1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
|
/*
* include/haproxy/defaults.h
* Miscellaneous default values.
*
* Copyright (C) 2000-2020 Willy Tarreau - w@1wt.eu
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation, version 2.1
* exclusively.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef _HAPROXY_DEFAULTS_H
#define _HAPROXY_DEFAULTS_H
/* MAX_THREADS defines the highest limit for the global nbthread value. It
* defaults to the number of bits in a long integer when threads are enabled
* but may be lowered to save resources on embedded systems.
*/
#ifndef USE_THREAD
/* threads disabled, 1 thread max, 1 group max (note: group ids start at 1) */
#define MAX_THREADS 1
#define MAX_TGROUPS 1
#define MAX_THREADS_PER_GROUP 1
#else
/* theoretical limit is 64, though we'd rather not push it too far for now
* as some structures might be enlarged to be indexed per group. Let's start
* with 16 groups max, allowing to experiment with dual-socket machines
* suffering from up to 8 loosely coupled L3 caches. It's a good start and
* doesn't engage us too far.
*/
#ifndef MAX_TGROUPS
#define MAX_TGROUPS 16
#endif
#define MAX_THREADS_PER_GROUP __WORDSIZE
/* threads enabled, max_threads defaults to long bits for 1 tgroup or 4 times
* long bits if more tgroups are enabled.
*/
#ifndef MAX_THREADS
#define MAX_THREADS ((((MAX_TGROUPS) > 1) ? 4 : 1) * (MAX_THREADS_PER_GROUP))
#endif
#endif // USE_THREAD
/*
* BUFSIZE defines the size of a read and write buffer. It is the maximum
* amount of bytes which can be stored by the proxy for each stream. However,
* when reading HTTP headers, the proxy needs some spare space to add or rewrite
* headers if needed. The size of this spare is defined with MAXREWRITE. So it
* is not possible to process headers longer than BUFSIZE-MAXREWRITE bytes. By
* default, BUFSIZE=16384 bytes and MAXREWRITE=min(1024,BUFSIZE/2), so the
* maximum length of headers accepted is 15360 bytes.
*/
#ifndef BUFSIZE
#define BUFSIZE 16384
#endif
/* certain buffers may only be allocated for responses in order to avoid
* deadlocks caused by request queuing. 2 buffers is the absolute minimum
* acceptable to ensure that a request gaining access to a server can get
* a response buffer even if it doesn't completely flush the request buffer.
* The worst case is an applet making use of a request buffer that cannot
* completely be sent while the server starts to respond, and all unreserved
* buffers are allocated by request buffers from pending connections in the
* queue waiting for this one to flush. Both buffers reserved buffers may
* thus be used at the same time.
*/
#ifndef RESERVED_BUFS
#define RESERVED_BUFS 2
#endif
// reserved buffer space for header rewriting
#ifndef MAXREWRITE
#define MAXREWRITE 1024
#endif
#ifndef REQURI_LEN
#define REQURI_LEN 1024
#endif
#ifndef CAPTURE_LEN
#define CAPTURE_LEN 64
#endif
#ifndef MAX_SYSLOG_LEN
#define MAX_SYSLOG_LEN 1024
#endif
/* 64kB to archive startup-logs seems way more than enough
* /!\ Careful when changing this size, it is used in a shm when exec() from
* mworker to wait mode.
*/
#ifndef STARTUP_LOG_SIZE
#define STARTUP_LOG_SIZE 65536
#endif
// maximum line size when parsing config
#ifndef LINESIZE
#define LINESIZE 2048
#endif
// max # args on a configuration line
#define MAX_LINE_ARGS 64
// maximum line size when parsing crt-bind-list config
#define CRT_LINESIZE 65536
// max # args on crt-bind-list configuration line
#define MAX_CRT_ARGS 2048
// max # args on a command issued on the CLI ("stats socket")
// This should cover at least 5 + twice the # of data_types
#define MAX_CLI_ARGS 64
// max recursion levels in config condition evaluations
// (note that binary operators add one recursion level, and
// that parenthesis may add two).
#define MAX_CFG_RECURSION 1024
// max # of matches per regexp
#define MAX_MATCH 10
// max # of headers in one HTTP request or response
// By default, about 100 headers (+1 for the first line)
#ifndef MAX_HTTP_HDR
#define MAX_HTTP_HDR 101
#endif
// max # of headers in history when looking for header #-X
#ifndef MAX_HDR_HISTORY
#define MAX_HDR_HISTORY 10
#endif
// max length of a TRACE_PRINTF() output buffer (one less char for the message)
#ifndef TRACE_MAX_MSG
#define TRACE_MAX_MSG 1024
#endif
// max # of stick counters per session (at least 3 for sc0..sc2)
#ifndef MAX_SESS_STKCTR
#define MAX_SESS_STKCTR 3
#endif
// max # of extra stick-table data types that can be registered at runtime
#ifndef STKTABLE_EXTRA_DATA_TYPES
#define STKTABLE_EXTRA_DATA_TYPES 0
#endif
// max # of stick-table filter entries that can be used during dump
#ifndef STKTABLE_FILTER_LEN
#define STKTABLE_FILTER_LEN 4
#endif
// max # of loops we can perform around a read() which succeeds.
// It's very frequent that the system returns a few TCP segments at a time.
#ifndef MAX_READ_POLL_LOOPS
#define MAX_READ_POLL_LOOPS 4
#endif
// minimum number of bytes read at once above which we don't try to read
// more, in order not to risk facing an EAGAIN. Most often, if we read
// at least 10 kB, we can consider that the system has tried to read a
// full buffer and got multiple segments (>1 MSS for jumbo frames, >7 MSS
// for normal frames) did not bother truncating the last segment.
#ifndef MIN_RECV_AT_ONCE_ENOUGH
#define MIN_RECV_AT_ONCE_ENOUGH (7*1448)
#endif
// The minimum number of bytes to be forwarded that is worth trying to splice.
// Below 4kB, it's not worth allocating pipes nor pretending to zero-copy.
#ifndef MIN_SPLICE_FORWARD
#define MIN_SPLICE_FORWARD 4096
#endif
// the max number of events returned in one call to poll/epoll. Too small a
// value will cause lots of calls, and too high a value may cause high latency.
#ifndef MAX_POLL_EVENTS
#define MAX_POLL_EVENTS 200
#endif
/* eternity when exprimed in timeval */
#ifndef TV_ETERNITY
#define TV_ETERNITY (~0UL)
#endif
/* eternity when exprimed in ms */
#ifndef TV_ETERNITY_MS
#define TV_ETERNITY_MS (-1)
#endif
/* delay between boot and first time wrap, in seconds */
#ifndef BOOT_TIME_WRAP_SEC
#define BOOT_TIME_WRAP_SEC 20
#endif
/* we want to be able to detect time jumps. Fix the maximum wait time to a low
* value so that we know the time has changed if we wait longer.
*/
#ifndef MAX_DELAY_MS
#define MAX_DELAY_MS 60000
#endif
// The maximum number of connections accepted at once by a thread for a single
// listener. It used to default to 64 divided by the number of processes but
// the tasklet-based model is much more scalable and benefits from smaller
// values. Experimentation has shown that 4 gives the highest accept rate for
// all thread values, and that 3 and 5 come very close, as shown below (HTTP/1
// connections forwarded per second at multi-accept 4 and 64):
//
// ac\thr| 1 2 4 8 16
// ------+------------------------------
// 4| 80k 106k 168k 270k 336k
// 64| 63k 89k 145k 230k 274k
//
#ifndef MAX_ACCEPT
#define MAX_ACCEPT 4
#endif
// The base max number of tasks to run at once to be used when not set by
// tune.runqueue-depth. It will automatically be divided by the square root
// of the number of threads for better fairness. As such, 64 threads will
// use 35 and a single thread will use 280.
#ifndef RUNQUEUE_DEPTH
#define RUNQUEUE_DEPTH 280
#endif
// cookie delimiter in "prefix" mode. This character is inserted between the
// persistence cookie and the original value. The '~' is allowed by RFC6265,
// and should not be too common in server names.
#ifndef COOKIE_DELIM
#define COOKIE_DELIM '~'
#endif
// this delimiter is used between a server's name and a last visit date in
// cookies exchanged with the client.
#ifndef COOKIE_DELIM_DATE
#define COOKIE_DELIM_DATE '|'
#endif
// Max number of acl() sample fetch recursive evaluations, to avoid deep tree
// loops.
#ifndef ACL_MAX_RECURSE
#define ACL_MAX_RECURSE 1000
#endif
#define CONN_RETRIES 3
#define CHK_CONNTIME 2000
#define DEF_CHKINTR 2000
#define DEF_MAILALERTTIME 10000
#define DEF_FALLTIME 3
#define DEF_RISETIME 2
#define DEF_AGENT_FALLTIME 1
#define DEF_AGENT_RISETIME 1
#define DEF_CHECK_PATH ""
#define DEF_HANA_ONERR HANA_ONERR_FAILCHK
#define DEF_HANA_ERRLIMIT 10
// X-Forwarded-For header default
#define DEF_XFORWARDFOR_HDR "X-Forwarded-For"
// X-Original-To header default
#define DEF_XORIGINALTO_HDR "X-Original-To"
/* Max number of events that may be processed at once by
* an event_hdl API consumer to prevent thread contention.
*/
#ifndef EVENT_HDL_MAX_AT_ONCE
#define EVENT_HDL_MAX_AT_ONCE 100
#endif
/* Default connections limit.
*
* A system limit can be enforced at build time in order to avoid using haproxy
* beyond reasonable system limits. For this, just define SYSTEM_MAXCONN to the
* absolute limit accepted by the system. If the configuration specifies a
* higher value, it will be capped to SYSTEM_MAXCONN and a warning will be
* emitted. The only way to override this limit will be to set it via the
* command-line '-n' argument. If SYSTEM_MAXCONN is not set, a minimum value
* of 100 will be used for DEFAULT_MAXCONN which almost guarantees that a
* process will correctly start in any situation.
*/
#ifdef SYSTEM_MAXCONN
#undef DEFAULT_MAXCONN
#define DEFAULT_MAXCONN SYSTEM_MAXCONN
#elif !defined(DEFAULT_MAXCONN)
#define DEFAULT_MAXCONN 100
#endif
/* Define a maxconn which will be used in the master process once it re-exec to
* the MODE_MWORKER_WAIT and won't change when SYSTEM_MAXCONN is set.
*
* 100 must be enough for the master since it only does communication between
* the master and the workers, and the master CLI.
*/
#ifndef MASTER_MAXCONN
#define MASTER_MAXCONN 100
#endif
/* Minimum check interval for spread health checks. Servers with intervals
* greater than or equal to this value will have their checks spread apart
* and will be considered when searching the minimal interval.
* Others will be ignored for the minimal interval and will have their checks
* scheduled on a different basis.
*/
#ifndef SRV_CHK_INTER_THRES
#define SRV_CHK_INTER_THRES 1000
#endif
/* Specifies the string used to report the version and release date on the
* statistics page. May be defined to the empty string ("") to permanently
* disable the feature.
*/
#ifndef STATS_VERSION_STRING
#define STATS_VERSION_STRING " version " HAPROXY_VERSION ", released " HAPROXY_DATE
#endif
/* This is the default statistics URI */
#ifdef CONFIG_STATS_DEFAULT_URI
#define STATS_DEFAULT_URI CONFIG_STATS_DEFAULT_URI
#else
#define STATS_DEFAULT_URI "/haproxy?stats"
#endif
/* This is the default statistics realm */
#ifdef CONFIG_STATS_DEFAULT_REALM
#define STATS_DEFAULT_REALM CONFIG_STATS_DEFAULT_REALM
#else
#define STATS_DEFAULT_REALM "HAProxy Statistics"
#endif
/* Maximum signal queue size, and also number of different signals we can
* handle.
*/
#ifndef MAX_SIGNAL
#define MAX_SIGNAL 256
#endif
/* Maximum host name length */
#ifndef MAX_HOSTNAME_LEN
#ifdef MAXHOSTNAMELEN
#define MAX_HOSTNAME_LEN MAXHOSTNAMELEN
#else
#define MAX_HOSTNAME_LEN 64
#endif // MAXHOSTNAMELEN
#endif // MAX_HOSTNAME_LEN
/* Maximum health check description length */
#ifndef HCHK_DESC_LEN
#define HCHK_DESC_LEN 128
#endif
/* ciphers used as defaults on connect */
#ifndef CONNECT_DEFAULT_CIPHERS
#define CONNECT_DEFAULT_CIPHERS NULL
#endif
/* ciphers used as defaults on TLS 1.3 connect */
#ifndef CONNECT_DEFAULT_CIPHERSUITES
#define CONNECT_DEFAULT_CIPHERSUITES NULL
#endif
/* ciphers used as defaults on listeners */
#ifndef LISTEN_DEFAULT_CIPHERS
#define LISTEN_DEFAULT_CIPHERS NULL
#endif
/* cipher suites used as defaults on TLS 1.3 listeners */
#ifndef LISTEN_DEFAULT_CIPHERSUITES
#define LISTEN_DEFAULT_CIPHERSUITES NULL
#endif
/* named curve used as defaults for ECDHE ciphers */
#ifndef ECDHE_DEFAULT_CURVE
#define ECDHE_DEFAULT_CURVE "prime256v1"
#endif
/* ssl cache size */
#ifndef SSLCACHESIZE
#define SSLCACHESIZE 20000
#endif
/* ssl max dh param size */
#ifndef SSL_DEFAULT_DH_PARAM
#define SSL_DEFAULT_DH_PARAM 0
#endif
/* max memory cost per SSL session */
#ifndef SSL_SESSION_MAX_COST
#define SSL_SESSION_MAX_COST (16*1024) // measured
#endif
/* max memory cost per SSL handshake (on top of session) */
#ifndef SSL_HANDSHAKE_MAX_COST
#define SSL_HANDSHAKE_MAX_COST (76*1024) // measured
#endif
#ifndef DEFAULT_SSL_CTX_CACHE
#define DEFAULT_SSL_CTX_CACHE 1000
#endif
/* approximate stream size (for maxconn estimate) */
#ifndef STREAM_MAX_COST
#define STREAM_MAX_COST (sizeof(struct stream) + \
2 * sizeof(struct channel) + \
2 * sizeof(struct connection) + \
global.tune.requri_len + \
2 * global.tune.cookie_len)
#endif
/* available memory estimate : count about 3% of overhead in various structures */
#ifndef MEM_USABLE_RATIO
#define MEM_USABLE_RATIO 0.97
#endif
/* if not 0, maximum allocatable memory per process in MB */
#ifndef HAPROXY_MEMMAX
#define HAPROXY_MEMMAX 0
#endif
/* For USE_ZLIB, DEFAULT_MAXZLIBMEM may be set to a hard-coded value that will
* preset a maxzlibmem value. Just leave it to zero for other configurations.
* Note that it's expressed in megabytes.
*/
#if !defined(DEFAULT_MAXZLIBMEM) || !defined(USE_ZLIB)
#undef DEFAULT_MAXZLIBMEM
#define DEFAULT_MAXZLIBMEM 0
#endif
/* On modern architectures with many threads, a fast memory allocator, and
* local pools, the global pools with their single list can be way slower than
* the standard allocator which already has its own per-thread arenas. In this
* case we disable global pools. The global pools may still be enforced
* using CONFIG_HAP_GLOBAL_POOLS though.
*/
#if defined(USE_THREAD) && defined(HA_HAVE_FAST_MALLOC) && !defined(CONFIG_HAP_GLOBAL_POOLS)
#define CONFIG_HAP_NO_GLOBAL_POOLS
#endif
/* default per-thread pool cache size when enabled */
#ifndef CONFIG_HAP_POOL_CACHE_SIZE
#define CONFIG_HAP_POOL_CACHE_SIZE 524288
#endif
#ifndef CONFIG_HAP_POOL_CLUSTER_SIZE
#define CONFIG_HAP_POOL_CLUSTER_SIZE 8
#endif
/* number of bits to encode the per-pool buckets for large setups */
#ifndef CONFIG_HAP_POOL_BUCKETS_BITS
# if defined(USE_THREAD) && MAX_THREADS >= 512
# define CONFIG_HAP_POOL_BUCKETS_BITS 6
# elif defined(USE_THREAD) && MAX_THREADS >= 128
# define CONFIG_HAP_POOL_BUCKETS_BITS 5
# elif defined(USE_THREAD) && MAX_THREADS >= 16
# define CONFIG_HAP_POOL_BUCKETS_BITS 4
# elif defined(USE_THREAD)
# define CONFIG_HAP_POOL_BUCKETS_BITS 3
# else
# define CONFIG_HAP_POOL_BUCKETS_BITS 0
# endif
#endif
#define CONFIG_HAP_POOL_BUCKETS (1UL << (CONFIG_HAP_POOL_BUCKETS_BITS))
/* Number of samples used to compute the times reported in stats. A power of
* two is highly recommended, and this value multiplied by the largest response
* time must not overflow and unsigned int. See freq_ctr.h for more information.
* We consider that values are accurate to 95% with two batches of samples below,
* so in order to advertise accurate times across 1k samples, we effectively
* measure over 512.
*/
#ifndef TIME_STATS_SAMPLES
#define TIME_STATS_SAMPLES 512
#endif
/* max ocsp cert id asn1 encoded length */
#ifndef OCSP_MAX_CERTID_ASN1_LENGTH
#define OCSP_MAX_CERTID_ASN1_LENGTH 128
#endif
#ifndef OCSP_MAX_RESPONSE_TIME_SKEW
#define OCSP_MAX_RESPONSE_TIME_SKEW 300
#endif
/* Number of TLS tickets to check, used for rotation */
#ifndef TLS_TICKETS_NO
#define TLS_TICKETS_NO 3
#endif
/* pattern lookup default cache size, in number of entries :
* 10k entries at 10k req/s mean 1% risk of a collision after 60 years, that's
* already much less than the memory's reliability in most machines and more
* durable than most admin's life expectancy. A collision will result in a
* valid result to be returned for a different entry from the same list.
*/
#ifndef DEFAULT_PAT_LRU_SIZE
#define DEFAULT_PAT_LRU_SIZE 10000
#endif
/* maximum number of pollers that may be registered */
#ifndef MAX_POLLERS
#define MAX_POLLERS 10
#endif
/* system sysfs directory */
#define NUMA_DETECT_SYSTEM_SYSFS_PATH "/sys/devices/system"
/* Number of cache trees */
#ifndef CACHE_TREE_NUM
# if defined(USE_THREAD)
# define CACHE_TREE_NUM 8
# else
# define CACHE_TREE_NUM 1
# endif
#endif
#endif /* _HAPROXY_DEFAULTS_H */
|
