1 /*
2 * HA-Proxy : High Availability-enabled HTTP/TCP proxy
3 * Copyright 2000-2021 Willy Tarreau <willy@haproxy.org>.
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version
8 * 2 of the License, or (at your option) any later version.
9 *
10 * Please refer to RFC7230 - RFC7235 informations about HTTP protocol, and
11 * RFC6265 for informations about cookies usage. More generally, the IETF HTTP
12 * Working Group's web site should be consulted for protocol related changes :
13 *
14 * http://ftp.ics.uci.edu/pub/ietf/http/
15 *
16 * Pending bugs (may be not fixed because never reproduced) :
17 * - solaris only : sometimes, an HTTP proxy with only a dispatch address causes
18 * the proxy to terminate (no core) if the client breaks the connection during
19 * the response. Seen on 1.1.8pre4, but never reproduced. May not be related to
20 * the snprintf() bug since requests were simple (GET / HTTP/1.0), but may be
21 * related to missing setsid() (fixed in 1.1.15)
22 * - a proxy with an invalid config will prevent the startup even if disabled.
23 *
24 * ChangeLog has moved to the CHANGELOG file.
25 *
26 */
27
28 #define _GNU_SOURCE
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <unistd.h>
32 #include <string.h>
33 #include <ctype.h>
34 #include <dirent.h>
35 #include <sys/stat.h>
36 #include <sys/time.h>
37 #include <sys/types.h>
38 #include <sys/socket.h>
39 #include <netinet/tcp.h>
40 #include <netinet/in.h>
41 #include <arpa/inet.h>
42 #include <net/if.h>
43 #include <netdb.h>
44 #include <fcntl.h>
45 #include <errno.h>
46 #include <signal.h>
47 #include <stdarg.h>
48 #include <sys/resource.h>
49 #include <sys/wait.h>
50 #include <time.h>
51 #include <syslog.h>
52 #include <grp.h>
53 #ifdef USE_CPU_AFFINITY
54 #include <sched.h>
55 #if defined(__FreeBSD__) || defined(__DragonFly__)
56 #include <sys/param.h>
57 #ifdef __FreeBSD__
58 #include <sys/cpuset.h>
59 #endif
60 #include <pthread_np.h>
61 #endif
62 #endif
63
64 #if defined(USE_PRCTL)
65 #include <sys/prctl.h>
66 #endif
67
68 #ifdef DEBUG_FULL
69 #include <assert.h>
70 #endif
71 #if defined(USE_SYSTEMD)
72 #include <systemd/sd-daemon.h>
73 #endif
74
75 #include <import/sha1.h>
76
77 #include <common/base64.h>
78 #include <common/cfgparse.h>
79 #include <common/chunk.h>
80 #include <common/compat.h>
81 #include <common/config.h>
82 #include <common/defaults.h>
83 #include <common/errors.h>
84 #include <common/initcall.h>
85 #include <common/memory.h>
86 #include <common/mini-clist.h>
87 #include <common/namespace.h>
88 #include <common/net_helper.h>
89 #include <common/openssl-compat.h>
90 #include <common/regex.h>
91 #include <common/standard.h>
92 #include <common/time.h>
93 #include <common/uri_auth.h>
94 #include <common/version.h>
95 #include <common/hathreads.h>
96
97 #include <types/capture.h>
98 #include <types/cli.h>
99 #include <types/filters.h>
100 #include <types/global.h>
101 #include <types/acl.h>
102 #include <types/peers.h>
103
104 #include <proto/acl.h>
105 #include <proto/activity.h>
106 #include <proto/arg.h>
107 #include <proto/auth.h>
108 #include <proto/backend.h>
109 #include <proto/channel.h>
110 #include <proto/checks.h>
111 #include <proto/cli.h>
112 #include <proto/connection.h>
113 #include <proto/fd.h>
114 #include <proto/filters.h>
115 #include <proto/hdr_idx.h>
116 #include <proto/hlua.h>
117 #include <proto/http_rules.h>
118 #include <proto/listener.h>
119 #include <proto/log.h>
120 #include <proto/mworker.h>
121 #include <proto/pattern.h>
122 #include <proto/protocol.h>
123 #include <proto/proto_http.h>
124 #include <proto/proxy.h>
125 #include <proto/queue.h>
126 #include <proto/server.h>
127 #include <proto/session.h>
128 #include <proto/stream.h>
129 #include <proto/signal.h>
130 #include <proto/task.h>
131 #include <proto/dns.h>
132 #include <proto/vars.h>
133 #include <proto/ssl_sock.h>
134
135 /* array of init calls for older platforms */
136 DECLARE_INIT_STAGES;
137
138 /* list of config files */
139 static struct list cfg_cfgfiles = LIST_HEAD_INIT(cfg_cfgfiles);
140 int pid; /* current process id */
141 int relative_pid = 1; /* process id starting at 1 */
142 unsigned long pid_bit = 1; /* bit corresponding to the process id */
143 unsigned long all_proc_mask = 1; /* mask of all processes */
144
145 volatile unsigned long sleeping_thread_mask = 0; /* Threads that are about to sleep in poll() */
146 volatile unsigned long stopping_thread_mask = 0; /* Threads acknowledged stopping */
147
148 /* global options */
149 struct global global = {
150 .hard_stop_after = TICK_ETERNITY,
151 .nbproc = 1,
152 .nbthread = 0,
153 .req_count = 0,
154 .logsrvs = LIST_HEAD_INIT(global.logsrvs),
155 .maxzlibmem = 0,
156 .comp_rate_lim = 0,
157 .ssl_server_verify = SSL_SERVER_VERIFY_REQUIRED,
158 .unix_bind = {
159 .ux = {
160 .uid = -1,
161 .gid = -1,
162 .mode = 0,
163 }
164 },
165 .tune = {
166 .options = GTUNE_LISTENER_MQ,
167 .bufsize = (BUFSIZE + 2*sizeof(void *) - 1) & -(2*sizeof(void *)),
168 .maxrewrite = -1,
169 .chksize = (BUFSIZE + 2*sizeof(void *) - 1) & -(2*sizeof(void *)),
170 .reserved_bufs = RESERVED_BUFS,
171 .pattern_cache = DEFAULT_PAT_LRU_SIZE,
172 .pool_low_ratio = 20,
173 .pool_high_ratio = 25,
174 #ifdef USE_OPENSSL
175 .sslcachesize = SSLCACHESIZE,
176 #endif
177 .comp_maxlevel = 1,
178 #ifdef DEFAULT_IDLE_TIMER
179 .idle_timer = DEFAULT_IDLE_TIMER,
180 #else
181 .idle_timer = 1000, /* 1 second */
182 #endif
183 },
184 #ifdef USE_OPENSSL
185 #ifdef DEFAULT_MAXSSLCONN
186 .maxsslconn = DEFAULT_MAXSSLCONN,
187 #endif
188 #endif
189 /* others NULL OK */
190 };
191
192 /*********************************************************************/
193
194 int stopping; /* non zero means stopping in progress */
195 int killed; /* non zero means a hard-stop is triggered */
196 int jobs = 0; /* number of active jobs (conns, listeners, active tasks, ...) */
197 int unstoppable_jobs = 0; /* number of active jobs that can't be stopped during a soft stop */
198 int active_peers = 0; /* number of active peers (connection attempts and connected) */
199 int connected_peers = 0; /* number of connected peers (verified ones) */
200
201 /* Here we store informations about the pids of the processes we may pause
202 * or kill. We will send them a signal every 10 ms until we can bind to all
203 * our ports. With 200 retries, that's about 2 seconds.
204 */
205 #define MAX_START_RETRIES 200
206 static int *oldpids = NULL;
207 static int oldpids_sig; /* use USR1 or TERM */
208
209 /* Path to the unix socket we use to retrieve listener sockets from the old process */
210 static const char *old_unixsocket;
211
212 static char *cur_unixsocket = NULL;
213
214 int atexit_flag = 0;
215
216 int nb_oldpids = 0;
217 const int zero = 0;
218 const int one = 1;
219 const struct linger nolinger = { .l_onoff = 1, .l_linger = 0 };
220
221 char hostname[MAX_HOSTNAME_LEN];
222 char localpeer[MAX_HOSTNAME_LEN];
223
224 /* used from everywhere just to drain results we don't want to read and which
225 * recent versions of gcc increasingly and annoyingly complain about.
226 */
227 int shut_your_big_mouth_gcc_int = 0;
228
229 static char **old_argv = NULL; /* previous argv but cleaned up */
230
231 struct list proc_list = LIST_HEAD_INIT(proc_list);
232
233 int master = 0; /* 1 if in master, 0 if in child */
234 unsigned int rlim_fd_cur_at_boot = 0;
235 unsigned int rlim_fd_max_at_boot = 0;
236
237 /* per-boot randomness */
238 unsigned char boot_seed[20]; /* per-boot random seed (160 bits initially) */
239
240 struct mworker_proc *proc_self = NULL;
241
242 /* list of the temporarily limited listeners because of lack of resource */
243 struct list global_listener_queue = LIST_HEAD_INIT(global_listener_queue);
244 struct task *global_listener_queue_task;
245 static struct task *manage_global_listener_queue(struct task *t, void *context, unsigned short state);
246
247 static void *run_thread_poll_loop(void *data);
248
249 /* bitfield of a few warnings to emit just once (WARN_*) */
250 unsigned int warned = 0;
251
252 /* master CLI configuration (-S flag) */
253 struct list mworker_cli_conf = LIST_HEAD_INIT(mworker_cli_conf);
254
255 /* These are strings to be reported in the output of "haproxy -vv". They may
256 * either be constants (in which case must_free must be zero) or dynamically
257 * allocated strings to pass to free() on exit, and in this case must_free
258 * must be non-zero.
259 */
260 struct list build_opts_list = LIST_HEAD_INIT(build_opts_list);
261 struct build_opts_str {
262 struct list list;
263 const char *str;
264 int must_free;
265 };
266
267 /* These functions are called just after the point where the program exits
268 * after a config validity check, so they are generally suited for resource
269 * allocation and slow initializations that should be skipped during basic
270 * config checks. The functions must return 0 on success, or a combination
271 * of ERR_* flags (ERR_WARN, ERR_ABORT, ERR_FATAL, ...). The 2 latter cause
272 * and immediate exit, so the function must have emitted any useful error.
273 */
274 struct list post_check_list = LIST_HEAD_INIT(post_check_list);
275 struct post_check_fct {
276 struct list list;
277 int (*fct)();
278 };
279
280 /* These functions are called for each thread just after the thread creation
281 * and before running the init functions. They should be used to do per-thread
282 * (re-)allocations that are needed by subsequent functoins. They must return 0
283 * if an error occurred. */
284 struct list per_thread_alloc_list = LIST_HEAD_INIT(per_thread_alloc_list);
285 struct per_thread_alloc_fct {
286 struct list list;
287 int (*fct)();
288 };
289
290 /* These functions are called for each thread just after the thread creation
291 * and before running the scheduler. They should be used to do per-thread
292 * initializations. They must return 0 if an error occurred. */
293 struct list per_thread_init_list = LIST_HEAD_INIT(per_thread_init_list);
294 struct per_thread_init_fct {
295 struct list list;
296 int (*fct)();
297 };
298
299 /* These functions are called when freeing the global sections at the end of
300 * deinit, after everything is stopped. They don't return anything. They should
301 * not release shared resources that are possibly used by other deinit
302 * functions, only close/release what is private. Use the per_thread_free_list
303 * to release shared resources.
304 */
305 struct list post_deinit_list = LIST_HEAD_INIT(post_deinit_list);
306 struct post_deinit_fct {
307 struct list list;
308 void (*fct)();
309 };
310
311 /* These functions are called when freeing the global sections at the end of
312 * deinit, after the thread deinit functions, to release unneeded memory
313 * allocations. They don't return anything, and they work in best effort mode
314 * as their sole goal is to make valgrind mostly happy.
315 */
316 struct list per_thread_free_list = LIST_HEAD_INIT(per_thread_free_list);
317 struct per_thread_free_fct {
318 struct list list;
319 int (*fct)();
320 };
321
322 /* These functions are called for each thread just after the scheduler loop and
323 * before exiting the thread. They don't return anything and, as for post-deinit
324 * functions, they work in best effort mode as their sole goal is to make
325 * valgrind mostly happy. */
326 struct list per_thread_deinit_list = LIST_HEAD_INIT(per_thread_deinit_list);
327 struct per_thread_deinit_fct {
328 struct list list;
329 void (*fct)();
330 };
331
332 /*********************************************************************/
333 /* general purpose functions ***************************************/
334 /*********************************************************************/
335
336 /* used to register some build option strings at boot. Set must_free to
337 * non-zero if the string must be freed upon exit.
338 */
hap_register_build_opts(const char * str,int must_free)339 void hap_register_build_opts(const char *str, int must_free)
340 {
341 struct build_opts_str *b;
342
343 b = calloc(1, sizeof(*b));
344 if (!b) {
345 fprintf(stderr, "out of memory\n");
346 exit(1);
347 }
348 b->str = str;
349 b->must_free = must_free;
350 LIST_ADDQ(&build_opts_list, &b->list);
351 }
352
353 /* used to register some initialization functions to call after the checks. */
hap_register_post_check(int (* fct)())354 void hap_register_post_check(int (*fct)())
355 {
356 struct post_check_fct *b;
357
358 b = calloc(1, sizeof(*b));
359 if (!b) {
360 fprintf(stderr, "out of memory\n");
361 exit(1);
362 }
363 b->fct = fct;
364 LIST_ADDQ(&post_check_list, &b->list);
365 }
366
367 /* used to register some de-initialization functions to call after everything
368 * has stopped.
369 */
hap_register_post_deinit(void (* fct)())370 void hap_register_post_deinit(void (*fct)())
371 {
372 struct post_deinit_fct *b;
373
374 b = calloc(1, sizeof(*b));
375 if (!b) {
376 fprintf(stderr, "out of memory\n");
377 exit(1);
378 }
379 b->fct = fct;
380 LIST_ADDQ(&post_deinit_list, &b->list);
381 }
382
383 /* used to register some allocation functions to call for each thread. */
hap_register_per_thread_alloc(int (* fct)())384 void hap_register_per_thread_alloc(int (*fct)())
385 {
386 struct per_thread_alloc_fct *b;
387
388 b = calloc(1, sizeof(*b));
389 if (!b) {
390 fprintf(stderr, "out of memory\n");
391 exit(1);
392 }
393 b->fct = fct;
394 LIST_ADDQ(&per_thread_alloc_list, &b->list);
395 }
396
397 /* used to register some initialization functions to call for each thread. */
hap_register_per_thread_init(int (* fct)())398 void hap_register_per_thread_init(int (*fct)())
399 {
400 struct per_thread_init_fct *b;
401
402 b = calloc(1, sizeof(*b));
403 if (!b) {
404 fprintf(stderr, "out of memory\n");
405 exit(1);
406 }
407 b->fct = fct;
408 LIST_ADDQ(&per_thread_init_list, &b->list);
409 }
410
411 /* used to register some de-initialization functions to call for each thread. */
hap_register_per_thread_deinit(void (* fct)())412 void hap_register_per_thread_deinit(void (*fct)())
413 {
414 struct per_thread_deinit_fct *b;
415
416 b = calloc(1, sizeof(*b));
417 if (!b) {
418 fprintf(stderr, "out of memory\n");
419 exit(1);
420 }
421 b->fct = fct;
422 LIST_ADDQ(&per_thread_deinit_list, &b->list);
423 }
424
425 /* used to register some free functions to call for each thread. */
hap_register_per_thread_free(int (* fct)())426 void hap_register_per_thread_free(int (*fct)())
427 {
428 struct per_thread_free_fct *b;
429
430 b = calloc(1, sizeof(*b));
431 if (!b) {
432 fprintf(stderr, "out of memory\n");
433 exit(1);
434 }
435 b->fct = fct;
436 LIST_ADDQ(&per_thread_free_list, &b->list);
437 }
438
display_version()439 static void display_version()
440 {
441 printf("HA-Proxy version %s %s - https://haproxy.org/\n", haproxy_version, haproxy_date);
442 }
443
display_build_opts()444 static void display_build_opts()
445 {
446 struct build_opts_str *item;
447
448 printf("Build options :"
449 #ifdef BUILD_TARGET
450 "\n TARGET = " BUILD_TARGET
451 #endif
452 #ifdef BUILD_CPU
453 "\n CPU = " BUILD_CPU
454 #endif
455 #ifdef BUILD_CC
456 "\n CC = " BUILD_CC
457 #endif
458 #ifdef BUILD_CFLAGS
459 "\n CFLAGS = " BUILD_CFLAGS
460 #endif
461 #ifdef BUILD_OPTIONS
462 "\n OPTIONS = " BUILD_OPTIONS
463 #endif
464 #ifdef BUILD_FEATURES
465 "\n\nFeature list : " BUILD_FEATURES
466 #endif
467 "\n\nDefault settings :"
468 "\n bufsize = %d, maxrewrite = %d, maxpollevents = %d"
469 "\n\n",
470 BUFSIZE, MAXREWRITE, MAX_POLL_EVENTS);
471
472 list_for_each_entry(item, &build_opts_list, list) {
473 puts(item->str);
474 }
475
476 putchar('\n');
477
478 list_pollers(stdout);
479 putchar('\n');
480 list_mux_proto(stdout);
481 putchar('\n');
482 list_services(stdout);
483 putchar('\n');
484 list_filters(stdout);
485 putchar('\n');
486 }
487
488 /*
489 * This function prints the command line usage and exits
490 */
usage(char * name)491 static void usage(char *name)
492 {
493 display_version();
494 fprintf(stderr,
495 "Usage : %s [-f <cfgfile|cfgdir>]* [ -vdV"
496 "D ] [ -n <maxconn> ] [ -N <maxpconn> ]\n"
497 " [ -p <pidfile> ] [ -m <max megs> ] [ -C <dir> ] [-- <cfgfile>*]\n"
498 " -v displays version ; -vv shows known build options.\n"
499 " -d enters debug mode ; -db only disables background mode.\n"
500 " -dM[<byte>] poisons memory with <byte> (defaults to 0x50)\n"
501 " -V enters verbose mode (disables quiet mode)\n"
502 " -D goes daemon ; -C changes to <dir> before loading files.\n"
503 " -W master-worker mode.\n"
504 #if defined(USE_SYSTEMD)
505 " -Ws master-worker mode with systemd notify support.\n"
506 #endif
507 " -q quiet mode : don't display messages\n"
508 " -c check mode : only check config files and exit\n"
509 " -n sets the maximum total # of connections (uses ulimit -n)\n"
510 " -m limits the usable amount of memory (in MB)\n"
511 " -N sets the default, per-proxy maximum # of connections (%d)\n"
512 " -L set local peer name (default to hostname)\n"
513 " -p writes pids of all children to this file\n"
514 #if defined(USE_EPOLL)
515 " -de disables epoll() usage even when available\n"
516 #endif
517 #if defined(USE_KQUEUE)
518 " -dk disables kqueue() usage even when available\n"
519 #endif
520 #if defined(USE_EVPORTS)
521 " -dv disables event ports usage even when available\n"
522 #endif
523 #if defined(USE_POLL)
524 " -dp disables poll() usage even when available\n"
525 #endif
526 #if defined(USE_LINUX_SPLICE)
527 " -dS disables splice usage (broken on old kernels)\n"
528 #endif
529 #if defined(USE_GETADDRINFO)
530 " -dG disables getaddrinfo() usage\n"
531 #endif
532 #if defined(SO_REUSEPORT)
533 " -dR disables SO_REUSEPORT usage\n"
534 #endif
535 " -dr ignores server address resolution failures\n"
536 " -dV disables SSL verify on servers side\n"
537 " -sf/-st [pid ]* finishes/terminates old pids.\n"
538 " -x <unix_socket> get listening sockets from a unix socket\n"
539 " -S <bind>[,<bind options>...] new master CLI\n"
540 "\n",
541 name, cfg_maxpconn);
542 exit(1);
543 }
544
545
546
547 /*********************************************************************/
548 /* more specific functions ***************************************/
549 /*********************************************************************/
550
551 /* sends the signal <sig> to all pids found in <oldpids>. Returns the number of
552 * pids the signal was correctly delivered to.
553 */
tell_old_pids(int sig)554 int tell_old_pids(int sig)
555 {
556 int p;
557 int ret = 0;
558 for (p = 0; p < nb_oldpids; p++)
559 if (kill(oldpids[p], sig) == 0)
560 ret++;
561 return ret;
562 }
563
564 /*
565 * remove a pid forom the olpid array and decrease nb_oldpids
566 * return 1 pid was found otherwise return 0
567 */
568
delete_oldpid(int pid)569 int delete_oldpid(int pid)
570 {
571 int i;
572
573 for (i = 0; i < nb_oldpids; i++) {
574 if (oldpids[i] == pid) {
575 oldpids[i] = oldpids[nb_oldpids - 1];
576 oldpids[nb_oldpids - 1] = 0;
577 nb_oldpids--;
578 return 1;
579 }
580 }
581 return 0;
582 }
583
584
get_cur_unixsocket()585 static void get_cur_unixsocket()
586 {
587 /* if -x was used, try to update the stat socket if not available anymore */
588 if (global.stats_fe) {
589 struct bind_conf *bind_conf;
590
591 /* pass through all stats socket */
592 list_for_each_entry(bind_conf, &global.stats_fe->conf.bind, by_fe) {
593 struct listener *l;
594
595 list_for_each_entry(l, &bind_conf->listeners, by_bind) {
596
597 if (l->addr.ss_family == AF_UNIX &&
598 (bind_conf->level & ACCESS_FD_LISTENERS)) {
599 const struct sockaddr_un *un;
600
601 un = (struct sockaddr_un *)&l->addr;
602 /* priority to old_unixsocket */
603 if (!cur_unixsocket) {
604 cur_unixsocket = strdup(un->sun_path);
605 } else {
606 if (old_unixsocket && !strcmp(un->sun_path, old_unixsocket)) {
607 free(cur_unixsocket);
608 cur_unixsocket = strdup(old_unixsocket);
609 return;
610 }
611 }
612 }
613 }
614 }
615 }
616 if (!cur_unixsocket && old_unixsocket)
617 cur_unixsocket = strdup(old_unixsocket);
618 }
619
620 /*
621 * When called, this function reexec haproxy with -sf followed by current
622 * children PIDs and possibly old children PIDs if they didn't leave yet.
623 */
mworker_reload()624 void mworker_reload()
625 {
626 char **next_argv = NULL;
627 int old_argc = 0; /* previous number of argument */
628 int next_argc = 0;
629 int i = 0;
630 char *msg = NULL;
631 struct rlimit limit;
632 struct per_thread_deinit_fct *ptdf;
633
634 mworker_block_signals();
635 #if defined(USE_SYSTEMD)
636 if (global.tune.options & GTUNE_USE_SYSTEMD)
637 sd_notify(0, "RELOADING=1");
638 #endif
639 setenv("HAPROXY_MWORKER_REEXEC", "1", 1);
640
641 mworker_proc_list_to_env(); /* put the children description in the env */
642
643 /* during the reload we must ensure that every FDs that can't be
644 * reuse (ie those that are not referenced in the proc_list)
645 * are closed or they will leak. */
646
647 /* close the listeners FD */
648 mworker_cli_proxy_stop();
649
650 if (getenv("HAPROXY_MWORKER_WAIT_ONLY") == NULL) {
651 /* close the poller FD and the thread waker pipe FD */
652 list_for_each_entry(ptdf, &per_thread_deinit_list, list)
653 ptdf->fct();
654 if (fdtab)
655 deinit_pollers();
656 }
657 #if defined(USE_OPENSSL) && (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
658 /* close random device FDs */
659 RAND_keep_random_devices_open(0);
660 #endif
661
662 /* restore the initial FD limits */
663 limit.rlim_cur = rlim_fd_cur_at_boot;
664 limit.rlim_max = rlim_fd_max_at_boot;
665 if (setrlimit(RLIMIT_NOFILE, &limit) == -1) {
666 getrlimit(RLIMIT_NOFILE, &limit);
667 ha_warning("Failed to restore initial FD limits (cur=%u max=%u), using cur=%u max=%u\n",
668 rlim_fd_cur_at_boot, rlim_fd_max_at_boot,
669 (unsigned int)limit.rlim_cur, (unsigned int)limit.rlim_max);
670 }
671
672 /* compute length */
673 while (old_argv[old_argc])
674 old_argc++;
675
676 /* 1 for haproxy -sf, 2 for -x /socket */
677 next_argv = calloc(old_argc + 1 + 2 + mworker_child_nb() + 1, sizeof(char *));
678 if (next_argv == NULL)
679 goto alloc_error;
680
681 /* copy the program name */
682 next_argv[next_argc++] = old_argv[0];
683
684 /* insert the new options just after argv[0] in case we have a -- */
685
686 /* add -sf <PID>* to argv */
687 if (mworker_child_nb() > 0) {
688 struct mworker_proc *child;
689
690 next_argv[next_argc++] = "-sf";
691
692 list_for_each_entry(child, &proc_list, list) {
693 if (!(child->options & (PROC_O_TYPE_WORKER|PROC_O_TYPE_PROG)) || child->pid <= -1 )
694 continue;
695 if ((next_argv[next_argc++] = memprintf(&msg, "%d", child->pid)) == NULL)
696 goto alloc_error;
697 msg = NULL;
698 }
699 }
700 /* add the -x option with the stat socket */
701 if (cur_unixsocket) {
702 next_argv[next_argc++] = "-x";
703 next_argv[next_argc++] = (char *)cur_unixsocket;
704 }
705
706 /* copy the previous options */
707 for (i = 1; i < old_argc; i++)
708 next_argv[next_argc++] = old_argv[i];
709
710 ha_warning("Reexecuting Master process\n");
711 signal(SIGPROF, SIG_IGN);
712 execvp(next_argv[0], next_argv);
713
714 ha_warning("Failed to reexecute the master process [%d]: %s\n", pid, strerror(errno));
715 free(next_argv);
716 next_argv = NULL;
717 return;
718
719 alloc_error:
720 free(next_argv);
721 next_argv = NULL;
722 ha_warning("Failed to reexecute the master process [%d]: Cannot allocate memory\n", pid);
723 return;
724 }
725
mworker_loop()726 static void mworker_loop()
727 {
728
729 #if defined(USE_SYSTEMD)
730 if (global.tune.options & GTUNE_USE_SYSTEMD)
731 sd_notifyf(0, "READY=1\nMAINPID=%lu", (unsigned long)getpid());
732 #endif
733 /* Busy polling makes no sense in the master :-) */
734 global.tune.options &= ~GTUNE_BUSY_POLLING;
735
736 master = 1;
737
738 signal_unregister(SIGTTIN);
739 signal_unregister(SIGTTOU);
740 signal_unregister(SIGUSR1);
741 signal_unregister(SIGHUP);
742 signal_unregister(SIGQUIT);
743
744 signal_register_fct(SIGTERM, mworker_catch_sigterm, SIGTERM);
745 signal_register_fct(SIGUSR1, mworker_catch_sigterm, SIGUSR1);
746 signal_register_fct(SIGTTIN, mworker_broadcast_signal, SIGTTIN);
747 signal_register_fct(SIGTTOU, mworker_broadcast_signal, SIGTTOU);
748 signal_register_fct(SIGINT, mworker_catch_sigterm, SIGINT);
749 signal_register_fct(SIGHUP, mworker_catch_sighup, SIGHUP);
750 signal_register_fct(SIGUSR2, mworker_catch_sighup, SIGUSR2);
751 signal_register_fct(SIGCHLD, mworker_catch_sigchld, SIGCHLD);
752
753 mworker_unblock_signals();
754 mworker_cleanlisteners();
755 mworker_cleantasks();
756
757 mworker_catch_sigchld(NULL); /* ensure we clean the children in case
758 some SIGCHLD were lost */
759
760 global.nbthread = 1;
761 relative_pid = 1;
762 pid_bit = 1;
763 all_proc_mask = 1;
764
765 #ifdef USE_THREAD
766 tid_bit = 1;
767 all_threads_mask = 1;
768 #endif
769
770 jobs++; /* this is the "master" job, we want to take care of the
771 signals even if there is no listener so the poll loop don't
772 leave */
773
774 fork_poller();
775 run_thread_poll_loop(0);
776 }
777
778 /*
779 * Reexec the process in failure mode, instead of exiting
780 */
reexec_on_failure()781 void reexec_on_failure()
782 {
783 if (!atexit_flag)
784 return;
785
786 setenv("HAPROXY_MWORKER_WAIT_ONLY", "1", 1);
787
788 ha_warning("Reexecuting Master process in waitpid mode\n");
789 mworker_reload();
790 }
791
792
793 /*
794 * upon SIGUSR1, let's have a soft stop. Note that soft_stop() broadcasts
795 * a signal zero to all subscribers. This means that it's as easy as
796 * subscribing to signal 0 to get informed about an imminent shutdown.
797 */
sig_soft_stop(struct sig_handler * sh)798 static void sig_soft_stop(struct sig_handler *sh)
799 {
800 soft_stop();
801 signal_unregister_handler(sh);
802 pool_gc(NULL);
803 }
804
805 /*
806 * upon SIGTTOU, we pause everything
807 */
sig_pause(struct sig_handler * sh)808 static void sig_pause(struct sig_handler *sh)
809 {
810 pause_proxies();
811 pool_gc(NULL);
812 }
813
814 /*
815 * upon SIGTTIN, let's have a soft stop.
816 */
sig_listen(struct sig_handler * sh)817 static void sig_listen(struct sig_handler *sh)
818 {
819 resume_proxies();
820 }
821
822 /*
823 * this function dumps every server's state when the process receives SIGHUP.
824 */
sig_dump_state(struct sig_handler * sh)825 static void sig_dump_state(struct sig_handler *sh)
826 {
827 struct proxy *p = proxies_list;
828
829 ha_warning("SIGHUP received, dumping servers states.\n");
830 while (p) {
831 struct server *s = p->srv;
832
833 send_log(p, LOG_NOTICE, "SIGHUP received, dumping servers states for proxy %s.\n", p->id);
834 while (s) {
835 chunk_printf(&trash,
836 "SIGHUP: Server %s/%s is %s. Conn: %d act, %d pend, %lld tot.",
837 p->id, s->id,
838 (s->cur_state != SRV_ST_STOPPED) ? "UP" : "DOWN",
839 s->cur_sess, s->nbpend, s->counters.cum_sess);
840 ha_warning("%s\n", trash.area);
841 send_log(p, LOG_NOTICE, "%s\n", trash.area);
842 s = s->next;
843 }
844
845 /* FIXME: those info are a bit outdated. We should be able to distinguish between FE and BE. */
846 if (!p->srv) {
847 chunk_printf(&trash,
848 "SIGHUP: Proxy %s has no servers. Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld.",
849 p->id,
850 p->feconn, p->beconn, p->totpend, p->nbpend, p->fe_counters.cum_conn, p->be_counters.cum_conn);
851 } else if (p->srv_act == 0) {
852 chunk_printf(&trash,
853 "SIGHUP: Proxy %s %s ! Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld.",
854 p->id,
855 (p->srv_bck) ? "is running on backup servers" : "has no server available",
856 p->feconn, p->beconn, p->totpend, p->nbpend, p->fe_counters.cum_conn, p->be_counters.cum_conn);
857 } else {
858 chunk_printf(&trash,
859 "SIGHUP: Proxy %s has %d active servers and %d backup servers available."
860 " Conn: act(FE+BE): %d+%d, %d pend (%d unass), tot(FE+BE): %lld+%lld.",
861 p->id, p->srv_act, p->srv_bck,
862 p->feconn, p->beconn, p->totpend, p->nbpend, p->fe_counters.cum_conn, p->be_counters.cum_conn);
863 }
864 ha_warning("%s\n", trash.area);
865 send_log(p, LOG_NOTICE, "%s\n", trash.area);
866
867 p = p->next;
868 }
869 }
870
dump(struct sig_handler * sh)871 static void dump(struct sig_handler *sh)
872 {
873 /* dump memory usage then free everything possible */
874 dump_pools();
875 pool_gc(NULL);
876 }
877
878 /*
879 * This function dup2 the stdio FDs (0,1,2) with <fd>, then closes <fd>
880 * If <fd> < 0, it opens /dev/null and use it to dup
881 *
882 * In the case of chrooting, you have to open /dev/null before the chroot, and
883 * pass the <fd> to this function
884 */
stdio_quiet(int fd)885 static void stdio_quiet(int fd)
886 {
887 if (fd < 0)
888 fd = open("/dev/null", O_RDWR, 0);
889
890 if (fd > -1) {
891 fclose(stdin);
892 fclose(stdout);
893 fclose(stderr);
894
895 dup2(fd, 0);
896 dup2(fd, 1);
897 dup2(fd, 2);
898 if (fd > 2)
899 close(fd);
900 return;
901 }
902
903 ha_alert("Cannot open /dev/null\n");
904 exit(EXIT_FAILURE);
905 }
906
907
908 /* This function checks if cfg_cfgfiles contains directories.
909 * If it finds one, it adds all the files (and only files) it contains
910 * in cfg_cfgfiles in place of the directory (and removes the directory).
911 * It adds the files in lexical order.
912 * It adds only files with .cfg extension.
913 * It doesn't add files with name starting with '.'
914 */
cfgfiles_expand_directories(void)915 static void cfgfiles_expand_directories(void)
916 {
917 struct wordlist *wl, *wlb;
918 char *err = NULL;
919
920 list_for_each_entry_safe(wl, wlb, &cfg_cfgfiles, list) {
921 struct stat file_stat;
922 struct dirent **dir_entries = NULL;
923 int dir_entries_nb;
924 int dir_entries_it;
925
926 if (stat(wl->s, &file_stat)) {
927 ha_alert("Cannot open configuration file/directory %s : %s\n",
928 wl->s,
929 strerror(errno));
930 exit(1);
931 }
932
933 if (!S_ISDIR(file_stat.st_mode))
934 continue;
935
936 /* from this point wl->s is a directory */
937
938 dir_entries_nb = scandir(wl->s, &dir_entries, NULL, alphasort);
939 if (dir_entries_nb < 0) {
940 ha_alert("Cannot open configuration directory %s : %s\n",
941 wl->s,
942 strerror(errno));
943 exit(1);
944 }
945
946 /* for each element in the directory wl->s */
947 for (dir_entries_it = 0; dir_entries_it < dir_entries_nb; dir_entries_it++) {
948 struct dirent *dir_entry = dir_entries[dir_entries_it];
949 char *filename = NULL;
950 char *d_name_cfgext = strstr(dir_entry->d_name, ".cfg");
951
952 /* don't add filename that begin with .
953 * only add filename with .cfg extension
954 */
955 if (dir_entry->d_name[0] == '.' ||
956 !(d_name_cfgext && d_name_cfgext[4] == '\0'))
957 goto next_dir_entry;
958
959 if (!memprintf(&filename, "%s/%s", wl->s, dir_entry->d_name)) {
960 ha_alert("Cannot load configuration files %s : out of memory.\n",
961 filename);
962 exit(1);
963 }
964
965 if (stat(filename, &file_stat)) {
966 ha_alert("Cannot open configuration file %s : %s\n",
967 wl->s,
968 strerror(errno));
969 exit(1);
970 }
971
972 /* don't add anything else than regular file in cfg_cfgfiles
973 * this way we avoid loops
974 */
975 if (!S_ISREG(file_stat.st_mode))
976 goto next_dir_entry;
977
978 if (!list_append_word(&wl->list, filename, &err)) {
979 ha_alert("Cannot load configuration files %s : %s\n",
980 filename,
981 err);
982 exit(1);
983 }
984
985 next_dir_entry:
986 free(filename);
987 free(dir_entry);
988 }
989
990 free(dir_entries);
991
992 /* remove the current directory (wl) from cfg_cfgfiles */
993 free(wl->s);
994 LIST_DEL(&wl->list);
995 free(wl);
996 }
997
998 free(err);
999 }
1000
1001 /* Retrieves old sockets from worker process running the CLI at address
1002 * <unixsocket>. Fills xfer_sock_list with what is found. Returns 0 on
1003 * success, -1 on failure.
1004 */
get_old_sockets(const char * unixsocket)1005 static int get_old_sockets(const char *unixsocket)
1006 {
1007 char *cmsgbuf = NULL, *tmpbuf = NULL;
1008 int *tmpfd = NULL;
1009 struct sockaddr_un addr;
1010 struct cmsghdr *cmsg;
1011 struct msghdr msghdr;
1012 struct iovec iov;
1013 struct xfer_sock_list *xfer_sock = NULL;
1014 struct timeval tv = { .tv_sec = 1, .tv_usec = 0 };
1015 int sock = -1;
1016 int ret = -1;
1017 int ret2 = -1;
1018 int fd_nb;
1019 int got_fd = 0;
1020 int i = 0;
1021 size_t maxoff = 0, curoff = 0;
1022
1023 memset(&msghdr, 0, sizeof(msghdr));
1024 cmsgbuf = malloc(CMSG_SPACE(sizeof(int)) * MAX_SEND_FD);
1025 if (!cmsgbuf) {
1026 ha_warning("Failed to allocate memory to send sockets\n");
1027 goto out;
1028 }
1029 sock = socket(PF_UNIX, SOCK_STREAM, 0);
1030 if (sock < 0) {
1031 ha_warning("Failed to connect to the old process socket '%s'\n",
1032 unixsocket);
1033 goto out;
1034 }
1035 strncpy(addr.sun_path, unixsocket, sizeof(addr.sun_path) - 1);
1036 addr.sun_path[sizeof(addr.sun_path) - 1] = 0;
1037 addr.sun_family = PF_UNIX;
1038 ret = connect(sock, (struct sockaddr *)&addr, sizeof(addr));
1039 if (ret < 0) {
1040 ha_warning("Failed to connect to the old process socket '%s'\n",
1041 unixsocket);
1042 goto out;
1043 }
1044 setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (void *)&tv, sizeof(tv));
1045 iov.iov_base = &fd_nb;
1046 iov.iov_len = sizeof(fd_nb);
1047 msghdr.msg_iov = &iov;
1048 msghdr.msg_iovlen = 1;
1049 send(sock, "_getsocks\n", strlen("_getsocks\n"), 0);
1050 /* First, get the number of file descriptors to be received */
1051 if (recvmsg(sock, &msghdr, MSG_WAITALL) != sizeof(fd_nb)) {
1052 ha_warning("Failed to get the number of sockets to be transferred !\n");
1053 goto out;
1054 }
1055 if (fd_nb == 0) {
1056 ret2 = 0;
1057 goto out;
1058 }
1059 tmpbuf = malloc(fd_nb * (1 + MAXPATHLEN + 1 + IFNAMSIZ + sizeof(int)));
1060 if (tmpbuf == NULL) {
1061 ha_warning("Failed to allocate memory while receiving sockets\n");
1062 goto out;
1063 }
1064 tmpfd = malloc(fd_nb * sizeof(int));
1065 if (tmpfd == NULL) {
1066 ha_warning("Failed to allocate memory while receiving sockets\n");
1067 goto out;
1068 }
1069 msghdr.msg_control = cmsgbuf;
1070 msghdr.msg_controllen = CMSG_SPACE(sizeof(int)) * MAX_SEND_FD;
1071 iov.iov_len = MAX_SEND_FD * (1 + MAXPATHLEN + 1 + IFNAMSIZ + sizeof(int));
1072 do {
1073 int ret3;
1074
1075 iov.iov_base = tmpbuf + curoff;
1076 ret = recvmsg(sock, &msghdr, 0);
1077 if (ret == -1 && errno == EINTR)
1078 continue;
1079 if (ret <= 0)
1080 break;
1081 /* Send an ack to let the sender know we got the sockets
1082 * and it can send some more
1083 */
1084 do {
1085 ret3 = send(sock, &got_fd, sizeof(got_fd), 0);
1086 } while (ret3 == -1 && errno == EINTR);
1087 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg != NULL;
1088 cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
1089 if (cmsg->cmsg_level == SOL_SOCKET &&
1090 cmsg->cmsg_type == SCM_RIGHTS) {
1091 size_t totlen = cmsg->cmsg_len -
1092 CMSG_LEN(0);
1093 if (totlen / sizeof(int) + got_fd > fd_nb) {
1094 ha_warning("Got to many sockets !\n");
1095 goto out;
1096 }
1097 /*
1098 * Be paranoid and use memcpy() to avoid any
1099 * potential alignement issue.
1100 */
1101 memcpy(&tmpfd[got_fd], CMSG_DATA(cmsg), totlen);
1102 got_fd += totlen / sizeof(int);
1103 }
1104 }
1105 curoff += ret;
1106 } while (got_fd < fd_nb);
1107
1108 if (got_fd != fd_nb) {
1109 ha_warning("We didn't get the expected number of sockets (expecting %d got %d)\n",
1110 fd_nb, got_fd);
1111 goto out;
1112 }
1113 maxoff = curoff;
1114 curoff = 0;
1115 for (i = 0; i < got_fd; i++) {
1116 int fd = tmpfd[i];
1117 socklen_t socklen;
1118 int len;
1119
1120 xfer_sock = calloc(1, sizeof(*xfer_sock));
1121 if (!xfer_sock) {
1122 ha_warning("Failed to allocate memory in get_old_sockets() !\n");
1123 break;
1124 }
1125 xfer_sock->fd = -1;
1126
1127 socklen = sizeof(xfer_sock->addr);
1128 if (getsockname(fd, (struct sockaddr *)&xfer_sock->addr, &socklen) != 0) {
1129 ha_warning("Failed to get socket address\n");
1130 free(xfer_sock);
1131 xfer_sock = NULL;
1132 continue;
1133 }
1134 if (curoff >= maxoff) {
1135 ha_warning("Inconsistency while transferring sockets\n");
1136 goto out;
1137 }
1138 len = tmpbuf[curoff++];
1139 if (len > 0) {
1140 /* We have a namespace */
1141 if (curoff + len > maxoff) {
1142 ha_warning("Inconsistency while transferring sockets\n");
1143 goto out;
1144 }
1145 xfer_sock->namespace = malloc(len + 1);
1146 if (!xfer_sock->namespace) {
1147 ha_warning("Failed to allocate memory while transferring sockets\n");
1148 goto out;
1149 }
1150 memcpy(xfer_sock->namespace, &tmpbuf[curoff], len);
1151 xfer_sock->namespace[len] = 0;
1152 curoff += len;
1153 }
1154 if (curoff >= maxoff) {
1155 ha_warning("Inconsistency while transferring sockets\n");
1156 goto out;
1157 }
1158 len = tmpbuf[curoff++];
1159 if (len > 0) {
1160 /* We have an interface */
1161 if (curoff + len > maxoff) {
1162 ha_warning("Inconsistency while transferring sockets\n");
1163 goto out;
1164 }
1165 xfer_sock->iface = malloc(len + 1);
1166 if (!xfer_sock->iface) {
1167 ha_warning("Failed to allocate memory while transferring sockets\n");
1168 goto out;
1169 }
1170 memcpy(xfer_sock->iface, &tmpbuf[curoff], len);
1171 xfer_sock->iface[len] = 0;
1172 curoff += len;
1173 }
1174 if (curoff + sizeof(int) > maxoff) {
1175 ha_warning("Inconsistency while transferring sockets\n");
1176 goto out;
1177 }
1178 memcpy(&xfer_sock->options, &tmpbuf[curoff],
1179 sizeof(xfer_sock->options));
1180 curoff += sizeof(xfer_sock->options);
1181
1182 xfer_sock->fd = fd;
1183 if (xfer_sock_list)
1184 xfer_sock_list->prev = xfer_sock;
1185 xfer_sock->next = xfer_sock_list;
1186 xfer_sock->prev = NULL;
1187 xfer_sock_list = xfer_sock;
1188 xfer_sock = NULL;
1189 }
1190
1191 ret2 = 0;
1192 out:
1193 /* If we failed midway make sure to close the remaining
1194 * file descriptors
1195 */
1196 if (tmpfd != NULL && i < got_fd) {
1197 for (; i < got_fd; i++) {
1198 close(tmpfd[i]);
1199 }
1200 }
1201 free(tmpbuf);
1202 free(tmpfd);
1203 free(cmsgbuf);
1204 if (sock != -1)
1205 close(sock);
1206 if (xfer_sock) {
1207 free(xfer_sock->namespace);
1208 free(xfer_sock->iface);
1209 if (xfer_sock->fd != -1)
1210 close(xfer_sock->fd);
1211 free(xfer_sock);
1212 }
1213 return (ret2);
1214 }
1215
1216 /*
1217 * copy and cleanup the current argv
1218 * Remove the -sf /-st / -x parameters
1219 * Return an allocated copy of argv
1220 */
1221
copy_argv(int argc,char ** argv)1222 static char **copy_argv(int argc, char **argv)
1223 {
1224 char **newargv, **retargv;
1225
1226 newargv = calloc(argc + 2, sizeof(char *));
1227 if (newargv == NULL) {
1228 ha_warning("Cannot allocate memory\n");
1229 return NULL;
1230 }
1231 retargv = newargv;
1232
1233 /* first copy argv[0] */
1234 *newargv++ = *argv++;
1235 argc--;
1236
1237 while (argc > 0) {
1238 if (**argv != '-') {
1239 /* non options are copied but will fail in the argument parser */
1240 *newargv++ = *argv++;
1241 argc--;
1242
1243 } else {
1244 char *flag;
1245
1246 flag = *argv + 1;
1247
1248 if (flag[0] == '-' && flag[1] == 0) {
1249 /* "--\0" copy every arguments till the end of argv */
1250 *newargv++ = *argv++;
1251 argc--;
1252
1253 while (argc > 0) {
1254 *newargv++ = *argv++;
1255 argc--;
1256 }
1257 } else {
1258 switch (*flag) {
1259 case 's':
1260 /* -sf / -st and their parameters are ignored */
1261 if (flag[1] == 'f' || flag[1] == 't') {
1262 argc--;
1263 argv++;
1264 /* The list can't contain a negative value since the only
1265 way to know the end of this list is by looking for the
1266 next option or the end of the options */
1267 while (argc > 0 && argv[0][0] != '-') {
1268 argc--;
1269 argv++;
1270 }
1271 } else {
1272 argc--;
1273 argv++;
1274
1275 }
1276 break;
1277
1278 case 'x':
1279 /* this option and its parameter are ignored */
1280 argc--;
1281 argv++;
1282 if (argc > 0) {
1283 argc--;
1284 argv++;
1285 }
1286 break;
1287
1288 case 'C':
1289 case 'n':
1290 case 'm':
1291 case 'N':
1292 case 'L':
1293 case 'f':
1294 case 'p':
1295 case 'S':
1296 /* these options have only 1 parameter which must be copied and can start with a '-' */
1297 *newargv++ = *argv++;
1298 argc--;
1299 if (argc == 0)
1300 goto error;
1301 *newargv++ = *argv++;
1302 argc--;
1303 break;
1304 default:
1305 /* for other options just copy them without parameters, this is also done
1306 * for options like "--foo", but this will fail in the argument parser.
1307 * */
1308 *newargv++ = *argv++;
1309 argc--;
1310 break;
1311 }
1312 }
1313 }
1314 }
1315
1316 return retargv;
1317
1318 error:
1319 free(retargv);
1320 return NULL;
1321 }
1322
1323
1324 /* Performs basic random seed initialization. The main issue with this is that
1325 * srandom_r() only takes 32 bits and purposely provides a reproducible sequence,
1326 * which means that there will only be 4 billion possible random sequences once
1327 * srandom() is called, regardless of the internal state. Not calling it is
1328 * even worse as we'll always produce the same randoms sequences. What we do
1329 * here is to create an initial sequence from various entropy sources, hash it
1330 * using SHA1 and keep the resulting 160 bits available globally.
1331 *
1332 * We initialize the current process with the first 32 bits before starting the
1333 * polling loop, where all this will be changed to have process specific and
1334 * thread specific sequences.
1335 *
1336 * Before starting threads, it's still possible to call random() as srandom()
1337 * is initialized from this, but after threads and/or processes are started,
1338 * only ha_random() is expected to be used to guarantee distinct sequences.
1339 */
ha_random_boot(char * const * argv)1340 static void ha_random_boot(char *const *argv)
1341 {
1342 unsigned char message[256];
1343 unsigned char *m = message;
1344 struct timeval tv;
1345 blk_SHA_CTX ctx;
1346 unsigned long l;
1347 int fd;
1348 int i;
1349
1350 /* start with current time as pseudo-random seed */
1351 gettimeofday(&tv, NULL);
1352 write_u32(m, tv.tv_sec); m += 4;
1353 write_u32(m, tv.tv_usec); m += 4;
1354
1355 /* PID and PPID add some OS-based randomness */
1356 write_u16(m, getpid()); m += 2;
1357 write_u16(m, getppid()); m += 2;
1358
1359 /* take up to 160 bits bytes from /dev/urandom if available (non-blocking) */
1360 fd = open("/dev/urandom", O_RDONLY);
1361 if (fd >= 0) {
1362 i = read(fd, m, 20);
1363 if (i > 0)
1364 m += i;
1365 close(fd);
1366 }
1367
1368 /* take up to 160 bits bytes from openssl (non-blocking) */
1369 #ifdef USE_OPENSSL
1370 if (RAND_bytes(m, 20) == 1)
1371 m += 20;
1372 #endif
1373
1374 /* take 160 bits from existing random in case it was already initialized */
1375 for (i = 0; i < 5; i++) {
1376 write_u32(m, random());
1377 m += 4;
1378 }
1379
1380 /* stack address (benefit form operating system's ASLR) */
1381 l = (unsigned long)&m;
1382 memcpy(m, &l, sizeof(l)); m += sizeof(l);
1383
1384 /* argv address (benefit form operating system's ASLR) */
1385 l = (unsigned long)&argv;
1386 memcpy(m, &l, sizeof(l)); m += sizeof(l);
1387
1388 /* use tv_usec again after all the operations above */
1389 gettimeofday(&tv, NULL);
1390 write_u32(m, tv.tv_usec); m += 4;
1391
1392 /*
1393 * At this point, ~84-92 bytes have been used
1394 */
1395
1396 /* finish with the hostname */
1397 strncpy((char *)m, hostname, message + sizeof(message) - m);
1398 m += strlen(hostname);
1399
1400 /* total message length */
1401 l = m - message;
1402
1403 memset(&ctx, 0, sizeof(ctx));
1404 blk_SHA1_Init(&ctx);
1405 blk_SHA1_Update(&ctx, message, l);
1406 blk_SHA1_Final(boot_seed, &ctx);
1407
1408 srandom(read_u32(boot_seed));
1409 ha_random_seed(boot_seed, sizeof(boot_seed));
1410 }
1411
1412 /* considers splicing proxies' maxconn, computes the ideal global.maxpipes
1413 * setting, and returns it. It may return -1 meaning "unlimited" if some
1414 * unlimited proxies have been found and the global.maxconn value is not yet
1415 * set. It may also return a value greater than maxconn if it's not yet set.
1416 * Note that a value of zero means there is no need for pipes. -1 is never
1417 * returned if global.maxconn is valid.
1418 */
compute_ideal_maxpipes()1419 static int compute_ideal_maxpipes()
1420 {
1421 struct proxy *cur;
1422 int nbfe = 0, nbbe = 0;
1423 int unlimited = 0;
1424 int pipes;
1425 int max;
1426
1427 for (cur = proxies_list; cur; cur = cur->next) {
1428 if (cur->options2 & (PR_O2_SPLIC_ANY)) {
1429 if (cur->cap & PR_CAP_FE) {
1430 max = cur->maxconn;
1431 nbfe += max;
1432 if (!max) {
1433 unlimited = 1;
1434 break;
1435 }
1436 }
1437 if (cur->cap & PR_CAP_BE) {
1438 max = cur->fullconn ? cur->fullconn : global.maxconn;
1439 nbbe += max;
1440 if (!max) {
1441 unlimited = 1;
1442 break;
1443 }
1444 }
1445 }
1446 }
1447
1448 pipes = MAX(nbfe, nbbe);
1449 if (global.maxconn) {
1450 if (pipes > global.maxconn || unlimited)
1451 pipes = global.maxconn;
1452 } else if (unlimited) {
1453 pipes = -1;
1454 }
1455
1456 return pipes >= 4 ? pipes / 4 : pipes;
1457 }
1458
1459 /* considers global.maxsocks, global.maxpipes, async engines, SSL frontends and
1460 * rlimits and computes an ideal maxconn. It's meant to be called only when
1461 * maxsock contains the sum of listening FDs, before it is updated based on
1462 * maxconn and pipes. If there are not enough FDs left, DEFAULT_MAXCONN (by
1463 * default 100) is returned as it is expected that it will even run on tight
1464 * environments, and will maintain compatibility with previous packages that
1465 * used to rely on this value as the default one. The system will emit a
1466 * warning indicating how many FDs are missing anyway if needed.
1467 */
compute_ideal_maxconn()1468 static int compute_ideal_maxconn()
1469 {
1470 int ssl_sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
1471 int engine_fds = global.ssl_used_async_engines * ssl_sides;
1472 int pipes = compute_ideal_maxpipes();
1473 int remain = MAX(rlim_fd_cur_at_boot, rlim_fd_max_at_boot);
1474 int maxconn;
1475
1476 /* we have to take into account these elements :
1477 * - number of engine_fds, which inflates the number of FD needed per
1478 * connection by this number.
1479 * - number of pipes per connection on average : for the unlimited
1480 * case, this is 0.5 pipe FDs per connection, otherwise it's a
1481 * fixed value of 2*pipes.
1482 * - two FDs per connection
1483 */
1484
1485 /* subtract listeners and checks */
1486 remain -= global.maxsock;
1487
1488 /* one epoll_fd/kqueue_fd per thread */
1489 remain -= global.nbthread;
1490
1491 /* one wake-up pipe (2 fd) per thread */
1492 remain -= 2 * global.nbthread;
1493
1494 /* Fixed pipes values : we only subtract them if they're not larger
1495 * than the remaining FDs because pipes are optional.
1496 */
1497 if (pipes >= 0 && pipes * 2 < remain)
1498 remain -= pipes * 2;
1499
1500 if (pipes < 0) {
1501 /* maxsock = maxconn * 2 + maxconn/4 * 2 + maxconn * engine_fds.
1502 * = maxconn * (2 + 0.5 + engine_fds)
1503 * = maxconn * (4 + 1 + 2*engine_fds) / 2
1504 */
1505 maxconn = 2 * remain / (5 + 2 * engine_fds);
1506 } else {
1507 /* maxsock = maxconn * 2 + maxconn * engine_fds.
1508 * = maxconn * (2 + engine_fds)
1509 */
1510 maxconn = remain / (2 + engine_fds);
1511 }
1512
1513 return MAX(maxconn, DEFAULT_MAXCONN);
1514 }
1515
1516 /*
1517 * This function initializes all the necessary variables. It only returns
1518 * if everything is OK. If something fails, it exits.
1519 */
init(int argc,char ** argv)1520 static void init(int argc, char **argv)
1521 {
1522 int arg_mode = 0; /* MODE_DEBUG, ... */
1523 char *tmp;
1524 char *cfg_pidfile = NULL;
1525 int err_code = 0;
1526 char *err_msg = NULL;
1527 struct wordlist *wl;
1528 char *progname;
1529 char *change_dir = NULL;
1530 struct proxy *px;
1531 struct post_check_fct *pcf;
1532 int ideal_maxconn;
1533
1534 global.mode = MODE_STARTING;
1535 old_argv = copy_argv(argc, argv);
1536 if (!old_argv) {
1537 ha_alert("failed to copy argv.\n");
1538 exit(1);
1539 }
1540
1541 if (!init_trash_buffers(1)) {
1542 ha_alert("failed to initialize trash buffers.\n");
1543 exit(1);
1544 }
1545
1546 /* NB: POSIX does not make it mandatory for gethostname() to NULL-terminate
1547 * the string in case of truncation, and at least FreeBSD appears not to do
1548 * it.
1549 */
1550 memset(hostname, 0, sizeof(hostname));
1551 gethostname(hostname, sizeof(hostname) - 1);
1552 memset(localpeer, 0, sizeof(localpeer));
1553 memcpy(localpeer, hostname, (sizeof(hostname) > sizeof(localpeer) ? sizeof(localpeer) : sizeof(hostname)) - 1);
1554 setenv("HAPROXY_LOCALPEER", localpeer, 1);
1555
1556 /* we were in mworker mode, we should restart in mworker mode */
1557 if (getenv("HAPROXY_MWORKER_REEXEC") != NULL)
1558 global.mode |= MODE_MWORKER;
1559
1560 /*
1561 * Initialize the previously static variables.
1562 */
1563
1564 totalconn = actconn = listeners = stopping = 0;
1565 killed = 0;
1566
1567
1568 #ifdef HAPROXY_MEMMAX
1569 global.rlimit_memmax_all = HAPROXY_MEMMAX;
1570 #endif
1571
1572 tzset();
1573 tv_update_date(-1,-1);
1574 start_date = now;
1575
1576 ha_random_boot(argv);
1577
1578 if (init_acl() != 0)
1579 exit(1);
1580
1581 /* warning, we init buffers later */
1582 if (!init_http(&err_msg)) {
1583 ha_alert("%s. Aborting.\n", err_msg);
1584 free(err_msg);
1585 abort();
1586 }
1587
1588 /* Initialise lua. */
1589 hlua_init();
1590
1591 /* Initialize process vars */
1592 vars_init(&global.vars, SCOPE_PROC);
1593
1594 global.tune.options |= GTUNE_USE_SELECT; /* select() is always available */
1595 #if defined(USE_POLL)
1596 global.tune.options |= GTUNE_USE_POLL;
1597 #endif
1598 #if defined(USE_EPOLL)
1599 global.tune.options |= GTUNE_USE_EPOLL;
1600 #endif
1601 #if defined(USE_KQUEUE)
1602 global.tune.options |= GTUNE_USE_KQUEUE;
1603 #endif
1604 #if defined(USE_EVPORTS)
1605 global.tune.options |= GTUNE_USE_EVPORTS;
1606 #endif
1607 #if defined(USE_LINUX_SPLICE)
1608 global.tune.options |= GTUNE_USE_SPLICE;
1609 #endif
1610 #if defined(USE_GETADDRINFO)
1611 global.tune.options |= GTUNE_USE_GAI;
1612 #endif
1613 #if defined(SO_REUSEPORT)
1614 global.tune.options |= GTUNE_USE_REUSEPORT;
1615 #endif
1616
1617 pid = getpid();
1618 progname = *argv;
1619 while ((tmp = strchr(progname, '/')) != NULL)
1620 progname = tmp + 1;
1621
1622 /* the process name is used for the logs only */
1623 chunk_initlen(&global.log_tag, strdup(progname), strlen(progname), strlen(progname));
1624 if (b_orig(&global.log_tag) == NULL) {
1625 chunk_destroy(&global.log_tag);
1626 ha_alert("Cannot allocate memory for log_tag.\n");
1627 exit(EXIT_FAILURE);
1628 }
1629
1630 argc--; argv++;
1631 while (argc > 0) {
1632 char *flag;
1633
1634 if (**argv == '-') {
1635 flag = *argv+1;
1636
1637 /* 1 arg */
1638 if (*flag == 'v') {
1639 display_version();
1640 if (flag[1] == 'v') /* -vv */
1641 display_build_opts();
1642 exit(0);
1643 }
1644 #if defined(USE_EPOLL)
1645 else if (*flag == 'd' && flag[1] == 'e')
1646 global.tune.options &= ~GTUNE_USE_EPOLL;
1647 #endif
1648 #if defined(USE_POLL)
1649 else if (*flag == 'd' && flag[1] == 'p')
1650 global.tune.options &= ~GTUNE_USE_POLL;
1651 #endif
1652 #if defined(USE_KQUEUE)
1653 else if (*flag == 'd' && flag[1] == 'k')
1654 global.tune.options &= ~GTUNE_USE_KQUEUE;
1655 #endif
1656 #if defined(USE_EVPORTS)
1657 else if (*flag == 'd' && flag[1] == 'v')
1658 global.tune.options &= ~GTUNE_USE_EVPORTS;
1659 #endif
1660 #if defined(USE_LINUX_SPLICE)
1661 else if (*flag == 'd' && flag[1] == 'S')
1662 global.tune.options &= ~GTUNE_USE_SPLICE;
1663 #endif
1664 #if defined(USE_GETADDRINFO)
1665 else if (*flag == 'd' && flag[1] == 'G')
1666 global.tune.options &= ~GTUNE_USE_GAI;
1667 #endif
1668 #if defined(SO_REUSEPORT)
1669 else if (*flag == 'd' && flag[1] == 'R')
1670 global.tune.options &= ~GTUNE_USE_REUSEPORT;
1671 #endif
1672 else if (*flag == 'd' && flag[1] == 'V')
1673 global.ssl_server_verify = SSL_SERVER_VERIFY_NONE;
1674 else if (*flag == 'V')
1675 arg_mode |= MODE_VERBOSE;
1676 else if (*flag == 'd' && flag[1] == 'b')
1677 arg_mode |= MODE_FOREGROUND;
1678 else if (*flag == 'd' && flag[1] == 'M')
1679 mem_poison_byte = flag[2] ? strtol(flag + 2, NULL, 0) : 'P';
1680 else if (*flag == 'd' && flag[1] == 'r')
1681 global.tune.options |= GTUNE_RESOLVE_DONTFAIL;
1682 else if (*flag == 'd')
1683 arg_mode |= MODE_DEBUG;
1684 else if (*flag == 'c')
1685 arg_mode |= MODE_CHECK;
1686 else if (*flag == 'D')
1687 arg_mode |= MODE_DAEMON;
1688 else if (*flag == 'W' && flag[1] == 's') {
1689 arg_mode |= MODE_MWORKER | MODE_FOREGROUND;
1690 #if defined(USE_SYSTEMD)
1691 global.tune.options |= GTUNE_USE_SYSTEMD;
1692 #else
1693 ha_alert("master-worker mode with systemd support (-Ws) requested, but not compiled. Use master-worker mode (-W) if you are not using Type=notify in your unit file or recompile with USE_SYSTEMD=1.\n\n");
1694 usage(progname);
1695 #endif
1696 }
1697 else if (*flag == 'W')
1698 arg_mode |= MODE_MWORKER;
1699 else if (*flag == 'q')
1700 arg_mode |= MODE_QUIET;
1701 else if (*flag == 'x') {
1702 if (argc <= 1) {
1703 ha_alert("Unix socket path expected with the -x flag\n\n");
1704 usage(progname);
1705 }
1706 if (old_unixsocket)
1707 ha_warning("-x option already set, overwriting the value\n");
1708 old_unixsocket = argv[1];
1709
1710 argv++;
1711 argc--;
1712 }
1713 else if (*flag == 'S') {
1714 struct wordlist *c;
1715
1716 if (argc <= 1) {
1717 ha_alert("Socket and optional bind parameters expected with the -S flag\n");
1718 usage(progname);
1719 }
1720 if ((c = malloc(sizeof(*c))) == NULL || (c->s = strdup(argv[1])) == NULL) {
1721 ha_alert("Cannot allocate memory\n");
1722 exit(EXIT_FAILURE);
1723 }
1724 LIST_ADD(&mworker_cli_conf, &c->list);
1725
1726 argv++;
1727 argc--;
1728 }
1729 else if (*flag == 's' && (flag[1] == 'f' || flag[1] == 't')) {
1730 /* list of pids to finish ('f') or terminate ('t') */
1731
1732 if (flag[1] == 'f')
1733 oldpids_sig = SIGUSR1; /* finish then exit */
1734 else
1735 oldpids_sig = SIGTERM; /* terminate immediately */
1736 while (argc > 1 && argv[1][0] != '-') {
1737 char * endptr = NULL;
1738 oldpids = realloc(oldpids, (nb_oldpids + 1) * sizeof(int));
1739 if (!oldpids) {
1740 ha_alert("Cannot allocate old pid : out of memory.\n");
1741 exit(1);
1742 }
1743 argc--; argv++;
1744 errno = 0;
1745 oldpids[nb_oldpids] = strtol(*argv, &endptr, 10);
1746 if (errno) {
1747 ha_alert("-%2s option: failed to parse {%s}: %s\n",
1748 flag,
1749 *argv, strerror(errno));
1750 exit(1);
1751 } else if (endptr && strlen(endptr)) {
1752 while (isspace(*endptr)) endptr++;
1753 if (*endptr != 0) {
1754 ha_alert("-%2s option: some bytes unconsumed in PID list {%s}\n",
1755 flag, endptr);
1756 exit(1);
1757 }
1758 }
1759 if (oldpids[nb_oldpids] <= 0)
1760 usage(progname);
1761 nb_oldpids++;
1762 }
1763 }
1764 else if (flag[0] == '-' && flag[1] == 0) { /* "--" */
1765 /* now that's a cfgfile list */
1766 argv++; argc--;
1767 while (argc > 0) {
1768 if (!list_append_word(&cfg_cfgfiles, *argv, &err_msg)) {
1769 ha_alert("Cannot load configuration file/directory %s : %s\n",
1770 *argv,
1771 err_msg);
1772 exit(1);
1773 }
1774 argv++; argc--;
1775 }
1776 break;
1777 }
1778 else { /* >=2 args */
1779 argv++; argc--;
1780 if (argc == 0)
1781 usage(progname);
1782
1783 switch (*flag) {
1784 case 'C' : change_dir = *argv; break;
1785 case 'n' : cfg_maxconn = atol(*argv); break;
1786 case 'm' : global.rlimit_memmax_all = atol(*argv); break;
1787 case 'N' : cfg_maxpconn = atol(*argv); break;
1788 case 'L' :
1789 strncpy(localpeer, *argv, sizeof(localpeer) - 1);
1790 setenv("HAPROXY_LOCALPEER", localpeer, 1);
1791 break;
1792 case 'f' :
1793 if (!list_append_word(&cfg_cfgfiles, *argv, &err_msg)) {
1794 ha_alert("Cannot load configuration file/directory %s : %s\n",
1795 *argv,
1796 err_msg);
1797 exit(1);
1798 }
1799 break;
1800 case 'p' : cfg_pidfile = *argv; break;
1801 default: usage(progname);
1802 }
1803 }
1804 }
1805 else
1806 usage(progname);
1807 argv++; argc--;
1808 }
1809
1810 global.mode |= (arg_mode & (MODE_DAEMON | MODE_MWORKER | MODE_FOREGROUND | MODE_VERBOSE
1811 | MODE_QUIET | MODE_CHECK | MODE_DEBUG));
1812
1813 if (getenv("HAPROXY_MWORKER_WAIT_ONLY")) {
1814 unsetenv("HAPROXY_MWORKER_WAIT_ONLY");
1815 global.mode |= MODE_MWORKER_WAIT;
1816 global.mode &= ~MODE_MWORKER;
1817 }
1818
1819 if ((global.mode & (MODE_MWORKER | MODE_CHECK)) == MODE_MWORKER &&
1820 (getenv("HAPROXY_MWORKER_REEXEC") != NULL)) {
1821 atexit_flag = 1;
1822 atexit(reexec_on_failure);
1823 }
1824
1825 if (change_dir && chdir(change_dir) < 0) {
1826 ha_alert("Could not change to directory %s : %s\n", change_dir, strerror(errno));
1827 exit(1);
1828 }
1829
1830 global.maxsock = 10; /* reserve 10 fds ; will be incremented by socket eaters */
1831
1832 init_default_instance();
1833
1834 /* in wait mode, we don't try to read the configuration files */
1835 if (!(global.mode & MODE_MWORKER_WAIT)) {
1836 char *env_cfgfiles = NULL;
1837 int env_err = 0;
1838
1839 /* handle cfgfiles that are actually directories */
1840 cfgfiles_expand_directories();
1841
1842 if (LIST_ISEMPTY(&cfg_cfgfiles))
1843 usage(progname);
1844
1845
1846 list_for_each_entry(wl, &cfg_cfgfiles, list) {
1847 int ret;
1848
1849 if (env_err == 0) {
1850 if (!memprintf(&env_cfgfiles, "%s%s%s",
1851 (env_cfgfiles ? env_cfgfiles : ""),
1852 (env_cfgfiles ? ";" : ""), wl->s))
1853 env_err = 1;
1854 }
1855
1856 ret = readcfgfile(wl->s);
1857 if (ret == -1) {
1858 ha_alert("Could not open configuration file %s : %s\n",
1859 wl->s, strerror(errno));
1860 free(env_cfgfiles);
1861 exit(1);
1862 }
1863 if (ret & (ERR_ABORT|ERR_FATAL))
1864 ha_alert("Error(s) found in configuration file : %s\n", wl->s);
1865 err_code |= ret;
1866 if (err_code & ERR_ABORT) {
1867 free(env_cfgfiles);
1868 exit(1);
1869 }
1870 }
1871
1872 /* do not try to resolve arguments nor to spot inconsistencies when
1873 * the configuration contains fatal errors caused by files not found
1874 * or failed memory allocations.
1875 */
1876 if (err_code & (ERR_ABORT|ERR_FATAL)) {
1877 ha_alert("Fatal errors found in configuration.\n");
1878 free(env_cfgfiles);
1879 exit(1);
1880 }
1881 if (env_err) {
1882 ha_alert("Could not allocate memory for HAPROXY_CFGFILES env variable\n");
1883 exit(1);
1884 }
1885 setenv("HAPROXY_CFGFILES", env_cfgfiles, 1);
1886 free(env_cfgfiles);
1887
1888 }
1889 if (global.mode & MODE_MWORKER) {
1890 int proc;
1891 struct mworker_proc *tmproc;
1892
1893 setenv("HAPROXY_MWORKER", "1", 1);
1894
1895 if (getenv("HAPROXY_MWORKER_REEXEC") == NULL) {
1896
1897 tmproc = calloc(1, sizeof(*tmproc));
1898 if (!tmproc) {
1899 ha_alert("Cannot allocate process structures.\n");
1900 exit(EXIT_FAILURE);
1901 }
1902 tmproc->options |= PROC_O_TYPE_MASTER; /* master */
1903 tmproc->reloads = 0;
1904 tmproc->relative_pid = 0;
1905 tmproc->pid = pid;
1906 tmproc->timestamp = start_date.tv_sec;
1907 tmproc->ipc_fd[0] = -1;
1908 tmproc->ipc_fd[1] = -1;
1909
1910 proc_self = tmproc;
1911
1912 LIST_ADDQ(&proc_list, &tmproc->list);
1913 }
1914
1915 for (proc = 0; proc < global.nbproc; proc++) {
1916
1917 tmproc = calloc(1, sizeof(*tmproc));
1918 if (!tmproc) {
1919 ha_alert("Cannot allocate process structures.\n");
1920 exit(EXIT_FAILURE);
1921 }
1922
1923 tmproc->options |= PROC_O_TYPE_WORKER; /* worker */
1924 tmproc->pid = -1;
1925 tmproc->reloads = 0;
1926 tmproc->timestamp = -1;
1927 tmproc->relative_pid = 1 + proc;
1928 tmproc->ipc_fd[0] = -1;
1929 tmproc->ipc_fd[1] = -1;
1930
1931 if (mworker_cli_sockpair_new(tmproc, proc) < 0) {
1932 exit(EXIT_FAILURE);
1933 }
1934
1935 LIST_ADDQ(&proc_list, &tmproc->list);
1936 }
1937 }
1938 if (global.mode & (MODE_MWORKER|MODE_MWORKER_WAIT)) {
1939 struct wordlist *it, *c;
1940
1941 /* get the info of the children in the env */
1942 if (mworker_env_to_proc_list() < 0) {
1943 exit(EXIT_FAILURE);
1944 }
1945
1946 if (!LIST_ISEMPTY(&mworker_cli_conf)) {
1947
1948 if (mworker_cli_proxy_create() < 0) {
1949 ha_alert("Can't create the master's CLI.\n");
1950 exit(EXIT_FAILURE);
1951 }
1952
1953 list_for_each_entry_safe(c, it, &mworker_cli_conf, list) {
1954
1955 if (mworker_cli_proxy_new_listener(c->s) < 0) {
1956 ha_alert("Can't create the master's CLI.\n");
1957 exit(EXIT_FAILURE);
1958 }
1959 LIST_DEL(&c->list);
1960 free(c->s);
1961 free(c);
1962 }
1963 }
1964 }
1965
1966 err_code |= check_config_validity();
1967 if (err_code & (ERR_ABORT|ERR_FATAL)) {
1968 ha_alert("Fatal errors found in configuration.\n");
1969 exit(1);
1970 }
1971
1972 err_code |= pattern_finalize_config();
1973 if (err_code & (ERR_ABORT|ERR_FATAL)) {
1974 ha_alert("Failed to finalize pattern config.\n");
1975 exit(1);
1976 }
1977
1978 /* recompute the amount of per-process memory depending on nbproc and
1979 * the shared SSL cache size (allowed to exist in all processes).
1980 */
1981 if (global.rlimit_memmax_all) {
1982 #if defined (USE_OPENSSL) && !defined(USE_PRIVATE_CACHE)
1983 int64_t ssl_cache_bytes = global.tune.sslcachesize * 200LL;
1984
1985 global.rlimit_memmax =
1986 ((((int64_t)global.rlimit_memmax_all * 1048576LL) -
1987 ssl_cache_bytes) / global.nbproc +
1988 ssl_cache_bytes + 1048575LL) / 1048576LL;
1989 #else
1990 global.rlimit_memmax = global.rlimit_memmax_all / global.nbproc;
1991 #endif
1992 }
1993
1994 #ifdef USE_NS
1995 err_code |= netns_init();
1996 if (err_code & (ERR_ABORT|ERR_FATAL)) {
1997 ha_alert("Failed to initialize namespace support.\n");
1998 exit(1);
1999 }
2000 #endif
2001
2002 /* Apply server states */
2003 apply_server_state();
2004
2005 for (px = proxies_list; px; px = px->next)
2006 srv_compute_all_admin_states(px);
2007
2008 /* Apply servers' configured address */
2009 err_code |= srv_init_addr();
2010 if (err_code & (ERR_ABORT|ERR_FATAL)) {
2011 ha_alert("Failed to initialize server(s) addr.\n");
2012 exit(1);
2013 }
2014
2015 if (global.mode & MODE_CHECK) {
2016 struct peers *pr;
2017 struct proxy *px;
2018
2019 for (pr = cfg_peers; pr; pr = pr->next)
2020 if (pr->peers_fe)
2021 break;
2022
2023 for (px = proxies_list; px; px = px->next)
2024 if (px->state == PR_STNEW && !LIST_ISEMPTY(&px->conf.listeners))
2025 break;
2026
2027 if (pr || px) {
2028 /* At least one peer or one listener has been found */
2029 qfprintf(stdout, "Configuration file is valid\n");
2030 exit(0);
2031 }
2032 qfprintf(stdout, "Configuration file has no error but will not start (no listener) => exit(2).\n");
2033 exit(2);
2034 }
2035
2036 global_listener_queue_task = task_new(MAX_THREADS_MASK);
2037 if (!global_listener_queue_task) {
2038 ha_alert("Out of memory when initializing global task\n");
2039 exit(1);
2040 }
2041 /* very simple initialization, users will queue the task if needed */
2042 global_listener_queue_task->context = NULL; /* not even a context! */
2043 global_listener_queue_task->process = manage_global_listener_queue;
2044
2045 /* now we know the buffer size, we can initialize the channels and buffers */
2046 init_buffer();
2047
2048 list_for_each_entry(pcf, &post_check_list, list) {
2049 err_code |= pcf->fct();
2050 if (err_code & (ERR_ABORT|ERR_FATAL))
2051 exit(1);
2052 }
2053
2054 if (cfg_maxconn > 0)
2055 global.maxconn = cfg_maxconn;
2056
2057 if (global.stats_fe)
2058 global.maxsock += global.stats_fe->maxconn;
2059
2060 if (cfg_peers) {
2061 /* peers also need to bypass global maxconn */
2062 struct peers *p = cfg_peers;
2063
2064 for (p = cfg_peers; p; p = p->next)
2065 if (p->peers_fe)
2066 global.maxsock += p->peers_fe->maxconn;
2067 }
2068
2069 if (cfg_pidfile) {
2070 free(global.pidfile);
2071 global.pidfile = strdup(cfg_pidfile);
2072 }
2073
2074 /* Now we want to compute the maxconn and possibly maxsslconn values.
2075 * It's a bit tricky. Maxconn defaults to the pre-computed value based
2076 * on rlim_fd_cur and the number of FDs in use due to the configuration,
2077 * and maxsslconn defaults to DEFAULT_MAXSSLCONN. On top of that we can
2078 * enforce a lower limit based on memmax.
2079 *
2080 * If memmax is set, then it depends on which values are set. If
2081 * maxsslconn is set, we use memmax to determine how many cleartext
2082 * connections may be added, and set maxconn to the sum of the two.
2083 * If maxconn is set and not maxsslconn, maxsslconn is computed from
2084 * the remaining amount of memory between memmax and the cleartext
2085 * connections. If neither are set, then it is considered that all
2086 * connections are SSL-capable, and maxconn is computed based on this,
2087 * then maxsslconn accordingly. We need to know if SSL is used on the
2088 * frontends, backends, or both, because when it's used on both sides,
2089 * we need twice the value for maxsslconn, but we only count the
2090 * handshake once since it is not performed on the two sides at the
2091 * same time (frontend-side is terminated before backend-side begins).
2092 * The SSL stack is supposed to have filled ssl_session_cost and
2093 * ssl_handshake_cost during its initialization. In any case, if
2094 * SYSTEM_MAXCONN is set, we still enforce it as an upper limit for
2095 * maxconn in order to protect the system.
2096 */
2097 ideal_maxconn = compute_ideal_maxconn();
2098
2099 if (!global.rlimit_memmax) {
2100 if (global.maxconn == 0) {
2101 global.maxconn = ideal_maxconn;
2102 if (global.mode & (MODE_VERBOSE|MODE_DEBUG))
2103 fprintf(stderr, "Note: setting global.maxconn to %d.\n", global.maxconn);
2104 }
2105 }
2106 #ifdef USE_OPENSSL
2107 else if (!global.maxconn && !global.maxsslconn &&
2108 (global.ssl_used_frontend || global.ssl_used_backend)) {
2109 /* memmax is set, compute everything automatically. Here we want
2110 * to ensure that all SSL connections will be served. We take
2111 * care of the number of sides where SSL is used, and consider
2112 * the worst case : SSL used on both sides and doing a handshake
2113 * simultaneously. Note that we can't have more than maxconn
2114 * handshakes at a time by definition, so for the worst case of
2115 * two SSL conns per connection, we count a single handshake.
2116 */
2117 int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
2118 int64_t mem = global.rlimit_memmax * 1048576ULL;
2119
2120 mem -= global.tune.sslcachesize * 200; // about 200 bytes per SSL cache entry
2121 mem -= global.maxzlibmem;
2122 mem = mem * MEM_USABLE_RATIO;
2123
2124 global.maxconn = mem /
2125 ((STREAM_MAX_COST + 2 * global.tune.bufsize) + // stream + 2 buffers per stream
2126 sides * global.ssl_session_max_cost + // SSL buffers, one per side
2127 global.ssl_handshake_max_cost); // 1 handshake per connection max
2128
2129 global.maxconn = MIN(global.maxconn, ideal_maxconn);
2130 global.maxconn = round_2dig(global.maxconn);
2131 #ifdef SYSTEM_MAXCONN
2132 if (global.maxconn > SYSTEM_MAXCONN)
2133 global.maxconn = SYSTEM_MAXCONN;
2134 #endif /* SYSTEM_MAXCONN */
2135 global.maxsslconn = sides * global.maxconn;
2136 if (global.mode & (MODE_VERBOSE|MODE_DEBUG))
2137 fprintf(stderr, "Note: setting global.maxconn to %d and global.maxsslconn to %d.\n",
2138 global.maxconn, global.maxsslconn);
2139 }
2140 else if (!global.maxsslconn &&
2141 (global.ssl_used_frontend || global.ssl_used_backend)) {
2142 /* memmax and maxconn are known, compute maxsslconn automatically.
2143 * maxsslconn being forced, we don't know how many of it will be
2144 * on each side if both sides are being used. The worst case is
2145 * when all connections use only one SSL instance because
2146 * handshakes may be on two sides at the same time.
2147 */
2148 int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
2149 int64_t mem = global.rlimit_memmax * 1048576ULL;
2150 int64_t sslmem;
2151
2152 mem -= global.tune.sslcachesize * 200; // about 200 bytes per SSL cache entry
2153 mem -= global.maxzlibmem;
2154 mem = mem * MEM_USABLE_RATIO;
2155
2156 sslmem = mem - global.maxconn * (int64_t)(STREAM_MAX_COST + 2 * global.tune.bufsize);
2157 global.maxsslconn = sslmem / (global.ssl_session_max_cost + global.ssl_handshake_max_cost);
2158 global.maxsslconn = round_2dig(global.maxsslconn);
2159
2160 if (sslmem <= 0 || global.maxsslconn < sides) {
2161 ha_alert("Cannot compute the automatic maxsslconn because global.maxconn is already too "
2162 "high for the global.memmax value (%d MB). The absolute maximum possible value "
2163 "without SSL is %d, but %d was found and SSL is in use.\n",
2164 global.rlimit_memmax,
2165 (int)(mem / (STREAM_MAX_COST + 2 * global.tune.bufsize)),
2166 global.maxconn);
2167 exit(1);
2168 }
2169
2170 if (global.maxsslconn > sides * global.maxconn)
2171 global.maxsslconn = sides * global.maxconn;
2172
2173 if (global.mode & (MODE_VERBOSE|MODE_DEBUG))
2174 fprintf(stderr, "Note: setting global.maxsslconn to %d\n", global.maxsslconn);
2175 }
2176 #endif
2177 else if (!global.maxconn) {
2178 /* memmax and maxsslconn are known/unused, compute maxconn automatically */
2179 int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
2180 int64_t mem = global.rlimit_memmax * 1048576ULL;
2181 int64_t clearmem;
2182
2183 if (global.ssl_used_frontend || global.ssl_used_backend)
2184 mem -= global.tune.sslcachesize * 200; // about 200 bytes per SSL cache entry
2185
2186 mem -= global.maxzlibmem;
2187 mem = mem * MEM_USABLE_RATIO;
2188
2189 clearmem = mem;
2190 if (sides)
2191 clearmem -= (global.ssl_session_max_cost + global.ssl_handshake_max_cost) * (int64_t)global.maxsslconn;
2192
2193 global.maxconn = clearmem / (STREAM_MAX_COST + 2 * global.tune.bufsize);
2194 global.maxconn = MIN(global.maxconn, ideal_maxconn);
2195 global.maxconn = round_2dig(global.maxconn);
2196 #ifdef SYSTEM_MAXCONN
2197 if (global.maxconn > SYSTEM_MAXCONN)
2198 global.maxconn = SYSTEM_MAXCONN;
2199 #endif /* SYSTEM_MAXCONN */
2200
2201 if (clearmem <= 0 || !global.maxconn) {
2202 ha_alert("Cannot compute the automatic maxconn because global.maxsslconn is already too "
2203 "high for the global.memmax value (%d MB). The absolute maximum possible value "
2204 "is %d, but %d was found.\n",
2205 global.rlimit_memmax,
2206 (int)(mem / (global.ssl_session_max_cost + global.ssl_handshake_max_cost)),
2207 global.maxsslconn);
2208 exit(1);
2209 }
2210
2211 if (global.mode & (MODE_VERBOSE|MODE_DEBUG)) {
2212 if (sides && global.maxsslconn > sides * global.maxconn) {
2213 fprintf(stderr, "Note: global.maxsslconn is forced to %d which causes global.maxconn "
2214 "to be limited to %d. Better reduce global.maxsslconn to get more "
2215 "room for extra connections.\n", global.maxsslconn, global.maxconn);
2216 }
2217 fprintf(stderr, "Note: setting global.maxconn to %d\n", global.maxconn);
2218 }
2219 }
2220
2221 if (!global.maxpipes)
2222 global.maxpipes = compute_ideal_maxpipes();
2223
2224 global.hardmaxconn = global.maxconn; /* keep this max value */
2225 global.maxsock += global.maxconn * 2; /* each connection needs two sockets */
2226 global.maxsock += global.maxpipes * 2; /* each pipe needs two FDs */
2227 global.maxsock += global.nbthread; /* one epoll_fd/kqueue_fd per thread */
2228 global.maxsock += 2 * global.nbthread; /* one wake-up pipe (2 fd) per thread */
2229
2230 /* compute fd used by async engines */
2231 if (global.ssl_used_async_engines) {
2232 int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
2233 global.maxsock += global.maxconn * sides * global.ssl_used_async_engines;
2234 }
2235
2236 /* update connection pool thresholds */
2237 global.tune.pool_low_count = ((long long)global.maxsock * global.tune.pool_low_ratio + 99) / 100;
2238 global.tune.pool_high_count = ((long long)global.maxsock * global.tune.pool_high_ratio + 99) / 100;
2239
2240 proxy_adjust_all_maxconn();
2241
2242 if (global.tune.maxpollevents <= 0)
2243 global.tune.maxpollevents = MAX_POLL_EVENTS;
2244
2245 if (global.tune.runqueue_depth <= 0)
2246 global.tune.runqueue_depth = RUNQUEUE_DEPTH;
2247
2248 if (global.tune.recv_enough == 0)
2249 global.tune.recv_enough = MIN_RECV_AT_ONCE_ENOUGH;
2250
2251 if (global.tune.maxrewrite < 0)
2252 global.tune.maxrewrite = MAXREWRITE;
2253
2254 if (global.tune.maxrewrite >= global.tune.bufsize / 2)
2255 global.tune.maxrewrite = global.tune.bufsize / 2;
2256
2257 if (arg_mode & (MODE_DEBUG | MODE_FOREGROUND)) {
2258 /* command line debug mode inhibits configuration mode */
2259 global.mode &= ~(MODE_DAEMON | MODE_QUIET);
2260 global.mode |= (arg_mode & (MODE_DEBUG | MODE_FOREGROUND));
2261 }
2262
2263 if (arg_mode & MODE_DAEMON) {
2264 /* command line daemon mode inhibits foreground and debug modes mode */
2265 global.mode &= ~(MODE_DEBUG | MODE_FOREGROUND);
2266 global.mode |= arg_mode & MODE_DAEMON;
2267 }
2268
2269 global.mode |= (arg_mode & (MODE_QUIET | MODE_VERBOSE));
2270
2271 if ((global.mode & MODE_DEBUG) && (global.mode & (MODE_DAEMON | MODE_QUIET))) {
2272 ha_warning("<debug> mode incompatible with <quiet> and <daemon>. Keeping <debug> only.\n");
2273 global.mode &= ~(MODE_DAEMON | MODE_QUIET);
2274 }
2275
2276 if ((global.nbproc > 1) && !(global.mode & (MODE_DAEMON | MODE_MWORKER))) {
2277 if (!(global.mode & (MODE_FOREGROUND | MODE_DEBUG)))
2278 ha_warning("<nbproc> is only meaningful in daemon mode or master-worker mode. Setting limit to 1 process.\n");
2279 global.nbproc = 1;
2280 }
2281
2282 if (global.nbproc < 1)
2283 global.nbproc = 1;
2284
2285 if (global.nbthread < 1)
2286 global.nbthread = 1;
2287
2288 /* Realloc trash buffers because global.tune.bufsize may have changed */
2289 if (!init_trash_buffers(0)) {
2290 ha_alert("failed to initialize trash buffers.\n");
2291 exit(1);
2292 }
2293
2294 if (!init_log_buffers()) {
2295 ha_alert("failed to initialize log buffers.\n");
2296 exit(1);
2297 }
2298
2299 /*
2300 * Note: we could register external pollers here.
2301 * Built-in pollers have been registered before main().
2302 */
2303
2304 if (!(global.tune.options & GTUNE_USE_KQUEUE))
2305 disable_poller("kqueue");
2306
2307 if (!(global.tune.options & GTUNE_USE_EVPORTS))
2308 disable_poller("evports");
2309
2310 if (!(global.tune.options & GTUNE_USE_EPOLL))
2311 disable_poller("epoll");
2312
2313 if (!(global.tune.options & GTUNE_USE_POLL))
2314 disable_poller("poll");
2315
2316 if (!(global.tune.options & GTUNE_USE_SELECT))
2317 disable_poller("select");
2318
2319 /* Note: we could disable any poller by name here */
2320
2321 if (global.mode & (MODE_VERBOSE|MODE_DEBUG)) {
2322 list_pollers(stderr);
2323 fprintf(stderr, "\n");
2324 list_filters(stderr);
2325 }
2326
2327 if (!init_pollers()) {
2328 ha_alert("No polling mechanism available.\n"
2329 " It is likely that haproxy was built with TARGET=generic and that FD_SETSIZE\n"
2330 " is too low on this platform to support maxconn and the number of listeners\n"
2331 " and servers. You should rebuild haproxy specifying your system using TARGET=\n"
2332 " in order to support other polling systems (poll, epoll, kqueue) or reduce the\n"
2333 " global maxconn setting to accommodate the system's limitation. For reference,\n"
2334 " FD_SETSIZE=%d on this system, global.maxconn=%d resulting in a maximum of\n"
2335 " %d file descriptors. You should thus reduce global.maxconn by %d. Also,\n"
2336 " check build settings using 'haproxy -vv'.\n\n",
2337 FD_SETSIZE, global.maxconn, global.maxsock, (global.maxsock + 1 - FD_SETSIZE) / 2);
2338 exit(1);
2339 }
2340 if (global.mode & (MODE_VERBOSE|MODE_DEBUG)) {
2341 printf("Using %s() as the polling mechanism.\n", cur_poller.name);
2342 }
2343
2344 if (!global.node)
2345 global.node = strdup(hostname);
2346
2347 if (!hlua_post_init())
2348 exit(1);
2349
2350 free(err_msg);
2351 }
2352
deinit_acl_cond(struct acl_cond * cond)2353 static void deinit_acl_cond(struct acl_cond *cond)
2354 {
2355 struct acl_term_suite *suite, *suiteb;
2356 struct acl_term *term, *termb;
2357
2358 if (!cond)
2359 return;
2360
2361 list_for_each_entry_safe(suite, suiteb, &cond->suites, list) {
2362 list_for_each_entry_safe(term, termb, &suite->terms, list) {
2363 LIST_DEL(&term->list);
2364 free(term);
2365 }
2366 LIST_DEL(&suite->list);
2367 free(suite);
2368 }
2369
2370 free(cond);
2371 }
2372
deinit_act_rules(struct list * rules)2373 static void deinit_act_rules(struct list *rules)
2374 {
2375 struct act_rule *rule, *ruleb;
2376
2377 list_for_each_entry_safe(rule, ruleb, rules, list) {
2378 LIST_DEL(&rule->list);
2379 deinit_acl_cond(rule->cond);
2380 free(rule);
2381 }
2382 }
2383
deinit_stick_rules(struct list * rules)2384 static void deinit_stick_rules(struct list *rules)
2385 {
2386 struct sticking_rule *rule, *ruleb;
2387
2388 list_for_each_entry_safe(rule, ruleb, rules, list) {
2389 LIST_DEL(&rule->list);
2390 deinit_acl_cond(rule->cond);
2391 release_sample_expr(rule->expr);
2392 free(rule);
2393 }
2394 }
2395
deinit(void)2396 void deinit(void)
2397 {
2398 struct proxy *p = proxies_list, *p0;
2399 struct cap_hdr *h,*h_next;
2400 struct server *s,*s_next;
2401 struct listener *l,*l_next;
2402 struct acl_cond *cond, *condb;
2403 struct hdr_exp *exp, *expb;
2404 struct acl *acl, *aclb;
2405 struct switching_rule *rule, *ruleb;
2406 struct server_rule *srule, *sruleb;
2407 struct redirect_rule *rdr, *rdrb;
2408 struct wordlist *wl, *wlb;
2409 struct cond_wordlist *cwl, *cwlb;
2410 struct uri_auth *uap, *ua = NULL;
2411 struct logsrv *log, *logb;
2412 struct logformat_node *lf, *lfb;
2413 struct bind_conf *bind_conf, *bind_back;
2414 struct build_opts_str *bol, *bolb;
2415 struct post_deinit_fct *pdf;
2416 int i;
2417
2418 deinit_signals();
2419 while (p) {
2420 free(p->conf.file);
2421 free(p->id);
2422 free(p->check_req);
2423 free(p->check_hdrs);
2424 free(p->check_body);
2425 free(p->cookie_name);
2426 free(p->cookie_domain);
2427 free(p->cookie_attrs);
2428 free(p->lbprm.arg_str);
2429 free(p->server_state_file_name);
2430 free(p->capture_name);
2431 free(p->monitor_uri);
2432 free(p->rdp_cookie_name);
2433 free(p->invalid_rep);
2434 free(p->invalid_req);
2435 #if defined(CONFIG_HAP_TRANSPARENT)
2436 free(p->conn_src.bind_hdr_name);
2437 #endif
2438 if (p->conf.logformat_string != default_http_log_format &&
2439 p->conf.logformat_string != default_tcp_log_format &&
2440 p->conf.logformat_string != clf_http_log_format)
2441 free(p->conf.logformat_string);
2442
2443 free(p->conf.lfs_file);
2444 free(p->conf.uniqueid_format_string);
2445 free(p->conf.uif_file);
2446 if ((p->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_MAP)
2447 free(p->lbprm.map.srv);
2448
2449 if (p->conf.logformat_sd_string != default_rfc5424_sd_log_format)
2450 free(p->conf.logformat_sd_string);
2451 free(p->conf.lfsd_file);
2452
2453 for (i = 0; i < HTTP_ERR_SIZE; i++)
2454 chunk_destroy(&p->errmsg[i]);
2455
2456 list_for_each_entry_safe(cwl, cwlb, &p->req_add, list) {
2457 LIST_DEL(&cwl->list);
2458 free(cwl->s);
2459 free(cwl);
2460 }
2461
2462 list_for_each_entry_safe(cwl, cwlb, &p->rsp_add, list) {
2463 LIST_DEL(&cwl->list);
2464 free(cwl->s);
2465 free(cwl);
2466 }
2467
2468 list_for_each_entry_safe(cond, condb, &p->mon_fail_cond, list) {
2469 LIST_DEL(&cond->list);
2470 prune_acl_cond(cond);
2471 free(cond);
2472 }
2473
2474 for (exp = p->req_exp; exp != NULL; ) {
2475 regex_free(exp->preg);
2476 free((char *)exp->replace);
2477 expb = exp;
2478 exp = exp->next;
2479 free(expb);
2480 }
2481
2482 for (exp = p->rsp_exp; exp != NULL; ) {
2483 regex_free(exp->preg);
2484 free((char *)exp->replace);
2485 expb = exp;
2486 exp = exp->next;
2487 free(expb);
2488 }
2489
2490 /* build a list of unique uri_auths */
2491 if (!ua)
2492 ua = p->uri_auth;
2493 else {
2494 /* check if p->uri_auth is unique */
2495 for (uap = ua; uap; uap=uap->next)
2496 if (uap == p->uri_auth)
2497 break;
2498
2499 if (!uap && p->uri_auth) {
2500 /* add it, if it is */
2501 p->uri_auth->next = ua;
2502 ua = p->uri_auth;
2503 }
2504 }
2505
2506 list_for_each_entry_safe(acl, aclb, &p->acl, list) {
2507 LIST_DEL(&acl->list);
2508 prune_acl(acl);
2509 free(acl);
2510 }
2511
2512 list_for_each_entry_safe(srule, sruleb, &p->server_rules, list) {
2513 LIST_DEL(&srule->list);
2514 prune_acl_cond(srule->cond);
2515 free(srule->cond);
2516 free(srule);
2517 }
2518
2519 list_for_each_entry_safe(rule, ruleb, &p->switching_rules, list) {
2520 LIST_DEL(&rule->list);
2521 if (rule->cond) {
2522 prune_acl_cond(rule->cond);
2523 free(rule->cond);
2524 }
2525 free(rule->file);
2526 free(rule);
2527 }
2528
2529 list_for_each_entry_safe(rdr, rdrb, &p->redirect_rules, list) {
2530 LIST_DEL(&rdr->list);
2531 if (rdr->cond) {
2532 prune_acl_cond(rdr->cond);
2533 free(rdr->cond);
2534 }
2535 free(rdr->rdr_str);
2536 list_for_each_entry_safe(lf, lfb, &rdr->rdr_fmt, list) {
2537 LIST_DEL(&lf->list);
2538 free(lf);
2539 }
2540 free(rdr);
2541 }
2542
2543 list_for_each_entry_safe(log, logb, &p->logsrvs, list) {
2544 LIST_DEL(&log->list);
2545 free(log);
2546 }
2547
2548 list_for_each_entry_safe(lf, lfb, &p->logformat, list) {
2549 LIST_DEL(&lf->list);
2550 release_sample_expr(lf->expr);
2551 free(lf->arg);
2552 free(lf);
2553 }
2554
2555 list_for_each_entry_safe(lf, lfb, &p->logformat_sd, list) {
2556 LIST_DEL(&lf->list);
2557 release_sample_expr(lf->expr);
2558 free(lf->arg);
2559 free(lf);
2560 }
2561
2562 deinit_act_rules(&p->tcp_req.inspect_rules);
2563 deinit_act_rules(&p->tcp_rep.inspect_rules);
2564 deinit_act_rules(&p->tcp_req.l4_rules);
2565 deinit_act_rules(&p->tcp_req.l5_rules);
2566 deinit_act_rules(&p->http_req_rules);
2567 deinit_act_rules(&p->http_res_rules);
2568
2569 deinit_stick_rules(&p->storersp_rules);
2570 deinit_stick_rules(&p->sticking_rules);
2571
2572 h = p->req_cap;
2573 while (h) {
2574 h_next = h->next;
2575 free(h->name);
2576 pool_destroy(h->pool);
2577 free(h);
2578 h = h_next;
2579 }/* end while(h) */
2580
2581 h = p->rsp_cap;
2582 while (h) {
2583 h_next = h->next;
2584 free(h->name);
2585 pool_destroy(h->pool);
2586 free(h);
2587 h = h_next;
2588 }/* end while(h) */
2589
2590 s = p->srv;
2591 while (s) {
2592 s_next = s->next;
2593
2594
2595 task_destroy(s->warmup);
2596
2597 free(s->id);
2598 free(s->cookie);
2599 free(s->hostname_dn);
2600 free((char*)s->conf.file);
2601 free(s->idle_conns);
2602 free(s->priv_conns);
2603 free(s->safe_conns);
2604 free(s->idle_orphan_conns);
2605 free(s->curr_idle_thr);
2606 deinit_srv_check(s);
2607 deinit_srv_agent_check(s);
2608 free(s->lb_nodes);
2609
2610 if (s->use_ssl == 1 || s->check.use_ssl == 1 || (s->proxy->options & PR_O_TCPCHK_SSL)) {
2611 if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->destroy_srv)
2612 xprt_get(XPRT_SSL)->destroy_srv(s);
2613 }
2614 HA_SPIN_DESTROY(&s->lock);
2615 free(s);
2616 s = s_next;
2617 }/* end while(s) */
2618
2619 list_for_each_entry_safe(l, l_next, &p->conf.listeners, by_fe) {
2620 /*
2621 * Zombie proxy, the listener just pretend to be up
2622 * because they still hold an opened fd.
2623 * Close it and give the listener its real state.
2624 */
2625 if (p->state == PR_STSTOPPED && l->state >= LI_ZOMBIE) {
2626 close(l->fd);
2627 l->state = LI_INIT;
2628 }
2629 unbind_listener(l);
2630 delete_listener(l);
2631 LIST_DEL(&l->by_fe);
2632 LIST_DEL(&l->by_bind);
2633 free(l->name);
2634 free(l->counters);
2635 free(l);
2636 }
2637
2638 /* Release unused SSL configs. */
2639 list_for_each_entry_safe(bind_conf, bind_back, &p->conf.bind, by_fe) {
2640 if (bind_conf->xprt->destroy_bind_conf)
2641 bind_conf->xprt->destroy_bind_conf(bind_conf);
2642 free(bind_conf->file);
2643 free(bind_conf->arg);
2644 LIST_DEL(&bind_conf->by_fe);
2645 free(bind_conf);
2646 }
2647
2648 flt_deinit(p);
2649
2650 free(p->desc);
2651 free(p->fwdfor_hdr_name);
2652
2653 task_destroy(p->task);
2654
2655 pool_destroy(p->req_cap_pool);
2656 pool_destroy(p->rsp_cap_pool);
2657 if (p->table)
2658 pool_destroy(p->table->pool);
2659
2660 p0 = p;
2661 p = p->next;
2662 HA_SPIN_DESTROY(&p0->lbprm.lock);
2663 HA_SPIN_DESTROY(&p0->lock);
2664 free(p0);
2665 }/* end while(p) */
2666
2667 while (ua) {
2668 uap = ua;
2669 ua = ua->next;
2670
2671 free(uap->uri_prefix);
2672 free(uap->auth_realm);
2673 free(uap->node);
2674 free(uap->desc);
2675
2676 userlist_free(uap->userlist);
2677 deinit_act_rules(&uap->http_req_rules);
2678
2679 free(uap);
2680 }
2681
2682 userlist_free(userlist);
2683
2684 cfg_unregister_sections();
2685
2686 deinit_log_buffers();
2687
2688 protocol_unbind_all();
2689
2690 list_for_each_entry(pdf, &post_deinit_list, list)
2691 pdf->fct();
2692
2693 free(global.log_send_hostname); global.log_send_hostname = NULL;
2694 chunk_destroy(&global.log_tag);
2695 free(global.chroot); global.chroot = NULL;
2696 free(global.pidfile); global.pidfile = NULL;
2697 free(global.node); global.node = NULL;
2698 free(global.desc); global.desc = NULL;
2699 free(oldpids); oldpids = NULL;
2700 task_destroy(global_listener_queue_task); global_listener_queue_task = NULL;
2701 free(global.server_state_base); global.server_state_base = NULL;
2702 free(global.server_state_file); global.server_state_file = NULL;
2703 task_destroy(idle_conn_task);
2704 idle_conn_task = NULL;
2705
2706 list_for_each_entry_safe(log, logb, &global.logsrvs, list) {
2707 LIST_DEL(&log->list);
2708 free(log);
2709 }
2710 list_for_each_entry_safe(wl, wlb, &cfg_cfgfiles, list) {
2711 free(wl->s);
2712 LIST_DEL(&wl->list);
2713 free(wl);
2714 }
2715
2716 list_for_each_entry_safe(bol, bolb, &build_opts_list, list) {
2717 if (bol->must_free)
2718 free((void *)bol->str);
2719 LIST_DEL(&bol->list);
2720 free(bol);
2721 }
2722
2723 vars_prune(&global.vars, NULL, NULL);
2724 pool_destroy_all();
2725 deinit_pollers();
2726 } /* end deinit() */
2727
2728
2729 /* Runs the polling loop */
run_poll_loop()2730 static void run_poll_loop()
2731 {
2732 int next, wake;
2733
2734 tv_update_date(0,1);
2735 while (1) {
2736 /* Process a few tasks */
2737 process_runnable_tasks();
2738
2739 /* check if we caught some signals and process them in the
2740 first thread */
2741 if (tid == 0)
2742 signal_process_queue();
2743
2744 /* Check if we can expire some tasks */
2745 next = wake_expired_tasks();
2746
2747 /* also stop if we failed to cleanly stop all tasks */
2748 if (killed > 1)
2749 break;
2750
2751 /* expire immediately if events are pending */
2752 wake = 1;
2753 if (fd_cache_mask & tid_bit)
2754 activity[tid].wake_cache++;
2755 else if (thread_has_tasks())
2756 activity[tid].wake_tasks++;
2757 else if (signal_queue_len && tid == 0)
2758 activity[tid].wake_signal++;
2759 else {
2760 _HA_ATOMIC_OR(&sleeping_thread_mask, tid_bit);
2761 __ha_barrier_atomic_store();
2762 if (global_tasks_mask & tid_bit) {
2763 activity[tid].wake_tasks++;
2764 _HA_ATOMIC_AND(&sleeping_thread_mask, ~tid_bit);
2765 } else
2766 wake = 0;
2767 }
2768
2769 if (!wake) {
2770 int i;
2771
2772 if (stopping) {
2773 _HA_ATOMIC_OR(&stopping_thread_mask, tid_bit);
2774 /* notify all threads that stopping was just set */
2775 for (i = 0; i < global.nbthread; i++)
2776 if (((all_threads_mask & ~stopping_thread_mask) >> i) & 1)
2777 wake_thread(i);
2778 }
2779
2780 /* stop when there's nothing left to do */
2781 if ((jobs - unstoppable_jobs) == 0 &&
2782 (stopping_thread_mask & all_threads_mask) == all_threads_mask) {
2783 /* wake all threads waiting on jobs==0 */
2784 for (i = 0; i < global.nbthread; i++)
2785 if (((all_threads_mask & ~tid_bit) >> i) & 1)
2786 wake_thread(i);
2787 break;
2788 }
2789 }
2790
2791 /* The poller will ensure it returns around <next> */
2792 cur_poller.poll(&cur_poller, next, wake);
2793 if (sleeping_thread_mask & tid_bit)
2794 _HA_ATOMIC_AND(&sleeping_thread_mask, ~tid_bit);
2795 fd_process_cached_events();
2796
2797 activity[tid].loops++;
2798 }
2799 }
2800
run_thread_poll_loop(void * data)2801 static void *run_thread_poll_loop(void *data)
2802 {
2803 struct per_thread_alloc_fct *ptaf;
2804 struct per_thread_init_fct *ptif;
2805 struct per_thread_deinit_fct *ptdf;
2806 struct per_thread_free_fct *ptff;
2807 static int init_left = 0;
2808 __decl_hathreads(static pthread_mutex_t init_mutex = PTHREAD_MUTEX_INITIALIZER);
2809 __decl_hathreads(static pthread_cond_t init_cond = PTHREAD_COND_INITIALIZER);
2810
2811 ha_set_tid((unsigned long)data);
2812
2813 #if (_POSIX_TIMERS > 0) && defined(_POSIX_THREAD_CPUTIME)
2814 #ifdef USE_THREAD
2815 pthread_getcpuclockid(pthread_self(), &ti->clock_id);
2816 #else
2817 ti->clock_id = CLOCK_THREAD_CPUTIME_ID;
2818 #endif
2819 #endif
2820 /* Now, initialize one thread init at a time. This is better since
2821 * some init code is a bit tricky and may release global resources
2822 * after reallocating them locally. This will also ensure there is
2823 * no race on file descriptors allocation.
2824 */
2825 #ifdef USE_THREAD
2826 pthread_mutex_lock(&init_mutex);
2827 #endif
2828 /* The first thread must set the number of threads left */
2829 if (!init_left)
2830 init_left = global.nbthread;
2831 init_left--;
2832
2833 tv_update_date(-1,-1);
2834
2835 /* per-thread alloc calls performed here are not allowed to snoop on
2836 * other threads, so they are free to initialize at their own rhythm
2837 * as long as they act as if they were alone. None of them may rely
2838 * on resources initialized by the other ones.
2839 */
2840 list_for_each_entry(ptaf, &per_thread_alloc_list, list) {
2841 if (!ptaf->fct()) {
2842 ha_alert("failed to allocate resources for thread %u.\n", tid);
2843 exit(1);
2844 }
2845 }
2846
2847 /* per-thread init calls performed here are not allowed to snoop on
2848 * other threads, so they are free to initialize at their own rhythm
2849 * as long as they act as if they were alone.
2850 */
2851 list_for_each_entry(ptif, &per_thread_init_list, list) {
2852 if (!ptif->fct()) {
2853 ha_alert("failed to initialize thread %u.\n", tid);
2854 exit(1);
2855 }
2856 }
2857
2858 /* enabling protocols will result in fd_insert() calls to be performed,
2859 * we want all threads to have already allocated their local fd tables
2860 * before doing so, thus only the last thread does it.
2861 */
2862 if (init_left == 0)
2863 protocol_enable_all();
2864
2865 #ifdef USE_THREAD
2866 pthread_cond_broadcast(&init_cond);
2867 pthread_mutex_unlock(&init_mutex);
2868
2869 /* now wait for other threads to finish starting */
2870 pthread_mutex_lock(&init_mutex);
2871 while (init_left)
2872 pthread_cond_wait(&init_cond, &init_mutex);
2873 pthread_mutex_unlock(&init_mutex);
2874 #endif
2875
2876 run_poll_loop();
2877
2878 list_for_each_entry(ptdf, &per_thread_deinit_list, list)
2879 ptdf->fct();
2880
2881 list_for_each_entry(ptff, &per_thread_free_list, list)
2882 ptff->fct();
2883
2884 #ifdef USE_THREAD
2885 _HA_ATOMIC_AND(&all_threads_mask, ~tid_bit);
2886 if (tid > 0)
2887 pthread_exit(NULL);
2888 #endif
2889 return NULL;
2890 }
2891
2892 /* This is the global management task for listeners. It enables listeners waiting
2893 * for global resources when there are enough free resource, or at least once in
2894 * a while. It is designed to be called as a task.
2895 */
manage_global_listener_queue(struct task * t,void * context,unsigned short state)2896 static struct task *manage_global_listener_queue(struct task *t, void *context, unsigned short state)
2897 {
2898 int next = TICK_ETERNITY;
2899 /* queue is empty, nothing to do */
2900 if (LIST_ISEMPTY(&global_listener_queue))
2901 goto out;
2902
2903 /* If there are still too many concurrent connections, let's wait for
2904 * some of them to go away. We don't need to re-arm the timer because
2905 * each of them will scan the queue anyway.
2906 */
2907 if (unlikely(actconn >= global.maxconn))
2908 goto out;
2909
2910 /* We should periodically try to enable listeners waiting for a global
2911 * resource here, because it is possible, though very unlikely, that
2912 * they have been blocked by a temporary lack of global resource such
2913 * as a file descriptor or memory and that the temporary condition has
2914 * disappeared.
2915 */
2916 dequeue_all_listeners(&global_listener_queue);
2917
2918 out:
2919 t->expire = next;
2920 task_queue(t);
2921 return t;
2922 }
2923
main(int argc,char ** argv)2924 int main(int argc, char **argv)
2925 {
2926 int err, retry;
2927 struct rlimit limit;
2928 char errmsg[100];
2929 int pidfd = -1;
2930 int intovf = (unsigned char)argc + 1; /* let the compiler know it's strictly positive */
2931
2932 /* Catch forced CFLAGS that miss 2-complement integer overflow */
2933 if (intovf + 0x7FFFFFFF >= intovf) {
2934 fprintf(stderr,
2935 "FATAL ERROR: invalid code detected -- cannot go further, please recompile!\n"
2936 "The source code was miscompiled by the compiler, which usually indicates that\n"
2937 "some of the CFLAGS needed to work around overzealous compiler optimizations\n"
2938 "were overwritten at build time. Please do not force CFLAGS, and read Makefile\n"
2939 "and INSTALL files to decide on the best way to pass your local build options.\n"
2940 "\nBuild options :"
2941 #ifdef BUILD_TARGET
2942 "\n TARGET = " BUILD_TARGET
2943 #endif
2944 #ifdef BUILD_CPU
2945 "\n CPU = " BUILD_CPU
2946 #endif
2947 #ifdef BUILD_CC
2948 "\n CC = " BUILD_CC
2949 #endif
2950 #ifdef BUILD_CFLAGS
2951 "\n CFLAGS = " BUILD_CFLAGS
2952 #endif
2953 #ifdef BUILD_OPTIONS
2954 "\n OPTIONS = " BUILD_OPTIONS
2955 #endif
2956 #ifdef BUILD_DEBUG
2957 "\n DEBUG = " BUILD_DEBUG
2958 #endif
2959 "\n\n");
2960 return 1;
2961 }
2962
2963 setvbuf(stdout, NULL, _IONBF, 0);
2964
2965 /* this can only safely be done here, though it's optimized away by
2966 * the compiler.
2967 */
2968 if (MAX_PROCS < 1 || MAX_PROCS > LONGBITS) {
2969 ha_alert("MAX_PROCS value must be between 1 and %d inclusive; "
2970 "HAProxy was built with value %d, please fix it and rebuild.\n",
2971 LONGBITS, MAX_PROCS);
2972 exit(1);
2973 }
2974
2975 /* take a copy of initial limits before we possibly change them */
2976 getrlimit(RLIMIT_NOFILE, &limit);
2977
2978 if (limit.rlim_max == RLIM_INFINITY)
2979 limit.rlim_max = limit.rlim_cur;
2980 rlim_fd_cur_at_boot = limit.rlim_cur;
2981 rlim_fd_max_at_boot = limit.rlim_max;
2982
2983 /* process all initcalls in order of potential dependency */
2984 RUN_INITCALLS(STG_PREPARE);
2985 RUN_INITCALLS(STG_LOCK);
2986 RUN_INITCALLS(STG_ALLOC);
2987 RUN_INITCALLS(STG_POOL);
2988 RUN_INITCALLS(STG_REGISTER);
2989 RUN_INITCALLS(STG_INIT);
2990
2991 init(argc, argv);
2992 signal_register_fct(SIGQUIT, dump, SIGQUIT);
2993 signal_register_fct(SIGUSR1, sig_soft_stop, SIGUSR1);
2994 signal_register_fct(SIGHUP, sig_dump_state, SIGHUP);
2995 signal_register_fct(SIGUSR2, NULL, 0);
2996
2997 /* Always catch SIGPIPE even on platforms which define MSG_NOSIGNAL.
2998 * Some recent FreeBSD setups report broken pipes, and MSG_NOSIGNAL
2999 * was defined there, so let's stay on the safe side.
3000 */
3001 signal_register_fct(SIGPIPE, NULL, 0);
3002
3003 /* ulimits */
3004 if (!global.rlimit_nofile)
3005 global.rlimit_nofile = global.maxsock;
3006
3007 if (global.rlimit_nofile) {
3008 limit.rlim_cur = global.rlimit_nofile;
3009 limit.rlim_max = MAX(rlim_fd_max_at_boot, limit.rlim_cur);
3010
3011 if (setrlimit(RLIMIT_NOFILE, &limit) == -1) {
3012 /* try to set it to the max possible at least */
3013 getrlimit(RLIMIT_NOFILE, &limit);
3014 limit.rlim_cur = limit.rlim_max;
3015 if (setrlimit(RLIMIT_NOFILE, &limit) != -1)
3016 getrlimit(RLIMIT_NOFILE, &limit);
3017
3018 ha_warning("[%s.main()] Cannot raise FD limit to %d, limit is %d.\n", argv[0], global.rlimit_nofile, (int)limit.rlim_cur);
3019 global.rlimit_nofile = limit.rlim_cur;
3020 }
3021 }
3022
3023 if (global.rlimit_memmax) {
3024 limit.rlim_cur = limit.rlim_max =
3025 global.rlimit_memmax * 1048576ULL;
3026 #ifdef RLIMIT_AS
3027 if (setrlimit(RLIMIT_AS, &limit) == -1) {
3028 ha_warning("[%s.main()] Cannot fix MEM limit to %d megs.\n",
3029 argv[0], global.rlimit_memmax);
3030 }
3031 #else
3032 if (setrlimit(RLIMIT_DATA, &limit) == -1) {
3033 ha_warning("[%s.main()] Cannot fix MEM limit to %d megs.\n",
3034 argv[0], global.rlimit_memmax);
3035 }
3036 #endif
3037 }
3038
3039 if (old_unixsocket) {
3040 if (strcmp("/dev/null", old_unixsocket) != 0) {
3041 if (get_old_sockets(old_unixsocket) != 0) {
3042 ha_alert("Failed to get the sockets from the old process!\n");
3043 if (!(global.mode & MODE_MWORKER))
3044 exit(1);
3045 }
3046 }
3047 }
3048 get_cur_unixsocket();
3049
3050 /* We will loop at most 100 times with 10 ms delay each time.
3051 * That's at most 1 second. We only send a signal to old pids
3052 * if we cannot grab at least one port.
3053 */
3054 retry = MAX_START_RETRIES;
3055 err = ERR_NONE;
3056 while (retry >= 0) {
3057 struct timeval w;
3058 err = start_proxies(retry == 0 || nb_oldpids == 0);
3059 /* exit the loop on no error or fatal error */
3060 if ((err & (ERR_RETRYABLE|ERR_FATAL)) != ERR_RETRYABLE)
3061 break;
3062 if (nb_oldpids == 0 || retry == 0)
3063 break;
3064
3065 /* FIXME-20060514: Solaris and OpenBSD do not support shutdown() on
3066 * listening sockets. So on those platforms, it would be wiser to
3067 * simply send SIGUSR1, which will not be undoable.
3068 */
3069 if (tell_old_pids(SIGTTOU) == 0) {
3070 /* no need to wait if we can't contact old pids */
3071 retry = 0;
3072 continue;
3073 }
3074 /* give some time to old processes to stop listening */
3075 w.tv_sec = 0;
3076 w.tv_usec = 10*1000;
3077 select(0, NULL, NULL, NULL, &w);
3078 retry--;
3079 }
3080
3081 /* Note: start_proxies() sends an alert when it fails. */
3082 if ((err & ~ERR_WARN) != ERR_NONE) {
3083 if (retry != MAX_START_RETRIES && nb_oldpids) {
3084 protocol_unbind_all(); /* cleanup everything we can */
3085 tell_old_pids(SIGTTIN);
3086 }
3087 exit(1);
3088 }
3089
3090 if (!(global.mode & MODE_MWORKER_WAIT) && listeners == 0) {
3091 ha_alert("[%s.main()] No enabled listener found (check for 'bind' directives) ! Exiting.\n", argv[0]);
3092 /* Note: we don't have to send anything to the old pids because we
3093 * never stopped them. */
3094 exit(1);
3095 }
3096
3097 err = protocol_bind_all(errmsg, sizeof(errmsg));
3098 if ((err & ~ERR_WARN) != ERR_NONE) {
3099 if ((err & ERR_ALERT) || (err & ERR_WARN))
3100 ha_alert("[%s.main()] %s.\n", argv[0], errmsg);
3101
3102 ha_alert("[%s.main()] Some protocols failed to start their listeners! Exiting.\n", argv[0]);
3103 protocol_unbind_all(); /* cleanup everything we can */
3104 if (nb_oldpids)
3105 tell_old_pids(SIGTTIN);
3106 exit(1);
3107 } else if (err & ERR_WARN) {
3108 ha_alert("[%s.main()] %s.\n", argv[0], errmsg);
3109 }
3110 /* Ok, all listener should now be bound, close any leftover sockets
3111 * the previous process gave us, we don't need them anymore
3112 */
3113 while (xfer_sock_list != NULL) {
3114 struct xfer_sock_list *tmpxfer = xfer_sock_list->next;
3115 close(xfer_sock_list->fd);
3116 free(xfer_sock_list->iface);
3117 free(xfer_sock_list->namespace);
3118 free(xfer_sock_list);
3119 xfer_sock_list = tmpxfer;
3120 }
3121
3122 /* prepare pause/play signals */
3123 signal_register_fct(SIGTTOU, sig_pause, SIGTTOU);
3124 signal_register_fct(SIGTTIN, sig_listen, SIGTTIN);
3125
3126 /* MODE_QUIET can inhibit alerts and warnings below this line */
3127
3128 if (getenv("HAPROXY_MWORKER_REEXEC") != NULL) {
3129 /* either stdin/out/err are already closed or should stay as they are. */
3130 if ((global.mode & MODE_DAEMON)) {
3131 /* daemon mode re-executing, stdin/stdout/stderr are already closed so keep quiet */
3132 global.mode &= ~MODE_VERBOSE;
3133 global.mode |= MODE_QUIET; /* ensure that we won't say anything from now */
3134 }
3135 } else {
3136 if ((global.mode & MODE_QUIET) && !(global.mode & MODE_VERBOSE)) {
3137 /* detach from the tty */
3138 stdio_quiet(-1);
3139 }
3140 }
3141
3142 /* open log & pid files before the chroot */
3143 if ((global.mode & MODE_DAEMON || global.mode & MODE_MWORKER) && global.pidfile != NULL) {
3144 unlink(global.pidfile);
3145 pidfd = open(global.pidfile, O_CREAT | O_WRONLY | O_TRUNC, 0644);
3146 if (pidfd < 0) {
3147 ha_alert("[%s.main()] Cannot create pidfile %s\n", argv[0], global.pidfile);
3148 if (nb_oldpids)
3149 tell_old_pids(SIGTTIN);
3150 protocol_unbind_all();
3151 exit(1);
3152 }
3153 }
3154
3155 if ((global.last_checks & LSTCHK_NETADM) && global.uid) {
3156 ha_alert("[%s.main()] Some configuration options require full privileges, so global.uid cannot be changed.\n"
3157 "", argv[0]);
3158 protocol_unbind_all();
3159 exit(1);
3160 }
3161
3162 /* If the user is not root, we'll still let him try the configuration
3163 * but we inform him that unexpected behaviour may occur.
3164 */
3165 if ((global.last_checks & LSTCHK_NETADM) && getuid())
3166 ha_warning("[%s.main()] Some options which require full privileges"
3167 " might not work well.\n"
3168 "", argv[0]);
3169
3170 if ((global.mode & (MODE_MWORKER|MODE_DAEMON)) == 0) {
3171
3172 /* chroot if needed */
3173 if (global.chroot != NULL) {
3174 if (chroot(global.chroot) == -1 || chdir("/") == -1) {
3175 ha_alert("[%s.main()] Cannot chroot(%s).\n", argv[0], global.chroot);
3176 if (nb_oldpids)
3177 tell_old_pids(SIGTTIN);
3178 protocol_unbind_all();
3179 exit(1);
3180 }
3181 }
3182 }
3183
3184 if (nb_oldpids && !(global.mode & MODE_MWORKER_WAIT))
3185 nb_oldpids = tell_old_pids(oldpids_sig);
3186
3187 /* send a SIGTERM to workers who have a too high reloads number */
3188 if ((global.mode & MODE_MWORKER) && !(global.mode & MODE_MWORKER_WAIT))
3189 mworker_kill_max_reloads(SIGTERM);
3190
3191 /* Note that any error at this stage will be fatal because we will not
3192 * be able to restart the old pids.
3193 */
3194
3195 if ((global.mode & (MODE_MWORKER|MODE_DAEMON)) == 0) {
3196 /* setgid / setuid */
3197 if (global.gid) {
3198 if (getgroups(0, NULL) > 0 && setgroups(0, NULL) == -1)
3199 ha_warning("[%s.main()] Failed to drop supplementary groups. Using 'gid'/'group'"
3200 " without 'uid'/'user' is generally useless.\n", argv[0]);
3201
3202 if (setgid(global.gid) == -1) {
3203 ha_alert("[%s.main()] Cannot set gid %d.\n", argv[0], global.gid);
3204 protocol_unbind_all();
3205 exit(1);
3206 }
3207 }
3208
3209 if (global.uid && setuid(global.uid) == -1) {
3210 ha_alert("[%s.main()] Cannot set uid %d.\n", argv[0], global.uid);
3211 protocol_unbind_all();
3212 exit(1);
3213 }
3214 }
3215
3216 /* check ulimits */
3217 limit.rlim_cur = limit.rlim_max = 0;
3218 getrlimit(RLIMIT_NOFILE, &limit);
3219 if (limit.rlim_cur < global.maxsock) {
3220 ha_warning("[%s.main()] FD limit (%d) too low for maxconn=%d/maxsock=%d. Please raise 'ulimit-n' to %d or more to avoid any trouble.\n",
3221 argv[0], (int)limit.rlim_cur, global.maxconn, global.maxsock, global.maxsock);
3222 }
3223
3224 if (global.mode & (MODE_DAEMON | MODE_MWORKER | MODE_MWORKER_WAIT)) {
3225 struct proxy *px;
3226 struct peers *curpeers;
3227 int ret = 0;
3228 int proc;
3229 int devnullfd = -1;
3230
3231 /*
3232 * if daemon + mworker: must fork here to let a master
3233 * process live in background before forking children
3234 */
3235
3236 if ((getenv("HAPROXY_MWORKER_REEXEC") == NULL)
3237 && (global.mode & MODE_MWORKER)
3238 && (global.mode & MODE_DAEMON)) {
3239 ret = fork();
3240 if (ret < 0) {
3241 ha_alert("[%s.main()] Cannot fork.\n", argv[0]);
3242 protocol_unbind_all();
3243 exit(1); /* there has been an error */
3244 } else if (ret > 0) { /* parent leave to daemonize */
3245 exit(0);
3246 } else /* change the process group ID in the child (master process) */
3247 setsid();
3248 }
3249
3250
3251 /* if in master-worker mode, write the PID of the father */
3252 if (global.mode & MODE_MWORKER) {
3253 char pidstr[100];
3254 snprintf(pidstr, sizeof(pidstr), "%d\n", (int)getpid());
3255 if (pidfd >= 0)
3256 shut_your_big_mouth_gcc(write(pidfd, pidstr, strlen(pidstr)));
3257 }
3258
3259 /* the father launches the required number of processes */
3260 if (!(global.mode & MODE_MWORKER_WAIT)) {
3261 if (global.mode & MODE_MWORKER)
3262 mworker_ext_launch_all();
3263 for (proc = 0; proc < global.nbproc; proc++) {
3264 ret = fork();
3265 if (ret < 0) {
3266 ha_alert("[%s.main()] Cannot fork.\n", argv[0]);
3267 protocol_unbind_all();
3268 exit(1); /* there has been an error */
3269 }
3270 else if (ret == 0) { /* child breaks here */
3271 /* This one must not be exported, it's internal! */
3272 unsetenv("HAPROXY_MWORKER_REEXEC");
3273 ha_random_jump96(relative_pid);
3274 break;
3275 }
3276 if (pidfd >= 0 && !(global.mode & MODE_MWORKER)) {
3277 char pidstr[100];
3278 snprintf(pidstr, sizeof(pidstr), "%d\n", ret);
3279 shut_your_big_mouth_gcc(write(pidfd, pidstr, strlen(pidstr)));
3280 }
3281 if (global.mode & MODE_MWORKER) {
3282 struct mworker_proc *child;
3283
3284 ha_notice("New worker #%d (%d) forked\n", relative_pid, ret);
3285 /* find the right mworker_proc */
3286 list_for_each_entry(child, &proc_list, list) {
3287 if (child->relative_pid == relative_pid &&
3288 child->reloads == 0 && child->options & PROC_O_TYPE_WORKER) {
3289 child->timestamp = now.tv_sec;
3290 child->pid = ret;
3291 child->version = strdup(haproxy_version);
3292 break;
3293 }
3294 }
3295 }
3296
3297 relative_pid++; /* each child will get a different one */
3298 pid_bit <<= 1;
3299 }
3300 } else {
3301 /* wait mode */
3302 global.nbproc = 1;
3303 proc = 1;
3304 }
3305
3306 #ifdef USE_CPU_AFFINITY
3307 if (proc < global.nbproc && /* child */
3308 proc < MAX_PROCS && /* only the first 32/64 processes may be pinned */
3309 global.cpu_map.proc[proc]) /* only do this if the process has a CPU map */
3310 #ifdef __FreeBSD__
3311 {
3312 cpuset_t cpuset;
3313 int i;
3314 unsigned long cpu_map = global.cpu_map.proc[proc];
3315
3316 CPU_ZERO(&cpuset);
3317 while ((i = ffsl(cpu_map)) > 0) {
3318 CPU_SET(i - 1, &cpuset);
3319 cpu_map &= ~(1UL << (i - 1));
3320 }
3321 ret = cpuset_setaffinity(CPU_LEVEL_WHICH, CPU_WHICH_PID, -1, sizeof(cpuset), &cpuset);
3322 }
3323 #else
3324 sched_setaffinity(0, sizeof(unsigned long), (void *)&global.cpu_map.proc[proc]);
3325 #endif
3326 #endif
3327 /* close the pidfile both in children and father */
3328 if (pidfd >= 0) {
3329 //lseek(pidfd, 0, SEEK_SET); /* debug: emulate eglibc bug */
3330 close(pidfd);
3331 }
3332
3333 /* We won't ever use this anymore */
3334 free(global.pidfile); global.pidfile = NULL;
3335
3336 if (proc == global.nbproc) {
3337 if (global.mode & (MODE_MWORKER|MODE_MWORKER_WAIT)) {
3338
3339 if ((!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
3340 (global.mode & MODE_DAEMON)) {
3341 /* detach from the tty, this is required to properly daemonize. */
3342 if ((getenv("HAPROXY_MWORKER_REEXEC") == NULL))
3343 stdio_quiet(-1);
3344
3345 global.mode &= ~MODE_VERBOSE;
3346 global.mode |= MODE_QUIET; /* ensure that we won't say anything from now */
3347 }
3348
3349 mworker_loop();
3350 /* should never get there */
3351 exit(EXIT_FAILURE);
3352 }
3353 #if defined(USE_OPENSSL) && !defined(OPENSSL_NO_DH)
3354 ssl_free_dh();
3355 #endif
3356 exit(0); /* parent must leave */
3357 }
3358
3359 /* child must never use the atexit function */
3360 atexit_flag = 0;
3361
3362 /* close useless master sockets */
3363 if (global.mode & MODE_MWORKER) {
3364 struct mworker_proc *child, *it;
3365 master = 0;
3366
3367 mworker_cli_proxy_stop();
3368
3369 /* free proc struct of other processes */
3370 list_for_each_entry_safe(child, it, &proc_list, list) {
3371 /* close the FD of the master side for all
3372 * workers, we don't need to close the worker
3373 * side of other workers since it's done with
3374 * the bind_proc */
3375 if (child->ipc_fd[0] >= 0)
3376 close(child->ipc_fd[0]);
3377 if (child->relative_pid == relative_pid &&
3378 child->reloads == 0) {
3379 /* keep this struct if this is our pid */
3380 proc_self = child;
3381 continue;
3382 }
3383 LIST_DEL(&child->list);
3384 mworker_free_child(child);
3385 child = NULL;
3386 }
3387 }
3388
3389 if (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) {
3390 devnullfd = open("/dev/null", O_RDWR, 0);
3391 if (devnullfd < 0) {
3392 ha_alert("Cannot open /dev/null\n");
3393 exit(EXIT_FAILURE);
3394 }
3395 }
3396
3397 /* Must chroot and setgid/setuid in the children */
3398 /* chroot if needed */
3399 if (global.chroot != NULL) {
3400 if (chroot(global.chroot) == -1 || chdir("/") == -1) {
3401 ha_alert("[%s.main()] Cannot chroot(%s).\n", argv[0], global.chroot);
3402 if (nb_oldpids)
3403 tell_old_pids(SIGTTIN);
3404 protocol_unbind_all();
3405 exit(1);
3406 }
3407 }
3408
3409 free(global.chroot);
3410 global.chroot = NULL;
3411
3412 /* setgid / setuid */
3413 if (global.gid) {
3414 if (getgroups(0, NULL) > 0 && setgroups(0, NULL) == -1)
3415 ha_warning("[%s.main()] Failed to drop supplementary groups. Using 'gid'/'group'"
3416 " without 'uid'/'user' is generally useless.\n", argv[0]);
3417
3418 if (setgid(global.gid) == -1) {
3419 ha_alert("[%s.main()] Cannot set gid %d.\n", argv[0], global.gid);
3420 protocol_unbind_all();
3421 exit(1);
3422 }
3423 }
3424
3425 if (global.uid && setuid(global.uid) == -1) {
3426 ha_alert("[%s.main()] Cannot set uid %d.\n", argv[0], global.uid);
3427 protocol_unbind_all();
3428 exit(1);
3429 }
3430
3431 /* pass through every cli socket, and check if it's bound to
3432 * the current process and if it exposes listeners sockets.
3433 * Caution: the GTUNE_SOCKET_TRANSFER is now set after the fork.
3434 * */
3435
3436 if (global.stats_fe) {
3437 struct bind_conf *bind_conf;
3438
3439 list_for_each_entry(bind_conf, &global.stats_fe->conf.bind, by_fe) {
3440 if (bind_conf->level & ACCESS_FD_LISTENERS) {
3441 if (!bind_conf->bind_proc || bind_conf->bind_proc & (1UL << proc)) {
3442 global.tune.options |= GTUNE_SOCKET_TRANSFER;
3443 break;
3444 }
3445 }
3446 }
3447 }
3448
3449 /* we might have to unbind some proxies from some processes */
3450 px = proxies_list;
3451 while (px != NULL) {
3452 if (px->bind_proc && px->state != PR_STSTOPPED) {
3453 if (!(px->bind_proc & (1UL << proc))) {
3454 if (global.tune.options & GTUNE_SOCKET_TRANSFER)
3455 zombify_proxy(px);
3456 else
3457 stop_proxy(px);
3458 }
3459 }
3460 px = px->next;
3461 }
3462
3463 /* we might have to unbind some peers sections from some processes */
3464 for (curpeers = cfg_peers; curpeers; curpeers = curpeers->next) {
3465 if (!curpeers->peers_fe)
3466 continue;
3467
3468 if (curpeers->peers_fe->bind_proc & (1UL << proc))
3469 continue;
3470
3471 stop_proxy(curpeers->peers_fe);
3472 /* disable this peer section so that it kills itself */
3473 signal_unregister_handler(curpeers->sighandler);
3474 task_destroy(curpeers->sync_task);
3475 curpeers->sync_task = NULL;
3476 task_destroy(curpeers->peers_fe->task);
3477 curpeers->peers_fe->task = NULL;
3478 curpeers->peers_fe = NULL;
3479 }
3480
3481 /*
3482 * This is only done in daemon mode because we might want the
3483 * logs on stdout in mworker mode. If we're NOT in QUIET mode,
3484 * we should now close the 3 first FDs to ensure that we can
3485 * detach from the TTY. We MUST NOT do it in other cases since
3486 * it would have already be done, and 0-2 would have been
3487 * affected to listening sockets
3488 */
3489 if ((global.mode & MODE_DAEMON) &&
3490 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE))) {
3491 /* detach from the tty */
3492 stdio_quiet(devnullfd);
3493 global.mode &= ~MODE_VERBOSE;
3494 global.mode |= MODE_QUIET; /* ensure that we won't say anything from now */
3495 }
3496 pid = getpid(); /* update child's pid */
3497 if (!(global.mode & MODE_MWORKER)) /* in mworker mode we don't want a new pgid for the children */
3498 setsid();
3499 fork_poller();
3500 }
3501
3502 /* try our best to re-enable core dumps depending on system capabilities.
3503 * What is addressed here :
3504 * - remove file size limits
3505 * - remove core size limits
3506 * - mark the process dumpable again if it lost it due to user/group
3507 */
3508 if (global.tune.options & GTUNE_SET_DUMPABLE) {
3509 limit.rlim_cur = limit.rlim_max = RLIM_INFINITY;
3510
3511 #if defined(RLIMIT_FSIZE)
3512 if (setrlimit(RLIMIT_FSIZE, &limit) == -1)
3513 ha_warning("[%s.main()] Failed to set the raise the maximum file size.\n", argv[0]);
3514 #endif
3515
3516 #if defined(RLIMIT_CORE)
3517 if (setrlimit(RLIMIT_CORE, &limit) == -1)
3518 ha_warning("[%s.main()] Failed to set the raise the core dump size.\n", argv[0]);
3519 #endif
3520
3521 #if defined(USE_PRCTL)
3522 if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1)
3523 ha_warning("[%s.main()] Failed to set the dumpable flag, no core will be dumped.\n", argv[0]);
3524 #endif
3525 }
3526
3527 global.mode &= ~MODE_STARTING;
3528 /*
3529 * That's it : the central polling loop. Run until we stop.
3530 */
3531 #ifdef USE_THREAD
3532 {
3533 sigset_t blocked_sig, old_sig;
3534 int i;
3535
3536 /* ensure the signals will be blocked in every thread */
3537 sigfillset(&blocked_sig);
3538 sigdelset(&blocked_sig, SIGPROF);
3539 sigdelset(&blocked_sig, SIGBUS);
3540 sigdelset(&blocked_sig, SIGFPE);
3541 sigdelset(&blocked_sig, SIGILL);
3542 sigdelset(&blocked_sig, SIGSEGV);
3543 pthread_sigmask(SIG_SETMASK, &blocked_sig, &old_sig);
3544
3545 /* Create nbthread-1 thread. The first thread is the current process */
3546 thread_info[0].pthread = pthread_self();
3547 for (i = 1; i < global.nbthread; i++)
3548 pthread_create(&thread_info[i].pthread, NULL, &run_thread_poll_loop, (void *)(long)i);
3549
3550 #ifdef USE_CPU_AFFINITY
3551 /* Now the CPU affinity for all threads */
3552
3553 /* If on multiprocess, use proc_t1 except for the first process.
3554 */
3555 if ((relative_pid - 1) > 0)
3556 global.cpu_map.thread[0] = global.cpu_map.proc_t1[relative_pid-1];
3557
3558 for (i = 0; i < global.nbthread; i++) {
3559 if (global.cpu_map.proc[relative_pid-1])
3560 global.cpu_map.thread[i] &= global.cpu_map.proc[relative_pid-1];
3561
3562 if (i < MAX_THREADS && /* only the first 32/64 threads may be pinned */
3563 global.cpu_map.thread[i]) {/* only do this if the thread has a THREAD map */
3564 #if defined(__FreeBSD__) || defined(__NetBSD__)
3565 cpuset_t cpuset;
3566 #else
3567 cpu_set_t cpuset;
3568 #endif
3569 int j;
3570 unsigned long cpu_map = global.cpu_map.thread[i];
3571
3572 CPU_ZERO(&cpuset);
3573
3574 while ((j = ffsl(cpu_map)) > 0) {
3575 CPU_SET(j - 1, &cpuset);
3576 cpu_map &= ~(1UL << (j - 1));
3577 }
3578 pthread_setaffinity_np(thread_info[i].pthread,
3579 sizeof(cpuset), &cpuset);
3580 }
3581 }
3582 #endif /* !USE_CPU_AFFINITY */
3583
3584 /* when multithreading we need to let only the thread 0 handle the signals */
3585 haproxy_unblock_signals();
3586
3587 /* Finally, start the poll loop for the first thread */
3588 run_thread_poll_loop(0);
3589
3590 /* Wait the end of other threads */
3591 for (i = 1; i < global.nbthread; i++)
3592 pthread_join(thread_info[i].pthread, NULL);
3593
3594 #if defined(DEBUG_THREAD) || defined(DEBUG_FULL)
3595 show_lock_stats();
3596 #endif
3597 }
3598 #else /* ! USE_THREAD */
3599 haproxy_unblock_signals();
3600 run_thread_poll_loop(0);
3601 #endif
3602
3603 /* Do some cleanup */
3604 deinit();
3605
3606 exit(0);
3607 }
3608
3609
3610 /*
3611 * Local variables:
3612 * c-indent-level: 8
3613 * c-basic-offset: 8
3614 * End:
3615 */
3616