52:36 +02:00
Simon Horman
7abd00d7eb [MINOR] Fix build error in stream_int_register_handler()
There is no parameter or variable fct in stream_int_register_handler()
so the build fails when DPRINTF is active.
2011-08-18 23:52:36 +02:00
Simon Horman
d281eedc07 [MEDIUM] Correct ipmask() logic
The netmask applied to table entries as configured using ipmask() is
stored in arg_p->data.ip not arg_i (which will be 1 if the netmask is set).
2011-08-18 23:52:35 +02:00
Simon Horman
8b7b05a92d [MEDIUM] Fix stick-table replication on soft-restart
"[MINOR] session: add a pointer to the new target into the session" (664beb8)
introduced a regression by changing the type of a peer's target from
TARG_TYPE_PROXY to TARG_TYPE_NONE. The effect of this is that during
a soft-restart the new process no longer tries to connect to the
old process to replicate its stick tables.

This patch sets the type of a peer's target as TARG_TYPE_PROXY and
replication on soft-restart works once again.
2011-08-18 23:52:35 +02:00
Willy Tarreau
f73cd1198f [MINOR] session-counters: add the ability to clear the counters
Sometimes it can be useful to reset a counter : one condition increments
it and another one resets it. It can be used to better detect abuses.
2011-08-13 01:45:16 +02:00
Willy Tarreau
1620ec39a7 [MEDIUM] checks: group health checks methods by values and save option bits
Adding health checks has become a real pain, with cross-references to all
checks everywhere because they're all a single bit. Since they're all
exclusive, let's change this to have a check number only. We reserve 4
bits allowing up to 16 checks (15+tcp), only 7 of which are currently
used. The code has shrunk by almost 1kB and we saved a few option bits.

The "dispatch" option has been moved to px->options, making a few tests
a bit cleaner.
2011-08-06 17:08:40 +02:00
Herv COMMOWICK
ec032d63a6 [MINOR] check: add redis check support
This patch provides a new "option redis-check" statement to enable server health checks based on redis PING request (http://www.redis.io/commands/ping).
2011-08-06 15:52:47 +02:00
Herv COMMOWICK
daa824e513 [MINOR] acl: add srv_conn acl to count connections on a
specific backend server

These ACLs are used to check the number of active connections on the specified server in the specified backend.
2011-08-06 15:52:27 +02:00
Willy Tarreau
2a0f4d27a4 [MEDIUM] stats: add support for changing frontend's maxconn at runtime
The new "set maxconn frontend XXX" statement on the stats socket allows
the admin to change a frontend's maxconn value. If some connections are
queued, they will immediately be accepted up to the new limit. If the
limit is lowered, new connections acceptation might be delayed. This can
be used to temporarily reduce or increase the impact of a specific frontend's
traffic on the whole process.
2011-08-02 11:49:05 +02:00
Willy Tarreau
bc216c4ad0 [MINOR] proxy: make findproxy() return proxies from numeric IDs too
Sometimes it's useful to be able to search a proxy by its numeric ID,
so let's add support for names such as #<id>.
2011-08-02 11:25:54 +02:00
Willy Tarreau
e9b2602ac5 [MEDIUM] listeners: add a global listener management task
This global task is used to periodically check for end of resource shortage
and to try to enable queued listeners again. This is important in case some
temporary system-wide shortage is encountered, so that we don't have to wait
for an existing connection to be released before checking the queue again.

For situations where listeners are queued due to the global maxconn being
reached, the task is woken up at least every second. For situations where
a system resource shortage is detected (memory, sockets, ...) the task is
woken up at least every 100 ms. That way, recovery from severe events can
still be achieved under acceptable conditions.
2011-08-01 20:57:55 +02:00
Willy Tarreau
237250cc0d [BUG] proxy: stats frontend and peers were missing many initializers
This was revealed with one of the very latest patches which caused
the listener_queue not to be initialized on the stats socket frontend.
And in fact a number of other ones were missing too. This is getting so
boring that now we'll always make use of the same function to initialize
any proxy. Doing so has even saved about 500 bytes on the binary due to
the avoided code redundancy.

No backport is needed.
2011-07-29 02:00:19 +02:00
Willy Tarreau
918ff608f8 [MAJOR] proxy: finally get rid of maintain_proxies()
This function is finally not needed anymore, as it has been replaced with
a per-proxy task that is scheduled when some limits are encountered on
incoming connections or when the process is stopping. The savings should
be noticeable on configs with a large number of proxies. The most important
point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 16:33:49 +02:00
Willy Tarreau
d634e7c673 [CLEANUP] proxy: merge maintain_proxies() operation inside a single loop
This will help transforming the processing into per-proxy tasks.
2011-07-25 11:54:17 +02:00
Willy Tarreau
bbe11b1e3c [BUG] proxy: peers must only be stopped once, not upon every call to maintain_proxies
Peers were stopped on every call to maintain_proxies when stopping=1,
while they should only be stopped once upon call to soft_stop(). This
bug has little impact, mostly increased CPU usage. It's not needed to
backport it.
2011-07-25 11:16:24 +02:00
Willy Tarreau
b32907b6c7 [MINOR] sessions: only wake waiting listeners up if rate limit is OK
Instead of waking a listener up then making it sleep, we only wake them up
if we know their rate limit is fine. In the future we could improve on top
of that by deciding to wake a proxy-specific task in XX milliseconds to
take care of enabling the listeners again.
2011-07-25 08:37:44 +02:00
Willy Tarreau
d408bd40f3 [MINOR] proxy: make session rate-limit more accurate
Patch d9bbe17b used to limit the rate-limit to off-by-one to avoid
a busy loop when the limit is reached. Now that the listeners are
automatically disabled and queued when a limit is reached, we don't
need this workaround anymore and can bring back the most accurate
computation.
2011-07-25 08:30:51 +02:00
Willy Tarreau
a17c2d9361 [MINOR] stats: report a "WAITING" state for sockets waiting for resource
This is useful when enabling socket-stats to know that a socket is being
waiting for some resource (RAM, global connections, etc...).
2011-07-25 08:18:47 +02:00
Willy Tarreau
562515cac1 [CLEANUP] proxy: rename a few proxy states (PR_STIDLE and PR_STRUN)
Those states have been replaced with PR_STFULL and PR_STREADY respectively,
as it is what matches them the best now. Also, two occurrences of PR_STIDLE
in peers.c have been removed as this did not provide any form of error recovery
anyway.
2011-07-25 08:11:52 +02:00
Willy Tarreau
f3f8c70bd6 [MEDIUM] listeners: don't change listeners states anymore in maintain_proxies
Now maintain_proxies() only changes proxies states and does not affect their
listeners anymore since they are autonomous. A proxy will switch between the
PR_STIDLE and PR_STRUN states depending whether it's saturated or not. Next
step will consist in renaming PR_STIDLE to PR_STFULL. This state is now only
used to report the proxy state in the stats.
2011-07-25 07:37:28 +02:00
Willy Tarreau
2242649b3a [MEDIUM] listeners: don't stop proxies when global maxconn is reached
Now we don't have to stop proxies anymore since their listeners will be
queued if they attempt to accept a connection past the global limits.
2011-07-25 07:08:45 +02:00
Willy Tarreau
07687c171e [MEDIUM] listeners: queue proxy-bound listeners at the proxy's
All listeners that are limited by a proxy-specific resource are now
queued at the proxy's and not globally. This allows finer-grained
wakeups when releasing resource.
2011-07-24 23:55:06 +02:00
Willy Tarreau
08ceb1012b [MEDIUM] listeners: put listeners in queue upon resource shortage
When an accept() fails because of a connection limit or a memory shortage,
we now disable it and queue it so that it's dequeued only when a connection
is released. This has improved the behaviour of the process near the fd limit
as now a listener with a no connection (eg: stats) will not loop forever
trying to get its connection accepted.

The solution is still not 100% perfect, as we'd like to have this used when
proxy limits are reached (use a per-proxy list) and for safety, we'd need
to have dedicated tasks to periodically re-enable them (eg: to overcome
temporary system-wide resource limitations when no connection is released).
2011-07-24 22:58:00 +02:00
Willy Tarreau
e6ca1fcd84 [MINOR] listeners: add support for queueing resource limited listeners
When a listeners encounters a resource shortage, it currently stops until
one re-enables it. This is far from being perfect as it does not yet handle
the case where the single connection from the listener is rejected (eg: the
stats page).

Now we'll have a special status for resource limited listeners and we'll
queue them into one or multiple lists. That way, each time we have to stop
a listener because of a resource shortage, we can enqueue it and change its
state, so that it is dequeued once more resources are available.

This patch currently does not change any existing behaviour, it only adds
the basic building blocks for doing that.
2011-07-24 22:03:52 +02:00
Willy Tarreau
627937158f [MINOR] listeners: add listen_full() to mark a listener full
This is just a cleanup which removes calls to EV_FD_CLR() and state
setting everywhere in the code.
2011-07-24 19:25:28 +02:00
Willy Tarreau
ff45b8ccc6 [BUG] stream_sock: ensure orphan listeners don't accept too many connections
For listeners that are not bound to a frontend, the limit on the
number of accepted connections is tested at the end of the accept()
loop, but we don't break out of the loop, meaning that if more
connections than what the listener allows are available and if this
is less than the proxy's limits and within the size of a batch, then
they could be accepted. In practice, this problem currently cannot
appear since all listeners are bound to a frontend, and it's a very
minor issue anyway.

1.4 has the same issue (which cannot happen there either), but there
is some code after it, so it's the code cleanup which revealed it.
2011-07-24 19:16:52 +02:00