git: 649fbfd15a9b - main - net/haproxy: copy to haproxy24.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 12 Jan 2022 08:58:22 UTC
The branch main has been updated by demon:
URL: https://cgit.FreeBSD.org/ports/commit/?id=649fbfd15a9b2d83c64b754b1ecf4a9b5dd03f19
commit 649fbfd15a9b2d83c64b754b1ecf4a9b5dd03f19
Author: Dmitry Sivachenko <demon@FreeBSD.org>
AuthorDate: 2022-01-12 08:17:22 +0000
Commit: Dmitry Sivachenko <demon@FreeBSD.org>
CommitDate: 2022-01-12 08:58:13 +0000
net/haproxy: copy to haproxy24.
---
net/Makefile | 1 +
net/haproxy24/Makefile | 80 ++++++++++
net/haproxy24/distinfo | 3 +
net/haproxy24/files/haproxy.in | 130 ++++++++++++++++
...1-CLEANUP-servers-do-not-include-openssl-compat | 78 ++++++++++
...UP-server-always-include-the-storage-for-SSL-se | 163 +++++++++++++++++++++
net/haproxy24/files/patch-src_cpuset.c | 14 ++
net/haproxy24/pkg-descr | 6 +
net/haproxy24/pkg-plist | 110 ++++++++++++++
9 files changed, 585 insertions(+)
diff --git a/net/Makefile b/net/Makefile
index 0de3d584d7c5..579c250ba9b4 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -242,6 +242,7 @@
SUBDIR += haproxy21
SUBDIR += haproxy22
SUBDIR += haproxy23
+ SUBDIR += haproxy24
SUBDIR += hblock
SUBDIR += hexinject
SUBDIR += hlmaster
diff --git a/net/haproxy24/Makefile b/net/haproxy24/Makefile
new file mode 100644
index 000000000000..5126018dea37
--- /dev/null
+++ b/net/haproxy24/Makefile
@@ -0,0 +1,80 @@
+# Created by: Hugo Saro <hugo@barafranca.com>
+
+PORTNAME= haproxy
+DISTVERSION= 2.4.12
+CATEGORIES= net www
+PKGNAMESUFFIX= 24
+MASTER_SITES= http://www.haproxy.org/download/2.4/src/
+
+MAINTAINER= demon@FreeBSD.org
+COMMENT= Reliable, high performance TCP/HTTP load balancer
+
+LICENSE= GPLv2 LGPL21
+LICENSE_COMB= multi
+
+FLAVORS= default lua
+FLAVOR?= ${FLAVORS:[1]}
+
+default_CONFLICTS_INSTALL= haproxy-lua
+lua_CONFLICTS_INSTALL= haproxy
+lua_PKGNAMESUFFIX= -lua
+
+CONFLICTS_INSTALL= haproxy-devel haproxy17 haproxy18 haproxy19 haproxy20 haproxy21
+
+USES= compiler:c++11-lang cpe gmake
+USE_RC_SUBR= haproxy
+
+ALL_TARGET= all admin/halog/halog
+MAKE_ARGS= TARGET=freebsd DEFINE=-DFREEBSD_PORTS USE_GETADDRINFO=1 \
+ USE_ZLIB=1 USE_CPU_AFFINITY=1 USE_ACCEPT4=1 \
+ CC="${CC}" DEBUG_CFLAGS="" CPU_CFLAGS="${CFLAGS}" \
+ ${MAKE_ARGS_${ARCH}}
+MAKE_ARGS_i386= USE_LIBATOMIC=
+
+OPTIONS_DEFINE= DOCS EXAMPLES LUA OPENSSL DEVICEATLAS PROMEX
+OPTIONS_RADIO= PCRE
+OPTIONS_RADIO_PCRE= DPCRE SPCRE
+DPCRE_DESC= Link dynamically
+SPCRE_DESC= Link statically
+DEVICEATLAS_DESC= DeviceAtlas Device Detection support
+PROMEX_DESC= Enable Prometheus exporter
+OPTIONS_DEFAULT= SPCRE OPENSSL
+
+DPCRE_LIB_DEPENDS= libpcre.so:devel/pcre
+DPCRE_MAKE_ARGS= USE_PCRE=1 USE_PCRE_JIT=1
+SPCRE_LIB_DEPENDS= libpcre.so:devel/pcre
+SPCRE_MAKE_ARGS= USE_PCRE=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1
+DEVICEATLAS_LIB_DEPENDS= libda.so:net/deviceatlas-enterprise-c
+DEVICEATLAS_MAKE_ARGS= USE_DEVICEATLAS=1 DEVICEATLAS_LIB=${LOCALBASE}/lib DEVICEATLAS_INC=${LOCALBASE}/include
+PROMEX_MAKE_ARGS= USE_PROMEX=1
+OPENSSL_USES= ssl
+OPENSSL_MAKE_ARGS= USE_OPENSSL=1 SSL_LIB=${OPENSSLLIB} SSL_INC=${OPENSSLINC}
+LUA_USES= lua:53
+LUA_MAKE_ARGS= USE_LUA=1 LUA_INC=${LUA_INCDIR} LUA_LIB=${LUA_LIBDIR} LUA_LIB_NAME=lua-${LUA_VER}
+
+.if ${FLAVOR:U} == lua
+OPTIONS_DEFAULT+= LUA
+.endif
+
+.include <bsd.port.options.mk>
+
+.if ${ARCH} == powerpc
+MAKE_ARGS+= USE_LIBATOMIC=
+.endif
+
+.include <bsd.port.pre.mk>
+
+.if ${ARCH} == "amd64" || ${ARCH} == "i386"
+MAKE_ARGS+= USE_REGPARM=1
+.endif
+
+do-install:
+ ${INSTALL_PROGRAM} ${WRKSRC}/haproxy ${STAGEDIR}${PREFIX}/sbin/
+ ${INSTALL_PROGRAM} ${WRKSRC}/admin/halog/halog ${STAGEDIR}${PREFIX}/sbin/
+ ${INSTALL_MAN} ${WRKSRC}/doc/haproxy.1 ${STAGEDIR}${MAN1PREFIX}/man/man1
+ ${MKDIR} ${STAGEDIR}${DOCSDIR}
+ (cd ${WRKSRC}/doc/ && ${COPYTREE_SHARE} \* ${STAGEDIR}${DOCSDIR})
+ ${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
+ (cd ${WRKSRC}/examples/ && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR})
+
+.include <bsd.port.post.mk>
diff --git a/net/haproxy24/distinfo b/net/haproxy24/distinfo
new file mode 100644
index 000000000000..29b1590a04af
--- /dev/null
+++ b/net/haproxy24/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1641898062
+SHA256 (haproxy-2.4.12.tar.gz) = 6984a94466739e5e8188949a3d1731634087226a12aada8bf6f81f9d316ca4f3
+SIZE (haproxy-2.4.12.tar.gz) = 3607497
diff --git a/net/haproxy24/files/haproxy.in b/net/haproxy24/files/haproxy.in
new file mode 100644
index 000000000000..e9eb2147c412
--- /dev/null
+++ b/net/haproxy24/files/haproxy.in
@@ -0,0 +1,130 @@
+#!/bin/sh
+
+# PROVIDE: haproxy
+# REQUIRE: DAEMON LOGIN
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable haproxy:
+#
+# haproxy_enable (bool): default: "NO"
+# Set to "YES" to enable haproxy
+# haproxy_pidfile (str): default: /var/run/haproxy.pid
+# Set to the full path of the pid file
+# haproxy_config (str): default: %%PREFIX%%/etc/haproxy.conf
+# Set to the full path of the config file
+# haproxy_flags (str): default: Autogenerated using pidfile and config options
+# Set to override with your own options
+# haproxy_profiles (str): default: empty
+# Set to space-separated list of profiles: for each profile separate haproxy
+# process will be spawned, with haproxy-${profile}.conf config file.
+# You can override default pidfile and config file for each profile with
+# haproxy_${profile}_config and haproxy_${profile}_pidfile.
+
+. /etc/rc.subr
+
+name="haproxy"
+rcvar=haproxy_enable
+command="%%PREFIX%%/sbin/haproxy"
+extra_commands="reload configtest hardstop hardreload softreload"
+reload_cmd="haproxy_reload"
+hardreload_cmd="haproxy_reload"
+hardreload_precmd="def_hardreload_option"
+softreload_cmd="haproxy_reload"
+softreload_precmd="def_softreload_option"
+stop_cmd="haproxy_stop"
+hardstop_cmd="haproxy_stop"
+hardstop_precmd="def_hardstop_signal"
+
+: ${haproxy_enable:="NO"}
+: ${haproxy_config:="%%PREFIX%%/etc/${name}.conf"}
+: ${haproxy_socket:="/var/run/${name}/socket"}
+pidfile=${haproxy_pidfile:-"/var/run/haproxy.pid"}
+
+def_hardreload_option()
+{
+ reload_opt="-st"
+}
+
+def_softreload_option()
+{
+ reload_opt="-x ${haproxy_socket} -sf"
+}
+
+def_hardstop_signal()
+{
+ sig_stop="TERM"
+}
+
+load_rc_config $name
+
+is_valid_profile() {
+ local profile
+ for profile in $haproxy_profiles; do
+ if [ "$profile" = "$1" ]; then
+ return 0
+ fi
+ done
+ return 1
+}
+
+if [ -n "$2" ]; then
+ profile=$2
+ if ! is_valid_profile $profile; then
+ echo "$0: no such profile ($profile) defined in ${name}_profiles."
+ exit 1
+ fi
+ eval haproxy_config="\${haproxy_${profile}_config:-%%PREFIX%%/etc/haproxy-${profile}.conf}"
+ eval pidfile="\${haproxy_${profile}_pidfile:-/var/run/haproxy-${profile}.pid}"
+else
+ if [ "x${haproxy_profiles}" != "x" -a "x$1" != "x" ]; then
+ for profile in ${haproxy_profiles}; do
+ echo "===> ${name} profile: ${profile}"
+ %%PREFIX%%/etc/rc.d/haproxy $1 ${profile}
+ retcode="$?"
+ if [ ${retcode} -ne 0 ]; then
+ failed="${profile} (${retcode}) ${failed:-}"
+ else
+ success="${profile} ${success:-}"
+ fi
+ done
+ exit 0
+ fi
+fi
+
+: ${haproxy_flags:="-q -f ${haproxy_config} -p ${pidfile}"}
+configtest_cmd="$command -c -f $haproxy_config"
+start_precmd="$command -q -c -f $haproxy_config"
+required_files=$haproxy_config
+sig_stop=SIGUSR1
+reload_opt="-sf"
+
+haproxy_reload()
+{
+ ${command} -q -c -f ${haproxy_config}
+ if [ $? -ne 0 ]; then
+ err 1 "Error found in ${haproxy_config} - not reloading current process!"
+ fi
+ rc_pid=$(check_pidfile ${pidfile} ${command})
+ if [ $rc_pid ]; then
+ ${command} ${haproxy_flags} $reload_opt $(cat ${pidfile})
+ else
+ _run_rc_notrunning
+ return 1
+ fi
+}
+
+haproxy_stop()
+{
+ rc_pid=$(check_pidfile ${pidfile} ${command})
+ if [ $rc_pid ]; then
+ rc_pid=$(cat ${pidfile})
+ kill -$sig_stop $rc_pid
+ wait_for_pids $rc_pid
+ else
+ _run_rc_notrunning
+ return 1
+ fi
+}
+
+run_rc_command "$1"
diff --git a/net/haproxy24/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat b/net/haproxy24/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat
new file mode 100644
index 000000000000..e6f0291f8c89
--- /dev/null
+++ b/net/haproxy24/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat
@@ -0,0 +1,78 @@
+From ce5ca630697a069ffbd81169663e5dbeb554179a Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Wed, 6 Oct 2021 11:23:32 +0200
+Subject: CLEANUP: servers: do not include openssl-compat
+
+This is exactly the same as for listeners, servers only include
+openssl-compat to provide the SSL_CTX type to use as two pointers to
+contexts, and to detect if NPN, ALPN, and cipher suites are supported,
+and save up to 5 pointers in the ssl_ctx struct if not supported. This
+is pointless, as these ones have all been supported for about a decade,
+and including this file comes with a long dependency chain that impacts
+lots of other files. The ctx was made a void*.
+
+Now the build time was significantly reduced, from 9.2 to 8.1 seconds,
+thanks to opensslconf.h being included "only" 456 times instead of 2424
+previously!
+
+The total number of lines of code compiled was reduced by 15%.
+
+(cherry picked from commit 340ef2502eae2a37781e460d3590982c0e437fbd)
+[wt: this is backported to get rid of the painful #ifdef around SSL
+ fields that regularly break backports]
+Signed-off-by: Willy Tarreau <w@1wt.eu>
+---
+ include/haproxy/server-t.h | 10 +---------
+ 1 file changed, 1 insertion(+), 9 deletions(-)
+
+diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h
+index 429195388..32b649bf3 100644
+--- include/haproxy/server-t.h
++++ include/haproxy/server-t.h
+@@ -35,9 +35,7 @@
+ #include <haproxy/freq_ctr-t.h>
+ #include <haproxy/listener-t.h>
+ #include <haproxy/obj_type-t.h>
+-#include <haproxy/openssl-compat.h>
+ #include <haproxy/resolvers-t.h>
+-#include <haproxy/ssl_sock-t.h>
+ #include <haproxy/stats-t.h>
+ #include <haproxy/task-t.h>
+ #include <haproxy/thread-t.h>
+@@ -341,7 +339,7 @@ struct server {
+ #ifdef USE_OPENSSL
+ char *sni_expr; /* Temporary variable to store a sample expression for SNI */
+ struct {
+- SSL_CTX *ctx;
++ void *ctx;
+ struct {
+ unsigned char *ptr;
+ int size;
+@@ -353,9 +351,7 @@ struct server {
+ __decl_thread(HA_RWLOCK_T lock); /* lock the cache and SSL_CTX during commit operations */
+
+ char *ciphers; /* cipher suite to use if non-null */
+-#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
+ char *ciphersuites; /* TLS 1.3 cipher suite to use if non-null */
+-#endif
+ int options; /* ssl options */
+ int verify; /* verify method (set of SSL_VERIFY_* flags) */
+ struct tls_version_filter methods; /* ssl methods */
+@@ -363,14 +359,10 @@ struct server {
+ char *ca_file; /* CAfile to use on verify */
+ char *crl_file; /* CRLfile to use on verify */
+ struct sample_expr *sni; /* sample expression for SNI */
+-#ifdef OPENSSL_NPN_NEGOTIATED
+ char *npn_str; /* NPN protocol string */
+ int npn_len; /* NPN protocol string length */
+-#endif
+-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+ char *alpn_str; /* ALPN protocol string */
+ int alpn_len; /* ALPN protocol string length */
+-#endif
+ } ssl_ctx;
+ #ifdef USE_QUIC
+ struct quic_transport_params quic_params; /* QUIC transport parameters */
+--
+2.28.0
+
diff --git a/net/haproxy24/files/patch-0002-CLEANUP-server-always-include-the-storage-for-SSL-se b/net/haproxy24/files/patch-0002-CLEANUP-server-always-include-the-storage-for-SSL-se
new file mode 100644
index 000000000000..8e5064790cba
--- /dev/null
+++ b/net/haproxy24/files/patch-0002-CLEANUP-server-always-include-the-storage-for-SSL-se
@@ -0,0 +1,163 @@
+From 6d395b766fd816cf2e7feea3286a689e635e35f9 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Wed, 6 Oct 2021 14:48:37 +0200
+Subject: CLEANUP: server: always include the storage for SSL settings
+
+The SSL stuff in struct server takes less than 3% of it and requires
+lots of annoying ifdefs in the code just to take care of the cases
+where the field is absent. Let's get rid of this and stop including
+openssl-compat from server.c to detect NPN and ALPN capabilities.
+
+This reduces the total LoC by another 0.4%.
+
+(cherry picked from commit 80527bcb9d51d8506c8e7ef95de9c30d30722719)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+(cherry picked from commit 5279e61cee28b7012619906048edd2c8a9c89059)
+[wt: backported again to fix backport issues around SSL fields. It
+ previously broke due to the absence of 'CLEANUP: servers: do not
+ include openssl-compat' that was backported now]
+Signed-off-by: Willy Tarreau <w@1wt.eu>
+---
+ include/haproxy/server-t.h | 2 --
+ src/server.c | 21 +++------------------
+ 2 files changed, 3 insertions(+), 20 deletions(-)
+
+diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h
+index 32b649bf3..90485f0c4 100644
+--- include/haproxy/server-t.h
++++ include/haproxy/server-t.h
+@@ -336,7 +336,6 @@ struct server {
+ unsigned int init_addr_methods; /* initial address setting, 3-bit per method, ends at 0, enough to store 10 entries */
+ enum srv_log_proto log_proto; /* used proto to emit messages on server lines from ring section */
+
+-#ifdef USE_OPENSSL
+ char *sni_expr; /* Temporary variable to store a sample expression for SNI */
+ struct {
+ void *ctx;
+@@ -367,7 +366,6 @@ struct server {
+ #ifdef USE_QUIC
+ struct quic_transport_params quic_params; /* QUIC transport parameters */
+ struct eb_root cids; /* QUIC connections IDs. */
+-#endif
+ #endif
+ struct resolv_srvrq *srvrq; /* Pointer representing the DNS SRV requeest, if any */
+ struct list srv_rec_item; /* to attach server to a srv record item */
+diff --git a/src/server.c b/src/server.c
+index 54637dc9c..ea3271957 100644
+--- src/server.c
++++ src/server.c
+@@ -1943,7 +1943,6 @@ const char *server_parse_maxconn_change_request(struct server *sv,
+ return NULL;
+ }
+
+-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ static struct sample_expr *srv_sni_sample_parse_expr(struct server *srv, struct proxy *px,
+ const char *file, int linenum, char **err)
+ {
+@@ -1983,7 +1982,6 @@ static int server_parse_sni_expr(struct server *newsrv, struct proxy *px, char *
+
+ return 0;
+ }
+-#endif
+
+ static void display_parser_err(const char *file, int linenum, char **args, int cur_arg, int err_code, char **err)
+ {
+@@ -2080,14 +2078,11 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src)
+ if (src->ssl_ctx.methods.max)
+ srv->ssl_ctx.methods.max = src->ssl_ctx.methods.max;
+
+-#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
+ if (src->ssl_ctx.ciphersuites != NULL)
+ srv->ssl_ctx.ciphersuites = strdup(src->ssl_ctx.ciphersuites);
+-#endif
+ if (src->sni_expr != NULL)
+ srv->sni_expr = strdup(src->sni_expr);
+
+-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+ if (src->ssl_ctx.alpn_str) {
+ srv->ssl_ctx.alpn_str = malloc(src->ssl_ctx.alpn_len);
+ if (srv->ssl_ctx.alpn_str) {
+@@ -2096,8 +2091,7 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src)
+ srv->ssl_ctx.alpn_len = src->ssl_ctx.alpn_len;
+ }
+ }
+-#endif
+-#ifdef OPENSSL_NPN_NEGOTIATED
++
+ if (src->ssl_ctx.npn_str) {
+ srv->ssl_ctx.npn_str = malloc(src->ssl_ctx.npn_len);
+ if (srv->ssl_ctx.npn_str) {
+@@ -2106,7 +2100,6 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src)
+ srv->ssl_ctx.npn_len = src->ssl_ctx.npn_len;
+ }
+ }
+-#endif
+ }
+ #endif
+
+@@ -2463,13 +2456,13 @@ static int _srv_parse_tmpl_init(struct server *srv, struct proxy *px)
+
+ srv_settings_cpy(newsrv, srv, 1);
+ srv_prepare_for_resolution(newsrv, srv->hostname);
+-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
++
+ if (newsrv->sni_expr) {
+ newsrv->ssl_ctx.sni = srv_sni_sample_parse_expr(newsrv, px, NULL, 0, NULL);
+ if (!newsrv->ssl_ctx.sni)
+ goto err;
+ }
+-#endif
++
+ /* append to list of servers available to receive an hostname */
+ if (newsrv->srvrq)
+ LIST_APPEND(&newsrv->srvrq->attached_servers, &newsrv->srv_rec_item);
+@@ -2488,9 +2481,7 @@ static int _srv_parse_tmpl_init(struct server *srv, struct proxy *px)
+ err:
+ _srv_parse_set_id_from_prefix(srv, srv->tmpl_info.prefix, srv->tmpl_info.nb_low);
+ if (newsrv) {
+-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ release_sample_expr(newsrv->ssl_ctx.sni);
+-#endif
+ free_check(&newsrv->agent);
+ free_check(&newsrv->check);
+ LIST_DELETE(&newsrv->global_list);
+@@ -2748,7 +2739,6 @@ static int _srv_parse_kw(struct server *srv, char **args, int *cur_arg,
+ return err_code;
+ }
+
+-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ /* This function is first intended to be used through parse_server to
+ * initialize a new server on startup.
+ */
+@@ -2767,7 +2757,6 @@ static int _srv_parse_sni_expr_init(char **args, int cur_arg,
+
+ return ret;
+ }
+-#endif
+
+ /* Server initializations finalization.
+ * Initialize health check, agent check and SNI expression if enabled.
+@@ -2780,9 +2769,7 @@ static int _srv_parse_finalize(char **args, int cur_arg,
+ struct server *srv, struct proxy *px,
+ int parse_flags, char **errmsg)
+ {
+-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ int ret;
+-#endif
+
+ if (srv->do_check && srv->trackit) {
+ memprintf(errmsg, "unable to enable checks and tracking at the same time!");
+@@ -2795,10 +2782,8 @@ static int _srv_parse_finalize(char **args, int cur_arg,
+ return ERR_ALERT | ERR_FATAL;
+ }
+
+-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ if ((ret = _srv_parse_sni_expr_init(args, cur_arg, srv, px, errmsg)) != 0)
+ return ret;
+-#endif
+
+ /* A dynamic server is disabled on startup. It must not be counted as
+ * an active backend entry.
+--
+2.28.0
+
diff --git a/net/haproxy24/files/patch-src_cpuset.c b/net/haproxy24/files/patch-src_cpuset.c
new file mode 100644
index 000000000000..42f04b37e6f6
--- /dev/null
+++ b/net/haproxy24/files/patch-src_cpuset.c
@@ -0,0 +1,14 @@
+--- src/cpuset.c.orig 2021-12-23 16:47:51 UTC
++++ src/cpuset.c
+@@ -53,7 +53,11 @@ void ha_cpuset_and(struct hap_cpuset *dst, const struc
+ CPU_AND(&dst->cpuset, &dst->cpuset, &src->cpuset);
+
+ #elif defined(CPUSET_USE_FREEBSD_CPUSET)
++#if defined(CPU_ALLOC)
++ CPU_AND(&dst->cpuset, &dst->cpuset, &src->cpuset);
++#else
+ CPU_AND(&dst->cpuset, &src->cpuset);
++#endif
+
+ #elif defined(CPUSET_USE_ULONG)
+ dst->cpuset &= src->cpuset;
diff --git a/net/haproxy24/pkg-descr b/net/haproxy24/pkg-descr
new file mode 100644
index 000000000000..678317bd6baf
--- /dev/null
+++ b/net/haproxy24/pkg-descr
@@ -0,0 +1,6 @@
+HAProxy is a free, very fast and reliable solution offering high
+availability, load balancing, and proxying for TCP and HTTP-based
+applications. It is particularly suited for web sites crawling under
+very high loads while needing persistence or Layer7 processing.
+
+WWW: http://www.haproxy.org
diff --git a/net/haproxy24/pkg-plist b/net/haproxy24/pkg-plist
new file mode 100644
index 000000000000..0d2754938a4b
--- /dev/null
+++ b/net/haproxy24/pkg-plist
@@ -0,0 +1,110 @@
+man/man1/haproxy.1.gz
+sbin/halog
+sbin/haproxy
+%%PORTDOCS%%%%DOCSDIR%%/51Degrees-device-detection.txt
+%%PORTDOCS%%%%DOCSDIR%%/DeviceAtlas-device-detection.txt
+%%PORTDOCS%%%%DOCSDIR%%/SOCKS4.protocol.txt
+%%PORTDOCS%%%%DOCSDIR%%/SPOE.txt
+%%PORTDOCS%%%%DOCSDIR%%/WURFL-device-detection.txt
+%%PORTDOCS%%%%DOCSDIR%%/acl.fig
+%%PORTDOCS%%%%DOCSDIR%%/architecture.txt
+%%PORTDOCS%%%%DOCSDIR%%/close-options.txt
+%%PORTDOCS%%%%DOCSDIR%%/coding-style.txt
+%%PORTDOCS%%%%DOCSDIR%%/configuration.txt
+%%PORTDOCS%%%%DOCSDIR%%/cookie-options.txt
+%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/backends-v0.txt
+%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/backends.txt
+%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/be-fe-changes.txt
+%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/binding-possibilities.txt
+%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/config-language.txt
+%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/connection-reuse.txt
+%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/connection-sharing.txt
+%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/dynamic-buffers.txt
+%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/entities-v2.txt
+%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/how-it-works.txt
+%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/http2.txt
+%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/http_load_time.url
+%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/rate-shaping.txt
+%%PORTDOCS%%%%DOCSDIR%%/design-thoughts/sess_par_sec.txt
+%%PORTDOCS%%%%DOCSDIR%%/gpl.txt
+%%PORTDOCS%%%%DOCSDIR%%/haproxy.1
+%%PORTDOCS%%%%DOCSDIR%%/internals/acl.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/body-parsing.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/buffer-api.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/connect-status.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/connection-header.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/connection-scale.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/entities-v2.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/entities.fig
+%%PORTDOCS%%%%DOCSDIR%%/internals/entities.pdf
+%%PORTDOCS%%%%DOCSDIR%%/internals/entities.svg
+%%PORTDOCS%%%%DOCSDIR%%/internals/entities.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/fd-migration.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/filters.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/hashing.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/header-parser-speed.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/header-tree.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/http-cookies.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/http-docs.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/http-parsing.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/htx-api.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/initcalls.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/list.fig
+%%PORTDOCS%%%%DOCSDIR%%/internals/list.png
+%%PORTDOCS%%%%DOCSDIR%%/internals/listener-states.fig
+%%PORTDOCS%%%%DOCSDIR%%/internals/listener-states.png
+%%PORTDOCS%%%%DOCSDIR%%/internals/lua_socket.fig
+%%PORTDOCS%%%%DOCSDIR%%/internals/lua_socket.pdf
+%%PORTDOCS%%%%DOCSDIR%%/internals/muxes.fig
+%%PORTDOCS%%%%DOCSDIR%%/internals/muxes.pdf
+%%PORTDOCS%%%%DOCSDIR%%/internals/muxes.png
+%%PORTDOCS%%%%DOCSDIR%%/internals/muxes.svg
+%%PORTDOCS%%%%DOCSDIR%%/internals/naming.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/notes-layers.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/pattern.dia
+%%PORTDOCS%%%%DOCSDIR%%/internals/pattern.pdf
+%%PORTDOCS%%%%DOCSDIR%%/internals/polling-states.fig
+%%PORTDOCS%%%%DOCSDIR%%/internals/repartition-be-fe-fi.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/sequence.fig
+%%PORTDOCS%%%%DOCSDIR%%/internals/sched.fig
+%%PORTDOCS%%%%DOCSDIR%%/internals/sched.pdf
+%%PORTDOCS%%%%DOCSDIR%%/internals/sched.png
+%%PORTDOCS%%%%DOCSDIR%%/internals/sched.svg
+%%PORTDOCS%%%%DOCSDIR%%/internals/ssl_cert.dia
+%%PORTDOCS%%%%DOCSDIR%%/internals/stats-v2.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/stream-sock-states.fig
+%%PORTDOCS%%%%DOCSDIR%%/intro.txt
+%%PORTDOCS%%%%DOCSDIR%%/lgpl.txt
+%%PORTDOCS%%%%DOCSDIR%%/linux-syn-cookies.txt
+%%PORTDOCS%%%%DOCSDIR%%/lua-api/Makefile
+%%PORTDOCS%%%%DOCSDIR%%/lua-api/_static/channel.fig
+%%PORTDOCS%%%%DOCSDIR%%/lua-api/_static/channel.png
+%%PORTDOCS%%%%DOCSDIR%%/lua-api/conf.py
+%%PORTDOCS%%%%DOCSDIR%%/lua-api/index.rst
+%%PORTDOCS%%%%DOCSDIR%%/lua.txt
+%%PORTDOCS%%%%DOCSDIR%%/management.txt
+%%PORTDOCS%%%%DOCSDIR%%/netscaler-client-ip-insertion-protocol.txt
+%%PORTDOCS%%%%DOCSDIR%%/network-namespaces.txt
+%%PORTDOCS%%%%DOCSDIR%%/peers.txt
+%%PORTDOCS%%%%DOCSDIR%%/peers-v2.0.txt
+%%PORTDOCS%%%%DOCSDIR%%/proxy-protocol.txt
+%%PORTDOCS%%%%DOCSDIR%%/queuing.fig
+%%PORTDOCS%%%%DOCSDIR%%/regression-testing.txt
+%%PORTDOCS%%%%DOCSDIR%%/seamless_reload.txt
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/acl-content-sw.cfg
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/basic-config-edge.cfg
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/content-sw-sample.cfg
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/errorfiles/400.http
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/errorfiles/403.http
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/errorfiles/408.http
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/errorfiles/500.http
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/errorfiles/502.http
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/errorfiles/503.http
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/errorfiles/504.http
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/errorfiles/README
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/haproxy.init
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/option-http_proxy.cfg
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/quick-test.cfg
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/socks4.cfg
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/transparent_proxy.cfg
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/wurfl-example.cfg