mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-15 16:04:37 +00:00
24f45d8e34
80 Commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
Willy Tarreau
|
0e658fb051 |
[RELEASE] Released version 1.8-dev0
Released version 1.8-dev0 with the following main changes : - exact copy of 1.7.0 |
||
Willy Tarreau
|
e59fcdd25e |
[RELEASE] Released version 1.7.0
Released version 1.7.0 with the following main changes : - SCRIPTS: make publish-release also copy the new SPOE doc - BUILD: http: include types/sample.h in proto_http.h - BUILD: debug/flags: remove test for SF_COMP_READY - CONTRIB: debug/flags: add check for SF_ERR_CHK_PORT - MINOR: lua: add function which return true if the channel is full. - MINOR: lua: add ip addresses and network manipulation function - CONTRIB: tcploop: scriptable TCP I/O for debugging purposes - CONTRIB: tcploop: implement fork() - CONTRIB: tcploop: implement logging when called with -v - CONTRIB: tcploop: update the usage output - CONTRIB: tcploop: support sending plain strings - CONTRIB: tcploop: don't report failed send() or recv() - CONTRIB: tcploop: add basic loops via a jump instruction - BUG/MEDIUM: channel: bad unlikely macro - CLEANUP: lua: move comment - CLEANUP: lua: control executed twice - BUG/MEDIUM: ssl: Store certificate filename in a variable - BUG/MINOR: ssl: Print correct filename when error occurs reading OCSP - CLEANUP: ssl: Remove goto after return dead code - CLEANUP: ssl: Fix bind keywords name in comments - DOC: ssl: Use correct wording for ca-sign-pass - CLEANUP: lua: avoid directly calling getsockname/getpeername() - BUG/MINOR: stick-table: handle out-of-memory condition gracefully - MINOR: cli: add private pointer and release function - MEDIUM: lua: Add cli handler for Lua - BUG/MEDIUM: connection: check the control layer before stopping polling - DEBUG: connection: mark the closed FDs with a value that is easier to detect - BUG/MEDIUM: stick-table: fix regression caused by recent fix for out-of-memory - BUG/MINOR: cli: properly decrement ref count on tables during failed dumps - BUG/MEDIUM: lua: In some case, the return of sample-fetche is ignored - MINOR: filters: Add check_timeouts callback to handle timers expiration on streams - MINOR: spoe: Add 'timeout processing' option to limit time to process an event - MINOR: spoe: Remove useless 'timeout ack' option - MINOR: spoe: Add 'option continue-on-error' statement in spoe-agent section - MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements - MINOR: spoe: Add "option set-on-error" statement - MINOR: stats: correct documentation of process ID for typed output - BUILD: contrib: fix ip6range build on Centos 7 - BUILD: fix build on Solaris 10/11 - BUG/MINOR: cli: fix pointer size when reporting data/transport layer name - BUG/MINOR: cli: dequeue from the proxy when changing a maxconn - BUG/MINOR: cli: wake up the CLI's task after a timeout update - MINOR: connection: add a few functions to report the data and xprt layers' names - MINOR: connection: add names for transport and data layers - REORG: cli: split dumpstats.c in src/cli.c and src/stats.c - REORG: cli: split dumpstats.h in stats.h and cli.h - REORG: cli: move ssl CLI functions to ssl_sock.c - REORG: cli: move map and acl code to map.c - REORG: cli: move show stat resolvers to dns.c - MINOR: cli: create new function cli_has_level() to validate permissions - MINOR: server: create new function cli_find_server() to find a server - MINOR: proxy: create new function cli_find_frontend() to find a frontend - REORG: cli: move 'set server' to server.c - REORG: cli: move 'show pools' to memory.c - REORG: cli: move 'show servers' to proxy.c - REORG: cli: move 'show sess' to stream.c - REORG: cli: move 'show backend' to proxy.c - REORG: cli: move get/set weight to server.c - REORG: cli: move "show stat" to stats.c - REORG: cli: move "show info" to stats.c - REORG: cli: move dump_text(), dump_text_line(), and dump_binary() to standard.c - REORG: cli: move table dump/clear/set to stick_table.c - REORG: cli: move "show errors" out of cli.c - REORG: cli: make "show env" also use the generic keyword registration - REORG: cli: move "set timeout" to its own handler - REORG: cli: move "clear counters" to stats.c - REORG: cli: move "set maxconn global" to its own handler - REORG: cli: move "set maxconn server" to server.c - REORG: cli: move "set maxconn frontend" to proxy.c - REORG: cli: move "shutdown sessions server" to stream.c - REORG: cli: move "shutdown session" to stream.c - REORG: cli: move "shutdown frontend" to proxy.c - REORG: cli: move "{enable|disable} frontend" to proxy.c - REORG: cli: move "{enable|disable} server" to server.c - REORG: cli: move "{enable|disable} health" to server.c - REORG: cli: move "{enable|disable} agent" to server.c - REORG: cli: move the "set rate-limit" functions to their own parser - CLEANUP: cli: rename STAT_CLI_* to CLI_ST_* - CLEANUP: cli: simplify the request parser a little bit - CLEANUP: cli: remove assignments to st0 and st2 in keyword parsers - BUILD: server: remove a build warning introduced by latest series - BUG/MINOR: log-format: uncatched memory allocation functions - CLEANUP: log-format: useless file and line in json converter - CLEANUP/MINOR: log-format: unexport functions parse_logformat_var_args() and parse_logformat_var() - CLEANUP: log-format: fix return code of the function parse_logformat_var() - CLEANUP: log-format: fix return code of function parse_logformat_var_args() - CLEANUP: log-format: remove unused arguments - MEDIUM: log-format: strict parsing and enable fail - MEDIUM: log-format/conf: take into account the parse_logformat_string() return code - BUILD: ssl: make the SSL layer build again with openssl 0.9.8 - BUILD: vars: remove a build warning on vars.c - MINOR: lua: add utility function for check boolean argument - MINOR: lua: Add tokenize function. - BUG/MINOR: conf: calloc untested - MINOR: http/conf: store the use_backend configuration file and line for logs - MEDIUM: log-format: Use standard HAProxy log system to report errors - CLEANUP: sample: report "converter" instead of "conv method" in error messages - BUG: spoe: Fix parsing of SPOE actions in ACK frames - MINOR: cli: make "show stat" support a proxy name - MINOR: cli: make "show errors" support a proxy name - MINOR: cli: make "show errors" capable of dumping only request or response - BUG/MINOR: freq-ctr: make swrate_add() support larger values - CLEANUP: counters: move from 3 types to 2 types - CLEANUP: cfgparse: cascade the warnif_misplaced_* rules - REORG: tcp-rules: move tcp rules processing to their own file - REORG: stkctr: move all the stick counters processing to stick-tables.c - DOC: update the roadmap file with the latest changes |
||
Willy Tarreau
|
d5d890be21 |
[RELEASE] Released version 1.7-dev6
Released version 1.7-dev6 with the following main changes : - DOC: fix the entry for hash-balance-factor config option - DOC: Fix typo in description of `-st` parameter in man page - CLEANUP: cfgparse: Very minor spelling correction - MINOR: examples: Update haproxy.spec URLs to haproxy.org - BUG/MEDIUM: peers: on shutdown, wake up the appctx, not the stream - BUG/MEDIUM: peers: fix use after free in peer_session_create() - MINOR: peers: make peer_session_forceshutdown() use the appctx and not the stream - MINOR: peers: remove the pointer to the stream - BUG/MEDIUM: systemd-wrapper: return correct exit codes - DOC: stats: provide state details for show servers state - MEDIUM: tools: make str2ip2() preserve existing ports - CLEANUP: tools: make ipcpy() preserve the original port - OPTIM: http: move all http character classs tables into a single one - OPTIM: http: improve parsing performance of long header lines - OPTIM: http: improve parsing performance of long URIs - OPTIM: http: optimize lookup of comma and quote in header values - BUG/MEDIUM: srv-state: properly restore the DRAIN state - BUG/MINOR: srv-state: allow to have both CMAINT and FDRAIN flags - MINOR: server: do not emit warnings/logs/alerts on server state changes at boot - BUG/MEDIUM: servers: properly propagate the maintenance states during startup - MEDIUM: wurfl: add Scientiamobile WURFL device detection module - DOC: move the device detection modules documentation to their own files - CLEANUP: wurfl: reduce exposure in the rest of the code - MEDIUM: ssl: Add support for OpenSSL 1.1.0 - MINOR: stream: make option contstats usable again - MEDIUM: tools: make str2sa_range() return the FQDN even when not resolving - MINOR: init: move apply_server_state in haproxy.c before MODE_CHECK - MAJOR: server: postpone address resolution - MINOR: new srv_admin flag: SRV_ADMF_RMAINT - MINOR: server: indicate in the logs when RMAINT is cleared - MINOR: stats: indicate it when a server is down due to resolution - MINOR: server: make srv_set_admin_state() capable of telling why this happens - MINOR: dns: implement extra 'hold' timers. - MAJOR: dns: runtime resolution can change server admin state - MEDIUM: cli: leave the RMAINT state when setting an IP address on the CLI - MEDIUM: server: add a new init-addr server line setting - MEDIUM: server: make use of init-addr - MINOR: server: implement init-addr none - MEDIUM: server: make libc resolution failure non-fatal - MINOR: server: add support for explicit numeric address in init-addr - DOC: add some documentation for the "init-addr" server keyword - MINOR: init: add -dr to ignore server address resolution failures - MEDIUM: server: do not restrict anymore usage of IP address from the state file - BUG: vars: Fix 'set-var' converter because of a typo - CLEANUP: remove last references to 'ruleset' section - MEDIUM: filters: Add attch/detach and stream_set_backend callbacks - MINOR: filters: Update filters documentation accordingly to recent changes - MINOR: filters: Call stream_set_backend callbacks before updating backend stats - MINOR: filters: Remove backend filters attached to a stream only for HTTP streams - MINOR: flt_trace: Add hexdump option to dump forwarded data - MINOR: cfgparse: Add functions to backup and restore registered sections - MINOR: cfgparse: Parse scope lines and save the last one parsed - REORG: sample: move code to release a sample expression in sample.c - MINOR: vars: Allow '.' in variable names - MINOR: vars: Add vars_set_by_name_ifexist function - MEDIUM: vars: Add a per-process scope for variables - MINOR: vars: Add 'unset-var' action/converter - MAJOR: spoe: Add an experimental Stream Processing Offload Engine - MINOR: spoe: add random ip-reputation service as SPOA example - MINOR: spoe/checks: Add support for SPOP health checks - DOC: update ROADMAP file |
||
Willy Tarreau
|
29b25317fc |
DOC: move the device detection modules documentation to their own files
Both DeviceAtlas and 51Degrees used to put their building instructions in the README, representing more than 1/3 of it. It's better to let the README focus on generic stuff and building procedure and move the DD docs to their own files. |
||
scientiamobile
|
d0027ed5b1 |
MEDIUM: wurfl: add Scientiamobile WURFL device detection module
WURFL is a high-performance and low-memory footprint mobile device detection software component that can quickly and accurately detect over 500 capabilities of visiting devices. It can differentiate between portable mobile devices, desktop devices, SmartTVs and any other types of devices on which a web browser can be installed. In order to add WURFL device detection support, you would need to download Scientiamobile InFuze C API and install it on your system. Refer to www.scientiamobile.com to obtain a valid InFuze license. Any useful information on how to configure HAProxy working with WURFL may be found in: doc/WURFL-device-detection.txt doc/configuration.txt examples/wurfl-example.cfg Please find more information about WURFL device detection API detection at https://docs.scientiamobile.com/documentation/infuze/infuze-c-api-user-guide |
||
Willy Tarreau
|
608efa173c |
[RELEASE] Released version 1.7-dev5
Released version 1.7-dev5 with the following main changes : - MINOR: cfgparse: few memory leaks fixes. - MEDIUM: log: Decompose %Tq in %Th %Ti %TR - CLEANUP: logs: remove unused log format field definitions - BUILD/MAJOR:updated 51d Trie implementation to incorperate latest update to 51Degrees.c - BUG/MAJOR: stream: properly mark the server address as unset on connect retry - CLEANUP: proto_http: Removing useless variable assignation - CLEANUP: dumpstats: Removing useless variables allocation - CLEANUP: dns: Removing usless variable & assignation - BUG/MINOR: payload: fix SSLv2 version parser - MINOR: cli: allow the semi-colon to be escaped on the CLI - MINOR: cli: change a server health check port through the stats socket - BUG/MINOR: Fix OSX compilation errors - MAJOR: check: find out which port to use for health check at run time - MINOR: server: introduction of 3 new server flags - MINOR: new update_server_addr_port() function to change both server's ADDR and service PORT - MINOR: cli: ability to change a server's port - CLEANUP/MINOR dns: comment do not follow up code update - MINOR: chunk: new strncat function - MINOR: dns: wrong DNS_MAX_UDP_MESSAGE value - MINOR: dns: new MAX values - MINOR: dns: new macro to compute DNS header size - MINOR: dns: new DNS structures to store received packets - MEDIUM: dns: new DNS response parser - MINOR: dns: query type change when last record is a CNAME - MINOR: dns: proper domain name validation when receiving DNS response - MINOR: dns: comments in types/dns.h about structures endianness - BUG/MINOR: displayed PCRE version is running release - MINOR: show Built with PCRE version - MINOR: show Running on zlib version - MEDIUM: make SO_REUSEPORT configurable - MINOR: enable IP_BIND_ADDRESS_NO_PORT on backend connections - BUG/MEDIUM: http/compression: Fix how chunked data are copied during the HTTP body parsing - BUG/MINOR: stats: report the correct conn_time in backend's html output - BUG/MEDIUM: dns: don't randomly crash on out-of-memory - MINOR: Add fe_req_rate sample fetch - MEDIUM: peers: Fix a peer stick-tables synchronization issue. - MEDIUM: cli: register CLI keywords with cli_register_kw() - BUILD: Make use of accept4() on OpenBSD. - MINOR: tcp: make set-src/set-src-port and set-dst/set-dst-port commutative - DOC: fix missed entry for "set-{src,dst}{,-port}" - BUG/MINOR: vars: use sess and not s->sess in action_store() - BUG/MINOR: vars: make smp_fetch_var() more robust against misuses - BUG/MINOR: vars: smp_fetch_var() doesn't depend on HTTP but on the session - MINOR: stats: output dcon - CLEANUP: tcp rules: mention everywhere that tcp-conn rules are L4 - MINOR: counters: add new fields for denied_sess - MEDIUM: tcp: add registration and processing of TCP L5 rules - MINOR: stats: emit dses - DOC: document tcp-request session - MINOR: ssl: add debug traces - BUILD/CLEANUP: ssl: Check BIO_reset() return code - BUG/MINOR: ssl: Check malloc return code - BUG/MINOR: ssl: prevent multiple entries for the same certificate - BUG/MINOR: systemd: make the wrapper return a non-null status code on error - BUG/MINOR: systemd: always restore signals before execve() - BUG/MINOR: systemd: check return value of calloc() - MINOR: systemd: report it when execve() fails - BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed - MINOR: proxy: add 'served' field to proxy, equal to total of all servers' - MINOR: backend: add hash-balance-factor option for hash-type consistent - MINOR: server: compute a "cumulative weight" to allow chash balancing to hit its target - MEDIUM: server: Implement bounded-load hash algorithm - SCRIPTS: make git-show-backports also dump a "git show" command - MINOR: build: Allow linking to device-atlas library file - MINOR: stats: Escape equals sign on socket dump |
||
Daniel Jakots
|
9705ba2981 |
BUILD: Make use of accept4() on OpenBSD.
OpenBSD >= 5.7 supports accept4(). Older versions are not supported anymore anyway. Patch originally from Brad Smith. |
||
Willy Tarreau
|
41d5e3a610 |
[RELEASE] Released version 1.7-dev4
Released version 1.7-dev4 with the following main changes :
- MINOR: add list_append_word function
- MEDIUM: init: use list_append_word in haproxy.c
- MEDIUM: init: allow directory as argument of -f
- CLEANUP: config: detect double registration of a config section
- MINOR: log: add the %Td log-format specifier
- MEDIUM: filters: Move HTTP headers filtering in its own callback
- MINOR: filters: Simplify calls to analyzers using 2 new macros
- MEDIUM: filters: Add pre and post analyzer callbacks
- DOC: filters: Update the filters documentation accordingly to recent changes
- BUG/MEDIUM: init: don't use environment locale
- SCRIPTS: teach git-show-backports how to report upstream commits
- SCRIPTS: make git-show-backports capable of limiting its history
- BUG/MAJOR: fix listening IP address storage for frontends
- BUG/MINOR: fix listening IP address storage for frontends (cont)
- DOC: Fix typo so fetch is properly parsed by Cyril's converter
- BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes
- BUG/MEDIUM: stick-tables: fix breakage in table converters
- MINOR: stick-table: change all stick-table converters' inputs to SMP_T_ANY
- BUG/MEDIUM: dns: unbreak DNS resolver after header fix
- BUILD: fix build on Solaris 11
- BUG/MEDIUM: config: fix multiple declaration of section parsers
- BUG/MEDIUM: stats: show servers state may show an servers from another backend
- BUG/MEDIUM: fix risk of segfault with "show tls-keys"
- MEDIUM: dumpstats: 'show tls-keys' is now able to show secrets
- DOC: update doc about tls-tickets-keys dump
- MEDIUM: tcp: add 'set-src' to 'tcp-request connection'
- MINOR: set the CO_FL_ADDR_FROM_SET flags with 'set-src'
- MEDIUM: tcp/http: add 'set-src-port' action
- MEDIUM: tcp/http: new set-dst/set-dst-port actions
- BUG/MEDIUM: sticktables: segfault in some configuration error cases
- BUILD/MEDIUM: rebuild everything when an include file is changed
- BUILD/MEDIUM: force a full rebuild if some build options change
- BUG/MEDIUM: lua: converters doesn't work
- BUG/MINOR: http: add-header: header name copied twice
- BUG/MEDIUM: http: add-header: buffer overwritten
- BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()
- MINOR: stream: export the function 'smp_create_src_stkctr'
- BUG/MEDIUM: dumpstats: undefined behavior in stats_tlskeys_list()
- MEDIUM: dumpstats: make stats_tlskeys_list() yield-aware during tls-keys dump
- BUG/MINOR: http: url32+src should use the big endian version of url32
- BUG/MINOR: http: url32+src should check cli_conn before using it
- DOC: http: add documentation for url32 and url32+src
- BUG/MINOR: fix http-response set-log-level parsing error
- MINOR: systemd: Use variable for config and pidfile paths
- MINOR: systemd: Perform sanity check on config before reload
- MEDIUM: ssl: support SNI filters with multicerts
- MINOR: ssl: crt-list parsing factor
- BUILD: ssl: fix typo causing a build failure in the multicert patch
- MINOR: listener: add the "accept-netscaler-cip" option to the "bind" keyword
- MINOR: tcp: add "tcp-request connection expect-netscaler-cip layer4"
- BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual limits
- BUG/MINOR: init: ensure that FD limit is raised to the max allowed
- BUG/MEDIUM: external-checks: close all FDs right after the fork()
- BUG/MAJOR: external-checks: use asynchronous signal delivery
- BUG/MINOR: external-checks: do not unblock undesired signals
- CLEANUP: external-check: don't block/unblock SIGCHLD when manipulating the list
- BUG/MEDIUM: filters: Fix data filtering when data are modified
- BUG/MINOR: filters: Fix HTTP parsing when a filter loops on data forwarding
- BUG/MINOR: srv-state: fix incorrect output of state file
- BUG/MINOR: ssl: close ssl key file on error
- BUG/MINOR: http: fix misleading error message for response captures
- BUG/BUILD: don't automatically run "make" on "make install"
- DOC: add missing doc for http-request deny [deny_status <status>]
- CLEANUP: dumpstats: u64 field is an unsigned type.
- BUG/MEDIUM: http: unbreak uri/header/url_param hashing
- BUG/MINOR: Rework slightly commit
|
||
Willy Tarreau
|
7d1b48fae0 |
[RELEASE] Released version 1.7-dev3
Released version 1.7-dev3 with the following main changes : - MINOR: sample: Moves ARGS underlying type from 32 to 64 bits. - BUG/MINOR: log: Don't use strftime() which can clobber timezone if chrooted - BUILD: namespaces: fix a potential build warning in namespaces.c - MINOR: da: Using ARG12 macro for the sample fetch and the convertor. - DOC: add encoding to json converter example - BUG/MINOR: conf: "listener id" expects integer, but its not checked - DOC: Clarify tunes.vars.xxx-max-size settings - CLEANUP: chunk: adding NULL check to chunk_dup allocation. - CLEANUP: connection: fix double negation on memcmp() - BUG/MEDIUM: peers: fix incorrect age in frequency counters - BUG/MEDIUM: Fix RFC5077 resumption when more than TLS_TICKETS_NO are present - BUG/MAJOR: Fix crash in http_get_fhdr with exactly MAX_HDR_HISTORY headers - BUG/MINOR: lua: can't load external libraries - BUG/MINOR: prevent the dump of uninitialized vars - CLEANUP: map: it seems that the map were planed to be chained - MINOR: lua: move class registration facilities - MINOR: lua: remove some useless checks - CLEANUP: lua: Remove two same functions - MINOR: lua: refactor the Lua object registration - MINOR: lua: precise message when a critical error is catched - MINOR: lua: post initialization - MINOR: lua: Add internal function which strip spaces - MINOR: lua: convert field to lua type - DOC: "addr" parameter applies to both health and agent checks - DOC: timeout client: pointers to timeout http-request - DOC: typo on stick-store response - DOC: stick-table: amend paragraph blaming the loss of table upon reload - DOC: typo: ACL subdir match - DOC: typo: maxconn paragraph is wrong due to a wrong buffer size - DOC: regsub: parser limitation about the inability to use closing square brackets - DOC: typo: req.uri is now replaced by capture.req.uri - DOC: name set-gpt0 mismatch with the expected keyword - MINOR: http: sample fetch which returns unique-id - MINOR: dumpstats: extract stats fields enum and names - MINOR: dumpstats: split stats_dump_info_to_buffer() in two parts - MINOR: dumpstats: split stats_dump_fe_stats() in two parts - MINOR: dumpstats: split stats_dump_li_stats() in two parts - MINOR: dumpstats: split stats_dump_sv_stats() in two parts - MINOR: dumpstats: split stats_dump_be_stats() in two parts - MINOR: lua: dump general info - MINOR: lua: add class proxy - MINOR: lua: add class server - MINOR: lua: add class listener - BUG/MEDIUM: stick-tables: some sample-fetch doesn't work in the connection state. - MEDIUM: proxy: use dynamic allocation for error dumps - CLEANUP: remove unneeded casts - CLEANUP: uniformize last argument of malloc/calloc - DOC: fix "needed" typo - BUG/MINOR: dumpstats: fix write to global chunk - BUG/MINOR: dns: inapropriate way out after a resolution timeout - BUG/MINOR: dns: trigger a DNS query type change on resolution timeout - CLEANUP: proto_http: few corrections for gcc warnings. - BUG/MINOR: DNS: resolution structure change - BUG/MINOR : allow to log cookie for tarpit and denied request - BUG/MEDIUM: ssl: rewind the BIO when reading certificates - OPTIM/MINOR: session: abort if possible before connecting to the backend - DOC: http: rename the unique-id sample and add the documentation - BUG/MEDIUM: trace.c: rdtsc() is defined in two files - BUG/MEDIUM: channel: fix miscalculation of available buffer space (2nd try) - BUG/MINOR: server: risk of over reading the pref_net array. - BUG/MINOR: cfgparse: couple of small memory leaks. - BUG/MEDIUM: sample: initialize the pointer before parse_binary call. - DOC: fix discrepancy in the example for http-request redirect - MINOR: acl: Add predefined METH_DELETE, METH_PUT - CLEANUP: .gitignore cleanup - DOC: Clarify IPv4 address / mask notation rules - CLEANUP: fix inconsistency between fd->iocb, proto->accept and accept() - BUG/MEDIUM: fix maxaccept computation on per-process listeners - BUG/MINOR: listener: stop unbound listeners on startup - BUG/MINOR: fix maxaccept computation according to the frontend process range - TESTS: add blocksig.c to run tests with all signals blocked - MEDIUM: unblock signals on startup. - MINOR: filters: Print the list of existing filters during HA startup - MINOR: filters: Typo in an error message - MINOR: filters: Filters must define the callbacks struct during config parsing - DOC: filters: Add filters documentation - BUG/MEDIUM: channel: don't allow to overwrite the reserve until connected - BUG/MEDIUM: channel: incorrect polling condition may delay event delivery - BUG/MEDIUM: channel: fix miscalculation of available buffer space (3rd try) - BUG/MEDIUM: log: fix risk of segfault when logging HTTP fields in TCP mode - MINOR: Add ability for agent-check to set server maxconn - CLEANUP: Use server_parse_maxconn_change_request for maxconn CLI updates - MINOR: filters: add opaque data - BUG/MEDIUM: lua: protects the upper boundary of the argument list for converters/fetches. - MINOR: lua: migrate the argument mask to 64 bits type. - BUG/MINOR: dumpstats: Fix the "Total bytes saved" counter in backends stats - BUG/MINOR: log: fix a typo that would cause %HP to log <BADREQ> - BUG/MEDIUM: http: fix incorrect reporting of server errors - MINOR: channel: add new function channel_congested() - BUG/MEDIUM: http: fix risk of CPU spikes with pipelined requests from dead client - BUG/MAJOR: channel: fix miscalculation of available buffer space (4th try) - BUG/MEDIUM: stream: ensure the SI_FL_DONT_WAKE flag is properly cleared - BUG/MEDIUM: channel: fix inconsistent handling of 4GB-1 transfers - BUG/MEDIUM: stats: show servers state may show an empty or incomplete result - BUG/MEDIUM: stats: show backend may show an empty or incomplete result - MINOR: stats: fix typo in help messages - MINOR: stats: show stat resolvers missing in the help message - BUG/MINOR: dns: fix DNS header definition - BUG/MEDIUM: dns: fix alignment issue when building DNS queries - CLEANUP: don't ignore scripts in .gitignore - BUILD: add a few release and backport scripts in scripts/ |
||
David Carlier
|
840b0240bc |
MINOR: da: Using ARG12 macro for the sample fetch and the convertor.
Regarding the minor update introduced in the
|
||
Willy Tarreau
|
8234f6dae8 |
[RELEASE] Released version 1.7-dev2
Released version 1.7-dev2 with the following main changes : - DOC: lua: fix lua API - DOC: mailers: typo in 'hostname' description - DOC: compression: missing mention of libslz for compression algorithm - BUILD/MINOR: regex: missing header - BUG/MINOR: stream: bad return code - DOC: lua: fix somme errors and add implicit types - MINOR: lua: add set/get priv for applets - BUG/MINOR: http: fix several off-by-one errors in the url_param parser - BUG/MINOR: http: Be sure to process all the data received from a server - MINOR: filters/http: Use a wrapper function instead of stream_int_retnclose - BUG/MINOR: chunk: make chunk_dup() always check and set dst->size - DOC: ssl: fixed some formatting errors in crt tag - MINOR: chunks: ensure that chunk_strcpy() adds a trailing zero - MINOR: chunks: add chunk_strcat() and chunk_newstr() - MINOR: chunk: make chunk_initstr() take a const string - MEDIUM: tools: add csv_enc_append() to preserve the original chunk - MINOR: tools: make csv_enc_append() always start at the first byte of the chunk - MINOR: lru: new function to delete <nb> least recently used keys - DOC: add Ben Shillito as the maintainer of 51d - BUG/MINOR: 51d: Ensures a unique domain for each configuration - BUG/MINOR: 51d: Aligns Pattern cache implementation with HAProxy best practices. - BUG/MINOR: 51d: Releases workset back to pool. - BUG/MINOR: 51d: Aligned const pointers to changes in 51Degrees. - CLEANUP: 51d: Aligned if statements with HAProxy best practices and removed casts from malloc. - MINOR: rename master process name in -Ds (systemd mode) - DOC: fix a few spelling mistakes - DOC: fix "workaround" spelling - BUG/MINOR: examples: Fixing haproxy.spec to remove references to .cfg files - MINOR: fix the return type for dns_response_get_query_id() function - MINOR: server state: missing LF (\n) on error message printed when parsing server state file - BUG/MEDIUM: dns: no DNS resolution happens if no ports provided to the nameserver - BUG/MAJOR: servers state: server port is erased when dns resolution is enabled on a server - BUG/MEDIUM: servers state: server port is used uninitialized - BUG/MEDIUM: config: Adding validation to stick-table expire value. - BUG/MEDIUM: sample: http_date() doesn't provide the right day of the week - BUG/MEDIUM: channel: fix miscalculation of available buffer space. - MEDIUM: pools: add a new flag to avoid rounding pool size up - BUG/MEDIUM: buffers: do not round up buffer size during allocation - BUG/MINOR: stream: don't force retries if the server is DOWN - BUG/MINOR: counters: make the sc-inc-gpc0 and sc-set-gpt0 touch the table - MINOR: unix: don't mention free ports on EAGAIN - BUG/CLEANUP: CLI: report the proper field states in "show sess" - MINOR: stats: send content-length with the redirect to allow keep-alive - BUG: stream_interface: Reuse connection even if the output channel is empty - DOC: remove old tunnel mode assumptions - BUG/MAJOR: http-reuse: fix risk of orphaned connections - BUG/MEDIUM: http-reuse: do not share private connections across backends - BUG/MINOR: ssl: Be sure to use unique serial for regenerated certificates - BUG/MINOR: stats: fix missing comma in stats on agent drain - MAJOR: filters: Add filters support - MINOR: filters: Do not reset stream analyzers if the client is gone - REORG: filters: Prepare creation of the HTTP compression filter - MAJOR: filters/http: Rewrite the HTTP compression as a filter - MEDIUM: filters: Use macros to call filters callbacks to speed-up processing - MEDIUM: filters: remove http_start_chunk, http_last_chunk and http_chunk_end - MEDIUM: filters: Replace filter_http_headers callback by an analyzer - MEDIUM: filters/http: Move body parsing of HTTP messages in dedicated functions - MINOR: filters: Add stream_filters structure to hide filters info - MAJOR: filters: Require explicit registration to filter HTTP body and TCP data - MINOR: filters: Remove unused or useless stuff and do small optimizations - MEDIUM: filters: Optimize the HTTP compression for chunk encoded response - MINOR: filters/http: Slightly update the parsing of chunks - MINOR: filters/http: Forward remaining data when a channel has no "data" filters - MINOR: filters: Add an filter example - MINOR: filters: Extract proxy stuff from the struct filter - MINOR: map: Add regex matching replacement - BUG/MINOR: lua: unsafe initialization - DOC: lua: fix somme errors - MINOR: lua: file dedicated to unsafe functions - MINOR: lua: add "now" time function - MINOR: standard: add RFC HTTP date parser - MINOR: lua: Add date functions - MINOR: lua: move common function - MINOR: lua: merge function - MINOR: lua: Add concat class - MINOR: standard: add function "escape_chunk" - MEDIUM: log: add a new log format flag "E" - DOC: add server name at rate-limit sessions example - BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation - BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation - DOC: LUA: fix some typos and syntax errors - MINOR: cli: add a new "show env" command - MEDIUM: config: allow to manipulate environment variables in the global section - MEDIUM: cfgparse: reject incorrect 'timeout retry' keyword spelling in resolvers - MINOR: mailers: increase default timeout to 10 seconds - MINOR: mailers: use <CRLF> for all line endings - BUG/MAJOR: lua: segfault using Concat object - DOC: lua: copyrights - MINOR: common: mask conversion - MEDIUM: dns: extract options - MEDIUM: dns: add a "resolve-net" option which allow to prefer an ip in a network - MINOR: mailers: make it possible to configure the connection timeout - BUG/MAJOR: lua: applets can't sleep. - BUG/MINOR: server: some prototypes are renamed - BUG/MINOR: lua: Useless copy - BUG/MEDIUM: stats: stats bind-process doesn't propagate the process mask correctly - BUG/MINOR: server: fix the format of the warning on address change - CLEANUP: server: add "const" to some message strings - MINOR: server: generalize the "updater" source - BUG/MEDIUM: chunks: always reject negative-length chunks - BUG/MINOR: systemd: ensure we don't miss signals - BUG/MINOR: systemd: report the correct signal in debug message output - BUG/MINOR: systemd: propagate the correct signal to haproxy - MINOR: systemd: ensure a reload doesn't mask a stop - BUG/MEDIUM: cfgparse: wrong argument offset after parsing server "sni" keyword - CLEANUP: stats: Avoid computation with uninitialized bits. - CLEANUP: pattern: Ignore unknown samples in pat_match_ip(). - CLEANUP: map: Avoid memory leak in out-of-memory condition. - BUG/MINOR: tcpcheck: fix incorrect list usage resulting in failure to load certain configs - BUG/MAJOR: samples: check smp->strm before using it - MINOR: sample: add a new helper to initialize the owner of a sample - MINOR: sample: always set a new sample's owner before evaluating it - BUG/MAJOR: vars: always retrieve the stream and session from the sample - CLEANUP: payload: remove useless and confusing nullity checks for channel buffer - BUG/MINOR: ssl: fix usage of the various sample fetch functions - MINOR: stats: create fields types suitable for all CSV output data - MINOR: stats: add all the "show info" fields in a table - MEDIUM: stats: fill all the show info elements prior to displaying them - MINOR: stats: add a function to emit fields into a chunk - MINOR: stats: add stats_dump_info_fields() to dump one field per line - MEDIUM: stats: make use of stats_dump_info_fields() for "show info" - MINOR: stats: add a declaration of all stats fields - MINOR: stats: don't hard-code the CSV fields list anymore - MINOR: stats: create stats fields storage and CSV dump function - MEDIUM: stats: convert stats_dump_fe_stats() to use stats_dump_fields_csv() - MEDIUM: stats: make stats_dump_fe_stats() use stats fields for HTML dump - MEDIUM: stats: convert stats_dump_li_stats() to use stats_dump_fields_csv() - MEDIUM: stats: make stats_dump_li_stats() use stats fields for HTML dump - MEDIUM: stats: convert stats_dump_be_stats() to use stats_dump_fields_csv() - MEDIUM: stats: make stats_dump_be_stats() use stats fields for HTML dump - MEDIUM: stats: convert stats_dump_sv_stats() to use stats_dump_fields_csv() - MEDIUM: stats: make stats_dump_sv_stats() use the stats field for HTML - MEDIUM: stats: move the server state coloring logic to the server dump function - MINOR: stats: do not use srv->admin & STATS_ADMF_MAINT in HTML dumps - MINOR: stats: do not check srv->state for SRV_ST_STOPPED in HTML dumps - MINOR: stats: make CSV report server check status only when enabled - MINOR: stats: only report backend's down time if it has servers - MINOR: stats: prepend '*' in front of the check status when in progress - MINOR: stats: make HTML stats dump rely on the table for the check status - MINOR: stats: add agent_status, agent_code, agent_duration to output - MINOR: stats: add check_desc and agent_desc to the output fields - MINOR: stats: add check and agent's health values in the output - MEDIUM: stats: make the HTML server state dump use the CSV states - MEDIUM: stats: only report observe errors when observe is set - MEDIUM: stats: expose the same flags for CLI and HTTP accesses - MEDIUM: stats: report server's address in the CSV output - MEDIUM: stats: report the cookie value in the server & backend CSV dumps - MEDIUM: stats: compute the color code only in the HTML form - MEDIUM: stats: report the listeners' address in the CSV output - MEDIUM: stats: make it possible to report the WAITING state for listeners - REORG: stats: dump the frontend's HTML stats via a generic function - REORG: stats: dump the socket stats via the generic function - REORG: stats: dump the server stats via the generic function - REORG: stats: dump the backend stats via the generic function - MEDIUM: stats: add a new "mode" column to report the proxy mode - MINOR: stats: report the load balancing algorithm in CSV output - MINOR: stats: add 3 fields to report the frontend-specific connection stats - MINOR: stats: report number of intercepted requests for frontend and backends - MINOR: stats: introduce stats_dump_one_line() to dump one stats line - CLEANUP: stats: make stats_dump_fields_html() not rely on proxy anymore - MINOR: stats: add ST_SHOWADMIN to pass the admin info in the regular flags - MINOR: stats: make stats_dump_fields_html() not use &trash by default - MINOR: stats: add functions to emit typed fields into a chunk - MEDIUM: stats: support "show info typed" on the CLI - MEDIUM: stats: implement a typed output format for stats - DOC: document the "show info typed" and "show stat typed" output formats - MINOR: cfgparse: warn when uid parameter is not a number - MINOR: cfgparse: warn when gid parameter is not a number - BUG/MINOR: standard: Avoid free of non-allocated pointer - BUG/MINOR: pattern: Avoid memory leak on out-of-memory condition - CLEANUP: http: fix a build warning introduced by a recent fix - BUG/MINOR: log: GMT offset not updated when entering/leaving DST |
||
Ben Shillito
|
a7bbdd9559 | DOC: Edited 51Degrees section of README/ | ||
Jerome Duval
|
38932c391c | BUILD: add Haiku as supported target. | ||
David Carlier
|
a124693ba0 |
DOC: deviceatlas: more example use cases.
In addition of adding additional headers examples, some examples of defining an ACL. |
||
Willy Tarreau
|
991b47831a |
[RELEASE] Released version 1.7-dev0
Released version 1.7-dev0 with the following main changes : - exact copy of 1.6.0 |
||
Willy Tarreau
|
844028bb11 |
[RELEASE] Released version 1.6.0
Released version 1.6.0 with the following main changes : - BUG/MINOR: Handle interactive mode in cli handler - DOC: global section missing parameters - DOC: backend section missing parameters - DOC: stats paramaters available in frontend - MINOR: lru: do not allocate useless memory in lru64_lookup - BUG/MINOR: http: Add OPTIONS in supported http methods (found by find_http_meth) - BUG/MINOR: ssl: fix management of the cache where forged certificates are stored - MINOR: ssl: Release Servers SSL context when HAProxy is shut down - MINOR: ssl: Read the file used to generate certificates in any order - MINOR: ssl: Add support for EC for the CA used to sign generated certificates - MINOR: ssl: Add callbacks to set DH/ECDH params for generated certificates - BUG/MEDIUM: logs: fix time zone offset format in RFC5424 - BUILD: Fix the build on OSX (htonll/ntohll) - BUILD: enable build on Linux/s390x - BUG/MEDIUM: lua: direction test failed - MINOR: lua: fix a spelling error in some error messages - CLEANUP: cli: ensure we can never double-free error messages - BUG/MEDIUM: lua: force server-close mode on Lua services - MEDIUM: init: support more command line arguments after pid list - MEDIUM: init: support a list of files on the command line - MINOR: debug: enable memory poisonning to use byte 0 - BUILD: ssl: fix build error introduced by recent commit - BUG/MINOR: config: make the stats socket pass the correct proxy to the parsers - MEDIUM: server: implement TCP_USER_TIMEOUT on the server - DOC: mention the "namespace" options for bind and server lines - DOC: add the "management" documentation - DOC: move the stats socket documentation from config to management - MINOR: examples: update haproxy.spec to mention new docs - DOC: mention management.txt in README - DOC: remove haproxy-{en,fr}.txt - BUILD: properly report when USE_ZLIB and USE_SLZ are used together - MINOR: init: report use of libslz instead of "no compression" - CLEANUP: examples: remove some obsolete and confusing files - CLEANUP: examples: remove obsolete configuration file samples - CLEANUP: examples: fix the example file content-sw-sample.cfg - CLEANUP: examples: update sample file option-http_proxy.cfg - CLEANUP: examples: update sample file ssl.cfg - CLEANUP: tests: move a test file from examples/ to tests/ - CLEANUP: examples: shut up warnings in transparent proxy example - CLEANUP: tests: removed completely obsolete test files - DOC: update ROADMAP to remove what was done in 1.6 - BUG/MEDIUM: pattern: fixup use_after_free in the pat_ref_delete_by_id |
||
Willy Tarreau
|
373933df1b |
DOC: mention management.txt in README
and in intro.txt as well. Remove references to haproxy-{en,fr}.txt. |
||
Willy Tarreau
|
e7ae656cf7 |
[RELEASE] Released version 1.6-dev6
Released version 1.6-dev6 with the following main changes : - BUG/MAJOR: can't enable a server through the stat socket - MINOR: server: Macro definition for server-state - MINOR: cli: new stats socket command: show servers state - DOC: stats socket command: show servers state - MINOR: config: new global directive server-state-base - DOC: global directive server-state-base - MINOR: config: new global section directive: server-state-file - DOC: new global directive: server-state-file - MINOR: config: new backend directives: load-server-state-from-file and server-state-file-name - DOC: load-server-state-from-file - MINOR: init: server state loaded from file - MINOR: server: startup slowstart task when using seamless reload of HAProxy - MINOR: cli: new stats socket command: show backend - DOC: servers state seamless reload example - BUG: dns: can't connect UDP socket on FreeBSD - MINOR: cfgparse: New function cfg_unregister_sections() - MINOR: chunk: New function free_trash_buffers() - BUG/MEDIUM: main: Freeing a bunch of static pointers - MINOR: proto_http: Externalisation of previously internal functions - MINOR: global: Few new struct fields for da module - MAJOR: da: Update of the DeviceAtlas API module - DOC: DeviceAtlas new keywords - DOC: README: DeviceAtlas sample configuration updates - MEDIUM: log: replace sendto() with sendmsg() in __send_log() - MEDIUM: log: use a separate buffer for the header and for the message - MEDIUM: logs: remove the hostname, tag and pid part from the logheader - MEDIUM: logs: add support for RFC5424 header format per logger - MEDIUM: logs: add a new RFC5424 log-format for the structured-data - DOC: mention support for the RFC5424 syslog message format - MEDIUM: logs: have global.log_send_hostname not contain the trailing space - MEDIUM: logs: pass the trailing "\n" as an iovec - BUG/MEDIUM: peers: some table updates are randomly not pushed. - BUG/MEDIUM: peers: same table updates re-pushed after a re-connect - BUG/MINOR: fct peer_prepare_ackmsg should not use trash. - MINOR: http: made CHECK_HTTP_MESSAGE_FIRST accessible to other functions - MINOR: global: Added new fields for 51Degrees device detection - DOC: Added more explanation for 51Degrees V3.2 - BUILD: Changed 51Degrees option to support V3.2 - MAJOR: 51d: Upgraded to support 51Degrees V3.2 and new features - MINOR: 51d: Improved string handling for LRU cache - DOC: add references to rise/fall for the fastinter explanation - MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD - BUG/MAJOR: lua: potential unexpected aborts() - BUG/MINOR: lua: breaks the log message if his size exceed one buffer - MINOR: action: add private configuration - MINOR: action: add reference to the original keywork matched for the called parser. - MINOR: lua: change actions registration - MEDIUM: proto_http: smp_prefetch_http initialize txn - MINOR: channel: rename function chn_sess to chn_strm - CLEANUP: lua: align defines - MINOR: http: export http_get_path() function - MINOR: http: export the get_reason() function - MINOR: http: export function http_msg_analyzer() - MINOR: http: split initialization - MINOR: lua: reset pointer after use - MINOR: lua: identify userdata objects - MEDIUM: lua: use the function lua_rawset in place of lua_settable - BUG/MAJOR: lua: segfault after the channel data is modified by some Lua action. - CLEANUP: lua: use calloc in place of malloc - BUG/MEDIUM: lua: longjmp function must be unregistered - BUG/MEDIUM: lua: forces a garbage collection - BUG/MEDIUM: lua: wakeup task on bad conditions - MINOR: standard: avoid DNS resolution from the function str2sa_range() - MINOR: lua: extend socket address to support non-IP families - MINOR: lua/applet: the cosocket applet should use appctx_wakeup in place of task_wakeup - BUG/MEDIUM: lua: socket destroy before reading pending data - MEDIUM: lua: change the GC policy - OPTIM/MEDIUM: lua: executes the garbage collector only when using cosocket - BUG/MEDIUM: lua: don't reset undesired flags in hlua_ctx_resume - MINOR: applet: add init function - MINOR: applet: add an execution timeout - MINOR: stream/applet: add use-service action - MINOR: lua: add AppletTCP class and service - MINOR: lua: add AppletHTTP class and service - DOC: lua: some documentation update - DOC: add the documentation about internal circular lists - DOC: add a CONTRIBUTING file - DOC: add a MAINTAINERS file - BUG/MAJOR: peers: fix a crash when stopping peers on unbound processes - DOC: update coding-style to reference checkpatch.pl - BUG/MEDIUM: stick-tables: fix double-decrement of tracked entries - BUG/MINOR: args: add name for ARGT_VAR - DOC: add more entries to MAINTAINERS - DOC: add more entries to MAINTAINERS - CLEANUP: stream-int: remove obsolete function si_applet_call() - BUG/MAJOR: cli: do not dereference strm_li()->proto->name - BUG/MEDIUM: http: do not dereference strm_li(stream) - BUG/MEDIUM: proxy: do not dereference strm_li(stream) - BUG/MEDIUM: stream: do not dereference strm_li(stream) - MINOR: stream-int: use si_release_endpoint() to close idle conns - BUG/MEDIUM: payload: make req.payload and payload_lv aware of dynamic buffers - BUG/MEDIUM: acl: always accept match "found" - MINOR: applet: rename applet_runq to applet_active_queue - BUG/MAJOR: applet: use a separate run queue to maintain list integrity - MEDIUM: stream-int: split stream_int_update_conn() into si- and conn-specific parts - MINOR: stream-int: implement a new stream_int_update() function - MEDIUM: stream-int: factor out the stream update functions - MEDIUM: stream-int: call stream_int_update() from si_update() - MINOR: stream-int: export stream_int_update_* - MINOR: stream-int: move the applet_pause call out of the stream updates - MEDIUM: stream-int: clean up the conditions to enable reading in si_conn_wake_cb - MINOR: stream-int: implement the stream_int_notify() function - MEDIUM: stream-int: use the same stream notification function for applets and conns - MEDIUM: stream-int: completely remove stream_int_update_embedded() - MINOR: stream-int: rename si_applet_done() to si_applet_wake_cb() - BUG/MEDIUM: applet: fix reporting of broken write situation - BUG/MINOR: stats: do not call cli_release_handler 3 times - BUG/MEDIUM: cli: properly handle closed output - MINOR: cli: do not call the release handler on internal error. - BUG/MEDIUM: stream-int: avoid double-call to applet->release - DEBUG: add p_malloc() to return a poisonned memory area - CLEANUP: lua: remove unneeded memset(0) after calloc() - MINOR: lua: use the proper applet wakeup mechanism - BUG/MEDIUM: lua: better fix for the protocol check - BUG/MEDIUM: lua: properly set the target on the connection - MEDIUM: actions: pass a new "flags" argument to custom actions - MEDIUM: actions: add new flag ACT_FLAG_FINAL to notify about last call - MEDIUM: http: pass ACT_FLAG_FINAL to custom actions - MEDIUM: lua: only allow actions to yield if not in a final call - DOC: clarify how to make use of abstract sockets in socat - CLEANUP: config: make the errorloc/errorfile messages less confusing - MEDIUM: action: add a new flag ACT_FLAG_FIRST - BUG/MINOR: config: check that tune.bufsize is always positive - MEDIUM: config: set tune.maxrewrite to 1024 by default - DOC: add David Carlier as maintainer of da.c - DOC: fix some broken unexpected unicode chars in the Lua doc. - BUG/MEDIUM: proxy: ignore stopped peers - BUG/MEDIUM: proxy: do not wake stopped proxies' tasks during soft_stop() - MEDIUM: init: completely deallocate unused peers - BUG/MEDIUM: tcp: fix inverted condition to call custom actions - DOC: remove outdated actions lists on tcp-request/response - MEDIUM: tcp: add new tcp action "silent-drop" - DOC: add URLs to optional libraries in the README |
||
Willy Tarreau
|
a8fc8a2529 |
DOC: add URLs to optional libraries in the README
It's nice to suggest people how to build with certain libraries but it's nicer to tell them where to fetch them. |
||
David Carlier
|
00d7d61f0c |
DOC: README: DeviceAtlas sample configuration updates
Needs to distinguish the convertor and the fetch type samples. More explanations are made about their specific purposes. |
||
James Rosewell
|
a0c4c69b67 |
DOC: Added more explanation for 51Degrees V3.2
Changed examples to demonstrate the the new fetch and conv methods available with the enhancements made in version 3.2 of 51Degrees. Added reference to the accuracy indicators available with Pattern detection method. |
||
Willy Tarreau
|
11e334d972 |
DOC: add a CONTRIBUTING file
This file tries to explain in the most detailed way how to contribute patches. A few parts of it were moved from the README. .gitignore was updated. |
||
Willy Tarreau
|
61d301fbfb |
[RELEASE] Released version 1.6-dev4
Released version 1.6-dev4 with the following main changes : - MINOR: log: Add log-format variable %HQ, to log HTTP query strings - DOC: typo in 'redirect', 302 code meaning - DOC: typos in tcp-check expect examples - DOC: resolve-prefer default value and default-server update - MINOR: DNS counters: increment valid counter - BUG/MEDIUM: DNS resolution response parsing broken - MINOR: server: add new SRV_ADMF_CMAINT flag - MINOR: server SRV_ADMF_CMAINT flag doesn't imply SRV_ADMF_FMAINT - BUG/MEDIUM: dns: wrong first time DNS resolution - BUG/MEDIUM: lua: Lua tasks fail to start. - BUILD: add USE_LUA to BUILD_OPTIONS when it's used - DOC/MINOR: fix OpenBSD versions where haproxy works - MINOR: 51d: unable to start haproxy without "51degrees-data-file" - BUG/MEDIUM: peers: fix wrong message id on stick table updates acknowledgement. - BUG/MAJOR: peers: fix current table pointer not re-initialized on session release. - BUILD: ssl: Allow building against libssl without SSLv3. - DOC: clarify some points about SSL and the proxy protocol - DOC: mention support for RFC 5077 TLS Ticket extension in starter guide - BUG/MEDIUM: mailer: DATA part must be terminated with <CRLF>.<CRLF> - DOC: match several lua configuration option names to those implemented in code - MINOR cfgparse: Correct the mailer warning text to show the right names to the user - BUG/MINOR: ssl: TLS Ticket Key rotation broken via socket command - MINOR: stream: initialize the current_rule field to NULL on stream init - BUG/MEDIUM: lua: timeout error with converters, wrapper and actions. - CLEANUP: proto_http: remove useless initialisation - CLEANUP: http/tcp actions: remove the scope member - BUG/MINOR: proto_tcp: custom action continue is ignored - MINOR: proto_tcp: add session in the action prototype - MINOR: vars: reduce the code size of some wrappers - MINOR: Move http method enum from proto_http to sample - MINOR: sample: Add ipv6 to ipv4 and sint to ipv6 casts - MINOR: sample/proto_tcp: export "smp_fetch_src" - MEDIUM: cli: rely on the map's output type instead of the sample type - BUG/MEDIUM: stream: The stream doen't inherit SC from the session - BUG/MEDIUM: vars: segfault during the configuration parsing - BUG/MEDIUM: stick-tables: refcount error after copying SC for the session to the stream - BUG/MEDIUM: lua: bad error processing - MINOR: samples: rename a struct from sample_storage to sample_data - MINOR: samples: rename some struct member from "smp" to "data" - MEDIUM: samples: Use the "struct sample_data" in the "struct sample" - MINOR: samples: extract the anonymous union and create the union sample_value - MINOR: samples: rename union from "data" to "u" - MEDIUM: 51degrees: Adapt the 51Degrees library - MINOR: samples: data assignation simplification - MEDIUM: pattern/map: Maps can returns various types - MINOR: map: The map can return IPv4 and IPv6 - MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs - MINOR: actions: Remove the data opaque pointer - MINOR: lua: use the hlua_rule type in place of opaque type - MINOR: vars: use the vars types as argument in place of opaque type - MINOR: proto_http: use an "expr" type in place of generic opaque type. - MINOR: proto_http: replace generic opaque types by real used types for the actions on thr request line - MINOR: proto_http: replace generic opaque types by real used types in "http_capture" - MINOR: proto_http: replace generic opaque types by real used types in "http_capture" by id - MEDIUM: track-sc: Move the track-sc configuration storage in the union - MEDIUM: capture: Move the capture configuration storage in the union - MINOR: actions: add "from" information - MINOR: actions: remove the mark indicating the last entry in enum - MINOR: actions: Declare all the embedded actions in the same header file - MINOR: actions: change actions names - MEDIUM: actions: Add standard return code for the action API - MEDIUM: actions: Merge (http|tcp)-(request|reponse) keywords structs - MINOR: proto_tcp: proto_tcp.h is now useles - MINOR: actions: mutualise the action keyword lookup - MEDIUM: actions: Normalize the return code of the configuration parsers - MINOR: actions: Remove wrappers - MAJOR: stick-tables: use sample types in place of dedicated types - MEDIUM: stick-tables: use the sample type names - MAJOR: stick-tables: remove key storage from the key struct - MEDIUM: stick-tables: Add GPT0 in the stick tables - MINOR: stick-tables: Add GPT0 access - MINOR: stick-tables: Add GPC0 actions - BUG/MEDIUM: lua: the lua fucntion Channel:close() causes a segfault - DOC: ssl: missing LF - MINOR: lua: add core.done() function - DOC: fix function name - BUG/MINOR: lua: in some case a sample may remain undefined - DOC: fix "http_action_set_req_line()" comments - MINOR: http: Action for manipulating the returned status code. - MEDIUM: lua: turns txn:close into txn:done - BUG/MEDIUM: lua: cannot process more Lua hooks after a "done()" function call - BUILD: link with libdl if needed for Lua support - CLEANUP: backend: factor out objt_server() in connect_server() - MEDIUM: backend: don't call si_alloc_conn() when we reuse a valid connection - MEDIUM: stream-int: simplify si_alloc_conn() - MINOR: stream-int: add new function si_detach_endpoint() - MINOR: server: add a list of private idle connections - MINOR: connection: add a new list member in the connection struct - MEDIUM: stream-int: queue idle connections at the server - MINOR: stream-int: make si_idle_conn() only accept valid connections - MINOR: server: add a list of already used idle connections - MINOR: connection: add a new flag CO_FL_PRIVATE - MINOR: config: add new setting "http-reuse" - MAJOR: backend: initial work towards connection reuse - MAJOR: backend: improve the connection reuse mechanism - MEDIUM: backend: implement "http-reuse safe" - MINOR: server: add a list of safe, already reused idle connections - MEDIUM: backend: add the "http-reuse aggressive" strategy - DOC: document the new http-reuse directive - DOC: internals: document next steps for HTTP connection reuse - DOC: mention that %ms is left-padded with zeroes. - MINOR: init: indicate to check 'bind' lines when no listeners were found. - MAJOR: http: remove references to appsession - CLEANUP: config: remove appsession initialization - CLEANUP: appsession: remove appsession.c and sessionhash.c - CLEANUP: tests: remove sessionhash_test.c and test-cookie-appsess.cfg - CLEANUP: proxy: remove last references to appsession - CLEANUP: appsession: remove the last include files - DOC: remove documentation about appsession - CLEANUP: .gitignore: ignore more test files - CLEANUP: .gitignore: finally ignore everything but what is known. - MEDIUM: config: emit a warning on a frontend without listener - DOC: add doc/internals/entities-v2.txt - DOC: add doc/linux-syn-cookies.txt - DOC: add design thoughts on HTTP/2 - DOC: add some thoughts on connection sharing for HTTP/2 - DOC: add design thoughts on dynamic buffer allocation - BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 creates a missing entry - DOC: add new file intro.txt - MAJOR: tproxy: remove support for cttproxy - BUG/MEDIUM: lua: outgoing connection was broken since 1.6-dev2 - DOC: lua: replace txn:close with txn:done in lua-api - DOC: intro: minor updates and fixes - DOC: intro: fix too long line. - DOC: fix example of http-request using ssl_fc_session_id - BUG/MEDIUM: lua: txn:done() still causes a segfault in TCP mode - CLEANUP: lua: fix some indent issues - BUG/MEDIUM: lua: fix a segfault in txn:done() if called twice - DOC: lua: mention than txn:close was renamed txn:done. |
||
Willy Tarreau
|
d8e42b6b3a |
DOC: add new file intro.txt
This is an introduction to present HAProxy. The aim is to get rid of the totally obsolete haproxy-en and haproxy-fr files. This file references another one which is not there yet and which should cover the remaining part of these obsolete files, which is how to manage the process. The format is the same as the other docs so it should integrate seamlessly to existing docs. |
||
Daniel Jakots
|
17d228be14 | DOC/MINOR: fix OpenBSD versions where haproxy works | ||
Willy Tarreau
|
50bdda6e51 |
[RELEASE] Released version 1.6-dev3
Released version 1.6-dev3 with the following main changes : - CLEANUP: sample: generalize sample_fetch_string() as sample_fetch_as_type() - MEDIUM: http: Add new 'set-src' option to http-request - DOC usesrc root privileges requirments - BUG/MINOR: dns: wrong time unit for some DNS default parameters - MINOR: proxy: bit field for proxy_find_best_match diff status - MINOR: server: new server flag: SRV_F_FORCED_ID - MINOR: server: server_find functions: id, name, best_match - DOC: dns: fix chapters syntax - BUILD/MINOR: tools: rename popcount to my_popcountl - BUILD: add netbsd TARGET - MEDIUM: 51Degrees code refactoring and cleanup - MEDIUM: 51d: add LRU-based cache on User-Agent string detection - DOC: add notes about the "51degrees-cache-size" parameter - BUG/MEDIUM: 51d: possible incorrect operations on smp->data.str.str - BUG/MAJOR: connection: fix TLV offset calculation for proxy protocol v2 parsing - MINOR: Add sample fetch to detect Supported Elliptic Curves Extension - BUG/MINOR: payload: Add volatile flag to smp_fetch_req_ssl_ec_ext - BUG/MINOR: lua: type error in the arguments wrapper - CLEANUP: vars: remove unused struct - BUG/MINOR: http/sample: gmtime/localtime can fail - MINOR: standard: add 64 bits conversion functions - MAJOR: sample: converts uint and sint in 64 bits signed integer - MAJOR: arg: converts uint and sint in sint - MEDIUM: sample: switch to saturated arithmetic - MINOR: vars: returns variable content - MEDIUM: vars/sample: operators can use variables as parameter - BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id - BUILD/MINOR: lua: fix a harmless build warning - BUILD/MINOR: stats: fix build warning due to condition always true - BUG/MAJOR: lru: fix unconditional call to free due to unexpected semi-colon - BUG/MEDIUM: logs: fix improper systematic use of quotes with a few tags - BUILD/MINOR: lua: ensure that hlua_ctx_destroy is properly defined - BUG/MEDIUM: lru: fix possible memory leak when ->free() is used - MINOR: vars: make the accounting not depend on the stream - MEDIUM: vars: move the session variables to the session, not the stream - BUG/MEDIUM: vars: do not freeze the connection when the expression cannot be fetched - BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data - BUG/MAJOR: tcp: tcp rulesets were still broken - MINOR: stats: improve compression stats reporting - MINOR: ssl: make self-generated certs also work with raw IPv6 addresses - CLEANUP: ssl: make ssl_sock_generated_cert_serial() take a const - CLEANUP: ssl: make ssl_sock_generate_certificate() use ssl_sock_generated_cert_serial() - BUG/MINOR: log: missing some ARGC_* entries in fmt_directives() - MINOR: args: add new context for servers - MINOR: stream: maintain consistence between channel_forward and HTTP forward - MINOR: ssl: provide ia function to set the SNI extension on a connection - MEDIUM: ssl: add sni support on the server lines - CLEANUP: stream: remove a useless call to si_detach() - CLEANUP: stream-int: fix a few outdated comments about stream_int_register_handler() - CLEANUP: stream-int: remove stream_int_unregister_handler() and si_detach() - MINOR: stream-int: only use si_release_endpoint() to release a connection - MINOR: standard: provide htonll() and ntohll() - CLEANUP/MINOR: dns: dns_str_to_dn_label() only needs a const char - BUG/MAJOR: dns: fix the length of the string to be copied |
||
Dragan Dosen
|
ae6d39af9c | DOC: add notes about the "51degrees-cache-size" parameter | ||
Dragan Dosen
|
93b38d9191 |
MEDIUM: 51Degrees code refactoring and cleanup
Moved 51Degrees code from src/haproxy.c, src/sample.c and src/cfgparse.c into a separate files src/51d.c and include/import/51d.h. Added two new functions init_51degrees() and deinit_51degrees(), updated Makefile and other code reorganizations related to 51Degrees. |
||
Willy Tarreau
|
ad90f0d1aa |
[RELEASE] Released version 1.6-dev2
Released version 1.6-dev2 with the following main changes :
- BUG/MINOR: ssl: Display correct filename in error message
- MEDIUM: logs: Add HTTP request-line log format directives
- BUG/MEDIUM: check: tcpcheck regression introduced by
|
||
Willy Tarreau
|
82bd42e27a |
BUILD: make DeviceAtlas easier to build by defaulting to DEVICEATLAS_SRC
Since both DEVICEATLAS_INC and DEVICEATLAS_LIB are set to the same path when building from sources, simply allow DEVICEATLAS_SRC to be set alone to simplify the build procedure. |
||
Willy Tarreau
|
c7203c7a5a |
BUILD: make 51D easier to build by defaulting to 51DEGREES_SRC
Till now 3 paths were needed, 51DEGREES_SRC, 51DEGREES_INC, and 51DEGREES_LIB. Let's make the last two default to 51DEGREES_SRC since it's the same location, and fix the doc to reflect this (all three were documented but inconsistently). |
||
Thomas Holmes
|
f95aaf6af1 | DOC: add build indications for 51Degrees to README. | ||
David Carlier
|
b5efa0149f |
DOC: README: explain how to build with DeviceAtlas
This diff is related to the additional documentation in order to build the DeviceAtlas module and in addition with an example of a basic configuration. |
||
Willy Tarreau
|
418b8c0c41 |
MAJOR: compression: integrate support for libslz
This library is designed to emit a zlib-compatible stream with no memory usage and to favor resource savings over compression ratio. While zlib requires 256 kB of RAM per compression context (and can only support 4000 connections per GB of RAM), the stateless compression offered by libslz does not need to retain buffers between subsequent calls. In theory this slightly reduces the compression ratio but in practice it does not have that much of an effect since the zlib window is limited to 32kB. Libslz is available at : http://git.1wt.eu/web?p=libslz.git It was designed for web compression and provides a lot of savings over zlib in haproxy. Here are the preliminary results on a single core of a core2-quad 3.0 GHz in 32-bit for only 300 concurrent sessions visiting the home page of www.haproxy.org (76 kB) with the default 16kB buffers : BW In BW Out BW Saved Ratio memory VSZ/RSS zlib 237 Mbps 92 Mbps 145 Mbps 2.58 84M / 69M slz 733 Mbps 380 Mbps 353 Mbps 1.93 5.9M / 4.2M So while the compression ratio is lower, the bandwidth savings are much more important due to the significantly lower compression cost which allows to consume even more data from the servers. In the example above, zlib became the bottleneck at 24% of the output bandwidth. Also the difference in memory usage is obvious. More tests run on a single core of a core i5-3320M, with 500 concurrent users and the default 16kB buffers : At 100% CPU (no limit) : BW In BW Out BW Saved Ratio memory VSZ/RSS hits/s zlib 480 Mbps 188 Mbps 292 Mbps 2.55 130M / 101M 744 slz 1700 Mbps 810 Mbps 890 Mbps 2.10 23.7M / 9.7M 2382 At 85% CPU (limited) : BW In BW Out BW Saved Ratio memory VSZ/RSS hits/s zlib 1240 Mbps 976 Mbps 264 Mbps 1.27 130M / 100M 1738 slz 1600 Mbps 976 Mbps 624 Mbps 1.64 23.7M / 9.7M 2210 The most important benefit really happens when the CPU usage is limited by "maxcompcpuusage" or the BW limited by "maxcomprate" : in order to preserve resources, haproxy throttles the compression ratio until usage is within limits. Since slz is much cheaper, the average compression ratio is much higher and the input bandwidth is quite higher for one Gbps output. Other tests made with some reference files : BW In BW Out BW Saved Ratio hits/s daniels.html zlib 1320 Mbps 163 Mbps 1157 Mbps 8.10 1925 slz 3600 Mbps 580 Mbps 3020 Mbps 6.20 5300 tv.com/listing zlib 980 Mbps 124 Mbps 856 Mbps 7.90 310 slz 3300 Mbps 553 Mbps 2747 Mbps 5.97 1100 jquery.min.js zlib 430 Mbps 180 Mbps 250 Mbps 2.39 547 slz 1470 Mbps 764 Mbps 706 Mbps 1.92 1815 bootstrap.min.css zlib 790 Mbps 165 Mbps 625 Mbps 4.79 777 slz 2450 Mbps 650 Mbps 1800 Mbps 3.77 2400 So on top of saving a lot of memory, slz is constantly 2.5-3.5 times faster than zlib and results in providing more savings for a fixed CPU usage. For links smaller than 100 Mbps, zlib still provides a better compression ratio, at the expense of a much higher CPU usage. Larger input files provide slightly higher bandwidth for both libs, at the expense of a bit more memory usage for zlib (it converges to 256kB per connection). |
||
Willy Tarreau
|
8747b6dbc8 |
[RELEASE] Released version 1.6-dev1
Released version 1.6-dev1 with the following main changes : - CLEANUP: extract temporary $CFG to eliminate duplication - CLEANUP: extract temporary $BIN to eliminate duplication - CLEANUP: extract temporary $PIDFILE to eliminate duplication - CLEANUP: extract temporary $LOCKFILE to eliminate duplication - CLEANUP: extract quiet_check() to avoid duplication - BUG/MINOR: don't start haproxy on reload - DOC: Address issue where documentation is excluded due to a gitignore rule. - BUG/MEDIUM: systemd: set KillMode to 'mixed' - BUILD: fix "make install" to support spaces in the install dirs - BUG/MINOR: config: http-request replace-header arg typo - BUG: config: error in http-response replace-header number of arguments - DOC: missing track-sc* in http-request rules - BUILD: lua: missing ifdef related to SSL when enabling LUA - BUG/MEDIUM: regex: fix pcre_study error handling - MEDIUM: regex: Use pcre_study always when PCRE is used, regardless of JIT - BUG/MINOR: Fix search for -p argument in systemd wrapper. - MEDIUM: Improve signal handling in systemd wrapper. - DOC: fix typo in Unix Socket commands - BUG/MEDIUM: checks: external checks can't change server status to UP - BUG/MEDIUM: checks: segfault with external checks in a backend section - BUG/MINOR: checks: external checks shouldn't wait for timeout to return the result - BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm - BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported - BUG/MINOR: config: don't propagate process binding for dynamic use_backend - BUG/MINOR: log: fix request flags when keep-alive is enabled - BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks - MINOR: checks: allow external checks in backend sections - MEDIUM: checks: provide environment variables to the external checks - MINOR: checks: update dynamic environment variables in external checks - DOC: checks: environment variables used by "external-check command" - BUG/MEDIUM: backend: correctly detect the domain when use_domain_only is used - MINOR: ssl: load certificates in alphabetical order - BUG/MINOR: checks: prevent http keep-alive with http-check expect - MINOR: lua: typo in an error message - MINOR: report the Lua version in -vv - MINOR: lua: add a compilation error message when compiled with an incompatible version - BUG/MEDIUM: lua: segfault when calling haproxy sample fetches from lua - BUILD: try to automatically detect the Lua library name - BUILD/CLEANUP: systemd: avoid a warning due to mixed code and declaration - BUG/MEDIUM: backend: Update hash to use unsigned int throughout - BUG/MEDIUM: connection: fix memory corruption when building a proxy v2 header - MEDIUM: connection: add new bit in Proxy Protocol V2 - BUG/MINOR: ssl: rejects OCSP response without nextupdate. - BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses. - BUG/MINOR: ssl: Fix OCSP resp update fails with the same certificate configured twice. - BUG/MINOR: ssl: Fix external function in order not to return a pointer on an internal trash buffer. - MINOR: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER formatted certs - MINOR: ssl: add statement to force some ssl options in global. - BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates - BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM. - BUG/MINOR: samples: fix unnecessary memcopy converting binary to string. - MINOR: samples: adds the bytes converter. - MINOR: samples: adds the field converter. - MINOR: samples: add the word converter. - BUG/MINOR: server: move the directive #endif to the end of file - BUG/MAJOR: buffer: check the space left is enough or not when input data in a buffer is wrapped - DOC: fix a few typos - CLEANUP: epoll: epoll_events should be allocated according to global.tune.maxpollevents - BUG/MINOR: http: fix typo: "401 Unauthorized" => "407 Unauthorized" - BUG/MINOR: parse: refer curproxy instead of proxy - BUG/MINOR: parse: check the validity of size string in a more strict way - BUILD: add new target 'make uninstall' to support uninstalling haproxy from OS - DOC: expand the docs for the provided stats. - BUG/MEDIUM: unix: do not unlink() abstract namespace sockets upon failure. - MEDIUM: ssl: Certificate Transparency support - MEDIUM: stats: proxied stats admin forms fix - MEDIUM: http: Compress HTTP responses with status codes 201,202,203 in addition to 200 - BUG/MEDIUM: connection: sanitize PPv2 header length before parsing address information - MAJOR: namespace: add Linux network namespace support - MINOR: systemd: Check configuration before start - BUILD: ssl: handle boringssl in openssl version detection - BUILD: ssl: disable OCSP when using boringssl - BUILD: ssl: don't call get_rfc2409_prime when using boringssl - MINOR: ssl: don't use boringssl's cipher_list - BUILD: ssl: use OPENSSL_NO_OCSP to detect OCSP support - MINOR: stats: fix minor typo in HTML page - MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper - MEDIUM: Add support for configurable TLS ticket keys - DOC: Document the new tls-ticket-keys bind keyword - DOC: clearly state that the "show sess" output format is not fixed - MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer() - DOC: httplog does not support 'no' - BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange - MINOR: ssl: use SSL_get_ciphers() instead of directly accessing the cipher list. - BUG/MEDIUM: Consistently use 'check' in process_chk - MEDIUM: Add external check - BUG/MEDIUM: Do not set agent health to zero if server is disabled in config - MEDIUM/BUG: Only explicitly report "DOWN (agent)" if the agent health is zero - MEDIUM: Remove connect_chk - MEDIUM: Refactor init_check and move to checks.c - MEDIUM: Add free_check() helper - MEDIUM: Move proto and addr fields struct check - MEDIUM: Attach tcpcheck_rules to check - MEDIUM: Add parsing of mailers section - MEDIUM: Allow configuration of email alerts - MEDIUM: Support sending email alerts - DOC: Document email alerts - MINOR: Remove trailing '.' from email alert messages - MEDIUM: Allow suppression of email alerts by log level - BUG/MEDIUM: Do not consider an agent check as failed on L7 error - MINOR: deinit: fix memory leak - MINOR: http: export the function 'smp_fetch_base32' - BUG/MEDIUM: http: tarpit timeout is reset - MINOR: sample: add "json" converter - BUG/MEDIUM: pattern: don't load more than once a pattern list. - MINOR: map/acl/dumpstats: remove the "Done." message - BUG/MAJOR: ns: HAProxy segfault if the cli_conn is not from a network connection - BUG/MINOR: pattern: error message missing - BUG/MEDIUM: pattern: some entries are not deleted with case insensitive match - BUG/MINOR: ARG6 and ARG7 don't fit in a 32 bits word - MAJOR: poll: only rely on wake_expired_tasks() to compute the wait delay - MEDIUM: task: call session analyzers if the task is woken by a message. - MEDIUM: protocol: automatically pick the proto associated to the connection. - MEDIUM: channel: wake up any request analyzer on response activity - MINOR: converters: add a "void *private" argument to converters - MINOR: converters: give the session pointer as converter argument - MINOR: sample: add private argument to the struct sample_fetch - MINOR: global: export function and permits to not resolve DNS names - MINOR: sample: add function for browsing samples. - MINOR: global: export many symbols. - MINOR: includes: fix a lot of missing or useless includes - MEDIUM: tcp: add register keyword system. - MEDIUM: buffer: make bo_putblk/bo_putstr/bo_putchk return the number of bytes copied. - MEDIUM: http: change the code returned by the response processing rule functions - MEDIUM: http/tcp: permit to resume http and tcp custom actions - MINOR: channel: functions to get data from a buffer without copy - MEDIUM: lua: lua integration in the build and init system. - MINOR: lua: add ease functions - MINOR: lua: add runtime execution context - MEDIUM: lua: "com" signals - MINOR: lua: add the configuration directive "lua-load" - MINOR: lua: core: create "core" class and object - MINOR: lua: post initialisation bindings - MEDIUM: lua: add coroutine as tasks. - MINOR: lua: add sample and args type converters - MINOR: lua: txn: create class TXN associated with the transaction. - MINOR: lua: add shared context in the lua stack - MINOR: lua: txn: import existing sample-fetches in the class TXN - MINOR: lua: txn: add lua function in TXN that returns an array of http headers - MINOR: lua: register and execute sample-fetches in LUA - MINOR: lua: register and execute converters in LUA - MINOR: lua: add bindings for tcp and http actions - MINOR: lua: core: add sleep functions - MEDIUM: lua: socket: add "socket" class for TCP I/O - MINOR: lua: core: pattern and acl manipulation - MINOR: lua: channel: add "channel" class - MINOR: lua: txn: object "txn" provides two objects "channel" - MINOR: lua: core: can set the nice of the current task - MINOR: lua: core: can yield an execution stack - MINOR: lua: txn: add binding for closing the client connection. - MEDIUM: lua: Lua initialisation "on demand" - BUG/MAJOR: lua: send function fails and return bad bytes - MINOR: remove unused declaration. - MINOR: lua: remove some #define - MINOR: lua: use bitfield and macro in place of integer and enum - MINOR: lua: set skeleton for Lua execution expiration - MEDIUM: lua: each yielding function returns a wake up time. - MINOR: lua: adds "forced yield" flag - MEDIUM: lua: interrupt the Lua execution for running other process - MEDIUM: lua: change the sleep function core - BUG/MEDIUM: lua: the execution timeout is ignored in yield case - DOC: lua: Lua configuration documentation - MINOR: lua: add the struct session in the lua channel struct - BUG/MINOR: lua: set buffer if it is nnot avalaible. - BUG/MEDIUM: lua: reset flags before resuming execution - BUG/MEDIUM: lua: fix infinite loop about channel - BUG/MEDIUM: lua: the Lua process is not waked up after sending data on requests side - BUG/MEDIUM: lua: many errors when we try to send data with the channel API - MEDIUM: lua: use the Lua-5.3 version of the library - BUG/MAJOR: lua: some function are not yieldable, the forced yield causes errors - BUG/MEDIUM: lua: can't handle the response bytes - BUG/MEDIUM: lua: segfault with buffer_replace2 - BUG/MINOR: lua: check buffers before initializing socket - BUG/MINOR: log: segfault if there are no proxy reference - BUG/MEDIUM: lua: sockets don't have buffer to write data - BUG/MEDIUM: lua: cannot connect socket - BUG/MINOR: lua: sockets receive behavior doesn't follows the specs - BUG/BUILD: lua: The strict Lua 5.3 version check is not done. - BUG/MEDIUM: buffer: one byte miss in buffer free space check - MEDIUM: lua: make the functions hlua_gethlua() and hlua_sethlua() faster - MINOR: replace the Core object by a simple model. - MEDIUM: lua: change the objects configuration - MEDIUM: lua: create a namespace for the fetches - MINOR: converters: add function to browse converters - MINOR: lua: wrapper for converters - MINOR: lua: replace function (req|get)_channel by a variable - MINOR: lua: fetches and converters can return an empty string in place of nil - DOC: lua api - BUG/MEDIUM: sample: fix random number upper-bound - BUG/MINOR: stats:Fix incorrect printf type. - BUG/MAJOR: session: revert all the crappy client-side timeout changes - BUG/MINOR: logs: properly initialize and count log sockets - BUG/MEDIUM: http: fetch "base" is not compatible with set-header - BUG/MINOR: counters: do not untrack counters before logging - BUG/MAJOR: sample: correctly reinitialize sample fetch context before calling sample_process() - MINOR: stick-table: make stktable_fetch_key() indicate why it failed - BUG/MEDIUM: counters: fix track-sc* to wait on unstable contents - BUILD: remove TODO from the spec file and add README - MINOR: log: make MAX_SYSLOG_LEN overridable at build time - MEDIUM: log: support a user-configurable max log line length - DOC: provide an example of how to use ssl_c_sha1 - BUILD: checks: external checker needs signal.h - BUILD: checks: kill a minor warning on Solaris in external checks - BUILD: http: fix isdigit & isspace warnings on Solaris - BUG/MINOR: listener: set the listener's fd to -1 after deletion - BUG/MEDIUM: unix: failed abstract socket binding is retryable - MEDIUM: listener: implement a per-protocol pause() function - MEDIUM: listener: support rebinding during resume() - BUG/MEDIUM: unix: completely unbind abstract sockets during a pause() - DOC: explicitly mention the limits of abstract namespace sockets - DOC: minor fix on {sc,src}_kbytes_{in,out} - DOC: fix alphabetical sort of converters - MEDIUM: stick-table: implement lookup from a sample fetch - MEDIUM: stick-table: add new converters to fetch table data - MINOR: samples: add two converters for the date format - BUG/MAJOR: http: correctly rewind the request body after start of forwarding - DOC: remove references to CPU=native in the README - DOC: mention that "compression offload" is ignored in defaults section - DOC: mention that Squid correctly responds 400 to PPv2 header - BUILD: fix dependencies between config and compat.h - MINOR: session: export the function 'smp_fetch_sc_stkctr' - MEDIUM: stick-table: make it easier to register extra data types - BUG/MINOR: http: base32+src should use the big endian version of base32 - MINOR: sample: allow IP address to cast to binary - MINOR: sample: add new converters to hash input - MINOR: sample: allow integers to cast to binary - BUILD: report commit ID in git versions as well - CLEANUP: session: move the stick counters declarations to stick_table.h - MEDIUM: http: add the track-sc* actions to http-request rules - BUG/MEDIUM: connection: fix proxy v2 header again! - BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc* - OPTIM/MINOR: proxy: reduce struct proxy by 48 bytes on 64-bit archs - MINOR: log: add a new field "%lc" to implement a per-frontend log counter - BUG/MEDIUM: http: fix inverted condition in pat_match_meth() - BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs - BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg() - BUG/MEDIUM: acl: correctly compute the output type when a converter is used - CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix - BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer - MEDIUM: http: enable header manipulation for 101 responses - BUG/MEDIUM: config: propagate frontend to backend process binding again. - MEDIUM: config: properly propagate process binding between proxies - MEDIUM: config: make the frontends automatically bind to the listeners' processes - MEDIUM: config: compute the exact bind-process before listener's maxaccept - MEDIUM: config: only warn if stats are attached to multi-process bind directives - MEDIUM: config: report it when tcp-request rules are misplaced - DOC: indicate in the doc that track-sc* can wait if data are missing - MINOR: config: detect the case where a tcp-request content rule has no inspect-delay - MEDIUM: systemd-wrapper: support multiple executable versions and names - BUG/MEDIUM: remove debugging code from systemd-wrapper - BUG/MEDIUM: http: adjust close mode when switching to backend - BUG/MINOR: config: don't propagate process binding on fatal errors. - BUG/MEDIUM: check: rule-less tcp-check must detect connect failures - BUG/MINOR: tcp-check: report the correct failed step in the status - DOC: indicate that weight zero is reported as DRAIN - BUG/MEDIUM: config: avoid skipping disabled proxies - BUG/MINOR: config: do not accept more track-sc than configured - BUG/MEDIUM: backend: fix URI hash when a query string is present - BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR - BUG/MAJOR: cli: explicitly call cli_release_handler() upon error - BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol - BUILD/MINOR: ssl: de-constify "ciphers" to avoid a warning on openssl-0.9.8 - BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets - BUG/BUILD: revert accidental change in the makefile from latest SSL fix - BUG/MEDIUM: ssl: force a full GC in case of memory shortage - MEDIUM: ssl: add support for smaller SSL records - MINOR: session: release a few other pools when stopping - MINOR: task: release the task pool when stopping - BUG/MINOR: config: don't inherit the default balance algorithm in frontends - BUG/MAJOR: frontend: initialize capture pointers earlier - BUG/MINOR: stats: correctly set the request/response analysers - MAJOR: polling: centralize calls to I/O callbacks - DOC: fix typo in the body parser documentation for msg.sov - BUG/MINOR: peers: the buffer size is global.tune.bufsize, not trash.size - MINOR: sample: add a few basic internal fetches (nbproc, proc, stopping) - DEBUG: pools: apply poisonning on every allocated pool - BUG/MAJOR: sessions: unlink session from list on out of memory - BUG/MEDIUM: patterns: previous fix was incomplete - BUG/MEDIUM: payload: ensure that a request channel is available - BUG/MINOR: tcp-check: don't condition data polling on check type - BUG/MEDIUM: tcp-check: don't rely on random memory contents - BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect - BUG/MINOR: config: fix typo in condition when propagating process binding - BUG/MEDIUM: config: do not propagate processes between stopped processes - BUG/MAJOR: stream-int: properly check the memory allocation return - BUG/MEDIUM: memory: fix freeing logic in pool_gc2() - BUG/MAJOR: namespaces: conn->target is not necessarily a server - BUG/MEDIUM: compression: correctly report zlib_mem - CLEANUP: lists: remove dead code - CLEANUP: memory: remove dead code - CLEANUP: memory: replace macros pool_alloc2/pool_free2 with functions - MINOR: memory: cut pool allocator in 3 layers - MEDIUM: memory: improve pool_refill_alloc() to pass a refill count - MINOR: stream-int: retrieve session pointer from stream-int - MINOR: buffer: reset a buffer in b_reset() and not channel_init() - MEDIUM: buffer: use b_alloc() to allocate and initialize a buffer - MINOR: buffer: move buffer initialization after channel initialization - MINOR: buffer: only use b_free to release buffers - MEDIUM: buffer: always assign a dummy empty buffer to channels - MEDIUM: buffer: add a new buf_wanted dummy buffer to report failed allocations - MEDIUM: channel: do not report full when buf_empty is present on a channel - MINOR: session: group buffer allocations together - MINOR: buffer: implement b_alloc_fast() - MEDIUM: buffer: implement b_alloc_margin() - MEDIUM: session: implement a basic atomic buffer allocator - MAJOR: session: implement a wait-queue for sessions who need a buffer - MAJOR: session: only allocate buffers when needed - MINOR: stats: report a "waiting" flags for sessions - MAJOR: session: only wake up as many sessions as available buffers permit - MINOR: config: implement global setting tune.buffers.reserve - MINOR: config: implement global setting tune.buffers.limit - MEDIUM: channel: implement a zero-copy buffer transfer - MEDIUM: stream-int: support splicing from applets - OPTIM: stream-int: try to send pending spliced data - CLEANUP: session: remove session_from_task() - DOC: add missing entry for log-format and clarify the text - MINOR: logs: add a new per-proxy "log-tag" directive - BUG/MEDIUM: http: fix header removal when previous header ends with pure LF - MINOR: config: extend the default max hostname length to 64 and beyond - BUG/MEDIUM: channel: fix possible integer overflow on reserved size computation - BUG/MINOR: channel: compare to_forward with buf->i, not buf->size - MINOR: channel: add channel_in_transit() - MEDIUM: channel: make buffer_reserved() use channel_in_transit() - MEDIUM: channel: make bi_avail() use channel_in_transit() - BUG/MEDIUM: channel: don't schedule data in transit for leaving until connected - CLEANUP: channel: rename channel_reserved -> channel_is_rewritable - MINOR: channel: rename channel_full() to !channel_may_recv() - MINOR: channel: rename buffer_reserved() to channel_reserved() - MINOR: channel: rename buffer_max_len() to channel_recv_limit() - MINOR: channel: rename bi_avail() to channel_recv_max() - MINOR: channel: rename bi_erase() to channel_truncate() - BUG/MAJOR: log: don't try to emit a log if no logger is set - MINOR: tools: add new round_2dig() function to round integers - MINOR: global: always export some SSL-specific metrics - MINOR: global: report information about the cost of SSL connections - MAJOR: init: automatically set maxconn and/or maxsslconn when possible - MINOR: http: add a new fetch "query" to extract the request's query string - MINOR: hash: add new function hash_crc32 - MINOR: samples: provide a "crc32" converter - MEDIUM: backend: add the crc32 hash algorithm for load balancing - BUG/MINOR: args: add missing entry for ARGT_MAP in arg_type_names - BUG/MEDIUM: http: make http-request set-header compute the string before removal - MEDIUM: args: use #define to specify the number of bits used by arg types and counts - MEDIUM: args: increase arg type to 5 bits and limit arg count to 5 - MINOR: args: add type-specific flags for each arg in a list - MINOR: args: implement a new arg type for regex : ARGT_REG - MEDIUM: regex: add support for passing regex flags to regex_exec_match() - MEDIUM: samples: add a regsub converter to perform regex-based transformations - BUG/MINOR: sample: fix case sensitivity for the regsub converter - MEDIUM: http: implement http-request set-{method,path,query,uri} - DOC: fix missing closing brackend on regsub - MEDIUM: samples: provide basic arithmetic and bitwise operators - MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set - BUG/MINOR: http: fix incorrect header value offset in replace-hdr/replace-value - BUG/MINOR: http: abort request processing on filter failure - MEDIUM: tcp: implement tcp-ut bind option to set TCP_USER_TIMEOUT - MINOR: ssl/server: add the "no-ssl-reuse" server option - BUG/MAJOR: peers: initialize s->buffer_wait when creating the session - MINOR: http: add a new function to iterate over each header line - MINOR: http: add the new sample fetches req.hdr_names and res.hdr_names - MEDIUM: task: always ensure that the run queue is consistent - BUILD: Makefile: add -Wdeclaration-after-statement - BUILD/CLEANUP: ssl: avoid a warning due to mixed code and declaration - BUILD/CLEANUP: config: silent 3 warnings about mixed declarations with code - MEDIUM: protocol: use a family array to index the protocol handlers - BUILD: lua: cleanup many mixed occurrences declarations & code - BUG/MEDIUM: task: fix recently introduced scheduler skew - BUG/MINOR: lua: report the correct function name in an error message - BUG/MAJOR: http: fix stats regression consecutive to HTTP_RULE_RES_YIELD - Revert "BUG/MEDIUM: lua: can't handle the response bytes" - MINOR: lua: convert IP addresses to type string - CLEANUP: lua: use the same function names in C and Lua - REORG/MAJOR: move session's req and resp channels back into the session - CLEANUP: remove now unused channel pool - REORG/MEDIUM: stream-int: introduce si_ic/si_oc to access channels - MEDIUM: stream-int: add a flag indicating which side the SI is on - MAJOR: stream-int: only rely on SI_FL_ISBACK to find the requested channel - MEDIUM: stream-interface: remove now unused pointers to channels - MEDIUM: stream-int: make si_sess() use the stream int's side - MEDIUM: stream-int: use si_task() to retrieve the task from the stream int - MEDIUM: stream-int: remove any reference to the owner - CLEANUP: stream-int: add si_ib/si_ob to dereference the buffers - CLEANUP: stream-int: add si_opposite() to find the other stream interface - REORG/MEDIUM: channel: only use chn_prod / chn_cons to find stream-interfaces - MEDIUM: channel: add a new flag "CF_ISRESP" for the response channel - MAJOR: channel: only rely on the new CF_ISRESP flag to find the SI - MEDIUM: channel: remove now unused ->prod and ->cons pointers - CLEANUP: session: simplify references to chn_{prod,cons}(&s->{req,res}) - CLEANUP: session: use local variables to access channels / stream ints - CLEANUP: session: don't needlessly pass a pointer to the stream-int - CLEANUP: session: don't use si_{ic,oc} when we know the session. - CLEANUP: stream-int: limit usage of si_ic/si_oc - CLEANUP: lua: limit usage of si_ic/si_oc - MINOR: channel: add chn_sess() helper to retrieve session from channel - MEDIUM: session: simplify receive buffer allocator to only use the channel - MEDIUM: lua: use CF_ISRESP to detect the channel's side - CLEANUP: lua: remove the session pointer from hlua_channel - CLEANUP: lua: hlua_channel_new() doesn't need the pointer to the session anymore - MEDIUM: lua: remove struct hlua_channel - MEDIUM: lua: remove hlua_sample_fetch |
||
Willy Tarreau
|
817dad50b0 |
DOC: remove references to CPU=native in the README
Certain compilers running in virtualized environments may produce code that the same processor cannot execute with -march=native, either because of hypervisor bugs reporting wrong CPU features, or because of compiler bugs forgetting to check CPU features. So better stop recommending this combination so that users don't get trapped anymore. |
||
Willy Tarreau
|
15480d7250 |
[DEV] open new 1.6 development branch
This new branch is based on 1.5.0, which 1.6-dev0 is 100% equivalent to. The README has been updated to mention that it is a development branch. Released version 1.6-dev0 with the following main changes : - exact copy of 1.5.0 |
||
Willy Tarreau
|
9229f1248f |
[RELEASE] Released version 1.5.0
Released version 1.5.0 with the following main changes : - MEDIUM: ssl: ignored file names ending as '.issuer' or '.ocsp'. - MEDIUM: ssl: basic OCSP stapling support. - MINOR: ssl/cli: Fix unapropriate comment in code on 'set ssl ocsp-response' - MEDIUM: ssl: add 300s supported time skew on OCSP response update. - MINOR: checks: mysql-check: Add support for v4.1+ authentication - MEDIUM: ssl: Add the option to use standardized DH parameters >= 1024 bits - MEDIUM: ssl: fix detection of ephemeral diffie-hellman key exchange by using the cipher description. - MEDIUM: http: add actions "replace-header" and "replace-values" in http-req/resp - MEDIUM: Break out check establishment into connect_chk() - MEDIUM: Add port_to_str helper - BUG/MEDIUM: fix ignored values for half-closed timeouts (client-fin and server-fin) in defaults section. - BUG/MEDIUM: Fix unhandled connections problem with systemd daemon mode and SO_REUSEPORT. - MINOR: regex: fix a little configuration memory leak. - MINOR: regex: Create JIT compatible function that return match strings - MEDIUM: regex: replace all standard regex function by own functions - MEDIUM: regex: Remove null terminated strings. - MINOR: regex: Use native PCRE API. - MINOR: missing regex.h include - DOC: Add Exim as Proxy Protocol implementer. - BUILD: don't use type "uint" which is not portable - BUILD: stats: workaround stupid and bogus -Werror=format-security behaviour - BUG/MEDIUM: http: clear CF_READ_NOEXP when preparing a new transaction - CLEANUP: http: don't clear CF_READ_NOEXP twice - DOC: fix proxy protocol v2 decoder example - DOC: fix remaining occurrences of "pattern extraction" - MINOR: log: allow the HTTP status code to be logged even in TCP frontends - MINOR: logs: don't limit HTTP header captures to HTTP frontends - MINOR: sample: improve sample_fetch_string() to report partial contents - MINOR: capture: extend the captures to support non-header keys - MINOR: tcp: prepare support for the "capture" action - MEDIUM: tcp: add a new tcp-request capture directive - MEDIUM: session: allow shorter retry delay if timeout connect is small - MEDIUM: session: don't apply the retry delay when redispatching - MEDIUM: session: redispatch earlier when possible - MINOR: config: warn when tcp-check rules are used without option tcp-check - BUG/MINOR: connection: make proxy protocol v1 support the UNKNOWN protocol - DOC: proxy protocol example parser was still wrong - DOC: minor updates to the proxy protocol doc - CLEANUP: connection: merge proxy proto v2 header and address block - MEDIUM: connection: add support for proxy protocol v2 in accept-proxy - MINOR: tools: add new functions to quote-encode strings - DOC: clarify the CSV format - MEDIUM: stats: report the last check and last agent's output on the CSV status - MINOR: freq_ctr: introduce a new averaging method - MEDIUM: session: maintain per-backend and per-server time statistics - MEDIUM: stats: report per-backend and per-server time stats in HTML and CSV outputs - BUG/MINOR: http: fix typos in previous patch - DOC: remove the ultra-obsolete TODO file - DOC: update roadmap - DOC: minor updates to the README - DOC: mention the maxconn limitations with the select poller - DOC: commit a few old design thoughts files |
||
Willy Tarreau
|
869f351d0f |
DOC: minor updates to the README
- mention that this is a stable version - stop mentionning the outdated contrib.html page. |
||
Willy Tarreau
|
2e85840266 |
[RELEASE] Released version 1.5-dev26
Released version 1.5-dev26 with the following main changes : - BUG/MEDIUM: polling: fix possible CPU hogging of worker processes after receiving SIGUSR1. - BUG/MINOR: stats: fix a typo on a closing tag for a server tracking another one - OPTIM: stats: avoid the calculation of a useless link on tracking servers in maintenance - MINOR: fix a few memory usage errors - CONTRIB: halog: Filter input lines by date and time through timestamp - MINOR: ssl: SSL_CTX_set_options() and SSL_CTX_set_mode() take a long, not an int - BUG/MEDIUM: regex: fix risk of buffer overrun in exp_replace() - MINOR: acl: set "str" as default match for strings - DOC: Add some precisions about acl default matching method - MEDIUM: acl: strenghten the option parser to report invalid options - BUG/MEDIUM: config: a stats-less config crashes in 1.5-dev25 - BUG/MINOR: checks: tcp-check must not stop on '\0' for binary checks - MINOR: stats: improve alignment of color codes to save one line of header - MINOR: checks: simplify and improve reporting of state changes when using log-health-checks - MINOR: server: remove the SRV_DRAIN flag which can always be deduced - MINOR: server: use functions to detect state changes and to update them - MINOR: server: create srv_was_usable() from srv_is_usable() and use a pointer - BUG/MINOR: stats: do not report "100%" in the thottle column when server is draining - BUG/MAJOR: config: don't free valid regex memory - BUG/MEDIUM: session: don't clear CF_READ_NOEXP if analysers are not called - BUG/MINOR: stats: tracking servers may incorrectly report an inherited DRAIN status - MEDIUM: proxy: make timeout parser a bit stricter - REORG/MEDIUM: server: split server state and flags in two different variables - REORG/MEDIUM: server: move the maintenance bits out of the server state - MAJOR: server: use states instead of flags to store the server state - REORG: checks: put the functions in the appropriate files ! - MEDIUM: server: properly support and propagate the maintenance status - MEDIUM: server: allow multi-level server tracking - CLEANUP: checks: rename the server_status_printf function - MEDIUM: checks: simplify server up/down/nolb transitions - MAJOR: checks: move health checks changes to set_server_check_status() - MINOR: server: make the status reporting function support a reason - MINOR: checks: simplify health check reporting functions - MINOR: server: implement srv_set_stopped() - MINOR: server: implement srv_set_running() - MINOR: server: implement srv_set_stopping() - MEDIUM: checks: simplify failure notification using srv_set_stopped() - MEDIUM: checks: simplify success notification using srv_set_running() - MEDIUM: checks: simplify stopping mode notification using srv_set_stopping() - MEDIUM: stats: report a server's own state instead of the tracked one's - MINOR: server: make use of srv_is_usable() instead of checking eweight - MAJOR: checks: add support for a new "drain" administrative mode - MINOR: stats: use the admin flags for soft enable/disable/stop/start on the web page - MEDIUM: stats: introduce new actions to simplify admin status management - MINOR: cli: introduce a new "set server" command - MINOR: stats: report a distinct output for DOWN caused by agent - MINOR: checks: support specific check reporting for the agent - MINOR: checks: support a neutral check result - BUG/MINOR: cli: "agent" was missing from the "enable"/"disable" help message - MEDIUM: cli: add support for enabling/disabling health checks. - MEDIUM: stats: report down caused by agent prior to reporting up - MAJOR: agent: rework the response processing and support additional actions - MINOR: stats: improve the stats web page to support more actions - CONTRIB: halog: avoid calling time/localtime/mktime for each line - DOC: document the workarouds for Google Chrome's bogus pre-connect - MINOR: stats: report SSL key computations per second - MINOR: stats: add counters for SSL cache lookups and misses |
||
Willy Tarreau
|
a3393955da |
[RELEASE] Released version 1.5-dev25
Released version 1.5-dev25 with the following main changes : - MEDIUM: connection: Implement and extented PROXY Protocol V2 - MINOR: ssl: clean unused ACLs declarations - MINOR: ssl: adds fetchs and ACLs for ssl back connection. - MINOR: ssl: merge client's and frontend's certificate functions. - MINOR: ssl: adds ssl_f_sha1 fetch to return frontend's certificate fingerprint - MINOR: ssl: adds sample converter base64 for binary type. - MINOR: ssl: convert to binary ssl_fc_unique_id and ssl_bc_unique_id. - BUG/MAJOR: ssl: Fallback to private session cache if current lock mode is not supported. - MAJOR: ssl: Change default locks on ssl session cache. - BUG/MINOR: chunk: Fix function chunk_strcmp and chunk_strcasecmp match a substring. - MINOR: ssl: add global statement tune.ssl.force-private-cache. - MINOR: ssl: remove fallback to SSL session private cache if lock init fails. - BUG/MEDIUM: patterns: last fix was still not enough - MINOR: http: export the smp_fetch_cookie function - MINOR: http: generic pointer to rule argument - BUG/MEDIUM: pattern: a typo breaks automatic acl/map numbering - BUG/MAJOR: patterns: -i and -n are ignored for inlined patterns - BUG/MINOR: proxy: unsafe initialization of HTTP transaction when switching from TCP frontend - BUG/MINOR: http: log 407 in case of proxy auth - MINOR: http: rely on the message body parser to send 100-continue - MEDIUM: http: move reqadd after execution of http_request redirect - MEDIUM: http: jump to dedicated labels after http-request processing - BUG/MINOR: http: block rules forgot to increment the denied_req counter - BUG/MINOR: http: block rules forgot to increment the session's request counter - MEDIUM: http: move Connection header processing earlier - MEDIUM: http: remove even more of the spaghetti in the request path - MINOR: http: silently support the "block" action for http-request - CLEANUP: proxy: rename "block_cond" to "block_rules" - MEDIUM: http: emulate "block" rules using "http-request" rules - MINOR: http: remove the now unused loop over "block" rules - MEDIUM: http: factorize the "auth" action of http-request and stats - MEDIUM: http: make http-request rules processing return a verdict instead of a rule - MINOR: config: add minimum support for emitting warnings only once - MEDIUM: config: inform the user about the deprecatedness of "block" rules - MEDIUM: config: inform the user that "reqsetbe" is deprecated - MEDIUM: config: inform the user only once that "redispatch" is deprecated - MEDIUM: config: warn that '{cli,con,srv}timeout' are deprecated - BUG/MINOR: auth: fix wrong return type in pat_match_auth() - BUILD: config: remove a warning with clang - BUG/MAJOR: http: connection setup may stall on balance url_param - BUG/MEDIUM: http/session: disable client-side expiration only after body - BUG/MEDIUM: http: correctly report request body timeouts - BUG/MEDIUM: http: disable server-side expiration until client has sent the body - MEDIUM: listener: make the accept function more robust against pauses - BUILD: syscalls: remove improper inline statement in front of syscalls - BUILD: ssl: SSL_CTX_set_msg_callback() needs openssl >= 0.9.7 - BUG/MAJOR: session: recover the correct connection pointer in half-initialized sessions - DOC: add some explanation on the shared cache build options in the readme. - MEDIUM: proxy: only adjust the backend's bind-process when already set - MEDIUM: config: limit nbproc to the machine's word size - MEDIUM: config: check the bind-process settings according to nbproc - MEDIUM: listener: parse the new "process" bind keyword - MEDIUM: listener: inherit the process mask from the proxy - MAJOR: listener: only start listeners bound to the same processes - MINOR: config: only report a warning when stats sockets are bound to more than 1 process - CLEANUP: config: set the maxaccept value for peers listeners earlier - BUG/MINOR: backend: only match IPv4 addresses with RDP cookies - BUG/MINOR: checks: correctly configure the address family and protocol - MINOR: tools: split is_addr() and is_inet_addr() - MINOR: protocols: use is_inet_addr() when only INET addresses are desired - MEDIUM: unix: add preliminary support for connecting to servers over UNIX sockets - MEDIUM: checks: only complain about the missing port when the check uses TCP - MEDIUM: unix: implement support for Linux abstract namespace sockets - DOC: map_beg was missing from the table of map_* converters - DOC: ebtree: indicate that prefix insertion/lookup may be used with strings - MEDIUM: pattern: use ebtree's longest match to index/lookup string beginning - BUILD: remove the obsolete BSD and OSX makefiles - MEDIUM: unix: avoid a double connect probe when no data are sent - DOC: stop referencing the slow git repository in the README - BUILD: only build the systemd wrapper on Linux 2.6 and above - DOC: update roadmap with completed tasks - MEDIUM: session: implement half-closed timeouts (client-fin and server-fin) |
||
Willy Tarreau
|
6346f0a534 |
DOC: stop referencing the slow git repository in the README
git.1wt.eu is painfully slow and some people experience issues with it. Better hide it and only advertise git.haproxy.org which is mirrored on a faster server. Also replace haproxy.1wt.eu with www.haproxy.org in the download URL which appears in the stats page. |
||
Willy Tarreau
|
3543cdbd17 |
BUILD: remove the obsolete BSD and OSX makefiles
These makefiles were aging, with no support for SSL nor zlib, and they were hard to maintain. GNU make is packaged and provided with all systems which were relying on these makefiles, so better simply delete them and enable the new features for everyone. |
||
Willy Tarreau
|
b1efedec3e |
DOC: add some explanation on the shared cache build options in the readme.
These ones become tricky, so better document them clearly. |
||
Willy Tarreau
|
8860dcd70a |
[RELEASE] Released version 1.5-dev24
Released version 1.5-dev24 with the following main changes : - MINOR: pattern: find element in a reference - MEDIUM: http: ACL and MAP updates through http-(request|response) rules - MEDIUM: ssl: explicitly log failed handshakes after a heartbeat - DOC: Full section dedicated to the converters - MEDIUM: http: register http-request and http-response keywords - BUG/MINOR: compression: correctly report incoming byte count - BUG/MINOR: http: don't report server aborts as client aborts - BUG/MEDIUM: channel: bi_putblk() must not wrap before the end of buffer - CLEANUP: buffers: remove unused function buffer_contig_space_with_res() - MEDIUM: stats: reimplement HTTP keep-alive on the stats page - BUG/MAJOR: http: fix timeouts during data forwarding - BUG/MEDIUM: http: 100-continue responses must process the next part immediately - MEDIUM: http: move skipping of 100-continue earlier - BUILD: stats: let gcc know that last_fwd cannot be used uninitialized... - CLEANUP: general: get rid of all old occurrences of "session *t" - CLEANUP: http: remove the useless "if (1)" inherited from version 1.4 - BUG/MEDIUM: stats: mismatch between behaviour and doc about front/back - MEDIUM: http: enable analysers to have keep-alive on stats - REORG: http: move HTTP Connection response header parsing earlier - MINOR: stats: always emit HTTP/1.1 in responses - MINOR: http: add capture.req.ver and capture.res.ver - MINOR: checks: add a new global max-spread-checks directive - BUG/MAJOR: http: fix the 'next' pointer when performing a redirect - MINOR: http: implement the max-keep-alive-queue setting - DOC: fix alphabetic order of tcp-check - MINOR: connection: add a new error code for SSL with heartbeat - MEDIUM: ssl: implement a workaround for the OpenSSL heartbleed attack - BUG/MEDIUM: Revert "MEDIUM: ssl: Add standardized DH parameters >= 1024 bits" - BUILD: http: remove a warning on strndup - BUILD: ssl: avoid a warning about conn not used with OpenSSL < 1.0.1 - BUG/MINOR: ssl: really block OpenSSL's response to heartbleed attack - MINOR: ssl: finally catch the heartbeats missing the padding |
||
Willy Tarreau
|
8317b283fb |
[RELEASE] Released version 1.5-dev23
Released version 1.5-dev23 with the following main changes : - BUG/MINOR: reject malformed HTTP/0.9 requests - MINOR: systemd wrapper: re-execute on SIGUSR2 - MINOR: systemd wrapper: improve logging - MINOR: systemd wrapper: propagate exit status - BUG/MINOR: tcpcheck connect wrong behavior - MEDIUM: proxy: support use_backend with dynamic names - MINOR: stats: Enhancement to stats page to provide information of last session time. - BUG/MEDIUM: peers: fix key consistency for integer stick tables - DOC: fix a typo on http-server-close and encapsulate options with double-quotes - DOC: fix fetching samples syntax - MINOR: ssl: add ssl_fc_unique_id to fetch TLS Unique ID - MEDIUM: ssl: Use ALPN support as it will be available in OpenSSL 1.0.2 - DOC: fix typo - CLEANUP: code style: use tabs to indent codes instead of spaces - DOC: fix a few config typos. - BUG/MINOR: raw_sock: also consider ENOTCONN in addition to EAGAIN for recv() - DOC: lowercase format string in unique-id - MINOR: set IP_FREEBIND on IPv6 sockets in transparent mode - BUG/MINOR: acl: req_ssl_sni fails with SSLv3 record version - BUG/MINOR: build: add missing objects in osx and bsd Makefiles - BUG/MINOR: build: handle whitespaces in wc -l output - BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO - MEDIUM: ssl: Add standardized DH parameters >= 1024 bits - BUG/MEDIUM: map: The map parser includes blank lines. - BUG/MINOR: log: The log of quotted capture header has been terminated by 2 quotes. - MINOR: standard: add function "encode_chunk" - BUG/MINOR: http: fix encoding of samples used in http headers - MINOR: sample: add hex converter - MEDIUM: sample: change the behavior of the bin2str cast - MAJOR: auth: Change the internal authentication system. - MEDIUM: acl/pattern: standardisation "of pat_parse_int()" and "pat_parse_dotted_ver()" - MEDIUM: pattern: The pattern parser no more uses <opaque> and just takes one string. - MEDIUM: pattern: Change the prototype of the function pattern_register(). - CONTRIB: ip6range: add a network IPv6 range to mask converter - MINOR: pattern: separe list element from the data part. - MEDIUM: pattern: add indexation function. - MEDIUM: pattern: The parse functions just return "struct pattern" without memory allocation - MINOR: pattern: Rename "pat_idx_elt" to "pattern_tree" - MINOR: sample: dont call the sample cast function "c_none" - MINOR: standard: Add function for converting cidr to network mask. - MEDIUM: sample: Remove types SMP_T_CSTR and SMP_T_CBIN, replace it by SMP_F_CONST flags - MEDIUM: sample/http_proto: Add new type called method - MINOR: dumpstats: Group map inline help - MEDIUM: pattern: The function pattern_exec_match() returns "struct pattern" if the patten match. - MINOR: dumpstats: change map inline sentences - MINOR: dumpstats: change the "get map" display management - MINOR: map/dumpstats: The cli cmd "get map ..." display the "int" format. - MEDIUM: pattern: The match function browse itself the list or the tree. - MEDIUM: pattern: Index IPv6 addresses in a tree. - MEDIUM: pattern: add delete functions - MEDIUM: pattern: add prune function - MEDIUM: pattern: add sample lookup function. - MEDIUM: pattern/dumpstats: The function pattern_lookup() is no longer used - MINOR: map/pattern: The sample parser is stored in the pattern - MAJOR: pattern/map: Extends the map edition system in the patterns - MEDIUM: pattern: merge same pattern - MEDIUM: pattern: The expected type is stored in the pattern head, and conversion is executed once. - MINOR: pattern: Each pattern is identified by unique id. - MINOR: pattern/acl: Each pattern of each acl can be load with specified id - MINOR: pattern: The function "pattern_register()" is no longer used. - MINOR: pattern: Merge function pattern_add() with pat_ref_push(). - MINOR: pattern: store configuration reference for each acl or map pattern. - MINOR: pattern: Each pattern expression element store the reference struct. - MINOR: dumpstats: display the reference for th key/pattern and value. - MEDIUM: pattern: delete() function uses the pat_ref_elt to find the element to be removed - MEDIUM: pattern_find_smp: functions find_smp uses the pat_ref_elt to find the element to be removed - MEDIUM: dumpstats/pattern: display and use each pointer of each pattern dumped - MINOR: pattern/map/acl: Centralization of the file parsers - MINOR: pattern: Check if the file reference is not used with acl and map - MINOR: acl/pattern: Acl "-M" option force to load file as map file with two columns - MEDIUM: dumpstats: Display error message during add of values. - MINOR: pattern: The function pat_ref_set() have now atomic behavior - MINOR: regex: The pointer regstr in the struc regex is no longer used. - MINOR: cli: Block the usage of the command "acl add" in many cases. - MINOR: doc: Update the documentation about the map and acl - MINOR: pattern: index duplicates - MINOR: configuration: File and line propagation - MINOR: dumpstat/conf: display all the configuration lines that using pattern reference - MINOR: standard: Disable ip resolution during the runtime - MINOR: pattern: Remove the flag "PAT_F_FROM_FILE". - MINOR: pattern: forbid dns resolutions - DOC: document "get map" / "get acl" on the CLI - MEDIUM: acl: Change the acl register struct - BUG/MEDIUM: acl: boolean only matches were broken by recent changes - DOC: pattern: pattern organisation schematics - MINOR: pattern/cli: Update used terms in documentation and cli - MINOR: cli: remove information about acl or map owner. - MINOR: session: don't always assume there's a listener - MINOR: pattern: Add function to prune and reload pattern list. - MINOR: standard: Add ipv6 support in the function url2sa(). - MEDIUM: config: Dynamic sections. - BUG/MEDIUM: stick-table: fix IPv4-to-IPv6 conversion in src_* fetches - MINOR: http: Add the "language" converter to for use with accept-language - BUG/MINOR: log: Don't dump empty unique-id - BUG/MAJOR: session: fix a possible crash with src_tracked - DOC: Update "language" documentation - MINOR: http: add the function "del-header" to the directives http-request and http-response - DOC: add some information on capture.(req|res).hdr - MINOR: http: capture.req.method and capture.req.uri - MINOR: http: optimize capture.req.method and capture.req.uri - MINOR: session: clean up the connection free code - BUG/MEDIUM: checks: immediately report a connection success - MEDIUM: connection: don't use real send() flags in snd_buf() - OPTIM: ssl: implement dynamic record size adjustment - MINOR: stats: report exact last session time in backend too - BUG/MEDIUM: stats: the "lastsess" field must appear last in the CSV. - BUG/MAJOR: check: fix memory leak in "tcp-check connect" over SSL - BUG/MINOR: channel: initialize xfer_small/xfer_large on new buffers - MINOR: channel: add the date of last read in the channel - MEDIUM: stream-int: automatically disable CF_STREAMER flags after idle - MINOR: ssl: add DEFAULT_SSL_MAX_RECORD to set the record size at build time - MINOR: config: make the stream interface idle timer user-configurable - MINOR: config: add global directives to set default SSL ciphers - MINOR: sample: add a rand() sample fetch to return a sample. - BUG/MEDIUM: config: immediately abort if peers section has no name - BUG/MINOR: ssl: fix syntax in config error message - BUG/MEDIUM: ssl: always send a full buffer after EAGAIN - BUG/MINOR: config: server on-marked-* statement is ignored in default-server - BUG/MEDIUM: backend: prefer-last-server breaks redispatch - BUG/MEDIUM: http: continue to emit 503 on keep-alive to different server - MEDIUM: acl: fix pattern type for payload / payload_lv - BUG/MINOR: config: fix a crash on startup when a disabled backend references a peer - BUG/MEDIUM: compression: fix the output type of the compressor name - BUG/MEDIUM: http: don't start to forward request data before the connect - MINOR: http: release compression context only in http_end_txn() - MINOR: protect ebimtree/ebistree against multiple inclusions - MEDIUM: proxy: create a tree to store proxies by name - MEDIUM: proxy: make findproxy() use trees to look up proxies - MEDIUM: proxy: make get_backend_server() use findproxy() to lookup proxies - MEDIUM: stick-table: lookup table names using trees. - MEDIUM: config: faster lookup for duplicated proxy name - CLEANUP: acl: remove obsolete test in parse_acl_expr() - MINOR: sample: move smp_to_type to sample.c - MEDIUM: compression: consider the "q=" attribute in Accept-Encoding - REORG: cfgparse: move server keyword parsing to server.c - BUILD: adjust makefile for AIX 5.1 - BUG/MEDIUM: pattern: fix wrong definition of the pat_prune_fcts array - CLEANUP: pattern: move array definitions to proto/ and not types/ - BUG/MAJOR: counters: check for null-deref when looking up an alternate table - BUILD: ssl: previous patch failed - BUILD/MEDIUM: standard: get rid of the last strcpy() - BUILD/MEDIUM: standard: get rid of sprintf() - BUILD/MEDIUM: cfgparse: get rid of sprintf() - BUILD/MEDIUM: checks: get rid of sprintf() - BUILD/MEDIUM: http: remove calls to sprintf() - BUG/MEDIUM: systemd-wrapper: fix locating of haproxy binary - BUILD/MINOR: ssl: remove one call to sprintf() - MEDIUM: http: don't reject anymore message bodies not containing the url param - MEDIUM: http: wait for the first chunk or message body length in http_process_body - CLEANUP: http: rename http_process_request_body() - CLEANUP: http: prepare dedicated processing for chunked encoded message bodies - MINOR: http: make msg->eol carry the last CRLF length - MAJOR: http: do not use msg->sol while processing messages or forwarding data - MEDIUM: http: http_parse_chunk_crlf() must not advance the buffer pointer - MAJOR: http: don't update msg->sov anymore while processing the body - MINOR: http: add a small helper to compute the amount of body bytes present - MEDIUM: http: add a small helper to compute how far to rewind to find headers - MINOR: http: add a small helper to compute how far to rewind to find URI - MEDIUM: http: small helpers to compute how far to rewind to find BODY and DATA - MAJOR: http: reset msg->sov after headers are forwarded - MEDIUM: http: forward headers again while waiting for connection to complete - BUG/MINOR: http: deinitialize compression after a parsing error - BUG/MINOR: http: deinitialize compression after a compression error - MEDIUM: http: headers must be forwarded even if data was already inspected - MAJOR: http: re-enable compression on chunked encoding - MAJOR: http/compression: fix chunked-encoded response processing - MEDIUM: http: cleanup: centralize a little bit HTTP compression end - MEDIUM: http: start to centralize the forwarding code - MINOR: http: further cleanups of response forwarding function - MEDIUM: http: only allocate the temporary compression buffer when needed - MAJOR: http: centralize data forwarding in the request path - CLEANUP: http: document the response forwarding states - CLEANUP: http: remove all calls to http_silent_debug() - DOC: internal: add some reminders about HTTP parsing and pointer states - BUG/MAJOR: http: fix bug in parse_qvalue() when selecting compression algo - BUG/MINOR: stats: last session was not always set - DOC: add pointer to the Cyril's HTML doc in the README - MEDIUM: config: relax use_backend check to make the condition optional - MEDIUM: config: report misplaced http-request rules - MEDIUM: config: report misplaced use-server rules - DOC: update roadmap with what was done. |
||
Willy Tarreau
|
74774c0f86 |
DOC: add pointer to the Cyril's HTML doc in the README
It's a better place for newcomers to start with. |
||
Willy Tarreau
|
50abe303df |
BUILD: adjust makefile for AIX 5.1
AIX 5.1 has trouble with ss_family which is __ss_family there. Just remap it in the makefile and provide a new target. |
||
Willy Tarreau
|
1a34d57d26 |
[RELEASE] Released version 1.5-dev22
Released version 1.5-dev22 with the following main changes :
- MEDIUM: tcp-check new feature: connect
- MEDIUM: ssl: Set verify 'required' as global default for servers side.
- MINOR: ssl: handshake optim for long certificate chains.
- BUG/MINOR: pattern: pattern comparison executed twice
- BUG/MEDIUM: map: segmentation fault with the stats's socket command "set map ..."
- BUG/MEDIUM: pattern: Segfault in binary parser
- MINOR: pattern: move functions for grouping pat_match_* and pat_parse_* and add documentation.
- MINOR: standard: The parse_binary() returns the length consumed and his documentation is updated
- BUG/MINOR: payload: the patterns of the acl "req.ssl_ver" are no parsed with the good function.
- BUG/MEDIUM: pattern: "pat_parse_dotted_ver()" set bad expect_type.
- BUG/MINOR: sample: The c_str2int converter does not fail if the entry is not an integer
- BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests
- MINOR: doc: Bad cli function name.
- MINOR: http: smp_fetch_capture_header_* fetch captured headers
- BUILD: last release inadvertently prepended a "+" in front of the date
- BUG/MEDIUM: stream-int: fix the keep-alive idle connection handler
- BUG/MEDIUM: backend: do not re-initialize the connection's context upon reuse
- BUG: Revert "OPTIM/MEDIUM: epoll: fuse active events into polled ones during polling changes"
- BUG/MINOR: checks: successful check completion must not re-enable MAINT servers
- MINOR: http: try to stick to same server after status 401/407
- BUG/MINOR: http: always disable compression on HTTP/1.0
- OPTIM: poll: restore polling after a poll/stop/want sequence
- OPTIM: http: don't stop polling for read on the client side after a request
- BUG/MEDIUM: checks: unchecked servers could not be enabled anymore
- BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling
- BUG/MINOR: channel: CHN_INFINITE_FORWARD must be unsigned
- BUG/MINOR: stream-int: do not clear the owner upon unregister
- MEDIUM: stats: add support for HTTP keep-alive on the stats page
- BUG/MEDIUM: stats: fix HTTP/1.0 breakage introduced in previous patch
- Revert "MEDIUM: stats: add support for HTTP keep-alive on the stats page"
- MAJOR: channel: add a new flag CF_WAKE_WRITE to notify the task of writes
- OPTIM: session: set the READ_DONTWAIT flag when connecting
- BUG/MINOR: http: don't clear the SI_FL_DONT_WAKE flag between requests
- MINOR: session: factor out the connect time measurement
- MEDIUM: session: prepare to support earlier transitions to the established state
- MEDIUM: stream-int: make si_connect() return an established state when possible
- MINOR: checks: use an inline function for health_adjust()
- OPTIM: session: put unlikely() around the freewheeling code
- MEDIUM: config: report a warning when multiple servers have the same name
- BUG: Revert "OPTIM: poll: restore polling after a poll/stop/want sequence"
- BUILD/MINOR: listener: remove a glibc warning on accept4()
- BUG/MAJOR: connection: fix mismatch between rcv_buf's API and usage
- BUILD: listener: fix recent accept4() again
- BUG/MAJOR: ssl: fix breakage caused by recent fix
|
||
Willy Tarreau
|
6b07bf7598 |
[RELEASE] Released version 1.5-dev21
Released version 1.5-dev21 with the following main changes : - MINOR: stats: don't use a monospace font to report numbers - MINOR: session: remove debugging code - BUG/MAJOR: patterns: fix double free caused by loading strings from files - MEDIUM: http: make option http_proxy automatically rewrite the URL - BUG/MEDIUM: http: cook_cnt() forgets to set its output type - BUG/MINOR: stats: correctly report throttle rate of low weight servers - BUG/MEDIUM: checks: servers must not start in slowstart mode - BUG/MINOR: acl: parser must also stop at comma on ACL-only keywords - MEDIUM: stream-int: implement a very simplistic idle connection manager - DOC: update the ROADMAP file |