-processes or changing TLS versions and ran out of
ideas. If someone observed similar behavior in the past and could share some
insights or has ideas how to debug this, please join us on the issue linked
above!
Thanks a lot and best regards,
Patrick
entry was used and also no
CAs were offered for test123.
Does somebody have more implementation details on this? Can I rely on my
observations for all crt-list properties, like ciphers and others?
Best regards,
Patrick
tion as
well. I am very sorry to see how this experience went for you. If it is
of any help to you: This is definitely not how it usually goes.
Then here is my next try. ;-)
I've rebased my changes to reflect the recent changes and added the
missing description to the first p
ke haproxy and want to give something back, but I'm not sure
if I want to do that in the future with the experience I had so far. :-(
- Patrick
w. You should add this to the doc
> (and the reg-test) then.
Done.
- Patrick>From 8f6ce045c80e0f67a485233ee602b57b4c311bde Mon Sep 17 00:00:00 2001
From: Patrick Gansterer
Date: Sun, 17 Jun 2018 11:21:11 +0200
Subject: [PATCH 1/2] MINOR: crypto: Move aes_gcm_dec implementation into new
file
-
Tim,
sorry for the troubles. My mail program added automatic line breaks. :-(
I attached the two files now.
- Patrick
>From 8f6ce045c80e0f67a485233ee602b57b4c311bde Mon Sep 17 00:00:00 2001
From: Patrick Gansterer
Date: Sun, 17 Jun 2018 11:21:11 +0200
Subject: [PATCH 1/2] MINOR: crypto: M
Tim,
thanks for the review. I just rebased my old patch today and didn't check what
changed in the meantime in the codebase. I created a separate patch to move
aes_gcm_dec out of ssl_sock.c since it seams to fit better to my new file.
- Patrick
>From 8f6ce045c80e0f67a485233ee602b57b4c311
5FFAF22231F851CF00C96C6EE98DF9E0B66FFE7C089"
expect resp.http.x-crc32 == "688229491"
expect resp.http.x-crc32-1 == "4230317029"
expect resp.http.x-crc32c == "2621708363"
diff --git a/src/crypto.c b/src/crypto.c
new file mode 100644
index
ld be to add
a lua action to sleep for 10 seconds on the response when you have a
connect error, and then override the response to a 307 (or perhaps 302)
redirect back to the same location. This will then cause the browser to
retry the request.
-Patrick
ing people to try a later
version if available. Just that I don't think it should be the expectation.
-Patrick
being redispatched. The higher
level code assumes that if the request was in a queue, and is now no
longer in a queue, then redispatch is the appropriate action.
Thanks
-Patrick
From a3c8ba92a05ec877662359f963ece0cfa82051f8 Mon Sep 17 00:00:00 2001
From: Patrick Hemmer
Date: Thu, 12 Sep 2019 22
*From:* Jerome Magnin [mailto:jmag...@haproxy.com]
*Sent:* Tuesday, July 16, 2019, 10:19 EDT
*To:* Patrick Hemmer
*Cc:* Pavlos Parissis , haproxy@formilux.org
*Subject:* fullconn not working
Hi Patrick,
On Tue, Jul 16
*From:* Pavlos Parissis [mailto:pavlos.paris...@gmail.com]
*Sent:* Tuesday, July 16, 2019, 09:32 EDT
*To:* haproxy@formilux.org
*Cc:* Patrick Hemmer
*Subject:* fullconn not working
On Παρασκευή, 28 Ιουνίου 2019 5:50:48
*From:* Patrick Hemmer [mailto:hapr...@stormcloud9.net]
*Sent:* Friday, June 28, 2019, 11:50 EDT
*To:* HAProxy
*Subject:* fullconn not working
I'm trying to get fullconn working, and can't seem to do so. I dunno
if it's
*From:* Patrick Hemmer [mailto:hapr...@stormcloud9.net]
*Sent:* Wednesday, June 26, 2019, 08:06 EDT
*To:* haproxy@formilux.org
*Subject:* haproxy inappropriately sending rst_stream on http/2
I'm running haproxy 1.9.8
le flags, so the doc
was already somewhat Linux specific. However other references, such as
"netstat -i", are cross-platform.
So where do we draw the line on being Linux-specific in our
documentation, vs. OS agnostic?
-Patrick
-
4/4/1/2/0 0/0 "GET /?sleep=2=1 HTTP/1.1"
<30>Jun 28 11:37:47 haproxy[75322]: 127.0.0.1:55120
[28/Jun/2019:11:37:45.658] f1 b1/s1 0/0/0/2003/2003 200 75 - -
4/4/0/1/0 0/0 "GET /?sleep=2=2 HTTP/1.1"
So am I misunderstanding how fullconn works? Or is there a bug?
I've tested with 2.0.1, 1.9.8, and 1.8.13.
-Patrick
gineer
This is just a stab in the dark, but try deleting the header, then
adding it back. For example
http-response set-var(res.conlen) res.hdr(content-length)
http-response del-header content-length
http-response set-header Content-Length %[var(res.conlen)] if {
var(res.conlen) -m found }
-Patrick
re showing the client did no such thing. Additionally there are
other requests on the same connection, both before & after the one that
gets reset, which go through fine.
Willy, I'm going to send both the logs and packet capture off-list.
-Patrick
*From:* Patrick Hemmer [mailto:hapr...@stormcloud9.net]
*Sent:* Tuesday, June 4, 2019, 16:38 EDT
*To:* haproxy@formilux.org
*Subject:* [PATCH] MINOR: SSL: add client/server random sample fetches
Re-send of earlier patch
Re-send of earlier patch due to formatting issues (upgraded thunderbird
and lost a bunch of stuff :-( ).
As an attachment this time, so should be safe.
-Patrick
From 0947dc1faf7a0a90631adcebc2e65fc191da8473 Mon Sep 17 00:00:00 2001
From: Patrick Hemmer
Date: Tue, 4 Jun 2019 08:13:03 -0400
*From:* Willy Tarreau [mailto:w...@1wt.eu]
*Sent:* Tuesday, June 4, 2019, 10:08 EDT
*To:* Patrick Hemmer
*Cc:* haproxy@formilux.org
*Subject:* http_first_req not working with http2
Hi Patrick,
On Mon, Jun 03, 2019
This adds 4 sample fetches:
- ssl_fc_client_random
- ssl_fc_server_random
- ssl_bc_client_random
- ssl_bc_server_random
These fetches retrieve the client or server random value sent during the
handshake.
Their use is to be able to decrypt traffic sent using ephemeral ciphers.
Tools
like
() [ { if | unless } ]
This is experienced with version 1.9.8
-Patrick
if (vars->scope != scope)
443 return 0;
444
445 HA_RWLOCK_WRLOCK(VARS_LOCK, >rwlock);
Target 0: (haproxy) stopped.
-Patrick
*From:* Patrick Hemmer [mailto:hapr...@stormcloud9.net]
*Sent:* Monday, June 3, 2019, 17:21 EDT
*To:* haproxy@formilux.org
*Subject:* http_first_req not working with http2
As subject says, it appears
_req=1
Where as,
Config:
frontend f1
bind :8000 proto h2
option http-use-htx
log-format http_first_req=%[http_first_req]
With `curl --http2-prior-knowledge http://localhost:8000`
Outputs:
<30>Jun 3 17:16:51 haproxy[47829]: http_first_req=0
-Patrick
ent, according with the HAProxy configuration file, on
the default syslog server if it is configured and on the stderr if it is
allowed.
So how do I make stderr not allowed?
In my config, I have the following log related settings in defaults
log 127.0.0.1:514 daemon
option httplog
-Patrick
*From:* Willy Tarreau [mailto:w...@1wt.eu]
*Sent:* Saturday, May 25, 2019, 01:42 EDT
*To:* Patrick Hemmer
*Cc:* Haproxy
*Subject:* Capturing headers from http/2 trailers?
Hi Patrick,
On Fri, May 24, 2019 at 09:00:25AM
*From:* Aleksandar Lazic [mailto:al-mob...@none.at]
*Sent:* Friday, May 24, 2019, 20:30 EDT
*To:* Patrick Hemmer
*Cc:* Haproxy
*Subject:* Capturing headers from http/2 trailers?
Hi.
Fri May 24 15:00:55 GMT+02:00 2019
ing to log the grpc-status and grpc-message
headers from gRPC responses.
Thanks
-Patrick
c51189488) at
src/haproxy.c:2774
err =
retry =
limit = {rlim_cur = 131072, rlim_max = 131072}
errmsg =
"\000@\000\000\000\000\000\000\002v\037\237n\177\000\000\300t\004\241n\177\000\000`\027S\237n\177\000\000\030\000\000\000\000\000\000\000>\001\000\024\000\000\000\000p\244\005\241n\177\000\000@\276\001\241n\177\000\000\000P\273\240n\177\000\000\274o\037\237n\177\000\000\370\224\030Q\374\177\000\000\000\000\000\000\000\000\000\000Pw\004\241"
pidfd = -1
-Patrick
*From:* Willy Tarreau [mailto:w...@1wt.eu]
*Sent:* Saturday, May 11, 2019, 06:10 EDT
*To:* Patrick Hemmer
*Cc:* haproxy@formilux.org
*Subject:* HAProxy 1.9.6 unresponsive
Hi Patrick,
On Fri, May 10, 2019 at 09:17:25AM
*From:* Willy Tarreau [mailto:w...@1wt.eu]
*Sent:* Tuesday, May 7, 2019, 14:46 EDT
*To:* Patrick Hemmer
*Cc:* haproxy@formilux.org
*Subject:* HAProxy 1.9.6 unresponsive
Hi Patrick,
On Tue, May 07, 2019 at 02:01:33PM
aster only, and
the master watches the workers in turn. If a worker stops responding,
the master would restart just that one worker.
Any thoughts on the matter, or do we not want to do this, and rely on a
custom check in the cluster management software?
-Patrick
*From:* Willy Tarreau [mailto:w...@1wt.eu]
*Sent:* Monday, May 6, 2019, 08:42 EDT
*To:* Patrick Hemmer
*Cc:* haproxy@formilux.org
*Subject:* HAProxy 1.9.6 unresponsive
On Sun, May 05, 2019 at 09:40:02AM +0200, Willy
istros use different directories,
such as RedHat which uses /etc/sysconfig
-Patrick
. However
I did capture a core file before doing so.
-Patrick
*From:* Willy Tarreau [mailto:w...@1wt.eu]
*Sent:* Monday, April 29, 2019, 23:55 EDT
*To:* William Lallemand
*Cc:* Tim Düsterhus , Patrick Hemmer
, haproxy@formilux.org
*Subject:* [PATCH] MINOR: systemd: Make use
*From:* Tim Düsterhus [mailto:t...@bastelstu.be]
*Sent:* Friday, April 26, 2019, 15:03 EDT
*To:* Patrick Hemmer , William Lallemand
*Cc:* haproxy@formilux.org, w...@1wt.eu
*Subject:* [PATCH] MINOR: systemd: Make use
as successful or not.
I haven't thought about this a whole lot, but I'm thinking the way to
address it would be some sort of inquiry to the master process, which
means using the socket. So if the systemd unit file ensured that the
master socket is available, then ExecReload could be adjusted to use it
and get success/failure feedback.
-Patrick
*From:* Willy Tarreau [mailto:w...@1wt.eu]
*Sent:* Thursday, April 11, 2019, 13:23 EDT
*To:* Patrick Hemmer
*Cc:* haproxy@formilux.org, wlallem...@haproxy.com
*Subject:* `stats bind-process` broken
On Thu, Apr 11, 2019
in {1..5}; do socat - unix:/tmp/haproxy.sock <<< "show info"
| grep Pid: ; done
Pid: 33371
Pid: 33373
Pid: 33372
Pid: 33373
Pid: 33373
-Patrick
That worked great. Thanks Willy!
Patrick Overbey
Fiserv
-Original Message-
From: Willy Tarreau [mailto:w...@1wt.eu]
Sent: Wednesday, April 03, 2019 10:01 PM
To: Overbey, Patrick (Sioux Falls)
Cc: maio...@gmail.com; haproxy@formilux.org
Subject: Re: Upcoming haproxy build fixes
'?
ip_v = (*line & 0xf0) >> 4;
^~~~
Patrick Overbey
Fiserv
-Original Message-
From: Willy Tarreau [mailto:w...@1wt.eu]
Sent: Wednesday, April 03, 2019 3:50 PM
To: Overbey, Patrick (Sioux Falls)
Cc: maio...@gmail.com; haproxy@formilux.org
Subject: Re: Upcoming haproxy b
'_DECLARE_INITCALL'
_DECLARE_INITCALL(stage, __LINE__, function, arg1, 0, 0)
^
src/connection.c:1302:1: note: in expansion of macro 'INITCALL1'
INITCALL1(STG_REGISTER, sample_register_fetches, _fetch_keywords);
^
gmake: *** [Makefile:996: src/connection.o] Error 1
Patrick Overbey
Sorry, Willy. I'm still having the same troubles after the changes.
Patrick Overbey
Fiserv
-Original Message-
From: Willy Tarreau [mailto:w...@1wt.eu]
Sent: Wednesday, April 03, 2019 3:10 PM
To: Overbey, Patrick (Sioux Falls)
Cc: maio...@gmail.com; haproxy@formilux.org
Subject: Re
_DECLARE_INITCALL(stage, __LINE__, function, arg1, 0, 0)
^
src/connection.c:1302:1: note: in expansion of macro 'INITCALL1'
INITCALL1(STG_REGISTER, sample_register_fetches, _fetch_keywords);
^
gmake: *** [Makefile:991: src/connection.o] Error 1
Thanks.
Patrick Overbey
Fis
Great. Thank you Willy.
Patrick Overbey
Fiserv
-Original Message-
From: Willy Tarreau [mailto:w...@1wt.eu]
Sent: Wednesday, April 03, 2019 1:18 AM
To: Overbey, Patrick (Sioux Falls)
Cc: maio...@gmail.com; haproxy@formilux.org
Subject: Re: Upcoming haproxy build fixes for Cygwin &
Thanks. Can you let me know when the change is ported back to 1.9?
Patrick Overbey
Fiserv
-Original Message-
From: Willy Tarreau [mailto:w...@1wt.eu]
Sent: Monday, April 01, 2019 3:23 PM
To: Overbey, Patrick (Sioux Falls)
Cc: maio...@gmail.com; haproxy@formilux.org
Subject: Re
Not really necessary since "aix52" works. Production servers should really be
AIX 7.1+ anyway.
Patrick Overbey
Fiserv
-Original Message-
From: Willy Tarreau [mailto:w...@1wt.eu]
Sent: Monday, April 01, 2019 2:48 PM
To: Overbey, Patrick (Sioux Falls)
Cc: maio...@gmail.co
I was able to compile HA-Proxy version 2.0-dev2-ce4ec50 2019/04/01 with these
options using an AIX 6.1.9 system and openssl 1.0.2q. Thank you!
gmake CFLAGS="-maix64" LDFLAGS="-maix64" TARGET=aix52 USE_OPENSSL=1 USE_PCRE=1
USE_ZLIB=1
Patrick Overbey
Fiserv
-Origin
Wow. Really appreciate you following up. Thanks Willy!
Patrick Overbey
Fiserv
-Original Message-
From: Willy Tarreau [mailto:w...@1wt.eu]
Sent: Friday, March 29, 2019 4:01 PM
To: maio...@gmail.com; Overbey, Patrick (Sioux Falls)
Cc: haproxy@formilux.org
Subject: Upcoming haproxy build
config files?
>
> thanks
> Philipp
>
You can use external files in two cases. See the following blog articles:
https://www.haproxy.com/blog/introduction-to-haproxy-acls/ (search for
"acl file")
https://www.haproxy.com/blog/introduction-to-haproxy-maps/
-Patrick
e file indicates that you had an earlier version of the service
file present on your system, and have not reloaded systemd since
modifying it, so it's using the old file.
You need to run: `systemctl daemon-reload`
-Patrick
se related resources might all involve
computation that is shared. If each request is handled separately (e.g.
Link header to server-push conversion), it would result in a lot of
duplicated work. So instead we want to do the computation once, and push
out the multiple responses separately.
-Patrick
umentation, on some of the
keywords, you'll see:
> Note that due to the config parser, it is not possible to use a comma
nor a closing parenthesis as delimitors.
You can get around it by using converters, and some sort of encoded
text, such as URL or base64. For example:
str(GET%2CPOST%2CPUT),url_dec()
-Patrick
On 2019/2/14 12:45, Olivier Houchard wrote:
> Hi Patrick,
>
> On Thu, Feb 14, 2019 at 09:12:18AM -0500, Patrick Hemmer wrote:
>>
>> On 2019/2/14 08:20, Frederic Lecaille wrote:
>>> On 2/14/19 1:32 PM, Frederic Lecaille wrote:
>>>> On 2/13/19 7:30 PM, P
On 2019/2/14 08:20, Frederic Lecaille wrote:
> On 2/14/19 1:32 PM, Frederic Lecaille wrote:
>> On 2/13/19 7:30 PM, Patrick Hemmer wrote:
>>>
>>>
>>> On 2019/2/13 10:29, Olivier Houchard wrote:
>>>> Hi Patrick,
>>>>
>>
On 2019/2/13 10:29, Olivier Houchard wrote:
> Hi Patrick,
>
> On Wed, Feb 13, 2019 at 10:01:01AM -0500, Patrick Hemmer wrote:
>>
>> On 2019/2/13 09:40, Aleksandar Lazic wrote:
>>> Am 13.02.2019 um 14:45 schrieb Patrick Hemmer:
>>>> Trying to compi
On 2019/2/13 09:40, Aleksandar Lazic wrote:
> Am 13.02.2019 um 14:45 schrieb Patrick Hemmer:
>> Trying to compile haproxy on my local machine for testing purposes and am
>> running into the following:
> Which compiler do you use?
# gcc -v
Configured with:
--pr
E_INITCALL'
__attribute__((__used__,__section__("init_"#stg))) = \
Issue occurs on master, and the 1.9 branch
-Patrick
n, but still a couple months out.
The other caveat is that we run with threading disabled. Until the
statement on 'nbthread' that "THREADS SUPPORT IN HAPROXY IS HIGHLY
EXPERIMENTAL" goes away, we'll be leaving it off.
-Patrick
gld
version 2.29.1, but ran into many undefined reference errors (attached).
Thank you!
Patrick Overbey
Fiserv
-Original Message-
From: Willy Tarreau [mailto:w...@1wt.eu]
Sent: Thursday, December 27, 2018 8:17 AM
To: Overbey, Patrick (Sioux Falls)
Cc: Aleksandar Lazic ; haproxy
is where I run into compile errors. Is there support for these
compile bugs or am I on my own?
Thanks for any help you can offer.
Patrick Overbey
Software Development Engineer Staff
Product Development/Bank Solutions
Office: 605-362-1260 x7290
Fiserv
Join us @ Forum
2019<http://links.mkt030.
Hi Jonathan,
I've build the 1.8.16 image myself and the problem is indeed fixed. Any
plan of including that fix in a 1.9.1 release?
Thanks.
On 23.12.18 18:20, Jonathan Matthews wrote:
Hey Patrick,
Have you looked at the fixes in 1.8.16? They sound kinda-sorta related
to your problem
> localhost.40994: 63037 1/0/0 www. A 172.20.0.17
(40)
Could it be related to that?
https://github.com/haproxy/haproxy/commit/8d4e7dc880d2094658fead50dedd9c22c95c556a
On 23.12.18 13:59, Patrick Valsecchi wrote:
Hi,
Since haproxy version 1.8.14 and including the last 1.9 release,
hapr
Hi,
Since haproxy version 1.8.14 and including the last 1.9 release, haproxy
puts all my backends in MAINT after around 31s. They first work fine,
but then they are put in MAINT.
The logs look like that:
<149>Dec 23 12:45:11 haproxy[1]: Proxy www started.
<149>Dec 23 12:45:11
to be
aware of the impact this code is having on the performance of the
requests, and the response times.
-Patrick
On 2018/8/22 04:05, Willy Tarreau wrote:
> On Thu, Aug 09, 2018 at 06:46:29PM -0400, Patrick Hemmer wrote:
>> This adds the 'srv_conn_free([/])' sample fetch. This fetch
>> provides the number of available connections on the designated server.
> Fine with this as well
On 2018/8/25 01:30, Willy Tarreau wrote:
> On Fri, Aug 24, 2018 at 06:18:23PM -0400, Patrick Hemmer wrote:
>>> I disagree with making a special case above for maxconn 0. In fact for me
>>> it just means that such a server cannot accept connections, so it simply
>>>
On 2018/8/22 04:04, Willy Tarreau wrote:
> Hi Patrick,
>
> On Thu, Aug 09, 2018 at 06:46:28PM -0400, Patrick Hemmer wrote:
>> This adds the sample fetch 'be_conn_free([])'. This sample fetch
>> provides the total number of unused connections across available servers
>&g
Not sure if this is the right approach, but this addresses the issue for me.
This should be backported to 1.8.
-Patrick
From 9087400de99a3925380cac4128a431cd48a09145 Mon Sep 17 00:00:00 2001
From: Patrick Hemmer
Date: Wed, 22 Aug 2018 10:02:00 -0400
Subject: [PATCH] MEDIUM: reset lua transaction
On 2018/8/22 05:16, Thierry Fournier wrote:
> Hi Patrick,
>
> Could you retry adding the keyword “local” before data. Unfortunately,
> by default, Lua variables are global.
>
Makes no difference, still get the same result. I don't think it would
do anything anyway as th
On 2018/8/9 01:01, Patrick Hemmer wrote:
> There's an issue on current master (287527a) where haproxy is losing
> track of its connections, and they're getting stuck in CLOSE_WAIT. And
> it's counting these connections towards limits (such as maxconn).
> Eventually maxcon
On 2018/8/9 13:00, Patrick Hemmer wrote:
> So I just noticed the behavior that when a request is queued and the
> client closes the connection, once a server slot frees up that request
> is still sent to the server which processes it and sends a response back.
> What's even more
On 2018/8/9 18:46, Patrick Hemmer wrote:
> These are 2 new sample fetches which provide the available connections.
> The be_conn_free fetch is similar to connslots, but has significant
> difference in that it does not count queue slots, nor backup servers
> (unless all serv
On 2018/6/17 14:02, Baptiste wrote:
>
>
> Le dim. 17 juin 2018 à 14:10, Patrick Gansterer <mailto:par...@paroga.com>> a écrit :
>
>
> > On 17 Jun 2018, at 13:36, Baptiste <mailto:bed...@gmail.com>> wrote:
> >
> > Can they be
On 2018/7/18 09:03, Frederic Lecaille wrote:
> Hello Patrick,
>
> On 07/17/2018 03:59 PM, Patrick Hemmer wrote:
>> Ping?
>>
>> -Patrick
>>
>> On 2018/6/22 15:10, Patrick Hemmer wrote:
>>> When using core.msleep in lua, the %Tw metric is a negati
, will use kqueue.
Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace
-Patrick
This adds documentation that was missed as part of 268a707.
---
doc/configuration.txt | 11 +++
1 file changed, 11 insertions(+)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 48b69a5bd..d11b63185 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@
On 2018/8/13 09:17, Aleksandar Lazic wrote:
> On 11/08/2018 14:48, Patrick Hemmer wrote:
>>
>
> [snipp]
>
>> To answer one of the earlier questions, I do plan on writing a blog
>> article yes. The question is when. I'm considering backporting this
>> f
o correctly identify bots vs real users.
You can usually get it right, but mis-identification is very easy. So
the idea here is that we would add a score to incoming requests based on
things like the user having a cookie, are they a registered user,
request rate, etc. Similar to how email spam filters work. Each one of
these things would increment or decrement the score, and then they would
be queued based on the result. Then when we do have a L7 attack, we only
give compute resources to the attackers when there are no real users in
the queue. Thus the users might see some slowdown, but it should be
minimal. And since we're not actually blocking an attacker, it makes it
much harder for them to figure out the criteria we're using to identify
them and get around it. And also since we're not blocking, users which
end up mis-identified as bots aren't impacted during normal operations,
only when we're under attack. And even then it should be minimal since
while a user might have triggered a few of the score rules, the bot
would have hopefully triggered more.
-Patrick
On 2018/8/10 09:19, Willy Tarreau wrote:
> Hi Patrick,
>
> On Thu, Aug 09, 2018 at 06:29:33PM -0400, Patrick Hemmer wrote:
>> I also went and removed the queue position counter code from
>> stream_process_counters(), and the logging still appears to work fine
>> (but
This adds the sample fetch 'be_conn_free([])'. This sample fetch
provides the total number of unused connections across available servers
in the
specified backend.
---
doc/configuration.txt | 15 ++-
src/backend.c | 38 ++
2 files changed,
This adds the 'srv_conn_free([/])' sample fetch. This fetch
provides the number of available connections on the designated server.
---
doc/configuration.txt | 21 ++---
src/backend.c | 22 ++
2 files changed, 40 insertions(+), 3 deletions(-)
diff
with the priority
queuing, so you can see how many connections are available, perhaps for
taking action when the number is low. For example by reserving
connections for high-priority requests, and rejecting low priority ones.
-Patrick
Patrick Hemmer (2):
MINOR: add be_conn_free sample fetch
MINOR: Add
Re-adding the mailing list.
On 2018/8/6 22:37, Willy Tarreau wrote:
> Hi Patrick,
>>> I *think* that the change made to stream_process_counters() is not needed,
>>> because stream_process_counters() is normally used to keep the stats up
>>> to date so that
network namespace support.
Available polling systems :
kqueue : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use kqueue.
Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace
-Patrick
abled,
then your resolver becomes a static "127.0.0.1". And since
NetworkManager also integrates with the DHCP client, if the nameserver
IPs change, then it'll reload dnsmasq, and you don't need to do anything
with haproxy.
Enabling this is as simple as adding "dns = dnsmasq" to NetworkManager.conf.
-Patrick
Ping?
-Patrick
On 2018/6/22 15:10, Patrick Hemmer wrote:
> When using core.msleep in lua, the %Tw metric is a negative value.
>
> For example with the following config:
> haproxy.cfg:
> global
> lua-load /tmp/haproxy.lua
>
> frontend f1
ommit before current master: d8fd2af
-Patrick
cessing.
So when a
thread exits, it seems normal to remove it from all_threads_mask.
No direct impact could be identified with this right now but it would
be better to backport it to 1.8 as a preventive measure to avoid complex
situations like the one in previous bug.
-Patrick
on.txt would be helpful too.
Thx for the note. I’ve updated the patch.
- Patrick
@@
+/*
+ * Crypto converters
+ *
+ * Copyright 2018 Patrick Gansterer
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option
+= src/crypto.o src/ssl_sock.o
endif
# The private cache option affect the way the shctx is built
diff --git a/src/crypto.c b/src/crypto.c
new file mode 100644
index ..dcb343dc
--- /dev/null
+++ b/src/crypto.c
@@ -0,0 +1,84 @@
+/*
+ * Crypto converters
+ *
+ * Copyright 2018 Patrick
On 2018/6/15 09:06, Frederic Lecaille wrote:
> On 06/15/2018 02:28 PM, Frederic Lecaille wrote:
>> On 06/15/2018 02:15 PM, Frederic Lecaille wrote:
>>> On 06/14/2018 11:05 PM, Patrick Hemmer wrote:
>>>> Haproxy segfaults if you pass the wrong argument typ
in(argc=3,
argv=0x7fff5fbff590) at haproxy.c:3082
frame #17: 0x7fffc9db9235 libdyld.dylib`start + 1
Issue goes away if you change the lua txn.sc:ipmask() line to:
txn.sc:ipmask(txn.f:src(), '24', '112')
Reproduced with current master (9db0fed) and lua version 5.3.4.
-Patrick
rate responses (LUA already has
http/1.1 response capabilities, but I have no idea if they work with H2
requests), and then the ability to trigger a request to a server, and
have that sent back to the client as a server-push message.
-Patrick
On 2018/5/31 00:57, Willy Tarreau wrote:
> Hi Patrick,
>
> On Thu, May 31, 2018 at 12:16:27AM -0400, Patrick Hemmer wrote:
>>> I looked at the code to see if something could cause that. I found that the
>>> key increment could be a reason (you must restart from the nex
1 - 100 of 262 matches
Mail list logo
