upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-03-12 05:32:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
haproxy/include/common/defaults.h

252 lines
7.6 KiB
C
Raw Normal View History

[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
* include/common/defaults.h
* Miscellaneous default values.
*
* Copyright (C) 2000-2010 Willy Tarreau - w@1wt.eu
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation, version 2.1
* exclusively.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#ifndef _COMMON_DEFAULTS_H
#define _COMMON_DEFAULTS_H
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* BUFSIZE defines the size of a read and write buffer. It is the maximum
* amount of bytes which can be stored by the proxy for each session. However,
* when reading HTTP headers, the proxy needs some spare space to add or rewrite
* headers if needed. The size of this spare is defined with MAXREWRITE. So it
* is not possible to process headers longer than BUFSIZE-MAXREWRITE bytes. By
* default, BUFSIZE=16384 bytes and MAXREWRITE=BUFSIZE/2, so the maximum length
* of headers accepted is 8192 bytes, which is in line with Apache's limits.
*/
#ifndef BUFSIZE
#define BUFSIZE 16384
#endif
// reserved buffer space for header rewriting
#ifndef MAXREWRITE
#define MAXREWRITE (BUFSIZE / 2)
#endif
MINOR: defaults: allow REQURI_LEN and CAPTURE_LEN to be redefined Some users want to change these default settings but it was not convenient.
2013-06-03 09:52:52 -04:00
#ifndef REQURI_LEN
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#define REQURI_LEN 1024
MINOR: defaults: allow REQURI_LEN and CAPTURE_LEN to be redefined Some users want to change these default settings but it was not convenient.
2013-06-03 09:52:52 -04:00
#endif
#ifndef CAPTURE_LEN
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#define CAPTURE_LEN 64
MINOR: defaults: allow REQURI_LEN and CAPTURE_LEN to be redefined Some users want to change these default settings but it was not convenient.
2013-06-03 09:52:52 -04:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: log: make MAX_SYSLOG_LEN overridable at build time This value was set in log.h without any #ifndef around, so when one wanted to change it, a patch was needed. Let's move it to defaults.h with the usual #ifndef so that it's easier to change it.
2014-06-27 12:08:49 -04:00
#ifndef MAX_SYSLOG_LEN
#define MAX_SYSLOG_LEN 1024
#endif
[MEDIUM] Handle long lines properly Currently, there is a hidden line length limit in the haproxy, set to 256-1 chars. With large acls (for example many hdr(host) matches) it may be not enough and which is even worse, error message may be totally confusing as everything above this limit is treated as a next line: echo -ne "frontend aqq 1.2.3.4:80\nmode http\nacl e hdr(host) -i X X X X X X X www.xx.example.com stats\n"| sed s/X/www.some-host-name.example.com/g > ha.cfg && haproxy -c -f ./ha.cfg [WARNING] 300/163906 (11342) : parsing [./ha.cfg:4] : 'stats' ignored because frontend 'aqq' has no backend capability. Recently I hit simmilar problem and it took me a while to find why requests for "stats" are not handled properly. This patch: - makes the limit configurable (LINESIZE) - increases default line length limit from 256 to 2048 - increases MAX_LINE_ARGS from 40 to 64 - fixes hidden assignment in fgets() - moves arg/end/args/line inside the loop, making code auditing easier - adds a check that shows error if the limit is reached - changes "*line++ = 0;" to "*line++ = '\0';" (cosmetics) With this patch, when LINESIZE is defined to 256, above example produces: [ALERT] 300/164724 (27364) : parsing [/tmp/ha.cfg:3]: line too long, limit: 255. [ALERT] 300/164724 (27364) : Error reading configuration file : /tmp/ha.cfg
2007-10-31 19:33:12 -04:00
// maximum line size when parsing config
#ifndef LINESIZE
#define LINESIZE 2048
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
// max # args on a configuration line
[MEDIUM] Handle long lines properly Currently, there is a hidden line length limit in the haproxy, set to 256-1 chars. With large acls (for example many hdr(host) matches) it may be not enough and which is even worse, error message may be totally confusing as everything above this limit is treated as a next line: echo -ne "frontend aqq 1.2.3.4:80\nmode http\nacl e hdr(host) -i X X X X X X X www.xx.example.com stats\n"| sed s/X/www.some-host-name.example.com/g > ha.cfg && haproxy -c -f ./ha.cfg [WARNING] 300/163906 (11342) : parsing [./ha.cfg:4] : 'stats' ignored because frontend 'aqq' has no backend capability. Recently I hit simmilar problem and it took me a while to find why requests for "stats" are not handled properly. This patch: - makes the limit configurable (LINESIZE) - increases default line length limit from 256 to 2048 - increases MAX_LINE_ARGS from 40 to 64 - fixes hidden assignment in fgets() - moves arg/end/args/line inside the loop, making code auditing easier - adds a check that shows error if the limit is reached - changes "*line++ = 0;" to "*line++ = '\0';" (cosmetics) With this patch, when LINESIZE is defined to 256, above example produces: [ALERT] 300/164724 (27364) : parsing [/tmp/ha.cfg:3]: line too long, limit: 255. [ALERT] 300/164724 (27364) : Error reading configuration file : /tmp/ha.cfg
2007-10-31 19:33:12 -04:00
#define MAX_LINE_ARGS 64
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[CLEANUP] move remaining stats sockets code to dumpstats The remains of the stats socket code has nothing to do in proto_uxst anymore and must move to dumpstats. The code is much cleaner and more structured. It was also an opportunity to rename AN_REQ_UNIX_STATS as AN_REQ_STATS_SOCK as the stats socket is no longer unix-specific either. The last item refering to stats in proto_uxst is the setting of the task's nice value which should in fact come from the listener.
2009-08-16 13:06:42 -04:00
// max # args on a stats socket
MINOR: cli: make it possible to enter multiple values at once with "set table" The "set table" statement allows to create new entries with their respective values. Till now it was limited to a single data type per line, requiring as many "set table" statements as the desired data types to be set. Since this is only a parser limitation, this patch gets rid of it. It also allows the creation of a key with no data types (all reset to their default values).
2013-08-01 15:11:42 -04:00
// This should cover at least 5 + twice the # of data_types
#define MAX_STATS_ARGS 64
[MAJOR] proto_uxst rework -> SNMP support Currently there is a ~16KB limit for a data size passed via unix socket. It is caused by a trivial bug ttat is going to fixed soon, however in most cases there is no need to dump a full stats. This patch makes possible to select a scope of dumped data by extending current "show stat" to "show stat [<iid> <type> <sid>]": - iid is a proxy id, -1 to dump all proxies - type selects type of dumpable objects: 1 for frontend, 2 for backend, 4 for server, -1 for all types. Values can be ORed, for example: 1+2=3 -> frontend+backend. 1+2+4=7 -> frontend+backend+server. - sid is a service id, -1 to dump everything from the selected proxy. To do this I implemented a new session flag (SN_STAT_BOUND), added three variables in data_ctx.stats (iid, type, sid), modified dumpstats.c and completely revorked the process_uxst_stats: now it waits for a "\n" terminated string, splits args and uses them. BTW: It should be quite easy to add new commands, for example to enable/disable servers, the only problem I can see is a not very lucky config name (*stats* socket). :| During the work I also fixed two bug: - s->flags were not initialized for proto_uxst - missing comma if throttling not enabled (caused by a stupid change in "Implement persistent id for proxies and servers") Other changes: - No more magic type valuse, use STATS_TYPE_FE/STATS_TYPE_BE/STATS_TYPE_SV - Don't memset full s->data_ctx (it was clearing s->data_ctx.stats.{iid/type/sid}, instead initialize stats.sv & stats.sv_st (stats.px and stats.px_st were already initialized) With all that changes it was extremely easy to write a short perl plugin for a perl-enabled net-snmp (also included in this patch). 29385 is my PEN (Private Enterprise Number) and I'm willing to donate the SNMPv2-SMI::enterprises.29385.106.* OIDs for HAProxy if there is nothing assigned already.
2008-03-01 20:42:14 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
// max # of matches per regexp
#define MAX_MATCH 10
[MEDIUM] added the hdr_idx structure for future HTTP header indexing This structure will consume 4 bytes per header to keep track of headers within a request or a response without having to parse the whole request for each regex. As it's not possible to allocate only 4 bytes, we define a max number of HTTP headers. We set it to (BUFSIZE+79)/80 so that 8kB buffers can contain 100 headers (like Apache), resulting in 400 bytes dedicated to indexation, or about 400/(2*8kB) ~= 2.4% of the memory usage.
2006-12-03 09:21:35 -05:00
// max # of headers in one HTTP request or response
MEDIUM: tune.http.maxhdr makes it possible to configure the maximum number of HTTP headers For a long time, the max number of headers was taken as a part of the buffer size. Since the header size can be configured at runtime, it does not make much sense anymore. Nothing was making it necessary to have a static value, so let's turn this into a tunable with a default value of 101 which equals what was previously used.
2011-10-24 13:14:41 -04:00
// By default, about 100 headers (+1 for the first line)
[MEDIUM] added the hdr_idx structure for future HTTP header indexing This structure will consume 4 bytes per header to keep track of headers within a request or a response without having to parse the whole request for each regex. As it's not possible to allocate only 4 bytes, we define a max number of HTTP headers. We set it to (BUFSIZE+79)/80 so that 8kB buffers can contain 100 headers (like Apache), resulting in 400 bytes dedicated to indexation, or about 400/(2*8kB) ~= 2.4% of the memory usage.
2006-12-03 09:21:35 -05:00
#ifndef MAX_HTTP_HDR
MEDIUM: tune.http.maxhdr makes it possible to configure the maximum number of HTTP headers For a long time, the max number of headers was taken as a part of the buffer size. Since the header size can be configured at runtime, it does not make much sense anymore. Nothing was making it necessary to have a static value, so let's turn this into a tunable with a default value of 101 which equals what was previously used.
2011-10-24 13:14:41 -04:00
#define MAX_HTTP_HDR 101
[MEDIUM] added the hdr_idx structure for future HTTP header indexing This structure will consume 4 bytes per header to keep track of headers within a request or a response without having to parse the whole request for each regex. As it's not possible to allocate only 4 bytes, we define a max number of HTTP headers. We set it to (BUFSIZE+79)/80 so that 8kB buffers can contain 100 headers (like Apache), resulting in 400 bytes dedicated to indexation, or about 400/(2*8kB) ~= 2.4% of the memory usage.
2006-12-03 09:21:35 -05:00
#endif
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
// max # of headers in history when looking for header #-X
#ifndef MAX_HDR_HISTORY
#define MAX_HDR_HISTORY 10
#endif
MINOR: session: make the number of stick counter entries more configurable In preparation of more flexibility in the stick counters, make their number configurable. It still defaults to 3 which is the minimum accepted value. Changing the value alone is not sufficient to get more counters, some bitfields still need to be updated and the TCP actions need to be updated as well, but this update tries to be easier, which is nice for experimentation purposes.
2013-07-23 13:15:30 -04:00
// max # of stick counters per session (at least 3 for sc0..sc2)
#ifndef MAX_SESS_STKCTR
#define MAX_SESS_STKCTR 3
#endif
MEDIUM: stick-table: make it easier to register extra data types Some users want to add their own data types to stick tables. We don't want to use a linked list here for performance reasons, so we need to continue to use an indexed array. This patch allows one to reserve a compile-time-defined number of extra data types by setting the new macro STKTABLE_EXTRA_DATA_TYPES to anything greater than zero, keeping in mind that anything larger will slightly inflate the memory consumed by stick tables (not per entry though). Then calling stktable_register_data_store() with the new keyword will either register a new keyword or fail if the desired entry was already taken or the keyword already registered. Note that this patch does not dictate how the data will be used, it only offers the possibility to create new keywords and have an index to reference them in the config and in the tables. The caller will not be able to use stktable_data_cast() and will have to explicitly cast the stable pointers to the expected types. It can be used for experimentation as well.
2014-07-15 10:44:27 -04:00
// max # of extra stick-table data types that can be registred at runtime
#ifndef STKTABLE_EXTRA_DATA_TYPES
#define STKTABLE_EXTRA_DATA_TYPES 0
#endif
[MEDIUM] re-implemented the multiple read polling Multiple read polling was temporarily disabled, which had the side effect of burning huge amounts of CPU on large objects. It has now been re-implemented with a limit of 8 calls per wake-up, which seems to provide best results at least on Linux.
2007-03-23 17:39:59 -04:00
// max # of loops we can perform around a read() which succeeds.
// It's very frequent that the system returns a few TCP segments at a time.
#ifndef MAX_READ_POLL_LOOPS
#define MAX_READ_POLL_LOOPS 4
#endif
[OPTIM] stream_sock: don't retry to read after a large read If we get very large data at once, it's almost certain that it's worthless trying to read again, because we got everything we could get. Doing this has made all -EAGAIN disappear from splice reads. The threshold has been put in the global tunable structures so that if we one day want to make it accessible from user config, it will be easy to do so.
2009-03-21 15:43:57 -04:00
// minimum number of bytes read at once above which we don't try to read
// more, in order not to risk facing an EAGAIN. Most often, if we read
// at least 10 kB, we can consider that the system has tried to read a
// full buffer and got multiple segments (>1 MSS for jumbo frames, >7 MSS
// for normal frames) did not bother truncating the last segment.
#ifndef MIN_RECV_AT_ONCE_ENOUGH
#define MIN_RECV_AT_ONCE_ENOUGH (7*1448)
#endif
[OPTIM] stream_sock: don't use splice on too small payloads It's more expensive to call splice() on short payloads than to use recv()+send(). One of the reasons is that doing a splice() involves allocating a pipe. One other reason is that the kernel will have to copy itself if we try to splice less than a page. So let's fix a short offset of 4kB below which we don't splice. A quick test shows that on chunked encoded data, with splice we had 6826 syscalls (1715 splice, 3461 recv, 1650 send) while with this patch, the same transfer resulted in 5793 syscalls (3896 recv, 1897 send).
2011-05-11 14:47:24 -04:00
// The minimum number of bytes to be forwarded that is worth trying to splice.
// Below 4kB, it's not worth allocating pipes nor pretending to zero-copy.
#ifndef MIN_SPLICE_FORWARD
#define MIN_SPLICE_FORWARD 4096
#endif
[MEDIUM] limit the number of events returned by *poll* By default, epoll/kqueue used to return as many events as possible. This could sometimes cause huge latencies (latencies of up to 400 ms have been observed with many thousands of fds at once). Limiting the number of events returned also reduces the latency by avoiding too many blind processing. The value is set to 200 by default and can be changed in the global section using the tune.maxpollevents parameter.
2007-06-03 11:16:49 -04:00
// the max number of events returned in one call to poll/epoll. Too small a
// value will cause lots of calls, and too high a value may cause high latency.
#ifndef MAX_POLL_EVENTS
#define MAX_POLL_EVENTS 200
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
// cookie delimitor in "prefix" mode. This character is inserted between the
// persistence cookie and the original value. The '~' is allowed by RFC2965,
// and should not be too common in server names.
#ifndef COOKIE_DELIM
#define COOKIE_DELIM '~'
#endif
[MEDIUM] cookie: support client cookies with some contents appended to their value In all cookie persistence modes but prefix, we now support cookies whose value is suffixed with some contents after a vertical bar ('|'). This will be used to pass an optional expiration date. So as of now we only consider the part of the cookie value which is used before the vertical bar. (cherry picked from commit a4486bf4e5b03b5a980d03fef799f6407b2c992d)
2010-10-06 13:25:55 -04:00
// this delimitor is used between a server's name and a last visit date in
// cookies exchanged with the client.
#ifndef COOKIE_DELIM_DATE
#define COOKIE_DELIM_DATE '|'
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#define CONN_RETRIES 3
#define CHK_CONNTIME 2000
#define DEF_CHKINTR 2000
#define DEF_FALLTIME 3
#define DEF_RISETIME 2
MEDIUM: Set rise and fall of agent checks to 1 This is achieved by moving rise and fall from struct server to struct check. After this move the behaviour of the primary check, server->check is unchanged. However, the secondary agent check, server->agent now has independent rise and fall values each of which are set to 1. The result is that receiving "fail", "stopped" or "down" just once from the agent will mark the server as down. And receiving a weight just once will allow the server to be marked up if its primary check is in good health. This opens up the scope to allow the rise and fall values of the agent check to be configurable, however this has not been implemented at this stage. Signed-off-by: Simon Horman <horms@verge.net.au>
2013-11-24 20:46:38 -05:00
#define DEF_AGENT_FALLTIME 1
#define DEF_AGENT_RISETIME 1
[MINOR] checks: make the HTTP check code add the CRLF itself Currently we cannot easily add headers nor anything to HTTP checks because the requests are pre-formatted with the last CRLF. Make the check code add the CRLF itself so that we can later add useful info.
2010-01-27 05:28:42 -05:00
#define DEF_CHECK_REQ "OPTIONS / HTTP/1.0\r\n"
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
#define DEF_CHECK_PATH ""
[MEDIUM] implement SMTP health checks Peter van Dijk contributed this patch which implements the "smtpchk" option, which is to SMTP what "httpchk" is to HTTP. By default, it sends "HELO localhost" to the servers, and waits for the 250 message, but it can also send a specific request.
2007-05-08 17:50:35 -04:00
#define DEF_SMTP_CHECK_REQ "HELO localhost\r\n"
[MINOR] checks: add support for LDAPv3 health checks This patch provides a new "option ldap-check" statement to enable server health checks based on LDAPv3 bind requests. (cherry picked from commit b76b44c6fed8a7ba6f0f565dd72a9cb77aaeca7c)
2010-09-29 12:17:05 -04:00
#define DEF_LDAP_CHECK_REQ "\x30\x0c\x02\x01\x01\x60\x07\x02\x01\x03\x04\x00\x80\x00"
[MINOR] check: add redis check support This patch provides a new "option redis-check" statement to enable server health checks based on redis PING request (http://www.redis.io/commands/ping).
2011-08-05 10:23:48 -04:00
#define DEF_REDIS_CHECK_REQ "*1\r\n$4\r\nPING\r\n"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] Decrease server health based on http responses / events, version 3 Implement decreasing health based on observing communication between HAProxy and servers. Changes in this version 2: - documentation - close race between a started check and health analysis event - don't force fastinter if it is not set - better names for options - layer4 support Changes in this version 3: - add stats - port to the current 1.4 tree
2009-12-15 16:31:24 -05:00
#define DEF_HANA_ONERR HANA_ONERR_FAILCHK
#define DEF_HANA_ERRLIMIT 10
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
// X-Forwarded-For header default
#define DEF_XFORWARDFOR_HDR "X-Forwarded-For"
[MINOR] add X-Original-To: header I have attached a patch which will add on every http request a new header 'X-Original-To'. If you have HAProxy running in transparent mode with a big number of SQUID servers behind it, it is very nice to have the original destination ip as a common header to make decisions based on it. The whole thing is configurable with a new option 'originalto'. I have updated the sourcecode as well as the documentation. The 'haproxy-en.txt' and 'haproxy-fr.txt' files are untouched, due to lack of my french language knowledge. ;) Also the patch adds this header for IPv4 only. I haven't any IPv6 test environment running here and don't know if getsockopt() with SO_ORIGINAL_DST will work on IPv6. If someone knows it and wants to test it I can modify the diff. Feel free to ask me questions or things which should be changed. :) --Maik
2009-04-17 12:53:21 -04:00
// X-Original-To header default
#define DEF_XORIGINALTO_HDR "X-Original-To"
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* Default connections limit.
*
* A system limit can be enforced at build time in order to avoid using haproxy
* beyond reasonable system limits. For this, just define SYSTEM_MAXCONN to the
* absolute limit accepted by the system. If the configuration specifies a
* higher value, it will be capped to SYSTEM_MAXCONN and a warning will be
* emitted. The only way to override this limit will be to set it via the
* command-line '-n' argument.
*/
#ifndef SYSTEM_MAXCONN
[MINOR] make DEFAULT_MAXCONN user-configurable at build time The only way to set this previously was to set SYSTEM_MAXCONN which serves a different purpose.
2009-06-15 10:33:36 -04:00
#ifndef DEFAULT_MAXCONN
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#define DEFAULT_MAXCONN 2000
[MINOR] make DEFAULT_MAXCONN user-configurable at build time The only way to set this previously was to set SYSTEM_MAXCONN which serves a different purpose.
2009-06-15 10:33:36 -04:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#else
[MINOR] make DEFAULT_MAXCONN user-configurable at build time The only way to set this previously was to set SYSTEM_MAXCONN which serves a different purpose.
2009-06-15 10:33:36 -04:00
#undef DEFAULT_MAXCONN
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#define DEFAULT_MAXCONN SYSTEM_MAXCONN
#endif
[MEDIUM] only consider slow checks when looking for the common interval When one server in one backend has a very low check interval, it imposes its value as the minimal interval, causing all other servers to start their checks close to each other, thus partially voiding the benefits of the spread checks. The solution consists in ignoring intervals lower than a given value (SRV_CHK_INTER_THRES = 1000 ms) when computing the minimal interval, and then assigning them a start date relative to their own interval and not the global one. With this change, the checks distribution clearly looks better.
2007-10-14 17:05:39 -04:00
/* Minimum check interval for spread health checks. Servers with intervals
* greater than or equal to this value will have their checks spread apart
* and will be considered when searching the minimal interval.
* Others will be ignored for the minimal interval and will have their checks
* scheduled on a different basis.
*/
#ifndef SRV_CHK_INTER_THRES
#define SRV_CHK_INTER_THRES 1000
#endif
[MINOR] report haproxy's version by default on the stats page For people who manage many haproxies, it is sometimes convenient to be informed of their version. This patch adds this, with the option to disable this report by specifying "stats hide-version". Also, the feature may be permanently disabled by setting the STATS_VERSION_STRING to "" (empty string), or the format can simply be adjusted.
2007-10-15 04:05:11 -04:00
/* Specifies the string used to report the version and release date on the
* statistics page. May be defined to the empty string ("") to permanently
* disable the feature.
*/
#ifndef STATS_VERSION_STRING
#define STATS_VERSION_STRING " version " HAPROXY_VERSION ", released " HAPROXY_DATE
#endif
[MINOR] add basic signal handling functions These functions will be used to deliver asynchronous signals in order to make the signal handling functions more robust. The goal is to keep the same interface to signal handlers.
2009-05-10 02:53:33 -04:00
/* Maximum signal queue size, and also number of different signals we can
* handle.
*/
#ifndef MAX_SIGNAL
#define MAX_SIGNAL 256
#endif
[MINOR] export the hostname variable so that all the code can access it The hostname variable will be used later, export it.
2009-08-16 04:08:02 -04:00
/* Maximum host name length */
#ifndef MAX_HOSTNAME_LEN
#define MAX_HOSTNAME_LEN 32
#endif
[MINOR] Capture & display more data from health checks, v2 Capture & display more data from health checks, like strerror(errno) for L4 failed checks or a first line from a response for L7 successes/failed checks. Non ascii or control characters are masked with chunk_htmlencode() (html stats) or chunk_asciiencode() (logs).
2009-10-10 15:06:49 -04:00
/* Maximum health check description length */
#ifndef HCHK_DESC_LEN
#define HCHK_DESC_LEN 128
#endif
MINOR: ssl: add defines LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS. These ones are used to set the default ciphers suite on "bind" lines and "server" lines respectively, instead of using OpenSSL's defaults. These are probably mainly useful for distro packagers.
2012-10-05 09:47:31 -04:00
/* ciphers used as defaults on connect */
#ifndef CONNECT_DEFAULT_CIPHERS
#define CONNECT_DEFAULT_CIPHERS NULL
#endif
/* ciphers used as defaults on listeners */
#ifndef LISTEN_DEFAULT_CIPHERS
#define LISTEN_DEFAULT_CIPHERS NULL
#endif
BUG/MEDIUM: ssl: ECDHE ciphers not usable without named curve configured. Fix consists to use prime256v1 as default named curve to init ECDHE ciphers if none configured.
2013-03-06 08:08:53 -05:00
/* named curve used as defaults for ECDHE ciphers */
#ifndef ECDHE_DEFAULT_CURVE
#define ECDHE_DEFAULT_CURVE "prime256v1"
#endif
MINOR: build: allow packagers to specify the ssl cache size This is done by passing the default value to SSLCACHESIZE in sessions. User can use tune.sslcachesize to change this value. By default, it is set to 20000 sessions as openssl internal cache size. Currently, a session entry size is between 592 and 616 bytes depending on the arch.
2012-11-14 05:32:56 -05:00
/* ssl cache size */
#ifndef SSLCACHESIZE
#define SSLCACHESIZE 20000
#endif
MEDIUM: ssl: Add the option to use standardized DH parameters >= 1024 bits When no static DH parameters are specified, this patch makes haproxy use standardized (rfc 2409 / rfc 3526) DH parameters with prime lenghts of 1024, 2048, 4096 or 8192 bits for DHE key exchange. The size of the temporary/ephemeral DH key is computed as the minimum of the RSA/DSA server key size and the value of a new option named tune.ssl.default-dh-param.
2014-06-12 08:58:40 -04:00
/* ssl max dh param size */
#ifndef SSL_DEFAULT_DH_PARAM
#define SSL_DEFAULT_DH_PARAM 0
#endif
MEDIUM: session: maintain per-backend and per-server time statistics Using the last rate counters, we now compute the queue, connect, response and total times per server and per backend with a 95% accuracy over the last 1024 samples. The operation is cheap so we don't need to condition it.
2014-06-17 06:19:18 -04:00
/* Number of samples used to compute the times reported in stats. A power of
* two is highly recommended, and this value multiplied by the largest response
* time must not overflow and unsigned int. See freq_ctr.h for more information.
* We consider that values are accurate to 95% with two batches of samples below,
* so in order to advertise accurate times across 1k samples, we effectively
* measure over 512.
*/
#ifndef TIME_STATS_SAMPLES
#define TIME_STATS_SAMPLES 512
#endif
MEDIUM: ssl: basic OCSP stapling support. The support is all based on static responses. This doesn't add any request / response logic to HAProxy, but allows a way to update information through the socket interface. Currently certificates specified using "crt" or "crt-list" on "bind" lines are loaded as PEM files. For each PEM file, haproxy checks for the presence of file at the same path suffixed by ".ocsp". If such file is found, support for the TLS Certificate Status Request extension (also known as "OCSP stapling") is automatically enabled. The content of this file is optional. If not empty, it must contain a valid OCSP Response in DER format. In order to be valid an OCSP Response must comply with the following rules: it has to indicate a good status, it has to be a single response for the certificate of the PEM file, and it has to be valid at the moment of addition. If these rules are not respected the OCSP Response is ignored and a warning is emitted. In order to identify which certificate an OCSP Response applies to, the issuer's certificate is necessary. If the issuer's certificate is not found in the PEM file, it will be loaded from a file at the same path as the PEM file suffixed by ".issuer" if it exists otherwise it will fail with an error. It is possible to update an OCSP Response from the unix socket using: set ssl ocsp-response <response> This command is used to update an OCSP Response for a certificate (see "crt" on "bind" lines). Same controls are performed as during the initial loading of the response. The <response> must be passed as a base64 encoded string of the DER encoded response from the OCSP server. Example: openssl ocsp -issuer issuer.pem -cert server.pem \ -host ocsp.issuer.com:80 -respout resp.der echo "set ssl ocsp-response $(base64 -w 10000 resp.der)" | \ socat stdio /var/run/haproxy.stat This feature is automatically enabled on openssl 0.9.8h and above. This work was performed jointly by Dirkjan Bussink of GitHub and Emeric Brun of HAProxy Technologies.
2014-06-16 12:36:30 -04:00
/* max ocsp cert id asn1 encoded length */
#ifndef OCSP_MAX_CERTID_ASN1_LENGTH
#define OCSP_MAX_CERTID_ASN1_LENGTH 128
#endif
MEDIUM: ssl: add 300s supported time skew on OCSP response update. OCSP_MAX_RESPONSE_TIME_SKEW can be set to a different value at compilation (default is 300 seconds).
2014-06-19 08:16:17 -04:00
#ifndef OCSP_MAX_RESPONSE_TIME_SKEW
#define OCSP_MAX_RESPONSE_TIME_SKEW 300
#endif
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#endif /* _COMMON_DEFAULTS_H */
Reference in a new issue Copy permalink