Re: Echo server in Lua
On Tue, Nov 3, 2015 at 5:53 AM, Thrawn wrote: > Now that HAProxy has Lua support, I'm looking at the possibility of setting > up an echo server, which simply responds with the observed remote address of > the client (currently implemented in PHP as $_SERVER['REMOTE_ADDRESS']; ?>). > > > Does anyone have a suggestion of the most efficient possible implementation > of this? If possible, it should handle millions of clients polling it > regularly, so speed is essential. > > > Thanks > Hi, content of echo.lua file: -- a simple echo server -- it generates a response whose body contains the client IP address core.register_action("echo", { "http-req" }, function (txn) local buffer = "" local response = "" buffer = txn.f:src() response = response .. "HTTP/1.0 200 OK\r\n" response = response .. "Server: haproxy-lua/echo\r\n" response = response .. "Content-Type: text/html\r\n" response = response .. "Content-Length: " .. buffer:len() .. "\r\n" response = response .. "Connection: close\r\n" response = response .. "\r\n" response = response .. buffer txn.res:send(response) txn:done() end) content of haproxy's configuration: global log 127.0.0.1 local0 lua-load echo.lua frontend echo bind *:10004 mode http http-request lua.echo Don't forget to setup timeouts, etc... Baptiste
Re: Multiplexing multiple services behind one agent (feature suggestion; patch attached)
On Tue, Nov 03, 2015 at 03:12:59PM -0800, James Brown wrote: > Attached is a `git-format-patch`-formatted patch with some extra strduping > and freeing. Thank you. I've just removed the two unneeded "if != NULL" before the free(), and merged it. Willy
Re: Multiplexing multiple services behind one agent (feature suggestion; patch attached)
Attached is a `git-format-patch`-formatted patch with some extra strduping and freeing. On Fri, Oct 30, 2015 at 11:39 PM, Willy Tarreau wrote: > Hi James, > > On Wed, Oct 28, 2015 at 10:27:22AM -0700, James Brown wrote: > > Sorry for being thickheaded, Willy, but what's your decision here ??? do > you > > want me to make it per-Backend instead of per-Server, or do you want to > > merge it as-is? > > Well, I think we can take it as-is then. The per-server setting doesn't > block the ability to later add a per-backend setting anyway. However you > need to fix one point in the patch : the string must be allocated per > server (so that we don't cause double-free when releasing it on exit). > Please use strdup() to allocate the string from the default server, and > please call free() on the server's string before assigning a new one, so > that we don't leak small memory chunks when setting multiple default-server > entries. Same when creating a new proxy (look for "fwdfor_hdr_name" as a > hit about where you should have to free(defproxy->agent_send). Also please > ensure that you properly assign the string from the default proxy's > default-server to the current proxy's. fwdfor_hdr_name is properly set > regarding this so you won't have to search too long. > > Last point, please build your patch using "git format-patch", so that I > can simply apply it. You used "git show", which is sufficient for a review > but requires manual modifications. If you have a single patch in your > branch, you can simply use "git format-patch -1" and you'll get the patch > for the latest commit. > > Thanks! > Willy > > -- James Brown Engineer 0001-Add-agent-send-server-parameter.patch Description: Binary data
[SPAM] ssl getting the wrong certificate once in a while
Hi all, I have a very weird problem and need your help if you have any idea ! here is my very simple setup ... frontend www_https bind169.54.85.244:443 ssl crt /etc/pki/tls/certs/www.domain1.com.pem bind169.54.85.249:443 ssl crt /etc/pki/tls/certs/www.domain1.com.pem http-requestset-header X-Forwarded-Proto https use_backend wcweb if url_bm-full frontend www_soap bind169.54.85.244:8000 ssl crt /etc/pki/tls/certs/star.domain2.ca.pem bind169.54.85.249:8000 ssl crt /etc/pki/tls/certs/star.domain2.ca.pem acl wc_soap_portdst_port8000 use_backend wcsoap if wc_soap_port When ever I connect on the 8000 port I get the correct cert 75 % of the time the rest I’m getting the other certs that should only be on port 443 Here is how I get the certificate ? echo|openssl s_client -connect sphsoap100.bmtc.ca:8000 |openssl x509 -text -noout 2>&1| grep www.domain1.com I try with haproxy 1.5.14 ( haproxy-1.5.14-1.el6.src.rpm) and haproxy 1.5.4 (haproxy-1.5.4-2.el6_7.1.src.rpm) If I try with openssl on port 443 I always get the correct cert which is the first one but for the second one I have less luck ;-( Any info from you would be great. Guillaume --- Guillaume Bourque, B.Sc.,
[SPAM] Bons plans de l'automne a prix irresistibles!
http://lb.votre-reve.fr/r/?id=t2f21f592,2103623,210346b&p1=haproxy@formilux.org&p2=haproxy@formilux.org Signaler comme indésirable Pour visualiser ce message au format html, cliquez ici : http://lb.votre-reve.fr/r/?id=t2f21f592,2103623,210346c&p1=%400M69%2FqqTmI0LI0Yo1sn6FeHab99xcEddKTgj73cBHOc%3D ou copiez le lien dans votre navigateur Web http://lb.votre-reve.fr/r/?id=t2f21f592,2103623,210346d&p1=haproxy@formilux.org http://lb.votre-reve.fr/r/?id=t2f21f592,2103623,210346e&p1=haproxy@formilux.org http://lb.votre-reve.fr/r/?id=t2f21f592,2103623,210346f&p1=haproxy@formilux.org http://lb.votre-reve.fr/r/?id=t2f21f592,2103623,2103470&p1=haproxy@formilux.org http://lb.votre-reve.fr/r/?id=t2f21f592,2103623,2103471&p1=haproxy@formilux.org http://lb.votre-reve.fr/r/?id=t2f21f592,2103623,2103472&p1=haproxy@formilux.org Confidentialité des données : conformément à la Loi Informatique et Libertés du 6 Janvier 1978, vous disposez d'un droit d'accès et de rectification des données vous concernant. Vous recevez cette invitation car vous avez été en contact avec le Service Commercial de CapDecision ou de ses partenaires. Pour ne plus recevoir de messages de CapDecision http://lb.capmail.fr/webApp/unsub?id=%40qO1ZY7CCAnRLCrIB%2FOQjfA%3D%3D"; _label="Lien de désinscription" _type="optout">cliquez ici.
[SPAM] Livraison de votre nouvelle CB
- http://compte-interdit-bancaire.net http://compte-interdit-bancaire.net/carte-bancaire-internationale.html OBTENEZ VOTRE CARTE BANCAIRE NON PLAFONNéE EN QUELQUES CLICS Quelle que soit votre situation personnelle ou professionnelle, nous vous garantissons l'ouverture de votre compte à l'étranger http://compte-interdit-bancaire.net/ouverture-compte-etranger.html chez l'une de nos banques partenaires. Sans vous déplacer, en quelques clics, retrouvez votre indépendance bancaire et obtenez votre carte bancaire http://compte-interdit-bancaire.net/carte-bancaire-internationale.html internationale non plafonnée. - http://tradingopportunities.net/app/member/img/ouverture-compte-etranger.jpg VOUS êTES? * Interdit bancaire http://compte-interdit-bancaire.net/interdit-bancaire * FICP http://compte-interdit-bancaire.net/ficp * ATD * Auto-entrepreneur http://compte-interdit-bancaire.net/ouverture-compte-business.html - http://compte-interdit-bancaire.net/ouverture-compte-etranger.html NOTRE SOLUTION COMPLèTE: * Une carte bancaire Visa ou Mastercard http://compte-interdit-bancaire.net/carte-bancaire-internationale.html * Pas de plafond de retraits ou de paiements * Gestion en ligne sécurisée * Des interlocuteurs francophones - http://compte-interdit-bancaire.net/formulaires?id_form=1 COMMENT çA MARCHE? * Remplissez le questionnaire de connaissance http://compte-interdit-bancaire.net/formulaires?id_form=1 * * Envoyez-nous la copie de votre pièce d'identité * Envoyez-nous un justificatif de domicile récent * Contactez-nous http://compte-interdit-bancaire.net/contactez-nous si vous avez la moindre question * Dans le cadre de la lutte contre le blanchiment de capitaux et le financement du terrorisme, la loi oblige toute banque à clairement identifier son client dès l'entrée en relation. - BESOIN D'UN CONSEIL? Notre service client est à votre disposition pour répondre à toutes vos questions DU LUNDI AU VENDREDI DE 8H30 à 18H Par téléphone 09 75 12 97 51 (prix d'un appel local depuis un poste fixe)Posez votre question http://compte-interdit-bancaire.net/contactez-nous - To change your subscription options: http://tradingopportunities.net/app/s/OSozKjQxODg5KjE1KmJyb2FkY2FzdA==
Re: [ANNOUNCE] haproxy-1.6.2
On 03/11/2015 11:32 πμ, Willy TARREAU wrote: > Hi, > > some extra bugs were found and fixed since 1.6.1, and since they can > cause trouble, here comes 1.6.2. In short, a bug in the DNS parser could > lead to an endless loop, and another bug in the HTTP connection reuse code > could cause a crash if a redirect was performed between two connections to > the same server on the same session. The other ones are less important but > everyone will prefer to have them fixed of course. > > Now things are stabilizing, I hope to be able to focus on new developments > again soon. > > Full changelog below : > - BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL < > 1.0.0 > - DOC: fix a typo for a "deviceatlas" keyword > - FIX: small typo in an example using the "Referer" header > - BUG/MEDIUM: config: count memory limits on 64 bits, not 32 > - BUG/MAJOR: dns: first DNS response packet not matching queried hostname > may lead to a loop > - BUG/MINOR: dns: unable to parse CNAMEs response > - BUG/MINOR: examples/haproxy.init: missing brace in quiet_check() > - DOC: deviceatlas: more example use cases. > - BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin. The above may make some packagers a bit unhappy:-) It broke my fully automated process: git pull;make git-tar;build;push to production:-) I had to introduce a search-replace in SPEC file for the build process to force the TARGET, I could add EXTRA variable in the make call for install-bin. See below the SPEC file. %build regparm_opts= %ifarch %ix86 x86_64 regparm_opts="USE_REGPARM=1" %endif target_kernel="linux2628" %if 0%{?rhel} < 6 target_kernel="linux26" %endif # Make sure TARGET is the same on each invocation of make sed -i -e "/^TARGET =/s/=/= ${target_kernel}/" Makefile make %{?_smp_mflags} SMALL_OPTS="-DMAX_HOSTNAME_LEN=42" CPU="generic" USE_PCRE=1 USE_ZLIB=1 USE_OPENSSL=1 ${regparm_opts} ADDINC="%{optflags}" USE_LINUX_TPROXY=1 CFLAGS="${CFLAGS} $(pcre-config --cflags)" pushd contrib/halog %{__make} ${halog} OPTIMIZE="%{optflags}" popd pushd contrib/iprange %{__make} iprange OPTIMIZE="%{optflags}" popd %install rm -rf %{buildroot} make install-bin DESTDIR=%{buildroot} PREFIX=%{_prefix} make install-man DESTDIR=%{buildroot} PREFIX=%{_prefix} Cheers, Pavlos signature.asc Description: OpenPGP digital signature
[SPAM] Un cambriolage toutes les 90 secondes
http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff170&p1=haproxy@formilux.org&p2=haproxy@formilux.org Signaler comme indésirable Pour visualiser ce message au format html, cliquez ici : http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff171&p1=%40BjYG%2B9ZZMefUqXjNM%2BAR2lYcMCpiH8lexy%2Fbikag9uM%3D ou copiez le lien dans votre navigateur Web http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff172&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff173&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff174&p1=haproxy@formilux.org N°1 DES ALARMES AVEC TÉLÉSURVEILLANCE EN EUROPE http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff175&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff176&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff177&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff178&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff179&p1=haproxy@formilux.org Intrusion traitée en moins de 60 secondes * http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff17a&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff17b&p1=haproxy@formilux.org Appel de la police après vérification** http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff17c&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff17d&p1=haproxy@formilux.org Installation en moins d'1 heure http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff17e&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff17f&p1=haproxy@formilux.org Contrôle depuis votre smartphone http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff180&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff181&p1=haproxy@formilux.org 1,8 million de clients http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff182&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff183&p1=haproxy@formilux.org Expert de la sécurité depuis 25 ans http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff184&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff185&p1=haproxy@formilux.org Verisure, c'est toute l'expérience du numéro 1 européen de l'alarme télésurveillée http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff186&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff187&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff188&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff189&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff18a&p1=haproxy@formilux.org Découvrez nos solutions pour protéger votre habitation, vos proches et vous-même http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff18b&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff18c&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff18d&p1=haproxy@formilux.org Proche de chez vous http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff18e&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff18f&p1=haproxy@formilux.org Plus de 1300 professionnels à votre service 24h24, 7j/7 répartis dans près de 60 agences en France. http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff190&p1=haproxy@formilux.org Expert en sécurité depuis 1984 http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff191&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff192&p1=haproxy@formilux.org Nous assurons votre sécurité depuis 1934 dans le monde et depuis 1988 en France http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff193&p1=haproxy@formilux.org Alarme intelligente http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff194&p1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff195&p1=haproxy@formilux.org Contrôlez votre système à distance : demande d'images, écoute silencieuse, activation/ désactivation, domotique... http://lb.enquete-en-or.com/r/?id=t2f0823e7,20fefef,20ff196&p1=haproxy@formilux.org
Re: [ANNOUNCE] haproxy-1.6.2
Good job. Thanks. - Michael C. > On 3 Nov 2015, at 20:32, Willy TARREAU wrote: > > Hi, > > some extra bugs were found and fixed since 1.6.1, and since they can > cause trouble, here comes 1.6.2. In short, a bug in the DNS parser could > lead to an endless loop, and another bug in the HTTP connection reuse code > could cause a crash if a redirect was performed between two connections to > the same server on the same session. The other ones are less important but > everyone will prefer to have them fixed of course. > > Now things are stabilizing, I hope to be able to focus on new developments > again soon. > > Full changelog below : >- BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL < > 1.0.0 >- DOC: fix a typo for a "deviceatlas" keyword >- FIX: small typo in an example using the "Referer" header >- BUG/MEDIUM: config: count memory limits on 64 bits, not 32 >- BUG/MAJOR: dns: first DNS response packet not matching queried hostname > may lead to a loop >- BUG/MINOR: dns: unable to parse CNAMEs response >- BUG/MINOR: examples/haproxy.init: missing brace in quiet_check() >- DOC: deviceatlas: more example use cases. >- BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin. >- BUG/MAJOR: http: don't requeue an idle connection that is already queued >- DOC: typo on capture.res.hdr and capture.req.hdr >- BUG/MINOR: dns: check for duplicate nameserver id in a resolvers section > was missing >- CLEANUP: use direction names in place of numeric values >- BUG/MEDIUM: lua: sample fetches based on response doesn't work > > Usual URLs below : >Site index : http://www.haproxy.org/ >Sources : http://www.haproxy.org/download/1.6/src/ >Git repository : http://git.haproxy.org/git/haproxy-1.6.git/ >Git Web browsing : http://git.haproxy.org/?p=haproxy-1.6.git >Changelog: http://www.haproxy.org/download/1.6/src/CHANGELOG >Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ > > Willy > >
[ANNOUNCE] haproxy-1.6.2
Hi, some extra bugs were found and fixed since 1.6.1, and since they can cause trouble, here comes 1.6.2. In short, a bug in the DNS parser could lead to an endless loop, and another bug in the HTTP connection reuse code could cause a crash if a redirect was performed between two connections to the same server on the same session. The other ones are less important but everyone will prefer to have them fixed of course. Now things are stabilizing, I hope to be able to focus on new developments again soon. Full changelog below : - BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL < 1.0.0 - DOC: fix a typo for a "deviceatlas" keyword - FIX: small typo in an example using the "Referer" header - BUG/MEDIUM: config: count memory limits on 64 bits, not 32 - BUG/MAJOR: dns: first DNS response packet not matching queried hostname may lead to a loop - BUG/MINOR: dns: unable to parse CNAMEs response - BUG/MINOR: examples/haproxy.init: missing brace in quiet_check() - DOC: deviceatlas: more example use cases. - BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin. - BUG/MAJOR: http: don't requeue an idle connection that is already queued - DOC: typo on capture.res.hdr and capture.req.hdr - BUG/MINOR: dns: check for duplicate nameserver id in a resolvers section was missing - CLEANUP: use direction names in place of numeric values - BUG/MEDIUM: lua: sample fetches based on response doesn't work Usual URLs below : Site index : http://www.haproxy.org/ Sources : http://www.haproxy.org/download/1.6/src/ Git repository : http://git.haproxy.org/git/haproxy-1.6.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.6.git Changelog: http://www.haproxy.org/download/1.6/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy
Re: GET HAPROXY HOST INFO VIA Api/JSON
On Mon, Nov 02, 2015 at 09:27:45AM +0100, Baptiste wrote: > I was delivering the "quick" answer to have this feature right now :) > > This is a need we identified and I already talked to Willy about it. > There is technically nothing against such feature. > We need time or resource to develop it. > If you want to contribute, write a similar function than csv_enc() in > src/standard.c. Not exactly, as csv_enc() is only used to encode one string at a time. The proper approach is to change the stats output to emit an indexed array for values that will be used both by the existing CSV and HTML outputs. Then it will be much easier to emit JSON as well. I'm not interested in seeing any work towards JSON before addressing the current model. Indeed, most of the information is present in the HTML output and is not available through CSV. So if we're going to have a third output format with even different fields, it becomes a real mess. So to summarize, here are the actions : 1) scrutinize the HTML output format to enumerate all the data we need to get ; HTML output will not be allowed to perform any computation anymore, only representation. So each value needs to have one entry ; 2) create a huge enum and assign non-ambiguous names to each values ; declare an array of "values" (I think we need 64bit ints and strings at least). We can have two arrays if we suffic each enum with its type (eg: FOO_S for a string, FOO_I for an int, maybe later FOO_F for a float). 3) write a function to fill th{is,ese} array[s] for the current proxy and server 4) reimplement HTML and CSV outputs by calling this function and picking the values from the indexed array[s]. The iterators are still in these output formats which serve as templates. 5) write the equivalent JSON output 6) add the ability to request JSON output on the HTTP stats request line just like we have ";csv" for CSV. It may be nice to see if we can have something similar on the CLI at least for debugging, and possibly for better interfacing with monitoring daemons 7) see how we can do the same for the global per-process info that are currently reported in the HTML version and in "show info" but not in the CSV output. I think the JSON output will be able to dump them at the same time as the other ones. Maybe for the HTTP access we'll just ask ";info" to get them in CSV format. Willy
[SPAM] Un cambriolage toutes les 90 secondes
http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102621&p1=haproxy@formilux.org&p2=haproxy@formilux.org Signaler comme indésirable Pour visualiser ce message au format html, cliquez ici : http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102622&p1=%40Zc9MIjetw%2FcnXW2Of6pvav50GshQs%2Bzg3%2FI1%2BiDgJg8%3D ou copiez le lien dans votre navigateur Web http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102623&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102624&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102625&p1=haproxy@formilux.org N°1 DES ALARMES AVEC TÉLÉSURVEILLANCE EN EUROPE http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102626&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102627&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102628&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102629&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,210262a&p1=haproxy@formilux.org Intrusion traitée en moins de 60 secondes * http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,210262b&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,210262c&p1=haproxy@formilux.org Appel de la police après vérification** http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,210262d&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,210262e&p1=haproxy@formilux.org Installation en moins d'1 heure http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,210262f&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102630&p1=haproxy@formilux.org Contrôle depuis votre smartphone http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102631&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102632&p1=haproxy@formilux.org 1,8 million de clients http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102633&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102634&p1=haproxy@formilux.org Expert de la sécurité depuis 25 ans http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102635&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102636&p1=haproxy@formilux.org Verisure, c'est toute l'expérience du numéro 1 européen de l'alarme télésurveillée http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102637&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102638&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102639&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,210263a&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,210263b&p1=haproxy@formilux.org Découvrez nos solutions pour protéger votre habitation, vos proches et vous-même http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,210263c&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,210263d&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,210263e&p1=haproxy@formilux.org Proche de chez vous http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,210263f&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102640&p1=haproxy@formilux.org Plus de 1300 professionnels à votre service 24h24, 7j/7 répartis dans près de 60 agences en France. http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102641&p1=haproxy@formilux.org Expert en sécurité depuis 1984 http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102642&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102643&p1=haproxy@formilux.org Nous assurons votre sécurité depuis 1934 dans le monde et depuis 1988 en France http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102644&p1=haproxy@formilux.org Alarme intelligente http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102645&p1=haproxy@formilux.org http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102646&p1=haproxy@formilux.org Contrôlez votre système à distance : demande d'images, écoute silencieuse, activation/ désactivation, domotique... http://lb.top-remise.com/r/?id=t2f1b6db5,210253c,2102647&p1=haproxy@formilux.org http://lb.t
Re: Potential Bug
Great ideas. Email marked as a todo for tomorrow. Will report back. Thanks. - Michael C. On 3 Nov 2015, at 18:32, Lukas Tribus wrote: >> I believe I may have discovered a bug in HAProxy 1.5.4 on CentOS 7.1, >> installed via standard repositories. >> >> I don't want to go into debugging levels of detail here, but instead >> will provide a synopsis in the hopes someone knows of a bug already or >> can confirm it warrants further investigation. > > Some proposal that would help nail it down: > - can you provide a gdb backtrace (catch the coredump or start haproxy > with gdb directly) > - try (as a workaround) without chroot > - try (as a alternative trigger) with > openssl s_client -cipher LOW -connect instead of the > ssl test > > > I don't think the bug is in haproxy, I think you may hit some obscure > problem in the openssl library, similar to this here: > http://blog.tinola.com/?e=36 > > > Maybe that problem reappeared in CentOs 7.1. > > > > Regards, > > Lukas > >
RE: Potential Bug
> I believe I may have discovered a bug in HAProxy 1.5.4 on CentOS 7.1, > installed via standard repositories. > > I don't want to go into debugging levels of detail here, but instead > will provide a synopsis in the hopes someone knows of a bug already or > can confirm it warrants further investigation. Some proposal that would help nail it down: - can you provide a gdb backtrace (catch the coredump or start haproxy with gdb directly) - try (as a workaround) without chroot - try (as a alternative trigger) with openssl s_client -cipher LOW -connect instead of the ssl test I don't think the bug is in haproxy, I think you may hit some obscure problem in the openssl library, similar to this here: http://blog.tinola.com/?e=36 Maybe that problem reappeared in CentOs 7.1. Regards, Lukas