Re: [PR] Add srvkey option to stick-table

[Thayne McCombs]

On 12/10/20 1:31 AM, Frederic Lecaille wrote:
>
> It would be preferable to send all your patches, so that others than me 
> may review your work (no diff between different versions of patches) and 
> continue to split your work in several patches.
> 

Ok, here is what I have so far as two patches (I combined feedback into the 
original commit):


>From cf965f47e04776ca20d2ee6ed22028741493824c Mon Sep 17 00:00:00 2001
From: Thayne McCombs 
Date: Fri, 20 Nov 2020 01:28:26 -0700
Subject: [PATCH 1/2] Add srvkey option to stick-table

This allows using the address of the server rather than the name of the
server for keeping track of servers in a backend for stickiness.

Fixes #814
---
 doc/configuration.txt   | 12 -
 include/haproxy/dict.h  |  1 +
 include/haproxy/proxy-t.h   |  1 +
 include/haproxy/server-t.h  |  1 +
 include/haproxy/server.h|  2 +-
 include/haproxy/stick_table-t.h | 11 ++--
 include/haproxy/tools.h | 13 +
 src/cfgparse-listen.c   |  1 +
 src/cfgparse.c  |  4 +--
 src/dict.c  | 24 -
 src/peers.c |  9 +--
 src/server.c| 40 ++--
 src/stick_table.c   | 31 +-
 src/stream.c| 47 +++--
 src/tools.c | 45 +++
 15 files changed, 216 insertions(+), 26 deletions(-)

diff --git a/doc/configuration.txt b/doc/configuration.txt
index e60e3428d..e17061518 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -10649,7 +10649,7 @@ stick store-request  [table ] [{if | 
unless} ]
 
 
 stick-table type {ip | integer | string [len ] | binary [len ]}
-size  [expire ] [nopurge] [peers ]
+size  [expire ] [nopurge] [peers ] [srvkey 
]
 [store ]*
   Configure the stickiness table for the current section
   May be used in sections :   defaults | frontend | listen | backend
@@ -10726,6 +10726,16 @@ stick-table type {ip | integer | string [len ] 
| binary [len ]}
be removed once full. Be sure not to use the "nopurge" parameter
if not expiration delay is specified.
 
+   specifies how each server is identified for the purposes of the
+   stick table. The valid values are "name" and "addr". If "name" 
is
+   given, then  argument for the server (may be generated by
+   a template). If "addr" is given, then the server is identified
+   by its current network address, including the port. "addr" is
+   especially useful if you are using service discovery to generate
+   the addresses for servers with peered stick-tables and want
+   to consistently use the same host across peers for a stickiness
+   token.
+
 is used to store additional information in the stick-table. This
may be used by ACLs in order to control various criteria related
to the activity of the client matching the stick-table. For each
diff --git a/include/haproxy/dict.h b/include/haproxy/dict.h
index 59e81352c..c55834ca5 100644
--- a/include/haproxy/dict.h
+++ b/include/haproxy/dict.h
@@ -31,5 +31,6 @@
 
 struct dict *new_dict(const char *name);
 struct dict_entry *dict_insert(struct dict *d, char *str);
+void dict_entry_unref(struct dict *d, struct dict_entry *de);
 
 #endif  /* _HAPROXY_DICT_H */
diff --git a/include/haproxy/proxy-t.h b/include/haproxy/proxy-t.h
index 998e210f6..e62b79765 100644
--- a/include/haproxy/proxy-t.h
+++ b/include/haproxy/proxy-t.h
@@ -424,6 +424,7 @@ struct proxy {
char *lfsd_file;/* file name where the 
structured-data logformat string for RFC5424 appears (strdup) */
int  lfsd_line; /* file name where the 
structured-data logformat string for RFC5424 appears */
} conf; /* config information */
+   struct eb_root used_server_addr;/* list of server addresses in 
use */
void *parent;   /* parent of the proxy when 
applicable */
struct comp *comp;  /* http compression */
 
diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h
index 0e66be693..13f5a5dab 100644
--- a/include/haproxy/server-t.h
+++ b/include/haproxy/server-t.h
@@ -337,6 +337,7 @@ struct server {
struct ebpt_node name;  /* place in the tree of used 
names */
int line;   /* line where the section 
appears */
} conf; /* config information */
+   struct ebpt_node addr_node; /* Node for string 
representation of address for the server (including port number) */
/* Template information used only for server objects which
 * serve as templat

stable-bot: Bugfixes waiting for a release 2.3 (23), 2.2 (17), 2.1 (26), 2.0 (24)

[stable-bot]

Hi,

This is a friendly bot that watches fixes pending for the next haproxy-stable 
release!  One such e-mail is sent periodically once patches are waiting in the 
last maintenance branch, and an ideal release date is computed based on the 
severity of these fixes and their merge date.  Responses to this mail must be 
sent to the mailing list.


Last release 2.3.2 was issued on 2020-11-28.  There are currently 23 
patches in the queue cut down this way:
- 2 MAJOR, first one merged on 2020-12-14
- 6 MEDIUM, first one merged on 2020-12-14
- 15 MINOR, first one merged on 2020-12-14

Thus the computed ideal release date for 2.3.3 would be 2020-12-28, which is in 
two weeks or less.

Last release 2.2.6 was issued on 2020-11-30.  There are currently 17 
patches in the queue cut down this way:
- 2 MAJOR, first one merged on 2020-12-14
- 3 MEDIUM, first one merged on 2020-12-14
- 12 MINOR, first one merged on 2020-12-14

Thus the computed ideal release date for 2.2.7 would be 2020-12-28, which is in 
two weeks or less.

Last release 2.1.10 was issued on 2020-11-05.  There are currently 26 
patches in the queue cut down this way:
- 4 MAJOR, first one merged on 2020-11-13
- 5 MEDIUM, first one merged on 2020-11-13
- 17 MINOR, first one merged on 2020-11-06

Thus the computed ideal release date for 2.1.11 would be 2020-12-11, which was 
within the last week.

Last release 2.0.19 was issued on 2020-11-06.  There are currently 24 
patches in the queue cut down this way:
- 4 MAJOR, first one merged on 2020-11-13
- 5 MEDIUM, first one merged on 2020-11-13
- 15 MINOR, first one merged on 2020-11-13

Thus the computed ideal release date for 2.0.20 would be 2020-12-11, which was 
within the last week.

The current list of patches in the queue is:
 - 2.0, 2.1  - MAJOR   : peers: fix partial message decoding
 - 2.0, 2.1, 2.2, 2.3- MAJOR   : spoa/python: Fixing return None
 - 2.0, 2.1  - MAJOR   : spoe: Be sure to remove all references 
on a released spoe applet
 - 2.2, 2.3  - MAJOR   : ring: tcp forward on ring can break 
the reader counter.
 - 2.0, 2.1  - MAJOR   : filters: Always keep all offsets up to 
date during data filtering
 - 2.0, 2.1, 2.2, 2.3- MEDIUM  : spoa/python: Fixing PyObject_Call 
positional arguments
 - 2.0, 2.1, 2.2, 2.3- MEDIUM  : lb-leastconn: Reposition a server 
using the right eweight
 - 2.3   - MEDIUM  : local log format regression.
 - 2.3   - MEDIUM  : task: close a possible data race 
condition on a tasklet's list link
 - 2.0, 2.1  - MEDIUM  : filters: Forward all filtered data at 
the end of http filtering
 - 2.0, 2.1, 2.2, 2.3- MEDIUM  : spoa/python: Fixing references to 
None
 - 2.3   - MEDIUM  : lists: Lock the element while we check 
if it is in a list.
 - 2.0, 2.1  - MEDIUM  : peers: fix decoding of multi-byte 
length in stick-table messages
 - 2.0, 2.1, 2.2, 2.3- MINOR   : spoa/python: Cleanup references 
for failed Module Addobject operations
 - 2.0, 2.1, 2.2, 2.3- MINOR   : lua: warn when registering action, 
conv, sf, cli or applet multiple times
 - 2.0, 2.1  - MINOR   : http-fetch: Extract cookie value even 
when no cookie name
 - 2.0, 2.1  - MINOR   : peers: Missing TX cache entries reset.
 - 2.2, 2.3  - MINOR   : http-check: Use right condition to 
consider HTX message as full
 - 2.3   - MINOR   : listener: use sockaddr_in6 for IPv6
 - 2.0, 2.1  - MINOR   : peers: Do not ignore a protocol error 
for dictionary entries.
 - 2.0, 2.1  - MINOR   : http-fetch: Fix calls w/o parentheses 
of the cookie sample fetches
 - 2.0, 2.1, 2.2, 2.3- MINOR   : lua: Post init register function 
are not executed beyond the first one
 - 2.0, 2.1  - MINOR   : http-ana: Don't wait for the body of 
CONNECT requests
 - 2.0, 2.1, 2.2, 2.3- MINOR   : spoa/python: Cleanup ipaddress 
objects if initialization fails
 - 2.0, 2.1, 2.2, 2.3- MINOR   : tools: make parse_time_err() more 
strict on the timer validity
 - 2.2, 2.3  - MINOR   : mux-h1: Handle keep-alive timeout for 
idle frontend connections
 - 2.0, 2.1, 2.2, 2.3- MINOR   : tools: Reject size format not 
starting by a digit
 - 2.0, 2.1  - MINOR   : pattern: a sample marked as const 
could be written
 - 2.0, 2.1, 2.2, 2.3- MINOR   : lua: Some lua init operation are 
processed unsafe
 - 2.0, 2.1  - MINOR   : lua: set buffer size during map lookups
 - 2.3   - MINOR   : mux-h2/stats: make stream/connection 
proto errors more accurate
 - 2.3   - MINOR   : mux-h2/stats: not all GOAWAY frames 
are errors
 - 2.1

Quick question on atomics on ARM

[David CARLIER]

Hi,

I started to look at Haproxy on ARM and stumbled across the
implementation of cpu relax. While it is needed to have such
instruction, I am however wondering if the yield instruction is not
more appropriate than isb in this case ?

Kind regards.

Re: [PATCH] more granular guard for SSL_CTX_add_server_custom_ext

[William Lallemand]

On Fri, Dec 11, 2020 at 09:58:31PM +0500, Илья Шипицин wrote:
> ping :)
> 
> пт, 27 нояб. 2020 г. в 02:58, Илья Шипицин :
> 
> > Hello,
> >
> > let us continue to improve ssl guarding.
> >
> > Ilya
> >

Thanks, merged.

-- 
William Lallemand

Re: HAproxy 2.2.5 possible bug in ssl crt-list socket commands?

[William Lallemand]

On Fri, Dec 11, 2020 at 10:19:22AM +, Froehlich, Dominik wrote:
> Hi,
> 
> I am trying to implement a dynamic certificate updater for my crt-list in 
> HAproxy 2.2.5.
> I have noticed that somehow, when I update an existing certificate and add it 
> to the crt-list twice, I can never remove it again.
> 

For people interested, the bug was discussed here:
https://github.com/haproxy/haproxy/issues/1004

-- 
William Lallemand

Bid Writing, Major Donors and Volunteering Workshops

[NFP Workshops]

NFP WORKSHOPS
18 Blake Street, York YO1 8QG   01133 280988
Affordable Training Courses for Charities, Schools & Public Sector 
Organisations 




This email has been sent to haproxy@formilux.org
CLICK TO UNSUBSCRIBE FROM LIST
Alternatively send a blank e-mail to unsubscr...@nfpmail2001.co.uk quoting 
haproxy@formilux.org in the subject line.
Unsubscribe requests will take effect within seven days. 




Bid Writing: The Basics

Online via ZOOM  

COST £95

TOPICS COVERED

Do you know the most common reasons for rejection? Are you gathering the right 
evidence? Are you making the right arguments? Are you using the right 
terminology? Are your numbers right? Are you learning from rejections? Are you 
assembling the right documents? Do you know how to create a clear and concise 
standard funding bid?

Are you communicating with people or just excluding them? Do you know your own 
organisation well enough? Are you thinking through your projects carefully 
enough? Do you know enough about your competitors? Are you answering the 
questions funders will ask themselves about your application? Are you 
submitting applications correctly?

PARTICIPANTS  

Staff members, volunteers, trustees or board members of charities, schools, not 
for profits or public sector organisations who intend to submit grant funding 
applications to charitable grant making trusts and foundations. People who 
provide advice to these organisations are also welcome.
Bid Writing: Advanced

Online via ZOOM  

COST £95

TOPICS COVERED

Are you applying to the right trusts? Are you applying to enough trusts? Are 
you asking for the right amount of money? Are you applying in the right ways? 
Are your projects the most fundable projects? 

Are you carrying out trust fundraising in a professional way? Are you 
delegating enough work? Are you highly productive or just very busy? Are you 
looking for trusts in all the right places? 

How do you compare with your competitors for funding? Is the rest of your 
fundraising hampering your bids to trusts? Do you understand what trusts are 
ideally looking for?

PARTICIPANTS  

Staff members, volunteers, trustees or board members of charities, schools, not 
for profits or public sector organisations who intend to submit grant funding 
applications to charitable grant making trusts and foundations. People who 
provide advice to these organisations are also welcome.
Dates & Booking Links
BID WRITING: THE BASICS
Mon 21 Dec 2020
10.00 to 12.30Booking Link
Mon 11 Jan 2020
10.00 to 12.30Booking Link
Mon 25 Jan 2020
10.00 to 12.30Booking Link
Mon 08 Feb 2020
10.00 to 12.30Booking Link
Mon 22 Feb 2020
10.00 to 12.30Booking Link
BID WRITING: ADVANCED
Tue 22 Dec 2020
10.00 to 12.30Booking Link
Tue 12 Jan 2020
10.00 to 12.30Booking Link
Tue 26 Jan 2020
10.00 to 12.30Booking Link
Tue 09 Feb 2020
10.00 to 12.30Booking Link

Tue 23 Feb 2020
10.00 to 12.30Booking Link



Recruiting and Managing Volunteers

Online via ZOOM 

COST £195

TOPICS COVERED

Where do you find volunteers? How do you find the right volunteers? How do you 
attract volunteers? How do you run volunteer recruitment events? How do you 
interview volunteers? How do you train volunteers? How do you motivate 
volunteers? How do you involve volunteers?

How do you recognise volunteer? How do you recognise problems with volunteers? 
How do you learn from volunteer problems? How do you retain volunteers? How do 
you manage volunteers? What about volunteers and your own staff? What about 
younger, older and employee volunteers?

PARTICIPANTS

Staff members, volunteers, trustees or board members of charities, schools, not 
for profits or public sector organisations who intend to recruit volunteers 
into their organisation and then manage those volunteers. People who provide 
advice to these organisations are also welcome.
Dates & Booking Links
RECRUITING AND MANAGING VOLUNTEERS
Wed 13 Jan 2021
10.00 to 16.00Booking Link
Wed 10 Mar 2021
10.00 to 16.00Booking Link



Major Donor Fundraising
 
Online via ZOOM
   
COST £95 

TOPICS COVERED
 
 Major Donor Characteristics, Motivations and Requirements. Researching and 
Screening Major Donors. Encouraging, Involving and Retaining Major Donors. 
Building Relationships with Major Donors. Major Donor Events and Activities. 

 

Setting Up Major Donor Clubs.Asking For Major Gifts. Looking After and 
Reporting Back to Major Donors. Delivering on Major Donor Expectations. Showing 
Your Appreciation to Major Donors. Fundraising Budgets and Committees.

PARTICIPANTS
Staff members, volunteers, trustees or board members of charities, schools, not 
for profits or public sector organisations who intend to carry out Major Donor 
Fundraising. People who provide advice to these organisations are also welcome.
Dates & Booking Links
MAJOR DONOR FUNDRAISING
Wed 10 Feb 2021
10.00 to 12.30Booking Link
Wed 14 Apr 2021
10.00 to 12.30Booking Link



FEEDBACK FROM PAST ATTENDEES AT LIVE WORKSHOPS 
I must say I was really impressed with the