Commit Graph

2185 Commits

Author SHA1 Message Date
Willy Tarreau
7f051b39d2 DOC: add a coding-style file
This will help newcomers adapt to existing (or desired) style and will
save them some time.
2011-12-30 17:33:27 +01:00
Willy Tarreau
6cee7ddd5e DOC: add minimal documentation on how ACLs work internally
This will help complete the ACL to pattern migration.
2011-12-30 17:33:27 +01:00
Willy Tarreau
e428fb7b4e MEDIUM: patterns: the hdr() pattern is now of type string
This pattern previously was limited to type IP. With the new header
extraction function, it becomes possible to extract strings, so that
the header can be returned as a string. This will not change anything
to existing configs, as string will automatically be converted to IP
when needed. However, new configs will be able to use IPv6 addresses
from headers in stick-tables, as well as stick on any non-IP header
(eg: host, user-agent, ...).
2011-12-30 17:33:27 +01:00
Willy Tarreau
294c473756 MEDIUM: http: replace get_ip_from_hdr2() with http_get_hdr()
The new function does not return IP addresses but header values instead,
so that the caller is free to make what it want of them. The conversion
is not quite clean yet, as the previous test which considered that address
0.0.0.0 meant "no address" is still used. A different IP parsing function
should be used to take this into account.
2011-12-30 17:33:26 +01:00
Willy Tarreau
aff79da207 CLEANUP: acl: remove last data fields from the acl_test struct
acl_test doesn't hold ptr nor len anymore, since everything has moved to
the temporary pattern.
2011-12-30 17:33:26 +01:00
Willy Tarreau
664092ccc1 MEDIUM: acl: use temp_pattern to store any string-type information
Now strings and data blocks are stored in the temp_pattern's chunk
and matched against this one.

The rdp_cookie currently makes extensive use of acl_fetch_rdp_cookie()
and will be a good candidate for the initial rework so that ACLs use
the patterns framework and not the other way around.
2011-12-30 17:33:26 +01:00
Willy Tarreau
31d1b01211 CLEANUP: acl: integer part of acl_test is not used anymore 2011-12-30 17:33:26 +01:00
Willy Tarreau
f4362b3e3b MEDIUM: acl: use temp_pattern to store any address-type information
IPv4 and IPv6 addresses are now stored into temp_pattern instead of
the dirty hack consisting into storing them into the consumer's target
address.

Some refactoring should now be possible since the methods used to fetch
source and destination addresses are similar between patterns and ACLs.
2011-12-30 17:33:26 +01:00
Willy Tarreau
a5e375646c MEDIUM: acl: use temp_pattern to store any integer-type information
All ACL fetches which return integer value now store the result into
the temporary pattern struct. All ACL matches which rely on integer
also get their value there.

Note: the pattern data types are not set right now.
2011-12-30 17:33:26 +01:00
Willy Tarreau
b666bc7d51 MEDIUM: pattern: change the pattern data integer from unsigned to signed
Till now the pattern data integer type was unsigned without any
particular reason. In order to make ACLs use it, we must switch it
to signed int instead.
2011-12-30 17:33:25 +01:00
Willy Tarreau
918458439e MINOR: acl: include pattern.h to make pattern migration more transparent 2011-12-30 17:33:25 +01:00
Willy Tarreau
8e5e955c50 MEDIUM: acl: use temp_pattern to store fetched information in the "method" match
This match was using both the int and ptr part of the acl_test struct. Let's
change this to be able to store it into a chunk with a special encoding.
2011-12-30 17:33:25 +01:00
Willy Tarreau
1ded605ad5 CLEANUP: patterns: get rid of pattern_data_setstring()
This function was only used to call chunk_init_len() from another chunk,
which in the end consists in simply assigning the source chunk to the
destination chunk. Let's remove this indirection to make the code clearer.
Anyway it was the only place such a function was used.
2011-12-30 17:33:25 +01:00
Willy Tarreau
5e6cc4aad8 MINOR: pattern: export the global temporary pattern
The global pattern is used for pattern conversions. Export it under the
name "temp_pattern" so that it can later be used by ACLs.
2011-12-30 17:33:25 +01:00
Willy Tarreau
5dc1e98905 BUG: proto_tcp: don't try to bind to a foreign address if sin_family is unknown
This is 1.5-specific. It causes issues with transparent source binding involving
hdr_ip. We must not try to bind() to a foreign address when the family is not set,
and we must set the family when an address is set.
2011-12-30 17:33:24 +01:00
Willy Tarreau
5e205524ad BUG: http: re-enable TCP quick-ack upon incomplete HTTP requests
By default we disable TCP quick-acking on HTTP requests so that we
avoid sending a pure ACK immediately followed by the HTTP response.
However, if the client sends an incomplete request in a short packet,
its TCP stack might wait for this packet to be ACKed before sending
the rest of the request, delaying incoming requests by up to 40-200ms.

We can detect this undesirable situation when parsing the request :
  - if an incomplete request is received
  - if a full request is received and uses chunked encoding or advertises
    a content-length larger than the data available in the buffer

In these situations, we re-enable TCP quick-ack if we had previously
disabled it.
2011-12-17 16:45:29 +01:00
Willy Tarreau
b6672b547a MINOR: acl: add support for TLS server name matching using SNI
Server Name Indication (SNI) is a TLS extension which makes a client
present the name of the server it is connecting to in the client hello.
It allows a transparent proxy to take a decision based on the beginning
of an SSL/TLS stream without deciphering it.

The new ACL "req_ssl_sni" matches the name extracted from the TLS
handshake against a list of names which may be loaded from a file if
needed.
2011-12-12 17:26:23 +01:00
Willy Tarreau
82a04566ec OPTIM: stream_sock: save a failed recv syscall when splice returns EAGAIN
When splice() returns EAGAIN, on old kernels it could be caused by a read
shutdown which was not detected. Due to this behaviour, we had to fall
back to recv(), which in turn says if it's a real EAGAIN or a shutdown.
Since this behaviour was fixed in 2.6.27.14, on more recent kernels we'd
prefer to avoid the fallback to recv() when possible. For this, we set a
variable the first time splice() detects a shutdown, to indicate that it
works. We can then rely on this variable to adjust our behaviour.

Doing this alone increased the overall performance by about 1% on medium
sized objects.
2011-12-12 00:03:55 +01:00
Willy Tarreau
eb9fd5178e OPTIM: stream_sock: reduce the amount of in-flight spliced data
First, it's a waste not to call chk_snd() when spliced data are available,
because the pipe can almost always be transferred into the outgoing socket
buffers. Starting from now, when we splice data in, we immediately try to
send them. This results in less pipes used, and possibly less kernel memory
in use at once.

Second, if a pipe cannot be transferred into the outgoing socket buffers,
it means this buffer is full. There's no point trying again then, as space
will almost never be available, resulting in a useless syscall returning
EAGAIN.
2011-12-12 00:03:55 +01:00
Willy Tarreau
007257ebab BUG: ebtree: ebst_lookup() could return the wrong entry
(from ebtree 6.0.7)

Julien Thomas provided a reproducible test case where a string lookup
could return the wrong node. The issue is caused by the jump to a node
which contains less bit in common than the previous node, making the
string_equal_bits() function return -1. We must not remember more bits
than the number on the node, otherwise we can be tempted to trust them
while they can change while running down.

For a valid test case, enter : "0", "WW", "W", "S", and lookup "W".
Previously, "S" was returned.

Note: string-based ebtrees are used in haproxy in ACL, peers and
stick-tables. ACLs are not affected because all patterns are
interchangeable. stick-tables are not affected because lookups are
performed using ebmb_lookup(). Only peers might be affected though
it is not easy to infirm or confirm the issue.

(cherry picked from commit dd47a54103597458887d3cc8414853a541aee9c1)
2011-12-02 17:09:50 +01:00
Willy Tarreau
6258f7b883 CLEANUP: ebtree: remove another typo, a wrong initialization in insertion code
(from ebtree 6.0.7)

root_right was wrongly initialized first to <root> which is not the same
type, to be later initialized to root->b[EB_RGHT].

Let's simply remove the wrong and useless initialization.
(cherry picked from commit e63a0c2f56369b52c4d00221d83c2c4569605c06)
2011-12-02 17:09:50 +01:00
Willy Tarreau
655c84a9f0 CLEANUP: ebtree: remove 4-year old harmless typo in duplicates insertion code
(from ebtree 6.0.7)

This typo has been there since we introduced duplicates. A "struct eb_troot *"
which apparently the compiler doesn't complain about while it is never declared
anywhere. Amazing...

(cherry picked from commit 2879648db5d32cf009ae571cb0e8e1df75152281)
2011-12-02 17:09:50 +01:00
Willy Tarreau
f3bfede52e CLEANUP: ebtree: clarify licence and update to 6.0.6
(from ebtree 6.0.6)

This version is mainly aimed at clarifying the fact that the ebtree license
is LGPL. Some files used to indicate LGPL and other ones GPL, while the goal
clearly is to have it LGPL. A LICENSE file has also been added.

No code is affected, but it's better to have the local tree in sync anyway.

(cherry picked from commit 24dc7cca051f081600fe8232f33e55ed30e88425)
2011-12-02 17:09:49 +01:00
Willy Tarreau
22c0a93c63 CLEANUP: ebtree: remove a few annoying signedness warnings
(from ebtree 6.0.6)

Care has been taken not to make the code bigger (it even got smaller
due to a possible simplification).
(cherry picked from commit 7a2c1df646049c7daac52677ec11ed63048cd150)
2011-12-02 17:09:49 +01:00
Willy Tarreau
f6f8225390 BUG: tcp: option nolinger does not work on backends
Daniel Rankov reported that "option nolinger" is inefficient on backends.
The reason is that it is set on the file descriptor only, which does not
prevent haproxy from performing a clean shutdown() before closing. We must
set the flag on the stream_interface instead if we want an RST to be emitted
upon active close.
2011-11-30 18:06:23 +01:00
Willy Tarreau
19ae56b2b6 CLEANUP: kill buffer_replace() and use an inline instead
This function is never used, only its buffer_replace2() alternative
is used. Replace the former with an inline which calls the later.
2011-11-28 21:01:28 +01:00
Willy Tarreau
71730256a3 MINOR: buffers: make buffer_pointer() support negative pointers too
It's more handy if the buffer_pointer() function also handles negative pointers.
2011-11-28 21:00:46 +01:00
Willy Tarreau
fe4b1f9dc0 BUG: buffers: don't return a negative value on buffer_total_space_res()
In commit 4b517ca93a (MEDIUM: buffers:
add some new primitives and rework existing ones), we forgot to check
if buffer_max_len() < l.

No backport is needed.
2011-11-28 21:00:46 +01:00
Willy Tarreau
4b517ca93a MEDIUM: buffers: add some new primitives and rework existing ones
A number of primitives were missing for buffer management, and some
of them were particularly awkward to use. Specifically, the functions
used to compute free space could not always be used depending what was
wrapping in the buffers. Some documentation has been added about how
the buffers work and their properties. Some functions are still missing
such as a buffer replacement which would support wrapping buffers.
2011-11-25 21:57:29 +01:00
William Lallemand
0f99e34978 MEDIUM: log: Use linked lists for loggers
This patch settles the 2 loggers limitation.
Loggers are now stored in linked lists.

Using "global log", the global loggers list content is added at the end
of the current proxy list. Each "log" entries are added at the end of
the proxy list.

"no log" flush a logger list.
2011-10-31 14:09:19 +01:00
Willy Tarreau
0cec331a0e MINOR: config: tolerate server "cookie" setting in non-HTTP mode
Up to now, if a cookie value was specified on a server when the proxy was
in TCP mode, it would cause a fatal error. Now we only report a warning,
since the cookie will be ignored. This makes it easier to generate configs
from scripts.
2011-10-31 14:09:13 +01:00
Willy Tarreau
2e99390faf BUG/MEDIUM: checks: fix slowstart behaviour when server tracking is in use
Ludovic Levesque reported and diagnosed an annoying bug. When a server is
configured to track another one and has a slowstart interval set, it's
assigned a minimal weight when the tracked server goes back up but keeps
this weight forever.

This is because the throttling during the warmup phase is only computed
in the health checking function.

After several attempts to resolve the issue, the only real solution is to
split the check processing task in two tasks, one for the checks and one
for the warmup. Each server with a slowstart setting has a warmum task
which is responsible for updating the server's weight after a down to up
transition. The task does not run in othe situations.

In the end, the fix is neither complex nor long and should be backported
to 1.4 since the issue was detected there first.
2011-10-31 11:53:20 +01:00
Willy Tarreau
4426770013 CLEANUP: rename possibly confusing struct field "tracked"
When reading the code, the "tracked" member of a server makes one
think the server is tracked while it's the opposite, it's a pointer
to the server being tracked. This is particularly true in constructs
such as :

	if (srv->tracked) {

Since it's the second time I get caught misunderstanding it, let's
rename it to "track" to avoid the confusion.
2011-10-28 15:35:33 +02:00
Willy Tarreau
d66bf96d5b BUG/MINOR: fix a segfault when parsing a config with undeclared peers
Baptiste Assmann reported that a config where a non-existing peers
section is referenced by a stick-table causes a segfault after displaying
the error. This is caused by the freeing of the peers. Setting it to NULL
after displaying the error fixes the issue.
2011-10-28 14:16:49 +02:00
Willy Tarreau
ac1932da3e MEDIUM: tune.http.maxhdr makes it possible to configure the maximum number of HTTP headers
For a long time, the max number of headers was taken as a part of the buffer
size. Since the header size can be configured at runtime, it does not make
much sense anymore.

Nothing was making it necessary to have a static value, so let's turn this into
a tunable with a default value of 101 which equals what was previously used.
2011-10-24 19:14:41 +02:00
Willy Tarreau
34eb671f24 OPTIM/MINOR: move the hdr_idx pools out of the proxy struct
It makes no sense to have one pointer to the hdr_idx pool in each proxy
struct since these pools do not depend on the proxy. Let's have a common
pool instead as it is already the case for other types.
2011-10-24 18:15:04 +02:00
Willy Tarreau
9ed560e964 BUILD/MINOR: silent a build warning in src/pipe.c (fcntl) 2011-10-24 17:09:22 +02:00
Willy Tarreau
bd9a0a7781 OPTIM/MINOR: make it possible to change pipe size (tune.pipesize)
By default, pipes are the default size for the system. But sometimes when
using TCP splicing, it can improve performance to increase pipe sizes,
especially if it is suspected that pipes are not filled and that many
calls to splice() are performed. This has an impact on the kernel's
memory footprint, so this must not be changed if impacts are not understood.
2011-10-23 21:15:38 +02:00
Willy Tarreau
7b81563443 OPTIM/MINOR: move struct sockaddr_storage to the tail of structs
Struct sockaddr_storage is huge (128 bytes) and severely impacts the
cache. It also displaces other struct members, causing them to have
larger relative offsets. By moving these few occurrences to the end
of the structs which host them, we can reduce the code size by no less
than 2 kB !
2011-10-23 19:08:46 +02:00
Willy Tarreau
37229df9c1 DOC: indicate that cookie "prefix" and "indirect" should not be mixed
When prefix and indirect are used together, a client which connects to
a server with a cookie will never get any cookie update from this server,
which will be removed by the "indirect" option.
2011-10-23 19:03:55 +02:00
Willy Tarreau
08911ff896 MINOR: halog: add support for matching queued requests
-Q outputs all requests which went through at least one queue.
-QS outputs all requests which went through a server queue.
2011-10-13 13:28:36 +02:00
Sagi Bashari
1611e2d4a1 BUG/MINOR: fix options forwardfor if-none when an alternative header name is specified 2011-10-09 08:10:30 +02:00
Willy Tarreau
6471afb43d MINOR: remove the client/server side distinction in SI addresses
Stream interfaces used to distinguish between client and server addresses
because they were previously of different types (sockaddr_storage for the
client, sockaddr_in for the server). This is not the case anymore, and this
distinction is confusing at best and has caused a number of regressions to
be introduced in the process of converting everything to full-ipv6. We can
now remove this and have a much cleaner code.
2011-09-23 10:54:59 +02:00
Willy Tarreau
dd164d0240 BUG/MINOR: don't use a wrong port when connecting to a server with mapped ports
Nick Chalk reported that a connection to a server which has no port specified
used twice the port number. The reason is that the port number was taken from
the wrong part of the address, the client's destination address was used as the
base port instead of the server's configured address.

Thanks to Nick for his helpful diagnostic.
2011-09-23 10:27:12 +02:00
Willy Tarreau
6ee71754e2 BUILD: halog: make halog build on solaris
Solaris' "rm" command does not support -v. Also, specify CC=gcc
because "cc" generally is not gcc there.
2011-09-16 15:03:37 +02:00
Willy Tarreau
0e69854ed4 MINOR: acl: add new matches for header/path/url length
This patch introduces hdr_len, path_len and url_len for matching these
respective parts lengths against integers. This can be used to detect
abuse or empty headers.
2011-09-16 08:32:32 +02:00
Willy Tarreau
275600b6c7 BUG/MEDIUM: don't trim last spaces from headers consisting only of spaces
Commit 588bd4 fixed header parsing so that trailing spaces were not part
of the returned string. Unfortunately, if a header only had spaces, the
last spaces were trimmed past the beginning of the value, causing a negative
length to be returned.

A quick code review shows that there should be no impact since the only
places where the vlen is used are either compared to a specific value or
with explicit contents (eg: digits).

This must be backported to 1.4.
2011-09-16 08:11:26 +02:00
Willy Tarreau
85c27da67e DOC: acl is http_first_req, not http_req_first
Doc was entered without correctly copying the ACL name.
2011-09-16 07:53:52 +02:00
Willy Tarreau
0fb02198f8 BUILD/MINOR: fix the source URL in the spec file
As reported by Avi Brender, the soruce URL was still pointing to v1.3.
2011-09-11 16:01:53 +02:00
Willy Tarreau
60612ebbbf [RELEASE] Released version 1.5-dev7
Released version 1.5-dev7 with the following main changes :
    - [BUG] fix binary stick-tables
    - [MINOR] http: *_dom matching header functions now also split on ":"
    - [BUG] checks: fix support of Mysqld >= 5.5 for mysql-check
    - [MINOR] acl: add srv_conn acl to count connections on a     specific backend server
    - [MINOR] check: add redis check support
    - [DOC] small fixes to clearly distinguish between keyword     and variables
    - [MINOR] halog: add support for termination code matching (-tcn/-TCN)
    - [DOC] Minor spelling fixes and grammatical enhancements
    - [CLEANUP] dumpstats: make symbols static where possible
    - [MINOR] Break out dumping table
    - [MINOR] Break out processing of clear table
    - [MINOR] Allow listing of stick table by key
    - [MINOR] Break out all stick table socat command parsing
    - [MINOR] More flexible clearing of stick table
    - [MINOR] Allow showing and clearing by key of ipv6 stick tables
    - [MINOR] Allow showing and clearing by key of integer stick tables
    - [MINOR] Allow showing and clearing by key of string stick tables
    - [CLEANUP] Remove assigned but unused variables
    - [CLEANUP] peers.h: fix declarations
    - [CLEANUP] session.c: Make functions static where possible
    - [MINOR] Add active connection list to server
    - [MINOR] Allow shutdown of sessions when a server becomes unavailable
    - [MINOR] Add down termination condition
    - [MINOR] Make appsess{,ion}_refresh static
    - [MINOR] Add rdp_cookie pattern fetch function
    - [CLEANUP] Remove unnecessary casts
    - [MINOR] Add non-stick server option
    - [MINOR] Consistently use error in tcp_parse_tcp_req()
    - [MINOR] Consistently free expr on error in cfg_parse_listen()
    - [MINOR] Free rdp_cookie_name on denint()
    - [MINOR] Free tcp rules on denint()
    - [MINOR] Free stick table pool on denint()
    - [MINOR] Free stick rules on denint()
    - [MEDIUM] Fix stick-table replication on soft-restart
    - [MEDIUM] Correct ipmask() logic
    - [MINOR] Correct type in table dump examples
    - [MINOR] Fix build error in stream_int_register_handler()
    - [MINOR] Use DPRINTF in assign_server()
    - [BUG] checks: http-check expect could fail a check on multi-packet responses
    - [DOC] fix minor typo in the "dispatch" doc
    - [BUG] proto_tcp: fix address binding on remote source
    - [MINOR] http: don't report the "haproxy" word on the monitoring response
    - [REORG] http: move HTTP error codes back to proto_http.h
    - [MINOR] http: make the "HTTP 200" status code configurable.
    - [MINOR] http: partially revert the chunking optimization for now
    - [MINOR] stream_sock: always clear BF_EXPECT_MORE upon complete transfer
    - [CLEANUP] stream_sock: remove unneeded FL_TCP and factor out test
    - [MEDIUM] http: add support for "http-no-delay"
    - [OPTIM] http: optimize chunking again in non-interactive mode
    - [OPTIM] stream_sock: avoid fast-forwarding of partial data
    - [OPTIM] stream_sock: don't use splice on too small payloads
    - [MINOR] config: make it possible to specify a cookie even without a server
    - [BUG] stats: support url-encoded forms
    - [MINOR] config: automatically compute a default fullconn value
    - [CLEANUP] config: remove some left-over printf debugging code from previous patch
    - [DOC] add missing entry or stick store-response
    - [MEDIUM] http: add support for 'cookie' and 'set-cookie' patterns
    - [BUG] halog: correctly handle truncated last line
    - [MINOR] halog: make SKIP_CHAR stop on field delimiters
    - [MINOR] halog: add support for HTTP log matching (-H)
    - [MINOR] halog: gain back performance before SKIP_CHAR fix
    - [OPTIM] halog: cache some common fields positions
    - [OPTIM] halog: check once for correct line format and reuse the pointer
    - [OPTIM] halog: remove many 'if' by using a function pointer for the filters
    - [OPTIM] halog: remove support for tab delimiters in input data
    - [BUG] session: risk of crash on out of memory (1.5-dev regression)
    - [MINOR] session: try to emit a 500 response on memory allocation errors
    - [OPTIM] stream_sock: reduce the default number of accepted connections at once
    - [BUG] stream_sock: disable listener when system resources are exhausted
    - [MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c
    - [BUG] stream_sock: ensure orphan listeners don't accept too many connections
    - [MINOR] listeners: add listen_full() to mark a listener full
    - [MINOR] listeners: add support for queueing resource limited listeners
    - [MEDIUM] listeners: put listeners in queue upon resource shortage
    - [MEDIUM] listeners: queue proxy-bound listeners at the proxy's
    - [MEDIUM] listeners: don't stop proxies when global maxconn is reached
    - [MEDIUM] listeners: don't change listeners states anymore in maintain_proxies
    - [CLEANUP] proxy: rename a few proxy states (PR_STIDLE and PR_STRUN)
    - [MINOR] stats: report a "WAITING" state for sockets waiting for resource
    - [MINOR] proxy: make session rate-limit more accurate
    - [MINOR] sessions: only wake waiting listeners up if rate limit is OK
    - [BUG] proxy: peers must only be stopped once, not upon every call to maintain_proxies
    - [CLEANUP] proxy: merge maintain_proxies() operation inside a single loop
    - [MINOR] task: new function task_schedule() to schedule a wake up
    - [MAJOR] proxy: finally get rid of maintain_proxies()
    - [BUG] proxy: stats frontend and peers were missing many initializers
    - [MEDIUM] listeners: add a global listener management task
    - [MINOR] proxy: make findproxy() return proxies from numeric IDs too
    - [DOC] fix typos, "#" is a sharp, not a dash
    - [MEDIUM] stats: add support for changing frontend's maxconn at runtime
    - [MEDIUM] checks: group health checks methods by values and save option bits
    - [MINOR] session-counters: add the ability to clear the counters
    - [BUG] check: http-check expect + regex would crash in defaults section
    - [MEDIUM] http: make x-forwarded-for addition conditional
    - [REORG] build: move syscall redefinition to specific places
    - [CLEANUP] update the year in the copyright banner
    - [BUG] possible crash in 'show table' on stats socket
    - [BUG] checks: use the correct destination port for sending checks
    - [BUG] backend: risk of picking a wrong port when mapping is used with crossed families
    - [MINOR] make use of set_host_port() and get_host_port() to get rid of family mismatches
    - [DOC] fixed a few "sensible" -> "sensitive" errors
    - [MINOR] make use of addr_to_str() and get_host_port() to replace many inet_ntop()
    - [BUG] http: trailing white spaces must also be trimmed after headers
    - [MINOR] stats: display "<NONE>" instead of the frontend name when unknown
    - [MINOR] http: take a capture of too large requests and responses
    - [MINOR] http: take a capture of truncated responses
    - [MINOR] http: take a capture of bad content-lengths.
    - [DOC] add a few old and uncommitted docs
    - [CLEANUP] cfgparse: fix reported options for the "bind" keyword
    - [MINOR] halog: add -hs/-HS to filter by HTTP status code range
    - [MINOR] halog: support backslash-escaped quotes
    - [CLEANUP] remove dirty left-over of a debugging message
    - [MEDIUM] stats: disable complex socket reservation for stats socket
    - [CLEANUP] remove a useless test in manage_global_listener_queue()
    - [MEDIUM] stats: add the "set maxconn" setting to the command line interface
    - [MEDIUM] add support for global.maxconnrate to limit the per-process conn rate.
    - [MINOR] stats: report the current and max global connection rates
    - [MEDIUM] stats: add the ability to adjust the global maxconnrate
    - [BUG] peers: don't pre-allocate 65000 connections to each peer
    - [MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate
    - [BUG] peers: the peer frontend must not emit any log
    - [CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs
    - [BUG] peers: don't keep a peers section which has a NULL frontend
    - [BUG] peers: ensure the peers are resumed if they were paused
    - [MEDIUM] stats: add the ability to enable/disable/shutdown a frontend at runtime
    - [MEDIUM] session: make session_shutdown() an independant function
    - [MEDIUM] stats: offer the possibility to kill a session from the CLI
    - [CLEANUP] stats: centralize tests for backend/server inputs on the CLI
    - [MEDIUM] stats: offer the possibility to kill sessions by server
    - [MINOR] halog: do not consider byte 0x8A as end of line
    - [MINOR] frontend: ensure debug message length is always initialized
    - [OPTIM] halog: make fgets parse more bytes by blocks
    - [OPTIM] halog: add assembly version of the field lookup code
    - [MEDIUM] poll: add a measurement of idle vs work time
    - [CLEANUP] startup: report only the basename in the usage message
    - [MINOR] startup: add an option to change to a new directory
    - [OPTIM] task: don't scan the run queue if we know it's empty
    - [BUILD] stats: stdint is not present on solaris
    - [DOC] update the README file to reflect new naming rules for patches
    - [MINOR] stats: report the number of requests intercepted by the frontend
    - [DOC] update ROADMAP file
2011-09-10 23:43:11 +02:00