diff options
Diffstat (limited to 'net/haproxy17/files')
| -rw-r--r-- | net/haproxy17/files/haproxy.in | 125 | ||||
| -rw-r--r-- | net/haproxy17/files/patch-fix-cpuaffinity | 26 | ||||
| -rw-r--r-- | net/haproxy17/files/patch-src_ssl__sock.c | 45 |
3 files changed, 196 insertions, 0 deletions
diff --git a/net/haproxy17/files/haproxy.in b/net/haproxy17/files/haproxy.in new file mode 100644 index 000000000000..3e2d8b3a034e --- /dev/null +++ b/net/haproxy17/files/haproxy.in @@ -0,0 +1,125 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: haproxy +# REQUIRE: DAEMON LOGIN +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable haproxy: +# +# haproxy_enable (bool): default: "NO" +# Set to "YES" to enable haproxy +# haproxy_pidfile (str): default: /var/run/haproxy.pid +# Set to the full path of the pid file +# haproxy_config (str): default: %%PREFIX%%/etc/haproxy.conf +# Set to the full path of the config file +# haproxy_flags (str): default: Autogenerated using pidfile and config options +# Set to override with your own options +# haproxy_profiles (str): default: empty +# Set to space-separated list of profiles: for each profile separate haproxy +# process will be spawned, with haproxy-${profile}.conf config file. +# You can override default pidfile and config file for each profile with +# haproxy_${profile}_config and haproxy_${profile}_pidfile. + +. /etc/rc.subr + +name="haproxy" +rcvar=haproxy_enable +command="%%PREFIX%%/sbin/haproxy" +extra_commands="reload configtest hardstop hardreload" +reload_cmd="haproxy_reload" +hardreload_cmd="haproxy_reload" +hardreload_precmd="def_hardreload_option" +stop_cmd="haproxy_stop" +hardstop_cmd="haproxy_stop" +hardstop_precmd="def_hardstop_signal" + +: ${haproxy_enable:="NO"} +: ${haproxy_config:="%%PREFIX%%/etc/${name}.conf"} +pidfile=${haproxy_pidfile:-"/var/run/haproxy.pid"} + +def_hardreload_option() +{ + reload_opt="-st" +} + +def_hardstop_signal() +{ + sig_stop="TERM" +} + +load_rc_config $name + +is_valid_profile() { + local profile + for profile in $haproxy_profiles; do + if [ "$profile" = "$1" ]; then + return 0 + fi + done + return 1 +} + +if [ -n "$2" ]; then + profile=$2 + if ! is_valid_profile $profile; then + echo "$0: no such profile ($profile) defined in ${name}_profiles." + exit 1 + fi + eval haproxy_config="\${haproxy_${profile}_config:-%%PREFIX%%/etc/haproxy-${profile}.conf}" + eval pidfile="\${haproxy_${profile}_pidfile:-/var/run/haproxy-${profile}.pid}" +else + if [ "x${haproxy_profiles}" != "x" -a "x$1" != "x" ]; then + for profile in ${haproxy_profiles}; do + echo "===> ${name} profile: ${profile}" + %%PREFIX%%/etc/rc.d/haproxy $1 ${profile} + retcode="$?" + if [ ${retcode} -ne 0 ]; then + failed="${profile} (${retcode}) ${failed:-}" + else + success="${profile} ${success:-}" + fi + done + exit 0 + fi +fi + +: ${haproxy_flags:="-q -f ${haproxy_config} -p ${pidfile}"} +configtest_cmd="$command -c -f $haproxy_config" +start_precmd="$command -q -c -f $haproxy_config" +required_files=$haproxy_config +sig_stop=SIGUSR1 +reload_opt="-sf" + +haproxy_reload() +{ + ${command} -q -c -f ${haproxy_config} + if [ $? -ne 0 ]; then + err 1 "Error found in ${haproxy_config} - not reloading current process!" + fi + rc_pid=$(check_pidfile ${pidfile} ${command}) + if [ $rc_pid ]; then + ${command} ${haproxy_flags} $reload_opt $(cat ${pidfile}) + else + _run_rc_notrunning + return 1 + fi +} + +haproxy_stop() +{ + rc_pid=$(check_pidfile ${pidfile} ${command}) + if [ $rc_pid ]; then + rc_pid=$(cat ${pidfile}) + kill -$sig_stop $rc_pid + wait_for_pids $rc_pid + else + _run_rc_notrunning + return 1 + fi +} + +run_rc_command "$1" diff --git a/net/haproxy17/files/patch-fix-cpuaffinity b/net/haproxy17/files/patch-fix-cpuaffinity new file mode 100644 index 000000000000..ba992d5f9465 --- /dev/null +++ b/net/haproxy17/files/patch-fix-cpuaffinity @@ -0,0 +1,26 @@ +X-Git-Url: http://git.haproxy.org/?p=haproxy.git;a=blobdiff_plain;f=src%2Fhaproxy.c;h=30e850c4ac4719b71adccb3b6bd41248ef5bb470;hp=7af4ab479c761a43b2fa64d2124388dbf5c21fc3;hb=97148f60b8feec39b76768d1bcfab6d755c12164;hpb=0d00593361b91017b894c4c7d5e24721a7838d6e + +diff --git a/src/haproxy.c b/src/haproxy.c +index 7af4ab4..30e850c 100644 +--- src/haproxy.c ++++ src/haproxy.c +@@ -2018,7 +2018,18 @@ int main(int argc, char **argv) + proc < LONGBITS && /* only the first 32/64 processes may be pinned */ + global.cpu_map[proc]) /* only do this if the process has a CPU map */ + #ifdef __FreeBSD__ +- cpuset_setaffinity(CPU_LEVEL_WHICH, CPU_WHICH_PID, -1, sizeof(unsigned long), (void *)&global.cpu_map[proc]); ++ { ++ cpuset_t cpuset; ++ int i; ++ unsigned long cpu_map = global.cpu_map[proc]; ++ ++ CPU_ZERO(&cpuset); ++ while ((i = ffsl(cpu_map)) > 0) { ++ CPU_SET(i - 1, &cpuset); ++ cpu_map &= ~(1 << (i - 1)); ++ } ++ ret = cpuset_setaffinity(CPU_LEVEL_WHICH, CPU_WHICH_PID, -1, sizeof(cpuset), &cpuset); ++ } + #else + sched_setaffinity(0, sizeof(unsigned long), (void *)&global.cpu_map[proc]); + #endif diff --git a/net/haproxy17/files/patch-src_ssl__sock.c b/net/haproxy17/files/patch-src_ssl__sock.c new file mode 100644 index 000000000000..d67b9127ca80 --- /dev/null +++ b/net/haproxy17/files/patch-src_ssl__sock.c @@ -0,0 +1,45 @@ +--- src/ssl_sock.c.orig 2017-07-07 09:49:34 UTC ++++ src/ssl_sock.c +@@ -794,8 +794,11 @@ static int ssl_sock_load_ocsp(SSL_CTX *c + ocsp = NULL; + + #ifndef SSL_CTX_get_tlsext_status_cb ++#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB ++#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 ++#endif + # define SSL_CTX_get_tlsext_status_cb(ctx, cb) \ +- *cb = (void (*) (void))ctx->tlsext_status_cb; ++ *cb = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb) + #endif + SSL_CTX_get_tlsext_status_cb(ctx, &callback); + +@@ -823,7 +826,10 @@ static int ssl_sock_load_ocsp(SSL_CTX *c + int key_type; + EVP_PKEY *pkey; + +-#ifdef SSL_CTX_get_tlsext_status_arg ++#if defined(SSL_CTX_get_tlsext_status_arg) || defined(LIBRESSL_VERSION_NUMBER) ++#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG ++#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 ++#endif + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg); + #else + cb_arg = ctx->tlsext_status_arg; +@@ -3539,7 +3545,7 @@ int ssl_sock_handshake(struct connection + OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx); + empty_handshake = state == TLS_ST_BEFORE; + #else +- empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length; ++ empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE; + #endif + + if (empty_handshake) { +@@ -3617,7 +3623,7 @@ int ssl_sock_handshake(struct connection + state = SSL_get_state((SSL *)conn->xprt_ctx); + empty_handshake = state == TLS_ST_BEFORE; + #else +- empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length; ++ empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE; + #endif + if (empty_handshake) { + if (!errno) { |