From phk at phk.freebsd.dk Mon Jul 3 08:55:55 2017 From: phk at phk.freebsd.dk (Poul-Henning Kamp) Date: Mon, 03 Jul 2017 08:55:55 +0000 Subject: Almost entirely offline now... Message-ID: <77411.1499072155@critter.freebsd.dk> Later today I start transferring my lab to the new house. This is a relatively large undertaking and in two weeks time we move the household as well. I will be attending bugwash today and the 10th, but not on the 17th, which is the day we move the household. If you need my attention urgently: +45 21 72 05 25 Otherwise email. Hopefully near the end of july, life will become more normal again... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk at FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From geoff at uplex.de Mon Jul 10 10:56:07 2017 From: geoff at uplex.de (Geoff Simmons) Date: Mon, 10 Jul 2017 12:56:07 +0200 Subject: RFC: first attempt at -a for Unix domain sockets Message-ID: Hello all, This commit on a fork of Varnish is a first stab at implementing UDS as a listen address: https://github.com/slimhazard/varnish-cache/commit/881a18613ceb86be5eca721200667d4bb0f20cf6 I've written some notes in the Wiki about issues that I think are worth attention: https://github.com/slimhazard/varnish-cache/wiki/First-implementation-of-listen at UDS This is *not* a full-blown implementation of UDS for Varnish, and far from everything foreseen in VIP17. But rather an effort to find out what needs to be done as a basis for discussion and criticism. It does successfully listen to a UDS and respond to requests, and adds no additional space requirements to session workspace (the Wiki explains how that works). It also passes 'make check' (although no tests have been added yet for UDS). So your comments are very much welcome. Thanks, Geoff -- ** * * UPLEX - Nils Goroll Systemoptimierung Scheffelstra?e 32 22301 Hamburg Tel +49 40 2880 5731 Mob +49 176 636 90917 Fax +49 40 42949753 http://uplex.de -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From geoff at uplex.de Tue Jul 11 11:12:36 2017 From: geoff at uplex.de (Geoff Simmons) Date: Tue, 11 Jul 2017 13:12:36 +0200 Subject: RFC: first attempt at Unix domain sockets as backends Message-ID: Hello again, As with the listen addresses yesterday: this commit on a fork of Varnish is a first attempt to implement UDSen as the connect address for backends: https://github.com/slimhazard/varnish-cache/commit/3ac2202de88ca18c9bc0a3d3b095fff1a53aaed3 And there are notes in the Wiki about the concept and issues worth attention: https://github.com/slimhazard/varnish-cache/wiki/First-implementation-of-backends at UDS The idea is to have some functional code as a basis for discussion. Comments are welcome, for which I am pleased to attempt to bribe you with a round of beer at the next dev meeting (assuming that we'll be having a next dev meeting). Thanks, Geoff -- ** * * UPLEX - Nils Goroll Systemoptimierung Scheffelstra?e 32 22301 Hamburg Tel +49 40 2880 5731 Mob +49 176 636 90917 Fax +49 40 42949753 http://uplex.de -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From geoff at uplex.de Wed Jul 12 11:09:28 2017 From: geoff at uplex.de (Geoff Simmons) Date: Wed, 12 Jul 2017 13:09:28 +0200 Subject: PROXY and Unix domain sockets Message-ID: <4e934760-1522-7ea2-2ca4-269d521332c4@uplex.de> Hello all, Again I'm writing in the hope of soliciting opinions, this time pondering support for UDS in the PROXY protocol. If we release a version of Varnish as "now supporting UDS", it might seem logical to support UDS for PROXY as well. But that doesn't necessarily follow -- if Varnish supports UDS for listen and backend addresses, it may still reject PROXY headers that denote a UDS. As of now, I'm thinking that would be the right way to go. But I'm a bit concerned that there may be no good way to support PROXY with UDS in the foreseeable future, for reasons I'll try to explain. For one thing, the use case is evidently marginal. UDS in a PROXY header would mean that someone is running a proxy that listens at a UDS and forwards to Varnish, and wants to tell Varnish via PROXY about its UDS listen address. That setup is evidently rare enough that no one seems to have complained about Varnish rejecting such a PROXY header. Also, PROXYv1 (the human-readable format) doesn't support UDS, The address family is either TCPv4 or TCPv6, anything else is UNKNOWN. So the only the possible scenario is receiving AF_UNIX via PROXYv2. Conceivably, we could support that. The difficulty I see is: * We convert the addresses from the PROXY header to VSAs, which become the session attributes for the client and server addresses in session workspace. * We wanted to avoid adding the storage for sockaddr_un (128 bytes each, with about 100 bytes for the path) to session workspace. * I can't think of any good place besides session workspace to put the UDS addresses sent via PROXY. When PROXYv2 sends AF_UNIX, there are two addresses, 108 bytes each, so the protocol specifies 216 bytes. Where should the storage go? So far in the fork, I have VSAs with a pointer to sockaddr_un, and someone is the "owner" of the storage that it points to, responsible for freeing it. So VSAs don't become any larger, and don't take up more session workspace (on my machine, a VSA is 40 bytes). For listen addresses, the owner is the management process, who has the pointers to the sockaddr_un's in the pool of listen_socks, which is handed off to the child via heritage.socks. The pool is valid for the lifetime for the mgt process, so the sockaddr_un storage just dies when mgt exits (this was already the case for the pool of listen_socks before the introduction of UDS). For backend addresses, the owner is struct backend, which now has pointers to a UDS VSA and a sockaddr_un. These are freed in VBE_Delete. In any other UDS VSA duplicated from one of those, such as the session attributes or the TCP pool for a backend, the pointer to sockaddr_un in the VSA is copied from the owner -- it "points back" to the space managed by the owner. Those components don't attempt to free the pointer. I'm pretty happy about how this has turned out, because I think it keeps the sockaddr_un storage needs down to the minimum necessary, and manages the storage the right way. (Still interested in feedback about that.) But as presently conceived, the addresses sent via PROXY are "owned" by a session, and become invalid when the session closes. Theoretically, PROXY could send a different address every time, but in practice the address sent would be the same almost every time, at least on one listen address. So we could have an external table of sockaddr_un's created from PROXY headers, and VSAs in session workspace would point to entries in the table. That would mean sessions receiving a UDS via PROXY would have to search the table, strcmp against their paths, and insert new sockaddr_un's as necessary. Something would have to take care of garbage collecting the table occasionally. At any rate, my recommendation is: * Don't support UDS via PROXYv2 for the time being, even if we support UDS for listen and backend addresses. * Put the question of storage for sockaddr_un's derived from PROXY on the list of ponderables for the future. As usual, comments are welcome. Thanks, Geoff -- ** * * UPLEX - Nils Goroll Systemoptimierung Scheffelstra?e 32 22301 Hamburg Tel +49 40 2880 5731 Mob +49 176 636 90917 Fax +49 40 42949753 http://uplex.de -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From geoff at uplex.de Wed Jul 12 15:30:04 2017 From: geoff at uplex.de (Geoff Simmons) Date: Wed, 12 Jul 2017 17:30:04 +0200 Subject: PROXY and Unix domain sockets In-Reply-To: <4e934760-1522-7ea2-2ca4-269d521332c4@uplex.de> References: <4e934760-1522-7ea2-2ca4-269d521332c4@uplex.de> Message-ID: <84f290f3-6936-b03f-7dd3-b51bc8356002@uplex.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/12/2017 01:09 PM, Geoff Simmons wrote: > > Again I'm writing in the hope of soliciting opinions, this time > pondering support for UDS in the PROXY protocol. I should have mentioned that the last mail was entirely about receiving PROXY headers. We can of course send UDS info in PROXY headers to a backend is configured for it, in fact it's the only right thing to do when Varnish is listening at UDS. For PROXYv2 that's straightforward. For PROXYv1 however, it will mean that UNKNOWN will have to be sent when Varnish is listening at UDS. If a backend requires PROXYv1 but always rejects UNKNOWN, and that can't be changed, this might be a bit of a problem. Best, Geoff - -- ** * * UPLEX - Nils Goroll Systemoptimierung Scheffelstra?e 32 22301 Hamburg Tel +49 40 2880 5731 Mob +49 176 636 90917 Fax +49 40 42949753 http://uplex.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZZkB7AAoJEOUwvh9pJNUR5nAP/2/tLDamxwCS4KdCrjPCsz2u IUIJ7eTD/rCep2OPvmwF1WcMftuDMussKOA/S+9MBh73XPqzhtG4xNWluA0e+q+3 zhmHSMlz9qRwmuLJJU9WhWjnKm0PrKzDEf+pnbr71KcenYeLHez7tBojYdz1Yv7Q k1fvh0Rz5Xk8d/ukczDjVr7AIPc8hsk8CoHCk04FUcNokQq+0ScWDcAj9Ygc28R4 GYBnTIf9wHgk/loCZM7H4CCgAyQHPyYtnOC7kRbUySPp/vGq2HukKaqf3R975nCb aQIuKXJ6M0pwOy5DuwuQuMqWeL9hsYpILSPGudI26fWDs85ZXWmilpqO47XFsLDd 49VAlfXsbmFExe1CxZbapWHfNtC5WUdpw2MtCHsx4R1Nep6H7C+pZUzTd9xRqagi Jx3v8lfBNPZrru5ysGi1wWk9w4F6XMBzUnf5w+3ZyUGZ6u0qSRxXtA2dSMA6LL6y P+DYg+B/ZR9614H5Hg+m5/GMWnyTH+NzWw7cbXR2+2ok2/vTExuZezdlq5tGs9GJ kFUt2pC35TIFrw+wlxyNwnKb+K9xpneko8/nK31gO05XrJiTwsFu4M1ImgWGZSt4 F8ozwM6LcVTYEurQEUgqgu0lV86uwdbqqFgAgJlGLIa+wrfsWlVnX6x1JOoE8YlU mmZ9hdw/M0bZAFYIpips =z9fx -----END PGP SIGNATURE----- From sollie at sparkz.no Fri Jul 14 15:21:38 2017 From: sollie at sparkz.no (Sherri Payton) Date: Sat, 15 Jul 2017 00:21:38 +0900 Subject: =?utf-8?B?UmU6IGFtYXppbmcgYWR2ZW50dXJl?= Message-ID: <1298560369.20170714172138@sparkz.no> Dear! We've had an amazing summer adventure this year and I wanted to share some photos with you, here, take a look http://larahomans.com/ua/wp-content/uploads/2016/03/palestinian.php?cfce Wishes, Sherri Payton From: varnish-dev [mailto:varnish-dev at varnish-cache.org] Sent: Friday, July 14, 2017 10:21 AM To: sollie at sparkz.no Subject: Pensionarsskatten I actually just had an awesome experience at my local store mist hub. Just got into RBAs and went in to buy a certain dripper. They were out and I talked to the employee and let them guide me to something. I usually research the hell out of my purchases and am leery of buying stuff on a whim. Turns out it works great and I love it. So thanks mist hub for taking the time to answer way too many questions and pointing me to something I love. Also thanks to yall for the giveaway. Sent from Mail for Windows 10 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: FBA41657528CF0329A8EBA5D7E82EEB1.jpg Type: image/jpeg Size: 20431 bytes Desc: not available URL: From geoff at uplex.de Mon Jul 17 12:56:18 2017 From: geoff at uplex.de (Geoff Simmons) Date: Mon, 17 Jul 2017 14:56:18 +0200 Subject: varnish and pcre2 In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/23/2016 09:42 AM, Geoff Simmons wrote: > On 11/22/2016 11:22 PM, Nils Goroll wrote: >> On 22/11/16 14:41, David CARLIER wrote: >>> You probably thought of it but is there any plan (next year ?) >>> to implement pcre2 support in varnish ? > >> IIRC Geoff has a pcre2 version of >> https://code.uplex.de/uplex-varnish/libvmod-re in the works > > "In the works" is saying too much, more like kicking around the > idea. Real Soon Now in my Copious Free Time. Only eight months later ... https://code.uplex.de/uplex-varnish/libvmod-pcre2 Let us know what you think if you get a chance to try it. Best, Geoff - -- ** * * UPLEX - Nils Goroll Systemoptimierung Scheffelstra?e 32 22301 Hamburg Tel +49 40 2880 5731 Mob +49 176 636 90917 Fax +49 40 42949753 http://uplex.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZbLPyAAoJEOUwvh9pJNUR4I8QAKh5NoVZ3l9gLNY82dvGGyON 2ITsqVhy2CpvFoKQFIYFNYxOKSl5dQhgqioopeODB8EucJ4zdBUQOy0qvUuBylq0 z7aVjauVQp8t0W7mCRmx5MmRwvC0u4z59wQ34FXXQXO3MS/HsnSG9bZDOZfeXK3p 6eVtGAacfimEPgXnuIoDQsntalUomq9lre/71koFuOTRA3zvvZ3rzFLvtOTSd1J/ BHnVdlLR3YVLxXRod4puUd7qJ9lEiwCoN6OiKE8GNwm5uD3nC8Pi+75utg760m1r q4FHivLf6AolJIMq2NWRV8Bfwa1Dsh+trLIsEYlt1+Ct1ntzK+jo5HVOfc5QrTnf vB6tgAOE4Na1u5Yo9bepYScS1QxEQ+GYYHARtShY0wksLLlruXVGZJAa4aseVZyU DF178mXVrThX2KCJy8OtnKH1JDAKBGbM2LHX5kY+DjZZ5VtoJGo1JEOwmUNcs1GB MIqnaQHDbxR1KHubbkOdFhwemOdMzgpUAn7DuHmR/TUvjJHumIFT3J++mW1tlp2W 4bhjXpEysYXJ91fZC659RXEfhvdfi6ak+N5V4tTsH0U/5uoHur5biiP377/ssVJF 1eS00wjyNXPSnObodQdpYkFocF0LlIhvG7i8ZJHOgoDMNXJPe1+1gnEe3wIM9I0z uN3Y9hJaq+gNKirwOyjJ =Lguk -----END PGP SIGNATURE----- From phk at phk.freebsd.dk Sun Jul 23 23:31:45 2017 From: phk at phk.freebsd.dk (Poul-Henning Kamp) Date: Sun, 23 Jul 2017 23:31:45 +0000 Subject: Almost back... Message-ID: <85133.1500852705@critter.freebsd.dk> I'm almost back in action, as in, I can now probably find some hours everyday to actually do work. I won't be around for the bugwash tomorrow though: It's time for my traditional yearly talk at TheCamp.dk Over the coming week, I'll try to poll each of you on IRC in private, to get back in sync and to get my todo-list sorted in relevant order. And yes, we love our new house... Thanks for being patient with me during this period of madness & havoc. Poul-Henning -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk at FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.