kozorizki/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
65ed143841
haproxy/src/proto_tcp.c

821 lines
25 KiB
C
Raw Normal View History

[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
/*
* AF_INET/AF_INET6 SOCK_STREAM protocol layer (tcp)
*
MEDIUM: samples: move payload-based fetches and ACLs to their own file The file acl.c is a real mess, it both contains functions to parse and process ACLs, and some sample extraction functions which act on buffers. Some other payload analysers were arbitrarily dispatched to proto_tcp.c. So now we're moving all payload-based fetches and ACLs to payload.c which is capable of extracting data from buffers and rely on everything that is protocol-independant. That way we can safely inflate this file and only use the other ones when some fetches are really specific (eg: HTTP, SSL, ...). As a result of this cleanup, the following new sample fetches became available even if they're not really useful : always_false, always_true, rep_ssl_hello_type, rdp_cookie_cnt, req_len, req_ssl_hello_type, req_ssl_sni, req_ssl_ver, wait_end The function 'acl_fetch_nothing' was wrong and never used anywhere so it was removed. The "rdp_cookie" sample fetch used to have a mandatory argument while it was optional in ACLs, which are supposed to iterate over RDP cookies. So we're making it optional as a fetch too, and it will return the first one.
2013-01-08 00:59:07 +04:00
* Copyright 2000-2013 Willy Tarreau <w@1wt.eu>
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
*/
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/types.h>
[BUILD] compilation of haproxy-1.4-dev2 on FreeBSD Please consider the following patches. They are required to compile haproxy-1.4-dev2 on FreeBSD. Summary: 1) include <sys/types.h> before <netinet/tcp.h> 2) Use IPPROTO_TCP instead of SOL_TCP (they are both defined as 6, TCP protocol number)
2009-08-24 15:11:06 +04:00
#include <netinet/tcp.h>
MEDIUM: tcp: add new tcp action "silent-drop" This stops the evaluation of the rules and makes the client-facing connection suddenly disappear using a system-dependant way that tries to prevent the client from being notified. The effect it then that the client still sees an established connection while there's none on HAProxy. The purpose is to achieve a comparable effect to "tarpit" except that it doesn't use any local resource at all on the machine running HAProxy. It can resist much higher loads than "tarpit", and slow down stronger attackers. It is important to undestand the impact of using this mechanism. All stateful equipments placed between the client and HAProxy (firewalls, proxies, load balancers) will also keep the established connection for a long time and may suffer from this action. On modern Linux systems running with enough privileges, the TCP_REPAIR socket option is used to block the emission of a TCP reset. On other systems, the socket's TTL is reduced to 1 so that the TCP reset doesn't pass the first router, though it's still delivered to local networks.
2015-08-24 02:43:45 +03:00
#include <netinet/in.h>
[BUILD] compilation of haproxy-1.4-dev2 on FreeBSD Please consider the following patches. They are required to compile haproxy-1.4-dev2 on FreeBSD. Summary: 1) include <sys/types.h> before <netinet/tcp.h> 2) Use IPPROTO_TCP instead of SOL_TCP (they are both defined as 6, TCP protocol number)
2009-08-24 15:11:06 +04:00
REORG: include: update all files to use haproxy/api.h or api-t.h if needed All files that were including one of the following include files have been updated to only include haproxy/api.h or haproxy/api-t.h once instead: - common/config.h - common/compat.h - common/compiler.h - common/defaults.h - common/initcall.h - common/tools.h The choice is simple: if the file only requires type definitions, it includes api-t.h, otherwise it includes the full api.h. In addition, in these files, explicit includes for inttypes.h and limits.h were dropped since these are now covered by api.h and api-t.h. No other change was performed, given that this patch is large and affects 201 files. At least one (tools.h) was already freestanding and didn't get the new one added.
2020-05-27 13:58:42 +03:00
#include <haproxy/api.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 10:07:15 +03:00
#include <haproxy/arg.h>
REORG: include: move connection.h to haproxy/connection{,-t}.h The type file is becoming a mess, half of it is for the proxy protocol, another good part describes conn_streams and mux ops, it would deserve being split again. At least it was reordered so that elements are easier to find, with the PP-stuff left at the end. The MAX_SEND_FD macro was moved to compat.h as it's said to be the value for Linux.
2020-06-04 19:02:10 +03:00
#include <haproxy/connection.h>
REORG: include: move base64.h, errors.h and hash.h from common to to haproxy/ These ones do not depend on any other file. One used to include haproxy/api.h but that was solely for stddef.h.
2020-05-27 17:10:29 +03:00
#include <haproxy/errors.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 10:07:15 +03:00
#include <haproxy/fd.h>
REORG: include: split global.h into haproxy/global{,-t}.h global.h was one of the messiest files, it has accumulated tons of implicit dependencies and declares many globals that make almost all other file include it. It managed to silence a dependency loop between server.h and proxy.h by being well placed to pre-define the required structs, forcing struct proxy and struct server to be forward-declared in a significant number of files. It was split in to, one which is the global struct definition and the few macros and flags, and the rest containing the functions prototypes. The UNIX_MAX_PATH definition was moved to compat.h.
2020-06-04 18:05:57 +03:00
#include <haproxy/global.h>
REORG: include: split mini-clist into haproxy/list and list-t.h Half of the users of this include only need the type definitions and not the manipulation macros nor the inline functions. Moves the various types into mini-clist-t.h makes the files cleaner. The other one had all its includes grouped at the top. A few files continued to reference it without using it and were cleaned. In addition it was about time that we'd rename that file, it's not "mini" anymore and contains a bit more than just circular lists.
2020-05-27 19:01:47 +03:00
#include <haproxy/list.h>
REORG: include: move listener.h to haproxy/listener{,-t}.h stdlib and list were missing from listener.h, otherwise it was OK.
2020-06-04 15:58:24 +03:00
#include <haproxy/listener.h>
REORG: include: move log.h to haproxy/log{,-t}.h The current state of the logging is a real mess. The main problem is that almost all files include log.h just in order to have access to the alert/warning functions like ha_alert() etc, and don't care about logs. But log.h also deals with real logging as well as log-format and depends on stream.h and various other things. As such it forces a few heavy files like stream.h to be loaded early and to hide missing dependencies depending where it's loaded. Among the missing ones is syslog.h which was often automatically included resulting in no less than 3 users missing it. Among 76 users, only 5 could be removed, and probably 70 don't need the full set of dependencies. A good approach would consist in splitting that file in 3 parts: - one for error output ("errors" ?). - one for log_format processing - and one for actual logging.
2020-06-04 23:01:04 +03:00
#include <haproxy/log.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 10:07:15 +03:00
#include <haproxy/namespace.h>
#include <haproxy/port_range.h>
#include <haproxy/proto_tcp.h>
#include <haproxy/protocol.h>
REORG: include: move proxy.h to haproxy/proxy{,-t}.h This one is particularly difficult to split because it provides all the functions used to manipulate a proxy state and to retrieve names or IDs for error reporting, and as such, it was included in 73 files (down to 68 after cleanup). It would deserve a small cleanup though the cut points are not obvious at the moment given the number of structs involved in the struct proxy itself.
2020-06-04 23:29:18 +03:00
#include <haproxy/proxy-t.h>
REORG: sock: start to move some generic socket code to sock.c The new file sock.c will contain generic code for standard sockets relying on file descriptors. We currently have way too much duplication between proto_uxst, proto_tcp, proto_sockpair and proto_udp. For now only get_src, get_dst and sock_create_server_socket were moved, and are used where appropriate.
2020-08-28 13:07:22 +03:00
#include <haproxy/sock.h>
MINOR: tcp/udp/unix: make use of proto->addrcmp() to compare addresses The new addrcmp() protocol member points to the function to be used to compare two addresses of the same family. When picking an FD from a previous process, we can now use the address specific address comparison functions instead of having to rely on a local implementation. This will help move that code to a more central place.
2020-08-28 16:30:11 +03:00
#include <haproxy/sock_inet.h>
REORG: tools: split common/standard.h into haproxy/tools{,-t}.h And also rename standard.c to tools.c. The original split between tools.h and standard.h dates from version 1.3-dev and was mostly an accident. This patch moves the files back to what they were expected to be, and takes care of not changing anything else. However this time tools.h was split between functions and types, because it contains a small number of commonly used macros and structures (e.g. name_desc) which in turn cause the massive list of includes of tools.h to conflict with the callers. They remain the ugliest files of the whole project and definitely need to be cleaned and split apart. A few types are defined there only for functions provided there, and some parts are even OS-specific and should move somewhere else, such as the symbol resolution code.
2020-06-03 19:09:46 +03:00
#include <haproxy/tools.h>
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
[MEDIUM] Enhance message errors management on binds
2010-10-22 18:06:11 +04:00
static int tcp_bind_listener(struct listener *listener, char *errmsg, int errlen);
MINOR: protocol: replace ->pause(listener) with ->rx_suspend(receiver) The ->pause method is inappropriate since it doesn't exactly "pause" a listener but rather temporarily disables it so that it's not visible at all to let another process take its place. The term "suspend" is more suitable, since the "pause" is actually what we'll need to apply to the FULL and LIMITED states which really need to make a pause in the accept process. And it goes well with the use of the "resume" function that will also need to be made per-protocol. Let's rename the function and make it act on the receiver since it's already what it essentially does, hence the prefix "_rx" to make it more explicit. The protocol struct was a bit reordered because it was becoming a real mess between the parts related to the listeners and those for the receivers.
2020-09-25 18:12:32 +03:00
static int tcp_suspend_receiver(struct receiver *rx);
MINOR: protocol: implement an ->rx_resume() method This one undoes ->rx_suspend(), it tries to restore an operational socket. It was only implemented for TCP since it's the only one we support right now.
2020-09-25 20:40:31 +03:00
static int tcp_resume_receiver(struct receiver *rx);
MINOR: protocol: add a new pair of enable/disable methods for listeners These methods will be used to enable/disable accepting new connections so that listeners do not play with FD directly anymore. Since all the currently supported protocols work on socket for now, these are identical to the rx_enable/rx_disable functions. However they were not defined in sock.c since it's likely that some will quickly start to differ. At the moment they're not used. We have to take care of fd_updt before calling fd_{want,stop}_recv() because it's allocated fairly late in the boot process and some such functions may be called very early (e.g. to stop a disabled frontend's listeners).
2020-09-25 20:27:39 +03:00
static void tcp_enable_listener(struct listener *listener);
static void tcp_disable_listener(struct listener *listener);
MINOR: protocols: register the ->add function and stop calling them directly cfgparse has no business directly calling each individual protocol's 'add' function to create a listener. Now that they're all registered, better perform a protocol lookup on the family and have a standard ->add method for all of them.
2017-09-15 08:55:51 +03:00
static void tcpv4_add_listener(struct listener *listener, int port);
static void tcpv6_add_listener(struct listener *listener, int port);
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
/* Note: must not be declared <const> as its list will be overwritten */
static struct protocol proto_tcpv4 = {
.name = "tcpv4",
MINOR: protocol: add a new proto_fam structure for protocol families We need to specially handle protocol families which regroup common functions used for a given address family. These functions include bind(), addrcmp(), get_src() and get_dst() for now. Some fields are also added about the address family, socket domain (protocol family passed to the socket() syscall), and address length. These protocol families are referenced from the protocols but not yet used.
2020-09-04 09:07:11 +03:00
.fam = &proto_fam_inet4,
MINOR: protocol: add the control layer type in the protocol struct This one will be needed to more accurately select a protocol. It may differ from the socket type for QUIC, which uses dgram at the socket layer and provides stream at the control layer. The upper level requests a control layer only so we need this field.
2020-09-16 18:50:45 +03:00
.ctrl_type = SOCK_STREAM,
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
.sock_domain = AF_INET,
.sock_type = SOCK_STREAM,
.sock_prot = IPPROTO_TCP,
MINOR: protocol: replace ->pause(listener) with ->rx_suspend(receiver) The ->pause method is inappropriate since it doesn't exactly "pause" a listener but rather temporarily disables it so that it's not visible at all to let another process take its place. The term "suspend" is more suitable, since the "pause" is actually what we'll need to apply to the FULL and LIMITED states which really need to make a pause in the accept process. And it goes well with the use of the "resume" function that will also need to be made per-protocol. Let's rename the function and make it act on the receiver since it's already what it essentially does, hence the prefix "_rx" to make it more explicit. The protocol struct was a bit reordered because it was becoming a real mess between the parts related to the listeners and those for the receivers.
2020-09-25 18:12:32 +03:00
.add = tcpv4_add_listener,
.listen = tcp_bind_listener,
MINOR: protocol: add a new pair of enable/disable methods for listeners These methods will be used to enable/disable accepting new connections so that listeners do not play with FD directly anymore. Since all the currently supported protocols work on socket for now, these are identical to the rx_enable/rx_disable functions. However they were not defined in sock.c since it's likely that some will quickly start to differ. At the moment they're not used. We have to take care of fd_updt before calling fd_{want,stop}_recv() because it's allocated fairly late in the boot process and some such functions may be called very early (e.g. to stop a disabled frontend's listeners).
2020-09-25 20:27:39 +03:00
.enable = tcp_enable_listener,
.disable = tcp_disable_listener,
MINOR: listeners: split do_unbind_listener() in two The inner part now goes into the protocol and is used to decide how to unbind a given protocol's listener. The existing code which is able to also unbind the receiver was provided as a default function that we currently use everywhere. Some complex listeners like QUIC will use this to decide how to unbind without impacting existing connections, possibly by setting up other incoming paths for the traffic.
2020-10-09 18:18:29 +03:00
.unbind = default_unbind_listener,
MEDIUM: listeners: implement protocol level ->suspend/resume() calls Now we have ->suspend() and ->resume() for listeners at the protocol level. This means that it now becomes possible for a protocol to redefine its own way to suspend and resume. The default functions are provided for TCP, UDP and unix, and they are pass-through to the receiver equivalent as it used to be till now. Nothing was defined for sockpair since it does not need to suspend/resume during reloads, hence it will succeed.
2020-10-09 18:02:21 +03:00
.suspend = default_suspend_listener,
.resume = default_resume_listener,
MINOR: protocol: add a new pair of rx_enable/rx_disable methods These methods will be used to enable/disable rx at the receiver level so that callers don't play with FDs directly anymore. All our protocols use the generic ones from sock.c at the moment. For now they're not used.
2020-09-25 20:09:53 +03:00
.rx_enable = sock_enable,
.rx_disable = sock_disable,
MEDIUM: receivers: add an rx_unbind() method in the protocols This is used as a generic way to unbind a receiver at the end of do_unbind_listener(). This allows to considerably simplify that function since we can now let the protocol perform the cleanup. The generic code was moved to sock.c, along with the conditional rx_disable() call. Now the code also supports that the ->disable() function of the protocol which acts on the listener performs the close itself and adjusts the RX_F_BUOND flag accordingly.
2020-10-09 17:32:08 +03:00
.rx_unbind = sock_unbind,
MINOR: protocol: replace ->pause(listener) with ->rx_suspend(receiver) The ->pause method is inappropriate since it doesn't exactly "pause" a listener but rather temporarily disables it so that it's not visible at all to let another process take its place. The term "suspend" is more suitable, since the "pause" is actually what we'll need to apply to the FULL and LIMITED states which really need to make a pause in the accept process. And it goes well with the use of the "resume" function that will also need to be made per-protocol. Let's rename the function and make it act on the receiver since it's already what it essentially does, hence the prefix "_rx" to make it more explicit. The protocol struct was a bit reordered because it was becoming a real mess between the parts related to the listeners and those for the receivers.
2020-09-25 18:12:32 +03:00
.rx_suspend = tcp_suspend_receiver,
MINOR: protocol: implement an ->rx_resume() method This one undoes ->rx_suspend(), it tries to restore an operational socket. It was only implemented for TCP since it's the only one we support right now.
2020-09-25 20:40:31 +03:00
.rx_resume = tcp_resume_receiver,
MINOR: protocol: make proto_tcp & proto_uxst report listening sockets Now we introdce a new .rx_listening() function to report if a receiver is actually a listening socket. The reason for this is to help detect shared sockets that might have been broken by sibling processes.
2020-10-13 18:26:00 +03:00
.rx_listening = sock_accept_conn,
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 23:22:09 +04:00
.accept = &listener_accept,
REORG/MEDIUM: replace stream interface protocol functions by a proto pointer The stream interface now makes use of the socket protocol pointer instead of the direct functions.
2012-05-07 20:12:14 +04:00
.connect = tcp_connect_server,
MINOR: protocol: rename the ->listeners field to ->receivers Since the listeners were split into receiver+listener, this field ought to have been renamed because it's confusing. It really links receivers and not listeners, as most of the time it's used via rx.proto_list! The nb_listeners field was updated accordingly.
2020-09-25 18:01:43 +03:00
.receivers = LIST_HEAD_INIT(proto_tcpv4.receivers),
.nb_receivers = 0,
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 21:14:37 +03:00
INITCALL1(STG_REGISTER, protocol_register, &proto_tcpv4);
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
/* Note: must not be declared <const> as its list will be overwritten */
static struct protocol proto_tcpv6 = {
.name = "tcpv6",
MINOR: protocol: add a new proto_fam structure for protocol families We need to specially handle protocol families which regroup common functions used for a given address family. These functions include bind(), addrcmp(), get_src() and get_dst() for now. Some fields are also added about the address family, socket domain (protocol family passed to the socket() syscall), and address length. These protocol families are referenced from the protocols but not yet used.
2020-09-04 09:07:11 +03:00
.fam = &proto_fam_inet6,
MINOR: protocol: add the control layer type in the protocol struct This one will be needed to more accurately select a protocol. It may differ from the socket type for QUIC, which uses dgram at the socket layer and provides stream at the control layer. The upper level requests a control layer only so we need this field.
2020-09-16 18:50:45 +03:00
.ctrl_type = SOCK_STREAM,
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
.sock_domain = AF_INET6,
.sock_type = SOCK_STREAM,
.sock_prot = IPPROTO_TCP,
MINOR: protocol: replace ->pause(listener) with ->rx_suspend(receiver) The ->pause method is inappropriate since it doesn't exactly "pause" a listener but rather temporarily disables it so that it's not visible at all to let another process take its place. The term "suspend" is more suitable, since the "pause" is actually what we'll need to apply to the FULL and LIMITED states which really need to make a pause in the accept process. And it goes well with the use of the "resume" function that will also need to be made per-protocol. Let's rename the function and make it act on the receiver since it's already what it essentially does, hence the prefix "_rx" to make it more explicit. The protocol struct was a bit reordered because it was becoming a real mess between the parts related to the listeners and those for the receivers.
2020-09-25 18:12:32 +03:00
.add = tcpv6_add_listener,
.listen = tcp_bind_listener,
MINOR: protocol: add a new pair of enable/disable methods for listeners These methods will be used to enable/disable accepting new connections so that listeners do not play with FD directly anymore. Since all the currently supported protocols work on socket for now, these are identical to the rx_enable/rx_disable functions. However they were not defined in sock.c since it's likely that some will quickly start to differ. At the moment they're not used. We have to take care of fd_updt before calling fd_{want,stop}_recv() because it's allocated fairly late in the boot process and some such functions may be called very early (e.g. to stop a disabled frontend's listeners).
2020-09-25 20:27:39 +03:00
.enable = tcp_enable_listener,
.disable = tcp_disable_listener,
MINOR: listeners: split do_unbind_listener() in two The inner part now goes into the protocol and is used to decide how to unbind a given protocol's listener. The existing code which is able to also unbind the receiver was provided as a default function that we currently use everywhere. Some complex listeners like QUIC will use this to decide how to unbind without impacting existing connections, possibly by setting up other incoming paths for the traffic.
2020-10-09 18:18:29 +03:00
.unbind = default_unbind_listener,
MEDIUM: listeners: implement protocol level ->suspend/resume() calls Now we have ->suspend() and ->resume() for listeners at the protocol level. This means that it now becomes possible for a protocol to redefine its own way to suspend and resume. The default functions are provided for TCP, UDP and unix, and they are pass-through to the receiver equivalent as it used to be till now. Nothing was defined for sockpair since it does not need to suspend/resume during reloads, hence it will succeed.
2020-10-09 18:02:21 +03:00
.suspend = default_suspend_listener,
.resume = default_resume_listener,
MINOR: protocol: add a new pair of rx_enable/rx_disable methods These methods will be used to enable/disable rx at the receiver level so that callers don't play with FDs directly anymore. All our protocols use the generic ones from sock.c at the moment. For now they're not used.
2020-09-25 20:09:53 +03:00
.rx_enable = sock_enable,
.rx_disable = sock_disable,
MEDIUM: receivers: add an rx_unbind() method in the protocols This is used as a generic way to unbind a receiver at the end of do_unbind_listener(). This allows to considerably simplify that function since we can now let the protocol perform the cleanup. The generic code was moved to sock.c, along with the conditional rx_disable() call. Now the code also supports that the ->disable() function of the protocol which acts on the listener performs the close itself and adjusts the RX_F_BUOND flag accordingly.
2020-10-09 17:32:08 +03:00
.rx_unbind = sock_unbind,
MINOR: protocol: replace ->pause(listener) with ->rx_suspend(receiver) The ->pause method is inappropriate since it doesn't exactly "pause" a listener but rather temporarily disables it so that it's not visible at all to let another process take its place. The term "suspend" is more suitable, since the "pause" is actually what we'll need to apply to the FULL and LIMITED states which really need to make a pause in the accept process. And it goes well with the use of the "resume" function that will also need to be made per-protocol. Let's rename the function and make it act on the receiver since it's already what it essentially does, hence the prefix "_rx" to make it more explicit. The protocol struct was a bit reordered because it was becoming a real mess between the parts related to the listeners and those for the receivers.
2020-09-25 18:12:32 +03:00
.rx_suspend = tcp_suspend_receiver,
MINOR: protocol: implement an ->rx_resume() method This one undoes ->rx_suspend(), it tries to restore an operational socket. It was only implemented for TCP since it's the only one we support right now.
2020-09-25 20:40:31 +03:00
.rx_resume = tcp_resume_receiver,
MINOR: protocol: make proto_tcp & proto_uxst report listening sockets Now we introdce a new .rx_listening() function to report if a receiver is actually a listening socket. The reason for this is to help detect shared sockets that might have been broken by sibling processes.
2020-10-13 18:26:00 +03:00
.rx_listening = sock_accept_conn,
REORG/MEDIUM: move the default accept function from sockstream to protocols.c The previous sockstream_accept() function uses nothing from sockstream, and is totally irrelevant to stream interfaces. Move this to the protocols.c file which handles listeners and protocols, and call it listener_accept(). It now makes much more sense that the code dealing with listen() also handles accept() and passes it to upper layers.
2012-05-07 23:22:09 +04:00
.accept = &listener_accept,
REORG/MEDIUM: replace stream interface protocol functions by a proto pointer The stream interface now makes use of the socket protocol pointer instead of the direct functions.
2012-05-07 20:12:14 +04:00
.connect = tcp_connect_server,
MINOR: protocol: rename the ->listeners field to ->receivers Since the listeners were split into receiver+listener, this field ought to have been renamed because it's confusing. It really links receivers and not listeners, as most of the time it's used via rx.proto_list! The nb_listeners field was updated accordingly.
2020-09-25 18:01:43 +03:00
.receivers = LIST_HEAD_INIT(proto_tcpv6.receivers),
.nb_receivers = 0,
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 21:14:37 +03:00
INITCALL1(STG_REGISTER, protocol_register, &proto_tcpv6);
[MEDIUM] add internal support for IPv6 server addresses This patch turns internal server addresses to sockaddr_storage to store IPv6 addresses, and makes the connect() function use it. This code already works but some caveats with getaddrinfo/gethostbyname still need to be sorted out while the changes had to be merged at this stage of internal architecture changes. So for now the config parser will not emit an IPv6 address yet so that user experience remains unchanged. This change should have absolutely zero user-visible effect, otherwise it's a bug introduced during the merge, that should be reported ASAP.
2011-03-11 00:26:24 +03:00
/* Binds ipv4/ipv6 address <local> to socket <fd>, unless <flags> is set, in which
[MEDIUM] fix server health checks source address selection The source address selection for health checks did not consider the new transparent proxy method. Rely on the same unified function as the other connect() calls. This patch also fixes a bug by which the proxy's source address was ignored if cttproxy was used.
2008-01-13 20:40:14 +03:00
* case we try to bind <remote>. <flags> is a 2-bit field consisting of :
* - 0 : ignore remote address (may even be a NULL pointer)
* - 1 : use provided address
* - 2 : use provided port
* - 3 : use both
*
* The function supports multiple foreign binding methods :
* - linux_tproxy: we directly bind to the foreign address
* The second one can be used as a fallback for the first one.
* This function returns 0 when everything's OK, 1 if it could not bind, to the
* local address, 2 if it could not bind to the foreign address.
*/
[MEDIUM] add internal support for IPv6 server addresses This patch turns internal server addresses to sockaddr_storage to store IPv6 addresses, and makes the connect() function use it. This code already works but some caveats with getaddrinfo/gethostbyname still need to be sorted out while the changes had to be merged at this stage of internal architecture changes. So for now the config parser will not emit an IPv6 address yet so that user experience remains unchanged. This change should have absolutely zero user-visible effect, otherwise it's a bug introduced during the merge, that should be reported ASAP.
2011-03-11 00:26:24 +03:00
int tcp_bind_socket(int fd, int flags, struct sockaddr_storage *local, struct sockaddr_storage *remote)
[MEDIUM] fix server health checks source address selection The source address selection for health checks did not consider the new transparent proxy method. Rely on the same unified function as the other connect() calls. This patch also fixes a bug by which the proxy's source address was ignored if cttproxy was used.
2008-01-13 20:40:14 +03:00
{
[MEDIUM] add internal support for IPv6 server addresses This patch turns internal server addresses to sockaddr_storage to store IPv6 addresses, and makes the connect() function use it. This code already works but some caveats with getaddrinfo/gethostbyname still need to be sorted out while the changes had to be merged at this stage of internal architecture changes. So for now the config parser will not emit an IPv6 address yet so that user experience remains unchanged. This change should have absolutely zero user-visible effect, otherwise it's a bug introduced during the merge, that should be reported ASAP.
2011-03-11 00:26:24 +03:00
struct sockaddr_storage bind_addr;
[MEDIUM] fix server health checks source address selection The source address selection for health checks did not consider the new transparent proxy method. Rely on the same unified function as the other connect() calls. This patch also fixes a bug by which the proxy's source address was ignored if cttproxy was used.
2008-01-13 20:40:14 +03:00
int foreign_ok = 0;
int ret;
BUG/MINOR: threads: Add missing THREAD_LOCAL on static here and there
2017-10-29 22:14:08 +03:00
static THREAD_LOCAL int ip_transp_working = 1;
static THREAD_LOCAL int ip6_transp_working = 1;
REORG: tproxy: prepare the transparent proxy defines for accepting other OSes This patch does not change the logic of the code, it only changes the way OS-specific defines are tested. At the moment the transparent proxy code heavily depends on Linux-specific defines. This first patch introduces a new define "CONFIG_HAP_TRANSPARENT" which is set every time the defines used by transparent proxy are present. This also means that with an up-to-date libc, it should not be necessary anymore to force CONFIG_HAP_LINUX_TPROXY during the build, as the flags will automatically be detected. The CTTPROXY flags still remain separate because this older API doesn't work the same way. A new line has been added in the version output for haproxy -vv to indicate what transparent proxy support is available.
2013-05-09 00:49:23 +04:00
MINOR: IPv6 support for transparent proxy Set socket option IPV6_TRANSPARENT on binding to enable transparent proxy on IPv6. This option is available from Linux 2.6.37.
2012-07-13 16:34:59 +04:00
switch (local->ss_family) {
case AF_INET:
if (flags && ip_transp_working) {
REORG: tproxy: prepare the transparent proxy defines for accepting other OSes This patch does not change the logic of the code, it only changes the way OS-specific defines are tested. At the moment the transparent proxy code heavily depends on Linux-specific defines. This first patch introduces a new define "CONFIG_HAP_TRANSPARENT" which is set every time the defines used by transparent proxy are present. This also means that with an up-to-date libc, it should not be necessary anymore to force CONFIG_HAP_LINUX_TPROXY during the build, as the flags will automatically be detected. The CTTPROXY flags still remain separate because this older API doesn't work the same way. A new line has been added in the version output for haproxy -vv to indicate what transparent proxy support is available.
2013-05-09 00:49:23 +04:00
/* This deserves some explanation. Some platforms will support
* multiple combinations of certain methods, so we try the
* supported ones until one succeeds.
*/
MINOR: sock_inet: move the IPv4/v6 transparent mode code to sock_inet This code was highly redundant, existing for TCP clients, TCP servers and UDP servers. Let's move it to sock_inet where it belongs. The new functions are sock_inet4_make_foreign() and sock_inet6_make_foreign().
2020-08-28 18:23:40 +03:00
if (sock_inet4_make_foreign(fd))
MINOR: IPv6 support for transparent proxy Set socket option IPV6_TRANSPARENT on binding to enable transparent proxy on IPv6. This option is available from Linux 2.6.37.
2012-07-13 16:34:59 +04:00
foreign_ok = 1;
else
ip_transp_working = 0;
}
break;
case AF_INET6:
if (flags && ip6_transp_working) {
MINOR: sock_inet: move the IPv4/v6 transparent mode code to sock_inet This code was highly redundant, existing for TCP clients, TCP servers and UDP servers. Let's move it to sock_inet where it belongs. The new functions are sock_inet4_make_foreign() and sock_inet6_make_foreign().
2020-08-28 18:23:40 +03:00
if (sock_inet6_make_foreign(fd))
MINOR: IPv6 support for transparent proxy Set socket option IPV6_TRANSPARENT on binding to enable transparent proxy on IPv6. This option is available from Linux 2.6.37.
2012-07-13 16:34:59 +04:00
foreign_ok = 1;
else
ip6_transp_working = 0;
}
break;
[MEDIUM] fix server health checks source address selection The source address selection for health checks did not consider the new transparent proxy method. Rely on the same unified function as the other connect() calls. This patch also fixes a bug by which the proxy's source address was ignored if cttproxy was used.
2008-01-13 20:40:14 +03:00
}
REORG: tproxy: prepare the transparent proxy defines for accepting other OSes This patch does not change the logic of the code, it only changes the way OS-specific defines are tested. At the moment the transparent proxy code heavily depends on Linux-specific defines. This first patch introduces a new define "CONFIG_HAP_TRANSPARENT" which is set every time the defines used by transparent proxy are present. This also means that with an up-to-date libc, it should not be necessary anymore to force CONFIG_HAP_LINUX_TPROXY during the build, as the flags will automatically be detected. The CTTPROXY flags still remain separate because this older API doesn't work the same way. A new line has been added in the version output for haproxy -vv to indicate what transparent proxy support is available.
2013-05-09 00:49:23 +04:00
[MEDIUM] fix server health checks source address selection The source address selection for health checks did not consider the new transparent proxy method. Rely on the same unified function as the other connect() calls. This patch also fixes a bug by which the proxy's source address was ignored if cttproxy was used.
2008-01-13 20:40:14 +03:00
if (flags) {
memset(&bind_addr, 0, sizeof(bind_addr));
[BUG] proto_tcp: fix address binding on remote source Mark Brooks reported that commit 1b4b7c broke tproxy in 1.5-dev6. Nick Chalk tracked the issue down to a missing address family setting in tcp_bind_socket() which resulted in a failure to use get_addr_len(). This issue is 1.5-specific.
2011-04-19 09:20:57 +04:00
bind_addr.ss_family = remote->ss_family;
[MEDIUM] add internal support for IPv6 server addresses This patch turns internal server addresses to sockaddr_storage to store IPv6 addresses, and makes the connect() function use it. This code already works but some caveats with getaddrinfo/gethostbyname still need to be sorted out while the changes had to be merged at this stage of internal architecture changes. So for now the config parser will not emit an IPv6 address yet so that user experience remains unchanged. This change should have absolutely zero user-visible effect, otherwise it's a bug introduced during the merge, that should be reported ASAP.
2011-03-11 00:26:24 +03:00
switch (remote->ss_family) {
case AF_INET:
if (flags & 1)
((struct sockaddr_in *)&bind_addr)->sin_addr = ((struct sockaddr_in *)remote)->sin_addr;
if (flags & 2)
((struct sockaddr_in *)&bind_addr)->sin_port = ((struct sockaddr_in *)remote)->sin_port;
break;
case AF_INET6:
if (flags & 1)
((struct sockaddr_in6 *)&bind_addr)->sin6_addr = ((struct sockaddr_in6 *)remote)->sin6_addr;
if (flags & 2)
((struct sockaddr_in6 *)&bind_addr)->sin6_port = ((struct sockaddr_in6 *)remote)->sin6_port;
break;
BUG: proto_tcp: don't try to bind to a foreign address if sin_family is unknown This is 1.5-specific. It causes issues with transparent source binding involving hdr_ip. We must not try to bind() to a foreign address when the family is not set, and we must set the family when an address is set.
2011-12-17 00:25:11 +04:00
default:
/* we don't want to try to bind to an unknown address family */
foreign_ok = 0;
[MEDIUM] add internal support for IPv6 server addresses This patch turns internal server addresses to sockaddr_storage to store IPv6 addresses, and makes the connect() function use it. This code already works but some caveats with getaddrinfo/gethostbyname still need to be sorted out while the changes had to be merged at this stage of internal architecture changes. So for now the config parser will not emit an IPv6 address yet so that user experience remains unchanged. This change should have absolutely zero user-visible effect, otherwise it's a bug introduced during the merge, that should be reported ASAP.
2011-03-11 00:26:24 +03:00
}
[MEDIUM] fix server health checks source address selection The source address selection for health checks did not consider the new transparent proxy method. Rely on the same unified function as the other connect() calls. This patch also fixes a bug by which the proxy's source address was ignored if cttproxy was used.
2008-01-13 20:40:14 +03:00
}
[CLEANUP] Remove unnecessary casts There is no need to cast when going to or from void *
2011-06-24 10:11:37 +04:00
setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
[MEDIUM] fix server health checks source address selection The source address selection for health checks did not consider the new transparent proxy method. Rely on the same unified function as the other connect() calls. This patch also fixes a bug by which the proxy's source address was ignored if cttproxy was used.
2008-01-13 20:40:14 +03:00
if (foreign_ok) {
MINOR: protocols: use is_inet_addr() when only INET addresses are desired We used to have is_addr() in place to validate sometimes the existence of an address, sometimes a valid IPv4 or IPv6 address. Replace them carefully so that is_inet_addr() is used wherever we can only use an IPv4/IPv6 address.
2014-05-10 00:56:10 +04:00
if (is_inet_addr(&bind_addr)) {
BUG/MEDIUM: tcp: transparent bind to the source only when address is set Thomas Heil reported that health checks did not work anymore when a backend or server has "usesrc clientip". This is because the source address is not set and tcp_bind_socket() tries to bind to that address anyway. The solution consists in explicitly clearing the source address in the checks and to make tcp_bind_socket() avoid binding when the address is not set. This also has an indirect benefit that a useless bind() syscall will be avoided when using "source 0.0.0.0 usesrc clientip" in health checks.
2012-10-26 21:57:58 +04:00
ret = bind(fd, (struct sockaddr *)&bind_addr, get_addr_len(&bind_addr));
if (ret < 0)
return 2;
}
[MEDIUM] fix server health checks source address selection The source address selection for health checks did not consider the new transparent proxy method. Rely on the same unified function as the other connect() calls. This patch also fixes a bug by which the proxy's source address was ignored if cttproxy was used.
2008-01-13 20:40:14 +03:00
}
else {
MINOR: protocols: use is_inet_addr() when only INET addresses are desired We used to have is_addr() in place to validate sometimes the existence of an address, sometimes a valid IPv4 or IPv6 address. Replace them carefully so that is_inet_addr() is used wherever we can only use an IPv4/IPv6 address.
2014-05-10 00:56:10 +04:00
if (is_inet_addr(local)) {
BUG/MEDIUM: tcp: transparent bind to the source only when address is set Thomas Heil reported that health checks did not work anymore when a backend or server has "usesrc clientip". This is because the source address is not set and tcp_bind_socket() tries to bind to that address anyway. The solution consists in explicitly clearing the source address in the checks and to make tcp_bind_socket() avoid binding when the address is not set. This also has an indirect benefit that a useless bind() syscall will be avoided when using "source 0.0.0.0 usesrc clientip" in health checks.
2012-10-26 21:57:58 +04:00
ret = bind(fd, (struct sockaddr *)local, get_addr_len(local));
if (ret < 0)
return 1;
}
[MEDIUM] fix server health checks source address selection The source address selection for health checks did not consider the new transparent proxy method. Rely on the same unified function as the other connect() calls. This patch also fixes a bug by which the proxy's source address was ignored if cttproxy was used.
2008-01-13 20:40:14 +03:00
}
if (!flags)
return 0;
if (!foreign_ok)
/* we could not bind to a foreign address */
return 2;
return 0;
}
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
/*
MEDIUM: proto_tcp: remove any dependence on stream_interface The last uses of the stream interfaces were in tcp_connect_server() and could easily and more appropriately be moved to its callers, si_connect() and connect_server(), making a lot more sense. Now the function should theorically be usable for health checks. It also appears more obvious that the file is split into two distinct parts : - the protocol layer used at the connection level - the tcp analysers executing tcp-* rules and their samples/acls.
2012-08-31 00:23:13 +04:00
* This function initiates a TCP connection establishment to the target assigned
MINOR: tcp: replace conn->addr.{from,to} with conn->{src,dst} Most of the locations were already safe, only two places needed to have one extra check to avoid assuming that cli_conn->src is necessarily set (it is in practice but let's stay safe).
2019-07-17 16:41:35 +03:00
* to connection <conn> using (si->{target,dst}). A source address may be
* pointed to by conn->src in case of transparent proxying. Normal source
MEDIUM: proto_tcp: remove any dependence on stream_interface The last uses of the stream interfaces were in tcp_connect_server() and could easily and more appropriately be moved to its callers, si_connect() and connect_server(), making a lot more sense. Now the function should theorically be usable for health checks. It also appears more obvious that the file is split into two distinct parts : - the protocol layer used at the connection level - the tcp analysers executing tcp-* rules and their samples/acls.
2012-08-31 00:23:13 +04:00
* bind addresses are still determined locally (due to the possible need of a
* source port). conn->target may point either to a valid server or to a backend,
MAJOR: connection: replace struct target with a pointer to an enum Instead of storing a couple of (int, ptr) in the struct connection and the struct session, we use a different method : we only store a pointer to an integer which is stored inside the target object and which contains a unique type identifier. That way, the pointer allows us to retrieve the object type (by dereferencing it) and the object's address (by computing the displacement in the target structure). The NULL pointer always corresponds to OBJ_TYPE_NONE. This reduces the size of the connection and session structs. It also simplifies target assignment and compare. In order to improve the generated code, we try to put the obj_type element at the beginning of all the structs (listener, server, proxy, si_applet), so that the original and target pointers are always equal. A lot of code was touched by massive replaces, but the changes are not that important.
2012-11-12 03:42:33 +04:00
* depending on conn->target. Only OBJ_TYPE_PROXY and OBJ_TYPE_SERVER are
MEDIUM: tcp: add explicit support for delayed ACK in connect() Commit 24db47e0 tried to improve support for delayed ACK upon connect but it was incomplete, because checks with the proxy protocol would always enable polling for data receive and there was no way of distinguishing data polling and delayed ack. So we add a distinct delack flag to the connect() function so that the caller decides whether or not to use a delayed ack regardless of pending data (eg: when send-proxy is in use). Doing so covers all combinations of { (check with data), (sendproxy), (smart-connect) }.
2012-11-24 13:24:27 +04:00
* supported. The <data> parameter is a boolean indicating whether there are data
* waiting for being sent or not, in order to adjust data write polling and on
MEDIUM: proto: Change the prototype of the connect() method. The connect() method had 2 arguments, "data", that tells if there's pending data to be sent, and "delack" that tells if we have to use a delayed ack inconditionally, or if the backend is configured with tcp-smart-connect. Turn that into one argument, "flags". That way it'll be easier to provide more informations to connect() without adding extra arguments.
2019-05-06 19:32:29 +03:00
* some platforms, the ability to avoid an empty initial ACK. The <flags> argument
* allows the caller to force using a delayed ACK when establishing the connection
MEDIUM: tcp: add explicit support for delayed ACK in connect() Commit 24db47e0 tried to improve support for delayed ACK upon connect but it was incomplete, because checks with the proxy protocol would always enable polling for data receive and there was no way of distinguishing data polling and delayed ack. So we add a distinct delack flag to the connect() function so that the caller decides whether or not to use a delayed ack regardless of pending data (eg: when send-proxy is in use). Doing so covers all combinations of { (check with data), (sendproxy), (smart-connect) }.
2012-11-24 13:24:27 +04:00
* - 0 = no delayed ACK unless data are advertised and backend has tcp-smart-connect
MEDIUM: proto: Change the prototype of the connect() method. The connect() method had 2 arguments, "data", that tells if there's pending data to be sent, and "delack" that tells if we have to use a delayed ack inconditionally, or if the backend is configured with tcp-smart-connect. Turn that into one argument, "flags". That way it'll be easier to provide more informations to connect() without adding extra arguments.
2019-05-06 19:32:29 +03:00
* - CONNECT_DELACK_SMART_CONNECT = delayed ACK if backend has tcp-smart-connect, regardless of data
* - CONNECT_DELACK_ALWAYS = delayed ACK regardless of backend options
[MEDIUM] backend: move the transparent proxy address selection to backend The transparent proxy address selection was set in the TCP connect function which is not the most appropriate place since this function has limited access to the amount of parameters which could produce a source address. Instead, now we determine the source address in backend.c:connect_server(), right after calling assign_server_address() and we assign this address in the session and pass it to the TCP connect function. This cannot be performed in assign_server_address() itself because in some cases (transparent mode, dispatch mode or http_proxy mode), we assign the address somewhere else. This change will open the ability to bind to addresses extracted from many other criteria (eg: from a header).
2010-03-29 21:36:59 +04:00
*
MINOR: connection: check for send_proxy during the connect(), not the SI It's cleaner to check for a pending send_proxy_ofs while establishing the connection (which already checks it anyway) and not in the stream interface.
2013-10-24 23:45:00 +04:00
* Note that a pending send_proxy message accounts for data.
*
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
* It can return one of :
REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* This is in order to keep things consistent.
2015-04-03 02:14:29 +03:00
* - SF_ERR_NONE if everything's OK
* - SF_ERR_SRVTO if there are no more servers
* - SF_ERR_SRVCL if the connection was refused by the server
* - SF_ERR_PRXCOND if the connection has been limited by the proxy (maxconn)
* - SF_ERR_RESOURCE if a system resource is lacking (eg: fd limits, ports, ...)
* - SF_ERR_INTERNAL for any other purely internal errors
DOC: Spelling fixes [wt: this contains spelling fixes for both doc and code comments, should be backported, ignoring the parts which don't apply]
2016-11-29 04:15:19 +03:00
* Additionally, in the case of SF_ERR_RESOURCE, an emergency log will be emitted.
BUG/MEDIUM: checks: mark the check as stopped after a connect error Health checks currently still use the connection's fd to know whether a check is running (this needs to change). When a health check immediately fails during connect() because of a lack of local resource (eg: port), we failed to unset the fd, so each time the process_chk woken up after such an error, it believed a check was still running and used to close the fd again instead of starting a new check. This could result in other connections being closed because they were assigned the same fd value. The bug is only marked medium because when this happens, the system is already in a bad state. A comment was added above tcp_connect_server() to clarify that the fd is *not* valid on error.
2012-11-23 11:51:32 +04:00
*
REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* This is in order to keep things consistent.
2015-04-03 02:14:29 +03:00
* The connection's fd is inserted only when SF_ERR_NONE is returned, otherwise
BUG/MEDIUM: checks: mark the check as stopped after a connect error Health checks currently still use the connection's fd to know whether a check is running (this needs to change). When a health check immediately fails during connect() because of a lack of local resource (eg: port), we failed to unset the fd, so each time the process_chk woken up after such an error, it believed a check was still running and used to close the fd again instead of starting a new check. This could result in other connections being closed because they were assigned the same fd value. The bug is only marked medium because when this happens, the system is already in a bad state. A comment was added above tcp_connect_server() to clarify that the fd is *not* valid on error.
2012-11-23 11:51:32 +04:00
* it's invalid and the caller has nothing to do.
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
*/
[REORG] tcp: make tcpv4_connect_server() take the target address from the SI The address is now available in the stream interface, no need to pass it by argument.
2011-03-03 20:27:32 +03:00
MEDIUM: proto: Change the prototype of the connect() method. The connect() method had 2 arguments, "data", that tells if there's pending data to be sent, and "delack" that tells if we have to use a delayed ack inconditionally, or if the backend is configured with tcp-smart-connect. Turn that into one argument, "flags". That way it'll be easier to provide more informations to connect() without adding extra arguments.
2019-05-06 19:32:29 +03:00
int tcp_connect_server(struct connection *conn, int flags)
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
{
int fd;
[MEDIUM] stream_interface: store the target pointer and type When doing a connect() on a stream interface, some information is needed from the server and from the backend. In some situations, we don't have a server and only a backend (eg: peers). In other cases, we know we have an applet and we don't want to connect to anything, but we'd still like to have the info about the applet being used. For this, we now store a pointer to the "target" into the stream interface. The target describes what's on the other side before trying to connect. It can be a server, a proxy or an applet for now. Later we'll probably have descriptors for multiple-stage chains so that the final information may still be found. This will help removing many specific cases in the code. It already made it possible to remove the "srv" and "be" parameters to tcpv4_connect_server().
2011-03-05 00:04:29 +03:00
struct server *srv;
struct proxy *be;
CLEANUP: proto_tcp: use the same code to bind servers and backends The tproxy and source binding code has now be factored out for servers and backends. A nice effect is that the code now supports having backends use source port ranges, though the config does not support it yet. This change has reduced the executable by around 700 bytes.
2012-12-09 01:49:11 +04:00
struct conn_src *src;
MEDIUM: tcp: add the "tfo" option to support TCP fastopen on the server This implements support for the new API which relies on a call to setsockopt(). On systems that support it (currently, only Linux >= 4.11), this enables using TCP fast open when connecting to server. Please note that you should use the retry-on "conn-failure", "empty-response" and "response-timeout" keywords, or the request won't be able to be retried on failure. Co-authored-by: Olivier Houchard <ohouchard@haproxy.com>
2017-01-24 01:36:45 +03:00
int use_fastopen = 0;
MEDIUM: connection: Upstream SOCKS4 proxy support Have "socks4" and "check-via-socks4" server keyword added. Implement handshake with SOCKS4 proxy server for tcp stream connection. See issue #82. I have the "SOCKS: A protocol for TCP proxy across firewalls" doc found at "https://www.openssh.com/txt/socks4.protocol". Please reference to it. [wt: for now connecting to the SOCKS4 proxy over unix sockets is not supported, and mixing IPv4/IPv6 is discouraged; indeed, the control layer is unique for a connection and will be used both for connecting and for target address manipulation. As such it may for example report incorrect destination addresses in logs if the proxy is reached over IPv6]
2019-05-22 14:44:48 +03:00
struct sockaddr_storage *addr;
[MEDIUM] stream_interface: store the target pointer and type When doing a connect() on a stream interface, some information is needed from the server and from the backend. In some situations, we don't have a server and only a backend (eg: peers). In other cases, we know we have an applet and we don't want to connect to anything, but we'd still like to have the info about the applet being used. For this, we now store a pointer to the "target" into the stream interface. The target describes what's on the other side before trying to connect. It can be a server, a proxy or an applet for now. Later we'll probably have descriptors for multiple-stage chains so that the final information may still be found. This will help removing many specific cases in the code. It already made it possible to remove the "srv" and "be" parameters to tcpv4_connect_server().
2011-03-05 00:04:29 +03:00
BUG/MEDIUM: connections: Don't reset the conn flags in *connect_server(). In the various connect_server() functions, don't reset the connection flags, as some may have been set before. The flags are initialized in conn_init(), anyway.
2018-11-23 16:23:07 +03:00
conn->flags |= CO_FL_WAIT_L4_CONN; /* connection in progress */
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
MAJOR: connection: replace struct target with a pointer to an enum Instead of storing a couple of (int, ptr) in the struct connection and the struct session, we use a different method : we only store a pointer to an integer which is stored inside the target object and which contains a unique type identifier. That way, the pointer allows us to retrieve the object type (by dereferencing it) and the object's address (by computing the displacement in the target structure). The NULL pointer always corresponds to OBJ_TYPE_NONE. This reduces the size of the connection and session structs. It also simplifies target assignment and compare. In order to improve the generated code, we try to put the obj_type element at the beginning of all the structs (listener, server, proxy, si_applet), so that the original and target pointers are always equal. A lot of code was touched by massive replaces, but the changes are not that important.
2012-11-12 03:42:33 +04:00
switch (obj_type(conn->target)) {
case OBJ_TYPE_PROXY:
be = objt_proxy(conn->target);
[MEDIUM] stream_interface: store the target pointer and type When doing a connect() on a stream interface, some information is needed from the server and from the backend. In some situations, we don't have a server and only a backend (eg: peers). In other cases, we know we have an applet and we don't want to connect to anything, but we'd still like to have the info about the applet being used. For this, we now store a pointer to the "target" into the stream interface. The target describes what's on the other side before trying to connect. It can be a server, a proxy or an applet for now. Later we'll probably have descriptors for multiple-stage chains so that the final information may still be found. This will help removing many specific cases in the code. It already made it possible to remove the "srv" and "be" parameters to tcpv4_connect_server().
2011-03-05 00:04:29 +03:00
srv = NULL;
break;
MAJOR: connection: replace struct target with a pointer to an enum Instead of storing a couple of (int, ptr) in the struct connection and the struct session, we use a different method : we only store a pointer to an integer which is stored inside the target object and which contains a unique type identifier. That way, the pointer allows us to retrieve the object type (by dereferencing it) and the object's address (by computing the displacement in the target structure). The NULL pointer always corresponds to OBJ_TYPE_NONE. This reduces the size of the connection and session structs. It also simplifies target assignment and compare. In order to improve the generated code, we try to put the obj_type element at the beginning of all the structs (listener, server, proxy, si_applet), so that the original and target pointers are always equal. A lot of code was touched by massive replaces, but the changes are not that important.
2012-11-12 03:42:33 +04:00
case OBJ_TYPE_SERVER:
srv = objt_server(conn->target);
[MEDIUM] stream_interface: store the target pointer and type When doing a connect() on a stream interface, some information is needed from the server and from the backend. In some situations, we don't have a server and only a backend (eg: peers). In other cases, we know we have an applet and we don't want to connect to anything, but we'd still like to have the info about the applet being used. For this, we now store a pointer to the "target" into the stream interface. The target describes what's on the other side before trying to connect. It can be a server, a proxy or an applet for now. Later we'll probably have descriptors for multiple-stage chains so that the final information may still be found. This will help removing many specific cases in the code. It already made it possible to remove the "srv" and "be" parameters to tcpv4_connect_server().
2011-03-05 00:04:29 +03:00
be = srv->proxy;
MEDIUM: tcp: add the "tfo" option to support TCP fastopen on the server This implements support for the new API which relies on a call to setsockopt(). On systems that support it (currently, only Linux >= 4.11), this enables using TCP fast open when connecting to server. Please note that you should use the retry-on "conn-failure", "empty-response" and "response-timeout" keywords, or the request won't be able to be retried on failure. Co-authored-by: Olivier Houchard <ohouchard@haproxy.com>
2017-01-24 01:36:45 +03:00
/* Make sure we check that we have data before activating
* TFO, or we could trigger a kernel issue whereby after
* a successful connect() == 0, any subsequent connect()
* will return EINPROGRESS instead of EISCONN.
*/
use_fastopen = (srv->flags & SRV_F_FASTOPEN) &&
((flags & (CONNECT_CAN_USE_TFO | CONNECT_HAS_DATA)) ==
(CONNECT_CAN_USE_TFO | CONNECT_HAS_DATA));
[MEDIUM] stream_interface: store the target pointer and type When doing a connect() on a stream interface, some information is needed from the server and from the backend. In some situations, we don't have a server and only a backend (eg: peers). In other cases, we know we have an applet and we don't want to connect to anything, but we'd still like to have the info about the applet being used. For this, we now store a pointer to the "target" into the stream interface. The target describes what's on the other side before trying to connect. It can be a server, a proxy or an applet for now. Later we'll probably have descriptors for multiple-stage chains so that the final information may still be found. This will help removing many specific cases in the code. It already made it possible to remove the "srv" and "be" parameters to tcpv4_connect_server().
2011-03-05 00:04:29 +03:00
break;
default:
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
conn->flags |= CO_FL_ERROR;
REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* This is in order to keep things consistent.
2015-04-03 02:14:29 +03:00
return SF_ERR_INTERNAL;
[MEDIUM] stream_interface: store the target pointer and type When doing a connect() on a stream interface, some information is needed from the server and from the backend. In some situations, we don't have a server and only a backend (eg: peers). In other cases, we know we have an applet and we don't want to connect to anything, but we'd still like to have the info about the applet being used. For this, we now store a pointer to the "target" into the stream interface. The target describes what's on the other side before trying to connect. It can be a server, a proxy or an applet for now. Later we'll probably have descriptors for multiple-stage chains so that the final information may still be found. This will help removing many specific cases in the code. It already made it possible to remove the "srv" and "be" parameters to tcpv4_connect_server().
2011-03-05 00:04:29 +03:00
}
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
MINOR: tcp: replace conn->addr.{from,to} with conn->{src,dst} Most of the locations were already safe, only two places needed to have one extra check to avoid assuming that cli_conn->src is necessarily set (it is in practice but let's stay safe).
2019-07-17 16:41:35 +03:00
if (!conn->dst) {
conn->flags |= CO_FL_ERROR;
return SF_ERR_INTERNAL;
}
REORG: sock: start to move some generic socket code to sock.c The new file sock.c will contain generic code for standard sockets relying on file descriptors. We currently have way too much duplication between proto_uxst, proto_tcp, proto_sockpair and proto_udp. For now only get_src, get_dst and sock_create_server_socket were moved, and are used where appropriate.
2020-08-28 13:07:22 +03:00
fd = conn->handle.fd = sock_create_server_socket(conn);
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 17:11:45 +03:00
if (fd == -1) {
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
qfprintf(stderr, "Cannot get a server socket.\n");
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
if (errno == ENFILE) {
conn->err_code = CO_ER_SYS_FDLIM;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
send_log(be, LOG_EMERG,
MINOR: fd: don't report maxfd in alert messages The listeners and connectors may complain that process-wide or system-wide FD limits have been reached and will in this case report maxfd as the limit. This is wrong in fact since there's no reason for the whole FD space to be contiguous when the total # of FD is reached. A better approach would consist in reporting the accurate number of opened FDs, but this is pointless as what matters here is to give a hint about what might be wrong. So let's simply report the configured maxsock, which will generally explain why the process' limits were reached, which is the most common reason. This removes another dependency on maxfd.
2018-01-29 17:06:04 +03:00
"Proxy %s reached system FD limit (maxsock=%d). Please check system tunables.\n",
be->id, global.maxsock);
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
}
else if (errno == EMFILE) {
conn->err_code = CO_ER_PROC_FDLIM;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
send_log(be, LOG_EMERG,
MINOR: fd: don't report maxfd in alert messages The listeners and connectors may complain that process-wide or system-wide FD limits have been reached and will in this case report maxfd as the limit. This is wrong in fact since there's no reason for the whole FD space to be contiguous when the total # of FD is reached. A better approach would consist in reporting the accurate number of opened FDs, but this is pointless as what matters here is to give a hint about what might be wrong. So let's simply report the configured maxsock, which will generally explain why the process' limits were reached, which is the most common reason. This removes another dependency on maxfd.
2018-01-29 17:06:04 +03:00
"Proxy %s reached process FD limit (maxsock=%d). Please check 'ulimit-n' and restart.\n",
be->id, global.maxsock);
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
}
else if (errno == ENOBUFS || errno == ENOMEM) {
conn->err_code = CO_ER_SYS_MEMLIM;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
send_log(be, LOG_EMERG,
MINOR: fd: don't report maxfd in alert messages The listeners and connectors may complain that process-wide or system-wide FD limits have been reached and will in this case report maxfd as the limit. This is wrong in fact since there's no reason for the whole FD space to be contiguous when the total # of FD is reached. A better approach would consist in reporting the accurate number of opened FDs, but this is pointless as what matters here is to give a hint about what might be wrong. So let's simply report the configured maxsock, which will generally explain why the process' limits were reached, which is the most common reason. This removes another dependency on maxfd.
2018-01-29 17:06:04 +03:00
"Proxy %s reached system memory limit (maxsock=%d). Please check system tunables.\n",
be->id, global.maxsock);
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
}
else if (errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) {
conn->err_code = CO_ER_NOPROTO;
}
else
conn->err_code = CO_ER_SOCK_ERR;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
/* this is a resource error */
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
conn->flags |= CO_FL_ERROR;
REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* This is in order to keep things consistent.
2015-04-03 02:14:29 +03:00
return SF_ERR_RESOURCE;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
}
if (fd >= global.maxsock) {
/* do not log anything there, it's a normal condition when this option
* is used to serialize connections to a server !
*/
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 18:50:31 +03:00
ha_alert("socket(): not enough free sockets. Raise -n argument. Giving up.\n");
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
close(fd);
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
conn->err_code = CO_ER_CONF_FDLIM;
conn->flags |= CO_FL_ERROR;
REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* This is in order to keep things consistent.
2015-04-03 02:14:29 +03:00
return SF_ERR_PRXCOND; /* it is a configuration limit */
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
}
if ((fcntl(fd, F_SETFL, O_NONBLOCK)==-1) ||
[CLEANUP] Remove unnecessary casts There is no need to cast when going to or from void *
2011-06-24 10:11:37 +04:00
(setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &one, sizeof(one)) == -1)) {
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
qfprintf(stderr,"Cannot set client socket to non blocking mode.\n");
close(fd);
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
conn->err_code = CO_ER_SOCK_ERR;
conn->flags |= CO_FL_ERROR;
REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* This is in order to keep things consistent.
2015-04-03 02:14:29 +03:00
return SF_ERR_INTERNAL;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
}
BUG/MEDIUM: mworker: avoid leak of client socket If the master was reloaded and there was a established connection to a server, the FD resulting from the accept was leaking. There was no CLOEXEC flag set on the FD of the socketpair created during a connect call. This is specific to the socketpair in the master process but it should be applied to every protocol in case we use them in the master at some point. No backport needed.
2018-11-27 14:02:37 +03:00
if (master == 1 && (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1)) {
ha_alert("Cannot set CLOEXEC on client socket.\n");
close(fd);
conn->err_code = CO_ER_SOCK_ERR;
conn->flags |= CO_FL_ERROR;
return SF_ERR_INTERNAL;
}
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-09 05:13:20 +03:00
if (be->options & PR_O_TCP_SRV_KA) {
[CLEANUP] Remove unnecessary casts There is no need to cast when going to or from void *
2011-06-24 10:11:37 +04:00
setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one));
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-09 06:58:51 +03:00
#ifdef TCP_KEEPCNT
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-09 05:13:20 +03:00
if (be->srvtcpka_cnt)
setsockopt(fd, IPPROTO_TCP, TCP_KEEPCNT, &be->srvtcpka_cnt, sizeof(be->srvtcpka_cnt));
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-09 06:58:51 +03:00
#endif
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-09 05:13:20 +03:00
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-09 06:58:51 +03:00
#ifdef TCP_KEEPIDLE
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-09 05:13:20 +03:00
if (be->srvtcpka_idle)
setsockopt(fd, IPPROTO_TCP, TCP_KEEPIDLE, &be->srvtcpka_idle, sizeof(be->srvtcpka_idle));
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-09 06:58:51 +03:00
#endif
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-09 05:13:20 +03:00
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-09 06:58:51 +03:00
#ifdef TCP_KEEPINTVL
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-09 05:13:20 +03:00
if (be->srvtcpka_intvl)
setsockopt(fd, IPPROTO_TCP, TCP_KEEPINTVL, &be->srvtcpka_intvl, sizeof(be->srvtcpka_intvl));
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-09 06:58:51 +03:00
#endif
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-09 05:13:20 +03:00
}
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
/* allow specific binding :
* - server-specific at first
* - proxy-specific next
*/
CLEANUP: proto_tcp: use the same code to bind servers and backends The tproxy and source binding code has now be factored out for servers and backends. A nice effect is that the code now supports having backends use source port ranges, though the config does not support it yet. This change has reduced the executable by around 700 bytes.
2012-12-09 01:49:11 +04:00
if (srv && srv->conn_src.opts & CO_SRC_BIND)
src = &srv->conn_src;
else if (be->conn_src.opts & CO_SRC_BIND)
src = &be->conn_src;
else
src = NULL;
if (src) {
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
int ret, flags = 0;
MINOR: tcp: replace conn->addr.{from,to} with conn->{src,dst} Most of the locations were already safe, only two places needed to have one extra check to avoid assuming that cli_conn->src is necessarily set (it is in practice but let's stay safe).
2019-07-17 16:41:35 +03:00
if (conn->src && is_inet_addr(conn->src)) {
CLEANUP: proto_tcp: use the same code to bind servers and backends The tproxy and source binding code has now be factored out for servers and backends. A nice effect is that the code now supports having backends use source port ranges, though the config does not support it yet. This change has reduced the executable by around 700 bytes.
2012-12-09 01:49:11 +04:00
switch (src->opts & CO_SRC_TPROXY_MASK) {
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-09 01:29:20 +04:00
case CO_SRC_TPROXY_CLI:
MINOR: connection: Add a wrapper to mark a connection as private To set a connection as private, the conn_set_private() function must now be called. It sets the CO_FL_PRIVATE flags, but it also remove the connection from the available connection list, if necessary. For now, it never happens because only HTTP/1 connections may be set as private after their creation. And these connections are never inserted in the available connection list.
2020-07-01 16:26:14 +03:00
conn_set_private(conn);
MINOR: connection: add a new flag CO_FL_PRIVATE This flag is set on an outgoing connection when this connection gets some properties that must not be shared with other connections, such as dynamic transparent source binding, SNI or a proxy protocol header, or an authentication challenge from the server. This will be needed later to implement connection reuse.
2015-08-04 20:24:13 +03:00
/* fall through */
case CO_SRC_TPROXY_ADDR:
BUG/MEDIUM: tcp: transparent bind to the source only when address is set Thomas Heil reported that health checks did not work anymore when a backend or server has "usesrc clientip". This is because the source address is not set and tcp_bind_socket() tries to bind to that address anyway. The solution consists in explicitly clearing the source address in the checks and to make tcp_bind_socket() avoid binding when the address is not set. This also has an indirect benefit that a useless bind() syscall will be avoided when using "source 0.0.0.0 usesrc clientip" in health checks.
2012-10-26 21:57:58 +04:00
flags = 3;
break;
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-09 01:29:20 +04:00
case CO_SRC_TPROXY_CIP:
case CO_SRC_TPROXY_DYN:
MINOR: connection: Add a wrapper to mark a connection as private To set a connection as private, the conn_set_private() function must now be called. It sets the CO_FL_PRIVATE flags, but it also remove the connection from the available connection list, if necessary. For now, it never happens because only HTTP/1 connections may be set as private after their creation. And these connections are never inserted in the available connection list.
2020-07-01 16:26:14 +03:00
conn_set_private(conn);
BUG/MEDIUM: tcp: transparent bind to the source only when address is set Thomas Heil reported that health checks did not work anymore when a backend or server has "usesrc clientip". This is because the source address is not set and tcp_bind_socket() tries to bind to that address anyway. The solution consists in explicitly clearing the source address in the checks and to make tcp_bind_socket() avoid binding when the address is not set. This also has an indirect benefit that a useless bind() syscall will be avoided when using "source 0.0.0.0 usesrc clientip" in health checks.
2012-10-26 21:57:58 +04:00
flags = 1;
break;
}
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
}
[MEDIUM] backend: move the transparent proxy address selection to backend The transparent proxy address selection was set in the TCP connect function which is not the most appropriate place since this function has limited access to the amount of parameters which could produce a source address. Instead, now we determine the source address in backend.c:connect_server(), right after calling assign_server_address() and we assign this address in the session and pass it to the TCP connect function. This cannot be performed in assign_server_address() itself because in some cases (transparent mode, dispatch mode or http_proxy mode), we assign the address somewhere else. This change will open the ability to bind to addresses extracted from many other criteria (eg: from a header).
2010-03-29 21:36:59 +04:00
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
#ifdef SO_BINDTODEVICE
/* Note: this might fail if not CAP_NET_RAW */
CLEANUP: proto_tcp: use the same code to bind servers and backends The tproxy and source binding code has now be factored out for servers and backends. A nice effect is that the code now supports having backends use source port ranges, though the config does not support it yet. This change has reduced the executable by around 700 bytes.
2012-12-09 01:49:11 +04:00
if (src->iface_name)
setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, src->iface_name, src->iface_len + 1);
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
#endif
CLEANUP: proto_tcp: use the same code to bind servers and backends The tproxy and source binding code has now be factored out for servers and backends. A nice effect is that the code now supports having backends use source port ranges, though the config does not support it yet. This change has reduced the executable by around 700 bytes.
2012-12-09 01:49:11 +04:00
if (src->sport_range) {
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
int attempts = 10; /* should be more than enough to find a spare port */
CLEANUP: proto_tcp: use the same code to bind servers and backends The tproxy and source binding code has now be factored out for servers and backends. A nice effect is that the code now supports having backends use source port ranges, though the config does not support it yet. This change has reduced the executable by around 700 bytes.
2012-12-09 01:49:11 +04:00
struct sockaddr_storage sa;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
ret = 1;
BUG/MAJOR: fix listening IP address storage for frontends When compiled with GCC 6, the IP address specified for a frontend was ignored and HAProxy was listening on all addresses instead. This is caused by an incomplete copy of a "struct sockaddr_storage". With the GNU Libc, "struct sockaddr_storage" is defined as this: struct sockaddr_storage { sa_family_t ss_family; unsigned long int __ss_align; char __ss_padding[(128 - (2 * sizeof (unsigned long int)))]; }; Doing an aggregate copy (ss1 = ss2) is different than using memcpy(): only members of the aggregate have to be copied. Notably, padding can be or not be copied. In GCC 6, some optimizations use this fact and if a "struct sockaddr_storage" contains a "struct sockaddr_in", the port and the address are part of the padding (between sa_family and __ss_align) and can be not copied over. Therefore, we replace any aggregate copy by a memcpy(). There is another place using the same pattern. We also fix a function receiving a "struct sockaddr_storage" by copy instead of by reference. Since it only needs a read-only copy, the function is converted to request a reference.
2016-05-18 17:17:44 +03:00
memcpy(&sa, &src->source_addr, sizeof(sa));
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
do {
/* note: in case of retry, we may have to release a previously
* allocated port, hence this loop's construct.
*/
[OPTIM] move some rarely used fields out of fdtab Some rarely information are stored in fdtab, making it larger for no reason (source port ranges, remote address, ...). Such information lie there because the checks can't find them anywhere else. The goal will be to move these information to the stream interface once the checks make use of it. For now, we move them to an fdinfo array. This simple change might have improved the cache hit ratio a little bit because a 0.5% of performance increase has measured.
2009-10-18 09:25:52 +04:00
port_range_release_port(fdinfo[fd].port_range, fdinfo[fd].local_port);
fdinfo[fd].port_range = NULL;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
if (!attempts)
break;
attempts--;
CLEANUP: proto_tcp: use the same code to bind servers and backends The tproxy and source binding code has now be factored out for servers and backends. A nice effect is that the code now supports having backends use source port ranges, though the config does not support it yet. This change has reduced the executable by around 700 bytes.
2012-12-09 01:49:11 +04:00
fdinfo[fd].local_port = port_range_alloc_port(src->sport_range);
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
if (!fdinfo[fd].local_port) {
conn->err_code = CO_ER_PORT_RANGE;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
break;
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
}
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
CLEANUP: proto_tcp: use the same code to bind servers and backends The tproxy and source binding code has now be factored out for servers and backends. A nice effect is that the code now supports having backends use source port ranges, though the config does not support it yet. This change has reduced the executable by around 700 bytes.
2012-12-09 01:49:11 +04:00
fdinfo[fd].port_range = src->sport_range;
set_host_port(&sa, fdinfo[fd].local_port);
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
MINOR: tcp: replace conn->addr.{from,to} with conn->{src,dst} Most of the locations were already safe, only two places needed to have one extra check to avoid assuming that cli_conn->src is necessarily set (it is in practice but let's stay safe).
2019-07-17 16:41:35 +03:00
ret = tcp_bind_socket(fd, flags, &sa, conn->src);
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
if (ret != 0)
conn->err_code = CO_ER_CANT_BIND;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
} while (ret != 0); /* binding NOK */
}
else {
MINOR: enable IP_BIND_ADDRESS_NO_PORT on backend connections Enable IP_BIND_ADDRESS_NO_PORT on backend connections when the source address is specified without port or port ranges. This is supported since Linux 4.2/libc 2.23. If the kernel supports it but the libc doesn't, we can define it at build time: make [...] DEFINE=-DIP_BIND_ADDRESS_NO_PORT=24 For more informations about this feature, see Linux commit 90c337da
2016-09-13 12:51:15 +03:00
#ifdef IP_BIND_ADDRESS_NO_PORT
BUG/MINOR: threads: Add missing THREAD_LOCAL on static here and there
2017-10-29 22:14:08 +03:00
static THREAD_LOCAL int bind_address_no_port = 1;
MINOR: enable IP_BIND_ADDRESS_NO_PORT on backend connections Enable IP_BIND_ADDRESS_NO_PORT on backend connections when the source address is specified without port or port ranges. This is supported since Linux 4.2/libc 2.23. If the kernel supports it but the libc doesn't, we can define it at build time: make [...] DEFINE=-DIP_BIND_ADDRESS_NO_PORT=24 For more informations about this feature, see Linux commit 90c337da
2016-09-13 12:51:15 +03:00
setsockopt(fd, SOL_IP, IP_BIND_ADDRESS_NO_PORT, (const void *) &bind_address_no_port, sizeof(int));
#endif
MINOR: tcp: replace conn->addr.{from,to} with conn->{src,dst} Most of the locations were already safe, only two places needed to have one extra check to avoid assuming that cli_conn->src is necessarily set (it is in practice but let's stay safe).
2019-07-17 16:41:35 +03:00
ret = tcp_bind_socket(fd, flags, &src->source_addr, conn->src);
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
if (ret != 0)
conn->err_code = CO_ER_CANT_BIND;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
}
CLEANUP: proto_tcp: use the same code to bind servers and backends The tproxy and source binding code has now be factored out for servers and backends. A nice effect is that the code now supports having backends use source port ranges, though the config does not support it yet. This change has reduced the executable by around 700 bytes.
2012-12-09 01:49:11 +04:00
if (unlikely(ret != 0)) {
[OPTIM] move some rarely used fields out of fdtab Some rarely information are stored in fdtab, making it larger for no reason (source port ranges, remote address, ...). Such information lie there because the checks can't find them anywhere else. The goal will be to move these information to the stream interface once the checks make use of it. For now, we move them to an fdinfo array. This simple change might have improved the cache hit ratio a little bit because a 0.5% of performance increase has measured.
2009-10-18 09:25:52 +04:00
port_range_release_port(fdinfo[fd].port_range, fdinfo[fd].local_port);
fdinfo[fd].port_range = NULL;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
close(fd);
if (ret == 1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 18:50:31 +03:00
ha_alert("Cannot bind to source address before connect() for backend %s. Aborting.\n",
be->id);
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
send_log(be, LOG_EMERG,
CLEANUP: proto_tcp: use the same code to bind servers and backends The tproxy and source binding code has now be factored out for servers and backends. A nice effect is that the code now supports having backends use source port ranges, though the config does not support it yet. This change has reduced the executable by around 700 bytes.
2012-12-09 01:49:11 +04:00
"Cannot bind to source address before connect() for backend %s.\n",
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
be->id);
} else {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 18:50:31 +03:00
ha_alert("Cannot bind to tproxy source address before connect() for backend %s. Aborting.\n",
be->id);
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
send_log(be, LOG_EMERG,
CLEANUP: proto_tcp: use the same code to bind servers and backends The tproxy and source binding code has now be factored out for servers and backends. A nice effect is that the code now supports having backends use source port ranges, though the config does not support it yet. This change has reduced the executable by around 700 bytes.
2012-12-09 01:49:11 +04:00
"Cannot bind to tproxy source address before connect() for backend %s.\n",
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
be->id);
}
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
conn->flags |= CO_FL_ERROR;
REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* This is in order to keep things consistent.
2015-04-03 02:14:29 +03:00
return SF_ERR_RESOURCE;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
}
}
[BUILD] compilation of haproxy-1.4-dev2 on FreeBSD Please consider the following patches. They are required to compile haproxy-1.4-dev2 on FreeBSD. Summary: 1) include <sys/types.h> before <netinet/tcp.h> 2) Use IPPROTO_TCP instead of SOL_TCP (they are both defined as 6, TCP protocol number)
2009-08-24 15:11:06 +04:00
#if defined(TCP_QUICKACK)
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
/* disabling tcp quick ack now allows the first request to leave the
* machine with the first ACK. We only do this if there are pending
MEDIUM: tcp: add explicit support for delayed ACK in connect() Commit 24db47e0 tried to improve support for delayed ACK upon connect but it was incomplete, because checks with the proxy protocol would always enable polling for data receive and there was no way of distinguishing data polling and delayed ack. So we add a distinct delack flag to the connect() function so that the caller decides whether or not to use a delayed ack regardless of pending data (eg: when send-proxy is in use). Doing so covers all combinations of { (check with data), (sendproxy), (smart-connect) }.
2012-11-24 13:24:27 +04:00
* data in the buffer.
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
*/
MEDIUM: proto: Change the prototype of the connect() method. The connect() method had 2 arguments, "data", that tells if there's pending data to be sent, and "delack" that tells if we have to use a delayed ack inconditionally, or if the backend is configured with tcp-smart-connect. Turn that into one argument, "flags". That way it'll be easier to provide more informations to connect() without adding extra arguments.
2019-05-06 19:32:29 +03:00
if (flags & (CONNECT_DELACK_ALWAYS) ||
((flags & CONNECT_DELACK_SMART_CONNECT ||
(flags & CONNECT_HAS_DATA) || conn->send_proxy_ofs) &&
(be->options2 & PR_O2_SMARTCON)))
[CLEANUP] Remove unnecessary casts There is no need to cast when going to or from void *
2011-06-24 10:11:37 +04:00
setsockopt(fd, IPPROTO_TCP, TCP_QUICKACK, &zero, sizeof(zero));
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
#endif
MEDIUM: server: implement TCP_USER_TIMEOUT on the server This is equivalent to commit 2af207a ("MEDIUM: tcp: implement tcp-ut bind option to set TCP_USER_TIMEOUT") except that this time it works on the server side. The purpose is to detect dead server connections even when checks are rare, disabled, or after a soft reload (since checks are disabled there as well), and to ensure client connections will get killed faster.
2015-10-13 17:16:41 +03:00
#ifdef TCP_USER_TIMEOUT
/* there is not much more we can do here when it fails, it's still minor */
if (srv && srv->tcp_ut)
setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &srv->tcp_ut, sizeof(srv->tcp_ut));
#endif
MEDIUM: tcp: add the "tfo" option to support TCP fastopen on the server This implements support for the new API which relies on a call to setsockopt(). On systems that support it (currently, only Linux >= 4.11), this enables using TCP fast open when connecting to server. Please note that you should use the retry-on "conn-failure", "empty-response" and "response-timeout" keywords, or the request won't be able to be retried on failure. Co-authored-by: Olivier Houchard <ohouchard@haproxy.com>
2017-01-24 01:36:45 +03:00
if (use_fastopen) {
#if defined(TCP_FASTOPEN_CONNECT)
setsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN_CONNECT, &one, sizeof(one));
#endif
}
[MINOR] add the ability to force kernel socket buffer size. Sometimes we need to be able to change the default kernel socket buffer size (recv and send). Four new global settings have been added for this : - tune.rcvbuf.client - tune.rcvbuf.server - tune.sndbuf.client - tune.sndbuf.server Those can be used to reduce kernel memory footprint with large numbers of concurrent connections, and to reduce risks of write timeouts with very slow clients due to excessive kernel buffering.
2010-01-21 19:43:04 +03:00
if (global.tune.server_sndbuf)
setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &global.tune.server_sndbuf, sizeof(global.tune.server_sndbuf));
if (global.tune.server_rcvbuf)
setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &global.tune.server_rcvbuf, sizeof(global.tune.server_rcvbuf));
MINOR: tcp: replace conn->addr.{from,to} with conn->{src,dst} Most of the locations were already safe, only two places needed to have one extra check to avoid assuming that cli_conn->src is necessarily set (it is in practice but let's stay safe).
2019-07-17 16:41:35 +03:00
addr = (conn->flags & CO_FL_SOCKS4) ? &srv->socks4_addr : conn->dst;
MEDIUM: connection: Upstream SOCKS4 proxy support Have "socks4" and "check-via-socks4" server keyword added. Implement handshake with SOCKS4 proxy server for tcp stream connection. See issue #82. I have the "SOCKS: A protocol for TCP proxy across firewalls" doc found at "https://www.openssh.com/txt/socks4.protocol". Please reference to it. [wt: for now connecting to the SOCKS4 proxy over unix sockets is not supported, and mixing IPv4/IPv6 is discouraged; indeed, the control layer is unique for a connection and will be used both for connecting and for target address manipulation. As such it may for example report incorrect destination addresses in logs if the proxy is reached over IPv6]
2019-05-22 14:44:48 +03:00
if (connect(fd, (const struct sockaddr *)addr, get_addr_len(addr)) == -1) {
BUG/MEDIUM: tcp: don't poll for write when connect() succeeds While testing a tcp_fastopen related change, it appeared that in the rare case where connect() can immediately succeed, we still subscribe to write notifications on the socket, causing the conn_fd_handler() to immediately be called and a second call to connect() to be attempted to double-check the connection. In fact this issue had already been met with unix sockets (which often respond immediately) and partially addressed but incorrect so another patch will follow. But for TCP nothing was done. The fix consists in removing the WAIT_L4_CONN flag if connect() succeeds and to subscribe for writes only if some handshakes or L4_CONN are still needed. In addition in order not to fail raw TCP health checks, we have to continue to enable polling for data when nothing is scheduled for leaving and the connection is already established, otherwise the caller will never be notified. This fix should be backported to 1.7 and 1.6.
2017-01-25 16:12:22 +03:00
if (errno == EINPROGRESS || errno == EALREADY) {
/* common case, let's wait for connect status */
conn->flags |= CO_FL_WAIT_L4_CONN;
}
else if (errno == EISCONN) {
/* should normally not happen but if so, indicates that it's OK */
conn->flags &= ~CO_FL_WAIT_L4_CONN;
}
else if (errno == EAGAIN || errno == EADDRINUSE || errno == EADDRNOTAVAIL) {
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
char *msg;
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
if (errno == EAGAIN || errno == EADDRNOTAVAIL) {
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
msg = "no free ports";
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
conn->err_code = CO_ER_FREE_PORTS;
}
else {
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
msg = "local address already in use";
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
conn->err_code = CO_ER_ADDR_INUSE;
}
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
BUG/MEDIUM: tcp: process could theorically crash on lack of source ports When connect() fails with EAGAIN or EADDRINUSE, an error message is sent to logs and uses srv->id to indicate the server name (this is very old code). Since version 1.4, it is possible to have srv == NULL, so the message could cause a crash when connect() returns EAGAIN or EADDRINUSE. However in practice this does not happen because on lack of source ports, EADDRNOTAVAIL is returned instead, so this code is never called. This fix consists in not displaying the server name anymore, and in adding the test for EADDRNOTAVAIL. Also, the log level was lowered from LOG_EMERG to LOG_ERR in order not to spam all consoles when source ports are missing for a given target. This fix should be backported to 1.4.
2012-12-09 02:03:28 +04:00
qfprintf(stderr,"Connect() failed for backend %s: %s.\n", be->id, msg);
[OPTIM] move some rarely used fields out of fdtab Some rarely information are stored in fdtab, making it larger for no reason (source port ranges, remote address, ...). Such information lie there because the checks can't find them anywhere else. The goal will be to move these information to the stream interface once the checks make use of it. For now, we move them to an fdinfo array. This simple change might have improved the cache hit ratio a little bit because a 0.5% of performance increase has measured.
2009-10-18 09:25:52 +04:00
port_range_release_port(fdinfo[fd].port_range, fdinfo[fd].local_port);
fdinfo[fd].port_range = NULL;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
close(fd);
BUG/MEDIUM: tcp: process could theorically crash on lack of source ports When connect() fails with EAGAIN or EADDRINUSE, an error message is sent to logs and uses srv->id to indicate the server name (this is very old code). Since version 1.4, it is possible to have srv == NULL, so the message could cause a crash when connect() returns EAGAIN or EADDRINUSE. However in practice this does not happen because on lack of source ports, EADDRNOTAVAIL is returned instead, so this code is never called. This fix consists in not displaying the server name anymore, and in adding the test for EADDRNOTAVAIL. Also, the log level was lowered from LOG_EMERG to LOG_ERR in order not to spam all consoles when source ports are missing for a given target. This fix should be backported to 1.4.
2012-12-09 02:03:28 +04:00
send_log(be, LOG_ERR, "Connect() failed for backend %s: %s.\n", be->id, msg);
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
conn->flags |= CO_FL_ERROR;
REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* This is in order to keep things consistent.
2015-04-03 02:14:29 +03:00
return SF_ERR_RESOURCE;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
} else if (errno == ETIMEDOUT) {
//qfprintf(stderr,"Connect(): ETIMEDOUT");
[OPTIM] move some rarely used fields out of fdtab Some rarely information are stored in fdtab, making it larger for no reason (source port ranges, remote address, ...). Such information lie there because the checks can't find them anywhere else. The goal will be to move these information to the stream interface once the checks make use of it. For now, we move them to an fdinfo array. This simple change might have improved the cache hit ratio a little bit because a 0.5% of performance increase has measured.
2009-10-18 09:25:52 +04:00
port_range_release_port(fdinfo[fd].port_range, fdinfo[fd].local_port);
fdinfo[fd].port_range = NULL;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
close(fd);
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
conn->err_code = CO_ER_SOCK_ERR;
conn->flags |= CO_FL_ERROR;
REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* This is in order to keep things consistent.
2015-04-03 02:14:29 +03:00
return SF_ERR_SRVTO;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
} else {
// (errno == ECONNREFUSED || errno == ENETUNREACH || errno == EACCES || errno == EPERM)
//qfprintf(stderr,"Connect(): %d", errno);
[OPTIM] move some rarely used fields out of fdtab Some rarely information are stored in fdtab, making it larger for no reason (source port ranges, remote address, ...). Such information lie there because the checks can't find them anywhere else. The goal will be to move these information to the stream interface once the checks make use of it. For now, we move them to an fdinfo array. This simple change might have improved the cache hit ratio a little bit because a 0.5% of performance increase has measured.
2009-10-18 09:25:52 +04:00
port_range_release_port(fdinfo[fd].port_range, fdinfo[fd].local_port);
fdinfo[fd].port_range = NULL;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
close(fd);
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
conn->err_code = CO_ER_SOCK_ERR;
conn->flags |= CO_FL_ERROR;
REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* This is in order to keep things consistent.
2015-04-03 02:14:29 +03:00
return SF_ERR_SRVCL;
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
}
}
BUG/MEDIUM: tcp: don't poll for write when connect() succeeds While testing a tcp_fastopen related change, it appeared that in the rare case where connect() can immediately succeed, we still subscribe to write notifications on the socket, causing the conn_fd_handler() to immediately be called and a second call to connect() to be attempted to double-check the connection. In fact this issue had already been met with unix sockets (which often respond immediately) and partially addressed but incorrect so another patch will follow. But for TCP nothing was done. The fix consists in removing the WAIT_L4_CONN flag if connect() succeeds and to subscribe for writes only if some handshakes or L4_CONN are still needed. In addition in order not to fail raw TCP health checks, we have to continue to enable polling for data when nothing is scheduled for leaving and the connection is already established, otherwise the caller will never be notified. This fix should be backported to 1.7 and 1.6.
2017-01-25 16:12:22 +03:00
else {
/* connect() == 0, this is great! */
conn->flags &= ~CO_FL_WAIT_L4_CONN;
}
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
BUG/MINOR: tcp: set the ADDR_TO_SET flag on outgoing connections tcp_connect_server() resets all of the connection's flags. This means that an outgoing connection does not have the ADDR_TO_SET flag eventhough the address is set. The first impact is that logging the outgoing address or displaying it on the CLI while dumping sessions will result in an extra call to getpeername(). But there is a nastier impact. If such a lookup happens *after* the first connect() attempt and this one fails, the destination address is corrupted by the call to getsockname(), and subsequent connection retries will fail with socket errors. For now we fix this by making tcp_connect_server() set the flag. But we'll soon need a function to initialize an outgoing connection with appropriate address and flags before calling the connect() function.
2012-12-08 21:53:44 +04:00
conn->flags |= CO_FL_ADDR_TO_SET;
MAJOR: fd: remove the need for the socket layer to recheck the connection Up to now, if an outgoing connection had no data to send, the socket layer had to perform a connect() again to check for establishment. This is not acceptable for SSL, and will cause problems with socketpair(). Some socket layers will also need an initializer before sending data (eg: SSL). The solution consists in moving the connect() test to the protocol layer (eg: TCP) and to make it hold the fd->write callback until the connection is validated. At this point, it will switch the write callback to the socket layer's write function. In fact we need to hold both read and write callbacks to ensure the socket layer is never called before being initialized. This intermediate callback is used only if there is a socket init function or if there are no data to send. The socket layer does not have any code to check for connection establishment anymore, which makes sense.
2012-05-11 21:53:32 +04:00
MAJOR: connection: add two new flags to indicate readiness of control/transport Currently the control and transport layers of a connection are supposed to be initialized when their respective pointers are not NULL. This will not work anymore when we plan to reuse connections, because there is an asymmetry between the accept() side and the connect() side : - on accept() side, the fd is set first, then the ctrl layer then the transport layer ; upon error, they must be undone in the reverse order, then the FD must be closed. The FD must not be deleted if the control layer was not yet initialized ; - on the connect() side, the fd is set last and there is no reliable way to know if it has been initialized or not. In practice it's initialized to -1 first but this is hackish and supposes that local FDs only will be used forever. Also, there are even less solutions for keeping trace of the transport layer's state. Also it is possible to support delayed close() when something (eg: logs) tracks some information requiring the transport and/or control layers, making it even more difficult to clean them. So the proposed solution is to add two flags to the connection : - CO_FL_CTRL_READY is set when the control layer is initialized (fd_insert) and cleared after it's released (fd_delete). - CO_FL_XPRT_READY is set when the control layer is initialized (xprt->init) and cleared after it's released (xprt->close). The functions have been adapted to rely on this and not on the pointers anymore. conn_xprt_close() was unused and dangerous : it did not close the control layer (eg: the socket itself) but still marks the transport layer as closed, preventing any future call to conn_full_close() from finishing the job. The problem comes from conn_full_close() in fact. It needs to close the xprt and ctrl layers independantly. After that we're still having an issue : we don't know based on ->ctrl alone whether the fd was registered or not. For this we use the two new flags CO_FL_XPRT_READY and CO_FL_CTRL_READY. We now rely on this and not on conn->xprt nor conn->ctrl anymore to decide what remains to be done on the connection. In order not to miss some flag assignments, we introduce conn_ctrl_init() to initialize the control layer, register the fd using fd_insert() and set the flag, and conn_ctrl_close() which unregisters the fd and removes the flag, but only if the transport layer was closed. Similarly, at the transport layer, conn_xprt_init() calls ->init and sets the flag, while conn_xprt_close() checks the flag, calls ->close and clears the flag, regardless xprt_ctx or xprt_st. This also ensures that the ->init and the ->close functions are called only once each and in the correct order. Note that conn_xprt_close() does nothing if the transport layer is still tracked. conn_full_close() now simply calls conn_xprt_close() then conn_full_close() in turn, which do nothing if CO_FL_XPRT_TRACKED is set. In order to handle the error path, we also provide conn_force_close() which ignores CO_FL_XPRT_TRACKED and closes the transport and the control layers in turns. All relevant instances of fd_delete() have been replaced with conn_force_close(). Now we always know what state the connection is in and we can expect to split its initialization.
2013-10-21 18:30:56 +04:00
conn_ctrl_init(conn); /* registers the FD */
MEDIUM: connection: centralize handling of nolinger in fd management Right now we see many places doing their own setsockopt(SO_LINGER). Better only do it just before the close() in fd_delete(). For this we add a new flag on the file descriptor, indicating if it's safe or not to linger. If not (eg: after a connect()), then the setsockopt() call is automatically performed before a close(). The flag automatically turns to safe when receiving a read0.
2013-12-15 17:19:38 +04:00
fdtab[fd].linger_risk = 1; /* close hard if needed */
MEDIUM: connection: add an ->init function to data layer SSL need to initialize the data layer before proceeding with data. At the moment, this data layer is automatically initialized from itself, which will not be possible once we extract connection from sessions since we'll only create the data layer once the handshake is finished. So let's have the application layer initialize the data layer before using it.
2012-08-31 15:54:11 +04:00
MINOR: tcp/uxst/sockpair: only ask for I/O when really waiting for a connect() Now that the stream-interface properly handles synchonous connects, there is no more reason for subscribing and doing nothing.
2020-03-04 18:38:00 +03:00
if (conn->flags & CO_FL_WAIT_L4_CONN) {
fd_want_send(fd);
fd_cant_send(fd);
MINOR: connection: avoid a useless recvfrom() on outgoing connections When a connect() doesn't immediately succeed (i.e. most of the times), fd_cant_send() is called to enable polling. But given that we don't mark that we cannot receive either, we end up performing a failed recvfrom() immediately when the connect() is finally confirmed, as indicated in issue #253. This patch simply adds fd_cant_recv() as well so that we're only notified once the recv path is ready. The reason it was not there is purely historic, as in the past when there was the fd cache, doing it would have caused a pending recv request to be placed into the fd cache, hence a useless recvfrom() upon success (i.e. what happens now). Without this patch, forwarding 100k connections does this: % time seconds usecs/call calls errors syscall ------ ----------- ----------- --------- --------- ---------------- 17.51 0.704229 7 100000 100000 connect 16.75 0.673875 3 200000 sendto 16.24 0.653222 3 200036 close 10.82 0.435082 1 300000 100000 recvfrom 10.37 0.417266 1 300012 setsockopt 7.12 0.286511 1 199954 epoll_ctl 6.80 0.273447 2 100000 shutdown 5.34 0.214942 2 100005 socket 4.65 0.187137 1 105002 5002 accept4 3.35 0.134757 1 100004 fcntl 0.61 0.024585 4 5858 epoll_wait With the patch: % time seconds usecs/call calls errors syscall ------ ----------- ----------- --------- --------- ---------------- 18.04 0.697365 6 100000 100000 connect 17.40 0.672471 3 200000 sendto 17.03 0.658134 3 200036 close 10.57 0.408459 1 300012 setsockopt 7.69 0.297270 1 200000 recvfrom 7.32 0.282934 1 199922 epoll_ctl 7.09 0.274027 2 100000 shutdown 5.59 0.216041 2 100005 socket 4.87 0.188352 1 104697 4697 accept4 3.35 0.129641 1 100004 fcntl 0.65 0.024959 4 5337 1 epoll_wait Note the total disappearance of 1/3 of failed recvfrom() *without* adding any extra syscall anywhere else. The trace of an HTTP health check is now totally clean, with no useless syscall at all anymore: 09:14:21.959255 connect(9, {sa_family=AF_INET, sin_port=htons(8000), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress) 09:14:21.959292 epoll_ctl(4, EPOLL_CTL_ADD, 9, {EPOLLIN|EPOLLOUT|EPOLLRDHUP, {u32=9, u64=9}}) = 0 09:14:21.959315 epoll_wait(4, [{EPOLLOUT, {u32=9, u64=9}}], 200, 1000) = 1 09:14:21.959376 sendto(9, "OPTIONS / HTTP/1.0\r\ncontent-leng"..., 41, MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 41 09:14:21.959436 epoll_wait(4, [{EPOLLOUT, {u32=9, u64=9}}], 200, 1000) = 1 09:14:21.959456 epoll_ctl(4, EPOLL_CTL_MOD, 9, {EPOLLIN|EPOLLRDHUP, {u32=9, u64=9}}) = 0 09:14:21.959512 epoll_wait(4, [{EPOLLIN|EPOLLRDHUP, {u32=9, u64=9}}], 200, 1000) = 1 09:14:21.959548 recvfrom(9, "HTTP/1.0 200\r\nContent-length: 0\r"..., 16320, 0, NULL, NULL) = 126 09:14:21.959570 close(9) = 0 With the edge-triggered poller, it gets even better: 09:29:15.776201 connect(9, {sa_family=AF_INET, sin_port=htons(8000), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress) 09:29:15.776256 epoll_ctl(4, EPOLL_CTL_ADD, 9, {EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, {u32=9, u64=9}}) = 0 09:29:15.776287 epoll_wait(4, [{EPOLLOUT, {u32=9, u64=9}}], 200, 1000) = 1 09:29:15.776320 sendto(9, "OPTIONS / HTTP/1.0\r\ncontent-leng"..., 41, MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 41 09:29:15.776374 epoll_wait(4, [{EPOLLIN|EPOLLOUT|EPOLLRDHUP, {u32=9, u64=9}}], 200, 1000) = 1 09:29:15.776406 recvfrom(9, "HTTP/1.0 200\r\nContent-length: 0\r"..., 16320, 0, NULL, NULL) = 126 09:29:15.776434 close(9) = 0 It could make sense to backport this patch to 2.2 and maybe 2.1 after it has been sufficiently checked for absence of side effects in 2.3-dev, as some people had reported an extra overhead like in issue #168.
2020-07-31 09:59:09 +03:00
fd_cant_recv(fd);
MINOR: tcp/uxst/sockpair: only ask for I/O when really waiting for a connect() Now that the stream-interface properly handles synchonous connects, there is no more reason for subscribing and doing nothing.
2020-03-04 18:38:00 +03:00
}
MEDIUM: connection: enable reading only once the connection is confirmed In order to address the absurd polling sequence described in issue #253, let's make sure we disable receiving on a connection until it's established. Previously with bottom-top I/Os, we were almost certain that a connection was ready when the first I/O was confirmed. Now we can enter various functions, including process_stream(), which will attempt to read something, will fail, and will then subscribe. But we don't want them to try to receive if we know the connection didn't complete. The first prerequisite for this is to mark the connection as not ready for receiving until it's validated. But we don't want to mark it as not ready for sending because we know that attempting I/Os later is extremely likely to work without polling. Once the connection is confirmed we re-enable recv readiness. In order for this event to be taken into account, the call to tcp_connect_probe() was moved earlier, between the attempt to send() and the attempt to recv(). This way if tcp_connect_probe() enables reading, we have a chance to immediately fall back to this and read the possibly pending data. Now the trace looks like the following. It's far from being perfect but we've already saved one recvfrom() and one epollctl(): epoll_wait(3, [], 200, 0) = 0 socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 7 fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 setsockopt(7, SOL_TCP, TCP_NODELAY, [1], 4) = 0 connect(7, {sa_family=AF_INET, sin_port=htons(8000), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress) epoll_ctl(3, EPOLL_CTL_ADD, 7, {EPOLLIN|EPOLLOUT|EPOLLRDHUP, {u32=7, u64=7}}) = 0 epoll_wait(3, [{EPOLLOUT, {u32=7, u64=7}}], 200, 1000) = 1 connect(7, {sa_family=AF_INET, sin_port=htons(8000), sin_addr=inet_addr("127.0.0.1")}, 16) = 0 getsockopt(7, SOL_SOCKET, SO_ERROR, [0], [4]) = 0 sendto(7, "OPTIONS / HTTP/1.0\r\n\r\n", 22, MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 22 epoll_ctl(3, EPOLL_CTL_MOD, 7, {EPOLLIN|EPOLLRDHUP, {u32=7, u64=7}}) = 0 epoll_wait(3, [{EPOLLIN|EPOLLRDHUP, {u32=7, u64=7}}], 200, 1000) = 1 getsockopt(7, SOL_SOCKET, SO_ERROR, [0], [4]) = 0 getsockopt(7, SOL_SOCKET, SO_ERROR, [0], [4]) = 0 recvfrom(7, "HTTP/1.0 200\r\nContent-length: 0\r\nX-req: size=22, time=0 ms\r\nX-rsp: id=dummy, code=200, cache=1, size=0, time=0 ms (0 real)\r\n\r\n", 16384, 0, NULL, NULL) = 126 close(7) = 0
2019-09-05 18:05:05 +03:00
REORG: connection: rename the data layer the "transport layer" While working on the changes required to make the health checks use the new connections, it started to become obvious that some naming was not logical at all in the connections. Specifically, it is not logical to call the "data layer" the layer which is in charge for all the handshake and which does not yet provide a data layer once established until a session has allocated all the required buffers. In fact, it's more a transport layer, which makes much more sense. The transport layer offers a medium on which data can transit, and it offers the functions to move these data when the upper layer requests this. And it is the upper layer which iterates over the transport layer's functions to move data which should be called the data layer. The use case where it's obvious is with embryonic sessions : an incoming SSL connection is accepted. Only the connection is allocated, not the buffers nor stream interface, etc... The connection handles the SSL handshake by itself. Once this handshake is complete, we can't use the data functions because the buffers and stream interface are not there yet. Hence we have to first call a specific function to complete the session initialization, after which we'll be able to use the data functions. This clearly proves that SSL here is only a transport layer and that the stream interface constitutes the data layer. A similar change will be performed to rename app_cb => data, but the two could not be in the same commit for obvious reasons.
2012-10-03 02:19:48 +04:00
if (conn_xprt_init(conn) < 0) {
MINOR: tcp: use conn_full_close() instead of conn_force_close() There's no point in using conn_force_close() in outgoing connect() since XPRT_TRACKED is not set so both functions are equivalent.
2017-10-05 19:01:29 +03:00
conn_full_close(conn);
MEDIUM: tcp: report connection error at the connection level Now when a connection error happens, it is reported in the connection so that upper layers know exactly what happened. This is particularly useful with health checks and resources exhaustion.
2014-01-24 19:08:19 +04:00
conn->flags |= CO_FL_ERROR;
REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* This is in order to keep things consistent.
2015-04-03 02:14:29 +03:00
return SF_ERR_RESOURCE;
BUG: tcp: close socket fd upon connect error When the data layer fails to initialize (eg: out of memory for SSL), we must close the socket fd we just allocated.
2012-09-06 16:04:41 +04:00
}
MEDIUM: connection: add an ->init function to data layer SSL need to initialize the data layer before proceeding with data. At the moment, this data layer is automatically initialized from itself, which will not be possible once we extract connection from sessions since we'll only create the data layer once the handshake is finished. So let's have the application layer initialize the data layer before using it.
2012-08-31 15:54:11 +04:00
REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* This is in order to keep things consistent.
2015-04-03 02:14:29 +03:00
return SF_ERR_NONE; /* connection is OK */
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 16:02:45 +04:00
}
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
/* This function tries to bind a TCPv4/v6 listener. It may return a warning or
CLEANUP: tcp/unix: remove useless NULL check in {tcp,unix}_bind_listener() errmsg may only be NULL if errlen is zero. Clarify this in the comment too. Reported-by: Dinko Korunic <dkorunic@reflected.net>
2013-01-24 04:41:38 +04:00
* an error message in <errmsg> if the message is at most <errlen> bytes long
* (including '\0'). Note that <errmsg> may be NULL if <errlen> is also zero.
* The return value is composed from ERR_ABORT, ERR_WARN,
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
* ERR_ALERT, ERR_RETRYABLE and ERR_FATAL. ERR_NONE indicates that everything
* was alright and that no message was returned. ERR_RETRYABLE means that an
* error occurred but that it may vanish after a retry (eg: port in use), and
CLEANUP: Fix some minor whitespace issues
2012-04-07 04:39:26 +04:00
* ERR_FATAL indicates a non-fixable error. ERR_WARN and ERR_ALERT do not alter
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
* the meaning of the error, but just indicate that a message is present which
* should be displayed with the respective level. Last, ERR_ABORT indicates
* that it's pointless to try to start other listeners. No error message is
* returned if errlen is NULL.
*/
int tcp_bind_listener(struct listener *listener, char *errmsg, int errlen)
{
int fd, err;
MEDIUM: tcp: make use of sock_inet_bind_receiver() This removes all the AF_INET-specific code from tcp_bind_listener() and now simply relies on sock_inet_bind_listener() to do the same job. The function was now roughly cut in half and its error path significantly simplified.
2020-09-01 17:12:50 +03:00
int ready;
char *msg = NULL;
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
MEDIUM: protocol: do not call proto->bind() anymore from bind_listener() All protocol's listeners now only take care of themselves and not of the receiver anymore since that's already being done in proto_bind_all(). Now it finally becomes obvious that UDP doesn't need a listener, as the only thing it does is to set the listener's state to LI_LISTEN!
2020-09-02 19:40:02 +03:00
err = ERR_NONE;
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
/* ensure we never return garbage */
CLEANUP: tcp/unix: remove useless NULL check in {tcp,unix}_bind_listener() errmsg may only be NULL if errlen is zero. Clarify this in the comment too. Reported-by: Dinko Korunic <dkorunic@reflected.net>
2013-01-24 04:41:38 +04:00
if (errlen)
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
*errmsg = 0;
if (listener->state != LI_ASSIGNED)
return ERR_NONE; /* already bound */
MEDIUM: protocol: do not call proto->bind() anymore from bind_listener() All protocol's listeners now only take care of themselves and not of the receiver anymore since that's already being done in proto_bind_all(). Now it finally becomes obvious that UDP doesn't need a listener, as the only thing it does is to set the listener's state to LI_LISTEN!
2020-09-02 19:40:02 +03:00
if (!(listener->rx.flags & RX_F_BOUND)) {
msg = "receiving socket not bound";
goto tcp_return;
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
}
MEDIUM: tcp: make use of sock_inet_bind_receiver() This removes all the AF_INET-specific code from tcp_bind_listener() and now simply relies on sock_inet_bind_listener() to do the same job. The function was now roughly cut in half and its error path significantly simplified.
2020-09-01 17:12:50 +03:00
fd = listener->rx.fd;
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
if (listener->options & LI_O_NOLINGER)
[CLEANUP] Remove unnecessary casts There is no need to cast when going to or from void *
2011-06-24 10:11:37 +04:00
setsockopt(fd, SOL_SOCKET, SO_LINGER, &nolinger, sizeof(struct linger));
MINOR: tcp: When binding socket, attempt to reuse one from the old proc. Try to reuse any socket from the old process, provided by the "-x" flag, before binding a new one, assuming it is compatible. "Compatible" here means same address and port, same namspace if any, same interface if any, and that the following flags are the same : LI_O_FOREIGN, LI_O_V6ONLY and LI_O_V4V6. Also change tcp_bind_listener() to always enable/disable socket options, instead of just doing so if it is in the configuration file, as the option may have been removed, ie TCP_FASTOPEN may have been set in the old process, and removed from the new configuration, so we have to disable it.
2017-04-05 23:39:56 +03:00
else {
struct linger tmplinger;
socklen_t len = sizeof(tmplinger);
if (getsockopt(fd, SOL_SOCKET, SO_LINGER, &tmplinger, &len) == 0 &&
(tmplinger.l_onoff == 1 || tmplinger.l_linger == 0)) {
tmplinger.l_onoff = 0;
tmplinger.l_linger = 0;
setsockopt(fd, SOL_SOCKET, SO_LINGER, &tmplinger,
sizeof(tmplinger));
}
}
[MEDIUM] extract TCP request processing from HTTP The TCP analyser has moved to proto_tcp.c. Breaking the function has required finer use of the return value and adding some tests to process_session().
2008-12-01 01:15:34 +03:00
[BUILD] compilation of haproxy-1.4-dev2 on FreeBSD Please consider the following patches. They are required to compile haproxy-1.4-dev2 on FreeBSD. Summary: 1) include <sys/types.h> before <netinet/tcp.h> 2) Use IPPROTO_TCP instead of SOL_TCP (they are both defined as 6, TCP protocol number)
2009-08-24 15:11:06 +04:00
#if defined(TCP_MAXSEG)
[MINOR] tcp: add support for dynamic MSS setting By passing a negative value to the "mss" argument of "bind" lines, it becomes possible to subtract this value to the MSS advertised by the client, which results in segments smaller than advertised. The effect is useful with some TCP stacks which ACK less often when segments are not full, because they only ACK every other full segment as suggested by RFC1122. NOTE: currently this has no effect on Linux kernel 2.6, a kernel patch is still required to change the MSS of established connections.
2010-12-24 17:26:39 +03:00
if (listener->maxseg > 0) {
[BUILD] compilation of haproxy-1.4-dev2 on FreeBSD Please consider the following patches. They are required to compile haproxy-1.4-dev2 on FreeBSD. Summary: 1) include <sys/types.h> before <netinet/tcp.h> 2) Use IPPROTO_TCP instead of SOL_TCP (they are both defined as 6, TCP protocol number)
2009-08-24 15:11:06 +04:00
if (setsockopt(fd, IPPROTO_TCP, TCP_MAXSEG,
[MEDIUM] add support for TCP MSS adjustment for listeners Sometimes it can be useful to limit the advertised TCP MSS on incoming connections, for instance when requests come through a VPN or when the system is running with jumbo frames enabled. Passing the "mss <value>" arguments to a "bind" line will set the value. This works under Linux >= 2.6.28, and maybe a few earlier ones, though due to an old kernel bug most of earlier versions will probably ignore it. It is also possible that some other OSes will support this.
2009-06-14 20:48:19 +04:00
&listener->maxseg, sizeof(listener->maxseg)) == -1) {
msg = "cannot set MSS";
err |= ERR_WARN;
}
MEDIUM: tcp: make use of sock_inet_bind_receiver() This removes all the AF_INET-specific code from tcp_bind_listener() and now simply relies on sock_inet_bind_listener() to do the same job. The function was now roughly cut in half and its error path significantly simplified.
2020-09-01 17:12:50 +03:00
} else {
/* we may want to try to restore the default MSS if the socket was inherited */
MINOR: tcp: When binding socket, attempt to reuse one from the old proc. Try to reuse any socket from the old process, provided by the "-x" flag, before binding a new one, assuming it is compatible. "Compatible" here means same address and port, same namspace if any, same interface if any, and that the following flags are the same : LI_O_FOREIGN, LI_O_V6ONLY and LI_O_V4V6. Also change tcp_bind_listener() to always enable/disable socket options, instead of just doing so if it is in the configuration file, as the option may have been removed, ie TCP_FASTOPEN may have been set in the old process, and removed from the new configuration, so we have to disable it.
2017-04-05 23:39:56 +03:00
int tmpmaxseg = -1;
int defaultmss;
socklen_t len = sizeof(tmpmaxseg);
REORG: listener: move the listening address to a struct receiver The address will be specific to the receiver so let's move it there.
2020-08-27 08:48:42 +03:00
if (listener->rx.addr.ss_family == AF_INET)
REORG: sock_inet: move default_tcp_maxseg from proto_tcp.c Let's determine it at boot time instead of doing it on first use. It also saves us from having to keep it thread local. It's been moved to the new sock_inet_prepare() function, and the variables were renamed to sock_inet_tcp_maxseg_default and sock_inet6_tcp_maxseg_default.
2020-08-28 19:03:10 +03:00
defaultmss = sock_inet_tcp_maxseg_default;
MINOR: tcp: When binding socket, attempt to reuse one from the old proc. Try to reuse any socket from the old process, provided by the "-x" flag, before binding a new one, assuming it is compatible. "Compatible" here means same address and port, same namspace if any, same interface if any, and that the following flags are the same : LI_O_FOREIGN, LI_O_V6ONLY and LI_O_V4V6. Also change tcp_bind_listener() to always enable/disable socket options, instead of just doing so if it is in the configuration file, as the option may have been removed, ie TCP_FASTOPEN may have been set in the old process, and removed from the new configuration, so we have to disable it.
2017-04-05 23:39:56 +03:00
else
REORG: sock_inet: move default_tcp_maxseg from proto_tcp.c Let's determine it at boot time instead of doing it on first use. It also saves us from having to keep it thread local. It's been moved to the new sock_inet_prepare() function, and the variables were renamed to sock_inet_tcp_maxseg_default and sock_inet6_tcp_maxseg_default.
2020-08-28 19:03:10 +03:00
defaultmss = sock_inet6_tcp_maxseg_default;
MINOR: tcp: When binding socket, attempt to reuse one from the old proc. Try to reuse any socket from the old process, provided by the "-x" flag, before binding a new one, assuming it is compatible. "Compatible" here means same address and port, same namspace if any, same interface if any, and that the following flags are the same : LI_O_FOREIGN, LI_O_V6ONLY and LI_O_V4V6. Also change tcp_bind_listener() to always enable/disable socket options, instead of just doing so if it is in the configuration file, as the option may have been removed, ie TCP_FASTOPEN may have been set in the old process, and removed from the new configuration, so we have to disable it.
2017-04-05 23:39:56 +03:00
getsockopt(fd, IPPROTO_TCP, TCP_MAXSEG, &tmpmaxseg, &len);
BUG/MINOR: tcp: don't try to set defaultmss when value is negative when `getsockopt` previously failed, we were trying to set defaultmss with -2 value. this is a followup of github issue #499 this should be backported to all versions >= v1.8 Fixes: 153659f1ae69a1 ("MINOR: tcp: When binding socket, attempt to reuse one from the old proc.") Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2020-02-12 17:53:04 +03:00
if (defaultmss > 0 &&
tmpmaxseg != defaultmss &&
setsockopt(fd, IPPROTO_TCP, TCP_MAXSEG, &defaultmss, sizeof(defaultmss)) == -1) {
MINOR: tcp: When binding socket, attempt to reuse one from the old proc. Try to reuse any socket from the old process, provided by the "-x" flag, before binding a new one, assuming it is compatible. "Compatible" here means same address and port, same namspace if any, same interface if any, and that the following flags are the same : LI_O_FOREIGN, LI_O_V6ONLY and LI_O_V4V6. Also change tcp_bind_listener() to always enable/disable socket options, instead of just doing so if it is in the configuration file, as the option may have been removed, ie TCP_FASTOPEN may have been set in the old process, and removed from the new configuration, so we have to disable it.
2017-04-05 23:39:56 +03:00
msg = "cannot set MSS";
err |= ERR_WARN;
}
[MEDIUM] add support for TCP MSS adjustment for listeners Sometimes it can be useful to limit the advertised TCP MSS on incoming connections, for instance when requests come through a VPN or when the system is running with jumbo frames enabled. Passing the "mss <value>" arguments to a "bind" line will set the value. This works under Linux >= 2.6.28, and maybe a few earlier ones, though due to an old kernel bug most of earlier versions will probably ignore it. It is also possible that some other OSes will support this.
2009-06-14 20:48:19 +04:00
}
[MINOR] tcp: add support for the defer_accept bind option This can ensure that data is readily available on a socket when we accept it, but a bug in the kernel ignores the timeout so the socket can remain pending as long as the client does not talk. Use with care.
2009-10-13 09:34:14 +04:00
#endif
MEDIUM: tcp: implement tcp-ut bind option to set TCP_USER_TIMEOUT On Linux since 2.6.37, it's possible to set the socket timeout for pending outgoing data, with an accuracy of 1 millisecond. This is pretty handy to deal with dead connections to clients and or servers. For now we only implement it on the frontend side (bind line) so that when a client disappears from the net, we're able to quickly get rid of its connection and possibly release a server connection. This can be useful with long-lived connections where an application level timeout is not suited because long pauses are expected (remote terminals, connection pools, etc). Thanks to Thijs Houtenbos and John Eckersberg for the suggestion.
2015-02-04 02:45:58 +03:00
#if defined(TCP_USER_TIMEOUT)
if (listener->tcp_ut) {
if (setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT,
&listener->tcp_ut, sizeof(listener->tcp_ut)) == -1) {
msg = "cannot set TCP User Timeout";
err |= ERR_WARN;
}
MINOR: tcp: When binding socket, attempt to reuse one from the old proc. Try to reuse any socket from the old process, provided by the "-x" flag, before binding a new one, assuming it is compatible. "Compatible" here means same address and port, same namspace if any, same interface if any, and that the following flags are the same : LI_O_FOREIGN, LI_O_V6ONLY and LI_O_V4V6. Also change tcp_bind_listener() to always enable/disable socket options, instead of just doing so if it is in the configuration file, as the option may have been removed, ie TCP_FASTOPEN may have been set in the old process, and removed from the new configuration, so we have to disable it.
2017-04-05 23:39:56 +03:00
} else
setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &zero,
sizeof(zero));
MEDIUM: tcp: implement tcp-ut bind option to set TCP_USER_TIMEOUT On Linux since 2.6.37, it's possible to set the socket timeout for pending outgoing data, with an accuracy of 1 millisecond. This is pretty handy to deal with dead connections to clients and or servers. For now we only implement it on the frontend side (bind line) so that when a client disappears from the net, we're able to quickly get rid of its connection and possibly release a server connection. This can be useful with long-lived connections where an application level timeout is not suited because long pauses are expected (remote terminals, connection pools, etc). Thanks to Thijs Houtenbos and John Eckersberg for the suggestion.
2015-02-04 02:45:58 +03:00
#endif
[MINOR] tcp: add support for the defer_accept bind option This can ensure that data is readily available on a socket when we accept it, but a bug in the kernel ignores the timeout so the socket can remain pending as long as the client does not talk. Use with care.
2009-10-13 09:34:14 +04:00
#if defined(TCP_DEFER_ACCEPT)
if (listener->options & LI_O_DEF_ACCEPT) {
/* defer accept by up to one second */
int accept_delay = 1;
if (setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, &accept_delay, sizeof(accept_delay)) == -1) {
msg = "cannot enable DEFER_ACCEPT";
err |= ERR_WARN;
}
MINOR: tcp: When binding socket, attempt to reuse one from the old proc. Try to reuse any socket from the old process, provided by the "-x" flag, before binding a new one, assuming it is compatible. "Compatible" here means same address and port, same namspace if any, same interface if any, and that the following flags are the same : LI_O_FOREIGN, LI_O_V6ONLY and LI_O_V4V6. Also change tcp_bind_listener() to always enable/disable socket options, instead of just doing so if it is in the configuration file, as the option may have been removed, ie TCP_FASTOPEN may have been set in the old process, and removed from the new configuration, so we have to disable it.
2017-04-05 23:39:56 +03:00
} else
setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, &zero,
sizeof(zero));
MEDIUM: tcp: enable TCP Fast Open on systems which support it If TCP_FASTOPEN is defined, then the "tfo" option is supported on "bind" lines to enable TCP Fast Open (linux >= 3.6).
2012-10-05 18:21:00 +04:00
#endif
#if defined(TCP_FASTOPEN)
if (listener->options & LI_O_TCP_FO) {
/* TFO needs a queue length, let's use the configured backlog */
MINOR: listener: introduce listener_backlog() to report the backlog value In an attempt to try to provide automatic maxconn settings, we need to decorrelate a listner's backlog and maxconn so that these values can be independent. This introduces a listener_backlog() function which retrieves the backlog value from the listener's backlog, the frontend's, the listener's maxconn, the frontend's or falls back to 1024. This corresponds to what was done in cfgparse.c to force a value there except the last fallback which was not set since the frontend's maxconn is always known.
2019-02-27 17:39:41 +03:00
int qlen = listener_backlog(listener);
MEDIUM: tcp: enable TCP Fast Open on systems which support it If TCP_FASTOPEN is defined, then the "tfo" option is supported on "bind" lines to enable TCP Fast Open (linux >= 3.6).
2012-10-05 18:21:00 +04:00
if (setsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN, &qlen, sizeof(qlen)) == -1) {
msg = "cannot enable TCP_FASTOPEN";
err |= ERR_WARN;
}
MINOR: tcp: When binding socket, attempt to reuse one from the old proc. Try to reuse any socket from the old process, provided by the "-x" flag, before binding a new one, assuming it is compatible. "Compatible" here means same address and port, same namspace if any, same interface if any, and that the following flags are the same : LI_O_FOREIGN, LI_O_V6ONLY and LI_O_V4V6. Also change tcp_bind_listener() to always enable/disable socket options, instead of just doing so if it is in the configuration file, as the option may have been removed, ie TCP_FASTOPEN may have been set in the old process, and removed from the new configuration, so we have to disable it.
2017-04-05 23:39:56 +03:00
} else {
socklen_t len;
int qlen;
len = sizeof(qlen);
/* Only disable fast open if it was enabled, we don't want
* the kernel to create a fast open queue if there's none.
*/
if (getsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN, &qlen, &len) == 0 &&
qlen != 0) {
if (setsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN, &zero,
sizeof(zero)) == -1) {
msg = "cannot disable TCP_FASTOPEN";
err |= ERR_WARN;
}
}
MEDIUM: tcp: enable TCP Fast Open on systems which support it If TCP_FASTOPEN is defined, then the "tfo" option is supported on "bind" lines to enable TCP Fast Open (linux >= 3.6).
2012-10-05 18:21:00 +04:00
}
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
#endif
CLEANUP: tcp: make use of sock_accept_conn() where relevant This allows to get rid of two getsockopt(SO_ACCEPTCONN).
2020-10-13 18:42:21 +03:00
ready = sock_accept_conn(&listener->rx) > 0;
MAJOR: listener: support inheriting a listening fd from the parent Using the address syntax "fd@<num>", a listener may inherit a file descriptor that the caller process has already bound and passed as this number. The fd's socket family is detected using getsockname(), and the usual initialization is performed through the existing code for that family, but the socket creation is skipped. Whether the parent has performed the listen() call or not is not important as this is detected. For UNIX sockets, we immediately clear the path after preparing a socket so that we never remove it in case an abort would happen due to a late error during startup.
2013-03-11 02:51:38 +04:00
MEDIUM: tcp: make use of sock_inet_bind_receiver() This removes all the AF_INET-specific code from tcp_bind_listener() and now simply relies on sock_inet_bind_listener() to do the same job. The function was now roughly cut in half and its error path significantly simplified.
2020-09-01 17:12:50 +03:00
if (!ready && /* only listen if not already done by external process */
MINOR: listener: introduce listener_backlog() to report the backlog value In an attempt to try to provide automatic maxconn settings, we need to decorrelate a listner's backlog and maxconn so that these values can be independent. This introduces a listener_backlog() function which retrieves the backlog value from the listener's backlog, the frontend's, the listener's maxconn, the frontend's or falls back to 1024. This corresponds to what was done in cfgparse.c to force a value there except the last fallback which was not set since the frontend's maxconn is always known.
2019-02-27 17:39:41 +03:00
listen(fd, listener_backlog(listener)) == -1) {
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
err |= ERR_RETRYABLE | ERR_ALERT;
msg = "cannot listen to socket";
goto tcp_close_return;
}
[MEDIUM] extract TCP request processing from HTTP The TCP analyser has moved to proto_tcp.c. Breaking the function has required finer use of the return value and adding some tests to process_session().
2008-12-01 01:15:34 +03:00
[BUILD] compilation of haproxy-1.4-dev2 on FreeBSD Please consider the following patches. They are required to compile haproxy-1.4-dev2 on FreeBSD. Summary: 1) include <sys/types.h> before <netinet/tcp.h> 2) Use IPPROTO_TCP instead of SOL_TCP (they are both defined as 6, TCP protocol number)
2009-08-24 15:11:06 +04:00
#if defined(TCP_QUICKACK)
[MEDIUM] implement option tcp-smart-accept at the frontend This option disables TCP quick ack upon accept. It is also automatically enabled in HTTP mode, unless the option is explicitly disabled with "no option tcp-smart-accept". This saves one packet per connection which can bring reasonable amounts of bandwidth for servers processing small requests.
2009-06-14 14:07:01 +04:00
if (listener->options & LI_O_NOQUICKACK)
[CLEANUP] Remove unnecessary casts There is no need to cast when going to or from void *
2011-06-24 10:11:37 +04:00
setsockopt(fd, IPPROTO_TCP, TCP_QUICKACK, &zero, sizeof(zero));
MINOR: tcp: When binding socket, attempt to reuse one from the old proc. Try to reuse any socket from the old process, provided by the "-x" flag, before binding a new one, assuming it is compatible. "Compatible" here means same address and port, same namspace if any, same interface if any, and that the following flags are the same : LI_O_FOREIGN, LI_O_V6ONLY and LI_O_V4V6. Also change tcp_bind_listener() to always enable/disable socket options, instead of just doing so if it is in the configuration file, as the option may have been removed, ie TCP_FASTOPEN may have been set in the old process, and removed from the new configuration, so we have to disable it.
2017-04-05 23:39:56 +03:00
else
setsockopt(fd, IPPROTO_TCP, TCP_QUICKACK, &one, sizeof(one));
[MEDIUM] implement option tcp-smart-accept at the frontend This option disables TCP quick ack upon accept. It is also automatically enabled in HTTP mode, unless the option is explicitly disabled with "no option tcp-smart-accept". This saves one packet per connection which can bring reasonable amounts of bandwidth for servers processing small requests.
2009-06-14 14:07:01 +04:00
#endif
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
/* the socket is ready */
MINOR: listeners: introduce listener_set_state() This function is used as a wrapper to set a listener's state everywhere. We'll use it later to maintain some counters in a consistent state when switching state so it's capital that all state changes go through it. No functional change was made beyond calling the wrapper.
2020-09-24 08:23:45 +03:00
listener_set_state(listener, LI_LISTEN);
BUG/MINOR: proto_tcp: Report warning messages when listeners are bound When a TCP listener is bound, in the tcp_bind_listener() function, a warning message may be reported and should be displayed on verbose mode. But the warning message is actually lost if the socket is successfully bound because we don't fill the <errmsg> variable in this case. This patch should fix the issue #863. No backport is needed.
2020-10-07 12:14:47 +03:00
goto tcp_return;
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
MEDIUM: tcp: make use of sock_inet_bind_receiver() This removes all the AF_INET-specific code from tcp_bind_listener() and now simply relies on sock_inet_bind_listener() to do the same job. The function was now roughly cut in half and its error path significantly simplified.
2020-09-01 17:12:50 +03:00
tcp_close_return:
close(fd);
MEDIUM: protocol: do not call proto->bind() anymore from bind_listener() All protocol's listeners now only take care of themselves and not of the receiver anymore since that's already being done in proto_bind_all(). Now it finally becomes obvious that UDP doesn't need a listener, as the only thing it does is to set the listener's state to LI_LISTEN!
2020-09-02 19:40:02 +03:00
tcp_return:
[MINOR] startup: print the proxy socket which caused an error Add the address and port to the error message of the proxy socket that caused the error. This can be helpful when several listening addresses are used in a proxy. Edit: since we now also support unix sockets (which already report their path), better move the address reporting to proto_tcp.c by analogy. -Willy
2010-11-01 21:26:01 +03:00
if (msg && errlen) {
char pn[INET6_ADDRSTRLEN];
REORG: listener: move the listening address to a struct receiver The address will be specific to the receiver so let's move it there.
2020-08-27 08:48:42 +03:00
addr_to_str(&listener->rx.addr, pn, sizeof(pn));
snprintf(errmsg, errlen, "%s [%s:%d]", msg, pn, get_host_port(&listener->rx.addr));
[MINOR] startup: print the proxy socket which caused an error Add the address and port to the error message of the proxy socket that caused the error. This can be helpful when several listening addresses are used in a proxy. Edit: since we now also support unix sockets (which already report their path), better move the address reporting to proto_tcp.c by analogy. -Willy
2010-11-01 21:26:01 +03:00
}
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
return err;
}
MINOR: protocols: always pass a "port" argument to the listener creation It's a shame that cfgparse() has to make special cases of each protocol just to cast the port to the target address family. Let's pass the port in argument to the function. The unix listener simply ignores it.
2017-09-15 08:44:44 +03:00
/* Add <listener> to the list of tcpv4 listeners, on port <port>. The
* listener's state is automatically updated from LI_INIT to LI_ASSIGNED.
* The number of listeners for the protocol is updated.
BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff Dragan Dosen found that the listeners lock is not sufficient to protect the listeners list when proxies are stopping because the listeners are also unlinked from the protocol list, and under certain situations like bombing with soft-stop signals or shutting down many frontends in parallel from multiple CLI connections, it could be possible to provoke multiple instances of delete_listener() to be called in parallel for different listeners, thus corrupting the protocol lists. Such operations are pretty rare, they are performed once per proxy upon startup and once per proxy on shut down. Thus there is no point trying to optimize anything and we can use a global lock to protect the protocol lists during these manipulations. This fix (or a variant) will have to be backported as far as 1.8.
2019-07-24 17:45:02 +03:00
*
* Must be called with proto_lock held.
*
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
*/
MINOR: protocols: register the ->add function and stop calling them directly cfgparse has no business directly calling each individual protocol's 'add' function to create a listener. Now that they're all registered, better perform a protocol lookup on the family and have a standard ->add method for all of them.
2017-09-15 08:55:51 +03:00
static void tcpv4_add_listener(struct listener *listener, int port)
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
{
if (listener->state != LI_INIT)
return;
MINOR: listeners: introduce listener_set_state() This function is used as a wrapper to set a listener's state everywhere. We'll use it later to maintain some counters in a consistent state when switching state so it's capital that all state changes go through it. No functional change was made beyond calling the wrapper.
2020-09-24 08:23:45 +03:00
listener_set_state(listener, LI_ASSIGNED);
REORG: listener: move the listener's proto to the receiver The receiver is the one which depends on the protocol while the listener relies on the receiver. Let's move the protocol there. Since there's also a list element to get back to the listener from the proto list, this list element (proto_list) was moved as well. For now when scanning protos, we still see listeners which are linked by their rx.proto_list part.
2020-08-28 20:51:44 +03:00
listener->rx.proto = &proto_tcpv4;
REORG: listener: move the listening address to a struct receiver The address will be specific to the receiver so let's move it there.
2020-08-27 08:48:42 +03:00
((struct sockaddr_in *)(&listener->rx.addr))->sin_port = htons(port);
MINOR: protocol: rename the ->listeners field to ->receivers Since the listeners were split into receiver+listener, this field ought to have been renamed because it's confusing. It really links receivers and not listeners, as most of the time it's used via rx.proto_list! The nb_listeners field was updated accordingly.
2020-09-25 18:01:43 +03:00
LIST_ADDQ(&proto_tcpv4.receivers, &listener->rx.proto_list);
proto_tcpv4.nb_receivers++;
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
}
MINOR: protocols: always pass a "port" argument to the listener creation It's a shame that cfgparse() has to make special cases of each protocol just to cast the port to the target address family. Let's pass the port in argument to the function. The unix listener simply ignores it.
2017-09-15 08:44:44 +03:00
/* Add <listener> to the list of tcpv6 listeners, on port <port>. The
* listener's state is automatically updated from LI_INIT to LI_ASSIGNED.
* The number of listeners for the protocol is updated.
BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff Dragan Dosen found that the listeners lock is not sufficient to protect the listeners list when proxies are stopping because the listeners are also unlinked from the protocol list, and under certain situations like bombing with soft-stop signals or shutting down many frontends in parallel from multiple CLI connections, it could be possible to provoke multiple instances of delete_listener() to be called in parallel for different listeners, thus corrupting the protocol lists. Such operations are pretty rare, they are performed once per proxy upon startup and once per proxy on shut down. Thus there is no point trying to optimize anything and we can use a global lock to protect the protocol lists during these manipulations. This fix (or a variant) will have to be backported as far as 1.8.
2019-07-24 17:45:02 +03:00
*
* Must be called with proto_lock held.
*
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
*/
MINOR: protocols: register the ->add function and stop calling them directly cfgparse has no business directly calling each individual protocol's 'add' function to create a listener. Now that they're all registered, better perform a protocol lookup on the family and have a standard ->add method for all of them.
2017-09-15 08:55:51 +03:00
static void tcpv6_add_listener(struct listener *listener, int port)
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
{
if (listener->state != LI_INIT)
return;
MINOR: listeners: introduce listener_set_state() This function is used as a wrapper to set a listener's state everywhere. We'll use it later to maintain some counters in a consistent state when switching state so it's capital that all state changes go through it. No functional change was made beyond calling the wrapper.
2020-09-24 08:23:45 +03:00
listener_set_state(listener, LI_ASSIGNED);
REORG: listener: move the listener's proto to the receiver The receiver is the one which depends on the protocol while the listener relies on the receiver. Let's move the protocol there. Since there's also a list element to get back to the listener from the proto list, this list element (proto_list) was moved as well. For now when scanning protos, we still see listeners which are linked by their rx.proto_list part.
2020-08-28 20:51:44 +03:00
listener->rx.proto = &proto_tcpv6;
REORG: listener: move the listening address to a struct receiver The address will be specific to the receiver so let's move it there.
2020-08-27 08:48:42 +03:00
((struct sockaddr_in *)(&listener->rx.addr))->sin_port = htons(port);
MINOR: protocol: rename the ->listeners field to ->receivers Since the listeners were split into receiver+listener, this field ought to have been renamed because it's confusing. It really links receivers and not listeners, as most of the time it's used via rx.proto_list! The nb_listeners field was updated accordingly.
2020-09-25 18:01:43 +03:00
LIST_ADDQ(&proto_tcpv6.receivers, &listener->rx.proto_list);
proto_tcpv6.nb_receivers++;
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
}
MINOR: protocol: add a new pair of enable/disable methods for listeners These methods will be used to enable/disable accepting new connections so that listeners do not play with FD directly anymore. Since all the currently supported protocols work on socket for now, these are identical to the rx_enable/rx_disable functions. However they were not defined in sock.c since it's likely that some will quickly start to differ. At the moment they're not used. We have to take care of fd_updt before calling fd_{want,stop}_recv() because it's allocated fairly late in the boot process and some such functions may be called very early (e.g. to stop a disabled frontend's listeners).
2020-09-25 20:27:39 +03:00
/* Enable receipt of incoming connections for listener <l>. The receiver must
* still be valid. Does nothing in early boot (needs fd_updt).
*/
static void tcp_enable_listener(struct listener *l)
{
if (fd_updt)
fd_want_recv(l->rx.fd);
}
/* Disable receipt of incoming connections for listener <l>. The receiver must
* still be valid. Does nothing in early boot (needs fd_updt).
*/
static void tcp_disable_listener(struct listener *l)
{
if (fd_updt)
fd_stop_recv(l->rx.fd);
}
MINOR: protocol: replace ->pause(listener) with ->rx_suspend(receiver) The ->pause method is inappropriate since it doesn't exactly "pause" a listener but rather temporarily disables it so that it's not visible at all to let another process take its place. The term "suspend" is more suitable, since the "pause" is actually what we'll need to apply to the FULL and LIMITED states which really need to make a pause in the accept process. And it goes well with the use of the "resume" function that will also need to be made per-protocol. Let's rename the function and make it act on the receiver since it's already what it essentially does, hence the prefix "_rx" to make it more explicit. The protocol struct was a bit reordered because it was becoming a real mess between the parts related to the listeners and those for the receivers.
2020-09-25 18:12:32 +03:00
/* Suspend a receiver. Returns < 0 in case of failure, 0 if the receiver
* was totally stopped, or > 0 if correctly suspended.
MEDIUM: listener: implement a per-protocol pause() function In order to fix the abstact socket pause mechanism during soft restarts, we'll need to proceed differently depending on the socket protocol. The pause_listener() function already supports some protocol-specific handling for the TCP case. This commit makes this cleaner by adding a new ->pause() function to the protocol struct, which, if defined, may be used to pause a listener of a given protocol. For now, only TCP has been adapted, with the specific code moved from pause_listener() to tcp_pause_listener().
2014-07-07 22:22:12 +04:00
*/
MINOR: protocol: replace ->pause(listener) with ->rx_suspend(receiver) The ->pause method is inappropriate since it doesn't exactly "pause" a listener but rather temporarily disables it so that it's not visible at all to let another process take its place. The term "suspend" is more suitable, since the "pause" is actually what we'll need to apply to the FULL and LIMITED states which really need to make a pause in the accept process. And it goes well with the use of the "resume" function that will also need to be made per-protocol. Let's rename the function and make it act on the receiver since it's already what it essentially does, hence the prefix "_rx" to make it more explicit. The protocol struct was a bit reordered because it was becoming a real mess between the parts related to the listeners and those for the receivers.
2020-09-25 18:12:32 +03:00
static int tcp_suspend_receiver(struct receiver *rx)
MEDIUM: listener: implement a per-protocol pause() function In order to fix the abstact socket pause mechanism during soft restarts, we'll need to proceed differently depending on the socket protocol. The pause_listener() function already supports some protocol-specific handling for the TCP case. This commit makes this cleaner by adding a new ->pause() function to the protocol struct, which, if defined, may be used to pause a listener of a given protocol. For now, only TCP has been adapted, with the specific code moved from pause_listener() to tcp_pause_listener().
2014-07-07 22:22:12 +04:00
{
CLEANUP: protocol: intitialize all of the sockaddr when disconnecting In issue #894, Coverity suspects uninitialized values for a socket's address whose family is AF_UNSPEC but it doesn't know that the address is not used in this case. It's not on a critical path and working around it is trivial, let's fully declare the address. We're doing it for both TCP and UDP, because the same principle appears at two places.
2020-10-14 11:50:41 +03:00
const struct sockaddr sa = { .sa_family = AF_UNSPEC };
CLEANUP: tcp: make use of sock_accept_conn() where relevant This allows to get rid of two getsockopt(SO_ACCEPTCONN).
2020-10-13 18:42:21 +03:00
int ret;
MEDIUM: proto_tcp: make the pause() more robust in multi-process In multi-process, the TCP pause is very brittle and we never noticed it because the error was lost in the upper layers. The problem is that shutdown() may fail if another process already did it, and will cause a process to fail to pause. What we do here in case of error is that we double-check the socket's state to verify if it's still accepting connections, and if not, we can conclude that another process already did the job in parallel. The difficulty here is that we're trying to eliminate false positives where some OSes will silently report a success on shutdown() while they don't shut the socket down, hence this dance of shutw/listen/shutr that only keeps the compatible ones. Probably that a new approach relying on connect(AF_UNSPEC) would provide better results.
2020-10-08 17:51:09 +03:00
MINOR: proto-tcp: make use of connect(AF_UNSPEC) for the pause Currently the suspend/resume mechanism for listeners only works on Linux and we resort to a number of tricks involving shutdown+listen+shutdown to try to detect failures on other operating systems that do not support it. But on Linux connect(AF_UNSPEC) also works pretty well and is much cleaner. It still doesn't work on other operating systems but the error is easier to detect and appears safer. So let's switch to this.
2020-10-13 17:34:19 +03:00
if (connect(rx->fd, &sa, sizeof(sa)) < 0)
goto check_already_done;
MEDIUM: proto_tcp: make the pause() more robust in multi-process In multi-process, the TCP pause is very brittle and we never noticed it because the error was lost in the upper layers. The problem is that shutdown() may fail if another process already did it, and will cause a process to fail to pause. What we do here in case of error is that we double-check the socket's state to verify if it's still accepting connections, and if not, we can conclude that another process already did the job in parallel. The difficulty here is that we're trying to eliminate false positives where some OSes will silently report a success on shutdown() while they don't shut the socket down, hence this dance of shutw/listen/shutr that only keeps the compatible ones. Probably that a new approach relying on connect(AF_UNSPEC) would provide better results.
2020-10-08 17:51:09 +03:00
MINOR: protocol: replace ->pause(listener) with ->rx_suspend(receiver) The ->pause method is inappropriate since it doesn't exactly "pause" a listener but rather temporarily disables it so that it's not visible at all to let another process take its place. The term "suspend" is more suitable, since the "pause" is actually what we'll need to apply to the FULL and LIMITED states which really need to make a pause in the accept process. And it goes well with the use of the "resume" function that will also need to be made per-protocol. Let's rename the function and make it act on the receiver since it's already what it essentially does, hence the prefix "_rx" to make it more explicit. The protocol struct was a bit reordered because it was becoming a real mess between the parts related to the listeners and those for the receivers.
2020-09-25 18:12:32 +03:00
fd_stop_recv(rx->fd);
MEDIUM: listener: implement a per-protocol pause() function In order to fix the abstact socket pause mechanism during soft restarts, we'll need to proceed differently depending on the socket protocol. The pause_listener() function already supports some protocol-specific handling for the TCP case. This commit makes this cleaner by adding a new ->pause() function to the protocol struct, which, if defined, may be used to pause a listener of a given protocol. For now, only TCP has been adapted, with the specific code moved from pause_listener() to tcp_pause_listener().
2014-07-07 22:22:12 +04:00
return 1;
MEDIUM: proto_tcp: make the pause() more robust in multi-process In multi-process, the TCP pause is very brittle and we never noticed it because the error was lost in the upper layers. The problem is that shutdown() may fail if another process already did it, and will cause a process to fail to pause. What we do here in case of error is that we double-check the socket's state to verify if it's still accepting connections, and if not, we can conclude that another process already did the job in parallel. The difficulty here is that we're trying to eliminate false positives where some OSes will silently report a success on shutdown() while they don't shut the socket down, hence this dance of shutw/listen/shutr that only keeps the compatible ones. Probably that a new approach relying on connect(AF_UNSPEC) would provide better results.
2020-10-08 17:51:09 +03:00
check_already_done:
/* in case one of the shutdown() above fails, it might be because we're
* dealing with a socket that is shared with other processes doing the
* same. Let's check if it's still accepting connections.
*/
CLEANUP: tcp: make use of sock_accept_conn() where relevant This allows to get rid of two getsockopt(SO_ACCEPTCONN).
2020-10-13 18:42:21 +03:00
ret = sock_accept_conn(rx);
if (ret <= 0) {
/* unrecoverable or paused by another process */
MINOR: protocol: replace ->pause(listener) with ->rx_suspend(receiver) The ->pause method is inappropriate since it doesn't exactly "pause" a listener but rather temporarily disables it so that it's not visible at all to let another process take its place. The term "suspend" is more suitable, since the "pause" is actually what we'll need to apply to the FULL and LIMITED states which really need to make a pause in the accept process. And it goes well with the use of the "resume" function that will also need to be made per-protocol. Let's rename the function and make it act on the receiver since it's already what it essentially does, hence the prefix "_rx" to make it more explicit. The protocol struct was a bit reordered because it was becoming a real mess between the parts related to the listeners and those for the receivers.
2020-09-25 18:12:32 +03:00
fd_stop_recv(rx->fd);
CLEANUP: tcp: make use of sock_accept_conn() where relevant This allows to get rid of two getsockopt(SO_ACCEPTCONN).
2020-10-13 18:42:21 +03:00
return ret == 0;
MINOR: listeners: move fd_stop_recv() to the receiver's socket code fd_stop_recv() has nothing to do in the generic listener code, it's per protocol as some don't need it. For instance with abns@ it could even lead to fd_stop_recv(-1). And later with QUIC we don't want to touch the fd at all! It used to be that since commit f2cb169487 delegating fd manipulation to their respective threads it wasn't possible to call it down there but it's not the case anymore, so let's perform the action in the protocol-specific code.
2020-09-24 19:20:37 +03:00
}
MEDIUM: proto_tcp: make the pause() more robust in multi-process In multi-process, the TCP pause is very brittle and we never noticed it because the error was lost in the upper layers. The problem is that shutdown() may fail if another process already did it, and will cause a process to fail to pause. What we do here in case of error is that we double-check the socket's state to verify if it's still accepting connections, and if not, we can conclude that another process already did the job in parallel. The difficulty here is that we're trying to eliminate false positives where some OSes will silently report a success on shutdown() while they don't shut the socket down, hence this dance of shutw/listen/shutr that only keeps the compatible ones. Probably that a new approach relying on connect(AF_UNSPEC) would provide better results.
2020-10-08 17:51:09 +03:00
CLEANUP: tcp: make use of sock_accept_conn() where relevant This allows to get rid of two getsockopt(SO_ACCEPTCONN).
2020-10-13 18:42:21 +03:00
/* still listening, that's not good */
MEDIUM: proto_tcp: make the pause() more robust in multi-process In multi-process, the TCP pause is very brittle and we never noticed it because the error was lost in the upper layers. The problem is that shutdown() may fail if another process already did it, and will cause a process to fail to pause. What we do here in case of error is that we double-check the socket's state to verify if it's still accepting connections, and if not, we can conclude that another process already did the job in parallel. The difficulty here is that we're trying to eliminate false positives where some OSes will silently report a success on shutdown() while they don't shut the socket down, hence this dance of shutw/listen/shutr that only keeps the compatible ones. Probably that a new approach relying on connect(AF_UNSPEC) would provide better results.
2020-10-08 17:51:09 +03:00
return -1;
MEDIUM: listener: implement a per-protocol pause() function In order to fix the abstact socket pause mechanism during soft restarts, we'll need to proceed differently depending on the socket protocol. The pause_listener() function already supports some protocol-specific handling for the TCP case. This commit makes this cleaner by adding a new ->pause() function to the protocol struct, which, if defined, may be used to pause a listener of a given protocol. For now, only TCP has been adapted, with the specific code moved from pause_listener() to tcp_pause_listener().
2014-07-07 22:22:12 +04:00
}
MINOR: protocol: implement an ->rx_resume() method This one undoes ->rx_suspend(), it tries to restore an operational socket. It was only implemented for TCP since it's the only one we support right now.
2020-09-25 20:40:31 +03:00
/* Resume a receiver. Returns < 0 in case of failure, 0 if the receiver
* was totally stopped, or > 0 if correctly suspended.
*/
static int tcp_resume_receiver(struct receiver *rx)
{
struct listener *l = LIST_ELEM(rx, struct listener *, rx);
if (rx->fd < 0)
return 0;
if (listen(rx->fd, listener_backlog(l)) == 0) {
fd_want_recv(l->rx.fd);
return 1;
}
return -1;
}
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 03:09:36 +03:00
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/
Reference in New Issue Copy Permalink