From nobody Wed Jan 12 08:58:22 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4783D194D9B9; Wed, 12 Jan 2022 08:58:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JYhL703KJz4g7Z; Wed, 12 Jan 2022 08:58:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D66491E52; Wed, 12 Jan 2022 08:58:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20C8wMJO003695; Wed, 12 Jan 2022 08:58:22 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20C8wM7J003694; Wed, 12 Jan 2022 08:58:22 GMT (envelope-from git) Date: Wed, 12 Jan 2022 08:58:22 GMT Message-Id: <202201120858.20C8wM7J003694@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Dmitry Sivachenko Subject: git: 649fbfd15a9b - main - net/haproxy: copy to haproxy24. List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: demon X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 649fbfd15a9b2d83c64b754b1ecf4a9b5dd03f19 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1641977903; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=naL37jrl2jVJIuVPoFNmK2ZtVAwAy7MlkUUw5ZJQvp0=; b=kGC0USfXFg8n87WvOpcLt7RvPXiQeRpzqlztIfmZkrE2tFhqcwVp0FvACAyif0W8J2OXOL nETv86EZnLv3kaOFCyBNyU3/qm3lPFVPP1Vxb2J2szQeqG+Q75r/Rd6l32MQp+vsAi4COg QGWzi7e74HSPfKuxz5AF4ZxK9f8QY2R8/3+JZ4SkO5R8iV40UltnMZmv7CPYSkmJ4VKR6S TnEdwBbSr0Yxv+7e8CD7FtTFTzglymHTxEU4kuGQ0EIx6qzR7miDjgq5paPevaNdFYvi+t JuwN7YpBV8DhRftNISrl2148qyci9NCDzlYbitwMegSdJqoEMPhOL7zbOXjD2Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1641977903; a=rsa-sha256; cv=none; b=jzW84ByrglVQIkaIhGNZMS3CeXL6gz9wjJqvVgliZusCA06qYNs2v0f/vf+oh/NFueV040 VxTXHna94vr51wodYDxky41qiNetuYoEBR0smV+/nbF4VynfTEFgi9tH3cFMZkW5ZHotTV H6aX6SO3MnD7CFX/px5Qb4ieeUPiHkGpuLqnJSa111yi5NmsA7DUI6D0VVK9JiG1mOr6my NWCo25ZaxjbfRZ1hPmNWMe3Im4Bk289CmnkLgOdSzt3kJIRuFuAJxZ43ROGRnFeU3LXb3F qJQjyPXbqcqio/APKPP9Q7Kx/92BNwXiwjUmLNrovxT/3Kudw0HuQKu/9UajpQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by demon: URL: https://cgit.FreeBSD.org/ports/commit/?id=649fbfd15a9b2d83c64b754b1ecf4a9b5dd03f19 commit 649fbfd15a9b2d83c64b754b1ecf4a9b5dd03f19 Author: Dmitry Sivachenko AuthorDate: 2022-01-12 08:17:22 +0000 Commit: Dmitry Sivachenko CommitDate: 2022-01-12 08:58:13 +0000 net/haproxy: copy to haproxy24. --- net/Makefile | 1 + net/haproxy24/Makefile | 80 ++++++++++ net/haproxy24/distinfo | 3 + net/haproxy24/files/haproxy.in | 130 ++++++++++++++++ ...1-CLEANUP-servers-do-not-include-openssl-compat | 78 ++++++++++ ...UP-server-always-include-the-storage-for-SSL-se | 163 +++++++++++++++++++++ net/haproxy24/files/patch-src_cpuset.c | 14 ++ net/haproxy24/pkg-descr | 6 + net/haproxy24/pkg-plist | 110 ++++++++++++++ 9 files changed, 585 insertions(+) diff --git a/net/Makefile b/net/Makefile index 0de3d584d7c5..579c250ba9b4 100644 --- a/net/Makefile +++ b/net/Makefile @@ -242,6 +242,7 @@ SUBDIR += haproxy21 SUBDIR += haproxy22 SUBDIR += haproxy23 + SUBDIR += haproxy24 SUBDIR += hblock SUBDIR += hexinject SUBDIR += hlmaster diff --git a/net/haproxy24/Makefile b/net/haproxy24/Makefile new file mode 100644 index 000000000000..5126018dea37 --- /dev/null +++ b/net/haproxy24/Makefile @@ -0,0 +1,80 @@ +# Created by: Hugo Saro + +PORTNAME= haproxy +DISTVERSION= 2.4.12 +CATEGORIES= net www +PKGNAMESUFFIX= 24 +MASTER_SITES= http://www.haproxy.org/download/2.4/src/ + +MAINTAINER= demon@FreeBSD.org +COMMENT= Reliable, high performance TCP/HTTP load balancer + +LICENSE= GPLv2 LGPL21 +LICENSE_COMB= multi + +FLAVORS= default lua +FLAVOR?= ${FLAVORS:[1]} + +default_CONFLICTS_INSTALL= haproxy-lua +lua_CONFLICTS_INSTALL= haproxy +lua_PKGNAMESUFFIX= -lua + +CONFLICTS_INSTALL= haproxy-devel haproxy17 haproxy18 haproxy19 haproxy20 haproxy21 + +USES= compiler:c++11-lang cpe gmake +USE_RC_SUBR= haproxy + +ALL_TARGET= all admin/halog/halog +MAKE_ARGS= TARGET=freebsd DEFINE=-DFREEBSD_PORTS USE_GETADDRINFO=1 \ + USE_ZLIB=1 USE_CPU_AFFINITY=1 USE_ACCEPT4=1 \ + CC="${CC}" DEBUG_CFLAGS="" CPU_CFLAGS="${CFLAGS}" \ + ${MAKE_ARGS_${ARCH}} +MAKE_ARGS_i386= USE_LIBATOMIC= + +OPTIONS_DEFINE= DOCS EXAMPLES LUA OPENSSL DEVICEATLAS PROMEX +OPTIONS_RADIO= PCRE +OPTIONS_RADIO_PCRE= DPCRE SPCRE +DPCRE_DESC= Link dynamically +SPCRE_DESC= Link statically +DEVICEATLAS_DESC= DeviceAtlas Device Detection support +PROMEX_DESC= Enable Prometheus exporter +OPTIONS_DEFAULT= SPCRE OPENSSL + +DPCRE_LIB_DEPENDS= libpcre.so:devel/pcre +DPCRE_MAKE_ARGS= USE_PCRE=1 USE_PCRE_JIT=1 +SPCRE_LIB_DEPENDS= libpcre.so:devel/pcre +SPCRE_MAKE_ARGS= USE_PCRE=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1 +DEVICEATLAS_LIB_DEPENDS= libda.so:net/deviceatlas-enterprise-c +DEVICEATLAS_MAKE_ARGS= USE_DEVICEATLAS=1 DEVICEATLAS_LIB=${LOCALBASE}/lib DEVICEATLAS_INC=${LOCALBASE}/include +PROMEX_MAKE_ARGS= USE_PROMEX=1 +OPENSSL_USES= ssl +OPENSSL_MAKE_ARGS= USE_OPENSSL=1 SSL_LIB=${OPENSSLLIB} SSL_INC=${OPENSSLINC} +LUA_USES= lua:53 +LUA_MAKE_ARGS= USE_LUA=1 LUA_INC=${LUA_INCDIR} LUA_LIB=${LUA_LIBDIR} LUA_LIB_NAME=lua-${LUA_VER} + +.if ${FLAVOR:U} == lua +OPTIONS_DEFAULT+= LUA +.endif + +.include + +.if ${ARCH} == powerpc +MAKE_ARGS+= USE_LIBATOMIC= +.endif + +.include + +.if ${ARCH} == "amd64" || ${ARCH} == "i386" +MAKE_ARGS+= USE_REGPARM=1 +.endif + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/haproxy ${STAGEDIR}${PREFIX}/sbin/ + ${INSTALL_PROGRAM} ${WRKSRC}/admin/halog/halog ${STAGEDIR}${PREFIX}/sbin/ + ${INSTALL_MAN} ${WRKSRC}/doc/haproxy.1 ${STAGEDIR}${MAN1PREFIX}/man/man1 + ${MKDIR} ${STAGEDIR}${DOCSDIR} + (cd ${WRKSRC}/doc/ && ${COPYTREE_SHARE} \* ${STAGEDIR}${DOCSDIR}) + ${MKDIR} ${STAGEDIR}${EXAMPLESDIR} + (cd ${WRKSRC}/examples/ && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}) + +.include diff --git a/net/haproxy24/distinfo b/net/haproxy24/distinfo new file mode 100644 index 000000000000..29b1590a04af --- /dev/null +++ b/net/haproxy24/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1641898062 +SHA256 (haproxy-2.4.12.tar.gz) = 6984a94466739e5e8188949a3d1731634087226a12aada8bf6f81f9d316ca4f3 +SIZE (haproxy-2.4.12.tar.gz) = 3607497 diff --git a/net/haproxy24/files/haproxy.in b/net/haproxy24/files/haproxy.in new file mode 100644 index 000000000000..e9eb2147c412 --- /dev/null +++ b/net/haproxy24/files/haproxy.in @@ -0,0 +1,130 @@ +#!/bin/sh + +# PROVIDE: haproxy +# REQUIRE: DAEMON LOGIN +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable haproxy: +# +# haproxy_enable (bool): default: "NO" +# Set to "YES" to enable haproxy +# haproxy_pidfile (str): default: /var/run/haproxy.pid +# Set to the full path of the pid file +# haproxy_config (str): default: %%PREFIX%%/etc/haproxy.conf +# Set to the full path of the config file +# haproxy_flags (str): default: Autogenerated using pidfile and config options +# Set to override with your own options +# haproxy_profiles (str): default: empty +# Set to space-separated list of profiles: for each profile separate haproxy +# process will be spawned, with haproxy-${profile}.conf config file. +# You can override default pidfile and config file for each profile with +# haproxy_${profile}_config and haproxy_${profile}_pidfile. + +. /etc/rc.subr + +name="haproxy" +rcvar=haproxy_enable +command="%%PREFIX%%/sbin/haproxy" +extra_commands="reload configtest hardstop hardreload softreload" +reload_cmd="haproxy_reload" +hardreload_cmd="haproxy_reload" +hardreload_precmd="def_hardreload_option" +softreload_cmd="haproxy_reload" +softreload_precmd="def_softreload_option" +stop_cmd="haproxy_stop" +hardstop_cmd="haproxy_stop" +hardstop_precmd="def_hardstop_signal" + +: ${haproxy_enable:="NO"} +: ${haproxy_config:="%%PREFIX%%/etc/${name}.conf"} +: ${haproxy_socket:="/var/run/${name}/socket"} +pidfile=${haproxy_pidfile:-"/var/run/haproxy.pid"} + +def_hardreload_option() +{ + reload_opt="-st" +} + +def_softreload_option() +{ + reload_opt="-x ${haproxy_socket} -sf" +} + +def_hardstop_signal() +{ + sig_stop="TERM" +} + +load_rc_config $name + +is_valid_profile() { + local profile + for profile in $haproxy_profiles; do + if [ "$profile" = "$1" ]; then + return 0 + fi + done + return 1 +} + +if [ -n "$2" ]; then + profile=$2 + if ! is_valid_profile $profile; then + echo "$0: no such profile ($profile) defined in ${name}_profiles." + exit 1 + fi + eval haproxy_config="\${haproxy_${profile}_config:-%%PREFIX%%/etc/haproxy-${profile}.conf}" + eval pidfile="\${haproxy_${profile}_pidfile:-/var/run/haproxy-${profile}.pid}" +else + if [ "x${haproxy_profiles}" != "x" -a "x$1" != "x" ]; then + for profile in ${haproxy_profiles}; do + echo "===> ${name} profile: ${profile}" + %%PREFIX%%/etc/rc.d/haproxy $1 ${profile} + retcode="$?" + if [ ${retcode} -ne 0 ]; then + failed="${profile} (${retcode}) ${failed:-}" + else + success="${profile} ${success:-}" + fi + done + exit 0 + fi +fi + +: ${haproxy_flags:="-q -f ${haproxy_config} -p ${pidfile}"} +configtest_cmd="$command -c -f $haproxy_config" +start_precmd="$command -q -c -f $haproxy_config" +required_files=$haproxy_config +sig_stop=SIGUSR1 +reload_opt="-sf" + +haproxy_reload() +{ + ${command} -q -c -f ${haproxy_config} + if [ $? -ne 0 ]; then + err 1 "Error found in ${haproxy_config} - not reloading current process!" + fi + rc_pid=$(check_pidfile ${pidfile} ${command}) + if [ $rc_pid ]; then + ${command} ${haproxy_flags} $reload_opt $(cat ${pidfile}) + else + _run_rc_notrunning + return 1 + fi +} + +haproxy_stop() +{ + rc_pid=$(check_pidfile ${pidfile} ${command}) + if [ $rc_pid ]; then + rc_pid=$(cat ${pidfile}) + kill -$sig_stop $rc_pid + wait_for_pids $rc_pid + else + _run_rc_notrunning + return 1 + fi +} + +run_rc_command "$1" diff --git a/net/haproxy24/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat b/net/haproxy24/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat new file mode 100644 index 000000000000..e6f0291f8c89 --- /dev/null +++ b/net/haproxy24/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat @@ -0,0 +1,78 @@ +From ce5ca630697a069ffbd81169663e5dbeb554179a Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Wed, 6 Oct 2021 11:23:32 +0200 +Subject: CLEANUP: servers: do not include openssl-compat + +This is exactly the same as for listeners, servers only include +openssl-compat to provide the SSL_CTX type to use as two pointers to +contexts, and to detect if NPN, ALPN, and cipher suites are supported, +and save up to 5 pointers in the ssl_ctx struct if not supported. This +is pointless, as these ones have all been supported for about a decade, +and including this file comes with a long dependency chain that impacts +lots of other files. The ctx was made a void*. + +Now the build time was significantly reduced, from 9.2 to 8.1 seconds, +thanks to opensslconf.h being included "only" 456 times instead of 2424 +previously! + +The total number of lines of code compiled was reduced by 15%. + +(cherry picked from commit 340ef2502eae2a37781e460d3590982c0e437fbd) +[wt: this is backported to get rid of the painful #ifdef around SSL + fields that regularly break backports] +Signed-off-by: Willy Tarreau +--- + include/haproxy/server-t.h | 10 +--------- + 1 file changed, 1 insertion(+), 9 deletions(-) + +diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h +index 429195388..32b649bf3 100644 +--- include/haproxy/server-t.h ++++ include/haproxy/server-t.h +@@ -35,9 +35,7 @@ + #include + #include + #include +-#include + #include +-#include + #include + #include + #include +@@ -341,7 +339,7 @@ struct server { + #ifdef USE_OPENSSL + char *sni_expr; /* Temporary variable to store a sample expression for SNI */ + struct { +- SSL_CTX *ctx; ++ void *ctx; + struct { + unsigned char *ptr; + int size; +@@ -353,9 +351,7 @@ struct server { + __decl_thread(HA_RWLOCK_T lock); /* lock the cache and SSL_CTX during commit operations */ + + char *ciphers; /* cipher suite to use if non-null */ +-#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES + char *ciphersuites; /* TLS 1.3 cipher suite to use if non-null */ +-#endif + int options; /* ssl options */ + int verify; /* verify method (set of SSL_VERIFY_* flags) */ + struct tls_version_filter methods; /* ssl methods */ +@@ -363,14 +359,10 @@ struct server { + char *ca_file; /* CAfile to use on verify */ + char *crl_file; /* CRLfile to use on verify */ + struct sample_expr *sni; /* sample expression for SNI */ +-#ifdef OPENSSL_NPN_NEGOTIATED + char *npn_str; /* NPN protocol string */ + int npn_len; /* NPN protocol string length */ +-#endif +-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation + char *alpn_str; /* ALPN protocol string */ + int alpn_len; /* ALPN protocol string length */ +-#endif + } ssl_ctx; + #ifdef USE_QUIC + struct quic_transport_params quic_params; /* QUIC transport parameters */ +-- +2.28.0 + diff --git a/net/haproxy24/files/patch-0002-CLEANUP-server-always-include-the-storage-for-SSL-se b/net/haproxy24/files/patch-0002-CLEANUP-server-always-include-the-storage-for-SSL-se new file mode 100644 index 000000000000..8e5064790cba --- /dev/null +++ b/net/haproxy24/files/patch-0002-CLEANUP-server-always-include-the-storage-for-SSL-se @@ -0,0 +1,163 @@ +From 6d395b766fd816cf2e7feea3286a689e635e35f9 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Wed, 6 Oct 2021 14:48:37 +0200 +Subject: CLEANUP: server: always include the storage for SSL settings + +The SSL stuff in struct server takes less than 3% of it and requires +lots of annoying ifdefs in the code just to take care of the cases +where the field is absent. Let's get rid of this and stop including +openssl-compat from server.c to detect NPN and ALPN capabilities. + +This reduces the total LoC by another 0.4%. + +(cherry picked from commit 80527bcb9d51d8506c8e7ef95de9c30d30722719) +Signed-off-by: Christopher Faulet +(cherry picked from commit 5279e61cee28b7012619906048edd2c8a9c89059) +[wt: backported again to fix backport issues around SSL fields. It + previously broke due to the absence of 'CLEANUP: servers: do not + include openssl-compat' that was backported now] +Signed-off-by: Willy Tarreau +--- + include/haproxy/server-t.h | 2 -- + src/server.c | 21 +++------------------ + 2 files changed, 3 insertions(+), 20 deletions(-) + +diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h +index 32b649bf3..90485f0c4 100644 +--- include/haproxy/server-t.h ++++ include/haproxy/server-t.h +@@ -336,7 +336,6 @@ struct server { + unsigned int init_addr_methods; /* initial address setting, 3-bit per method, ends at 0, enough to store 10 entries */ + enum srv_log_proto log_proto; /* used proto to emit messages on server lines from ring section */ + +-#ifdef USE_OPENSSL + char *sni_expr; /* Temporary variable to store a sample expression for SNI */ + struct { + void *ctx; +@@ -367,7 +366,6 @@ struct server { + #ifdef USE_QUIC + struct quic_transport_params quic_params; /* QUIC transport parameters */ + struct eb_root cids; /* QUIC connections IDs. */ +-#endif + #endif + struct resolv_srvrq *srvrq; /* Pointer representing the DNS SRV requeest, if any */ + struct list srv_rec_item; /* to attach server to a srv record item */ +diff --git a/src/server.c b/src/server.c +index 54637dc9c..ea3271957 100644 +--- src/server.c ++++ src/server.c +@@ -1943,7 +1943,6 @@ const char *server_parse_maxconn_change_request(struct server *sv, + return NULL; + } + +-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME + static struct sample_expr *srv_sni_sample_parse_expr(struct server *srv, struct proxy *px, + const char *file, int linenum, char **err) + { +@@ -1983,7 +1982,6 @@ static int server_parse_sni_expr(struct server *newsrv, struct proxy *px, char * + + return 0; + } +-#endif + + static void display_parser_err(const char *file, int linenum, char **args, int cur_arg, int err_code, char **err) + { +@@ -2080,14 +2078,11 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src) + if (src->ssl_ctx.methods.max) + srv->ssl_ctx.methods.max = src->ssl_ctx.methods.max; + +-#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES + if (src->ssl_ctx.ciphersuites != NULL) + srv->ssl_ctx.ciphersuites = strdup(src->ssl_ctx.ciphersuites); +-#endif + if (src->sni_expr != NULL) + srv->sni_expr = strdup(src->sni_expr); + +-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation + if (src->ssl_ctx.alpn_str) { + srv->ssl_ctx.alpn_str = malloc(src->ssl_ctx.alpn_len); + if (srv->ssl_ctx.alpn_str) { +@@ -2096,8 +2091,7 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src) + srv->ssl_ctx.alpn_len = src->ssl_ctx.alpn_len; + } + } +-#endif +-#ifdef OPENSSL_NPN_NEGOTIATED ++ + if (src->ssl_ctx.npn_str) { + srv->ssl_ctx.npn_str = malloc(src->ssl_ctx.npn_len); + if (srv->ssl_ctx.npn_str) { +@@ -2106,7 +2100,6 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src) + srv->ssl_ctx.npn_len = src->ssl_ctx.npn_len; + } + } +-#endif + } + #endif + +@@ -2463,13 +2456,13 @@ static int _srv_parse_tmpl_init(struct server *srv, struct proxy *px) + + srv_settings_cpy(newsrv, srv, 1); + srv_prepare_for_resolution(newsrv, srv->hostname); +-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME ++ + if (newsrv->sni_expr) { + newsrv->ssl_ctx.sni = srv_sni_sample_parse_expr(newsrv, px, NULL, 0, NULL); + if (!newsrv->ssl_ctx.sni) + goto err; + } +-#endif ++ + /* append to list of servers available to receive an hostname */ + if (newsrv->srvrq) + LIST_APPEND(&newsrv->srvrq->attached_servers, &newsrv->srv_rec_item); +@@ -2488,9 +2481,7 @@ static int _srv_parse_tmpl_init(struct server *srv, struct proxy *px) + err: + _srv_parse_set_id_from_prefix(srv, srv->tmpl_info.prefix, srv->tmpl_info.nb_low); + if (newsrv) { +-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME + release_sample_expr(newsrv->ssl_ctx.sni); +-#endif + free_check(&newsrv->agent); + free_check(&newsrv->check); + LIST_DELETE(&newsrv->global_list); +@@ -2748,7 +2739,6 @@ static int _srv_parse_kw(struct server *srv, char **args, int *cur_arg, + return err_code; + } + +-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME + /* This function is first intended to be used through parse_server to + * initialize a new server on startup. + */ +@@ -2767,7 +2757,6 @@ static int _srv_parse_sni_expr_init(char **args, int cur_arg, + + return ret; + } +-#endif + + /* Server initializations finalization. + * Initialize health check, agent check and SNI expression if enabled. +@@ -2780,9 +2769,7 @@ static int _srv_parse_finalize(char **args, int cur_arg, + struct server *srv, struct proxy *px, + int parse_flags, char **errmsg) + { +-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME + int ret; +-#endif + + if (srv->do_check && srv->trackit) { + memprintf(errmsg, "unable to enable checks and tracking at the same time!"); +@@ -2795,10 +2782,8 @@ static int _srv_parse_finalize(char **args, int cur_arg, + return ERR_ALERT | ERR_FATAL; + } + +-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME + if ((ret = _srv_parse_sni_expr_init(args, cur_arg, srv, px, errmsg)) != 0) + return ret; +-#endif + + /* A dynamic server is disabled on startup. It must not be counted as + * an active backend entry. +-- +2.28.0 + diff --git a/net/haproxy24/files/patch-src_cpuset.c b/net/haproxy24/files/patch-src_cpuset.c new file mode 100644 index 000000000000..42f04b37e6f6 --- /dev/null +++ b/net/haproxy24/files/patch-src_cpuset.c @@ -0,0 +1,14 @@ +--- src/cpuset.c.orig 2021-12-23 16:47:51 UTC ++++ src/cpuset.c +@@ -53,7 +53,11 @@ void ha_cpuset_and(struct hap_cpuset *dst, const struc + CPU_AND(&dst->cpuset, &dst->cpuset, &src->cpuset); + + #elif defined(CPUSET_USE_FREEBSD_CPUSET) ++#if defined(CPU_ALLOC) ++ CPU_AND(&dst->cpuset, &dst->cpuset, &src->cpuset); ++#else + CPU_AND(&dst->cpuset, &src->cpuset); ++#endif + + #elif defined(CPUSET_USE_ULONG) + dst->cpuset &= src->cpuset; diff --git a/net/haproxy24/pkg-descr b/net/haproxy24/pkg-descr new file mode 100644 index 000000000000..678317bd6baf --- /dev/null +++ b/net/haproxy24/pkg-descr @@ -0,0 +1,6 @@ +HAProxy is a free, very fast and reliable solution offering high +availability, load balancing, and proxying for TCP and HTTP-based +applications. It is particularly suited for web sites crawling under +very high loads while needing persistence or Layer7 processing. + +WWW: http://www.haproxy.org diff --git a/net/haproxy24/pkg-plist b/net/haproxy24/pkg-plist new file mode 100644 index 000000000000..0d2754938a4b --- /dev/null +++ b/net/haproxy24/pkg-plist @@ -0,0 +1,110 @@ +man/man1/haproxy.1.gz +sbin/halog +sbin/haproxy +%%PORTDOCS%%%%DOCSDIR%%/51Degrees-device-detection.txt +%%PORTDOCS%%%%DOCSDIR%%/DeviceAtlas-device-detection.txt +%%PORTDOCS%%%%DOCSDIR%%/SOCKS4.protocol.txt +%%PORTDOCS%%%%DOCSDIR%%/SPOE.txt +%%PORTDOCS%%%%DOCSDIR%%/WURFL-device-detection.txt +%%PORTDOCS%%%%DOCSDIR%%/acl.fig +%%PORTDOCS%%%%DOCSDIR%%/architecture.txt +%%PORTDOCS%%%%DOCSDIR%%/close-options.txt +%%PORTDOCS%%%%DOCSDIR%%/coding-style.txt +%%PORTDOCS%%%%DOCSDIR%%/configuration.txt +%%PORTDOCS%%%%DOCSDIR%%/cookie-options.txt +%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/backends-v0.txt +%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/backends.txt +%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/be-fe-changes.txt +%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/binding-possibilities.txt +%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/config-language.txt +%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/connection-reuse.txt +%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/connection-sharing.txt +%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/dynamic-buffers.txt +%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/entities-v2.txt +%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/how-it-works.txt +%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/http2.txt +%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/http_load_time.url +%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/rate-shaping.txt +%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/sess_par_sec.txt +%%PORTDOCS%%%%DOCSDIR%%/gpl.txt +%%PORTDOCS%%%%DOCSDIR%%/haproxy.1 +%%PORTDOCS%%%%DOCSDIR%%/internals/acl.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/body-parsing.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/buffer-api.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/connect-status.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/connection-header.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/connection-scale.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/entities-v2.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/entities.fig +%%PORTDOCS%%%%DOCSDIR%%/internals/entities.pdf +%%PORTDOCS%%%%DOCSDIR%%/internals/entities.svg +%%PORTDOCS%%%%DOCSDIR%%/internals/entities.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/fd-migration.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/filters.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/hashing.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/header-parser-speed.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/header-tree.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/http-cookies.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/http-docs.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/http-parsing.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/htx-api.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/initcalls.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/list.fig +%%PORTDOCS%%%%DOCSDIR%%/internals/list.png +%%PORTDOCS%%%%DOCSDIR%%/internals/listener-states.fig +%%PORTDOCS%%%%DOCSDIR%%/internals/listener-states.png +%%PORTDOCS%%%%DOCSDIR%%/internals/lua_socket.fig +%%PORTDOCS%%%%DOCSDIR%%/internals/lua_socket.pdf +%%PORTDOCS%%%%DOCSDIR%%/internals/muxes.fig +%%PORTDOCS%%%%DOCSDIR%%/internals/muxes.pdf +%%PORTDOCS%%%%DOCSDIR%%/internals/muxes.png +%%PORTDOCS%%%%DOCSDIR%%/internals/muxes.svg +%%PORTDOCS%%%%DOCSDIR%%/internals/naming.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/notes-layers.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/pattern.dia +%%PORTDOCS%%%%DOCSDIR%%/internals/pattern.pdf +%%PORTDOCS%%%%DOCSDIR%%/internals/polling-states.fig +%%PORTDOCS%%%%DOCSDIR%%/internals/repartition-be-fe-fi.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/sequence.fig +%%PORTDOCS%%%%DOCSDIR%%/internals/sched.fig +%%PORTDOCS%%%%DOCSDIR%%/internals/sched.pdf +%%PORTDOCS%%%%DOCSDIR%%/internals/sched.png +%%PORTDOCS%%%%DOCSDIR%%/internals/sched.svg +%%PORTDOCS%%%%DOCSDIR%%/internals/ssl_cert.dia +%%PORTDOCS%%%%DOCSDIR%%/internals/stats-v2.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/stream-sock-states.fig +%%PORTDOCS%%%%DOCSDIR%%/intro.txt +%%PORTDOCS%%%%DOCSDIR%%/lgpl.txt +%%PORTDOCS%%%%DOCSDIR%%/linux-syn-cookies.txt +%%PORTDOCS%%%%DOCSDIR%%/lua-api/Makefile +%%PORTDOCS%%%%DOCSDIR%%/lua-api/_static/channel.fig +%%PORTDOCS%%%%DOCSDIR%%/lua-api/_static/channel.png +%%PORTDOCS%%%%DOCSDIR%%/lua-api/conf.py +%%PORTDOCS%%%%DOCSDIR%%/lua-api/index.rst +%%PORTDOCS%%%%DOCSDIR%%/lua.txt +%%PORTDOCS%%%%DOCSDIR%%/management.txt +%%PORTDOCS%%%%DOCSDIR%%/netscaler-client-ip-insertion-protocol.txt +%%PORTDOCS%%%%DOCSDIR%%/network-namespaces.txt +%%PORTDOCS%%%%DOCSDIR%%/peers.txt +%%PORTDOCS%%%%DOCSDIR%%/peers-v2.0.txt +%%PORTDOCS%%%%DOCSDIR%%/proxy-protocol.txt +%%PORTDOCS%%%%DOCSDIR%%/queuing.fig +%%PORTDOCS%%%%DOCSDIR%%/regression-testing.txt +%%PORTDOCS%%%%DOCSDIR%%/seamless_reload.txt +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/acl-content-sw.cfg +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/basic-config-edge.cfg +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/content-sw-sample.cfg +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/errorfiles/400.http +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/errorfiles/403.http +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/errorfiles/408.http +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/errorfiles/500.http +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/errorfiles/502.http +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/errorfiles/503.http +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/errorfiles/504.http +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/errorfiles/README +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/haproxy.init +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/option-http_proxy.cfg +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/quick-test.cfg +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/socks4.cfg +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/transparent_proxy.cfg +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/wurfl-example.cfg