Commit Graph

111 Commits

Author SHA1 Message Date
Willy Tarreau
f57a29a1cd [RELEASE] Released version 1.8-dev2
Released version 1.8-dev2 with the following main changes :
    - CLEANUP: server: moving netinet/tcp.h inclusion
    - DOC: changed "block"(deprecated) examples to http-request deny
    - DOC: add few comments to examples.
    - DOC: update sample code for PROXY protocol
    - DOC: mention lighttpd 1.4.46 implements PROXY
    - MINOR server: Restrict dynamic cookie check to the same proxy.
    - DOC: stick-table is available in frontend sections
    - BUG/MINOR: server : no transparent proxy for DragonflyBSD
    - BUILD/MINOR: stats: remove unexpected argument to stats_dump_json_header()
    - BUILD/MINOR: tools: fix build warning in debug_hexdump()
    - BUG/MINOR: dns: Wrong address family used when creating IPv6 sockets.
    - BUG/MINOR: config: missing goto out after parsing an incorrect ACL character
    - BUG/MINOR: arg: don't try to add an argument on failed memory allocation
    - MEDIUM: server: Inherit CLI weight changes and agent-check weight responses
    - BUG/MEDIUM: arg: ensure that we properly unlink unresolved arguments on error
    - BUG/MEDIUM: acl: don't free unresolved args in prune_acl_expr()
    - BUG/MEDIUM: servers: unbreak server weight propagation
    - MINOR: lua: ensure the memory allocator is used all the time
    - MINOR: cli: Add a command to send listening sockets.
    - MINOR: global: Add an option to get the old listening sockets.
    - MINOR: tcp: When binding socket, attempt to reuse one from the old proc.
    - MINOR: doc: document the -x flag
    - MINOR: proxy: Don't close FDs if not our proxy.
    - MINOR: socket transfer: Set a timeout on the socket.
    - MINOR: systemd wrapper: add support for passing the -x option.
    - BUG/MINOR: server: Fix a wrong error message during 'usesrc' keyword parsing.
    - BUG/MAJOR: Broken parsing for valid keywords provided after 'source' setting.
    - CLEANUP: logs: typo: simgle => single
    - BUG/MEDIUM: acl: proprely release unused args in prune_acl_expr()
    - MEDIUM: config: don't check config validity when there are fatal errors
    - BUG/MAJOR: Use -fwrapv.
    - BUG/MINOR: server: don't use "proxy" when px is really meant.
    - BUG/MEDIUM: http: Drop the connection establishment when a redirect is performed
    - BUG/MINOR: server: missing default server 'resolvers' setting duplication.
    - MINOR: server: Extract the code responsible of copying default-server settings.
    - MINOR: server: Extract the code which finalizes server initializations after 'server' lines parsing.
    - MINOR: server: Add 'server-template' new keyword supported in backend sections.
    - MINOR: server: Add server_template_init() function to initialize servers from a templates.
    - DOC: Add documentation for new "server-template" keyword.
    - DOC: add layer 4 links/cross reference to "block" keyword.
    - DOC: errloc/errorloc302/errorloc303 missing status codes.
    - BUG/MEDIUM: lua: memory leak
    - CLEANUP: lua: remove test
    - BUG/MINOR: hash-balance-factor isn't effective in certain circumstances
    - BUG/MINOR: change header-declared function to static inline
    - REORG: spoe: move spoe_encode_varint / spoe_decode_varint from spoe to common
    - MINOR: Add binary encoding request header sample fetch
    - MINOR: proto-http: Add sample fetch wich returns all HTTP headers
    - MINOR: Add ModSecurity wrapper as contrib
    - BUG/MINOR: ssl: fix warnings about methods for opensslv1.1.
    - DOC: update RFC references
    - CONTRIB: tcploop: add action "X" to execute a command
    - MINOR: server: cli: Add server FQDNs to server-state file and stats socket.
    - BUG/MINOR: contrib/mod_security: fix build on FreeBSD
    - BUG/MINOR: checks: don't send proxy protocol with agent checks
    - MINOR: ssl: add prefer-client-ciphers
    - MEDIUM: ssl: revert ssl/tls version settings relative to default-server.
    - MEDIUM: ssl: ssl_methods implementation is reworked and factored for min/max tlsxx
    - MEDIUM: ssl: calculate the real min/max TLS version and find holes
    - MINOR: ssl: support TLSv1.3 for bind and server
    - MINOR: ssl: show methods supported by openssl
    - MEDIUM: ssl: add ssl-min-ver and ssl-max-ver parameters for bind and server
    - MEDIUM: ssl: ssl-min-ver and ssl-max-ver compatibility.
    - CLEANUP: retire obsoleted USE_GETSOCKNAME build option
    - BUG/MAJOR: dns: Broken kqueue events handling (BSD systems).
    - MINOR: sample: Add b64dec sample converter
    - BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return anything
    - MINOR: cli: add ACCESS_LVL_MASK to store the access level
    - MINOR: cli: add 'expose-fd listeners' to pass listeners FDs
    - MEDIUM: proxy: zombify proxies only when the expose-fd socket is bound
    - MEDIUM: ssl: add basic support for OpenSSL crypto engine
    - MAJOR: ssl: add openssl async mode support
    - MEDIUM: ssl: handle multiple async engines
    - MINOR: boringssl: basic support for OCSP Stapling
    - MEDIUM: mworker: replace systemd mode by master worker mode
    - MEDIUM: mworker: handle reload and signals
    - MEDIUM: mworker: wait mode on reload failure
    - MEDIUM: mworker: try to guess the next stats socket to use with -x
    - MEDIUM: mworker: exit-on-failure option
    - MEDIUM: mworker: workers exit when the master leaves
    - DOC: add documentation for the master-worker mode
    - MEDIUM: systemd: Type=forking in unit file
    - MAJOR: systemd-wrapper: get rid of the wrapper
    - MINOR: log: Add logurilen tunable.
    - CLEANUP: server.c: missing prototype of srv_free_dns_resolution
    - MINOR: dns: smallest DNS fqdn size
    - MINOR: dns: functions to manage memory for a DNS resolution structure
    - MINOR: dns: parse_server() now uses srv_alloc_dns_resolution()
    - REORG: dns: dns_option structure, storage of hostname_dn
    - MINOR: dns: new snr_check_ip_callback function
    - MAJOR: dns: save a copy of the DNS response in struct resolution
    - MINOR: dns: implement a LRU cache for DNS resolutions
    - MINOR: dns: make 'ancount' field to match the number of saved records
    - MINOR: dns: introduce roundrobin into the internal cache (WIP)
    - MAJOR/REORG: dns: DNS resolution task and requester queues
    - BUILD: ssl: fix build with OPENSSL_NO_ENGINE
    - MINOR: Add Mod Defender integration as contrib
    - CLEANUP: str2mask return code comment: non-zero -> zero.
    - MINOR: tools: make debug_hexdump() use a const char for the string
    - MINOR: tools: make debug_hexdump() take a string prefix
    - CLEANUP: connection: remove unused CO_FL_WAIT_DATA
2017-06-02 15:59:51 +02:00
Willy Tarreau
7b677265fd [RELEASE] Released version 1.8-dev1
Released version 1.8-dev1 with the following main changes :
    - BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos
    - BUG/MINOR: stats: make field_str() return an empty string on NULL
    - DOC: Spelling fixes
    - BUG/MEDIUM: http: Fix tunnel mode when the CONNECT method is used
    - BUG/MINOR: http: Keep the same behavior between 1.6 and 1.7 for tunneled txn
    - BUG/MINOR: filters: Protect args in macros HAS_DATA_FILTERS and IS_DATA_FILTER
    - BUG/MINOR: filters: Invert evaluation order of HTTP_XFER_BODY and XFER_DATA analyzers
    - BUG/MINOR: http: Call XFER_DATA analyzer when HTTP txn is switched in tunnel mode
    - BUG/MAJOR: stream: fix session abort on resource shortage
    - OPTIM: stream-int: don't disable polling anymore on DONT_READ
    - BUG/MINOR: cli: allow the backslash to be escaped on the CLI
    - BUG/MEDIUM: cli: fix "show stat resolvers" and "show tls-keys"
    - DOC: Fix map table's format
    - DOC: Added 51Degrees conv and fetch functions to documentation.
    - BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect
    - DOC: mention that req_tot is for both frontends and backends
    - BUG/MEDIUM: variables: some variable name can hide another ones
    - MINOR: lua: Allow argument for actions
    - BUILD: rearrange target files by build time
    - CLEANUP: hlua: just indent functions
    - MINOR: lua: give HAProxy variable access to the applets
    - BUG/MINOR: stats: fix be/sessions/max output in html stats
    - MINOR: proxy: Add fe_name/be_name fetchers next to existing fe_id/be_id
    - DOC: lua: Documentation about some entry missing
    - DOC: lua: Add documentation about variable manipulation from applet
    - MINOR: Do not forward the header "Expect: 100-continue" when the option http-buffer-request is set
    - DOC: Add undocumented argument of the trace filter
    - DOC: Fix some typo in SPOE documentation
    - MINOR: cli: Remove useless call to bi_putchk
    - BUG/MINOR: cli: be sure to always warn the cli applet when input buffer is full
    - MINOR: applet: Count number of (active) applets
    - MINOR: task: Rename run_queue and run_queue_cur counters
    - BUG/MEDIUM: stream: Save unprocessed events for a stream
    - BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled
    - BUILD/MEDIUM: Fixing the build using LibreSSL
    - BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2)
    - SCRIPTS: git-show-backports: fix a harmless typo
    - SCRIPTS: git-show-backports: add -H to use the hash of the commit message
    - BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW
    - CLEANUP: applet/lua: create a dedicated ->fcn entry in hlua_cli context
    - CLEANUP: applet/table: add an "action" entry in ->table context
    - CLEANUP: applet: remove the now unused appctx->private field
    - DOC: lua: documentation about time parser functions
    - DOC: lua: improve links
    - DOC: lua: section declared twice
    - MEDIUM: cli: 'show cli sockets' list the CLI sockets
    - BUG/MINOR: cli: "show cli sockets" wouldn't list all processes
    - BUG/MINOR: cli: "show cli sockets" would always report process 64
    - CLEANUP: lua: rename one of the lua appctx union
    - BUG/MINOR: lua/cli: bad error message
    - MEDIUM: lua: use memory pool for hlua struct in applets
    - MINOR: lua/signals: Remove Lua part from signals.
    - DOC: cli: show cli sockets
    - MINOR: cli: automatically enable a CLI I/O handler when there's no parser
    - CLEANUP: memory: remove the now unused cli_parse_show_pools() function
    - CLEANUP: applet: group all CLI contexts together
    - CLEANUP: stats: move a misplaced stats context initialization
    - MINOR: cli: add two general purpose pointers and integers in the CLI struct
    - MINOR: appctx/cli: remove the cli_socket entry from the appctx union
    - MINOR: appctx/cli: remove the env entry from the appctx union
    - MINOR: appctx/cli: remove the "be" entry from the appctx union
    - MINOR: appctx/cli: remove the "dns" entry from the appctx union
    - MINOR: appctx/cli: remove the "server_state" entry from the appctx union
    - MINOR: appctx/cli: remove the "tlskeys" entry from the appctx union
    - CONTRIB: tcploop: add limits.h to fix build issue with some compilers
    - MINOR/DOC: lua: just precise one thing
    - DOC: fix small typo in fe_id (backend instead of frontend)
    - BUG/MINOR: Fix the sending function in Lua's cosocket
    - BUG/MINOR: lua: memory leak executing tasks
    - BUG/MINOR: lua: bad return code
    - BUG/MINOR: lua: memleak when Lua/cli fails
    - MEDIUM: lua: remove Lua struct from session, and allocate it with memory pools
    - CLEANUP: haproxy: statify unexported functions
    - MINOR: haproxy: add a registration for build options
    - CLEANUP: wurfl: use the build options list to report it
    - CLEANUP: 51d: use the build options list to report it
    - CLEANUP: da: use the build options list to report it
    - CLEANUP: namespaces: use the build options list to report it
    - CLEANUP: tcp: use the build options list to report transparent modes
    - CLEANUP: lua: use the build options list to report it
    - CLEANUP: regex: use the build options list to report the regex type
    - CLEANUP: ssl: use the build options list to report the SSL details
    - CLEANUP: compression: use the build options list to report the algos
    - CLEANUP: auth: use the build options list to report its support
    - MINOR: haproxy: add a registration for post-check functions
    - CLEANUP: checks: make use of the post-init registration to start checks
    - CLEANUP: filters: use the function registration to initialize all proxies
    - CLEANUP: wurfl: make use of the late init registration
    - CLEANUP: 51d: make use of the late init registration
    - CLEANUP: da: make use of the late init registration code
    - MINOR: haproxy: add a registration for post-deinit functions
    - CLEANUP: wurfl: register the deinit function via the dedicated list
    - CLEANUP: 51d: register the deinitialization function
    - CLEANUP: da: register the deinitialization function
    - CLEANUP: wurfl: move global settings out of the global section
    - CLEANUP: 51d: move global settings out of the global section
    - CLEANUP: da: move global settings out of the global section
    - MINOR: cfgparse: add two new functions to check arguments count
    - MINOR: cfgparse: move parsing of "ca-base" and "crt-base" to ssl_sock
    - MEDIUM: cfgparse: move all tune.ssl.* keywords to ssl_sock
    - MEDIUM: cfgparse: move maxsslconn parsing to ssl_sock
    - MINOR: cfgparse: move parsing of ssl-default-{bind,server}-ciphers to ssl_sock
    - MEDIUM: cfgparse: move ssl-dh-param-file parsing to ssl_sock
    - MEDIUM: compression: move the zlib-specific stuff from global.h to compression.c
    - BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake
    - BUG/MEDIUM: ssl: avoid double free when releasing bind_confs
    - BUG/MINOR: stats: fix be/sessions/current out in typed stats
    - MINOR: tcp-rules: check that the listener exists before updating its counters
    - MEDIUM: spoe: don't create a dummy listener for outgoing connections
    - MINOR: listener: move the transport layer pointer to the bind_conf
    - MEDIUM: move listener->frontend to bind_conf->frontend
    - MEDIUM: ssl: remote the proxy argument from most functions
    - MINOR: connection: add a new prepare_bind_conf() entry to xprt_ops
    - MEDIUM: ssl_sock: implement ssl_sock_prepare_bind_conf()
    - MINOR: connection: add a new destroy_bind_conf() entry to xprt_ops
    - MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf()
    - MINOR: server: move the use_ssl field out of the ifdef USE_OPENSSL
    - MINOR: connection: add a minimal transport layer registration system
    - CLEANUP: connection: remove all direct references to raw_sock and ssl_sock
    - CLEANUP: connection: unexport raw_sock and ssl_sock
    - MINOR: connection: add new prepare_srv()/destroy_srv() entries to xprt_ops
    - MINOR: ssl_sock: implement and use prepare_srv()/destroy_srv()
    - CLEANUP: ssl: move tlskeys_finalize_config() to a post_check callback
    - CLEANUP: ssl: move most ssl-specific global settings to ssl_sock.c
    - BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled
    - BUG/MEDIUM: ssl: for a handshake when server-side SNI changes
    - BUG/MINOR: systemd: potential zombie processes
    - DOC: Add timings events schemas
    - BUILD: lua: build failed on FreeBSD.
    - MINOR: samples: add xx-hash functions
    - MEDIUM: regex: pcre2 support
    - BUG/MINOR: option prefer-last-server must be ignored in some case
    - MINOR: stats: Support "select all" for backend actions
    - BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches sc*_get_gpt0
    - BUG/MAJOR: channel: Fix the definition order of channel analyzers
    - BUG/MINOR: http: report real parser state in error captures
    - BUILD: scripts: automatically update the branch in version.h when releasing
    - MINOR: tools: add a generic hexdump function for debugging
    - BUG/MAJOR: http: fix risk of getting invalid reports of bad requests
    - MINOR: http: custom status reason.
    - MINOR: connection: add sample fetch "fc_rcvd_proxy"
    - BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options
    - BUG/MINOR: tools: fix off-by-one in port size check
    - BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family
    - MEDIUM: server: split the address and the port into two different fields
    - MINOR: tools: make str2sa_range() return the port in a separate argument
    - MINOR: server: take the destination port from the port field, not the addr
    - MEDIUM: server: disable protocol validations when the server doesn't resolve
    - BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0
    - BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage
    - BUG/MINOR: ssl: assert on SSL_set_shutdown with BoringSSL
    - MINOR: Use "500 Internal Server Error" for 500 error/status code message.
    - MINOR: proto_http.c 502 error txt typo.
    - DOC: add deprecation notice to "block"
    - MINOR: compression: fix -vv output without zlib/slz
    - BUG/MINOR: Reset errno variable before calling strtol(3)
    - MINOR: ssl: don't show prefer-server-ciphers output
    - OPTIM/MINOR: config: Optimize fullconn automatic computation loading configuration
    - BUG/MINOR: stream: Fix how backend-specific analyzers are set on a stream
    - MAJOR: ssl: bind configuration per certificat
    - MINOR: ssl: add curve suite for ECDHE negotiation
    - MINOR: checks: Add agent-addr config directive
    - MINOR: cli: Add possiblity to change agent config via CLI/socket
    - MINOR: doc: Add docs for agent-addr configuration variable
    - MINOR: doc: Add docs for agent-addr and agent-send CLI commands
    - BUILD: ssl: fix to build (again) with boringssl
    - BUILD: ssl: fix build on OpenSSL 1.0.0
    - BUILD: ssl: silence a warning reported for ERR_remove_state()
    - BUILD: ssl: eliminate warning with OpenSSL 1.1.0 regarding RAND_pseudo_bytes()
    - BUILD: ssl: kill a build warning introduced by BoringSSL compatibility
    - BUG/MEDIUM: tcp: don't poll for write when connect() succeeds
    - BUG/MINOR: unix: fix connect's polling in case no data are scheduled
    - MINOR: server: extend the flags to 32 bits
    - BUG/MINOR: lua: Map.end are not reliable because "end" is a reserved keyword
    - MINOR: dns: give ability to dns_init_resolvers() to close a socket when requested
    - BUG/MAJOR: dns: restart sockets after fork()
    - MINOR: chunks: implement a simple dynamic allocator for trash buffers
    - BUG/MEDIUM: http: prevent redirect from overwriting a buffer
    - BUG/MEDIUM: filters: Do not truncate HTTP response when body length is undefined
    - BUG/MEDIUM: http: Prevent replace-header from overwriting a buffer
    - BUG/MINOR: http: Return an error when a replace-header rule failed on the response
    - BUG/MINOR: sendmail: The return of vsnprintf is not cleanly tested
    - BUG/MAJOR: ssl: fix a regression in ssl_sock_shutw()
    - BUG/MAJOR: lua segmentation fault when the request is like 'GET ?arg=val HTTP/1.1'
    - BUG/MEDIUM: config: reject anything but "if" or "unless" after a use-backend rule
    - MINOR: http: don't close when redirect location doesn't start with "/"
    - MEDIUM: boringssl: support native multi-cert selection without bundling
    - BUG/MEDIUM: ssl: fix verify/ca-file per certificate
    - BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
    - MINOR: ssl: removes SSL_CTX_set_ssl_version call and cleanup CTX creation.
    - BUILD: ssl: fix build with -DOPENSSL_NO_DH
    - MEDIUM: ssl: add new sample-fetch which captures the cipherlist
    - MEDIUM: ssl: remove ssl-options from crt-list
    - BUG/MEDIUM: ssl: in bind line, ssl-options after 'crt' are ignored.
    - BUG/MINOR: ssl: fix cipherlist captures with sustainable SSL calls
    - MINOR: ssl: improved cipherlist captures
    - BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
    - BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
    - MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents
    - MINOR: spoe: Add support for pipelining/async capabilities in the SPOA example
    - MINOR: spoe: Remove SPOE details from the appctx structure
    - MINOR: spoe: Add status code in error variable instead of hardcoded value
    - MINOR: spoe: Send a log message when an error occurred during event processing
    - MINOR: spoe: Check the scope of sample fetches used in SPOE messages
    - MEDIUM: spoe: Be sure to wakeup the good entity waiting for a buffer
    - MINOR: spoe: Use the min of all known max_frame_size to encode messages
    - MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames
    - MINOR: spoe: Add support for fragmentation capability in the SPOA example
    - MAJOR: spoe: refactor the filter to clean up the code
    - MINOR: spoe: Handle NOTIFY frames cancellation using ABORT bit in ACK frames
    - REORG: spoe: Move struct and enum definitions in dedicated header file
    - REORG: spoe: Move low-level encoding/decoding functions in dedicated header file
    - MINOR: spoe: Improve implementation of the payload fragmentation
    - MINOR: spoe: Add support of negation for options in SPOE configuration file
    - MINOR: spoe: Add "pipelining" and "async" options in spoe-agent section
    - MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
    - MINOR: spoe: Add "send-frag-payload" option in spoe-agent section
    - MINOR: spoe: Add "max-frame-size" statement in spoe-agent section
    - DOC: spoe: Update SPOE documentation to reflect recent changes
    - MINOR: config: warn when some HTTP rules are used in a TCP proxy
    - BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
    - BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
    - BUG/MINOR: Fix "get map <map> <value>" CLI command
    - MINOR: Add nbsrv sample converter
    - CLEANUP: Replace repeated code to count usable servers with be_usable_srv()
    - MINOR: Add hostname sample fetch
    - CLEANUP: Remove comment that's no longer valid
    - MEDIUM: http_error_message: txn->status / http_get_status_idx.
    - MINOR: http-request tarpit deny_status.
    - CLEANUP: http: make http_server_error() not set the status anymore
    - MEDIUM: stats: Add JSON output option to show (info|stat)
    - MEDIUM: stats: Add show json schema
    - BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
    - MINOR: server: Add dynamic session cookies.
    - MINOR: cli: Let configure the dynamic cookies from the cli.
    - BUG/MINOR: checks: attempt clean shutw for SSL check
    - CONTRIB: tcploop: make it build on FreeBSD
    - CONTRIB: tcploop: fix time format to silence build warnings
    - CONTRIB: tcploop: report action 'K' (kill) in usage message
    - CONTRIB: tcploop: fix connect's address length
    - CONTRIB: tcploop: use the trash instead of NULL for recv()
    - BUG/MEDIUM: listener: do not try to rebind another process' socket
    - BUG/MEDIUM server: Fix crash when dynamic is defined, but not key is provided.
    - CLEANUP: config: Typo in comment.
    - BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
    - TESTS: add a test configuration to stress handshake combinations
    - BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
    - BUG/MEDIUM: connection: ensure to always report the end of handshakes
    - MEDIUM: connection: don't test for CO_FL_WAKE_DATA
    - CLEANUP: connection: completely remove CO_FL_WAKE_DATA
    - BUG: payload: fix payload not retrieving arbitrary lengths
    - BUILD: ssl: simplify SSL_CTX_set_ecdh_auto compatibility
    - BUILD: ssl: fix OPENSSL_NO_SSL_TRACE for boringssl and libressl
    - BUG/MAJOR: http: fix typo in http_apply_redirect_rule
    - MINOR: doc: 2.4. Examples should be 2.5. Examples
    - BUG/MEDIUM: stream: fix client-fin/server-fin handling
    - MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
    - BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
    - OPTIM: poll: enable support for POLLRDHUP
    - MINOR: kqueue: exclusively rely on the kqueue returned status
    - MEDIUM: kqueue: take care of EV_EOF to improve polling status accuracy
    - MEDIUM: kqueue: only set FD_POLL_IN when there are pending data
    - DOC/MINOR: Fix typos in proxy protocol doc
    - DOC: Protocol doc: add checksum, TLV type ranges
    - DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
    - DOC: Protocol doc: add noop TLV
    - MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
    - MINOR: dns: improve DNS response parsing to use as many available records as possible
    - BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
    - MINOR: server: irrelevant error message with 'default-server' config file keyword.
    - MINOR: server: Make 'default-server' support 'backup' keyword.
    - MINOR: server: Make 'default-server' support 'check-send-proxy' keyword.
    - CLEANUP: server: code alignement.
    - MINOR: server: Make 'default-server' support 'non-stick' keyword.
    - MINOR: server: Make 'default-server' support 'send-proxy' and 'send-proxy-v2 keywords.
    - MINOR: server: Make 'default-server' support 'check-ssl' keyword.
    - MINOR: server: Make 'default-server' support 'force-sslv3' and 'force-tlsv1[0-2]' keywords.
    - CLEANUP: server: code alignement.
    - MINOR: server: Make 'default-server' support 'no-ssl*' and 'no-tlsv*' keywords.
    - MINOR: server: Make 'default-server' support 'ssl' keyword.
    - MINOR: server: Make 'default-server' support 'send-proxy-v2-ssl*' keywords.
    - CLEANUP: server: code alignement.
    - MINOR: server: Make 'default-server' support 'verify' keyword.
    - MINOR: server: Make 'default-server' support 'verifyhost' setting.
    - MINOR: server: Make 'default-server' support 'check' keyword.
    - MINOR: server: Make 'default-server' support 'track' setting.
    - MINOR: server: Make 'default-server' support 'ca-file', 'crl-file' and 'crt' settings.
    - MINOR: server: Make 'default-server' support 'redir' keyword.
    - MINOR: server: Make 'default-server' support 'observe' keyword.
    - MINOR: server: Make 'default-server' support 'cookie' keyword.
    - MINOR: server: Make 'default-server' support 'ciphers' keyword.
    - MINOR: server: Make 'default-server' support 'tcp-ut' keyword.
    - MINOR: server: Make 'default-server' support 'namespace' keyword.
    - MINOR: server: Make 'default-server' support 'source' keyword.
    - MINOR: server: Make 'default-server' support 'sni' keyword.
    - MINOR: server: Make 'default-server' support 'addr' keyword.
    - MINOR: server: Make 'default-server' support 'disabled' keyword.
    - MINOR: server: Add 'no-agent-check' server keyword.
    - DOC: server: Add docs for "server" and "default-server" new "no-*" and other settings.
    - MINOR: doc: fix use-server example (imap vs mail)
    - BUG/MEDIUM: tcp: don't require privileges to bind to device
    - BUILD: make the release script use shortlog for the final changelog
    - BUILD: scripts: fix typo in announce-release error message
    - CLEANUP: time: curr_sec_ms doesn't need to be exported
    - BUG/MEDIUM: server: Wrong server default CRT filenames initialization.
    - BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
    - BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
    - BUG/MINOR: http: Fix conditions to clean up a txn and to handle the next request
    - CLEANUP: http: Remove channel_congested function
    - CLEANUP: buffers: Remove buffer_bounce_realign function
    - CLEANUP: buffers: Remove buffer_contig_area and buffer_work_area functions
    - MINOR: http: remove useless check on HTTP_MSGF_XFER_LEN for the request
    - MINOR: http: Add debug messages when HTTP body analyzers are called
    - BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled
    - BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze
    - DOC: fix parenthesis and add missing "Example" tags
    - DOC: update the contributing file
    - DOC: log-format/tcplog/httplog update
    - MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections
2017-04-03 09:27:49 +02:00
Willy Tarreau
0e658fb051 [RELEASE] Released version 1.8-dev0
Released version 1.8-dev0 with the following main changes :
    - exact copy of 1.7.0
2016-11-25 16:58:52 +01:00
Willy Tarreau
e59fcdd25e [RELEASE] Released version 1.7.0
Released version 1.7.0 with the following main changes :
    - SCRIPTS: make publish-release also copy the new SPOE doc
    - BUILD: http: include types/sample.h in proto_http.h
    - BUILD: debug/flags: remove test for SF_COMP_READY
    - CONTRIB: debug/flags: add check for SF_ERR_CHK_PORT
    - MINOR: lua: add function which return true if the channel is full.
    - MINOR: lua: add ip addresses and network manipulation function
    - CONTRIB: tcploop: scriptable TCP I/O for debugging purposes
    - CONTRIB: tcploop: implement fork()
    - CONTRIB: tcploop: implement logging when called with -v
    - CONTRIB: tcploop: update the usage output
    - CONTRIB: tcploop: support sending plain strings
    - CONTRIB: tcploop: don't report failed send() or recv()
    - CONTRIB: tcploop: add basic loops via a jump instruction
    - BUG/MEDIUM: channel: bad unlikely macro
    - CLEANUP: lua: move comment
    - CLEANUP: lua: control executed twice
    - BUG/MEDIUM: ssl: Store certificate filename in a variable
    - BUG/MINOR: ssl: Print correct filename when error occurs reading OCSP
    - CLEANUP: ssl: Remove goto after return dead code
    - CLEANUP: ssl: Fix bind keywords name in comments
    - DOC: ssl: Use correct wording for ca-sign-pass
    - CLEANUP: lua: avoid directly calling getsockname/getpeername()
    - BUG/MINOR: stick-table: handle out-of-memory condition gracefully
    - MINOR: cli: add private pointer and release function
    - MEDIUM: lua: Add cli handler for Lua
    - BUG/MEDIUM: connection: check the control layer before stopping polling
    - DEBUG: connection: mark the closed FDs with a value that is easier to detect
    - BUG/MEDIUM: stick-table: fix regression caused by recent fix for out-of-memory
    - BUG/MINOR: cli: properly decrement ref count on tables during failed dumps
    - BUG/MEDIUM: lua: In some case, the return of sample-fetche is ignored
    - MINOR: filters: Add check_timeouts callback to handle timers expiration on streams
    - MINOR: spoe: Add 'timeout processing' option to limit time to process an event
    - MINOR: spoe: Remove useless 'timeout ack' option
    - MINOR: spoe: Add 'option continue-on-error' statement in spoe-agent section
    - MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements
    - MINOR: spoe: Add "option set-on-error" statement
    - MINOR: stats: correct documentation of process ID for typed output
    - BUILD: contrib: fix ip6range build on Centos 7
    - BUILD: fix build on Solaris 10/11
    - BUG/MINOR: cli: fix pointer size when reporting data/transport layer name
    - BUG/MINOR: cli: dequeue from the proxy when changing a maxconn
    - BUG/MINOR: cli: wake up the CLI's task after a timeout update
    - MINOR: connection: add a few functions to report the data and xprt layers' names
    - MINOR: connection: add names for transport and data layers
    - REORG: cli: split dumpstats.c in src/cli.c and src/stats.c
    - REORG: cli: split dumpstats.h in stats.h and cli.h
    - REORG: cli: move ssl CLI functions to ssl_sock.c
    - REORG: cli: move map and acl code to map.c
    - REORG: cli: move show stat resolvers to dns.c
    - MINOR: cli: create new function cli_has_level() to validate permissions
    - MINOR: server: create new function cli_find_server() to find a server
    - MINOR: proxy: create new function cli_find_frontend() to find a frontend
    - REORG: cli: move 'set server' to server.c
    - REORG: cli: move 'show pools' to memory.c
    - REORG: cli: move 'show servers' to proxy.c
    - REORG: cli: move 'show sess' to stream.c
    - REORG: cli: move 'show backend' to proxy.c
    - REORG: cli: move get/set weight to server.c
    - REORG: cli: move "show stat" to stats.c
    - REORG: cli: move "show info" to stats.c
    - REORG: cli: move dump_text(), dump_text_line(), and dump_binary() to standard.c
    - REORG: cli: move table dump/clear/set to stick_table.c
    - REORG: cli: move "show errors" out of cli.c
    - REORG: cli: make "show env" also use the generic keyword registration
    - REORG: cli: move "set timeout" to its own handler
    - REORG: cli: move "clear counters" to stats.c
    - REORG: cli: move "set maxconn global" to its own handler
    - REORG: cli: move "set maxconn server" to server.c
    - REORG: cli: move "set maxconn frontend" to proxy.c
    - REORG: cli: move "shutdown sessions server" to stream.c
    - REORG: cli: move "shutdown session" to stream.c
    - REORG: cli: move "shutdown frontend" to proxy.c
    - REORG: cli: move "{enable|disable} frontend" to proxy.c
    - REORG: cli: move "{enable|disable} server" to server.c
    - REORG: cli: move "{enable|disable} health" to server.c
    - REORG: cli: move "{enable|disable} agent" to server.c
    - REORG: cli: move the "set rate-limit" functions to their own parser
    - CLEANUP: cli: rename STAT_CLI_* to CLI_ST_*
    - CLEANUP: cli: simplify the request parser a little bit
    - CLEANUP: cli: remove assignments to st0 and st2 in keyword parsers
    - BUILD: server: remove a build warning introduced by latest series
    - BUG/MINOR: log-format: uncatched memory allocation functions
    - CLEANUP: log-format: useless file and line in json converter
    - CLEANUP/MINOR: log-format: unexport functions parse_logformat_var_args() and parse_logformat_var()
    - CLEANUP: log-format: fix return code of the function parse_logformat_var()
    - CLEANUP: log-format: fix return code of function parse_logformat_var_args()
    - CLEANUP: log-format: remove unused arguments
    - MEDIUM: log-format: strict parsing and enable fail
    - MEDIUM: log-format/conf: take into account the parse_logformat_string() return code
    - BUILD: ssl: make the SSL layer build again with openssl 0.9.8
    - BUILD: vars: remove a build warning on vars.c
    - MINOR: lua: add utility function for check boolean argument
    - MINOR: lua: Add tokenize function.
    - BUG/MINOR: conf: calloc untested
    - MINOR: http/conf: store the use_backend configuration file and line for logs
    - MEDIUM: log-format: Use standard HAProxy log system to report errors
    - CLEANUP: sample: report "converter" instead of "conv method" in error messages
    - BUG: spoe: Fix parsing of SPOE actions in ACK frames
    - MINOR: cli: make "show stat" support a proxy name
    - MINOR: cli: make "show errors" support a proxy name
    - MINOR: cli: make "show errors" capable of dumping only request or response
    - BUG/MINOR: freq-ctr: make swrate_add() support larger values
    - CLEANUP: counters: move from 3 types to 2 types
    - CLEANUP: cfgparse: cascade the warnif_misplaced_* rules
    - REORG: tcp-rules: move tcp rules processing to their own file
    - REORG: stkctr: move all the stick counters processing to stick-tables.c
    - DOC: update the roadmap file with the latest changes
2016-11-25 16:39:17 +01:00
Willy Tarreau
d5d890be21 [RELEASE] Released version 1.7-dev6
Released version 1.7-dev6 with the following main changes :
    - DOC: fix the entry for hash-balance-factor config option
    - DOC: Fix typo in description of `-st` parameter in man page
    - CLEANUP: cfgparse: Very minor spelling correction
    - MINOR: examples: Update haproxy.spec URLs to haproxy.org
    - BUG/MEDIUM: peers: on shutdown, wake up the appctx, not the stream
    - BUG/MEDIUM: peers: fix use after free in peer_session_create()
    - MINOR: peers: make peer_session_forceshutdown() use the appctx and not the stream
    - MINOR: peers: remove the pointer to the stream
    - BUG/MEDIUM: systemd-wrapper: return correct exit codes
    - DOC: stats: provide state details for show servers state
    - MEDIUM: tools: make str2ip2() preserve existing ports
    - CLEANUP: tools: make ipcpy() preserve the original port
    - OPTIM: http: move all http character classs tables into a single one
    - OPTIM: http: improve parsing performance of long header lines
    - OPTIM: http: improve parsing performance of long URIs
    - OPTIM: http: optimize lookup of comma and quote in header values
    - BUG/MEDIUM: srv-state: properly restore the DRAIN state
    - BUG/MINOR: srv-state: allow to have both CMAINT and FDRAIN flags
    - MINOR: server: do not emit warnings/logs/alerts on server state changes at boot
    - BUG/MEDIUM: servers: properly propagate the maintenance states during startup
    - MEDIUM: wurfl: add Scientiamobile WURFL device detection module
    - DOC: move the device detection modules documentation to their own files
    - CLEANUP: wurfl: reduce exposure in the rest of the code
    - MEDIUM: ssl: Add support for OpenSSL 1.1.0
    - MINOR: stream: make option contstats usable again
    - MEDIUM: tools: make str2sa_range() return the FQDN even when not resolving
    - MINOR: init: move apply_server_state in haproxy.c before MODE_CHECK
    - MAJOR: server: postpone address resolution
    - MINOR: new srv_admin flag: SRV_ADMF_RMAINT
    - MINOR: server: indicate in the logs when RMAINT is cleared
    - MINOR: stats: indicate it when a server is down due to resolution
    - MINOR: server: make srv_set_admin_state() capable of telling why this happens
    - MINOR: dns: implement extra 'hold' timers.
    - MAJOR: dns: runtime resolution can change server admin state
    - MEDIUM: cli: leave the RMAINT state when setting an IP address on the CLI
    - MEDIUM: server: add a new init-addr server line setting
    - MEDIUM: server: make use of init-addr
    - MINOR: server: implement init-addr none
    - MEDIUM: server: make libc resolution failure non-fatal
    - MINOR: server: add support for explicit numeric address in init-addr
    - DOC: add some documentation for the "init-addr" server keyword
    - MINOR: init: add -dr to ignore server address resolution failures
    - MEDIUM: server: do not restrict anymore usage of IP address from the state file
    - BUG: vars: Fix 'set-var' converter because of a typo
    - CLEANUP: remove last references to 'ruleset' section
    - MEDIUM: filters: Add attch/detach and stream_set_backend callbacks
    - MINOR: filters: Update filters documentation accordingly to recent changes
    - MINOR: filters: Call stream_set_backend callbacks before updating backend stats
    - MINOR: filters: Remove backend filters attached to a stream only for HTTP streams
    - MINOR: flt_trace: Add hexdump option to dump forwarded data
    - MINOR: cfgparse: Add functions to backup and restore registered sections
    - MINOR: cfgparse: Parse scope lines and save the last one parsed
    - REORG: sample: move code to release a sample expression in sample.c
    - MINOR: vars: Allow '.' in variable names
    - MINOR: vars: Add vars_set_by_name_ifexist function
    - MEDIUM: vars: Add a per-process scope for variables
    - MINOR: vars: Add 'unset-var' action/converter
    - MAJOR: spoe: Add an experimental Stream Processing Offload Engine
    - MINOR: spoe: add random ip-reputation service as SPOA example
    - MINOR: spoe/checks: Add support for SPOP health checks
    - DOC: update ROADMAP file
2016-11-09 23:18:17 +01:00
Grant
7c2be1f34a MINOR: examples: Update haproxy.spec URLs to haproxy.org
also update version.
[wt: should be backported to 1.6]
2016-10-26 18:48:37 +02:00
Willy Tarreau
608efa173c [RELEASE] Released version 1.7-dev5
Released version 1.7-dev5 with the following main changes :
    - MINOR: cfgparse: few memory leaks fixes.
    - MEDIUM: log: Decompose %Tq in %Th %Ti %TR
    - CLEANUP: logs: remove unused log format field definitions
    - BUILD/MAJOR:updated 51d Trie implementation to incorperate latest update to 51Degrees.c
    - BUG/MAJOR: stream: properly mark the server address as unset on connect retry
    - CLEANUP: proto_http: Removing useless variable assignation
    - CLEANUP: dumpstats: Removing useless variables allocation
    - CLEANUP: dns: Removing usless variable & assignation
    - BUG/MINOR: payload: fix SSLv2 version parser
    - MINOR: cli: allow the semi-colon to be escaped on the CLI
    - MINOR: cli: change a server health check port through the stats socket
    - BUG/MINOR: Fix OSX compilation errors
    - MAJOR: check: find out which port to use for health check at run time
    - MINOR: server: introduction of 3 new server flags
    - MINOR: new update_server_addr_port() function to change both server's ADDR and service PORT
    - MINOR: cli: ability to change a server's port
    - CLEANUP/MINOR dns: comment do not follow up code update
    - MINOR: chunk: new strncat function
    - MINOR: dns: wrong DNS_MAX_UDP_MESSAGE value
    - MINOR: dns: new MAX values
    - MINOR: dns: new macro to compute DNS header size
    - MINOR: dns: new DNS structures to store received packets
    - MEDIUM: dns: new DNS response parser
    - MINOR: dns: query type change when last record is a CNAME
    - MINOR: dns: proper domain name validation when receiving DNS response
    - MINOR: dns: comments in types/dns.h about structures endianness
    - BUG/MINOR: displayed PCRE version is running release
    - MINOR: show Built with PCRE version
    - MINOR: show Running on zlib version
    - MEDIUM: make SO_REUSEPORT configurable
    - MINOR: enable IP_BIND_ADDRESS_NO_PORT on backend connections
    - BUG/MEDIUM: http/compression: Fix how chunked data are copied during the HTTP body parsing
    - BUG/MINOR: stats: report the correct conn_time in backend's html output
    - BUG/MEDIUM: dns: don't randomly crash on out-of-memory
    - MINOR: Add fe_req_rate sample fetch
    - MEDIUM: peers: Fix a peer stick-tables synchronization issue.
    - MEDIUM: cli: register CLI keywords with cli_register_kw()
    - BUILD: Make use of accept4() on OpenBSD.
    - MINOR: tcp: make set-src/set-src-port and set-dst/set-dst-port commutative
    - DOC: fix missed entry for "set-{src,dst}{,-port}"
    - BUG/MINOR: vars: use sess and not s->sess in action_store()
    - BUG/MINOR: vars: make smp_fetch_var() more robust against misuses
    - BUG/MINOR: vars: smp_fetch_var() doesn't depend on HTTP but on the session
    - MINOR: stats: output dcon
    - CLEANUP: tcp rules: mention everywhere that tcp-conn rules are L4
    - MINOR: counters: add new fields for denied_sess
    - MEDIUM: tcp: add registration and processing of TCP L5 rules
    - MINOR: stats: emit dses
    - DOC: document tcp-request session
    - MINOR: ssl: add debug traces
    - BUILD/CLEANUP: ssl: Check BIO_reset() return code
    - BUG/MINOR: ssl: Check malloc return code
    - BUG/MINOR: ssl: prevent multiple entries for the same certificate
    - BUG/MINOR: systemd: make the wrapper return a non-null status code on error
    - BUG/MINOR: systemd: always restore signals before execve()
    - BUG/MINOR: systemd: check return value of calloc()
    - MINOR: systemd: report it when execve() fails
    - BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed
    - MINOR: proxy: add 'served' field to proxy, equal to total of all servers'
    - MINOR: backend: add hash-balance-factor option for hash-type consistent
    - MINOR: server: compute a "cumulative weight" to allow chash balancing to hit its target
    - MEDIUM: server: Implement bounded-load hash algorithm
    - SCRIPTS: make git-show-backports also dump a "git show" command
    - MINOR: build: Allow linking to device-atlas library file
    - MINOR: stats: Escape equals sign on socket dump
2016-10-25 22:22:00 +02:00
Willy Tarreau
41d5e3a610 [RELEASE] Released version 1.7-dev4
Released version 1.7-dev4 with the following main changes :
    - MINOR: add list_append_word function
    - MEDIUM: init: use list_append_word in haproxy.c
    - MEDIUM: init: allow directory as argument of -f
    - CLEANUP: config: detect double registration of a config section
    - MINOR: log: add the %Td log-format specifier
    - MEDIUM: filters: Move HTTP headers filtering in its own callback
    - MINOR: filters: Simplify calls to analyzers using 2 new macros
    - MEDIUM: filters: Add pre and post analyzer callbacks
    - DOC: filters: Update the filters documentation accordingly to recent changes
    - BUG/MEDIUM: init: don't use environment locale
    - SCRIPTS: teach git-show-backports how to report upstream commits
    - SCRIPTS: make git-show-backports capable of limiting its history
    - BUG/MAJOR: fix listening IP address storage for frontends
    - BUG/MINOR: fix listening IP address storage for frontends (cont)
    - DOC: Fix typo so fetch is properly parsed by Cyril's converter
    - BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes
    - BUG/MEDIUM: stick-tables: fix breakage in table converters
    - MINOR: stick-table: change all stick-table converters' inputs to SMP_T_ANY
    - BUG/MEDIUM: dns: unbreak DNS resolver after header fix
    - BUILD: fix build on Solaris 11
    - BUG/MEDIUM: config: fix multiple declaration of section parsers
    - BUG/MEDIUM: stats: show servers state may show an servers from another backend
    - BUG/MEDIUM: fix risk of segfault with "show tls-keys"
    - MEDIUM: dumpstats: 'show tls-keys' is now able to show secrets
    - DOC: update doc about tls-tickets-keys dump
    - MEDIUM: tcp: add 'set-src' to 'tcp-request connection'
    - MINOR: set the CO_FL_ADDR_FROM_SET flags with 'set-src'
    - MEDIUM: tcp/http: add 'set-src-port' action
    - MEDIUM: tcp/http: new set-dst/set-dst-port actions
    - BUG/MEDIUM: sticktables: segfault in some configuration error cases
    - BUILD/MEDIUM: rebuild everything when an include file is changed
    - BUILD/MEDIUM: force a full rebuild if some build options change
    - BUG/MEDIUM: lua: converters doesn't work
    - BUG/MINOR: http: add-header: header name copied twice
    - BUG/MEDIUM: http: add-header: buffer overwritten
    - BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()
    - MINOR: stream: export the function 'smp_create_src_stkctr'
    - BUG/MEDIUM: dumpstats: undefined behavior in stats_tlskeys_list()
    - MEDIUM: dumpstats: make stats_tlskeys_list() yield-aware during tls-keys dump
    - BUG/MINOR: http: url32+src should use the big endian version of url32
    - BUG/MINOR: http: url32+src should check cli_conn before using it
    - DOC: http: add documentation for url32 and url32+src
    - BUG/MINOR: fix http-response set-log-level parsing error
    - MINOR: systemd: Use variable for config and pidfile paths
    - MINOR: systemd: Perform sanity check on config before reload
    - MEDIUM: ssl: support SNI filters with multicerts
    - MINOR: ssl: crt-list parsing factor
    - BUILD: ssl: fix typo causing a build failure in the multicert patch
    - MINOR: listener: add the "accept-netscaler-cip" option to the "bind" keyword
    - MINOR: tcp: add "tcp-request connection expect-netscaler-cip layer4"
    - BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual limits
    - BUG/MINOR: init: ensure that FD limit is raised to the max allowed
    - BUG/MEDIUM: external-checks: close all FDs right after the fork()
    - BUG/MAJOR: external-checks: use asynchronous signal delivery
    - BUG/MINOR: external-checks: do not unblock undesired signals
    - CLEANUP: external-check: don't block/unblock SIGCHLD when manipulating the list
    - BUG/MEDIUM: filters: Fix data filtering when data are modified
    - BUG/MINOR: filters: Fix HTTP parsing when a filter loops on data forwarding
    - BUG/MINOR: srv-state: fix incorrect output of state file
    - BUG/MINOR: ssl: close ssl key file on error
    - BUG/MINOR: http: fix misleading error message for response captures
    - BUG/BUILD: don't automatically run "make" on "make install"
    - DOC: add missing doc for http-request deny [deny_status <status>]
    - CLEANUP: dumpstats: u64 field is an unsigned type.
    - BUG/MEDIUM: http: unbreak uri/header/url_param hashing
    - BUG/MINOR: Rework slightly commit 9962f8fc to clean code and avoid mistakes
    - MINOR: new function my_realloc2 = realloc + free upon failure
    - CLEANUP: fixed some usages of realloc leading to memory leak
    - Revert "BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()"
    - CLEANUP: connection: using internal struct to hold source and dest port.
    - DOC: spelling fixes
    - BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()
    - BUG/MEDIUM: dns: fix alignment issues in the DNS response parser
    - BUG/MINOR: Fix endiness issue in DNS header creation code
    - BUG/MEDIUM: lua: the function txn_done() from sample fetches can crash
    - BUG/MEDIUM: lua: the function txn_done() from action wrapper can crash
    - MEDIUM: http: implement http-response track-sc* directive
    - BUG/MINOR: peers: Fix peers data decoding issue
    - BUG/MINOR: peers: don't count track-sc multiple times on errors
    - MINOR: standard: add function "escape_string"
    - BUG/MEDIUM: log: use function "escape_string" instead of "escape_chunk"
    - MINOR: tcp: Return TCP statistics like RTT and RTT variance
    - DOC: lua: remove old functions
    - BUG/MEDIUM: lua: somme HTTP manipulation functions are called without valid requests
    - DOC: fix json converter example and error message
    - BUG/MEDIUM: stream-int: completely detach connection on connect error
    - DOC: minor typo fixes to improve HTML parsing by haproxy-dconv
    - BUILD: make proto_tcp.c compatible with musl library
    - BUG/MAJOR: compression: initialize avail_in/next_in even during flush
    - BUG/MEDIUM: samples: make smp_dup() always duplicate the sample
    - MINOR: sample: implement smp_is_safe() and smp_make_safe()
    - MINOR: sample: provide smp_is_rw() and smp_make_rw()
    - BUG/MAJOR: server: the "sni" directive could randomly cause trouble
    - BUG/MEDIUM: stick-tables: do not fail on string keys with no allocated size
    - BUG/MEDIUM: stick-table: properly convert binary samples to keys
    - MINOR: sample: use smp_make_rw() in upper/lower converters
    - MINOR: tcp: add dst_is_local and src_is_local
    - BUG/MINOR: peers: some updates are pushed twice after a resync.
    - BUILD: protocol: fix some build errors on OpenBSD
    - BUILD: log: iovec requires to include sys/uio.h on OpenBSD
    - BUILD: tcp: do not include netinet/ip.h for IP_TTL
    - BUILD: connection: fix build breakage on openbsd due to missing in_systm.h
    - BUILD: checks: remove the last strcat and eliminate a warning on OpenBSD
    - BUILD: tcp: define SOL_TCP when only IPPROTO_TCP exists
    - BUILD: compression: remove a warning when no compression lib is used
    - BUILD: poll: remove unused hap_fd_isset() which causes a warning with clang
    - MINOR: tcp: add further tcp info fetchers
    - BUG/MINOR: peers: empty chunks after a resync.
    - BUG/MAJOR: stick-counters: possible crash when using sc_trackers with wrong table
    - MINOR: standard.c: ipcmp() function to compare 2 IP addresses stored in 2 struct sockaddr_storage
    - MINOR: standard.c: ipcpy() function to copy an IP address from a struct sockaddr_storage into an other one
    - MAJOR: listen section: don't use first bind port anymore when no server ports are provided
2016-08-14 12:25:21 +02:00
Willy Tarreau
7d1b48fae0 [RELEASE] Released version 1.7-dev3
Released version 1.7-dev3 with the following main changes :
    - MINOR: sample: Moves ARGS underlying type from 32 to 64 bits.
    - BUG/MINOR: log: Don't use strftime() which can clobber timezone if chrooted
    - BUILD: namespaces: fix a potential build warning in namespaces.c
    - MINOR: da: Using ARG12 macro for the sample fetch and the convertor.
    - DOC: add encoding to json converter example
    - BUG/MINOR: conf: "listener id" expects integer, but its not checked
    - DOC: Clarify tunes.vars.xxx-max-size settings
    - CLEANUP: chunk: adding NULL check to chunk_dup allocation.
    - CLEANUP: connection: fix double negation on memcmp()
    - BUG/MEDIUM: peers: fix incorrect age in frequency counters
    - BUG/MEDIUM: Fix RFC5077 resumption when more than TLS_TICKETS_NO are present
    - BUG/MAJOR: Fix crash in http_get_fhdr with exactly MAX_HDR_HISTORY headers
    - BUG/MINOR: lua: can't load external libraries
    - BUG/MINOR: prevent the dump of uninitialized vars
    - CLEANUP: map: it seems that the map were planed to be chained
    - MINOR: lua: move class registration facilities
    - MINOR: lua: remove some useless checks
    - CLEANUP: lua: Remove two same functions
    - MINOR: lua: refactor the Lua object registration
    - MINOR: lua: precise message when a critical error is catched
    - MINOR: lua: post initialization
    - MINOR: lua: Add internal function which strip spaces
    - MINOR: lua: convert field to lua type
    - DOC: "addr" parameter applies to both health and agent checks
    - DOC: timeout client: pointers to timeout http-request
    - DOC: typo on stick-store response
    - DOC: stick-table: amend paragraph blaming the loss of table upon reload
    - DOC: typo: ACL subdir match
    - DOC: typo: maxconn paragraph is wrong due to a wrong buffer size
    - DOC: regsub: parser limitation about the inability to use closing square brackets
    - DOC: typo: req.uri is now replaced by capture.req.uri
    - DOC: name set-gpt0 mismatch with the expected keyword
    - MINOR: http: sample fetch which returns unique-id
    - MINOR: dumpstats: extract stats fields enum and names
    - MINOR: dumpstats: split stats_dump_info_to_buffer() in two parts
    - MINOR: dumpstats: split stats_dump_fe_stats() in two parts
    - MINOR: dumpstats: split stats_dump_li_stats() in two parts
    - MINOR: dumpstats: split stats_dump_sv_stats() in two parts
    - MINOR: dumpstats: split stats_dump_be_stats() in two parts
    - MINOR: lua: dump general info
    - MINOR: lua: add class proxy
    - MINOR: lua: add class server
    - MINOR: lua: add class listener
    - BUG/MEDIUM: stick-tables: some sample-fetch doesn't work in the connection state.
    - MEDIUM: proxy: use dynamic allocation for error dumps
    - CLEANUP: remove unneeded casts
    - CLEANUP: uniformize last argument of malloc/calloc
    - DOC: fix "needed" typo
    - BUG/MINOR: dumpstats: fix write to global chunk
    - BUG/MINOR: dns: inapropriate way out after a resolution timeout
    - BUG/MINOR: dns: trigger a DNS query type change on resolution timeout
    - CLEANUP: proto_http: few corrections for gcc warnings.
    - BUG/MINOR: DNS: resolution structure change
    - BUG/MINOR : allow to log cookie for tarpit and denied request
    - BUG/MEDIUM: ssl: rewind the BIO when reading certificates
    - OPTIM/MINOR: session: abort if possible before connecting to the backend
    - DOC: http: rename the unique-id sample and add the documentation
    - BUG/MEDIUM: trace.c: rdtsc() is defined in two files
    - BUG/MEDIUM: channel: fix miscalculation of available buffer space (2nd try)
    - BUG/MINOR: server: risk of over reading the pref_net array.
    - BUG/MINOR: cfgparse: couple of small memory leaks.
    - BUG/MEDIUM: sample: initialize the pointer before parse_binary call.
    - DOC: fix discrepancy in the example for http-request redirect
    - MINOR: acl: Add predefined METH_DELETE, METH_PUT
    - CLEANUP: .gitignore cleanup
    - DOC: Clarify IPv4 address / mask notation rules
    - CLEANUP: fix inconsistency between fd->iocb, proto->accept and accept()
    - BUG/MEDIUM: fix maxaccept computation on per-process listeners
    - BUG/MINOR: listener: stop unbound listeners on startup
    - BUG/MINOR: fix maxaccept computation according to the frontend process range
    - TESTS: add blocksig.c to run tests with all signals blocked
    - MEDIUM: unblock signals on startup.
    - MINOR: filters: Print the list of existing filters during HA startup
    - MINOR: filters: Typo in an error message
    - MINOR: filters: Filters must define the callbacks struct during config parsing
    - DOC: filters: Add filters documentation
    - BUG/MEDIUM: channel: don't allow to overwrite the reserve until connected
    - BUG/MEDIUM: channel: incorrect polling condition may delay event delivery
    - BUG/MEDIUM: channel: fix miscalculation of available buffer space (3rd try)
    - BUG/MEDIUM: log: fix risk of segfault when logging HTTP fields in TCP mode
    - MINOR: Add ability for agent-check to set server maxconn
    - CLEANUP: Use server_parse_maxconn_change_request for maxconn CLI updates
    - MINOR: filters: add opaque data
    - BUG/MEDIUM: lua: protects the upper boundary of the argument list for converters/fetches.
    - MINOR: lua: migrate the argument mask to 64 bits type.
    - BUG/MINOR: dumpstats: Fix the "Total bytes saved" counter in backends stats
    - BUG/MINOR: log: fix a typo that would cause %HP to log <BADREQ>
    - BUG/MEDIUM: http: fix incorrect reporting of server errors
    - MINOR: channel: add new function channel_congested()
    - BUG/MEDIUM: http: fix risk of CPU spikes with pipelined requests from dead client
    - BUG/MAJOR: channel: fix miscalculation of available buffer space (4th try)
    - BUG/MEDIUM: stream: ensure the SI_FL_DONT_WAKE flag is properly cleared
    - BUG/MEDIUM: channel: fix inconsistent handling of 4GB-1 transfers
    - BUG/MEDIUM: stats: show servers state may show an empty or incomplete result
    - BUG/MEDIUM: stats: show backend may show an empty or incomplete result
    - MINOR: stats: fix typo in help messages
    - MINOR: stats: show stat resolvers missing in the help message
    - BUG/MINOR: dns: fix DNS header definition
    - BUG/MEDIUM: dns: fix alignment issue when building DNS queries
    - CLEANUP: don't ignore scripts in .gitignore
    - BUILD: add a few release and backport scripts in scripts/
2016-05-10 15:36:58 +02:00
Willy Tarreau
8234f6dae8 [RELEASE] Released version 1.7-dev2
Released version 1.7-dev2 with the following main changes :
    - DOC: lua: fix lua API
    - DOC: mailers: typo in 'hostname' description
    - DOC: compression: missing mention of libslz for compression algorithm
    - BUILD/MINOR: regex: missing header
    - BUG/MINOR: stream: bad return code
    - DOC: lua: fix somme errors and add implicit types
    - MINOR: lua: add set/get priv for applets
    - BUG/MINOR: http: fix several off-by-one errors in the url_param parser
    - BUG/MINOR: http: Be sure to process all the data received from a server
    - MINOR: filters/http: Use a wrapper function instead of stream_int_retnclose
    - BUG/MINOR: chunk: make chunk_dup() always check and set dst->size
    - DOC: ssl: fixed some formatting errors in crt tag
    - MINOR: chunks: ensure that chunk_strcpy() adds a trailing zero
    - MINOR: chunks: add chunk_strcat() and chunk_newstr()
    - MINOR: chunk: make chunk_initstr() take a const string
    - MEDIUM: tools: add csv_enc_append() to preserve the original chunk
    - MINOR: tools: make csv_enc_append() always start at the first byte of the chunk
    - MINOR: lru: new function to delete <nb> least recently used keys
    - DOC: add Ben Shillito as the maintainer of 51d
    - BUG/MINOR: 51d: Ensures a unique domain for each configuration
    - BUG/MINOR: 51d: Aligns Pattern cache implementation with HAProxy best practices.
    - BUG/MINOR: 51d: Releases workset back to pool.
    - BUG/MINOR: 51d: Aligned const pointers to changes in 51Degrees.
    - CLEANUP: 51d: Aligned if statements with HAProxy best practices and removed casts from malloc.
    - MINOR: rename master process name in -Ds (systemd mode)
    - DOC: fix a few spelling mistakes
    - DOC: fix "workaround" spelling
    - BUG/MINOR: examples: Fixing haproxy.spec to remove references to .cfg files
    - MINOR: fix the return type for dns_response_get_query_id() function
    - MINOR: server state: missing LF (\n) on error message printed when parsing server state file
    - BUG/MEDIUM: dns: no DNS resolution happens if no ports provided to the nameserver
    - BUG/MAJOR: servers state: server port is erased when dns resolution is enabled on a server
    - BUG/MEDIUM: servers state: server port is used uninitialized
    - BUG/MEDIUM: config: Adding validation to stick-table expire value.
    - BUG/MEDIUM: sample: http_date() doesn't provide the right day of the week
    - BUG/MEDIUM: channel: fix miscalculation of available buffer space.
    - MEDIUM: pools: add a new flag to avoid rounding pool size up
    - BUG/MEDIUM: buffers: do not round up buffer size during allocation
    - BUG/MINOR: stream: don't force retries if the server is DOWN
    - BUG/MINOR: counters: make the sc-inc-gpc0 and sc-set-gpt0 touch the table
    - MINOR: unix: don't mention free ports on EAGAIN
    - BUG/CLEANUP: CLI: report the proper field states in "show sess"
    - MINOR: stats: send content-length with the redirect to allow keep-alive
    - BUG: stream_interface: Reuse connection even if the output channel is empty
    - DOC: remove old tunnel mode assumptions
    - BUG/MAJOR: http-reuse: fix risk of orphaned connections
    - BUG/MEDIUM: http-reuse: do not share private connections across backends
    - BUG/MINOR: ssl: Be sure to use unique serial for regenerated certificates
    - BUG/MINOR: stats: fix missing comma in stats on agent drain
    - MAJOR: filters: Add filters support
    - MINOR: filters: Do not reset stream analyzers if the client is gone
    - REORG: filters: Prepare creation of the HTTP compression filter
    - MAJOR: filters/http: Rewrite the HTTP compression as a filter
    - MEDIUM: filters: Use macros to call filters callbacks to speed-up processing
    - MEDIUM: filters: remove http_start_chunk, http_last_chunk and http_chunk_end
    - MEDIUM: filters: Replace filter_http_headers callback by an analyzer
    - MEDIUM: filters/http: Move body parsing of HTTP messages in dedicated functions
    - MINOR: filters: Add stream_filters structure to hide filters info
    - MAJOR: filters: Require explicit registration to filter HTTP body and TCP data
    - MINOR: filters: Remove unused or useless stuff and do small optimizations
    - MEDIUM: filters: Optimize the HTTP compression for chunk encoded response
    - MINOR: filters/http: Slightly update the parsing of chunks
    - MINOR: filters/http: Forward remaining data when a channel has no "data" filters
    - MINOR: filters: Add an filter example
    - MINOR: filters: Extract proxy stuff from the struct filter
    - MINOR: map: Add regex matching replacement
    - BUG/MINOR: lua: unsafe initialization
    - DOC: lua: fix somme errors
    - MINOR: lua: file dedicated to unsafe functions
    - MINOR: lua: add "now" time function
    - MINOR: standard: add RFC HTTP date parser
    - MINOR: lua: Add date functions
    - MINOR: lua: move common function
    - MINOR: lua: merge function
    - MINOR: lua: Add concat class
    - MINOR: standard: add function "escape_chunk"
    - MEDIUM: log: add a new log format flag "E"
    - DOC: add server name at rate-limit sessions example
    - BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation
    - BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation
    - DOC: LUA: fix some typos and syntax errors
    - MINOR: cli: add a new "show env" command
    - MEDIUM: config: allow to manipulate environment variables in the global section
    - MEDIUM: cfgparse: reject incorrect 'timeout retry' keyword spelling in resolvers
    - MINOR: mailers: increase default timeout to 10 seconds
    - MINOR: mailers: use <CRLF> for all line endings
    - BUG/MAJOR: lua: segfault using Concat object
    - DOC: lua: copyrights
    - MINOR: common: mask conversion
    - MEDIUM: dns: extract options
    - MEDIUM: dns: add a "resolve-net" option which allow to prefer an ip in a network
    - MINOR: mailers: make it possible to configure the connection timeout
    - BUG/MAJOR: lua: applets can't sleep.
    - BUG/MINOR: server: some prototypes are renamed
    - BUG/MINOR: lua: Useless copy
    - BUG/MEDIUM: stats: stats bind-process doesn't propagate the process mask correctly
    - BUG/MINOR: server: fix the format of the warning on address change
    - CLEANUP: server: add "const" to some message strings
    - MINOR: server: generalize the "updater" source
    - BUG/MEDIUM: chunks: always reject negative-length chunks
    - BUG/MINOR: systemd: ensure we don't miss signals
    - BUG/MINOR: systemd: report the correct signal in debug message output
    - BUG/MINOR: systemd: propagate the correct signal to haproxy
    - MINOR: systemd: ensure a reload doesn't mask a stop
    - BUG/MEDIUM: cfgparse: wrong argument offset after parsing server "sni" keyword
    - CLEANUP: stats: Avoid computation with uninitialized bits.
    - CLEANUP: pattern: Ignore unknown samples in pat_match_ip().
    - CLEANUP: map: Avoid memory leak in out-of-memory condition.
    - BUG/MINOR: tcpcheck: fix incorrect list usage resulting in failure to load certain configs
    - BUG/MAJOR: samples: check smp->strm before using it
    - MINOR: sample: add a new helper to initialize the owner of a sample
    - MINOR: sample: always set a new sample's owner before evaluating it
    - BUG/MAJOR: vars: always retrieve the stream and session from the sample
    - CLEANUP: payload: remove useless and confusing nullity checks for channel buffer
    - BUG/MINOR: ssl: fix usage of the various sample fetch functions
    - MINOR: stats: create fields types suitable for all CSV output data
    - MINOR: stats: add all the "show info" fields in a table
    - MEDIUM: stats: fill all the show info elements prior to displaying them
    - MINOR: stats: add a function to emit fields into a chunk
    - MINOR: stats: add stats_dump_info_fields() to dump one field per line
    - MEDIUM: stats: make use of stats_dump_info_fields() for "show info"
    - MINOR: stats: add a declaration of all stats fields
    - MINOR: stats: don't hard-code the CSV fields list anymore
    - MINOR: stats: create stats fields storage and CSV dump function
    - MEDIUM: stats: convert stats_dump_fe_stats() to use stats_dump_fields_csv()
    - MEDIUM: stats: make stats_dump_fe_stats() use stats fields for HTML dump
    - MEDIUM: stats: convert stats_dump_li_stats() to use stats_dump_fields_csv()
    - MEDIUM: stats: make stats_dump_li_stats() use stats fields for HTML dump
    - MEDIUM: stats: convert stats_dump_be_stats() to use stats_dump_fields_csv()
    - MEDIUM: stats: make stats_dump_be_stats() use stats fields for HTML dump
    - MEDIUM: stats: convert stats_dump_sv_stats() to use stats_dump_fields_csv()
    - MEDIUM: stats: make stats_dump_sv_stats() use the stats field for HTML
    - MEDIUM: stats: move the server state coloring logic to the server dump function
    - MINOR: stats: do not use srv->admin & STATS_ADMF_MAINT in HTML dumps
    - MINOR: stats: do not check srv->state for SRV_ST_STOPPED in HTML dumps
    - MINOR: stats: make CSV report server check status only when enabled
    - MINOR: stats: only report backend's down time if it has servers
    - MINOR: stats: prepend '*' in front of the check status when in progress
    - MINOR: stats: make HTML stats dump rely on the table for the check status
    - MINOR: stats: add agent_status, agent_code, agent_duration to output
    - MINOR: stats: add check_desc and agent_desc to the output fields
    - MINOR: stats: add check and agent's health values in the output
    - MEDIUM: stats: make the HTML server state dump use the CSV states
    - MEDIUM: stats: only report observe errors when observe is set
    - MEDIUM: stats: expose the same flags for CLI and HTTP accesses
    - MEDIUM: stats: report server's address in the CSV output
    - MEDIUM: stats: report the cookie value in the server & backend CSV dumps
    - MEDIUM: stats: compute the color code only in the HTML form
    - MEDIUM: stats: report the listeners' address in the CSV output
    - MEDIUM: stats: make it possible to report the WAITING state for listeners
    - REORG: stats: dump the frontend's HTML stats via a generic function
    - REORG: stats: dump the socket stats via the generic function
    - REORG: stats: dump the server stats via the generic function
    - REORG: stats: dump the backend stats via the generic function
    - MEDIUM: stats: add a new "mode" column to report the proxy mode
    - MINOR: stats: report the load balancing algorithm in CSV output
    - MINOR: stats: add 3 fields to report the frontend-specific connection stats
    - MINOR: stats: report number of intercepted requests for frontend and backends
    - MINOR: stats: introduce stats_dump_one_line() to dump one stats line
    - CLEANUP: stats: make stats_dump_fields_html() not rely on proxy anymore
    - MINOR: stats: add ST_SHOWADMIN to pass the admin info in the regular flags
    - MINOR: stats: make stats_dump_fields_html() not use &trash by default
    - MINOR: stats: add functions to emit typed fields into a chunk
    - MEDIUM: stats: support "show info typed" on the CLI
    - MEDIUM: stats: implement a typed output format for stats
    - DOC: document the "show info typed" and "show stat typed" output formats
    - MINOR: cfgparse: warn when uid parameter is not a number
    - MINOR: cfgparse: warn when gid parameter is not a number
    - BUG/MINOR: standard: Avoid free of non-allocated pointer
    - BUG/MINOR: pattern: Avoid memory leak on out-of-memory condition
    - CLEANUP: http: fix a build warning introduced by a recent fix
    - BUG/MINOR: log: GMT offset not updated when entering/leaving DST
2016-03-14 00:10:05 +01:00
Chris Short
bb107185d1 BUG/MINOR: examples: Fixing haproxy.spec to remove references to .cfg files
Building RPMs from the provided haproxy.spec fails due to references to
config files that do not exist.

I should point out, this patch will inevitably create an empty /etc/haproxy
dir and I'm not sure that's desirable/intended.
2016-01-18 16:00:20 +01:00
Willy Tarreau
cb92825af9 [RELEASE] Released version 1.7-dev1
Released version 1.7-dev1 with the following main changes :
    - DOC: specify that stats socket doc (section 9.2) is in management
    - BUILD: install only relevant and existing documentation
    - CLEANUP: don't ignore debian/ directory if present
    - BUG/MINOR: dns: parsing error of some DNS response
    - BUG/MEDIUM: namespaces: don't fail if no namespace is used
    - BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is disabled
    - MEDIUM: dns: Don't use the ANY query type
    - BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL < 1.0.0
    - DOC: fix a typo for a "deviceatlas" keyword
    - FIX: small typo in an example using the "Referer" header
    - MINOR: cli: ability to set per-server maxconn
    - DEBUG/MINOR: memory: add a build option to disable memory pools sharing
    - DEBUG/MEDIUM: memory: optionally protect free data in pools
    - DEBUG/MEDIUM: memory: add optional control pool memory operations
    - MEDIUM: memory: add accounting for failed allocations
    - BUG/MEDIUM: config: count memory limits on 64 bits, not 32
    - BUG/MAJOR: dns: first DNS response packet not matching queried hostname may lead to a loop
    - BUG/MINOR: dns: unable to parse CNAMEs response
    - BUG/MINOR: examples/haproxy.init: missing brace in quiet_check()
    - DOC: deviceatlas: more example use cases.
    - MINOR: config: allow IPv6 bracketed literals
    - BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin.
    - BUILD: add Haiku as supported target.
    - BUG/MAJOR: http: don't requeue an idle connection that is already queued
    - DOC: typo on capture.res.hdr and capture.req.hdr
    - BUG/MINOR: dns: check for duplicate nameserver id in a resolvers section was missing
    - CLEANUP: use direction names in place of numeric values
    - BUG/MEDIUM: lua: sample fetches based on response doesn't work
    - MINOR: check: add agent-send server parameter
    - BUG/MINOR: http rule: http capture 'id' rule points to a non existing id
    - BUG/MINOR: server: check return value of fgets() in apply_server_state()
    - BUG/MINOR: acl: don't use record layer in req_ssl_ver
    - BUILD: freebsd: double declaration
    - BUG/MEDIUM: lua: clean output buffer
    - BUILD: check for libressl to be able to build against it
    - DOC: lua-api/index.rst small example fixes, spelling correction.
    - DOC: lua: architecture and first steps
    - DOC: relation between timeout http-request and option http-buffer-request
    - BUILD: Make deviceatlas require PCRE
    - BUG: http: do not abort keep-alive connections on server timeout
    - BUG/MEDIUM: http: switch the request channel to no-delay once done.
    - BUG/MINOR: lua: don't force-sslv3 LUA's SSL socket
    - BUILD/MINOR: http: proto_http.h needs sample.h
    - BUG/MEDIUM: http: don't enable auto-close on the response side
    - BUG/MEDIUM: stream: fix half-closed timeout handling
    - CLEANUP: compression: don't allocate DEFAULT_MAXZLIBMEM without USE_ZLIB
    - BUG/MEDIUM: cli: changing compression rate-limiting must require admin level
    - BUG/MEDIUM: sample: urlp can't match an empty value
    - BUILD: dumpstats: silencing warning for printf format specifier / time_t
    - CLEANUP: proxy: calloc call inverted arguments
    - MINOR: da: silent logging by default and displaying DeviceAtlas support if built.
    - BUG/MEDIUM: da: stop DeviceAtlas processing in the convertor if there is no input.
    - DOC: Edited 51Degrees section of README/
    - BUG/MEDIUM: checks: email-alert not working when declared in defaults
    - BUG/MINOR: checks: email-alert causes a segfault when an unknown mailers section is configured
    - BUG/MINOR: checks: typo in an email-alert error message
    - BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and last rule is a CONNECT with no port
    - BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and first rule(s) is (are) COMMENT
    - BUG/MEDIUM: http: fix http-reuse when frontend and backend differ
    - DOC: prefer using http-request/response over reqXXX/rspXXX directives
    - CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro.
    - MINOR: ssl: Added cert_key_and_chain struct
    - MEDIUM: ssl: Added support for creating SSL_CTX with multiple certs
    - MINOR: ssl: Added multi cert support for crt-list config keyword
    - MEDIUM: ssl: Added multi cert support for loading crt directories
    - MEDIUM: ssl: Added support for Multi-Cert OCSP Stapling
    - BUILD: ssl: set SSL_SOCK_NUM_KEYTYPES with openssl < 1.0.2
    - MINOR: config: make tune.recv_enough configurable
    - BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced
    - DOC: ssl: Adding docs for Multi-Cert bundling
    - BUG/MEDIUM: peers: table entries learned from a remote are pushed to others after a random delay.
    - BUG/MEDIUM: peers: old stick table updates could be repushed.
    - MINOR: lua: service/applet can have access to the HTTP headers when a POST is received
    - REORG/MINOR: lua: convert boolean "int" to bitfield
    - BUG/MEDIUM: lua: Lua applets must not fetch samples using http_txn
    - BUG/MINOR: lua: Lua applets must not use http_txn
    - BUG/MEDIUM: lua: Forbid HTTP applets from being called from tcp rulesets
    - BUG/MAJOR: lua: Do not force the HTTP analysers in use-services
    - CLEANUP: lua: bad error messages
    - CONTRIB: initiate a debugging suite to make debugging easier
2015-12-20 23:33:18 +01:00
Willy Tarreau
991b47831a [RELEASE] Released version 1.7-dev0
Released version 1.7-dev0 with the following main changes :
    - exact copy of 1.6.0
2015-10-13 21:48:10 +02:00
Willy Tarreau
844028bb11 [RELEASE] Released version 1.6.0
Released version 1.6.0 with the following main changes :
    - BUG/MINOR: Handle interactive mode in cli handler
    - DOC: global section missing parameters
    - DOC: backend section missing parameters
    - DOC: stats paramaters available in frontend
    - MINOR: lru: do not allocate useless memory in lru64_lookup
    - BUG/MINOR: http: Add OPTIONS in supported http methods (found by find_http_meth)
    - BUG/MINOR: ssl: fix management of the cache where forged certificates are stored
    - MINOR: ssl: Release Servers SSL context when HAProxy is shut down
    - MINOR: ssl: Read the file used to generate certificates in any order
    - MINOR: ssl: Add support for EC for the CA used to sign generated certificates
    - MINOR: ssl: Add callbacks to set DH/ECDH params for generated certificates
    - BUG/MEDIUM: logs: fix time zone offset format in RFC5424
    - BUILD: Fix the build on OSX (htonll/ntohll)
    - BUILD: enable build on Linux/s390x
    - BUG/MEDIUM: lua: direction test failed
    - MINOR: lua: fix a spelling error in some error messages
    - CLEANUP: cli: ensure we can never double-free error messages
    - BUG/MEDIUM: lua: force server-close mode on Lua services
    - MEDIUM: init: support more command line arguments after pid list
    - MEDIUM: init: support a list of files on the command line
    - MINOR: debug: enable memory poisonning to use byte 0
    - BUILD: ssl: fix build error introduced by recent commit
    - BUG/MINOR: config: make the stats socket pass the correct proxy to the parsers
    - MEDIUM: server: implement TCP_USER_TIMEOUT on the server
    - DOC: mention the "namespace" options for bind and server lines
    - DOC: add the "management" documentation
    - DOC: move the stats socket documentation from config to management
    - MINOR: examples: update haproxy.spec to mention new docs
    - DOC: mention management.txt in README
    - DOC: remove haproxy-{en,fr}.txt
    - BUILD: properly report when USE_ZLIB and USE_SLZ are used together
    - MINOR: init: report use of libslz instead of "no compression"
    - CLEANUP: examples: remove some obsolete and confusing files
    - CLEANUP: examples: remove obsolete configuration file samples
    - CLEANUP: examples: fix the example file content-sw-sample.cfg
    - CLEANUP: examples: update sample file option-http_proxy.cfg
    - CLEANUP: examples: update sample file ssl.cfg
    - CLEANUP: tests: move a test file from examples/ to tests/
    - CLEANUP: examples: shut up warnings in transparent proxy example
    - CLEANUP: tests: removed completely obsolete test files
    - DOC: update ROADMAP to remove what was done in 1.6
    - BUG/MEDIUM: pattern: fixup use_after_free in the pat_ref_delete_by_id
2015-10-13 18:52:22 +02:00
Willy Tarreau
cf2316644d MINOR: examples: update haproxy.spec to mention new docs
intro.txt and management.txt were added. haproxy-{en,fr}.txt were removed.
2015-10-13 16:35:36 +02:00
Willy Tarreau
8c1ad716df [RELEASE] Released version 1.6-dev7
Released version 1.6-dev7 with the following main changes :
    - MINOR: cli: Dump all resolvers stats if no resolver section is given
    - BUG: config: external-check command validation is checking for incorrect arguments.
    - DOC: documentation format cleanups
    - DOC: lua: few typos.
    - BUG/MEDIUM: str2ip: make getaddrinfo() consider local address selection policy
    - BUG/MEDIUM: logs: segfault writing to log from Lua
    - DOC: fix lua use-service example
    - MINOR: payload: add support for tls session ticket ext
    - MINOR: lua: remove the run flag
    - MEDIUM: lua: change the timeout execution
    - MINOR: lua: rename the tune.lua.applet-timeout
    - DOC: lua: update Lua doc
    - DOC: lua: update doc according with the last Lua changes
    - MINOR: http/tcp: fill the avalaible actions
    - DOC: reorder misplaced res.ssl_hello_type in the doc
    - BUG/MINOR: tcp: make silent-drop always force a TCP reset
    - CLEANUP: tcp: silent-drop: only drain the connection when quick-ack is disabled
    - BUILD: tcp: use IPPROTO_IP when SOL_IP is not available
    - BUILD: server: fix build warnings introduced by load-server-state
    - BUG/MEDIUM: server: fix misuse of format string in load-server-state's warnings
2015-10-06 12:13:56 +02:00
Willy Tarreau
e7ae656cf7 [RELEASE] Released version 1.6-dev6
Released version 1.6-dev6 with the following main changes :
    - BUG/MAJOR: can't enable a server through the stat socket
    - MINOR: server: Macro definition for server-state
    - MINOR: cli: new stats socket command: show servers state
    - DOC: stats socket command: show servers state
    - MINOR: config: new global directive server-state-base
    - DOC: global directive server-state-base
    - MINOR: config: new global section directive: server-state-file
    - DOC: new global directive: server-state-file
    - MINOR: config: new backend directives: load-server-state-from-file and server-state-file-name
    - DOC: load-server-state-from-file
    - MINOR: init: server state loaded from file
    - MINOR: server: startup slowstart task when using seamless reload of HAProxy
    - MINOR: cli: new stats socket command: show backend
    - DOC: servers state seamless reload example
    - BUG: dns: can't connect UDP socket on FreeBSD
    - MINOR: cfgparse: New function cfg_unregister_sections()
    - MINOR: chunk: New function free_trash_buffers()
    - BUG/MEDIUM: main: Freeing a bunch of static pointers
    - MINOR: proto_http: Externalisation of previously internal functions
    - MINOR: global: Few new struct fields for da module
    - MAJOR: da: Update of the DeviceAtlas API module
    - DOC: DeviceAtlas new keywords
    - DOC: README: DeviceAtlas sample configuration updates
    - MEDIUM: log: replace sendto() with sendmsg() in __send_log()
    - MEDIUM: log: use a separate buffer for the header and for the message
    - MEDIUM: logs: remove the hostname, tag and pid part from the logheader
    - MEDIUM: logs: add support for RFC5424 header format per logger
    - MEDIUM: logs: add a new RFC5424 log-format for the structured-data
    - DOC: mention support for the RFC5424 syslog message format
    - MEDIUM: logs: have global.log_send_hostname not contain the trailing space
    - MEDIUM: logs: pass the trailing "\n" as an iovec
    - BUG/MEDIUM: peers: some table updates are randomly not pushed.
    - BUG/MEDIUM: peers: same table updates re-pushed after a re-connect
    - BUG/MINOR: fct peer_prepare_ackmsg should not use trash.
    - MINOR: http: made CHECK_HTTP_MESSAGE_FIRST accessible to other functions
    - MINOR: global: Added new fields for 51Degrees device detection
    - DOC: Added more explanation for 51Degrees V3.2
    - BUILD: Changed 51Degrees option to support V3.2
    - MAJOR: 51d: Upgraded to support 51Degrees V3.2 and new features
    - MINOR: 51d: Improved string handling for LRU cache
    - DOC: add references to rise/fall for the fastinter explanation
    - MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
    - BUG/MAJOR: lua: potential unexpected aborts()
    - BUG/MINOR: lua: breaks the log message if his size exceed one buffer
    - MINOR: action: add private configuration
    - MINOR: action: add reference to the original keywork matched for the called parser.
    - MINOR: lua: change actions registration
    - MEDIUM: proto_http: smp_prefetch_http initialize txn
    - MINOR: channel: rename function chn_sess to chn_strm
    - CLEANUP: lua: align defines
    - MINOR: http: export http_get_path() function
    - MINOR: http: export the get_reason() function
    - MINOR: http: export function http_msg_analyzer()
    - MINOR: http: split initialization
    - MINOR: lua: reset pointer after use
    - MINOR: lua: identify userdata objects
    - MEDIUM: lua: use the function lua_rawset in place of lua_settable
    - BUG/MAJOR: lua: segfault after the channel data is modified by some Lua action.
    - CLEANUP: lua: use calloc in place of malloc
    - BUG/MEDIUM: lua: longjmp function must be unregistered
    - BUG/MEDIUM: lua: forces a garbage collection
    - BUG/MEDIUM: lua: wakeup task on bad conditions
    - MINOR: standard: avoid DNS resolution from the function str2sa_range()
    - MINOR: lua: extend socket address to support non-IP families
    - MINOR: lua/applet: the cosocket applet should use appctx_wakeup in place of task_wakeup
    - BUG/MEDIUM: lua: socket destroy before reading pending data
    - MEDIUM: lua: change the GC policy
    - OPTIM/MEDIUM: lua: executes the garbage collector only when using cosocket
    - BUG/MEDIUM: lua: don't reset undesired flags in hlua_ctx_resume
    - MINOR: applet: add init function
    - MINOR: applet: add an execution timeout
    - MINOR: stream/applet: add use-service action
    - MINOR: lua: add AppletTCP class and service
    - MINOR: lua: add AppletHTTP class and service
    - DOC: lua: some documentation update
    - DOC: add the documentation about internal circular lists
    - DOC: add a CONTRIBUTING file
    - DOC: add a MAINTAINERS file
    - BUG/MAJOR: peers: fix a crash when stopping peers on unbound processes
    - DOC: update coding-style to reference checkpatch.pl
    - BUG/MEDIUM: stick-tables: fix double-decrement of tracked entries
    - BUG/MINOR: args: add name for ARGT_VAR
    - DOC: add more entries to MAINTAINERS
    - DOC: add more entries to MAINTAINERS
    - CLEANUP: stream-int: remove obsolete function si_applet_call()
    - BUG/MAJOR: cli: do not dereference strm_li()->proto->name
    - BUG/MEDIUM: http: do not dereference strm_li(stream)
    - BUG/MEDIUM: proxy: do not dereference strm_li(stream)
    - BUG/MEDIUM: stream: do not dereference strm_li(stream)
    - MINOR: stream-int: use si_release_endpoint() to close idle conns
    - BUG/MEDIUM: payload: make req.payload and payload_lv aware of dynamic buffers
    - BUG/MEDIUM: acl: always accept match "found"
    - MINOR: applet: rename applet_runq to applet_active_queue
    - BUG/MAJOR: applet: use a separate run queue to maintain list integrity
    - MEDIUM: stream-int: split stream_int_update_conn() into si- and conn-specific parts
    - MINOR: stream-int: implement a new stream_int_update() function
    - MEDIUM: stream-int: factor out the stream update functions
    - MEDIUM: stream-int: call stream_int_update() from si_update()
    - MINOR: stream-int: export stream_int_update_*
    - MINOR: stream-int: move the applet_pause call out of the stream updates
    - MEDIUM: stream-int: clean up the conditions to enable reading in si_conn_wake_cb
    - MINOR: stream-int: implement the stream_int_notify() function
    - MEDIUM: stream-int: use the same stream notification function for applets and conns
    - MEDIUM: stream-int: completely remove stream_int_update_embedded()
    - MINOR: stream-int: rename si_applet_done() to si_applet_wake_cb()
    - BUG/MEDIUM: applet: fix reporting of broken write situation
    - BUG/MINOR: stats: do not call cli_release_handler 3 times
    - BUG/MEDIUM: cli: properly handle closed output
    - MINOR: cli: do not call the release handler on internal error.
    - BUG/MEDIUM: stream-int: avoid double-call to applet->release
    - DEBUG: add p_malloc() to return a poisonned memory area
    - CLEANUP: lua: remove unneeded memset(0) after calloc()
    - MINOR: lua: use the proper applet wakeup mechanism
    - BUG/MEDIUM: lua: better fix for the protocol check
    - BUG/MEDIUM: lua: properly set the target on the connection
    - MEDIUM: actions: pass a new "flags" argument to custom actions
    - MEDIUM: actions: add new flag ACT_FLAG_FINAL to notify about last call
    - MEDIUM: http: pass ACT_FLAG_FINAL to custom actions
    - MEDIUM: lua: only allow actions to yield if not in a final call
    - DOC: clarify how to make use of abstract sockets in socat
    - CLEANUP: config: make the errorloc/errorfile messages less confusing
    - MEDIUM: action: add a new flag ACT_FLAG_FIRST
    - BUG/MINOR: config: check that tune.bufsize is always positive
    - MEDIUM: config: set tune.maxrewrite to 1024 by default
    - DOC: add David Carlier as maintainer of da.c
    - DOC: fix some broken unexpected unicode chars in the Lua doc.
    - BUG/MEDIUM: proxy: ignore stopped peers
    - BUG/MEDIUM: proxy: do not wake stopped proxies' tasks during soft_stop()
    - MEDIUM: init: completely deallocate unused peers
    - BUG/MEDIUM: tcp: fix inverted condition to call custom actions
    - DOC: remove outdated actions lists on tcp-request/response
    - MEDIUM: tcp: add new tcp action "silent-drop"
    - DOC: add URLs to optional libraries in the README
2015-09-28 23:46:27 +02:00
Willy Tarreau
a02e8a6cdf [RELEASE] Released version 1.6-dev5
Released version 1.6-dev5 with the following main changes :
    - MINOR: dns: dns_resolution structure update: time_t to unsigned int
    - BUG/MEDIUM: dns: DNS resolution doesn't start
    - BUG/MAJOR: dns: dns client resolution infinite loop
    - MINOR: dns: coding style update
    - MINOR: dns: new bitmasks to use against DNS flags
    - MINOR: dns: dns_nameserver structure update: new counter for truncated response
    - MINOR: dns: New DNS response analysis code: DNS_RESP_TRUNCATED
    - MEDIUM: dns: handling of truncated response
    - MINOR: DNS client query type failover management
    - MINOR: dns: no expected DNS record type found
    - MINOR: dns: new flag to report that no IP can be found in a DNS response packet
    - BUG/MINOR: DNS request retry counter used for retry only
    - DOC: DNS documentation updated
    - MEDIUM: actions: remove ACTION_STOP
    - BUG/MEDIUM: lua: outgoing connection was broken since 1.6-dev2 (bis)
    - BUG/MINOR: lua: last log character truncated.
    - CLEANUP: typo: bad indent
    - CLEANUP: actions: missplaced includes
    - MINOR: build: missing header
    - CLEANUP: lua: Merge log functions
    - BUG/MAJOR: http: don't manipulate the server connection if it's killed
    - BUG/MINOR: http: remove stupid HTTP_METH_NONE entry
    - BUG/MAJOR: http: don't call http_send_name_header() after an error
    - MEDIUM: tools: make str2sa_range() optionally return the FQDN
    - BUG/MINOR: tools: make str2sa_range() report unresolvable addresses
    - BUG/MEDIUM: dns: use the correct server hostname when resolving
2015-09-14 12:23:10 +02:00
Willy Tarreau
61d301fbfb [RELEASE] Released version 1.6-dev4
Released version 1.6-dev4 with the following main changes :
    - MINOR: log: Add log-format variable %HQ, to log HTTP query strings
    - DOC: typo in 'redirect', 302 code meaning
    - DOC: typos in tcp-check expect examples
    - DOC: resolve-prefer default value and default-server update
    - MINOR: DNS counters: increment valid counter
    - BUG/MEDIUM: DNS resolution response parsing broken
    - MINOR: server: add new SRV_ADMF_CMAINT flag
    - MINOR: server SRV_ADMF_CMAINT flag doesn't imply SRV_ADMF_FMAINT
    - BUG/MEDIUM: dns: wrong first time DNS resolution
    - BUG/MEDIUM: lua: Lua tasks fail to start.
    - BUILD: add USE_LUA to BUILD_OPTIONS when it's used
    - DOC/MINOR: fix OpenBSD versions where haproxy works
    - MINOR: 51d: unable to start haproxy without "51degrees-data-file"
    - BUG/MEDIUM: peers: fix wrong message id on stick table updates acknowledgement.
    - BUG/MAJOR: peers: fix current table pointer not re-initialized on session release.
    - BUILD: ssl: Allow building against libssl without SSLv3.
    - DOC: clarify some points about SSL and the proxy protocol
    - DOC: mention support for RFC 5077 TLS Ticket extension in starter guide
    - BUG/MEDIUM: mailer: DATA part must be terminated with <CRLF>.<CRLF>
    - DOC: match several lua configuration option names to those implemented in code
    - MINOR cfgparse: Correct the mailer warning text to show the right names to the user
    - BUG/MINOR: ssl: TLS Ticket Key rotation broken via socket command
    - MINOR: stream: initialize the current_rule field to NULL on stream init
    - BUG/MEDIUM: lua: timeout error with converters, wrapper and actions.
    - CLEANUP: proto_http: remove useless initialisation
    - CLEANUP: http/tcp actions: remove the scope member
    - BUG/MINOR: proto_tcp: custom action continue is ignored
    - MINOR: proto_tcp: add session in the action prototype
    - MINOR: vars: reduce the code size of some wrappers
    - MINOR: Move http method enum from proto_http to sample
    - MINOR: sample: Add ipv6 to ipv4 and sint to ipv6 casts
    - MINOR: sample/proto_tcp: export "smp_fetch_src"
    - MEDIUM: cli: rely on the map's output type instead of the sample type
    - BUG/MEDIUM: stream: The stream doen't inherit SC from the session
    - BUG/MEDIUM: vars: segfault during the configuration parsing
    - BUG/MEDIUM: stick-tables: refcount error after copying SC for the session to the stream
    - BUG/MEDIUM: lua: bad error processing
    - MINOR: samples: rename a struct from sample_storage to sample_data
    - MINOR: samples: rename some struct member from "smp" to "data"
    - MEDIUM: samples: Use the "struct sample_data" in the "struct sample"
    - MINOR: samples: extract the anonymous union and create the union sample_value
    - MINOR: samples: rename union from "data" to "u"
    - MEDIUM: 51degrees: Adapt the 51Degrees library
    - MINOR: samples: data assignation simplification
    - MEDIUM: pattern/map: Maps can returns various types
    - MINOR: map: The map can return IPv4 and IPv6
    - MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs
    - MINOR: actions: Remove the data opaque pointer
    - MINOR: lua: use the hlua_rule type in place of opaque type
    - MINOR: vars: use the vars types as argument in place of opaque type
    - MINOR: proto_http: use an "expr" type in place of generic opaque type.
    - MINOR: proto_http: replace generic opaque types by real used types for the actions on thr request line
    - MINOR: proto_http: replace generic opaque types by real used types in "http_capture"
    - MINOR: proto_http: replace generic opaque types by real used types in "http_capture" by id
    - MEDIUM: track-sc: Move the track-sc configuration storage in the union
    - MEDIUM: capture: Move the capture configuration storage in the union
    - MINOR: actions: add "from" information
    - MINOR: actions: remove the mark indicating the last entry in enum
    - MINOR: actions: Declare all the embedded actions in the same header file
    - MINOR: actions: change actions names
    - MEDIUM: actions: Add standard return code for the action API
    - MEDIUM: actions: Merge (http|tcp)-(request|reponse) keywords structs
    - MINOR: proto_tcp: proto_tcp.h is now useles
    - MINOR: actions: mutualise the action keyword lookup
    - MEDIUM: actions: Normalize the return code of the configuration parsers
    - MINOR: actions: Remove wrappers
    - MAJOR: stick-tables: use sample types in place of dedicated types
    - MEDIUM: stick-tables: use the sample type names
    - MAJOR: stick-tables: remove key storage from the key struct
    - MEDIUM: stick-tables: Add GPT0 in the stick tables
    - MINOR: stick-tables: Add GPT0 access
    - MINOR: stick-tables: Add GPC0 actions
    - BUG/MEDIUM: lua: the lua fucntion Channel:close() causes a segfault
    - DOC: ssl: missing LF
    - MINOR: lua: add core.done() function
    - DOC: fix function name
    - BUG/MINOR: lua: in some case a sample may remain undefined
    - DOC: fix "http_action_set_req_line()" comments
    - MINOR: http: Action for manipulating the returned status code.
    - MEDIUM: lua: turns txn:close into txn:done
    - BUG/MEDIUM: lua: cannot process more Lua hooks after a "done()" function call
    - BUILD: link with libdl if needed for Lua support
    - CLEANUP: backend: factor out objt_server() in connect_server()
    - MEDIUM: backend: don't call si_alloc_conn() when we reuse a valid connection
    - MEDIUM: stream-int: simplify si_alloc_conn()
    - MINOR: stream-int: add new function si_detach_endpoint()
    - MINOR: server: add a list of private idle connections
    - MINOR: connection: add a new list member in the connection struct
    - MEDIUM: stream-int: queue idle connections at the server
    - MINOR: stream-int: make si_idle_conn() only accept valid connections
    - MINOR: server: add a list of already used idle connections
    - MINOR: connection: add a new flag CO_FL_PRIVATE
    - MINOR: config: add new setting "http-reuse"
    - MAJOR: backend: initial work towards connection reuse
    - MAJOR: backend: improve the connection reuse mechanism
    - MEDIUM: backend: implement "http-reuse safe"
    - MINOR: server: add a list of safe, already reused idle connections
    - MEDIUM: backend: add the "http-reuse aggressive" strategy
    - DOC: document the new http-reuse directive
    - DOC: internals: document next steps for HTTP connection reuse
    - DOC: mention that %ms is left-padded with zeroes.
    - MINOR: init: indicate to check 'bind' lines when no listeners were found.
    - MAJOR: http: remove references to appsession
    - CLEANUP: config: remove appsession initialization
    - CLEANUP: appsession: remove appsession.c and sessionhash.c
    - CLEANUP: tests: remove sessionhash_test.c and test-cookie-appsess.cfg
    - CLEANUP: proxy: remove last references to appsession
    - CLEANUP: appsession: remove the last include files
    - DOC: remove documentation about appsession
    - CLEANUP: .gitignore: ignore more test files
    - CLEANUP: .gitignore: finally ignore everything but what is known.
    - MEDIUM: config: emit a warning on a frontend without listener
    - DOC: add doc/internals/entities-v2.txt
    - DOC: add doc/linux-syn-cookies.txt
    - DOC: add design thoughts on HTTP/2
    - DOC: add some thoughts on connection sharing for HTTP/2
    - DOC: add design thoughts on dynamic buffer allocation
    - BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 creates a missing entry
    - DOC: add new file intro.txt
    - MAJOR: tproxy: remove support for cttproxy
    - BUG/MEDIUM: lua: outgoing connection was broken since 1.6-dev2
    - DOC: lua: replace txn:close with txn:done in lua-api
    - DOC: intro: minor updates and fixes
    - DOC: intro: fix too long line.
    - DOC: fix example of http-request using ssl_fc_session_id
    - BUG/MEDIUM: lua: txn:done() still causes a segfault in TCP mode
    - CLEANUP: lua: fix some indent issues
    - BUG/MEDIUM: lua: fix a segfault in txn:done() if called twice
    - DOC: lua: mention than txn:close was renamed txn:done.
2015-08-30 00:17:17 +02:00
Willy Tarreau
50bdda6e51 [RELEASE] Released version 1.6-dev3
Released version 1.6-dev3 with the following main changes :
    - CLEANUP: sample: generalize sample_fetch_string() as sample_fetch_as_type()
    - MEDIUM: http: Add new 'set-src' option to http-request
    - DOC usesrc root privileges requirments
    - BUG/MINOR: dns: wrong time unit for some DNS default parameters
    - MINOR: proxy: bit field for proxy_find_best_match diff status
    - MINOR: server: new server flag: SRV_F_FORCED_ID
    - MINOR: server: server_find functions: id, name, best_match
    - DOC: dns: fix chapters syntax
    - BUILD/MINOR: tools: rename popcount to my_popcountl
    - BUILD: add netbsd TARGET
    - MEDIUM: 51Degrees code refactoring and cleanup
    - MEDIUM: 51d: add LRU-based cache on User-Agent string detection
    - DOC: add notes about the "51degrees-cache-size" parameter
    - BUG/MEDIUM: 51d: possible incorrect operations on smp->data.str.str
    - BUG/MAJOR: connection: fix TLV offset calculation for proxy protocol v2 parsing
    - MINOR: Add sample fetch to detect Supported Elliptic Curves Extension
    - BUG/MINOR: payload: Add volatile flag to smp_fetch_req_ssl_ec_ext
    - BUG/MINOR: lua: type error in the arguments wrapper
    - CLEANUP: vars: remove unused struct
    - BUG/MINOR: http/sample: gmtime/localtime can fail
    - MINOR: standard: add 64 bits conversion functions
    - MAJOR: sample: converts uint and sint in 64 bits signed integer
    - MAJOR: arg: converts uint and sint in sint
    - MEDIUM: sample: switch to saturated arithmetic
    - MINOR: vars: returns variable content
    - MEDIUM: vars/sample: operators can use variables as parameter
    - BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id
    - BUILD/MINOR: lua: fix a harmless build warning
    - BUILD/MINOR: stats: fix build warning due to condition always true
    - BUG/MAJOR: lru: fix unconditional call to free due to unexpected semi-colon
    - BUG/MEDIUM: logs: fix improper systematic use of quotes with a few tags
    - BUILD/MINOR: lua: ensure that hlua_ctx_destroy is properly defined
    - BUG/MEDIUM: lru: fix possible memory leak when ->free() is used
    - MINOR: vars: make the accounting not depend on the stream
    - MEDIUM: vars: move the session variables to the session, not the stream
    - BUG/MEDIUM: vars: do not freeze the connection when the expression cannot be fetched
    - BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data
    - BUG/MAJOR: tcp: tcp rulesets were still broken
    - MINOR: stats: improve compression stats reporting
    - MINOR: ssl: make self-generated certs also work with raw IPv6 addresses
    - CLEANUP: ssl: make ssl_sock_generated_cert_serial() take a const
    - CLEANUP: ssl: make ssl_sock_generate_certificate() use ssl_sock_generated_cert_serial()
    - BUG/MINOR: log: missing some ARGC_* entries in fmt_directives()
    - MINOR: args: add new context for servers
    - MINOR: stream: maintain consistence between channel_forward and HTTP forward
    - MINOR: ssl: provide ia function to set the SNI extension on a connection
    - MEDIUM: ssl: add sni support on the server lines
    - CLEANUP: stream: remove a useless call to si_detach()
    - CLEANUP: stream-int: fix a few outdated comments about stream_int_register_handler()
    - CLEANUP: stream-int: remove stream_int_unregister_handler() and si_detach()
    - MINOR: stream-int: only use si_release_endpoint() to release a connection
    - MINOR: standard: provide htonll() and ntohll()
    - CLEANUP/MINOR: dns: dns_str_to_dn_label() only needs a const char
    - BUG/MAJOR: dns: fix the length of the string to be copied
2015-07-22 17:32:56 +02:00
Willy Tarreau
ad90f0d1aa [RELEASE] Released version 1.6-dev2
Released version 1.6-dev2 with the following main changes :
    - BUG/MINOR: ssl: Display correct filename in error message
    - MEDIUM: logs: Add HTTP request-line log format directives
    - BUG/MEDIUM: check: tcpcheck regression introduced by e16c1b3f
    - BUG/MINOR: check: fix tcpcheck error message
    - MINOR: use an int instead of calling tcpcheck_get_step_id
    - MINOR: tcpcheck_rule structure update
    - MINOR: include comment in tcpcheck error log
    - DOC: tcpcheck comment documentation
    - MEDIUM: server: add support for changing a server's address
    - MEDIUM: server: change server ip address from stats socket
    - MEDIUM: protocol: add minimalist UDP protocol client
    - MEDIUM: dns: implement a DNS resolver
    - MAJOR: server: add DNS-based server name resolution
    - DOC: server name resolution + proto DNS
    - MINOR: dns: add DNS statistics
    - MEDIUM: http: configurable http result codes for http-request deny
    - BUILD: Compile clean when debug options defined
    - MINOR: lru: Add the possibility to free data when an item is removed
    - MINOR: lru: Add lru64_lookup function
    - MEDIUM: ssl: Add options to forge SSL certificates
    - MINOR: ssl: Export functions to manipulate generated certificates
    - MEDIUM: config: add DeviceAtlas global keywords
    - MEDIUM: global: add the DeviceAtlas required elements to struct global
    - MEDIUM: sample: add the da-csv converter
    - MEDIUM: init: DeviceAtlas initialization
    - BUILD: Makefile: add options to build with DeviceAtlas
    - DOC: README: explain how to build with DeviceAtlas
    - BUG/MEDIUM: http: fix the url_param fetch
    - BUG/MEDIUM: init: segfault if global._51d_property_names is not initialized
    - MAJOR: peers: peers protocol version 2.0
    - MINOR: peers: avoid re-scheduling of pending stick-table's updates still not pushed.
    - MEDIUM: peers: re-schedule stick-table's entry for sync when data is modified.
    - MEDIUM: peers: support of any stick-table data-types for sync
    - BUG/MAJOR: sample: regression on sample cast to stick table types.
    - CLEANUP: deinit: remove codes for cleaning p->block_rules
    - DOC: Fix L4TOUT typo in documentation
    - DOC: set-log-level in Logging section preamble
    - BUG/MEDIUM: compat: fix segfault on FreeBSD
    - MEDIUM: check: include server address and port in the send-state header
    - MEDIUM: backend: Allow redispatch on retry intervals
    - MINOR: Add TLS ticket keys reference and use it in the listener struct
    - MEDIUM: Add support for updating TLS ticket keys via socket
    - DOC: Document new socket commands "show tls-keys" and "set ssl tls-key"
    - MINOR: Add sample fetch which identifies if the SSL session has been resumed
    - DOC: Update doc about weight, act and bck fields in the statistics
    - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
    - MINOR: ssl: add a destructor to free allocated SSL ressources
    - MEDIUM: ssl: add the possibility to use a global DH parameters file
    - MEDIUM: ssl: replace standards DH groups with custom ones
    - MEDIUM: stats: Add enum srv_stats_state
    - MEDIUM: stats: Separate server state and colour in stats
    - MEDIUM: stats: Only report drain state in stats if server has SRV_ADMF_DRAIN set
    - MEDIUM: stats: Differentiate between DRAIN and DRAIN (agent)
    - MEDIUM: Lower priority of email alerts for log-health-checks messages
    - MEDIUM: Send email alerts when servers are marked as UP or enter the drain state
    - MEDIUM: Document when email-alerts are sent
    - BUG/MEDIUM: lua: bad argument number in analyser and in error message
    - MEDIUM: lua: automatically converts strings in proxy, tables, server and ip
    - BUG/MINOR: utf8: remove compilator warning
    - MEDIUM: map: uses HAProxy facilities to store default value
    - BUG/MINOR: lua: error in detection of mandatory arguments
    - BUG/MINOR: lua: set current proxy as default value if it is possible
    - BUG/MEDIUM: http: the action set-{method|path|query|uri} doesn't run.
    - BUG/MEDIUM: lua: undetected infinite loop
    - BUG/MAJOR: http: don't read past buffer's end in http_replace_value
    - BUG/MEDIUM: http: the function "(req|res)-replace-value" doesn't respect the HTTP syntax
    - MEDIUM/CLEANUP: http: rewrite and lighten http_transform_header() prototype
    - BUILD: lua: it miss the '-ldl' directive
    - MEDIUM: http: allows 'R' and 'S' in the protocol alphabet
    - MINOR: http: split the function http_action_set_req_line() in two parts
    - MINOR: http: split http_transform_header() function in two parts.
    - MINOR: http: export function inet_set_tos()
    - MINOR: lua: txn: add function set_(loglevel|tos|mark)
    - MINOR: lua: create and register HTTP class
    - DOC: lua: fix some typos
    - MINOR: lua: add log functions
    - BUG/MINOR: lua: Fix SSL initialisation
    - DOC: lua: some fixes
    - MINOR: lua: (req|res)_get_headers return more than one header value
    - MINOR: lua: map system integration in Lua
    - BUG/MEDIUM: http: functions set-{path,query,method,uri} breaks the HTTP parser
    - MINOR: sample: add url_dec converter
    - MEDIUM: sample: fill the struct sample with the session, proxy and stream pointers
    - MEDIUM: sample change the prototype of sample-fetches and converters functions
    - MINOR: sample: fill the struct sample with the options.
    - MEDIUM: sample: change the prototype of sample-fetches functions
    - MINOR: http: split the url_param in two parts
    - CLEANUP: http: bad indentation
    - MINOR: http: add body_param fetch
    - MEDIUM: http: url-encoded parsing function can run throught wrapped buffer
    - DOC: http: req.body_param documentation
    - MINOR: proxy: custom capture declaration
    - MINOR: capture: add two "capture" converters
    - MEDIUM: capture: Allow capture with slot identifier
    - MINOR: http: add array of generic pointers in http_res_rules
    - MEDIUM: capture: adds http-response capture
    - MINOR: common: escape CSV strings
    - MEDIUM: stats: escape some strings in the CSV dump
    - MINOR: tcp: add custom actions that can continue tcp-(request|response) processing
    - MINOR: lua: Lua tcp action are not final action
    - DOC: lua: schematics about lua socket organization
    - BUG/MINOR: debug: display (null) in place of "meth"
    - DOC: mention the "lua action" in documentation
    - MINOR: standard: add function that converts signed int to a string
    - BUG/MINOR: sample: wrong conversion of signed values
    - MEDIUM: sample: Add type any
    - MINOR: debug: add a special converter which display its input sample content.
    - MINOR: tcp: increase the opaque data array
    - MINOR: tcp/http/conf: extends the keyword registration options
    - MINOR: build: fix build dependency
    - MEDIUM: vars: adds support of variables
    - MINOR: vars: adds get and set functions
    - MINOR: lua: Variable access
    - MINOR: samples: add samples which returns constants
    - BUG/MINOR: vars/compil: fix some warnings
    - BUILD: add 51degrees options to makefile.
    - MINOR: global: add several 51Degrees members to global
    - MINOR: config: add 51Degrees config parsing.
    - MINOR: init: add 51Degrees initialisation code
    - MEDIUM: sample: add fiftyone_degrees converter.
    - MEDIUM: deinit: add cleanup for 51Degrees to deinit
    - MEDIUM: sample: add trie support to 51Degrees
    - DOC: add 51Degrees notes to configuration.txt.
    - DOC: add build indications for 51Degrees to README.
    - MEDIUM: cfgparse: introduce weak and strong quoting
    - BUG/MEDIUM: cfgparse: incorrect memmove in quotes management
    - MINOR: cfgparse: remove line size limitation
    - MEDIUM: cfgparse: expand environment variables
    - BUG/MINOR: cfgparse: fix typo in 'option httplog' error message
    - BUG/MEDIUM: cfgparse: segfault when userlist is misused
    - CLEANUP: cfgparse: remove reference to 'ruleset' section
    - MEDIUM: cfgparse: check section maximum number of arguments
    - MEDIUM: cfgparse: max arguments check in the global section
    - MEDIUM: cfgparse: check max arguments in the proxies sections
    - CLEANUP: stream-int: remove a redundant clearing of the linger_risk flag
    - MINOR: connection: make conn_sock_shutw() actually perform the shutdown() call
    - MINOR: stream-int: use conn_sock_shutw() to shutdown a connection
    - MINOR: connection: perform the call to xprt->shutw() in conn_data_shutw()
    - MEDIUM: stream-int: replace xprt->shutw calls with conn_data_shutw()
    - MINOR: checks: use conn_data_shutw_hard() instead of call via xprt
    - MINOR: connection: implement conn_sock_send()
    - MEDIUM: stream-int: make conn_si_send_proxy() use conn_sock_send()
    - MEDIUM: connection: make conn_drain() perform more controls
    - REORG: connection: move conn_drain() to connection.c and rename it
    - CLEANUP: stream-int: remove inclusion of fd.h that is not used anymore
    - MEDIUM: channel: don't always set CF_WAKE_WRITE on bi_put*
    - CLEANUP: lua: don't use si_ic/si_oc on known stream-ints
    - BUG/MEDIUM: peers: correctly configure the client timeout
    - MINOR: peers: centralize configuration of the peers frontend
    - MINOR: proxy: store the default target into the frontend's configuration
    - MEDIUM: stats: use frontend_accept() as the accept function
    - MEDIUM: peers: use frontend_accept() instead of peer_accept()
    - CLEANUP: listeners: remove unused timeout
    - MEDIUM: listener: store the default target per listener
    - BUILD: fix automatic inclusion of libdl.
    - MEDIUM: lua: implement a simple memory allocator
    - MEDIUM: compression: postpone buffer adjustments after compression
    - MEDIUM: compression: don't send leading zeroes with chunk size
    - BUG/MINOR: compression: consider the expansion factor in init
    - MINOR: http: check the algo name "identity" instead of the function pointer
    - CLEANUP: compression: statify all algo-specific functions
    - MEDIUM: compression: add a distinction between UA- and config- algorithms
    - MEDIUM: compression: add new "raw-deflate" compression algorithm
    - MEDIUM: compression: split deflate_flush() into flush and finish
    - CLEANUP: compression: remove unused reset functions
    - MAJOR: compression: integrate support for libslz
    - BUG/MEDIUM: http: hdr_cnt would not count any header when called without name
    - BUG/MAJOR: http: null-terminate the http actions keywords list
    - CLEANUP: lua: remove the unused hlua_sleep memory pool
    - BUG/MAJOR: lua: use correct object size when initializing a new converter
    - CLEANUP: lua: remove hard-coded sizeof() in object creations and mallocs
    - CLEANUP: lua: fix confusing local variable naming in hlua_txn_new()
    - CLEANUP: hlua: stop using variable name "s" alternately for hlua_txn and hlua_smp
    - CLEANUP: lua: get rid of the last "*ht" for struct hlua_txn.
    - CLEANUP: lua: rename last occurrences of "*s" to "*htxn" for hlua_txn
    - CLEANUP: lua: rename variable "sc" for struct hlua_smp
    - CLEANUP: lua: get rid of the last two "*hs" for hlua_smp
    - REORG/MAJOR: session: rename the "session" entity to "stream"
    - REORG/MEDIUM: stream: rename stream flags from SN_* to SF_*
    - MINOR: session: start to reintroduce struct session
    - MEDIUM: stream: allocate the session when a stream is created
    - MEDIUM: stream: move the listener's pointer to the session
    - MEDIUM: stream: move the frontend's pointer to the session
    - MINOR: session: add a pointer to the session's origin
    - MEDIUM: session: use the pointer to the origin instead of s->si[0].end
    - CLEANUP: sample: remove useless tests in fetch functions for l4 != NULL
    - MEDIUM: http: move header captures from http_txn to struct stream
    - MINOR: http: create a dedicated pool for http_txn
    - MAJOR: http: move http_txn out of struct stream
    - MAJOR: sample: don't pass l7 anymore to sample fetch functions
    - CLEANUP: lua: remove unused hlua_smp->l7 and hlua_txn->l7
    - MEDIUM: http: remove the now useless http_txn from {req/res} rules
    - CLEANUP: lua: don't pass http_txn anymore to hlua_request_act_wrapper()
    - MAJOR: sample: pass a pointer to the session to each sample fetch function
    - MINOR: stream: provide a few helpers to retrieve frontend, listener and origin
    - CLEANUP: stream: don't set ->target to the incoming connection anymore
    - MINOR: stream: move session initialization before the stream's
    - MINOR: session: store the session's accept date
    - MINOR: session: don't rely on s->logs.logwait in embryonic sessions
    - MINOR: session: implement session_free() and use it everywhere
    - MINOR: session: add stick counters to the struct session
    - REORG: stktable: move the stkctr_* functions from stream to sticktable
    - MEDIUM: streams: support looking up stkctr in the session
    - MEDIUM: session: update the session's stick counters upon session_free()
    - MEDIUM: proto_tcp: track the session's counters in the connection ruleset
    - MAJOR: tcp: make tcp_exec_req_rules() only rely on the session
    - MEDIUM: stream: don't call stream_store_counters() in kill_mini_session() nor session_accept()
    - MEDIUM: stream: move all the session-specific stuff of stream_accept() earlier
    - MAJOR: stream: don't initialize the stream anymore in stream_accept
    - MEDIUM: session: remove the task pointer from the session
    - REORG: session: move the session parts out of stream.c
    - MINOR: stream-int: make appctx_new() take the applet in argument
    - MEDIUM: peers: move the appctx initialization earlier
    - MINOR: session: introduce session_new()
    - MINOR: session: make use of session_new() when creating a new session
    - MINOR: peers: make use of session_new() when creating a new session
    - MEDIUM: peers: initialize the task before the stream
    - MINOR: session: set the CO_FL_CONNECTED flag on the connection once ready
    - CLEANUP: stream.c: do not re-attach the connection to the stream
    - MEDIUM: stream: isolate connection-specific initialization code
    - MEDIUM: stream: also accept appctx as origin in stream_accept_session()
    - MEDIUM: peers: make use of stream_accept_session()
    - MEDIUM: frontend: make ->accept only return +/-1
    - MEDIUM: stream: return the stream upon accept()
    - MEDIUM: frontend: move some stream initialisation to stream_new()
    - MEDIUM: frontend: move the fd-specific settings to session_accept_fd()
    - MEDIUM: frontend: don't restrict frontend_accept() to connections anymore
    - MEDIUM: frontend: move some remaining stream settings to stream_new()
    - CLEANUP: frontend: remove one useless local variable
    - MEDIUM: stream: don't rely on the session's listener anymore in stream_new()
    - MEDIUM: lua: make use of stream_new() to create an outgoing connection
    - MINOR: lua: minor cleanup in hlua_socket_new()
    - MINOR: lua: no need for setting timeouts / conn_retries in hlua_socket_new()
    - MINOR: peers: no need for setting timeouts / conn_retries in peer_session_create()
    - CLEANUP: stream-int: swap stream-int and appctx declarations
    - CLEANUP: namespaces: fix protection against multiple inclusions
    - MINOR: session: maintain the session count stats in the session, not the stream
    - MEDIUM: session: adjust the connection flags before stream_new()
    - MINOR: stream: pass the pointer to the origin explicitly to stream_new()
    - CLEANUP: poll: move the conditions for waiting out of the poll functions
    - BUG/MEDIUM: listener: don't report an error when resuming unbound listeners
    - BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only
    - BUG/MAJOR: tcp/http: fix current_rule assignment when restarting over a ruleset
    - BUG/MEDIUM: stream-int: always reset si->ops when si->end is nullified
    - DOC: update the entities diagrams
    - BUG/MEDIUM: http: properly retrieve the front connection
    - MINOR: applet: add a new "owner" pointer in the appctx
    - MEDIUM: applet: make the applet not depend on a stream interface anymore
    - REORG: applet: move the applet definitions out of stream_interface
    - CLEANUP: applet: rename struct si_applet to applet
    - REORG: stream-int: create si_applet_ops dedicated to applets
    - MEDIUM: applet: add basic support for an applet run queue
    - MEDIUM: applet: implement a run queue for active appctx
    - MEDIUM: stream-int: add a new function si_applet_done()
    - MAJOR: applet: now call si_applet_done() instead of si_update() in I/O handlers
    - MAJOR: stream: use a regular ->update for all stream interfaces
    - MEDIUM: dumpstats: don't unregister the applet anymore
    - MEDIUM: applet: centralize the call to si_applet_done() in the I/O handler
    - MAJOR: stream: do not allocate request buffers anymore when the left side is an applet
    - MINOR: stream-int: add two flags to indicate an applet's wishes regarding I/O
    - MEDIUM: applet: make the applets only use si_applet_{cant|want|stop}_{get|put}
    - MEDIUM: stream-int: pause the appctx if the task is woken up
    - BUG/MAJOR: tcp: only call registered actions when they're registered
    - BUG/MEDIUM: peers: fix applet scheduling
    - BUG/MEDIUM: peers: recent applet changes broke peers updates scheduling
    - MINOR: tools: provide an rdtsc() function for time comparisons
    - IMPORT: lru: import simple ebtree-based LRU functions
    - IMPORT: hash: import xxhash-r39
    - MEDIUM: pattern: add a revision to all pattern expressions
    - MAJOR: pattern: add LRU-based cache on pattern matching
    - BUG/MEDIUM: http: remove content-length from chunked messages
    - DOC: http: update the comments about the rules for determining transfer-length
    - BUG/MEDIUM: http: do not restrict parsing of transfer-encoding to HTTP/1.1
    - BUG/MEDIUM: http: incorrect transfer-coding in the request is a bad request
    - BUG/MEDIUM: http: remove content-length form responses with bad transfer-encoding
    - MEDIUM: http: restrict the HTTP version token to 1 digit as per RFC7230
    - MEDIUM: http: disable support for HTTP/0.9 by default
    - MEDIUM: http: add option-ignore-probes to get rid of the floods of 408
    - BUG/MINOR: config: clear proxy->table.peers.p for disabled proxies
    - MEDIUM: init: don't stop proxies in parent process when exiting
    - MINOR: stick-table: don't attach to peers in stopped state
    - MEDIUM: config: initialize stick-tables after peers, not before
    - MEDIUM: peers: add the ability to disable a peers section
    - MINOR: peers: store the pointer to the signal handler
    - MEDIUM: peers: unregister peers that were never started
    - MEDIUM: config: propagate the table's process list to the peers sections
    - MEDIUM: init: stop any peers section not bound to the correct process
    - MEDIUM: config: validate that peers sections are bound to exactly one process
    - MAJOR: peers: allow peers section to be used with nbproc > 1
    - DOC: relax the peers restriction to single-process
    - DOC: document option http-ignore-probes
    - DOC: fix the comments about the meaning of msg->sol in HTTP
    - BUG/MEDIUM: http: wait for the exact amount of body bytes in wait_for_request_body
    - BUG/MAJOR: http: prevent risk of reading past end with balance url_param
    - MEDIUM: stream: move HTTP request body analyser before process_common
    - MEDIUM: http: add a new option http-buffer-request
    - MEDIUM: http: provide 3 fetches for the body
    - DOC: update the doc on the proxy protocol
    - BUILD: pattern: fix build warnings introduced in the LRU cache
    - BUG/MEDIUM: stats: properly initialize the scope before dumping stats
    - CLEANUP: config: fix misleading information in error message.
    - MINOR: config: report the number of processes using a peers section in the error case
    - BUG/MEDIUM: config: properly compute the default number of processes for a proxy
    - MEDIUM: http: add new "capture" action for http-request
    - BUG/MEDIUM: http: fix the http-request capture parser
    - BUG/MEDIUM: http: don't forward client shutdown without NOLINGER except for tunnels
    - BUILD/MINOR: ssl: fix build failure introduced by recent patch
    - BUG/MAJOR: check: fix breakage of inverted tcp-check rules
    - CLEANUP: checks: fix double usage of cur / current_step in tcp-checks
    - BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end
    - CLEANUP: checks: simplify the loop processing of tcp-checks
    - BUG/MAJOR: checks: always check for end of list before proceeding
    - BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct
    - BUG/MAJOR: checks: break infinite loops when tcp-checks starts with comment
    - MEDIUM: http: make url_param iterate over multiple occurrences
    - BUG/MEDIUM: peers: apply a random reconnection timeout
    - MEDIUM: config: reject invalid config with name duplicates
    - MEDIUM: config: reject conflicts in table names
    - CLEANUP: proxy: make the proxy lookup functions more user-friendly
    - MINOR: proxy: simply ignore duplicates in proxy name lookups
    - MINOR: config: don't open-code proxy name lookups
    - MEDIUM: config: clarify the conflicting modes detection for backend rules
    - CLEANUP: proxy: remove now unused function findproxy_mode()
    - MEDIUM: stick-table: remove the now duplicate find_stktable() function
    - MAJOR: config: remove the deprecated reqsetbe / reqisetbe actions
    - MINOR: proxy: add a new function proxy_find_by_id()
    - MINOR: proxy: add a flag to memorize that the proxy's ID was forced
    - MEDIUM: proxy: add a new proxy_find_best_match() function
    - CLEANUP: http: explicitly reference request in http_apply_redirect_rules()
    - MINOR: http: prepare support for parsing redirect actions on responses
    - MEDIUM: http: implement http-response redirect rules
    - MEDIUM: http: no need to close the request on redirect if data was parsed
    - BUG/MEDIUM: http: fix body processing for the stats applet
    - BUG/MINOR: da: fix log-level comparison to emove annoying warning
    - CLEANUP: global: remove one ifdef USE_DEVICEATLAS
    - CLEANUP: da: move the converter registration to da.c
    - CLEANUP: da: register the config keywords in da.c
    - CLEANUP: adjust the envelope name in da.h to reflect the file name
    - CLEANUP: da: remove ifdef USE_DEVICEATLAS from da.c
    - BUILD: make 51D easier to build by defaulting to 51DEGREES_SRC
    - BUILD: fix build warning when not using 51degrees
    - BUILD: make DeviceAtlas easier to build by defaulting to DEVICEATLAS_SRC
    - BUILD: ssl: fix recent build breakage on older SSL libs
2015-06-17 15:53:25 +02:00
Willy Tarreau
8747b6dbc8 [RELEASE] Released version 1.6-dev1
Released version 1.6-dev1 with the following main changes :
    - CLEANUP: extract temporary $CFG to eliminate duplication
    - CLEANUP: extract temporary $BIN to eliminate duplication
    - CLEANUP: extract temporary $PIDFILE to eliminate duplication
    - CLEANUP: extract temporary $LOCKFILE to eliminate duplication
    - CLEANUP: extract quiet_check() to avoid duplication
    - BUG/MINOR: don't start haproxy on reload
    - DOC: Address issue where documentation is excluded due to a gitignore rule.
    - BUG/MEDIUM: systemd: set KillMode to 'mixed'
    - BUILD: fix "make install" to support spaces in the install dirs
    - BUG/MINOR: config: http-request replace-header arg typo
    - BUG: config: error in http-response replace-header number of arguments
    - DOC: missing track-sc* in http-request rules
    - BUILD: lua: missing ifdef related to SSL when enabling LUA
    - BUG/MEDIUM: regex: fix pcre_study error handling
    - MEDIUM: regex: Use pcre_study always when PCRE is used, regardless of JIT
    - BUG/MINOR: Fix search for -p argument in systemd wrapper.
    - MEDIUM: Improve signal handling in systemd wrapper.
    - DOC: fix typo in Unix Socket commands
    - BUG/MEDIUM: checks: external checks can't change server status to UP
    - BUG/MEDIUM: checks: segfault with external checks in a backend section
    - BUG/MINOR: checks: external checks shouldn't wait for timeout to return the result
    - BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm
    - BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported
    - BUG/MINOR: config: don't propagate process binding for dynamic use_backend
    - BUG/MINOR: log: fix request flags when keep-alive is enabled
    - BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks
    - MINOR: checks: allow external checks in backend sections
    - MEDIUM: checks: provide environment variables to the external checks
    - MINOR: checks: update dynamic environment variables in external checks
    - DOC: checks: environment variables used by "external-check command"
    - BUG/MEDIUM: backend: correctly detect the domain when use_domain_only is used
    - MINOR: ssl: load certificates in alphabetical order
    - BUG/MINOR: checks: prevent http keep-alive with http-check expect
    - MINOR: lua: typo in an error message
    - MINOR: report the Lua version in -vv
    - MINOR: lua: add a compilation error message when compiled with an incompatible version
    - BUG/MEDIUM: lua: segfault when calling haproxy sample fetches from lua
    - BUILD: try to automatically detect the Lua library name
    - BUILD/CLEANUP: systemd: avoid a warning due to mixed code and declaration
    - BUG/MEDIUM: backend: Update hash to use unsigned int throughout
    - BUG/MEDIUM: connection: fix memory corruption when building a proxy v2 header
    - MEDIUM: connection: add new bit in Proxy Protocol V2
    - BUG/MINOR: ssl: rejects OCSP response without nextupdate.
    - BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses.
    - BUG/MINOR: ssl: Fix OCSP resp update fails with the same certificate configured twice.
    - BUG/MINOR: ssl: Fix external function in order not to return a pointer on an internal trash buffer.
    - MINOR: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER formatted certs
    - MINOR: ssl: add statement to force some ssl options in global.
    - BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
    - BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM.
    - BUG/MINOR: samples: fix unnecessary memcopy converting binary to string.
    - MINOR: samples: adds the bytes converter.
    - MINOR: samples: adds the field converter.
    - MINOR: samples: add the word converter.
    - BUG/MINOR: server: move the directive #endif to the end of file
    - BUG/MAJOR: buffer: check the space left is enough or not when input data in a buffer is wrapped
    - DOC: fix a few typos
    - CLEANUP: epoll: epoll_events should be allocated according to global.tune.maxpollevents
    - BUG/MINOR: http: fix typo: "401 Unauthorized" => "407 Unauthorized"
    - BUG/MINOR: parse: refer curproxy instead of proxy
    - BUG/MINOR: parse: check the validity of size string in a more strict way
    - BUILD: add new target 'make uninstall' to support uninstalling haproxy from OS
    - DOC: expand the docs for the provided stats.
    - BUG/MEDIUM: unix: do not unlink() abstract namespace sockets upon failure.
    - MEDIUM: ssl: Certificate Transparency support
    - MEDIUM: stats: proxied stats admin forms fix
    - MEDIUM: http: Compress HTTP responses with status codes 201,202,203 in addition to 200
    - BUG/MEDIUM: connection: sanitize PPv2 header length before parsing address information
    - MAJOR: namespace: add Linux network namespace support
    - MINOR: systemd: Check configuration before start
    - BUILD: ssl: handle boringssl in openssl version detection
    - BUILD: ssl: disable OCSP when using boringssl
    - BUILD: ssl: don't call get_rfc2409_prime when using boringssl
    - MINOR: ssl: don't use boringssl's cipher_list
    - BUILD: ssl: use OPENSSL_NO_OCSP to detect OCSP support
    - MINOR: stats: fix minor typo in HTML page
    - MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper
    - MEDIUM: Add support for configurable TLS ticket keys
    - DOC: Document the new tls-ticket-keys bind keyword
    - DOC: clearly state that the "show sess" output format is not fixed
    - MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer()
    - DOC: httplog does not support 'no'
    - BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
    - MINOR: ssl: use SSL_get_ciphers() instead of directly accessing the cipher list.
    - BUG/MEDIUM: Consistently use 'check' in process_chk
    - MEDIUM: Add external check
    - BUG/MEDIUM: Do not set agent health to zero if server is disabled in config
    - MEDIUM/BUG: Only explicitly report "DOWN (agent)" if the agent health is zero
    - MEDIUM: Remove connect_chk
    - MEDIUM: Refactor init_check and move to checks.c
    - MEDIUM: Add free_check() helper
    - MEDIUM: Move proto and addr fields struct check
    - MEDIUM: Attach tcpcheck_rules to check
    - MEDIUM: Add parsing of mailers section
    - MEDIUM: Allow configuration of email alerts
    - MEDIUM: Support sending email alerts
    - DOC: Document email alerts
    - MINOR: Remove trailing '.' from email alert messages
    - MEDIUM: Allow suppression of email alerts by log level
    - BUG/MEDIUM: Do not consider an agent check as failed on L7 error
    - MINOR: deinit: fix memory leak
    - MINOR: http: export the function 'smp_fetch_base32'
    - BUG/MEDIUM: http: tarpit timeout is reset
    - MINOR: sample: add "json" converter
    - BUG/MEDIUM: pattern: don't load more than once a pattern list.
    - MINOR: map/acl/dumpstats: remove the "Done." message
    - BUG/MAJOR: ns: HAProxy segfault if the cli_conn is not from a network connection
    - BUG/MINOR: pattern: error message missing
    - BUG/MEDIUM: pattern: some entries are not deleted with case insensitive match
    - BUG/MINOR: ARG6 and ARG7 don't fit in a 32 bits word
    - MAJOR: poll: only rely on wake_expired_tasks() to compute the wait delay
    - MEDIUM: task: call session analyzers if the task is woken by a message.
    - MEDIUM: protocol: automatically pick the proto associated to the connection.
    - MEDIUM: channel: wake up any request analyzer on response activity
    - MINOR: converters: add a "void *private" argument to converters
    - MINOR: converters: give the session pointer as converter argument
    - MINOR: sample: add private argument to the struct sample_fetch
    - MINOR: global: export function and permits to not resolve DNS names
    - MINOR: sample: add function for browsing samples.
    - MINOR: global: export many symbols.
    - MINOR: includes: fix a lot of missing or useless includes
    - MEDIUM: tcp: add register keyword system.
    - MEDIUM: buffer: make bo_putblk/bo_putstr/bo_putchk return the number of bytes copied.
    - MEDIUM: http: change the code returned by the response processing rule functions
    - MEDIUM: http/tcp: permit to resume http and tcp custom actions
    - MINOR: channel: functions to get data from a buffer without copy
    - MEDIUM: lua: lua integration in the build and init system.
    - MINOR: lua: add ease functions
    - MINOR: lua: add runtime execution context
    - MEDIUM: lua: "com" signals
    - MINOR: lua: add the configuration directive "lua-load"
    - MINOR: lua: core: create "core" class and object
    - MINOR: lua: post initialisation bindings
    - MEDIUM: lua: add coroutine as tasks.
    - MINOR: lua: add sample and args type converters
    - MINOR: lua: txn: create class TXN associated with the transaction.
    - MINOR: lua: add shared context in the lua stack
    - MINOR: lua: txn: import existing sample-fetches in the class TXN
    - MINOR: lua: txn: add lua function in TXN that returns an array of http headers
    - MINOR: lua: register and execute sample-fetches in LUA
    - MINOR: lua: register and execute converters in LUA
    - MINOR: lua: add bindings for tcp and http actions
    - MINOR: lua: core: add sleep functions
    - MEDIUM: lua: socket: add "socket" class for TCP I/O
    - MINOR: lua: core: pattern and acl manipulation
    - MINOR: lua: channel: add "channel" class
    - MINOR: lua: txn: object "txn" provides two objects "channel"
    - MINOR: lua: core: can set the nice of the current task
    - MINOR: lua: core: can yield an execution stack
    - MINOR: lua: txn: add binding for closing the client connection.
    - MEDIUM: lua: Lua initialisation "on demand"
    - BUG/MAJOR: lua: send function fails and return bad bytes
    - MINOR: remove unused declaration.
    - MINOR: lua: remove some #define
    - MINOR: lua: use bitfield and macro in place of integer and enum
    - MINOR: lua: set skeleton for Lua execution expiration
    - MEDIUM: lua: each yielding function returns a wake up time.
    - MINOR: lua: adds "forced yield" flag
    - MEDIUM: lua: interrupt the Lua execution for running other process
    - MEDIUM: lua: change the sleep function core
    - BUG/MEDIUM: lua: the execution timeout is ignored in yield case
    - DOC: lua: Lua configuration documentation
    - MINOR: lua: add the struct session in the lua channel struct
    - BUG/MINOR: lua: set buffer if it is nnot avalaible.
    - BUG/MEDIUM: lua: reset flags before resuming execution
    - BUG/MEDIUM: lua: fix infinite loop about channel
    - BUG/MEDIUM: lua: the Lua process is not waked up after sending data on requests side
    - BUG/MEDIUM: lua: many errors when we try to send data with the channel API
    - MEDIUM: lua: use the Lua-5.3 version of the library
    - BUG/MAJOR: lua: some function are not yieldable, the forced yield causes errors
    - BUG/MEDIUM: lua: can't handle the response bytes
    - BUG/MEDIUM: lua: segfault with buffer_replace2
    - BUG/MINOR: lua: check buffers before initializing socket
    - BUG/MINOR: log: segfault if there are no proxy reference
    - BUG/MEDIUM: lua: sockets don't have buffer to write data
    - BUG/MEDIUM: lua: cannot connect socket
    - BUG/MINOR: lua: sockets receive behavior doesn't follows the specs
    - BUG/BUILD: lua: The strict Lua 5.3 version check is not done.
    - BUG/MEDIUM: buffer: one byte miss in buffer free space check
    - MEDIUM: lua: make the functions hlua_gethlua() and hlua_sethlua() faster
    - MINOR: replace the Core object by a simple model.
    - MEDIUM: lua: change the objects configuration
    - MEDIUM: lua: create a namespace for the fetches
    - MINOR: converters: add function to browse converters
    - MINOR: lua: wrapper for converters
    - MINOR: lua: replace function (req|get)_channel by a variable
    - MINOR: lua: fetches and converters can return an empty string in place of nil
    - DOC: lua api
    - BUG/MEDIUM: sample: fix random number upper-bound
    - BUG/MINOR: stats:Fix incorrect printf type.
    - BUG/MAJOR: session: revert all the crappy client-side timeout changes
    - BUG/MINOR: logs: properly initialize and count log sockets
    - BUG/MEDIUM: http: fetch "base" is not compatible with set-header
    - BUG/MINOR: counters: do not untrack counters before logging
    - BUG/MAJOR: sample: correctly reinitialize sample fetch context before calling sample_process()
    - MINOR: stick-table: make stktable_fetch_key() indicate why it failed
    - BUG/MEDIUM: counters: fix track-sc* to wait on unstable contents
    - BUILD: remove TODO from the spec file and add README
    - MINOR: log: make MAX_SYSLOG_LEN overridable at build time
    - MEDIUM: log: support a user-configurable max log line length
    - DOC: provide an example of how to use ssl_c_sha1
    - BUILD: checks: external checker needs signal.h
    - BUILD: checks: kill a minor warning on Solaris in external checks
    - BUILD: http: fix isdigit & isspace warnings on Solaris
    - BUG/MINOR: listener: set the listener's fd to -1 after deletion
    - BUG/MEDIUM: unix: failed abstract socket binding is retryable
    - MEDIUM: listener: implement a per-protocol pause() function
    - MEDIUM: listener: support rebinding during resume()
    - BUG/MEDIUM: unix: completely unbind abstract sockets during a pause()
    - DOC: explicitly mention the limits of abstract namespace sockets
    - DOC: minor fix on {sc,src}_kbytes_{in,out}
    - DOC: fix alphabetical sort of converters
    - MEDIUM: stick-table: implement lookup from a sample fetch
    - MEDIUM: stick-table: add new converters to fetch table data
    - MINOR: samples: add two converters for the date format
    - BUG/MAJOR: http: correctly rewind the request body after start of forwarding
    - DOC: remove references to CPU=native in the README
    - DOC: mention that "compression offload" is ignored in defaults section
    - DOC: mention that Squid correctly responds 400 to PPv2 header
    - BUILD: fix dependencies between config and compat.h
    - MINOR: session: export the function 'smp_fetch_sc_stkctr'
    - MEDIUM: stick-table: make it easier to register extra data types
    - BUG/MINOR: http: base32+src should use the big endian version of base32
    - MINOR: sample: allow IP address to cast to binary
    - MINOR: sample: add new converters to hash input
    - MINOR: sample: allow integers to cast to binary
    - BUILD: report commit ID in git versions as well
    - CLEANUP: session: move the stick counters declarations to stick_table.h
    - MEDIUM: http: add the track-sc* actions to http-request rules
    - BUG/MEDIUM: connection: fix proxy v2 header again!
    - BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc*
    - OPTIM/MINOR: proxy: reduce struct proxy by 48 bytes on 64-bit archs
    - MINOR: log: add a new field "%lc" to implement a per-frontend log counter
    - BUG/MEDIUM: http: fix inverted condition in pat_match_meth()
    - BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs
    - BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg()
    - BUG/MEDIUM: acl: correctly compute the output type when a converter is used
    - CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix
    - BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer
    - MEDIUM: http: enable header manipulation for 101 responses
    - BUG/MEDIUM: config: propagate frontend to backend process binding again.
    - MEDIUM: config: properly propagate process binding between proxies
    - MEDIUM: config: make the frontends automatically bind to the listeners' processes
    - MEDIUM: config: compute the exact bind-process before listener's maxaccept
    - MEDIUM: config: only warn if stats are attached to multi-process bind directives
    - MEDIUM: config: report it when tcp-request rules are misplaced
    - DOC: indicate in the doc that track-sc* can wait if data are missing
    - MINOR: config: detect the case where a tcp-request content rule has no inspect-delay
    - MEDIUM: systemd-wrapper: support multiple executable versions and names
    - BUG/MEDIUM: remove debugging code from systemd-wrapper
    - BUG/MEDIUM: http: adjust close mode when switching to backend
    - BUG/MINOR: config: don't propagate process binding on fatal errors.
    - BUG/MEDIUM: check: rule-less tcp-check must detect connect failures
    - BUG/MINOR: tcp-check: report the correct failed step in the status
    - DOC: indicate that weight zero is reported as DRAIN
    - BUG/MEDIUM: config: avoid skipping disabled proxies
    - BUG/MINOR: config: do not accept more track-sc than configured
    - BUG/MEDIUM: backend: fix URI hash when a query string is present
    - BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
    - BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
    - BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
    - BUILD/MINOR: ssl: de-constify "ciphers" to avoid a warning on openssl-0.9.8
    - BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets
    - BUG/BUILD: revert accidental change in the makefile from latest SSL fix
    - BUG/MEDIUM: ssl: force a full GC in case of memory shortage
    - MEDIUM: ssl: add support for smaller SSL records
    - MINOR: session: release a few other pools when stopping
    - MINOR: task: release the task pool when stopping
    - BUG/MINOR: config: don't inherit the default balance algorithm in frontends
    - BUG/MAJOR: frontend: initialize capture pointers earlier
    - BUG/MINOR: stats: correctly set the request/response analysers
    - MAJOR: polling: centralize calls to I/O callbacks
    - DOC: fix typo in the body parser documentation for msg.sov
    - BUG/MINOR: peers: the buffer size is global.tune.bufsize, not trash.size
    - MINOR: sample: add a few basic internal fetches (nbproc, proc, stopping)
    - DEBUG: pools: apply poisonning on every allocated pool
    - BUG/MAJOR: sessions: unlink session from list on out of memory
    - BUG/MEDIUM: patterns: previous fix was incomplete
    - BUG/MEDIUM: payload: ensure that a request channel is available
    - BUG/MINOR: tcp-check: don't condition data polling on check type
    - BUG/MEDIUM: tcp-check: don't rely on random memory contents
    - BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect
    - BUG/MINOR: config: fix typo in condition when propagating process binding
    - BUG/MEDIUM: config: do not propagate processes between stopped processes
    - BUG/MAJOR: stream-int: properly check the memory allocation return
    - BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
    - BUG/MAJOR: namespaces: conn->target is not necessarily a server
    - BUG/MEDIUM: compression: correctly report zlib_mem
    - CLEANUP: lists: remove dead code
    - CLEANUP: memory: remove dead code
    - CLEANUP: memory: replace macros pool_alloc2/pool_free2 with functions
    - MINOR: memory: cut pool allocator in 3 layers
    - MEDIUM: memory: improve pool_refill_alloc() to pass a refill count
    - MINOR: stream-int: retrieve session pointer from stream-int
    - MINOR: buffer: reset a buffer in b_reset() and not channel_init()
    - MEDIUM: buffer: use b_alloc() to allocate and initialize a buffer
    - MINOR: buffer: move buffer initialization after channel initialization
    - MINOR: buffer: only use b_free to release buffers
    - MEDIUM: buffer: always assign a dummy empty buffer to channels
    - MEDIUM: buffer: add a new buf_wanted dummy buffer to report failed allocations
    - MEDIUM: channel: do not report full when buf_empty is present on a channel
    - MINOR: session: group buffer allocations together
    - MINOR: buffer: implement b_alloc_fast()
    - MEDIUM: buffer: implement b_alloc_margin()
    - MEDIUM: session: implement a basic atomic buffer allocator
    - MAJOR: session: implement a wait-queue for sessions who need a buffer
    - MAJOR: session: only allocate buffers when needed
    - MINOR: stats: report a "waiting" flags for sessions
    - MAJOR: session: only wake up as many sessions as available buffers permit
    - MINOR: config: implement global setting tune.buffers.reserve
    - MINOR: config: implement global setting tune.buffers.limit
    - MEDIUM: channel: implement a zero-copy buffer transfer
    - MEDIUM: stream-int: support splicing from applets
    - OPTIM: stream-int: try to send pending spliced data
    - CLEANUP: session: remove session_from_task()
    - DOC: add missing entry for log-format and clarify the text
    - MINOR: logs: add a new per-proxy "log-tag" directive
    - BUG/MEDIUM: http: fix header removal when previous header ends with pure LF
    - MINOR: config: extend the default max hostname length to 64 and beyond
    - BUG/MEDIUM: channel: fix possible integer overflow on reserved size computation
    - BUG/MINOR: channel: compare to_forward with buf->i, not buf->size
    - MINOR: channel: add channel_in_transit()
    - MEDIUM: channel: make buffer_reserved() use channel_in_transit()
    - MEDIUM: channel: make bi_avail() use channel_in_transit()
    - BUG/MEDIUM: channel: don't schedule data in transit for leaving until connected
    - CLEANUP: channel: rename channel_reserved -> channel_is_rewritable
    - MINOR: channel: rename channel_full() to !channel_may_recv()
    - MINOR: channel: rename buffer_reserved() to channel_reserved()
    - MINOR: channel: rename buffer_max_len() to channel_recv_limit()
    - MINOR: channel: rename bi_avail() to channel_recv_max()
    - MINOR: channel: rename bi_erase() to channel_truncate()
    - BUG/MAJOR: log: don't try to emit a log if no logger is set
    - MINOR: tools: add new round_2dig() function to round integers
    - MINOR: global: always export some SSL-specific metrics
    - MINOR: global: report information about the cost of SSL connections
    - MAJOR: init: automatically set maxconn and/or maxsslconn when possible
    - MINOR: http: add a new fetch "query" to extract the request's query string
    - MINOR: hash: add new function hash_crc32
    - MINOR: samples: provide a "crc32" converter
    - MEDIUM: backend: add the crc32 hash algorithm for load balancing
    - BUG/MINOR: args: add missing entry for ARGT_MAP in arg_type_names
    - BUG/MEDIUM: http: make http-request set-header compute the string before removal
    - MEDIUM: args: use #define to specify the number of bits used by arg types and counts
    - MEDIUM: args: increase arg type to 5 bits and limit arg count to 5
    - MINOR: args: add type-specific flags for each arg in a list
    - MINOR: args: implement a new arg type for regex : ARGT_REG
    - MEDIUM: regex: add support for passing regex flags to regex_exec_match()
    - MEDIUM: samples: add a regsub converter to perform regex-based transformations
    - BUG/MINOR: sample: fix case sensitivity for the regsub converter
    - MEDIUM: http: implement http-request set-{method,path,query,uri}
    - DOC: fix missing closing brackend on regsub
    - MEDIUM: samples: provide basic arithmetic and bitwise operators
    - MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set
    - BUG/MINOR: http: fix incorrect header value offset in replace-hdr/replace-value
    - BUG/MINOR: http: abort request processing on filter failure
    - MEDIUM: tcp: implement tcp-ut bind option to set TCP_USER_TIMEOUT
    - MINOR: ssl/server: add the "no-ssl-reuse" server option
    - BUG/MAJOR: peers: initialize s->buffer_wait when creating the session
    - MINOR: http: add a new function to iterate over each header line
    - MINOR: http: add the new sample fetches req.hdr_names and res.hdr_names
    - MEDIUM: task: always ensure that the run queue is consistent
    - BUILD: Makefile: add -Wdeclaration-after-statement
    - BUILD/CLEANUP: ssl: avoid a warning due to mixed code and declaration
    - BUILD/CLEANUP: config: silent 3 warnings about mixed declarations with code
    - MEDIUM: protocol: use a family array to index the protocol handlers
    - BUILD: lua: cleanup many mixed occurrences declarations & code
    - BUG/MEDIUM: task: fix recently introduced scheduler skew
    - BUG/MINOR: lua: report the correct function name in an error message
    - BUG/MAJOR: http: fix stats regression consecutive to HTTP_RULE_RES_YIELD
    - Revert "BUG/MEDIUM: lua: can't handle the response bytes"
    - MINOR: lua: convert IP addresses to type string
    - CLEANUP: lua: use the same function names in C and Lua
    - REORG/MAJOR: move session's req and resp channels back into the session
    - CLEANUP: remove now unused channel pool
    - REORG/MEDIUM: stream-int: introduce si_ic/si_oc to access channels
    - MEDIUM: stream-int: add a flag indicating which side the SI is on
    - MAJOR: stream-int: only rely on SI_FL_ISBACK to find the requested channel
    - MEDIUM: stream-interface: remove now unused pointers to channels
    - MEDIUM: stream-int: make si_sess() use the stream int's side
    - MEDIUM: stream-int: use si_task() to retrieve the task from the stream int
    - MEDIUM: stream-int: remove any reference to the owner
    - CLEANUP: stream-int: add si_ib/si_ob to dereference the buffers
    - CLEANUP: stream-int: add si_opposite() to find the other stream interface
    - REORG/MEDIUM: channel: only use chn_prod / chn_cons to find stream-interfaces
    - MEDIUM: channel: add a new flag "CF_ISRESP" for the response channel
    - MAJOR: channel: only rely on the new CF_ISRESP flag to find the SI
    - MEDIUM: channel: remove now unused ->prod and ->cons pointers
    - CLEANUP: session: simplify references to chn_{prod,cons}(&s->{req,res})
    - CLEANUP: session: use local variables to access channels / stream ints
    - CLEANUP: session: don't needlessly pass a pointer to the stream-int
    - CLEANUP: session: don't use si_{ic,oc} when we know the session.
    - CLEANUP: stream-int: limit usage of si_ic/si_oc
    - CLEANUP: lua: limit usage of si_ic/si_oc
    - MINOR: channel: add chn_sess() helper to retrieve session from channel
    - MEDIUM: session: simplify receive buffer allocator to only use the channel
    - MEDIUM: lua: use CF_ISRESP to detect the channel's side
    - CLEANUP: lua: remove the session pointer from hlua_channel
    - CLEANUP: lua: hlua_channel_new() doesn't need the pointer to the session anymore
    - MEDIUM: lua: remove struct hlua_channel
    - MEDIUM: lua: remove hlua_sample_fetch
2015-03-11 23:57:23 +01:00
Willy Tarreau
ca3094d0b1 BUILD: remove TODO from the spec file and add README
This used to cause a build failure since 1.5.0, as reported by
Timothy Shelton. The proxy protocol doc was also added.
2014-06-26 08:21:43 +02:00
Willy Tarreau
15480d7250 [DEV] open new 1.6 development branch
This new branch is based on 1.5.0, which 1.6-dev0 is 100% equivalent to.
The README has been updated to mention that it is a development branch.

Released version 1.6-dev0 with the following main changes :
    - exact copy of 1.5.0
2014-06-19 21:11:06 +02:00
Willy Tarreau
9229f1248f [RELEASE] Released version 1.5.0
Released version 1.5.0 with the following main changes :
    - MEDIUM: ssl: ignored file names ending as '.issuer' or '.ocsp'.
    - MEDIUM: ssl: basic OCSP stapling support.
    - MINOR: ssl/cli: Fix unapropriate comment in code on 'set ssl ocsp-response'
    - MEDIUM: ssl: add 300s supported time skew on OCSP response update.
    - MINOR: checks: mysql-check: Add support for v4.1+ authentication
    - MEDIUM: ssl: Add the option to use standardized DH parameters >= 1024 bits
    - MEDIUM: ssl: fix detection of ephemeral diffie-hellman key exchange by using the cipher description.
    - MEDIUM: http: add actions "replace-header" and "replace-values" in http-req/resp
    - MEDIUM: Break out check establishment into connect_chk()
    - MEDIUM: Add port_to_str helper
    - BUG/MEDIUM: fix ignored values for half-closed timeouts (client-fin and server-fin) in defaults section.
    - BUG/MEDIUM: Fix unhandled connections problem with systemd daemon mode and SO_REUSEPORT.
    - MINOR: regex: fix a little configuration memory leak.
    - MINOR: regex: Create JIT compatible function that return match strings
    - MEDIUM: regex: replace all standard regex function by own functions
    - MEDIUM: regex: Remove null terminated strings.
    - MINOR: regex: Use native PCRE API.
    - MINOR: missing regex.h include
    - DOC: Add Exim as Proxy Protocol implementer.
    - BUILD: don't use type "uint" which is not portable
    - BUILD: stats: workaround stupid and bogus -Werror=format-security behaviour
    - BUG/MEDIUM: http: clear CF_READ_NOEXP when preparing a new transaction
    - CLEANUP: http: don't clear CF_READ_NOEXP twice
    - DOC: fix proxy protocol v2 decoder example
    - DOC: fix remaining occurrences of "pattern extraction"
    - MINOR: log: allow the HTTP status code to be logged even in TCP frontends
    - MINOR: logs: don't limit HTTP header captures to HTTP frontends
    - MINOR: sample: improve sample_fetch_string() to report partial contents
    - MINOR: capture: extend the captures to support non-header keys
    - MINOR: tcp: prepare support for the "capture" action
    - MEDIUM: tcp: add a new tcp-request capture directive
    - MEDIUM: session: allow shorter retry delay if timeout connect is small
    - MEDIUM: session: don't apply the retry delay when redispatching
    - MEDIUM: session: redispatch earlier when possible
    - MINOR: config: warn when tcp-check rules are used without option tcp-check
    - BUG/MINOR: connection: make proxy protocol v1 support the UNKNOWN protocol
    - DOC: proxy protocol example parser was still wrong
    - DOC: minor updates to the proxy protocol doc
    - CLEANUP: connection: merge proxy proto v2 header and address block
    - MEDIUM: connection: add support for proxy protocol v2 in accept-proxy
    - MINOR: tools: add new functions to quote-encode strings
    - DOC: clarify the CSV format
    - MEDIUM: stats: report the last check and last agent's output on the CSV status
    - MINOR: freq_ctr: introduce a new averaging method
    - MEDIUM: session: maintain per-backend and per-server time statistics
    - MEDIUM: stats: report per-backend and per-server time stats in HTML and CSV outputs
    - BUG/MINOR: http: fix typos in previous patch
    - DOC: remove the ultra-obsolete TODO file
    - DOC: update roadmap
    - DOC: minor updates to the README
    - DOC: mention the maxconn limitations with the select poller
    - DOC: commit a few old design thoughts files
2014-06-19 21:02:32 +02:00
Willy Tarreau
2e85840266 [RELEASE] Released version 1.5-dev26
Released version 1.5-dev26 with the following main changes :
    - BUG/MEDIUM: polling: fix possible CPU hogging of worker processes after receiving SIGUSR1.
    - BUG/MINOR: stats: fix a typo on a closing tag for a server tracking another one
    - OPTIM: stats: avoid the calculation of a useless link on tracking servers in maintenance
    - MINOR: fix a few memory usage errors
    - CONTRIB: halog: Filter input lines by date and time through timestamp
    - MINOR: ssl: SSL_CTX_set_options() and SSL_CTX_set_mode() take a long, not an int
    - BUG/MEDIUM: regex: fix risk of buffer overrun in exp_replace()
    - MINOR: acl: set "str" as default match for strings
    - DOC: Add some precisions about acl default matching method
    - MEDIUM: acl: strenghten the option parser to report invalid options
    - BUG/MEDIUM: config: a stats-less config crashes in 1.5-dev25
    - BUG/MINOR: checks: tcp-check must not stop on '\0' for binary checks
    - MINOR: stats: improve alignment of color codes to save one line of header
    - MINOR: checks: simplify and improve reporting of state changes when using log-health-checks
    - MINOR: server: remove the SRV_DRAIN flag which can always be deduced
    - MINOR: server: use functions to detect state changes and to update them
    - MINOR: server: create srv_was_usable() from srv_is_usable() and use a pointer
    - BUG/MINOR: stats: do not report "100%" in the thottle column when server is draining
    - BUG/MAJOR: config: don't free valid regex memory
    - BUG/MEDIUM: session: don't clear CF_READ_NOEXP if analysers are not called
    - BUG/MINOR: stats: tracking servers may incorrectly report an inherited DRAIN status
    - MEDIUM: proxy: make timeout parser a bit stricter
    - REORG/MEDIUM: server: split server state and flags in two different variables
    - REORG/MEDIUM: server: move the maintenance bits out of the server state
    - MAJOR: server: use states instead of flags to store the server state
    - REORG: checks: put the functions in the appropriate files !
    - MEDIUM: server: properly support and propagate the maintenance status
    - MEDIUM: server: allow multi-level server tracking
    - CLEANUP: checks: rename the server_status_printf function
    - MEDIUM: checks: simplify server up/down/nolb transitions
    - MAJOR: checks: move health checks changes to set_server_check_status()
    - MINOR: server: make the status reporting function support a reason
    - MINOR: checks: simplify health check reporting functions
    - MINOR: server: implement srv_set_stopped()
    - MINOR: server: implement srv_set_running()
    - MINOR: server: implement srv_set_stopping()
    - MEDIUM: checks: simplify failure notification using srv_set_stopped()
    - MEDIUM: checks: simplify success notification using srv_set_running()
    - MEDIUM: checks: simplify stopping mode notification using srv_set_stopping()
    - MEDIUM: stats: report a server's own state instead of the tracked one's
    - MINOR: server: make use of srv_is_usable() instead of checking eweight
    - MAJOR: checks: add support for a new "drain" administrative mode
    - MINOR: stats: use the admin flags for soft enable/disable/stop/start on the web page
    - MEDIUM: stats: introduce new actions to simplify admin status management
    - MINOR: cli: introduce a new "set server" command
    - MINOR: stats: report a distinct output for DOWN caused by agent
    - MINOR: checks: support specific check reporting for the agent
    - MINOR: checks: support a neutral check result
    - BUG/MINOR: cli: "agent" was missing from the "enable"/"disable" help message
    - MEDIUM: cli: add support for enabling/disabling health checks.
    - MEDIUM: stats: report down caused by agent prior to reporting up
    - MAJOR: agent: rework the response processing and support additional actions
    - MINOR: stats: improve the stats web page to support more actions
    - CONTRIB: halog: avoid calling time/localtime/mktime for each line
    - DOC: document the workarouds for Google Chrome's bogus pre-connect
    - MINOR: stats: report SSL key computations per second
    - MINOR: stats: add counters for SSL cache lookups and misses
2014-05-28 17:50:53 +02:00
Willy Tarreau
a3393955da [RELEASE] Released version 1.5-dev25
Released version 1.5-dev25 with the following main changes :
    - MEDIUM: connection: Implement and extented PROXY Protocol V2
    - MINOR: ssl: clean unused ACLs declarations
    - MINOR: ssl: adds fetchs and ACLs for ssl back connection.
    - MINOR: ssl: merge client's and frontend's certificate functions.
    - MINOR: ssl: adds ssl_f_sha1 fetch to return frontend's certificate fingerprint
    - MINOR: ssl: adds sample converter base64 for binary type.
    - MINOR: ssl: convert to binary ssl_fc_unique_id and ssl_bc_unique_id.
    - BUG/MAJOR: ssl: Fallback to private session cache if current lock mode is not supported.
    - MAJOR: ssl: Change default locks on ssl session cache.
    - BUG/MINOR: chunk: Fix function chunk_strcmp and chunk_strcasecmp match a substring.
    - MINOR: ssl: add global statement tune.ssl.force-private-cache.
    - MINOR: ssl: remove fallback to SSL session private cache if lock init fails.
    - BUG/MEDIUM: patterns: last fix was still not enough
    - MINOR: http: export the smp_fetch_cookie function
    - MINOR: http: generic pointer to rule argument
    - BUG/MEDIUM: pattern: a typo breaks automatic acl/map numbering
    - BUG/MAJOR: patterns: -i and -n are ignored for inlined patterns
    - BUG/MINOR: proxy: unsafe initialization of HTTP transaction when switching from TCP frontend
    - BUG/MINOR: http: log 407 in case of proxy auth
    - MINOR: http: rely on the message body parser to send 100-continue
    - MEDIUM: http: move reqadd after execution of http_request redirect
    - MEDIUM: http: jump to dedicated labels after http-request processing
    - BUG/MINOR: http: block rules forgot to increment the denied_req counter
    - BUG/MINOR: http: block rules forgot to increment the session's request counter
    - MEDIUM: http: move Connection header processing earlier
    - MEDIUM: http: remove even more of the spaghetti in the request path
    - MINOR: http: silently support the "block" action for http-request
    - CLEANUP: proxy: rename "block_cond" to "block_rules"
    - MEDIUM: http: emulate "block" rules using "http-request" rules
    - MINOR: http: remove the now unused loop over "block" rules
    - MEDIUM: http: factorize the "auth" action of http-request and stats
    - MEDIUM: http: make http-request rules processing return a verdict instead of a rule
    - MINOR: config: add minimum support for emitting warnings only once
    - MEDIUM: config: inform the user about the deprecatedness of "block" rules
    - MEDIUM: config: inform the user that "reqsetbe" is deprecated
    - MEDIUM: config: inform the user only once that "redispatch" is deprecated
    - MEDIUM: config: warn that '{cli,con,srv}timeout' are deprecated
    - BUG/MINOR: auth: fix wrong return type in pat_match_auth()
    - BUILD: config: remove a warning with clang
    - BUG/MAJOR: http: connection setup may stall on balance url_param
    - BUG/MEDIUM: http/session: disable client-side expiration only after body
    - BUG/MEDIUM: http: correctly report request body timeouts
    - BUG/MEDIUM: http: disable server-side expiration until client has sent the body
    - MEDIUM: listener: make the accept function more robust against pauses
    - BUILD: syscalls: remove improper inline statement in front of syscalls
    - BUILD: ssl: SSL_CTX_set_msg_callback() needs openssl >= 0.9.7
    - BUG/MAJOR: session: recover the correct connection pointer in half-initialized sessions
    - DOC: add some explanation on the shared cache build options in the readme.
    - MEDIUM: proxy: only adjust the backend's bind-process when already set
    - MEDIUM: config: limit nbproc to the machine's word size
    - MEDIUM: config: check the bind-process settings according to nbproc
    - MEDIUM: listener: parse the new "process" bind keyword
    - MEDIUM: listener: inherit the process mask from the proxy
    - MAJOR: listener: only start listeners bound to the same processes
    - MINOR: config: only report a warning when stats sockets are bound to more than 1 process
    - CLEANUP: config: set the maxaccept value for peers listeners earlier
    - BUG/MINOR: backend: only match IPv4 addresses with RDP cookies
    - BUG/MINOR: checks: correctly configure the address family and protocol
    - MINOR: tools: split is_addr() and is_inet_addr()
    - MINOR: protocols: use is_inet_addr() when only INET addresses are desired
    - MEDIUM: unix: add preliminary support for connecting to servers over UNIX sockets
    - MEDIUM: checks: only complain about the missing port when the check uses TCP
    - MEDIUM: unix: implement support for Linux abstract namespace sockets
    - DOC: map_beg was missing from the table of map_* converters
    - DOC: ebtree: indicate that prefix insertion/lookup may be used with strings
    - MEDIUM: pattern: use ebtree's longest match to index/lookup string beginning
    - BUILD: remove the obsolete BSD and OSX makefiles
    - MEDIUM: unix: avoid a double connect probe when no data are sent
    - DOC: stop referencing the slow git repository in the README
    - BUILD: only build the systemd wrapper on Linux 2.6 and above
    - DOC: update roadmap with completed tasks
    - MEDIUM: session: implement half-closed timeouts (client-fin and server-fin)
2014-05-10 15:16:43 +02:00
Willy Tarreau
8860dcd70a [RELEASE] Released version 1.5-dev24
Released version 1.5-dev24 with the following main changes :
    - MINOR: pattern: find element in a reference
    - MEDIUM: http: ACL and MAP updates through http-(request|response) rules
    - MEDIUM: ssl: explicitly log failed handshakes after a heartbeat
    - DOC: Full section dedicated to the converters
    - MEDIUM: http: register http-request and http-response keywords
    - BUG/MINOR: compression: correctly report incoming byte count
    - BUG/MINOR: http: don't report server aborts as client aborts
    - BUG/MEDIUM: channel: bi_putblk() must not wrap before the end of buffer
    - CLEANUP: buffers: remove unused function buffer_contig_space_with_res()
    - MEDIUM: stats: reimplement HTTP keep-alive on the stats page
    - BUG/MAJOR: http: fix timeouts during data forwarding
    - BUG/MEDIUM: http: 100-continue responses must process the next part immediately
    - MEDIUM: http: move skipping of 100-continue earlier
    - BUILD: stats: let gcc know that last_fwd cannot be used uninitialized...
    - CLEANUP: general: get rid of all old occurrences of "session *t"
    - CLEANUP: http: remove the useless "if (1)" inherited from version 1.4
    - BUG/MEDIUM: stats: mismatch between behaviour and doc about front/back
    - MEDIUM: http: enable analysers to have keep-alive on stats
    - REORG: http: move HTTP Connection response header parsing earlier
    - MINOR: stats: always emit HTTP/1.1 in responses
    - MINOR: http: add capture.req.ver and capture.res.ver
    - MINOR: checks: add a new global max-spread-checks directive
    - BUG/MAJOR: http: fix the 'next' pointer when performing a redirect
    - MINOR: http: implement the max-keep-alive-queue setting
    - DOC: fix alphabetic order of tcp-check
    - MINOR: connection: add a new error code for SSL with heartbeat
    - MEDIUM: ssl: implement a workaround for the OpenSSL heartbleed attack
    - BUG/MEDIUM: Revert "MEDIUM: ssl: Add standardized DH parameters >= 1024 bits"
    - BUILD: http: remove a warning on strndup
    - BUILD: ssl: avoid a warning about conn not used with OpenSSL < 1.0.1
    - BUG/MINOR: ssl: really block OpenSSL's response to heartbleed attack
    - MINOR: ssl: finally catch the heartbeats missing the padding
2014-04-26 00:08:14 +02:00
Willy Tarreau
8317b283fb [RELEASE] Released version 1.5-dev23
Released version 1.5-dev23 with the following main changes :
    - BUG/MINOR: reject malformed HTTP/0.9 requests
    - MINOR: systemd wrapper: re-execute on SIGUSR2
    - MINOR: systemd wrapper: improve logging
    - MINOR: systemd wrapper: propagate exit status
    - BUG/MINOR: tcpcheck connect wrong behavior
    - MEDIUM: proxy: support use_backend with dynamic names
    - MINOR: stats: Enhancement to stats page to provide information of last session time.
    - BUG/MEDIUM: peers: fix key consistency for integer stick tables
    - DOC: fix a typo on http-server-close and encapsulate options with double-quotes
    - DOC: fix fetching samples syntax
    - MINOR: ssl: add ssl_fc_unique_id to fetch TLS Unique ID
    - MEDIUM: ssl: Use ALPN support as it will be available in OpenSSL 1.0.2
    - DOC: fix typo
    - CLEANUP: code style: use tabs to indent codes instead of spaces
    - DOC: fix a few config typos.
    - BUG/MINOR: raw_sock: also consider ENOTCONN in addition to EAGAIN for recv()
    - DOC: lowercase format string in unique-id
    - MINOR: set IP_FREEBIND on IPv6 sockets in transparent mode
    - BUG/MINOR: acl: req_ssl_sni fails with SSLv3 record version
    - BUG/MINOR: build: add missing objects in osx and bsd Makefiles
    - BUG/MINOR: build: handle whitespaces in wc -l output
    - BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO
    - MEDIUM: ssl: Add standardized DH parameters >= 1024 bits
    - BUG/MEDIUM: map: The map parser includes blank lines.
    - BUG/MINOR: log: The log of quotted capture header has been terminated by 2 quotes.
    - MINOR: standard: add function "encode_chunk"
    - BUG/MINOR: http: fix encoding of samples used in http headers
    - MINOR: sample: add hex converter
    - MEDIUM: sample: change the behavior of the bin2str cast
    - MAJOR: auth: Change the internal authentication system.
    - MEDIUM: acl/pattern: standardisation "of pat_parse_int()" and "pat_parse_dotted_ver()"
    - MEDIUM: pattern: The pattern parser no more uses <opaque> and just takes one string.
    - MEDIUM: pattern: Change the prototype of the function pattern_register().
    - CONTRIB: ip6range: add a network IPv6 range to mask converter
    - MINOR: pattern: separe list element from the data part.
    - MEDIUM: pattern: add indexation function.
    - MEDIUM: pattern: The parse functions just return "struct pattern" without memory allocation
    - MINOR: pattern: Rename "pat_idx_elt" to "pattern_tree"
    - MINOR: sample: dont call the sample cast function "c_none"
    - MINOR: standard: Add function for converting cidr to network mask.
    - MEDIUM: sample: Remove types SMP_T_CSTR and SMP_T_CBIN, replace it by SMP_F_CONST flags
    - MEDIUM: sample/http_proto: Add new type called method
    - MINOR: dumpstats: Group map inline help
    - MEDIUM: pattern: The function pattern_exec_match() returns "struct pattern" if the patten match.
    - MINOR: dumpstats: change map inline sentences
    - MINOR: dumpstats: change the "get map" display management
    - MINOR: map/dumpstats: The cli cmd "get map ..." display the "int" format.
    - MEDIUM: pattern: The match function browse itself the list or the tree.
    - MEDIUM: pattern: Index IPv6 addresses in a tree.
    - MEDIUM: pattern: add delete functions
    - MEDIUM: pattern: add prune function
    - MEDIUM: pattern: add sample lookup function.
    - MEDIUM: pattern/dumpstats: The function pattern_lookup() is no longer used
    - MINOR: map/pattern: The sample parser is stored in the pattern
    - MAJOR: pattern/map: Extends the map edition system in the patterns
    - MEDIUM: pattern: merge same pattern
    - MEDIUM: pattern: The expected type is stored in the pattern head, and conversion is executed once.
    - MINOR: pattern: Each pattern is identified by unique id.
    - MINOR: pattern/acl: Each pattern of each acl can be load with specified id
    - MINOR: pattern: The function "pattern_register()" is no longer used.
    - MINOR: pattern: Merge function pattern_add() with pat_ref_push().
    - MINOR: pattern: store configuration reference for each acl or map pattern.
    - MINOR: pattern: Each pattern expression element store the reference struct.
    - MINOR: dumpstats: display the reference for th key/pattern and value.
    - MEDIUM: pattern: delete() function uses the pat_ref_elt to find the element to be removed
    - MEDIUM: pattern_find_smp: functions find_smp uses the pat_ref_elt to find the element to be removed
    - MEDIUM: dumpstats/pattern: display and use each pointer of each pattern dumped
    - MINOR: pattern/map/acl: Centralization of the file parsers
    - MINOR: pattern: Check if the file reference is not used with acl and map
    - MINOR: acl/pattern: Acl "-M" option force to load file as map file with two columns
    - MEDIUM: dumpstats: Display error message during add of values.
    - MINOR: pattern: The function pat_ref_set() have now atomic behavior
    - MINOR: regex: The pointer regstr in the struc regex is no longer used.
    - MINOR: cli: Block the usage of the command "acl add" in many cases.
    - MINOR: doc: Update the documentation about the map and acl
    - MINOR: pattern: index duplicates
    - MINOR: configuration: File and line propagation
    - MINOR: dumpstat/conf: display all the configuration lines that using pattern reference
    - MINOR: standard: Disable ip resolution during the runtime
    - MINOR: pattern: Remove the flag "PAT_F_FROM_FILE".
    - MINOR: pattern: forbid dns resolutions
    - DOC: document "get map" / "get acl" on the CLI
    - MEDIUM: acl: Change the acl register struct
    - BUG/MEDIUM: acl: boolean only matches were broken by recent changes
    - DOC: pattern: pattern organisation schematics
    - MINOR: pattern/cli: Update used terms in documentation and cli
    - MINOR: cli: remove information about acl or map owner.
    - MINOR: session: don't always assume there's a listener
    - MINOR: pattern: Add function to prune and reload pattern list.
    - MINOR: standard: Add ipv6 support in the function url2sa().
    - MEDIUM: config: Dynamic sections.
    - BUG/MEDIUM: stick-table: fix IPv4-to-IPv6 conversion in src_* fetches
    - MINOR: http: Add the "language" converter to for use with accept-language
    - BUG/MINOR: log: Don't dump empty unique-id
    - BUG/MAJOR: session: fix a possible crash with src_tracked
    - DOC: Update "language" documentation
    - MINOR: http: add the function "del-header" to the directives http-request and http-response
    - DOC: add some information on capture.(req|res).hdr
    - MINOR: http: capture.req.method and capture.req.uri
    - MINOR: http: optimize capture.req.method and capture.req.uri
    - MINOR: session: clean up the connection free code
    - BUG/MEDIUM: checks: immediately report a connection success
    - MEDIUM: connection: don't use real send() flags in snd_buf()
    - OPTIM: ssl: implement dynamic record size adjustment
    - MINOR: stats: report exact last session time in backend too
    - BUG/MEDIUM: stats: the "lastsess" field must appear last in the CSV.
    - BUG/MAJOR: check: fix memory leak in "tcp-check connect" over SSL
    - BUG/MINOR: channel: initialize xfer_small/xfer_large on new buffers
    - MINOR: channel: add the date of last read in the channel
    - MEDIUM: stream-int: automatically disable CF_STREAMER flags after idle
    - MINOR: ssl: add DEFAULT_SSL_MAX_RECORD to set the record size at build time
    - MINOR: config: make the stream interface idle timer user-configurable
    - MINOR: config: add global directives to set default SSL ciphers
    - MINOR: sample: add a rand() sample fetch to return a sample.
    - BUG/MEDIUM: config: immediately abort if peers section has no name
    - BUG/MINOR: ssl: fix syntax in config error message
    - BUG/MEDIUM: ssl: always send a full buffer after EAGAIN
    - BUG/MINOR: config: server on-marked-* statement is ignored in default-server
    - BUG/MEDIUM: backend: prefer-last-server breaks redispatch
    - BUG/MEDIUM: http: continue to emit 503 on keep-alive to different server
    - MEDIUM: acl: fix pattern type for payload / payload_lv
    - BUG/MINOR: config: fix a crash on startup when a disabled backend references a peer
    - BUG/MEDIUM: compression: fix the output type of the compressor name
    - BUG/MEDIUM: http: don't start to forward request data before the connect
    - MINOR: http: release compression context only in http_end_txn()
    - MINOR: protect ebimtree/ebistree against multiple inclusions
    - MEDIUM: proxy: create a tree to store proxies by name
    - MEDIUM: proxy: make findproxy() use trees to look up proxies
    - MEDIUM: proxy: make get_backend_server() use findproxy() to lookup proxies
    - MEDIUM: stick-table: lookup table names using trees.
    - MEDIUM: config: faster lookup for duplicated proxy name
    - CLEANUP: acl: remove obsolete test in parse_acl_expr()
    - MINOR: sample: move smp_to_type to sample.c
    - MEDIUM: compression: consider the "q=" attribute in Accept-Encoding
    - REORG: cfgparse: move server keyword parsing to server.c
    - BUILD: adjust makefile for AIX 5.1
    - BUG/MEDIUM: pattern: fix wrong definition of the pat_prune_fcts array
    - CLEANUP: pattern: move array definitions to proto/ and not types/
    - BUG/MAJOR: counters: check for null-deref when looking up an alternate table
    - BUILD: ssl: previous patch failed
    - BUILD/MEDIUM: standard: get rid of the last strcpy()
    - BUILD/MEDIUM: standard: get rid of sprintf()
    - BUILD/MEDIUM: cfgparse: get rid of sprintf()
    - BUILD/MEDIUM: checks: get rid of sprintf()
    - BUILD/MEDIUM: http: remove calls to sprintf()
    - BUG/MEDIUM: systemd-wrapper: fix locating of haproxy binary
    - BUILD/MINOR: ssl: remove one call to sprintf()
    - MEDIUM: http: don't reject anymore message bodies not containing the url param
    - MEDIUM: http: wait for the first chunk or message body length in http_process_body
    - CLEANUP: http: rename http_process_request_body()
    - CLEANUP: http: prepare dedicated processing for chunked encoded message bodies
    - MINOR: http: make msg->eol carry the last CRLF length
    - MAJOR: http: do not use msg->sol while processing messages or forwarding data
    - MEDIUM: http: http_parse_chunk_crlf() must not advance the buffer pointer
    - MAJOR: http: don't update msg->sov anymore while processing the body
    - MINOR: http: add a small helper to compute the amount of body bytes present
    - MEDIUM: http: add a small helper to compute how far to rewind to find headers
    - MINOR: http: add a small helper to compute how far to rewind to find URI
    - MEDIUM: http: small helpers to compute how far to rewind to find BODY and DATA
    - MAJOR: http: reset msg->sov after headers are forwarded
    - MEDIUM: http: forward headers again while waiting for connection to complete
    - BUG/MINOR: http: deinitialize compression after a parsing error
    - BUG/MINOR: http: deinitialize compression after a compression error
    - MEDIUM: http: headers must be forwarded even if data was already inspected
    - MAJOR: http: re-enable compression on chunked encoding
    - MAJOR: http/compression: fix chunked-encoded response processing
    - MEDIUM: http: cleanup: centralize a little bit HTTP compression end
    - MEDIUM: http: start to centralize the forwarding code
    - MINOR: http: further cleanups of response forwarding function
    - MEDIUM: http: only allocate the temporary compression buffer when needed
    - MAJOR: http: centralize data forwarding in the request path
    - CLEANUP: http: document the response forwarding states
    - CLEANUP: http: remove all calls to http_silent_debug()
    - DOC: internal: add some reminders about HTTP parsing and pointer states
    - BUG/MAJOR: http: fix bug in parse_qvalue() when selecting compression algo
    - BUG/MINOR: stats: last session was not always set
    - DOC: add pointer to the Cyril's HTML doc in the README
    - MEDIUM: config: relax use_backend check to make the condition optional
    - MEDIUM: config: report misplaced http-request rules
    - MEDIUM: config: report misplaced use-server rules
    - DOC: update roadmap with what was done.
2014-04-23 01:49:41 +02:00
Willy Tarreau
1a34d57d26 [RELEASE] Released version 1.5-dev22
Released version 1.5-dev22 with the following main changes :
    - MEDIUM: tcp-check new feature: connect
    - MEDIUM: ssl: Set verify 'required' as global default for servers side.
    - MINOR: ssl: handshake optim for long certificate chains.
    - BUG/MINOR: pattern: pattern comparison executed twice
    - BUG/MEDIUM: map: segmentation fault with the stats's socket command "set map ..."
    - BUG/MEDIUM: pattern: Segfault in binary parser
    - MINOR: pattern: move functions for grouping pat_match_* and pat_parse_* and add documentation.
    - MINOR: standard: The parse_binary() returns the length consumed and his documentation is updated
    - BUG/MINOR: payload: the patterns of the acl "req.ssl_ver" are no parsed with the good function.
    - BUG/MEDIUM: pattern: "pat_parse_dotted_ver()" set bad expect_type.
    - BUG/MINOR: sample: The c_str2int converter does not fail if the entry is not an integer
    - BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests
    - MINOR: doc: Bad cli function name.
    - MINOR: http: smp_fetch_capture_header_* fetch captured headers
    - BUILD: last release inadvertently prepended a "+" in front of the date
    - BUG/MEDIUM: stream-int: fix the keep-alive idle connection handler
    - BUG/MEDIUM: backend: do not re-initialize the connection's context upon reuse
    - BUG: Revert "OPTIM/MEDIUM: epoll: fuse active events into polled ones during polling changes"
    - BUG/MINOR: checks: successful check completion must not re-enable MAINT servers
    - MINOR: http: try to stick to same server after status 401/407
    - BUG/MINOR: http: always disable compression on HTTP/1.0
    - OPTIM: poll: restore polling after a poll/stop/want sequence
    - OPTIM: http: don't stop polling for read on the client side after a request
    - BUG/MEDIUM: checks: unchecked servers could not be enabled anymore
    - BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling
    - BUG/MINOR: channel: CHN_INFINITE_FORWARD must be unsigned
    - BUG/MINOR: stream-int: do not clear the owner upon unregister
    - MEDIUM: stats: add support for HTTP keep-alive on the stats page
    - BUG/MEDIUM: stats: fix HTTP/1.0 breakage introduced in previous patch
    - Revert "MEDIUM: stats: add support for HTTP keep-alive on the stats page"
    - MAJOR: channel: add a new flag CF_WAKE_WRITE to notify the task of writes
    - OPTIM: session: set the READ_DONTWAIT flag when connecting
    - BUG/MINOR: http: don't clear the SI_FL_DONT_WAKE flag between requests
    - MINOR: session: factor out the connect time measurement
    - MEDIUM: session: prepare to support earlier transitions to the established state
    - MEDIUM: stream-int: make si_connect() return an established state when possible
    - MINOR: checks: use an inline function for health_adjust()
    - OPTIM: session: put unlikely() around the freewheeling code
    - MEDIUM: config: report a warning when multiple servers have the same name
    - BUG: Revert "OPTIM: poll: restore polling after a poll/stop/want sequence"
    - BUILD/MINOR: listener: remove a glibc warning on accept4()
    - BUG/MAJOR: connection: fix mismatch between rcv_buf's API and usage
    - BUILD: listener: fix recent accept4() again
    - BUG/MAJOR: ssl: fix breakage caused by recent fix abf08d9
    - BUG/MEDIUM: polling: ensure we update FD status when there's no more activity
    - MEDIUM: listener: fix polling management in the accept loop
    - MINOR: protocol: improve the proto->drain() API
    - MINOR: connection: add a new conn_drain() function
    - MEDIUM: tcp: report in tcp_drain() that lingering is already disabled on close
    - MEDIUM: connection: update callers of ctrl->drain() to use conn_drain()
    - MINOR: connection: add more error codes to report connection errors
    - MEDIUM: tcp: report connection error at the connection level
    - MEDIUM: checks: make use of chk_report_conn_err() for connection errors
    - BUG/MEDIUM: unique_id: HTTP request counter is not stable
    - DOC: fix misleading information about SIGQUIT
    - BUG/MAJOR: fix freezes during compression
    - BUG/MEDIUM: stream-interface: don't wake the task up before end of transfer
    - BUILD: fix VERDATE exclusion regex
    - CLEANUP: polling: rename "spec_e" to "state"
    - DOC: add a diagram showing polling state transitions
    - REORG: polling: rename "spec_e" to "state" and "spec_p" to "cache"
    - REORG: polling: rename "fd_spec" to "fd_cache"
    - REORG: polling: rename the cache allocation functions
    - REORG: polling: rename "fd_process_spec_events()" to "fd_process_cached_events()"
    - MAJOR: polling: rework the whole polling system
    - MAJOR: connection: remove the CO_FL_WAIT_{RD,WR} flags
    - MEDIUM: connection: remove conn_{data,sock}_poll_{recv,send}
    - MEDIUM: connection: add check for readiness in I/O handlers
    - MEDIUM: stream-interface: the polling flags must always be updated in chk_snd_conn
    - MINOR: stream-interface: no need to call fd_stop_both() on error
    - MEDIUM: connection: no need to recheck FD state
    - CLEANUP: connection: use conn_ctrl_ready() instead of checking the flag
    - CLEANUP: connection: use conn_xprt_ready() instead of checking the flag
    - CLEANUP: connection: fix comments in connection.h to reflect new behaviour.
    - OPTIM: raw-sock: don't speculate after a short read if polling is enabled
    - MEDIUM: polling: centralize polled events processing
    - MINOR: polling: create function fd_compute_new_polled_status()
    - MINOR: cli: add more information to the "show info" output
    - MEDIUM: listener: add support for limiting the session rate in addition to the connection rate
    - MEDIUM: listener: apply a limit on the session rate submitted to SSL
    - REORG: stats: move the stats socket states to dumpstats.c
    - MINOR: cli: add the new "show pools" command
    - BUG/MEDIUM: counters: flush content counters after each request
    - BUG/MEDIUM: counters: fix stick-table entry leak when using track-sc2 in connection
    - MINOR: tools: add very basic support for composite pointers
    - MEDIUM: counters: stop relying on session flags at all
    - BUG/MINOR: cli: fix missing break in command line parser
    - BUG/MINOR: config: correctly report when log-format headers require HTTP mode
    - MAJOR: http: update connection mode configuration
    - MEDIUM: http: make keep-alive + httpclose be passive mode
    - MAJOR: http: switch to keep-alive mode by default
    - BUG/MEDIUM: http: fix regression caused by recent switch to keep-alive by default
    - BUG/MEDIUM: listener: improve detection of non-working accept4()
    - BUILD: listener: add fcntl.h and unistd.h
    - BUG/MINOR: raw_sock: correctly set the MSG_MORE flag
2014-02-03 00:41:29 +01:00
Willy Tarreau
6b07bf7598 [RELEASE] Released version 1.5-dev21
Released version 1.5-dev21 with the following main changes :
    - MINOR: stats: don't use a monospace font to report numbers
    - MINOR: session: remove debugging code
    - BUG/MAJOR: patterns: fix double free caused by loading strings from files
    - MEDIUM: http: make option http_proxy automatically rewrite the URL
    - BUG/MEDIUM: http: cook_cnt() forgets to set its output type
    - BUG/MINOR: stats: correctly report throttle rate of low weight servers
    - BUG/MEDIUM: checks: servers must not start in slowstart mode
    - BUG/MINOR: acl: parser must also stop at comma on ACL-only keywords
    - MEDIUM: stream-int: implement a very simplistic idle connection manager
    - DOC: update the ROADMAP file
2013-12-17 00:45:49 +01:00
Willy Tarreau
11f64d65ff [RELEASE] Released version 1.5-dev20
Released version 1.5-dev20 with the following main changes :
    - DOC: add missing options to the manpage
    - DOC: add manpage references to all system calls
    - DOC: update manpage reference to haproxy-en.txt
    - DOC: remove -s and -l options from the manpage
    - DOC: missing information for the "description" keyword
    - DOC: missing http-send-name-header keyword in keyword table
    - MINOR: tools: function my_memmem() to lookup binary contents
    - MEDIUM: checks: add send/expect tcp based check
    - MEDIUM: backend: Enhance hash-type directive with an algorithm options
    - MEDIUM: backend: Implement avalanche as a modifier of the hashing functions.
    - DOC: Documentation for hashing function, with test results.
    - BUG/MEDIUM: ssl: potential memory leak using verifyhost
    - BUILD: ssl: compilation issue with openssl v0.9.6.
    - BUG/MINOR: ssl: potential memory leaks using ssl_c_key_alg or ssl_c_sig_alg.
    - MINOR: ssl: optimization of verifyhost on wildcard certificates.
    - BUG/MINOR: ssl: verifyhost does not match empty strings on wildcard.
    - MINOR: ssl: Add statement 'verifyhost' to "server" statements
    - CLEANUP: session: remove event_accept() which was not used anymore
    - BUG/MINOR: deinit: free fdinfo while doing cleanup
    - DOC: minor typo fix in documentation
    - BUG/MEDIUM: server: set the macro for server's max weight SRV_UWGHT_MAX to SRV_UWGHT_RANGE
    - BUG/MINOR: use the same check condition for server as other algorithms
    - DOC: fix typo in comments
    - BUG/MINOR: deinit: free server map which is allocated in init_server_map()
    - CLEANUP: stream_interface: cleanup loop information in si_conn_send_loop()
    - MINOR: buffer: align the last output line of buffer_dump()
    - MINOR: buffer: align the last output line if there are less than 8 characters left
    - DOC: stick-table: modify the description
    - OPTIM: stream_interface: return directly if the connection flag CO_FL_ERROR has been set
    - CLEANUP: code style: use tabs to indent codes
    - DOC: checkcache: block responses with cacheable cookies
    - BUG/MINOR: check_config_validity: check the returned value of stktable_init()
    - MEDIUM: haproxy-systemd-wrapper: Use haproxy in same directory
    - MEDIUM: systemd-wrapper: Kill child processes when interrupted
    - LOW: systemd-wrapper: Write debug information to stdout
    - BUG/MINOR: http: fix "set-tos" not working in certain configurations
    - MEDIUM: http: add IPv6 support for "set-tos"
    - DOC: ssl: update build instructions to use new SSL_* variables
    - BUILD/MINOR: systemd: fix compiler warning about unused result
    - url32+src - like base32+src but whole url including parameters
    - BUG/MINOR: fix forcing fastinter in "on-error"
    - CLEANUP: Make parameters of srv_downtime and srv_getinter const
    - CLEANUP: Remove unused 'last_slowstart_change' field from struct peer
    - MEDIUM: Split up struct server's check element
    - MEDIUM: Move result element to struct check
    - MEDIUM: Paramatise functions over the check of a server
    - MEDIUM: cfgparse: Factor out check initialisation
    - MEDIUM: Add state to struct check
    - MEDIUM: Move health element to struct check
    - MEDIUM: Add helper for task creation for checks
    - MEDIUM: Add helper function for failed checks
    - MEDIUM: Log agent fail, stopped or down as info
    - MEDIUM: Remove option lb-agent-chk
    - MEDIUM: checks: Add supplementary agent checks
    - MEDIUM: Do not mark a server as down if the agent is unavailable
    - MEDIUM: Set rise and fall of agent checks to 1
    - MEDIUM: Add enable and disable agent unix socket commands
    - MEDIUM: Add DRAIN state and report it on the stats page
    - BUILD/MINOR: missing header file
    - CLEANUP: regex: Create regex_comp function that compiles regex using compilation options
    - CLEANUP: The function "regex_exec" needs the string length but in many case they expect null terminated char.
    - MINOR: http: some exported functions were not in the header file
    - MINOR: http: change url_decode to return the size of the decoded string.
    - BUILD/MINOR: missing header file
    - BUG/MEDIUM: sample: The function v4tov6 cannot support input and output overlap
    - BUG/MINOR: arg: fix error reporting for add-header/set-header sample fetch arguments
    - MINOR: sample: export the generic sample conversion parser
    - MINOR: sample: export sample_casts
    - MEDIUM: acl: use the fetch syntax 'fetch(args),conv(),conv()' into the ACL keyword
    - MINOR: stick-table: use smp_expr_output_type() to retrieve the output type of a "struct sample_expr"
    - MINOR: sample: provide the original sample_conv descriptor struct to the argument checker function.
    - MINOR: tools: Add a function to convert buffer to an ipv6 address
    - MINOR: acl: export acl arrays
    - MINOR: acl: Extract the pattern parsing and indexation from the "acl_read_patterns_from_file()" function
    - MINOR: acl: Extract the pattern matching function
    - MINOR: sample: Define new struct sample_storage
    - MEDIUM: acl: associate "struct sample_storage" to each "struct acl_pattern"
    - REORG: acl/pattern: extract pattern matching from the acl file and create pattern.c
    - MEDIUM: pattern: create pattern expression
    - MEDIUM: pattern: rename "acl" prefix to "pat"
    - MEDIUM: sample: let the cast functions set their output type
    - MINOR: sample: add a private field to the struct sample_conv
    - MINOR: map: Define map types
    - MEDIUM: sample: add the "map" converter
    - MEDIUM: http: The redirect strings follows the log format rules.
    - BUG/MINOR: acl: acl parser does not recognize empty converter list
    - BUG/MINOR: map: The map list was declared in the map.h file
    - MINOR: map: Cleanup the initialisation of map descriptors.
    - MEDIUM: map: merge identical maps
    - BUG/MEDIUM: pattern: Pattern node has type of "struct pat_idx_elt" in place of "struct eb_node"
    - BUG/MEDIUM: map: Bad map file parser
    - CLEANUP/MINOR: standard: use the system define INET6_ADDRSTRLEN in place of MAX_IP6_LEN
    - BUG/MEDIUM: sample: conversion from str to ipv6 may read data past end
    - MINOR: map: export map_get_reference() function
    - MINOR: pattern: Each pattern sets the expected input type
    - MEDIUM: acl: Last patch change the output type
    - MEDIUM: pattern: Extract the index process from the pat_parse_*() functions
    - MINOR: standard: The function parse_binary() can use preallocated buffer
    - MINOR: regex: Change the struct containing regex
    - MINOR: regex: Copy the original regex expression into string.
    - MINOR: pattern: add support for compiling patterns for lookups
    - MINOR: pattern: make the pattern matching function return a pointer to the matched element
    - MINOR: map: export parse output sample functions
    - MINOR: pattern: add function to lookup a specific entry in pattern list
    - MINOR: pattern/map: Each pattern must free the associated sample
    - MEDIUM: dumpstat: make the CLI parser understand the backslash as an escape char
    - MEDIUM: map: dynamic manipulation of maps
    - BUG/MEDIUM: unique_id: junk in log on empty unique_id
    - BUG/MINOR: log: junk at the end of syslog packet
    - MINOR: Makefile: provide cscope rule
    - DOC: compression: chunk are not compressed anymore
    - MEDIUM: session: disable lingering on the server when the client aborts
    - BUG/MEDIUM: prevent gcc from moving empty keywords lists into BSS
    - DOC: remove the comment saying that SSL certs are not checked on the server side
    - BUG: counters: third counter was not stored if others unset
    - BUG/MAJOR: http: don't emit the send-name-header when no server is available
    - BUG/MEDIUM: http: "option checkcache" fails with the no-cache header
    - BUG/MAJOR: http: sample prefetch code was not properly migrated
    - BUG/MEDIUM: splicing: fix abnormal CPU usage with splicing
    - BUG/MINOR: stream_interface: don't call chk_snd() on polled events
    - OPTIM: splicing: use splice() for the last block when relevant
    - MEDIUM: sample: handle comma-delimited converter list
    - MINOR: sample: fix sample_process handling of unstable data
    - CLEANUP: acl: move the 3 remaining sample fetches to samples.c
    - MINOR: sample: add a new "date" fetch to return the current date
    - MINOR: samples: add the http_date([<offset>]) sample converter.
    - DOC: minor improvements to the part on the stats socket.
    - MEDIUM: sample: systematically pass the keyword pointer to the keyword
    - MINOR: payload: split smp_fetch_rdp_cookie()
    - MINOR: counters: factor out smp_fetch_sc*_tracked
    - MINOR: counters: provide a generic function to retrieve a stkctr for sc* and src.
    - MEDIUM: counters: factor out smp_fetch_sc*_get_gpc0
    - MEDIUM: counters: factor out smp_fetch_sc*_gpc0_rate
    - MEDIUM: counters: factor out smp_fetch_sc*_inc_gpc0
    - MEDIUM: counters: factor out smp_fetch_sc*_clr_gpc0
    - MEDIUM: counters: factor out smp_fetch_sc*_conn_cnt
    - MEDIUM: counters: factor out smp_fetch_sc*_conn_rate
    - MEDIUM: counters: factor out smp_fetch_sc*_conn_cur
    - MEDIUM: counters: factor out smp_fetch_sc*_sess_cnt
    - MEDIUM: counters: factor out smp_fetch_sc*_sess_rate
    - MEDIUM: counters: factor out smp_fetch_sc*_http_req_cnt
    - MEDIUM: counters: factor out smp_fetch_sc*_http_req_rate
    - MEDIUM: counters: factor out smp_fetch_sc*_http_err_cnt
    - MEDIUM: counters: factor out smp_fetch_sc*_http_err_rate
    - MEDIUM: counters: factor out smp_fetch_sc*_kbytes_in
    - MEDIUM: counters: factor out smp_fetch_sc*_bytes_in_rate
    - MEDIUM: counters: factor out smp_fetch_sc*_kbytes_out
    - MEDIUM: counters: factor out smp_fetch_sc*_bytes_out_rate
    - MEDIUM: counters: factor out smp_fetch_sc*_trackers
    - MINOR: session: make the number of stick counter entries more configurable
    - MEDIUM: counters: support passing the counter number as a fetch argument
    - MEDIUM: counters: support looking up a key in an alternate table
    - MEDIUM: cli: adjust the method for feeding frequency counters in tables
    - MINOR: cli: make it possible to enter multiple values at once with "set table"
    - MINOR: payload: allow the payload sample fetches to retrieve arbitrary lengths
    - BUG/MINOR: cli: "clear table" must not kill entries that don't match condition
    - MINOR: ssl: use MAXPATHLEN instead of PATH_MAX
    - MINOR: config: warn when a server with no specific port uses rdp-cookie
    - BUG/MEDIUM: unique_id: HTTP request counter must be unique!
    - DOC: add a mention about the limited chunk size
    - BUG/MEDIUM: fix broken send_proxy on FreeBSD
    - MEDIUM: stick-tables: flush old entries upon soft-stop
    - MINOR: tcp: add new "close" action for tcp-response
    - MINOR: payload: provide the "res.len" fetch method
    - BUILD: add SSL_INC/SSL_LIB variables to force the path to openssl
    - MINOR: http: compute response time before processing headers
    - BUG/MINOR: acl: fix improper string size assignment in proxy argument
    - BUG/MEDIUM: http: accept full buffers on smp_prefetch_http
    - BUG/MINOR: acl: implicit arguments of ACL keywords were not properly resolved
    - BUG/MEDIUM: session: risk of crash on out of memory conditions
    - BUG/MINOR: peers: set the accept date in outgoing connections
    - BUG/MEDIUM: tcp: do not skip tracking rules on second pass
    - BUG/MEDIUM: acl: do not evaluate next terms after a miss
    - MINOR: acl: add a warning when an ACL keyword is used without any value
    - MINOR: tcp: don't use tick_add_ifset() when timeout is known to be set
    - BUG/MINOR: acl: remove patterns from the tree before freeing them
    - MEDIUM: backend: add support for the wt6 hash
    - OPTIM/MEDIUM: epoll: fuse active events into polled ones during polling changes
    - OPTIM/MINOR: mark the source address as already known on accept()
    - BUG/MINOR: stats: don't count tarpitted connections twice
    - CLEANUP: http: homogenize processing of denied req counter
    - CLEANUP: http: merge error handling for req* and http-request *
    - BUG/MEDIUM: http: fix possible parser crash when parsing erroneous "http-request redirect" rules
    - BUG/MINOR: http: fix build warning introduced with url32/url32_src
    - BUG/MEDIUM: checks: fix slow start regression after fix attempt
    - BUG/MAJOR: server: weight calculation fails for map-based algorithms
    - MINOR: stats: report correct throttling percentage for servers in slowstart
    - OPTIM: connection: fold the error handling with handshake handling
    - MINOR: peers: accept to learn strings of different lengths
    - BUG/MAJOR: fix haproxy crash when using server tracking instead of checks
    - BUG/MAJOR: check: fix haproxy crash during soft-stop/soft-start
    - BUG/MINOR: stats: do not report "via" on tracking servers in maintenance
    - BUG/MINOR: connection: fix typo in error message report
    - BUG/MINOR: backend: fix target address retrieval in transparent mode
    - BUG/MINOR: config: report the correct track-sc number in tcp-rules
    - BUG/MINOR: log: fix log-format parsing errors
    - DOC: add some information about how to apply converters to samples
    - MINOR: acl/pattern: use types different from int to clarify who does what.
    - MINOR: pattern: import acl_find_match_name() into pattern.h
    - MEDIUM: stick-tables: support automatic conversion from ipv4<->ipv6
    - MEDIUM: log-format: relax parsing of '%' followed by unsupported characters
    - BUG/MINOR: http: usual deinit stuff in last commit
    - BUILD: log: silent a warning about isblank() with latest patches
    - BUG/MEDIUM: checks: fix health check regression causing them to depend on declaration order
    - BUG/MEDIUM: checks: fix a long-standing issue with reporting connection errors
    - BUG/MINOR: checks: don't consider errno and use conn->err_code
    - BUG/MEDIUM: checks: also update the DRAIN state from the web interface
    - MINOR: stats: remove some confusion between the DRAIN state and NOLB
    - BUG/MINOR: tcp: check that no error is pending during a connect probe
    - BUG/MINOR: connection: check EINTR when sending a PROXY header
    - MEDIUM: connection: set the socket shutdown flags on socket errors
    - BUG/MEDIUM: acl: fix regression introduced by latest converters support
    - MINOR: connection: clear errno prior to checking for errors
    - BUG/MINOR: checks: do not trust errno in write event before any syscall
    - MEDIUM: checks: centralize error reporting
    - OPTIM: checks: don't poll on recv when using plain TCP connects
    - OPTIM: checks: avoid setting SO_LINGER twice
    - MINOR: tools: add a generic binary hex string parser
    - BUG/MEDIUM: checks: tcp-check: do not poll when there's nothing to send
    - BUG/MEDIUM: check: tcp-check might miss some outgoing data when socket buffers are full
    - BUG/MEDIUM: args: fix double free on error path in argument expression parser
    - BUG/MINOR: acl: fix sample expression error reporting
    - BUG/MINOR: checks: tcp-check actions are enums, not flags
    - MEDIUM: checks: make tcp-check perform multiple send() at once
    - BUG/MEDIUM: stick: completely remove the unused flag from the store entries
    - OPTIM: ebtree: pack the struct eb_node to avoid holes on 64-bit
    - BUG/MEDIUM: stick-tables: complete the latest fix about store-responses
    - CLEANUP: stream_interface: remove unused field err_loc
    - MEDIUM: stats: don't use conn->xprt_st anymore
    - MINOR: session: add a simple function to retrieve a session from a task
    - MEDIUM: stats: don't use conn->xprt_ctx anymore
    - MEDIUM: peers: don't rely on conn->xprt_ctx anymore
    - MINOR: http: prevent smp_fetch_url_{ip,port} from using si->conn
    - MINOR: connection: make it easier to emit proxy protocol for unknown addresses
    - MEDIUM: stats: prepare the HTTP stats I/O handler to support more states
    - MAJOR: stats: move the HTTP stats handling to its applet
    - MEDIUM: stats: move request argument processing to the final step
    - MEDIUM: session: detect applets from the session by using s->target
    - MAJOR: session: check for a connection to an applet in sess_prepare_conn_req()
    - MAJOR: session: pass applet return traffic through the response analysers
    - MEDIUM: stream-int: split the shutr/shutw functions between applet and conn
    - MINOR: stream-int: make the shutr/shutw functions void
    - MINOR: obj: provide a safe and an unsafe access to pointed objects
    - MINOR: connection: add a field to store an object type
    - MINOR: connection: always initialize conn->objt_type to OBJ_TYPE_CONN
    - MEDIUM: stream interface: move the peers' ptr into the applet context
    - MINOR: stream-interface: move the applet context to its own struct
    - MINOR: obj: introduce a new type appctx
    - MINOR: stream-int: rename ->applet to ->appctx
    - MINOR: stream-int: split si_prepare_embedded into si_prepare_none and si_prepare_applet
    - MINOR: stream-int: add a new pointer to the end point
    - MEDIUM: stream-interface: set the pointer to the applet into the applet context
    - MAJOR: stream interface: remove the ->release function pointer
    - MEDIUM: stream-int: make ->end point to the connection or the appctx
    - CLEANUP: stream-int: remove obsolete si_ctrl function
    - MAJOR: stream-int: stop using si->conn and use si->end instead
    - MEDIUM: stream-int: do not allocate a connection in parallel to applets
    - MEDIUM: session: attach incoming connection to target on embryonic sessions
    - MINOR: connection: add conn_init() to (re)initialize a connection
    - MINOR: checks: call conn_init() to properly initialize the connection.
    - MINOR: peers: make use of conn_init() to initialize the connection
    - MINOR: session: use conn_init() to initialize the connections
    - MINOR: http: use conn_init() to reinitialize the server connection
    - MEDIUM: connection: replace conn_prepare with conn_assign
    - MINOR: get rid of si_takeover_conn()
    - MINOR: connection: add conn_new() / conn_free()
    - MAJOR: connection: add two new flags to indicate readiness of control/transport
    - MINOR: stream-interface: introduce si_reset() and si_set_state()
    - MINOR: connection: reintroduce conn_prepare to set the protocol and transport
    - MINOR: connection: replace conn_assign with conn_attach
    - MEDIUM: stream-interface: introduce si_attach_conn to replace si_prepare_conn
    - MAJOR: stream interface: dynamically allocate the outgoing connection
    - MEDIUM: connection: move the send_proxy offset to the connection
    - MINOR: connection: check for send_proxy during the connect(), not the SI
    - MEDIUM: connection: merge the send_proxy and local_send_proxy calls
    - MEDIUM: stream-int: replace occurrences of si->appctx with si_appctx()
    - MEDIUM: stream-int: return the allocated appctx in stream_int_register_handler()
    - MAJOR: stream-interface: dynamically allocate the applet context
    - MEDIUM: session: automatically register the applet designated by the target
    - MEDIUM: stats: delay appctx initialization
    - CLEANUP: peers: use less confusing state/status code names
    - MEDIUM: peers: delay appctx initialization
    - MINOR: stats: provide some appctx information in "show sess all"
    - DIET/MINOR: obj: pack the obj_type enum to 8 bits
    - DIET/MINOR: connection: rearrange a few fields to save 8 bytes in the struct
    - DIET/MINOR: listener: rearrange a few fields in struct listener to save 16 bytes
    - DIET/MINOR: proxy: rearrange a few fields in struct proxy to save 16 bytes
    - DIET/MINOR: session: reduce the struct session size by 8 bytes
    - DIET/MINOR: stream-int: rearrange a few fields in struct stream_interface to save 8 bytes
    - DIET/MINOR: http: reduce the size of struct http_txn by 8 bytes
    - MINOR: http: switch the http state to an enum
    - MINOR: http: use an enum for the auth method in http_auth_data
    - DIET/MINOR: task: reduce struct task size by 8 bytes
    - MINOR: stream_interface: add reporting of ressouce allocation errors
    - MINOR: session: report lack of resources using the new stream-interface's error code
    - BUILD: simplify the date and version retrieval in the makefile
    - BUILD: prepare the makefile to skip format lines in SUBVERS and VERDATE
    - BUILD: use format tags in VERDATE and SUBVERS files
    - BUG/MEDIUM: channel:  bo_getline() must wait for \n until buffer is full
    - CLEANUP: check: server port is unsigned
    - BUG/MEDIUM: checks: agent doesn't get the response if server does not closes
    - MINOR: tools: buf2ip6 must not modify output on failure
    - MINOR: pattern: do not assign SMP_TYPES by default to patterns
    - MINOR: sample: make sample_parse_expr() use memprintf() to report parse errors
    - MINOR: arg: improve wording on error reporting
    - BUG/MEDIUM: sample: simplify and fix the argument parsing
    - MEDIUM: acl: fix the argument parser to let the lower layer report detailed errors
    - MEDIUM: acl: fix the initialization order of the ACL expression
    - CLEANUP: acl: remove useless blind copy-paste from sample converters
    - TESTS: add regression tests for ACL and sample expression parsers
    - BUILD: time: adapt the type of TV_ETERNITY to the local system
    - MINOR: chunks: allocate the trash chunks before parsing the config
    - BUILD: definitely silence some stupid GCC warnings
    - MINOR: chunks: always initialize the output chunk in get_trash_chunk()
    - MINOR: checks: improve handling of the servers tracking chain
    - REORG: checks: retrieve the check-specific defines from server.h to checks.h
    - MINOR: checks: use an enum instead of flags to report a check result
    - MINOR: checks: rename the state flags
    - MINOR: checks: replace state DISABLED with CONFIGURED and ENABLED
    - MINOR: checks: use check->state instead of srv->state & SRV_CHECKED
    - MINOR: checks: fix agent check interval computation
    - MINOR: checks: add a PAUSED state for the checks
    - MINOR: checks: create the agent tasks even when no check is configured
    - MINOR: checks: add a flag to indicate what check is an agent
    - MEDIUM: checks: enable agent checks even if health checks are disabled
    - BUG/MEDIUM: checks: ensure we can enable a server after boot
    - BUG/MEDIUM: checks: tracking servers must not inherit the MAINT flag
    - BUG/MAJOR: session: repair tcp-request connection rules
    - BUILD: fix SUBVERS extraction in the Makefile
    - BUILD: pattern: silence a warning about uninitialized value
    - BUILD: log: fix build warning on Solaris
    - BUILD: dumpstats: fix build error on Solaris
    - DOC: move option pgsql-check to the correct place
    - DOC: move option tcp-check to the proper place
    - MINOR: connection: add simple functions to report connection readiness
    - MEDIUM: connection: centralize handling of nolinger in fd management
    - OPTIM: http: set CF_READ_DONTWAIT on response message
    - OPTIM: http: do not re-enable reading on client side while closing the server side
    - MINOR: config: add option http-keep-alive
    - MEDIUM: connection: inform si_alloc_conn() whether existing conn is OK or not
    - MAJOR: stream-int: handle the connection reuse in si_connect()
    - MAJOR: http: add the keep-alive transition on the server side
    - MAJOR: backend: enable connection reuse
    - MINOR: http: add option prefer-last-server
    - MEDIUM: http: do not report connection errors for second and further requests
2013-12-16 02:32:37 +01:00
Willy Tarreau
eab1dc6234 [RELEASE] Released version 1.5-dev19
Released version 1.5-dev19 with the following main changes :
    - MINOR: stats: remove the autofocus on the scope input field
    - BUG/MEDIUM: Fix crt-list file parsing error: filtered name was ignored.
    - BUG/MEDIUM: ssl: EDH ciphers are not usable if no DH parameters present in pem file.
    - BUG/MEDIUM: shctx: makes the code independent on SSL runtime version.
    - MEDIUM: ssl: improve crt-list format to support negation
    - BUG: ssl: fix crt-list for clients not supporting SNI
    - MINOR: stats: show soft-stopped servers in different color
    - BUG/MINOR: config: "source" does not work in defaults section
    - BUG: regex: fix pcre compile error when using JIT
    - MINOR: ssl: add pattern fetch 'ssl_c_sha1'
    - BUG: ssl: send payload gets corrupted if tune.ssl.maxrecord is used
    - MINOR: show PCRE version and JIT status in -vv
    - BUG/MINOR: jit: don't rely on USE flag to detect support
    - DOC: readme: add suggestion to link against static openssl
    - DOC: examples: provide simplified ssl configuration
    - REORG: tproxy: prepare the transparent proxy defines for accepting other OSes
    - MINOR: tproxy: add support for FreeBSD
    - MINOR: tproxy: add support for OpenBSD
    - DOC: examples: provide an example of transparent proxy configuration for FreeBSD 8
    - CLEANUP: fix minor typo in error message.
    - CLEANUP: fix missing include <string.h> in proto/listener.h
    - CLEANUP: protect checks.h from multiple inclusions
    - MINOR: compression: acl "res.comp" and fetch "res.comp_algo"
    - BUG/MINOR: http: add-header/set-header did not accept the ACL condition
    - BUILD: mention in the Makefile that USE_PCRE_JIT is for libpcre >= 8.32
    - BUG/MEDIUM: splicing is broken since 1.5-dev12
    - BUG/MAJOR: acl: add implicit arguments to the resolve list
    - BUG/MINOR: tcp: fix error reporting for TCP rules
    - CLEANUP: peers: remove a bit of spaghetti to prepare for the next bugfix
    - MINOR: stick-table: allow to allocate an entry without filling it
    - BUG/MAJOR: peers: fix an overflow when syncing strings larger than 16 bytes
    - MINOR: session: only call http_send_name_header() when changing the server
    - MINOR: tcp: report the erroneous word in tcp-request track*
    - BUG/MAJOR: backend: consistent hash can loop forever in certain circumstances
    - BUG/MEDIUM: log: fix regression on log-format handling
    - MEDIUM: log: report file name, line number, and directive name with log-format errors
    - BUG/MINOR: cli: "clear table" did not work anymore without a key
    - BUG/MINOR: cli: "clear table xx data.xx" does not work anymore
    - BUG/MAJOR: http: compression still has defects on chunked responses
    - BUG/MINOR: stats: fix confirmation links on the stats interface
    - BUG/MINOR: stats: the status bar does not appear anymore after a change
    - BUG/MEDIUM: stats: allocate the stats frontend also on "stats bind-process"
    - BUG/MEDIUM: stats: fix a regression when dealing with POST requests
    - BUG/MINOR: fix unterminated ACL array in compression
    - BUILD: last fix broke non-linux platforms
    - MINOR: init: indicate the SSL runtime version on -vv.
    - BUG/MEDIUM: compression: the deflate algorithm must use global settings as well
    - BUILD: stdbool is not portable (again)
    - DOC: readme: add a small reminder about restrictions to respect in the code
    - MINOR: ebtree: add new eb_next_dup/eb_prev_dup() functions to visit duplicates
    - BUG/MINOR: acl: fix a double free during exit when using PCRE_JIT
    - DOC: fix wrong copy-paste in the rspdel example
    - MINOR: counters: make it easier to extend the amount of tracked counters
    - MEDIUM: counters: add support for tracking a third counter
    - MEDIUM: counters: add a new "gpc0_rate" counter in stick-tables
    - BUG/MAJOR: http: always ensure response buffer has some room for a response
    - MINOR: counters: add fetch/acl sc*_tracked to indicate whether a counter is tracked
    - MINOR: defaults: allow REQURI_LEN and CAPTURE_LEN to be redefined
    - MINOR: log: add a new flag 'L' for locally processed requests
    - MINOR: http: add full-length header fetch methods
    - MEDIUM: protocol: implement a "drain" function in protocol layers
    - MEDIUM: http: add a new "http-response" ruleset
    - MEDIUM: http: add the "set-nice" action to http-request and http-response
    - MEDIUM: log: add a log level override value in struct session
    - MEDIUM: http: add support for action "set-log-level" in http-request/http-response
    - MEDIUM: http: add support for "set-tos" in http-request/http-response
    - MEDIUM: http: add the "set-mark" action on http-request/http-response rules
    - MEDIUM: tcp: add "tcp-request connection expect-proxy layer4"
    - MEDIUM: acl: automatically detect the type of certain fetches
    - MEDIUM: acl: remove a lot of useless ACLs that are equivalent to their fetches
    - MEDIUM: acl: remove 15 additional useless ACLs that are equivalent to their fetches
    - DOC: major reorg of ACL + sample fetch
    - CLEANUP: http: remove the bogus urlp_ip ACL match
    - MINOR: acl: add the new "env()" fetch method to retrieve an environment variable
    - BUG/MINOR: acl: correctly consider boolean fetches when doing casts
    - BUG/CRITICAL: fix a possible crash when using negative header occurrences
    - DOC: update ROADMAP file
    - MEDIUM: counters: use sc0/sc1/sc2 instead of sc1/sc2/sc3
    - MEDIUM: stats: add proxy name filtering on the statistic page
2013-06-17 15:10:25 +02:00
Willy Tarreau
289dd92a64 [RELEASE] Released version 1.5-dev18
Released version 1.5-dev18 with the following main changes :
    - DOCS: Add explanation of intermediate certs to crt paramater
    - DOC: typo and minor fixes in compression paragraph
    - MINOR: config: http-request configuration error message misses new keywords
    - DOC: minor typo fix in documentation
    - BUG/MEDIUM: ssl: ECDHE ciphers not usable without named curve configured.
    - MEDIUM: ssl: add bind-option "strict-sni"
    - MEDIUM: ssl: add mapping from SNI to cert file using "crt-list"
    - MEDIUM: regex: Use PCRE JIT in acl
    - DOC: simplify bind option "interface" explanation
    - DOC: tfo: bump required kernel to linux-3.7
    - BUILD: add explicit support for TFO with USE_TFO
    - MEDIUM: New cli option -Ds for systemd compatibility
    - MEDIUM: add haproxy-systemd-wrapper
    - MEDIUM: add systemd service
    - BUG/MEDIUM: systemd-wrapper: don't leak zombie processes
    - BUG/MEDIUM: remove supplementary groups when changing gid
    - BUG/MEDIUM: config: fix parser crash with bad bind or server address
    - BUG/MINOR: Correct logic in cut_crlf()
    - CLEANUP: checks: Make desc argument to set_server_check_status const
    - CLEANUP: dumpstats: Make cli_release_handler() static
    - MEDIUM: server: Break out set weight processing code
    - MEDIUM: server: Allow relative weights greater than 100%
    - MEDIUM: server: Tighten up parsing of weight string
    - MEDIUM: checks: Add agent health check
    - BUG/MEDIUM: ssl: openssl 0.9.8 doesn't open /dev/random before chroot
    - BUG/MINOR: time: frequency counters are not totally accurate
    - BUG/MINOR: http: don't process abortonclose when request was sent
    - BUG/MEDIUM: stream_interface: don't close outgoing connections on shutw()
    - BUG/MEDIUM: checks: ignore late resets after valid responses
    - DOC: fix bogus recommendation on usage of gpc0 counter
    - BUG/MINOR: http-compression: lookup Cache-Control in the response, not the request
    - MINOR: signal: don't block SIGPROF by default
    - OPTIM: epoll: make use of EPOLLRDHUP
    - OPTIM: splice: detect shutdowns and avoid splice() == 0
    - OPTIM: splice: assume by default that splice is working correctly
    - BUG/MINOR: log: temporary fix for lost SSL info in some situations
    - BUG/MEDIUM: peers: only the last peers section was used by tables
    - BUG/MEDIUM: config: verbosely reject peers sections with multiple local peers
    - BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait()
    - BUG/MINOR: config: fix improper check for failed memory alloc in ACL parser
    - BUG/MINOR: config: free peer's address when exiting upon parsing error
    - BUG/MINOR: config: check the proper variable when parsing log minlvl
    - BUG/MEDIUM: checks: ensure the health_status is always within bounds
    - BUG/MINOR: cli: show sess should always validate s->listener
    - BUG/MINOR: log: improper NULL return check on utoa_pad()
    - CLEANUP: http: remove a useless null check
    - CLEANUP: tcp/unix: remove useless NULL check in {tcp,unix}_bind_listener()
    - BUG/MEDIUM: signal: signal handler does not properly check for signal bounds
    - BUG/MEDIUM: tools: off-by-one in quote_arg()
    - BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage
    - BUG/MINOR: unix: remove the 'level' field from the ux struct
    - CLEANUP: http: don't try to deinitialize http compression if it fails before init
    - CLEANUP: config: slowstart is never negative
    - CLEANUP: config: maxcompcpuusage is never negative
    - BUG/MEDIUM: log: emit '-' for empty fields again
    - BUG/MEDIUM: checks: fix a race condition between checks and observe layer7
    - BUILD: fix a warning emitted by isblank() on non-c99 compilers
    - BUILD: improve the makefile's support for libpcre
    - MEDIUM: halog: add support for counting per source address (-ic)
    - MEDIUM: tools: make str2sa_range support all address syntaxes
    - MEDIUM: config: make use of str2sa_range() instead of str2sa()
    - MEDIUM: config: use str2sa_range() to parse server addresses
    - MEDIUM: config: use str2sa_range() to parse peers addresses
    - MINOR: tests: add a config file to ease address parsing tests.
    - MINOR: ssl: add a global tunable for the max SSL/TLS record size
    - BUG/MINOR: syscall: fix NR_accept4 system call on sparc/linux
    - BUILD/MINOR: syscall: add definition of NR_accept4 for ARM
    - MINOR: config: report missing peers section name
    - BUG/MEDIUM: tools: fix bad character handling in str2sa_range()
    - BUG/MEDIUM: stats: never apply "unix-bind prefix" to the global stats socket
    - MINOR: tools: prepare str2sa_range() to return an error message
    - BUG/MEDIUM: checks: don't call connect() on unsupported address families
    - MINOR: tools: prepare str2sa_range() to accept a prefix
    - MEDIUM: tools: make str2sa_range() parse unix addresses too
    - MEDIUM: config: make str2listener() use str2sa_range() to parse unix addresses
    - MEDIUM: config: use a single str2sa_range() call to parse bind addresses
    - MEDIUM: config: use str2sa_range() to parse log addresses
    - CLEANUP: tools: remove str2sun() which is not used anymore.
    - MEDIUM: config: add complete support for str2sa_range() in dispatch
    - MEDIUM: config: add complete support for str2sa_range() in server addr
    - MEDIUM: config: add complete support for str2sa_range() in 'server'
    - MEDIUM: config: add complete support for str2sa_range() in 'peer'
    - MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc'
    - CLEANUP: minor cleanup in str2sa_range() and str2ip()
    - CLEANUP: config: do not use multiple errmsg at once
    - MEDIUM: tools: support specifying explicit address families in str2sa_range()
    - MAJOR: listener: support inheriting a listening fd from the parent
    - MAJOR: tools: support environment variables in addresses
    - BUG/MEDIUM: http: add-header should not emit "-" for empty fields
    - BUG/MEDIUM: config: ACL compatibility check on "redirect" was wrong
    - BUG/MEDIUM: http: fix another issue caused by http-send-name-header
    - DOC: mention the new HTTP 307 and 308 redirect statues
    - MEDIUM: poll: do not use FD_* macros anymore
    - BUG/MAJOR: ev_select: disable the select() poller if maxsock > FD_SETSIZE
    - BUG/MINOR: acl: ssl_fc_{alg,use}_keysize must parse integers, not strings
    - BUG/MINOR: acl: ssl_c_used, ssl_fc{,_has_crt,_has_sni} take no pattern
    - BUILD: fix usual isdigit() warning on solaris
    - BUG/MEDIUM: tools: vsnprintf() is not always reliable on Solaris
    - OPTIM: buffer: remove one jump in buffer_count()
    - OPTIM: http: improve branching in chunk size parser
    - OPTIM: http: optimize the response forward state machine
    - BUILD: enable poll() by default in the makefile
    - BUILD: add explicit support for Mac OS/X
    - BUG/MAJOR: http: use a static storage for sample fetch context
    - BUG/MEDIUM: ssl: improve error processing and reporting in ssl_sock_load_cert_list_file()
    - BUG/MAJOR: http: fix regression introduced by commit a890d072
    - BUG/MAJOR: http: fix regression introduced by commit d655ffe
    - BUG/CRITICAL: using HTTP information in tcp-request content may crash the process
    - MEDIUM: acl: remove flag ACL_MAY_LOOKUP which is improperly used
    - MEDIUM: samples: use new flags to describe compatibility between fetches and their usages
    - MINOR: log: indicate it when some unreliable sample fetches are logged
    - MEDIUM: samples: move payload-based fetches and ACLs to their own file
    - MINOR: backend: rename sample fetch functions and declare the sample keywords
    - MINOR: frontend: rename sample fetch functions and declare the sample keywords
    - MINOR: listener: rename sample fetch functions and declare the sample keywords
    - MEDIUM: http: unify acl and sample fetch functions
    - MINOR: session: rename sample fetch functions and declare the sample keywords
    - MAJOR: acl: make all ACLs reference the fetch function via a sample.
    - MAJOR: acl: remove the arg_mask from the ACL definition and use the sample fetch's
    - MAJOR: acl: remove fetch argument validation from the ACL struct
    - MINOR: http: add new direction-explicit sample fetches for headers and cookies
    - MINOR: payload: add new direction-explicit sample fetches
    - CLEANUP: acl: remove ACL hooks which were never used
    - MEDIUM: proxy: remove acl_requires and just keep a flag "http_needed"
    - MINOR: sample: provide a function to report the name of a sample check point
    - MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires
    - CLEANUP: acl: remove unused references to ACL_USE_*
    - MINOR: http: replace acl_parse_ver with acl_parse_str
    - MEDIUM: acl: move the ->parse, ->match and ->smp fields to acl_expr
    - MAJOR: acl: add option -m to change the pattern matching method
    - MINOR: acl: remove the use_count in acl keywords
    - MEDIUM: acl: have a pointer to the keyword name in acl_expr
    - MEDIUM: acl: support using sample fetches directly in ACLs
    - MEDIUM: http: remove val_usr() to validate user_lists
    - MAJOR: sample: maintain a per-proxy list of the fetch args to resolve
    - MINOR: ssl: add support for the "alpn" bind keyword
    - MINOR: http: status code 303 is HTTP/1.1 only
    - MEDIUM: http: implement redirect 307 and 308
    - MINOR: http: status 301 should not be marked non-cacheable
2013-04-03 02:26:31 +02:00
Willy Tarreau
a3ecbd9023 [RELEASE] Released version 1.5-dev17
Released version 1.5-dev17 with the following main changes :
    - MINOR: ssl: Setting global tune.ssl.cachesize value to 0 disables SSL session cache.
    - BUG/MEDIUM: stats: fix stats page regression introduced by commit 20b0de5
    - BUG/MINOR: stats: last fix was still wrong
    - BUG/MINOR: stats: http-request rules still don't cope with stats
    - BUG/MINOR: http: http-request add-header emits a corrupted header
    - BUG/MEDIUM: stats: disable request analyser when processing POST or HEAD
    - BUG/MINOR: log: make log-format, unique-id-format and add-header more independant
    - BUILD: log: unused variable svid
    - CLEANUP: http: rename the misleading http_check_access_rule
    - MINOR: http: move redirect rule processing to its own function
    - REORG: config: move the http redirect rule parser to proto_http.c
    - MEDIUM: http: add support for "http-request redirect" rules
    - MEDIUM: http: add support for "http-request tarpit" rule
2012-12-28 15:04:05 +01:00
Willy Tarreau
69eda35acd [RELEASE] Released version 1.5-dev16
Released version 1.5-dev16 with the following main changes :
    - BUG/MEDIUM: ssl: Prevent ssl error from affecting other connections.
    - BUG/MINOR: ssl: error is not reported if it occurs simultaneously with peer close detection.
    - MINOR: ssl: add fetch and acl "ssl_c_used" to check if current SSL session uses a client certificate.
    - MINOR: contrib: make the iprange tool grep for addresses
    - CLEANUP: polling: gcc doesn't always optimize constants away
    - OPTIM: poll: optimize fd management functions for low register count CPUs
    - CLEANUP: poll: remove a useless double-check on fdtab[fd].owner
    - OPTIM: epoll: use a temp variable for intermediary flag computations
    - OPTIM: epoll: current fd does not count as a new one
    - BUG/MINOR: poll: the I/O handler was called twice for polled I/Os
    - MINOR: http: make resp_ver and status ACLs check for the presence of a response
    - BUG/MEDIUM: stream-interface: fix possible stalls during transfers
    - BUG/MINOR: stream_interface: don't return when the fd is already set
    - BUG/MEDIUM: connection: always update connection flags prior to computing polling
    - CLEANUP: buffer: use buffer_empty() instead of buffer_len()==0
    - BUG/MAJOR: stream_interface: fix occasional data transfer freezes
    - BUG/MEDIUM: stream_interface: fix another case where the reader might not be woken up
    - BUG/MINOR: http: don't abort client connection on premature responses
    - BUILD: no need to clean up when making git-tar
    - MINOR: log: add a tag for amount of bytes uploaded from client to server
    - BUG/MEDIUM: log: fix possible segfault during config parsing
    - MEDIUM: log: change a few log tokens to make them easier to remember
    - BUG/MINOR: log: add_to_logformat_list() used the wrong constants
    - MEDIUM: log-format: make the format parser more robust and more extensible
    - MINOR: sample: support cast from bool to string
    - MINOR: samples: add a function to fetch and convert any sample to a string
    - MINOR: log: add lf_text_len
    - MEDIUM: log: add the ability to include samples in logs
    - REORG: stats: massive code reorg and cleanup
    - REORG: stats: move the HTTP header injection to proto_http
    - REORG: stats: functions are now HTTP/CLI agnostic
    - BUG/MINOR: log: fix regression introduced by commit 8a3f52
    - MINOR: chunks: centralize the trash chunk allocation
    - MEDIUM: stats: use hover boxes instead of title to report details
    - MEDIUM: stats: use multi-line tips to display detailed counters
    - MINOR: tools: simplify the use of the int to ascii macros
    - MINOR: stats: replace STAT_FMT_CSV with STAT_FMT_HTML
    - MINOR: http: prepare to support more http-request actions
    - MINOR: log: make parse_logformat_string() take a const char *
    - MEDIUM: http: add http-request 'add-header' and 'set-header' to build headers
2012-12-24 16:48:14 +01:00
Willy Tarreau
0cae4b3218 [RELEASE] Released version 1.5-dev15
Released version 1.5-dev15 with the following main changes :
    - DOC: add a few precisions on compression
    - BUG/MEDIUM: ssl: Fix handshake failure on session resumption with client cert.
    - BUG/MINOR: ssl: One free session in cache remains unused.
    - BUG/MEDIUM: ssl: first outgoing connection would fail with {ca,crt}-ignore-err
    - MEDIUM: ssl: manage shared cache by blocks for huge sessions.
    - MINOR: acl: add fetch for server session rate
    - BUG/MINOR: compression: Content-Type is case insensitive
    - MINOR: compression: disable on multipart or status != 200
    - BUG/MINOR: http: don't report client aborts as server errors
    - MINOR: stats: compute the ratio of compressed response based on 2xx responses
    - MINOR: http: factor out the content-type checks
    - BUG/MAJOR: stats: correctly check for a possible divide error when showing compression ratios
    - BUILD: ssl: OpenSSL 0.9.6 has no renegociation
    - BUG/MINOR: http: disable compression when message has no body
    - MINOR: compression: make the stats a bit more robust
    - BUG/MEDIUM: comp: DEFAULT_MAXZLIBMEM was expressed in bytes and not megabytes
    - MINOR: connection: don't remove failed handshake flags
    - MEDIUM: connection: add an error code in connections
    - MEDIUM: connection: add minimal error reporting in logs for incomplete connections
    - MEDIUM: connection: add error reporting for the PROXY protocol header
    - MEDIUM: connection: add error reporting for the SSL
    - DOC: document the connection error format in logs
    - BUG/MINOR: http: don't log a 503 on client errors while waiting for requests
    - BUILD: stdbool is not portable
    - BUILD: ssl: NAME_MAX is not portable, use MAXPATHLEN instead
    - BUG/MAJOR: raw_sock: must check error code on hangup
    - BUG/MAJOR: polling: do not set speculative events on ERR nor HUP
    - BUG/MEDIUM: session: fix FD leak when transport layer logging is enabled
    - MINOR: stats: add a few more information on session dump
    - BUG/MINOR: tcp: set the ADDR_TO_SET flag on outgoing connections
    - CLEANUP: connection: remove unused server/proxy/task/si_applet declarations
    - BUG/MEDIUM: tcp: process could theorically crash on lack of source ports
    - MINOR: cfgparse: mention "interface" in the list of allowed "source" options
    - MEDIUM: connection: introduce "struct conn_src" for servers and proxies
    - CLEANUP: proto_tcp: use the same code to bind servers and backends
    - CLEANUP: backend: use the same tproxy address selection code for servers and backends
    - BUG/MEDIUM: stick-tables: conversions to strings were broken in dev13
    - MEDIUM: proto_tcp: add support for tracking L7 information
    - MEDIUM: counters: add sc1_trackers/sc2_trackers
    - MINOR: http: add the "base32" pattern fetch function
    - MINOR: http: add the "base32+src" fetch method.
    - CLEANUP: session: use an array for the stick counters
    - BUG/MINOR: proto_tcp: fix parsing of "table" in track-sc1/2
    - BUG/MINOR: proto_tcp: bidirectional fetches not supported anymore in track-sc1/2
    - BUG/MAJOR: connection: always recompute polling status upon I/O
    - BUG/MINOR: connection: remove a few synchronous calls to polling updates
    - MINOR: config: improve error checking on TCP stick-table tracking
    - DOC: add some clarifications to the readme
2012-12-12 00:39:52 +01:00
Willy Tarreau
fee48ce452 [RELEASE] Released version 1.5-dev14
Released version 1.5-dev14 with the following main changes :
    - DOC: fix minor typos
    - BUG/MEDIUM: compression: does not forward trailers
    - MINOR: buffer_dump with ASCII
    - BUG/MEDIUM: checks: mark the check as stopped after a connect error
    - BUG/MEDIUM: checks: ensure we completely disable polling upon success
    - BUG/MINOR: checks: don't mark the FD as closed before transport close
    - MEDIUM: checks: avoid accumulating TIME_WAITs during checks
    - MINOR: cli: report the msg state in full text in "show sess $PTR"
    - CLEANUP: checks: rename some server check flags
    - MAJOR: checks: rework completely bogus state machine
    - BUG/MINOR: checks: slightly clean the state machine up
    - MEDIUM: checks: avoid waking the application up for pure TCP checks
    - MEDIUM: checks: close the socket as soon as we have a response
    - BUG/MAJOR: checks: close FD on all timeouts
    - MINOR: checks: fix recv polling after connect()
    - MEDIUM: connection: provide a common conn_full_close() function
    - BUG/MEDIUM: checks: prevent TIME_WAITs from appearing also on timeouts
    - BUG/MAJOR: peers: the listener's maxaccept was not set and caused loops
    - MINOR: listeners: make the accept loop more robust when maxaccept==0
    - BUG/MEDIUM: acl: correctly resolve all args, not just the first one
    - BUG/MEDIUM: acl: make prue_acl_expr() correctly free ACL expressions upon exit
    - BUG/MINOR: stats: fix inversion of the report of a check in progress
    - MEDIUM: tcp: add explicit support for delayed ACK in connect()
    - BUG/MEDIUM: connection: always disable polling upon error
    - MINOR: connection: abort earlier when errors are detected
    - BUG/MEDIUM: checks: report handshake failures
    - BUG/MEDIUM: connection: local_send_proxy must wait for connection to establish
    - MINOR: tcp: add support for the "v6only" bind option
    - MINOR: stats: also report the computed compression savings in html stats
    - MINOR: stats: report the total number of compressed responses per front/back
    - MINOR: tcp: add support for the "v4v6" bind option
    - DOC: stats: document the comp_rsp stats column
    - BUILD: buffer: fix another isprint() warning on solaris
    - MINOR: cli: add support for the "show sess all" command
    - BUG/MAJOR: cli: show sess <id> may randomly corrupt the back-ref list
    - MINOR: cli: improve output format for show sess $ptr
2012-11-26 03:11:05 +01:00
Willy Tarreau
ad15d127a7 [RELEASE] Released version 1.5-dev13
Released version 1.5-dev13 with the following main changes :
    - BUILD: fix build issue without USE_OPENSSL
    - BUILD: fix compilation error with DEBUG_FULL
    - DOC: ssl: remove prefer-server-ciphers documentation
    - DOC: ssl: surround keywords with quotes
    - DOC: fix minor typo on http-send-name-header
    - BUG/MEDIUM: acls using IPv6 subnets patterns incorrectly match IPs
    - BUG/MAJOR: fix a segfault on option http_proxy and url_ip acl
    - MEDIUM: http: accept IPv6 values with (s)hdr_ip acl
    - BUILD: report zlib support in haproxy -vv
    - DOC: compression: add some details and clean up the formatting
    - DOC: Change is_ssl acl to ssl_fc acl in example
    - DOC: make it clear what the HTTP request size is
    - MINOR: ssl: try to load Diffie-Hellman parameters from cert file
    - DOC: ssl: update 'crt' statement on 'bind' about Diffie-Hellman parameters loading
    - MINOR: ssl: add elliptic curve Diffie-Hellman support for ssl key generation
    - DOC: ssl: add 'ecdhe' statement on 'bind'
    - MEDIUM: ssl: add client certificate authentication support
    - DOC: ssl: add 'verify', 'cafile' and 'crlfile' statements on 'bind'
    - MINOR: ssl: add fetch and ACL 'client_crt' to test a client cert is present
    - DOC: ssl: add fetch and ACL 'client_cert'
    - MINOR: ssl: add ignore verify errors options
    - DOC: ssl: add 'ca-ignore-err' and 'crt-ignore-err' statements on 'bind'
    - MINOR: ssl: add fetch and ACL 'ssl_verify_result'
    - DOC: ssl: add fetch and ACL 'ssl_verify_result'
    - MINOR: ssl: add fetches and ACLs to return verify errors
    - DOC: ssl: add fetches and ACLs 'ssl_verify_crterr', 'ssl_verify_caerr', and 'ssl_verify_crterr_depth'
    - MINOR: ssl: disable shared memory and locks on session cache if nbproc == 1
    - MINOR: ssl: add build param USE_PRIVATE_CACHE to build cache without shared memory
    - MINOR: ssl : add statements 'notlsv11' and 'notlsv12' and rename 'notlsv1' to 'notlsv10'.
    - DOC: ssl : add statements 'notlsv11' and 'notlsv12' and rename 'notlsv1' to 'notlsv10'.
    - MEDIUM: config: authorize frontend and listen without bind.
    - MINOR: ssl: add statement 'no-tls-tickets' on bind to disable stateless session resumption
    - DOC: ssl: add 'no-tls-tickets' statement documentation.
    - BUG/MINOR: ssl: Fix CRL check was not enabled when crlfile was specified.
    - BUG/MINOR: build: Fix compilation issue on openssl 0.9.6 due to missing CRL feature.
    - BUG/MINOR: conf: Fix 'maxsslconn' statement error if built without OPENSSL.
    - BUG/MINOR: build: Fix failure with USE_OPENSSL=1 and USE_FUTEX=1 on archs i486 and i686.
    - MINOR: ssl: remove prefer-server-ciphers statement and set it as the default on ssl listeners.
    - BUG/MEDIUM: ssl: subsequent handshakes fail after server configuration changes
    - MINOR: ssl: add 'crt-base' and 'ca-base' global statements.
    - MEDIUM: conf: rename 'nosslv3' and 'notlsvXX' statements 'no-sslv3' and 'no-tlsvXX'.
    - MEDIUM: conf: rename 'cafile' and 'crlfile' statements 'ca-file' and 'crl-file'
    - MINOR: ssl: use bit fields to  store ssl options instead of one int each
    - MINOR: ssl: add 'force-sslv3' and 'force-tlsvXX' statements on bind.
    - MINOR: ssl: add 'force-sslv3' and 'force-tlsvXX' statements on server
    - MINOR: ssl: add defines LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS.
    - BUG/MINOR: ssl: Fix issue on server statements 'no-tls*' and 'no-sslv3'
    - MINOR: ssl: move ssl context init for servers from cfgparse.c to ssl_sock.c
    - MEDIUM: ssl: reject ssl server keywords in default-server statement
    - MINOR: ssl: add statement 'no-tls-tickets' on server side.
    - MINOR: ssl: add statements 'verify', 'ca-file' and 'crl-file' on servers.
    - DOC: Fix rename of options cafile and crlfile to ca-file and crl-file.
    - MINOR: sample: manage binary to string type convertion in stick-table and samples.
    - MINOR: acl: add parse and match primitives to use binary type on ACLs
    - MINOR: sample: export 'sample_get_trash_chunk(void)'
    - MINOR: conf: rename all ssl modules fetches using prefix 'ssl_fc' and 'ssl_c'
    - MINOR: ssl: add pattern and ACLs fetches 'ssl_fc_protocol', 'ssl_fc_cipher', 'ssl_fc_use_keysize' and 'ssl_fc_alg_keysize'
    - MINOR: ssl: add pattern fetch 'ssl_fc_session_id'
    - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_version' and 'ssl_f_version'
    - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_s_dn', 'ssl_c_i_dn', 'ssl_f_s_dn' and 'ssl_c_i_dn'
    - MINOR: ssl: add pattern and ACLs 'ssl_c_sig_alg' and 'ssl_f_sig_alg'
    - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_key_alg' and 'ssl_f_key_alg'
    - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_notbefore', 'ssl_c_notafter', 'ssl_f_notbefore' and 'ssl_f_notafter'
    - MINOR: ssl: add 'crt' statement on server.
    - MINOR: ssl: checks the consistency of a private key with the corresponding certificate
    - BUG/MEDIUM: ssl: review polling on reneg.
    - BUG/MEDIUM: ssl: Fix some reneg cases not correctly handled.
    - BUG/MEDIUM: ssl: Fix sometimes reneg fails if requested by server.
    - MINOR: build: allow packagers to specify the ssl cache size
    - MINOR: conf: add warning if ssl is not enabled and a certificate is present on bind.
    - MINOR: ssl: Add tune.ssl.lifetime statement in global.
    - MINOR: compression: Enable compression for IE6 w/SP2, IE7 and IE8
    - BUG: http: revert broken optimisation from 82fe75c1a7
    - DOC: duplicate ssl_sni section
    - MEDIUM: HTTP compression (zlib library support)
    - CLEANUP: use struct comp_ctx instead of union
    - BUILD: remove dependency to zlib.h
    - MINOR: compression: memlevel and windowsize
    - MEDIUM: use pool for zlib
    - MINOR: compression: try init in cfgparse.c
    - MINOR: compression: init before deleting headers
    - MEDIUM: compression: limit RAM usage
    - MINOR: compression: tune.comp.maxlevel
    - MINOR: compression: maximum compression rate limit
    - MINOR: log-format: check number of arguments in cfgparse.c
    - BUG/MEDIUM: compression: no Content-Type header but type in configuration
    - BUG/MINOR: compression: deinit zlib only when required
    - MEDIUM: compression: don't compress when no data
    - MEDIUM: compression: use pool for comp_ctx
    - MINOR: compression: rate limit in 'show info'
    - MINOR: compression: report zlib memory usage
    - BUG/MINOR: compression: dynamic level increase
    - DOC: compression: unsupported cases.
    - MINOR: compression: CPU usage limit
    - MEDIUM: http: add "redirect scheme" to ease HTTP to HTTPS redirection
    - BUG/MAJOR: ssl: missing tests in ACL fetch functions
    - MINOR: config: add a function to indent error messages
    - REORG: split "protocols" files into protocol and listener
    - MEDIUM: config: replace ssl_conf by bind_conf
    - CLEANUP: listener: remove unused conf->file and conf->line
    - MEDIUM: listener: add a minimal framework to register "bind" keyword options
    - MEDIUM: config: move the "bind" TCP parameters to proto_tcp
    - MEDIUM: move bind SSL parsing to ssl_sock
    - MINOR: config: improve error reporting for "bind" lines
    - MEDIUM: config: move the common "bind" settings to listener.c
    - MEDIUM: config: move all unix-specific bind keywords to proto_uxst.c
    - MEDIUM: config: enumerate full list of registered "bind" keywords upon error
    - MINOR: listener: add a scope field in the bind keyword lists
    - MINOR: config: pass the file and line to config keyword parsers
    - MINOR: stats: fill the file and line numbers in the stats frontend
    - MINOR: config: set the bind_conf entry on listeners created from a "listen" line.
    - MAJOR: listeners: use dual-linked lists to chain listeners with frontends
    - REORG: listener: move unix perms from the listener to the bind_conf
    - BUG: backend: balance hdr was broken since 1.5-dev11
    - MINOR: standard: make memprintf() support a NULL destination
    - MINOR: config: make str2listener() use memprintf() to report errors.
    - MEDIUM: stats: remove the stats_sock struct from the global struct
    - MINOR: ssl: set the listeners' data layer to ssl during parsing
    - MEDIUM: stats: make use of the standard "bind" parsers to parse global socket
    - DOC: move bind options to their own section
    - DOC: stats: refer to "bind" section for "stats socket" settings
    - DOC: fix index to reference bind and server options
    - BUG: http: do not print garbage on invalid requests in debug mode
    - BUG/MINOR: config: check the proper pointer to report unknown protocol
    - CLEANUP: connection: offer conn_prepare() to set up a connection
    - CLEANUP: config: fix typo inteface => interface
    - BUG: stats: fix regression introduced by commit 4348fad1
    - MINOR: cli: allow to set frontend maxconn to zero
    - BUG/MAJOR: http: chunk parser was broken with buffer changes
    - MEDIUM: monitor: simplify handling of monitor-net and mode health
    - MINOR: connection: add a pointer to the connection owner
    - MEDIUM: connection: make use of the owner instead of container_of
    - BUG/MINOR: ssl: report the L4 connection as established when possible
    - BUG/MEDIUM: proxy: must not try to stop disabled proxies upon reload
    - BUG/MINOR: config: use a copy of the file name in proxy configurations
    - BUG/MEDIUM: listener: don't pause protocols that do not support it
    - MEDIUM: proxy: add the global frontend to the list of normal proxies
    - BUG/MINOR: epoll: correctly disable FD polling in fd_rem()
    - MINOR: signal: really ignore signals configured with no handler
    - MINOR: buffers: add a few functions to write chars, strings and blocks
    - MINOR: raw_sock: always report asynchronous connection errors
    - MEDIUM: raw_sock: improve connection error reporting
    - REORG: connection: rename the data layer the "transport layer"
    - REORG: connection: rename app_cb "data"
    - MINOR: connection: provide a generic data layer wakeup callback
    - MINOR: connection: split conn_prepare() in two functions
    - MINOR: connection: add an init callback to the data_cb struct
    - MEDIUM: session: use a specific data_cb for embryonic sessions
    - MEDIUM: connection: use a generic data-layer init() callback
    - MEDIUM: connection: reorganize connection flags
    - MEDIUM: connection: only call the data->wake callback on activity
    - MEDIUM: connection: make it possible for data->wake to return an error
    - MEDIUM: session: register a data->wake callback to process errors
    - MEDIUM: connection: don't call the data->init callback upon error
    - MEDIUM: connection: it's not the data layer's role to validate the connection
    - MEDIUM: connection: automatically disable polling on error
    - REORG: connection: move the PROXY protocol management to connection.c
    - MEDIUM: connection: add a new local send-proxy transport callback
    - MAJOR: checks: make use of the connection layer to send checks
    - REORG: server: move the check-specific parts into a check subsection
    - MEDIUM: checks: use real buffers to store requests and responses
    - MEDIUM: check: add the ctrl and transport layers in the server check structure
    - MAJOR: checks: completely use the connection transport layer
    - MEDIUM: checks: add the "check-ssl" server option
    - MEDIUM: checks: enable the PROXY protocol with health checks
    - CLEANUP: checks: remove minor warnings for assigned but not used variables
    - MEDIUM: tcp: enable TCP Fast Open on systems which support it
    - BUG: connection: fix regression from commit 9e272bf9
    - CLEANUP: cttproxy: remove a warning on undeclared close()
    - BUG/MAJOR: ensure that hdr_idx is always reserved when L7 fetches are used
    - MEDIUM: listener: add support for linux's accept4() syscall
    - MINOR: halog: sort output by cookie code
    - BUG/MINOR: halog: -ad/-ac report the correct number of output lines
    - BUG/MINOR: halog: fix help message for -ut/-uto
    - MINOR: halog: add a parameter to limit output line count
    - BUILD: accept4: move the socketcall declaration outside of accept4()
    - MINOR: server: add minimal infrastructure to parse keywords
    - MINOR: standard: make indent_msg() support empty messages
    - MEDIUM: server: check for registered keywords when parsing unknown keywords
    - MEDIUM: server: move parsing of keyword "id" to server.c
    - BUG/MEDIUM: config: check-send-proxy was ignored if SSL was not builtin
    - MEDIUM: ssl: move "server" keyword SSL options parsing to ssl_sock.c
    - MEDIUM: log: suffix the frontend's name with '~' when using SSL
    - MEDIUM: connection: always unset the transport layer upon close
    - BUG/MINOR: session: fix some leftover from debug code
    - BUG/MEDIUM: session: enable the conn_session_update() callback
    - MEDIUM: connection: add a flag to hold the transport layer
    - MEDIUM: log: add a new LW_XPRT flag to pin the transport layer
    - MINOR: log: make lf_text use a const char *
    - MEDIUM: log: report SSL ciphers and version in logs using logformat %sslc/%sslv
    - REORG: http: rename msg->buf to msg->chn since it's a channel
    - CLEANUP: http: use 'chn' to name channel variables, not 'buf'
    - CLEANUP: channel: use 'chn' instead of 'buf' as local variable names
    - CLEANUP: tcp: use 'chn' instead of 'buf' or 'b' for channel pointer names
    - CLEANUP: stream_interface: use 'chn' instead of 'b' to name channel pointers
    - CLEANUP: acl: use 'chn' instead of 'b' to name channel pointers
    - MAJOR: channel: replace the struct buffer with a pointer to a buffer
    - OPTIM: channel: reorganize struct members to improve cache efficiency
    - CLEANUP: session: remove term_trace which is not used anymore
    - OPTIM: session: reorder struct session fields
    - OPTIM: connection: pack the struct target
    - DOC: document relations between internal entities
    - MINOR: ssl: add 'ssl_npn' sample/acl to extract TLS/NPN information
    - BUILD: ssl: fix shctx build on older compilers
    - MEDIUM: ssl: add support for the "npn" bind keyword
    - BUG: ssl: fix ssl_sni ACLs to correctly process regular expressions
    - MINOR: chunk: provide string compare functions
    - MINOR: sample: accept fetch keywords without parenthesis
    - MEDIUM: sample: pass an empty list instead of a null for fetch args
    - MINOR: ssl: improve socket behaviour upon handshake abort.
    - BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel mode
    - MEDIUM: listener: provide a fallback for accept4() when not supported
    - BUG/MAJOR: connection: risk of crash on certain tricky close scenario
    - MEDIUM: cli: allow the stats socket to be bound to a specific set of processes
    - OPTIM: channel: inline channel_forward's fast path
    - OPTIM: http: inline http_parse_chunk_size() and http_skip_chunk_crlf()
    - OPTIM: tools: inline hex2i()
    - CLEANUP: http: rename HTTP_MSG_DATA_CRLF state
    - MINOR: compression: automatically disable compression for older browsers
    - MINOR: compression: optimize memLevel to improve byte rate
    - BUG/MINOR: http: compression should consider all Accept-Encoding header values
    - BUILD: fix coexistence of openssl and zlib
    - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_serial' and 'ssl_f_serial'
    - BUG/MEDIUM: command-line option -D must have precedence over "debug"
    - MINOR: tools: add a clear_addr() function to unset an address
    - BUG/MEDIUM: tcp: transparent bind to the source only when address is set
    - CLEANUP: remove trashlen
    - MAJOR: session: detach the connections from the stream interfaces
    - DOC: update document describing relations between internal entities
    - BUILD: make it possible to specify ZLIB path
    - MINOR: compression: add an offload option to remove the Accept-Encoding header
    - BUG: compression: disable auto-close and enable MSG_MORE during transfer
    - CLEANUP: completely remove trashlen
    - MINOR: chunk: add a function to reset a chunk
    - CLEANUP: replace chunk_printf() with chunk_appendf()
    - MEDIUM: make the trash be a chunk instead of a char *
    - MEDIUM: remove remains of BUFSIZE in HTTP auth and sample conversions
    - MEDIUM: stick-table: allocate the table key of size buffer size
    - BUG/MINOR: stream_interface: don't loop over ->snd_buf()
    - BUG/MINOR: session: ensure that we don't retry connection if some data were sent
    - OPTIM: session: don't process the whole session when only timers need a refresh
    - BUG/MINOR: session: mark the handshake as complete earlier
    - MAJOR: connection: remove the CO_FL_CURR_*_POL flag
    - BUG/MAJOR: always clear the CO_FL_WAIT_* flags after updating polling flags
    - MAJOR: sepoll: make the poller totally event-driven
    - OPTIM: stream_interface: disable reading when CF_READ_DONTWAIT is set
    - BUILD: compression: remove a build warning
    - MEDIUM: fd: don't unset fdtab[].updated upon delete
    - REORG: fd: move the speculative I/O management from ev_sepoll
    - REORG: fd: move the fd state management from ev_sepoll
    - REORG: fd: centralize the processing of speculative events
    - BUG: raw_sock: also consider ENOTCONN in addition to EAGAIN
    - BUILD: stream_interface: remove si_fd() and its references
    - BUILD: compression: enable build in BSD and OSX Makefiles
    - MAJOR: ev_select: make the poller support speculative events
    - MAJOR: ev_poll: make the poller support speculative events
    - MAJOR: ev_kqueue: make the poller support speculative events
    - MAJOR: polling: replace epoll with sepoll and remove sepoll
    - MAJOR: polling: remove unused callbacks from the poller struct
    - MEDIUM: http: refrain from sending "Connection: close" when Upgrade is present
    - CLEANUP: channel: remove any reference of the hijackers
    - CLEANUP: stream_interface: remove the external task type target
    - MAJOR: connection: replace struct target with a pointer to an enum
    - BUG: connection: fix typo in previous commit
    - BUG: polling: don't skip polled events in the spec list
    - MINOR: splice: disable it when the system returns EBADF
    - MINOR: build: allow packagers to specify the default maxzlibmem
    - BUG: halog: fix broken output limitation
    - BUG: proxy: fix server name lookup in get_backend_server()
    - BUG: compression: do not always increment the round counter on allocation failure
    - BUG/MEDIUM: compression: release the zlib pools between keep-alive requests
    - MINOR: global: don't prevent nbproc from being redefined
    - MINOR: config: support process ranges for "bind-process"
    - MEDIUM: global: add support for CPU binding on Linux ("cpu-map")
    - MINOR: ssl: rename and document the tune.ssl.cachesize option
    - DOC: update the PROXY protocol spec to support v2
    - MINOR: standard: add a simple popcount function
    - MEDIUM: adjust the maxaccept per listener depending on the number of processes
    - BUG: compression: properly disable compression when content-type does not match
    - MINOR: cli: report connection status in "show sess xxx"
    - BUG/MAJOR: stream_interface: certain workloads could cause get stuck
    - BUILD: cli: fix build when SSL is enabled
    - MINOR: cli: report the fd state in "show sess xxx"
    - MINOR: cli: report an error message on missing argument to compression rate
    - MINOR: http: add some debugging functions to pretty-print msg state names
    - BUG/MAJOR: stream_interface: read0 not always handled since dev12
    - DOC: documentation on http header capture is wrong
    - MINOR: http: allow the cookie capture size to be changed
    - DOC: http header capture has not been limited in size for a long time
    - DOC: update readme with build methods for BSD
    - BUILD: silence a warning on Solaris about usage of isdigit()
    - MINOR: stats: report HTTP compression stats per frontend and per backend
    - MINOR: log: add '%Tl' to log-format
    - MINOR: samples: update the url_param fetch to match parameters in the path
2012-11-22 01:11:33 +01:00
Willy Tarreau
16216828fc [RELEASE] Released version 1.5-dev12
Released version 1.5-dev12 with the following main changes :
    - CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read
    - MEDIUM: ssl: add support for prefer-server-ciphers option
    - MINOR: IPv6 support for transparent proxy
    - MINOR: protocol: add SSL context to listeners if USE_OPENSSL is defined
    - MINOR: server: add SSL context to servers if USE_OPENSSL is defined
    - MEDIUM: connection: add a new handshake flag for SSL (CO_FL_SSL_WAIT_HS).
    - MEDIUM: ssl: add new files ssl_sock.[ch] to provide the SSL data layer
    - MEDIUM: config: add the 'ssl' keyword on 'bind' lines
    - MEDIUM: config: add support for the 'ssl' option on 'server' lines
    - MEDIUM: ssl: protect against client-initiated renegociation
    - BUILD: add optional support for SSL via the USE_OPENSSL flag
    - MEDIUM: ssl: add shared memory session cache implementation.
    - MEDIUM: ssl: replace OpenSSL's session cache with the shared cache
    - MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size.
    - MEDIUM: ssl: add support for SNI and wildcard certificates
    - DOC: Typos cleanup
    - DOC: fix name for "option independant-streams"
    - DOC: specify the default value for maxconn in the context of a proxy
    - BUG/MINOR: to_log erased with unique-id-format
    - LICENSE: add licence exception for OpenSSL
    - BUG/MAJOR: cookie prefix doesn't support cookie-less servers
    - BUILD: add an AIX 5.2 (and later) target.
    - MEDIUM: fd/si: move peeraddr from struct fdinfo to struct connection
    - MINOR: halog: use the more recent dual-mode fgets2 implementation
    - BUG/MEDIUM: ebtree: ebmb_insert() must not call cmp_bits on full-length matches
    - CLEANUP: halog: make clean should also remove .o files
    - OPTIM: halog: make use of memchr() on platforms which provide a fast one
    - OPTIM: halog: improve cold-cache behaviour when loading a file
    - BUG/MINOR: ACL implicit arguments must be created with unresolved flag
    - MINOR: replace acl_fetch_{path,url}* with smp_fetch_*
    - MEDIUM: pattern: add the "base" sample fetch method
    - OPTIM: i386: make use of kernel-mode-linux when available
    - BUG/MINOR: tarpit: fix condition to return the HTTP 500 message
    - BUG/MINOR: polling: some events were not set in various pollers
    - MINOR: http: add the urlp_val ACL match
    - BUG: stktable: tcp_src_to_stktable_key() must return NULL on invalid families
    - MINOR: stats/cli: add plans to support more stick-table actions
    - MEDIUM: stats/cli: add support for "set table key" to enter values
    - REORG/MEDIUM: fd: remove FD_STCLOSE from struct fdtab
    - REORG/MEDIUM: fd: remove checks for FD_STERROR in ev_sepoll
    - REORG/MEDIUM: fd: get rid of FD_STLISTEN
    - REORG/MINOR: connection: move declaration to its own include file
    - REORG/MINOR: checks: put a struct connection into the server
    - MINOR: connection: add flags to the connection struct
    - MAJOR: get rid of fdtab[].state and use connection->flags instead
    - MINOR: fd: add a new I/O handler to fdtab
    - MEDIUM: polling: prepare to call the iocb() function when defined.
    - MEDIUM: checks: make use of fdtab->iocb instead of cb[]
    - MEDIUM: protocols: use the generic I/O callback for accept callbacks
    - MINOR: connection: add a handler for fd-based connections
    - MAJOR: connection: replace direct I/O callbacks with the connection callback
    - MINOR: fd: make fdtab->owner a connection and not a stream_interface anymore
    - MEDIUM: connection: remove the FD_POLL_* flags only once
    - MEDIUM: connection: extract the send_proxy callback from proto_tcp
    - MAJOR: tcp: remove the specific I/O callbacks for TCP connection probes
    - CLEANUP: remove the now unused fdtab direct I/O callbacks
    - MAJOR: remove the stream interface and task management code from sock_*
    - MEDIUM: stream_interface: pass connection instead of fd in sock_ops
    - MEDIUM: stream_interface: centralize the SI_FL_ERR management
    - MAJOR: connection: add a new CO_FL_CONNECTED flag
    - MINOR: rearrange tcp_connect_probe() and fix wrong return codes
    - MAJOR: connection: call data layer handshakes from the handler
    - MEDIUM: fd: remove the EV_FD_COND_* primitives
    - MINOR: sock_raw: move calls to si_data_close upper
    - REORG: connection: replace si_data_close() with conn_data_close()
    - MEDIUM: sock_raw: introduce a read0 callback that is different from shutr
    - MAJOR: stream_int: use a common stream_int_shut*() functions regardless of the data layer
    - MAJOR: fd: replace all EV_FD_* macros with new fd_*_* inline calls
    - MEDIUM: fd: add fd_poll_{recv,send} for use when explicit polling is required
    - MEDIUM: connection: add definitions for dual polling mechanisms
    - MEDIUM: connection: make use of the new polling functions
    - MAJOR: make use of conn_{data|sock}_{poll|stop|want}* in connection handlers
    - MEDIUM: checks: don't use FD_WAIT_* anymore
    - MINOR: fd: get rid of FD_WAIT_*
    - MEDIUM: stream_interface: offer a generic function for connection updates
    - MEDIUM: stream-interface: offer a generic chk_rcv function for connections
    - MEDIUM: stream-interface: add a snd_buf() callback to sock_ops
    - MEDIUM: stream-interface: provide a generic stream_int_chk_snd_conn() function
    - MEDIUM: stream-interface: provide a generic si_conn_send_cb callback
    - MEDIUM: stream-interface: provide a generic stream_sock_read0() function
    - REORG/MAJOR: use "struct channel" instead of "struct buffer"
    - REORG/MAJOR: extract "struct buffer" from "struct channel"
    - MINOR: connection: provide conn_{data|sock}_{read0|shutw} functions
    - REORG: sock_raw: rename the files raw_sock*
    - MAJOR: raw_sock: extract raw_sock_to_buf() from raw_sock_read()
    - MAJOR: raw_sock: temporarily disable splicing
    - MINOR: stream-interface: add an rcv_buf callback to sock_ops
    - REORG: stream-interface: move sock_raw_read() to si_conn_recv_cb()
    - MAJOR: connection: split the send call into connection and stream interface
    - MAJOR: stream-interface: restore splicing mechanism
    - MAJOR: stream-interface: make conn_notify_si() more robust
    - MEDIUM: proxy-proto: don't use buffer flags in conn_si_send_proxy()
    - MAJOR: stream-interface: don't commit polling changes in every callback
    - MAJOR: stream-interface: fix splice not to call chk_snd by itself
    - MEDIUM: stream-interface: don't remove WAIT_DATA when a handshake is in progress
    - CLEANUP: connection: split sock_ops into data_ops, app_cp and si_ops
    - REORG: buffers: split buffers into chunk,buffer,channel
    - MAJOR: channel: remove the BF_OUT_EMPTY flag
    - REORG: buffer: move buffer_flush, b_adv and b_rew to buffer.h
    - MINOR: channel: rename bi_full to channel_full as it checks the whole channel
    - MINOR: buffer: provide a new buffer_full() function
    - MAJOR: channel: stop relying on BF_FULL to take action
    - MAJOR: channel: remove the BF_FULL flag
    - REORG: channel: move buffer_{replace,insert_line}* to buffer.{c,h}
    - CLEANUP: channel: usr CF_/CHN_ prefixes instead of BF_/BUF_
    - CLEANUP: channel: use "channel" instead of "buffer" in function names
    - REORG: connection: move the target pointer from si to connection
    - MAJOR: connection: move the addr field from the stream_interface
    - MEDIUM: stream_interface: remove CAP_SPLTCP/CAP_SPLICE flags
    - MEDIUM: proto_tcp: remove any dependence on stream_interface
    - MINOR: tcp: replace tcp_src_to_stktable_key with addr_to_stktable_key
    - MEDIUM: connection: add an ->init function to data layer
    - MAJOR: session: introduce embryonic sessions
    - MAJOR: connection: make the PROXY decoder a handshake handler
    - CLEANUP: frontend: remove the old proxy protocol decoder
    - MAJOR: connection: rearrange the polling flags.
    - MEDIUM: connection: only call tcp_connect_probe when nothing was attempted yet
    - MEDIUM: connection: complete the polling cleanups
    - MEDIUM: connection: avoid calling handshakes when polling is required
    - MAJOR: stream_interface: continue to update data polling flags during handshakes
    - CLEANUP: fd: remove fdtab->flags
    - CLEANUP: fdtab: flatten the struct and merge the spec struct with the rest
    - CLEANUP: includes: fix includes for a number of users of fd.h
    - MINOR: ssl: disable TCP quick-ack by default on SSL listeners
    - MEDIUM: config: add a "ciphers" keyword to set SSL cipher suites
    - MEDIUM: config: add "nosslv3" and "notlsv1" on bind and server lines
    - BUG: ssl: mark the connection as waiting for an SSL connection during the handshake
    - BUILD: http: rename error_message http_error_message to fix conflicts on RHEL
    - BUILD: ssl: fix shctx build on RHEL with futex
    - BUILD: include sys/socket.h to fix build failure on FreeBSD
    - BUILD: fix build error without SSL (ssl_cert)
    - BUILD: ssl: use MAP_ANON instead of MAP_ANONYMOUS
    - BUG/MEDIUM: workaround an eglibc bug which truncates the pidfiles when nbproc > 1
    - MEDIUM: config: support per-listener backlog and maxconn
    - MINOR: session: do not send an HTTP/500 error on SSL sockets
    - MEDIUM: config: implement maxsslconn in the global section
    - BUG: tcp: close socket fd upon connect error
    - MEDIUM: connection: improve error handling around the data layer
    - MINOR: config: make the tasks "nice" value configurable on "bind" lines.
    - BUILD: shut a gcc warning introduced by commit 269ab31
    - MEDIUM: config: centralize handling of SSL config per bind line
    - BUILD: makefile: report USE_OPENSSL status in build options
    - BUILD: report openssl build settings in haproxy -vv
    - MEDIUM: ssl: add sample fetches for is_ssl, ssl_has_sni, ssl_sni_*
    - DOC: add a special acknowledgement for the stud project
    - DOC: add missing SSL options for servers and listeners
    - BUILD: automatically add -lcrypto for SSL
    - DOC: add some info about openssl build in the README
2012-09-10 09:46:55 +02:00
Willy Tarreau
02c7c14ae7 [RELEASE] Released version 1.5-dev11
Released version 1.5-dev11 with the following main changes :
    - BUG/MEDIUM: option forwardfor if-none doesn't work with some configurations
    - BUG/MAJOR: trash must always be the size of a buffer
    - DOC: fix minor regex example issue and improve doc on stats
    - MINOR: stream_interface: add a pointer to the listener for TARG_TYPE_CLIENT
    - MEDIUM: protocol: add a pointer to struct sock_ops to the listener struct
    - MINOR: checks: add on-marked-up option
    - MINOR: balance uri: added 'whole' parameter to include query string in hash calculation
    - MEDIUM: stream_interface: remove the si->init
    - MINOR: buffers: add a rewind function
    - BUG/MAJOR: fix regression on content-based hashing and http-send-name-header
    - MAJOR: http: stop using msg->sol outside the parsers
    - CLEANUP: http: make it more obvious that msg->som is always null outside of chunks
    - MEDIUM: http: get rid of msg->som which is not used anymore
    - MEDIUM: http: msg->sov and msg->sol will never wrap
    - BUG/MAJOR: checks: don't call set_server_status_* when no LB algo is set
    - BUG/MINOR: stop connect timeout when connect succeeds
    - REORG: move the send-proxy code to tcp_connect_write()
    - REORG/MINOR: session: detect the TCP monitor checks at the protocol accept
    - MINOR: stream_interface: introduce a new "struct connection" type
    - REORG/MINOR: stream_interface: move si->fd to struct connection
    - REORG/MEDIUM: stream_interface: move applet->state and private to connection
    - MINOR: stream_interface: add a data channel close function
    - MEDIUM: stream_interface: call si_data_close() before releasing the si
    - MINOR: peers: use the socket layer operations from the peer instead of sock_raw
    - BUG/MINOR: checks: expire on timeout.check if smaller than timeout.connect
    - MINOR: add a new function call tracer for debugging purposes
    - BUG/MINOR: perform_http_redirect also needs to rewind the buffer
    - BUG/MAJOR: b_rew() must pass a signed offset to b_ptr()
    - BUG/MEDIUM: register peer sync handler in the proper order
    - BUG/MEDIUM: buffers: fix bi_putchr() to correctly advance the pointer
    - BUG/MINOR: fix option httplog validation with TCP frontends
    - BUG/MINOR: log: don't report logformat errors in backends
    - REORG/MINOR: use dedicated proxy flags for the cookie handling
    - BUG/MINOR: config: do not report twice the incompatibility between cookie and non-http
    - MINOR: http: add support for "httponly" and "secure" cookie attributes
    - BUG/MEDIUM: ensure that unresolved arguments are freed exactly once
    - BUG/MINOR: commit 196729ef used wrong condition resulting in freeing constants
    - MEDIUM: stats: add support for soft stop/soft start in the admin interface
    - MEDIUM: stats: add the ability to kill sessions from the admin interface
    - BUILD: add support for linux kernels >= 2.6.28
2012-06-04 00:43:45 +02:00
Willy Tarreau
ffb8947bb8 [RELEASE] Released version 1.5-dev10
Released version 1.5-dev10 with the following main changes :
    - BUG/MINOR: stats admin: "Unexpected result" was displayed unconditionally
    - BUG/MAJOR: acl: http_auth_group() must not accept any user from the userlist
    - CLEANUP: auth: make the code build again with DEBUG_AUTH
    - BUG/MEDIUM: config: don't crash at config load time on invalid userlist names
    - REORG: use the name sock_raw instead of stream_sock
    - MINOR: stream_interface: add a client target : TARG_TYPE_CLIENT
    - BUG/MEDIUM: stream_interface: restore get_src/get_dst
    - CLEANUP: sock_raw: remove last references to stream_sock
    - CLEANUP: stream_interface: stop exporting socket layer functions
    - MINOR: stream_interface: add an init callback to sock_ops
    - MEDIUM: stream_interface: derive the socket operations from the target
    - MAJOR: fd: remove the need for the socket layer to recheck the connection
    - MINOR: session: call the socket layer init function when a session establishes
    - MEDIUM: session: add support for tunnel timeouts
    - MINOR: standard: add a new debug macro : fddebug()
    - CLEANUP: fd: remove unused cb->b pointers in the struct fdtab
    - OPTIM: proto_http: don't enable quick-ack on empty buffers
    - OPTIM/MAJOR: ev_sepoll: process spec events after polled events
    - OPTIM/MEDIUM: stream_interface: add a new SI_FL_NOHALF flag
2012-05-14 07:26:56 +02:00
Willy Tarreau
a0564f3541 [RELEASE] Released version 1.5-dev9
Released version 1.5-dev9 with the following main changes :
    - MINOR: Add release callback to si_applet
    - CLEANUP: Fix some minor typos
    - MINOR: Add TO/FROM_SET flags to struct stream_interface
    - CLEANUP: Fix some minor whitespace issues
    - MINOR: stats admin: allow unordered parameters in POST requests
    - CLEANUP: fix typo in findserver() log message
    - MINOR: stats admin: use the backend id instead of its name in the form
    - MINOR: stats admin: reduce memcmp()/strcmp() calls on status codes
    - DOC: cleanup indentation, alignment, columns and chapters
    - DOC: fix some keywords arguments documentation
    - MINOR: cli: display the 4 IP addresses and ports on "show sess XXX"
    - BUG/MAJOR: log: possible segfault with logformat
    - MEDIUM: log: split of log_format generation
    - MEDIUM: log: New format-log flags: %Fi %Fp %Si %Sp %Ts %rt %H %pid
    - MEDIUM: log: Unique ID
    - MINOR: log: log-format: usable without httplog and tcplog
    - BUG/MEDIUM: balance source did not properly hash IPv6 addresses
    - MINOR: contrib/iprange: add a network IP range to mask converter
    - MEDIUM: session: implement the "use-server" directive
    - MEDIUM: log: add a new cookie flag 'U' to report situations where cookie is not used
    - MEDIUM: http: make extract_cookie_value() iterate over cookie values
    - MEDIUM: http: add cookie and scookie ACLs
    - CLEANUP: lb_first: add reference to a paper describing the original idea
    - MEDIUM: stream_sock: add a get_src and get_dst callback and remove SN_FRT_ADDR_SET
    - BUG/MINOR: acl: req_ssl_sni would randomly fail if a session ID is present
    - BUILD: http: make extract_cookie_value() return an int not size_t
    - BUILD: http: stop gcc-4.1.2 from complaining about possibly uninitialized values
    - CLEANUP: http: message parser must ignore HTTP_MSG_ERROR
    - MINOR: standard: add a memprintf() function to build formatted error messages
    - CLEANUP: remove a few warning about unchecked return values in debug code
    - MEDIUM: move message-related flags from transaction to message
    - DOC: add a diagram to explain how circular buffers work
    - MAJOR: buffer rework: replace ->send_max with ->o
    - MAJOR: buffer: replace buf->l with buf->{o+i}
    - MINOR: buffers: provide simple pointer normalization functions
    - MINOR: buffers: remove unused function buffer_contig_data()
    - MAJOR: buffers: replace buf->w with buf->p - buf->o
    - MAJOR: buffers: replace buf->r with buf->p + buf->i
    - MAJOR: http: move buffer->lr to http_msg->next
    - MAJOR: http: change msg->{som,col,sov,eoh} to be relative to buffer origin
    - CLEANUP: http: remove unused http_msg->col
    - MAJOR: http: turn http_msg->eol to a buffer-relative offset
    - MEDIUM: http: add a pointer to the buffer in http_msg
    - MAJOR: http: make http_msg->sol relative to buffer's origin
    - MEDIUM: http: http_send_name_header: remove references to msg and buffer
    - MEDIUM: http: remove buffer arg in a few header manipulation functions
    - MEDIUM: http: remove buffer arg in http_capture_bad_message
    - MEDIUM: http: remove buffer arg in http_msg_analyzer
    - MEDIUM: http: remove buffer arg in http_upgrade_v09_to_v10
    - MEDIUM: http: remove buffer arg in http_buffer_heavy_realign
    - MEDIUM: http: remove buffer arg in chunk parsing functions
    - MINOR: http: remove useless wrapping checks in http_msg_analyzer
    - MEDIUM: buffers: fix unsafe use of buffer_ignore at some places
    - MEDIUM: buffers: add new pointer wrappers and get rid of almost all buffer_wrap_add calls
    - MEDIUM: buffers: implement b_adv() to advance a buffer's pointer
    - MEDIUM: buffers: rename a number of buffer management functions
    - MEDIUM: http: add a prefetch function for ACL pattern fetch
    - MEDIUM: http: make all ACL fetch function use acl_prefetch_http()
    - BUG/MINOR: http_auth: ACLs are volatile, not permanent
    - MEDIUM: http/acl: merge all request and response ACL fetches of headers and cookies
    - MEDIUM: http/acl: make acl_fetch_hdr_{ip,val} rely on acl_fetch_hdr()
    - MEDIUM: add a new typed argument list parsing framework
    - MAJOR: acl: make use of the new argument parsing framework
    - MAJOR: acl: store the ACL argument types in the ACL keyword declaration
    - MEDIUM: acl: acl_find_target() now resolves arguments based on their types
    - MAJOR: acl: make acl_find_targets also resolve proxy names at config time
    - MAJOR: acl: ensure that implicit table and proxies are valid
    - MEDIUM: acl: remove unused tests for missing args when args are mandatory
    - MEDIUM: pattern: replace type pattern_arg with type arg
    - MEDIUM: pattern: get rid of arg_i in all functions making use of arguments
    - MEDIUM: pattern: use the standard arg parser
    - MEDIUM: pattern: add an argument validation callback to pattern descriptors
    - MEDIUM: pattern: report the precise argument parsing error when known.
    - MEDIUM: acl: remove the ACL_TEST_F_NULL_MATCH flag
    - MINOR: pattern: add a new 'sample' type to store fetched data
    - MEDIUM: pattern: add new sample types to replace pattern types
    - MAJOR: acl: make use of the new sample struct and get rid of acl_test
    - MEDIUM: pattern/acl: get rid of temp_pattern in ACLs
    - MEDIUM: acl: get rid of the SET_RES flags
    - MEDIUM: get rid of SMP_F_READ_ONLY and SMP_F_MUST_FREE
    - MINOR: pattern: replace struct pattern with struct sample
    - MEDIUM: pattern: integrate pattern_data into sample and use sample everywhere
    - MEDIUM: pattern: retrieve the sample type in the sample, not in the keyword description
    - MEDIUM: acl/pattern: switch rdp_cookie functions stack up-down
    - MEDIUM: acl: replace acl_expr with args in acl fetch_* functions
    - MINOR: tcp: replace acl_fetch_rdp_cookie with smp_fetch_rdp_cookie
    - MEDIUM: acl/pattern: use the same direction scheme
    - MEDIUM: acl/pattern: start merging common sample fetch functions
    - MEDIUM: pattern: ensure that sample types always cast into other types.
    - MEDIUM: acl/pattern: factor out the src/dst address fetches
    - MEDIUM: acl: implement payload and payload_lv
    - CLEANUP: pattern: ensure that payload and payload_lv always stay in the buffer
    - MINOR: stick_table: centralize the handling of empty keys
    - MINOR: pattern: centralize handling of unstable data in pattern_process()
    - MEDIUM: pattern: use smp_fetch_rdp_cookie instead of the pattern specific version
    - MINOR: acl: set SMP_OPT_ITERATE on fetch functions
    - MINOR: acl: add a val_args field to keywords
    - MINOR: proto_tcp: validate arguments of payload and payload_lv ACLs
    - MEDIUM: http: merge acl and pattern header fetch functions
    - MEDIUM: http: merge ACL and pattern cookie fetches into a single one
    - MEDIUM: acl: report parsing errors to the caller
    - MINOR: arg: improve error reporting on invalid arguments
    - MINOR: acl: report errors encountered when loading patterns from files
    - MEDIUM: acl: extend the pattern parsers to report meaningful errors
    - REORG: use the name "sample" instead of "pattern" to designate extracted data
    - REORG: rename "pattern" files
    - MINOR: acl: add types to ACL patterns
    - MINOR: standard: add an IPv6 parsing function (str62net)
    - MEDIUM: acl: support IPv6 address matching
    - REORG: stream_interface: create a struct sock_ops to hold socket operations
    - REORG/MEDIUM: move protocol->{read,write} to sock_ops
    - REORG/MEDIUM: stream_interface: initialize socket ops from descriptors
    - REORG/MEDIUM: replace stream interface protocol functions by a proto pointer
    - REORG/MEDIUM: move the default accept function from sockstream to protocols.c
    - MEDIUM: proto_tcp: remove src6 and dst6 pattern fetch methods
    - BUG/MINOR: http: error snapshots are wrong if buffer wraps
    - BUG/MINOR: http: ensure that msg->err_pos is always relative to buf->p
    - MEDIUM: http: improve error capture reports
    - MINOR: acl: add the cook_val() match to match a cookie against an integer
    - BUG/MEDIUM: send_proxy: fix initialisation of send_proxy_ofs
    - MEDIUM: memory: add the ability to poison memory at run time
    - BUG/MEDIUM: log: ensure that unique_id is properly initialized
    - MINOR: cfgparse: use a common errmsg pointer for all parsers
    - MEDIUM: cfgparse: make backend_parse_balance() use memprintf to report errors
    - MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords
    - MINOR: http: replace http_message_realign() with  buffer_slow_realign()
2012-05-08 21:56:27 +02:00
Willy Tarreau
9eeb57bd7f [RELEASE] Released version 1.5-dev8
Released version 1.5-dev8 with the following main changes :
    - MINOR: patch for minor typo (ressources/resources)
    - MEDIUM: http: add support for sending the server's name in the outgoing request
    - DOC: mention that default checks are TCP connections
    - BUG/MINOR: fix options forwardfor if-none when an alternative header name is specified
    - CLEANUP: Make check_statuses, analyze_statuses and process_chk static
    - CLEANUP: Fix HCHK spelling errors
    - BUG/MINOR: fix typo in processing of http-send-name-header
    - MEDIUM: log: Use linked lists for loggers
    - BUILD: fix declaration inside a scope block
    - REORG: log: split send_log function
    - MINOR: config: Parse the string of the log-format config keyword
    - MINOR: add ultoa, ulltoa, ltoa, lltoa implementations
    - MINOR: Date and time fonctions that don't use snprintf
    - MEDIUM: log: make http_sess_log use log_format
    - DOC: log-format documentation
    - MEDIUM: log: use log_format for mode tcplog
    - MEDIUM: log-format: backend source address %Bi %Bp
    - BUG/MINOR: log-format: fix %o flag
    - BUG/MEDIUM: bad length in log_format and __send_log
    - MINOR: logformat %st is signed
    - BUILD/MINOR: fix the source URL in the spec file
    - DOC: acl is http_first_req, not http_req_first
    - BUG/MEDIUM: don't trim last spaces from headers consisting only of spaces
    - MINOR: acl: add new matches for header/path/url length
    - BUILD: halog: make halog build on solaris
    - BUG/MINOR: don't use a wrong port when connecting to a server with mapped ports
    - MINOR: remove the client/server side distinction in SI addresses
    - MINOR: halog: add support for matching queued requests
    - DOC: indicate that cookie "prefix" and "indirect" should not be mixed
    - OPTIM/MINOR: move struct sockaddr_storage to the tail of structs
    - OPTIM/MINOR: make it possible to change pipe size (tune.pipesize)
    - BUILD/MINOR: silent a build warning in src/pipe.c (fcntl)
    - OPTIM/MINOR: move the hdr_idx pools out of the proxy struct
    - MEDIUM: tune.http.maxhdr makes it possible to configure the maximum number of HTTP headers
    - BUG/MINOR: fix a segfault when parsing a config with undeclared peers
    - CLEANUP: rename possibly confusing struct field "tracked"
    - BUG/MEDIUM: checks: fix slowstart behaviour when server tracking is in use
    - MINOR: config: tolerate server "cookie" setting in non-HTTP mode
    - MEDIUM: buffers: add some new primitives and rework existing ones
    - BUG: buffers: don't return a negative value on buffer_total_space_res()
    - MINOR: buffers: make buffer_pointer() support negative pointers too
    - CLEANUP: kill buffer_replace() and use an inline instead
    - BUG: tcp: option nolinger does not work on backends
    - CLEANUP: ebtree: remove a few annoying signedness warnings
    - CLEANUP: ebtree: clarify licence and update to 6.0.6
    - CLEANUP: ebtree: remove 4-year old harmless typo in duplicates insertion code
    - CLEANUP: ebtree: remove another typo, a wrong initialization in insertion code
    - BUG: ebtree: ebst_lookup() could return the wrong entry
    - OPTIM: stream_sock: reduce the amount of in-flight spliced data
    - OPTIM: stream_sock: save a failed recv syscall when splice returns EAGAIN
    - MINOR: acl: add support for TLS server name matching using SNI
    - BUG: http: re-enable TCP quick-ack upon incomplete HTTP requests
    - BUG: proto_tcp: don't try to bind to a foreign address if sin_family is unknown
    - MINOR: pattern: export the global temporary pattern
    - CLEANUP: patterns: get rid of pattern_data_setstring()
    - MEDIUM: acl: use temp_pattern to store fetched information in the "method" match
    - MINOR: acl: include pattern.h to make pattern migration more transparent
    - MEDIUM: pattern: change the pattern data integer from unsigned to signed
    - MEDIUM: acl: use temp_pattern to store any integer-type information
    - MEDIUM: acl: use temp_pattern to store any address-type information
    - CLEANUP: acl: integer part of acl_test is not used anymore
    - MEDIUM: acl: use temp_pattern to store any string-type information
    - CLEANUP: acl: remove last data fields from the acl_test struct
    - MEDIUM: http: replace get_ip_from_hdr2() with http_get_hdr()
    - MEDIUM: patterns: the hdr() pattern is now of type string
    - DOC: add minimal documentation on how ACLs work internally
    - DOC: add a coding-style file
    - OPTIM: halog: keep a fast path for the lines-count only
    - CLEANUP: silence a warning when building on sparc
    - BUG: http: tighten the list of allowed characters in a URI
    - MEDIUM: http: block non-ASCII characters in URIs by default
    - DOC: add some documentation from RFC3986 about URI format
    - BUG/MINOR: cli: correctly remove the whole table on "clear table"
    - BUG/MEDIUM: correctly disable servers tracking another disabled servers.
    - BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend
    - MINOR: halog: add some help on the command line
    - BUILD: fix build error on FreeBSD
    - BUG: fix double free in peers config error path
    - MEDIUM: improve config check return codes
    - BUILD: make it possible to look for pcre in the default system paths
    - MINOR: config: emit a warning when 'default_backend' masks servers
    - MINOR: backend: rework the LC definition to support other connection-based algos
    - MEDIUM: backend: add the 'first' balancing algorithm
    - BUG: fix httplog trailing LF
    - MEDIUM: increase chunk-size limit to 2GB-1
    - BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions
    - BUG: http: disable TCP delayed ACKs when forwarding content-length data
    - BUG: checks: fix server maintenance exit sequence
    - BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on partial writes
    - DOC: enumerate valid status codes for "observe layer7"
    - MINOR: buffer: switch a number of buffer args to const
    - CLEANUP: silence signedness warning in acl.c
    - BUG: stream_sock: si->release was not called upon shutw()
    - MINOR: log: use "%ts" to log term status only and "%tsc" to log with cookie
    - BUG/CRITICAL: log: fix risk of crash in development snapshot
    - BUG/MAJOR: possible crash when using capture headers on TCP frontends
    - MINOR: config: disable header captures in TCP mode and complain
2012-03-26 06:16:43 +02:00
Willy Tarreau
0fb02198f8 BUILD/MINOR: fix the source URL in the spec file
As reported by Avi Brender, the soruce URL was still pointing to v1.3.
2011-09-11 16:01:53 +02:00
Willy Tarreau
60612ebbbf [RELEASE] Released version 1.5-dev7
Released version 1.5-dev7 with the following main changes :
    - [BUG] fix binary stick-tables
    - [MINOR] http: *_dom matching header functions now also split on ":"
    - [BUG] checks: fix support of Mysqld >= 5.5 for mysql-check
    - [MINOR] acl: add srv_conn acl to count connections on a     specific backend server
    - [MINOR] check: add redis check support
    - [DOC] small fixes to clearly distinguish between keyword     and variables
    - [MINOR] halog: add support for termination code matching (-tcn/-TCN)
    - [DOC] Minor spelling fixes and grammatical enhancements
    - [CLEANUP] dumpstats: make symbols static where possible
    - [MINOR] Break out dumping table
    - [MINOR] Break out processing of clear table
    - [MINOR] Allow listing of stick table by key
    - [MINOR] Break out all stick table socat command parsing
    - [MINOR] More flexible clearing of stick table
    - [MINOR] Allow showing and clearing by key of ipv6 stick tables
    - [MINOR] Allow showing and clearing by key of integer stick tables
    - [MINOR] Allow showing and clearing by key of string stick tables
    - [CLEANUP] Remove assigned but unused variables
    - [CLEANUP] peers.h: fix declarations
    - [CLEANUP] session.c: Make functions static where possible
    - [MINOR] Add active connection list to server
    - [MINOR] Allow shutdown of sessions when a server becomes unavailable
    - [MINOR] Add down termination condition
    - [MINOR] Make appsess{,ion}_refresh static
    - [MINOR] Add rdp_cookie pattern fetch function
    - [CLEANUP] Remove unnecessary casts
    - [MINOR] Add non-stick server option
    - [MINOR] Consistently use error in tcp_parse_tcp_req()
    - [MINOR] Consistently free expr on error in cfg_parse_listen()
    - [MINOR] Free rdp_cookie_name on denint()
    - [MINOR] Free tcp rules on denint()
    - [MINOR] Free stick table pool on denint()
    - [MINOR] Free stick rules on denint()
    - [MEDIUM] Fix stick-table replication on soft-restart
    - [MEDIUM] Correct ipmask() logic
    - [MINOR] Correct type in table dump examples
    - [MINOR] Fix build error in stream_int_register_handler()
    - [MINOR] Use DPRINTF in assign_server()
    - [BUG] checks: http-check expect could fail a check on multi-packet responses
    - [DOC] fix minor typo in the "dispatch" doc
    - [BUG] proto_tcp: fix address binding on remote source
    - [MINOR] http: don't report the "haproxy" word on the monitoring response
    - [REORG] http: move HTTP error codes back to proto_http.h
    - [MINOR] http: make the "HTTP 200" status code configurable.
    - [MINOR] http: partially revert the chunking optimization for now
    - [MINOR] stream_sock: always clear BF_EXPECT_MORE upon complete transfer
    - [CLEANUP] stream_sock: remove unneeded FL_TCP and factor out test
    - [MEDIUM] http: add support for "http-no-delay"
    - [OPTIM] http: optimize chunking again in non-interactive mode
    - [OPTIM] stream_sock: avoid fast-forwarding of partial data
    - [OPTIM] stream_sock: don't use splice on too small payloads
    - [MINOR] config: make it possible to specify a cookie even without a server
    - [BUG] stats: support url-encoded forms
    - [MINOR] config: automatically compute a default fullconn value
    - [CLEANUP] config: remove some left-over printf debugging code from previous patch
    - [DOC] add missing entry or stick store-response
    - [MEDIUM] http: add support for 'cookie' and 'set-cookie' patterns
    - [BUG] halog: correctly handle truncated last line
    - [MINOR] halog: make SKIP_CHAR stop on field delimiters
    - [MINOR] halog: add support for HTTP log matching (-H)
    - [MINOR] halog: gain back performance before SKIP_CHAR fix
    - [OPTIM] halog: cache some common fields positions
    - [OPTIM] halog: check once for correct line format and reuse the pointer
    - [OPTIM] halog: remove many 'if' by using a function pointer for the filters
    - [OPTIM] halog: remove support for tab delimiters in input data
    - [BUG] session: risk of crash on out of memory (1.5-dev regression)
    - [MINOR] session: try to emit a 500 response on memory allocation errors
    - [OPTIM] stream_sock: reduce the default number of accepted connections at once
    - [BUG] stream_sock: disable listener when system resources are exhausted
    - [MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c
    - [BUG] stream_sock: ensure orphan listeners don't accept too many connections
    - [MINOR] listeners: add listen_full() to mark a listener full
    - [MINOR] listeners: add support for queueing resource limited listeners
    - [MEDIUM] listeners: put listeners in queue upon resource shortage
    - [MEDIUM] listeners: queue proxy-bound listeners at the proxy's
    - [MEDIUM] listeners: don't stop proxies when global maxconn is reached
    - [MEDIUM] listeners: don't change listeners states anymore in maintain_proxies
    - [CLEANUP] proxy: rename a few proxy states (PR_STIDLE and PR_STRUN)
    - [MINOR] stats: report a "WAITING" state for sockets waiting for resource
    - [MINOR] proxy: make session rate-limit more accurate
    - [MINOR] sessions: only wake waiting listeners up if rate limit is OK
    - [BUG] proxy: peers must only be stopped once, not upon every call to maintain_proxies
    - [CLEANUP] proxy: merge maintain_proxies() operation inside a single loop
    - [MINOR] task: new function task_schedule() to schedule a wake up
    - [MAJOR] proxy: finally get rid of maintain_proxies()
    - [BUG] proxy: stats frontend and peers were missing many initializers
    - [MEDIUM] listeners: add a global listener management task
    - [MINOR] proxy: make findproxy() return proxies from numeric IDs too
    - [DOC] fix typos, "#" is a sharp, not a dash
    - [MEDIUM] stats: add support for changing frontend's maxconn at runtime
    - [MEDIUM] checks: group health checks methods by values and save option bits
    - [MINOR] session-counters: add the ability to clear the counters
    - [BUG] check: http-check expect + regex would crash in defaults section
    - [MEDIUM] http: make x-forwarded-for addition conditional
    - [REORG] build: move syscall redefinition to specific places
    - [CLEANUP] update the year in the copyright banner
    - [BUG] possible crash in 'show table' on stats socket
    - [BUG] checks: use the correct destination port for sending checks
    - [BUG] backend: risk of picking a wrong port when mapping is used with crossed families
    - [MINOR] make use of set_host_port() and get_host_port() to get rid of family mismatches
    - [DOC] fixed a few "sensible" -> "sensitive" errors
    - [MINOR] make use of addr_to_str() and get_host_port() to replace many inet_ntop()
    - [BUG] http: trailing white spaces must also be trimmed after headers
    - [MINOR] stats: display "<NONE>" instead of the frontend name when unknown
    - [MINOR] http: take a capture of too large requests and responses
    - [MINOR] http: take a capture of truncated responses
    - [MINOR] http: take a capture of bad content-lengths.
    - [DOC] add a few old and uncommitted docs
    - [CLEANUP] cfgparse: fix reported options for the "bind" keyword
    - [MINOR] halog: add -hs/-HS to filter by HTTP status code range
    - [MINOR] halog: support backslash-escaped quotes
    - [CLEANUP] remove dirty left-over of a debugging message
    - [MEDIUM] stats: disable complex socket reservation for stats socket
    - [CLEANUP] remove a useless test in manage_global_listener_queue()
    - [MEDIUM] stats: add the "set maxconn" setting to the command line interface
    - [MEDIUM] add support for global.maxconnrate to limit the per-process conn rate.
    - [MINOR] stats: report the current and max global connection rates
    - [MEDIUM] stats: add the ability to adjust the global maxconnrate
    - [BUG] peers: don't pre-allocate 65000 connections to each peer
    - [MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate
    - [BUG] peers: the peer frontend must not emit any log
    - [CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs
    - [BUG] peers: don't keep a peers section which has a NULL frontend
    - [BUG] peers: ensure the peers are resumed if they were paused
    - [MEDIUM] stats: add the ability to enable/disable/shutdown a frontend at runtime
    - [MEDIUM] session: make session_shutdown() an independant function
    - [MEDIUM] stats: offer the possibility to kill a session from the CLI
    - [CLEANUP] stats: centralize tests for backend/server inputs on the CLI
    - [MEDIUM] stats: offer the possibility to kill sessions by server
    - [MINOR] halog: do not consider byte 0x8A as end of line
    - [MINOR] frontend: ensure debug message length is always initialized
    - [OPTIM] halog: make fgets parse more bytes by blocks
    - [OPTIM] halog: add assembly version of the field lookup code
    - [MEDIUM] poll: add a measurement of idle vs work time
    - [CLEANUP] startup: report only the basename in the usage message
    - [MINOR] startup: add an option to change to a new directory
    - [OPTIM] task: don't scan the run queue if we know it's empty
    - [BUILD] stats: stdint is not present on solaris
    - [DOC] update the README file to reflect new naming rules for patches
    - [MINOR] stats: report the number of requests intercepted by the frontend
    - [DOC] update ROADMAP file
2011-09-10 23:43:11 +02:00
Willy Tarreau
04df1125cf [RELEASE] Released version 1.5-dev6
Released version 1.5-dev6 with the following main changes :
    - [BUG] stream_sock: use get_addr_len() instead of sizeof() on sockaddr_storage
    - [BUG] TCP source tracking was broken with IPv6 changes
    - [BUG] stick-tables did not work when converting IPv6 to IPv4
    - [CRITICAL] fix risk of crash when dealing with space in response cookies
2011-04-08 00:56:41 +02:00
Willy Tarreau
b06ed2c6af [RELEASE] Released version 1.5-dev5
Released version 1.5-dev5 with the following main changes :
    - [BUG] standard: is_addr return value for IPv4 was inverted
    - [MINOR] update comment about IPv6 support for server
    - [MEDIUM] use getaddrinfo to resolve names if gethostbyname fail
    - [DOC] update IPv6 support for bind
    - [DOC] document IPv6 support for server
    - [DOC] fix a minor typo
    - [MEDIUM] IPv6 support for syslog
    - [DOC] document IPv6 support for syslog
    - [MEDIUM] IPv6 support for stick-tables
    - [DOC] document IPv6 support for stick-tables
    - [DOC] update ROADMAP file
    - [BUG] session: src_conn_cur was returning src_conn_cnt instead
    - [MINOR] frontend: add a make_proxy_line function
    - [MEDIUM] stream_sock: add support for sending the proxy protocol header line
    - [MEDIUM] server: add support for the "send-proxy" option
    - [DOC] update the spec on the proxy protocol
    - [BUILD] proto_tcp: fix build issue with CTTPROXY
    - [DOC] update ROADMAP file
    - [MEDIUM] config: rework the IPv4/IPv6 address parser to support host-only addresses
    - [MINOR] cfgparse: better report wrong listening addresses and make use of str2sa_range
    - [BUILD] add the USE_GETADDRINFO build option
    - [TESTS] provide a test case for various address formats
    - [BUG] session: conn_retries was not always initialized
    - [BUG] log: retrieve the target from the session, not the SI
    - [BUG] http: fix possible incorrect forwarded wrapping chunk size (take 2)
    - [MINOR] tools: add two macros MID_RANGE and MAX_RANGE
    - [BUG] http: fix content-length handling on 32-bit platforms
    - [OPTIM] buffers: uninline buffer_forward()
    - [BUG] stream_sock: fix handling for server side PROXY protocol
    - [MINOR] acl: add support for table_cnt and table_avl matches
    - [DOC] update ROADMAP file
2011-03-29 01:10:33 +02:00
Willy Tarreau
e0052ccd27 [RELEASE] Released version 1.5-dev4
Released version 1.5-dev4 with the following main changes :
    - [MINOR] cfgparse: Check whether the path given for the stats socket actually fits into the sockaddr_un structure to avoid truncation.
    - [MINOR] unix sockets : inherits the backlog size from the listener
    - [CLEANUP] unix sockets : move create_uxst_socket() in uxst_bind_listener()
    - [DOC] fix a minor typo
    - [DOC] fix ignore-persist documentation
    - [MINOR] add warnings on features not compatible with multi-process mode
    - [BUG] http: fix http-pretend-keepalive and httpclose/tunnel mode
    - [MINOR] stats: add support for several packets in stats admin
    - [BUG] stats: admin commands must check the proxy state
    - [BUG] stats: admin web interface must check the proxy state
    - [MINOR] http: add pattern extraction method to stick on query string parameter
    - [MEDIUM] add internal support for IPv6 server addresses
    - [MINOR] acl: add be_id/srv_id to match backend's and server's id
    - [MINOR] log: add support for passing the forwarded hostname
    - [MINOR] log: ability to override the syslog tag
    - [MINOR] checks: add PostgreSQL health check
    - [DOC] update ROADMAP file
    - [BUILD] pattern: use 'int' instead of 'int32_t'
    - [OPTIM] linux: add support for bypassing libc to force using vsyscalls
    - [BUG] debug: report the correct poller list in verbose mode
    - [BUG] capture: do not capture a cookie if there is no memory left
    - [BUG] appsession: fix possible double free in case of out of memory
    - [CRITICAL] cookies: mixing cookies in indirect mode and appsession can crash the process
    - [BUG] http: correctly update the header list when removing two consecutive headers
    - [BUILD] add the CPU=native and ARCH=32/64 build options
    - [BUILD] add -fno-strict-aliasing to fix warnings with gcc >= 4.4
    - [CLEANUP] hash: move the avalanche hash code globally available
    - [MEDIUM] hash: add support for an 'avalanche' hash-type
    - [DOC] update roadmap file
    - [BUG] http: do not re-enable the PROXY analyser on keep-alive
    - [OPTIM] http: don't send each chunk in a separate packet
    - [DOC] fix minor typos reported recently in the peers section
    - [DOC] fix another typo in the doc
    - [MINOR] stats: report HTTP message state and buffer flags in error dumps
    - [BUG] http chunking: don't report a parsing error on connection errors
    - [BUG] stream_interface: truncate buffers when sending error messages
    - [MINOR] http: support wrapping messages in error captures
    - [MINOR] http: capture incorrectly chunked message bodies
    - [MINOR] stats: add global event ID and count
    - [BUG] http: analyser optimizations broke pipelining
    - [CLEANUP] frontend: only apply TCP-specific settings to TCP/TCP6 sockets
    - [BUG] http: fix incorrect error reporting during data transfers
    - [CRITICAL] session: correctly leave turn-around and queue states on abort
    - [BUG] session: release slot before processing pending connections
    - [MINOR] tcp: add support for dynamic MSS setting
    - [BUG] stick-table: correctly terminate string keys during lookups
    - [BUG] acl: fix handling of empty lines in pattern files
    - [BUG] stick-table: use the private buffer when padding strings
    - [BUG] ebtree: fix ebmb_lookup() with len smaller than the tree's keys
    - [OPTIM] ebtree: ebmb_lookup: reduce stack usage by moving the return code out of the loop
    - [OPTIM] ebtree: inline ebst_lookup_len and ebis_lookup_len
    - [REVERT] undo the stick-table string key lookup fixes
    - [MINOR] http: improve url_param pattern extraction to ignore empty values
    - [BUILD] frontend: shut a warning with TCP_MAXSEG
    - [BUG] http: update the header list's tail when removing the last header
    - [DOC] fix minor typo in the proxy protocol doc
    - [DOC] fix typos (http-request instead of http-check)
    - [BUG] http: use correct ACL pointer when evaluating authentication
    - [BUG] cfgparse: correctly count one socket per port in ranges
    - [BUG] startup: set the rlimits before binding ports, not after.
    - [BUG] acl: srv_id must return no match when the server is NULL
    - [MINOR] acl: add ability to check for internal response-only parameters
    - [MINOR] acl: srv_id is only valid in responses
    - [MINOR] config: warn if response-only conditions are used in "redirect" rules
    - [BUG] acl: fd leak when reading patterns from file
    - [DOC] fix minor typo in "usesrc"
    - [BUG] http: fix possible incorrect forwarded wrapping chunk size
    - [BUG] http: fix computation of message body length after forwarding has started
    - [BUG] http: balance url_param did not work with first parameters on POST
    - [TESTS] update the url_param regression test to test check_post too
    - [DOC] update ROADMAP
    - [DOC] internal: reflect the fact that SI_ST_ASS is transient
    - [BUG] config: don't crash on empty pattern files.
    - [MINOR] stream_interface: make use of an applet descriptor for IO handlers
    - [REORG] stream_interface: move the st0, st1 and private members to the applet
    - [REORG] stream_interface: split the struct members in 3 parts
    - [REORG] session: move client and server address to the stream interface
    - [REORG] tcp: make tcpv4_connect_server() take the target address from the SI
    - [MEDIUM] stream_interface: store the target pointer and type
    - [CLEANUP] stream_interface: remove the applet.handler pointer
    - [MEDIUM] log: take the logged server name from the stream interface
    - [CLEANUP] session: remove data_source from struct session
    - [CLEANUP] stats: make all dump functions only rely on the stream interface
    - [REORG] session: move the data_ctx struct to the stream interface's applet
    - [MINOR] proxy: add PR_O2_DISPATCH to detect dispatch mode
    - [MINOR] cfgparse: only keep one of dispatch, transparent, http_proxy
    - [MINOR] session: add a pointer to the new target into the session
    - [MEDIUM] session: remove s->prev_srv which is not needed anymore
    - [CLEANUP] stream_interface: use inline functions to manipulate targets
    - [MAJOR] session: remove the ->srv pointer from struct session
    - [MEDIUM] stats: split frontend and backend stats
    - [MEDIUM] http: always evaluate http-request rules before stats http-request
    - [REORG] http: move the http-request rules to proto_http
    - [BUG] http: stats were not incremented on http-request deny
    - [MINOR] checks: report it if checks fail due to socket creation error
2011-03-13 22:15:02 +01:00
Willy Tarreau
442e8349f1 [RELEASE] Released version 1.5-dev3
Released version 1.5-dev3 with the following main changes :
    - [DOC] fix http-request documentation
    - [MEDIUM] enable/disable servers from the stats web interface
    - [MEDIUM] stats: add an admin level
    - [DOC] stats: document the "stats admin" statement
    - [MINOR] startup: print the proxy socket which caused an error
    - [CLEANUP] Remove unneeded chars allocation
    - [MINOR] config: detect options not supported due to compilation options
    - [MINOR] Add pattern's fetchs payload and payload_lv
    - [MINOR] frontend: improve accept-proxy header parsing
    - [MINOR] frontend: add tcpv6 support on accept-proxy bind
    - [MEDIUM] Enhance message errors management on binds
    - [MINOR] Manage unix socket source field on logs
    - [MINOR] Manage unix socket source field on session dump on sock stats
    - [MINOR] Support of unix listener sockets for debug and log event messages on frontend.c
    - [MINOR] Add some tests on sockets family for port remapping and mode transparent.
    - [MINOR] Manage socket type unix for some logs
    - [MINOR] Enhance controls of socket's family on acls and pattern fetch
    - [MINOR] Support listener's sockets unix on http logs.
    - [MEDIUM] Add supports of bind on unix sockets.
    - [BUG] stick table purge failure if size less than 255
    - [BUG] stick table entries expire on counters updates/read or show table, even if there is no "expire" parameter
    - [MEDIUM] Implement tcp inspect response rules
    - [DOC] tcp-response content and inspect
    - [MINOR] new acls fetch req_ssl_hello_type and rep_ssl_hello_type
    - [DOC] acls rep_ssl_hello and req_ssl_hello
    - [MEDIUM] Create new protected pattern types CONSTSTRING and CONSTDATA to force memcpy if data from protected areas need to be manipulated.
    - [DOC] new type binary in stick-table
    - [DOC] stick store-response and new patterns payload and payload_lv
    - [MINOR] Manage all types (ip, integer, string, binary) on cli "show table" command
    - [MEDIUM] Create updates tree on stick table to manage sync.
    - [MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management
    - [MEDIUM] Manage peers section parsing and stick table registration on peers.
    - [MEDIUM] Manage soft stop on peers proxy
    - [DOC] add documentation for peers section
    - [MINOR] checks: add support for LDAPv3 health checks
    - [MINOR] add better support to "mysql-check"
    - [BUG] Restore info about available active/backup servers
    - [CONTRIB] Update haproxy.pl
    - [CONTRIB] Update Cacti Tempates
    - [CONTRIB] add templates for Cacti.
    - [BUG] http: don't consider commas as a header delimitor within quotes
    - [MINOR] support a global jobs counter
    - [DOC] add a summary about cookie incompatibilities between specs and browsers
    - [DOC] fix description of cookie "insert" and "indirect" modes
    - [MEDIUM] http: fix space handling in the request cookie parser
    - [MEDIUM] http: fix space handling in the response cookie parser
    - [DOC] fix typo in the queue() definition (backend, not frontend)
    - [BUG] deinit: unbind listeners before freeing them
    - [BUG] stream_interface: only call si->release when both dirs are closed
    - [MEDIUM] buffers: rework the functions to exchange between SI and buffers
    - [DOC] fix typo in the avg_queue() and be_conn() definition (backend, not frontend)
    - [MINOR] halog: add '-tc' to sort by termination codes
    - [MINOR] halog: skip non-traffic logs for -st and -tc
    - [BUG] stream_sock: cleanly disable the listener in case of resource shortage
    - [BUILD] stream_sock: previous fix lacked the #include, causing a warning.
    - [DOC] bind option is "defer-accept", not "defer_accept"
    - [DOC] missing index entry for http-check send-state
    - [DOC] tcp-request inspect-delay is for backends too
    - [BUG] ebtree: string_equal_bits() could return garbage on identical strings
    - [BUG] stream_sock: try to flush any extra pending request data after a POST
    - [BUILD] proto_http: eliminate some build warnings with gcc-2.95
    - [MEDIUM] make it possible to combine http-pretend-keepalived with httpclose
    - [MEDIUM] tcp-request : don't wait for inspect-delay to expire when the buffer is full
    - [MEDIUM] checks: add support for HTTP contents lookup
    - [TESTS] add test-check-expect to test various http-check methods
    - [MINOR] global: add "tune.chksize" to change the default check buffer size
    - [MINOR] cookie: add options "maxidle" and "maxlife"
    - [MEDIUM] cookie: support client cookies with some contents appended to their value
    - [MINOR] http: make some room in the transaction flags to extend cookies
    - [MINOR] cookie: add the expired (E) and old (O) flags for request cookies
    - [MEDIUM] cookie: reassign set-cookie status flags to store more states
    - [MINOR] add encode/decode function for 30-bit integers from/to base64
    - [MEDIUM] cookie: check for maxidle and maxlife for incoming dated cookies
    - [MEDIUM] cookie: set the date in the cookie if needed
    - [DOC] document the cookie maxidle and maxlife parameters
    - [BUG] checks: don't log backend down for all zero-weight servers
    - [MEDIUM] checks: set server state to one state from failure when leaving maintenance
    - [BUG] config: report correct keywords for "observe"
    - [MINOR] checks: ensure that we can inherit binary checks from the defaults section
    - [MINOR] acl: add the http_req_first match
    - [DOC] fix typos about bind-process syntax
    - [BUG] cookie: correctly unset default cookie parameters
    - [MINOR] cookie: add support for the "preserve" option
    - [BUG] ebtree: fix duplicate strings insertion
    - [CONTRIB] halog: report per-url counts, errors and times
    - [CONTRIB] halog: minor speed improvement in timer parser
    - [MINOR] buffers: add a new request analyser flag for PROXY mode
    - [MINOR] listener: add the "accept-proxy" option to the "bind" keyword
    - [MINOR] standard: add read_uint() to parse a delimited unsigned integer
    - [MINOR] standard: change arg type from const char* to char*
    - [MINOR] frontend: add a new analyser to parse a proxied connection
    - [MEDIUM] session: call the frontend_decode_proxy analyser on proxied connections
    - [DOC] add the proxy protocol's specifications
    - [DOC] document the 'accept-proxy' bind option
    - [MINOR] cfgparse: report support of <path> for the 'bind' statements
    - [DOC] add references to unix socket handling
    - [MINOR] move MAXPATHLEN definition to compat.h
    - [MEDIUM] unix sockets: cleanup the error reporting path
    - [BUG] session: don't stop forwarding of data upon last packet
    - [CLEANUP] accept: replace some inappropriate Alert() calls with send_log()
    - [BUILD] peers: shut a printf format warning (key_size is a size_t)
    - [BUG] accept: don't close twice upon error
    - [OPTIM] session: don't recheck analysers when buffer flags have not changed
    - [OPTIM] stream_sock: don't clear FDs that are already cleared
    - [BUG] proto_tcp: potential bug on pattern fetch dst and dport
2010-11-11 23:29:35 +01:00