were sent in perfect synchronisation because the initial time was
the same for all. This could induce high load peaks when fragile
servers were hosting tens of instances for the same application.
Now the load is spread evenly across the smallest interval amongst
a listener.
to 'close', but does not actually close any connection. The problem
is, there are some servers which don't close the connection even if
the proxy tells them 'Connection: close'. A workaround was added by
the way of a new option 'forceclose' (which implies 'httpclose'),
and which makes the proxy close the outgoing channel to the server
once it has sent all its headers. Just don't use this with the
'CONNECT' method of course !
were erroneously load-balanced while the doc said the opposite.
Since load-balanced backup servers is one of the features some
people have been asking for, the problem was fixed to reflect the
documented behaviour and a new option 'allbackups' was introduced
to provide the feature to those who need it.
its timeout times the number of retransmits exceeded the server
read or write timeout, because the later was used to compute
select()'s timeout while the connection timeout was not reached.
could trigger both a read and a write calls, thus sometimes inducing headers
being directly sent from srv to cli without modification, and leading further
modification to crash the process by memory corruption, because
rep.data+rep.l<rep.h so the memmove() length argument is negative. Only
observed with epoll() and never poll(), though this one should have been
affected too. Now, only call functions which have been allowed to.
because event_srv_chk_r() is called before _w() and flushes the socket
error. The result is that the server remains UP. The problem only
affects pure TCP health-checks when select() is disabled. You may
encounter this on SSL or SMTP proxies.
an error if the connection was refused before the the timeout. So the
client was sent to the server anyway and then got its connection broken
because of the write error. This is not a real problem with persistence,
but it definitely is for new clients. This stupid bug must have been
present for years !
be displayed even in quiet mode.
* display an alert when a listener has no address, invalid or no port, or when
there are no enabled listeners upon startup.
* second batch of socklen_t changes.
* clean-ups from Cameron Simpson.
* because tv_remain() does not know about eternity, using no timeout can
make select() spin around a null time-out. Bug reported by Cameron Simpson.
* client read timeout was not properly set to eternity initialized after an
accept() if it was not set in the config. It remained undetected so long
because eternity is 0 and newly allocated pages are zeroed by the system.
* do not call get_original_dst() when not in transparent mode.
* implemented a workaround for a bug in certain epoll() implementations on
linux-2.4 kernels (epoll-lt <= 0.21).
* implemented TCP keepalive with new options : tcpka, clitcpka, srvtcpka.
* the time-out fix introduced in 1.1.25 caused a corner case where it was
possible for a client to keep a connection maintained regardless of the
timeout if the server closed the connection during the HEADER phase,
while the client ignored the close request while doing nothing in the
other direction. This has been fixed now by ensuring that read timeouts
are re-armed when switching to any SHUTW state.
* enhanced error reporting in the logs. Now the proxy will precisely detect
various error conditions related to the system and/or process limits, and
generate LOG_EMERG logs indicating that a resource has been exhausted.
* logs will contain two new characters for the error cause : 'R' indicates
a resource exhausted, and 'I' indicates an internal error, though this
one should never happen.
* server connection timeouts can now be reported in the logs (sC), as well
as connections refused because of maxconn limitations (PC).
* new global configuration keyword "ulimit-n" may be used to raise the FD
limit to usable values.
* a warning is now displayed on startup if the FD limit is lower than the
configured maximum number of sockets.
* new configuration keyword "monitor-net" makes it possible to be monitored
by external devices which connect to the proxy without being logged nor
forwarded to any server. Particularly useful on generic TCPv4 relays.