mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-11 14:05:12 +00:00
d3842523ff
154 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Willy Tarreau
|
cb92825af9 |
[RELEASE] Released version 1.7-dev1
Released version 1.7-dev1 with the following main changes :
- DOC: specify that stats socket doc (section 9.2) is in management
- BUILD: install only relevant and existing documentation
- CLEANUP: don't ignore debian/ directory if present
- BUG/MINOR: dns: parsing error of some DNS response
- BUG/MEDIUM: namespaces: don't fail if no namespace is used
- BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is disabled
- MEDIUM: dns: Don't use the ANY query type
- BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL < 1.0.0
- DOC: fix a typo for a "deviceatlas" keyword
- FIX: small typo in an example using the "Referer" header
- MINOR: cli: ability to set per-server maxconn
- DEBUG/MINOR: memory: add a build option to disable memory pools sharing
- DEBUG/MEDIUM: memory: optionally protect free data in pools
- DEBUG/MEDIUM: memory: add optional control pool memory operations
- MEDIUM: memory: add accounting for failed allocations
- BUG/MEDIUM: config: count memory limits on 64 bits, not 32
- BUG/MAJOR: dns: first DNS response packet not matching queried hostname may lead to a loop
- BUG/MINOR: dns: unable to parse CNAMEs response
- BUG/MINOR: examples/haproxy.init: missing brace in quiet_check()
- DOC: deviceatlas: more example use cases.
- MINOR: config: allow IPv6 bracketed literals
- BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin.
- BUILD: add Haiku as supported target.
- BUG/MAJOR: http: don't requeue an idle connection that is already queued
- DOC: typo on capture.res.hdr and capture.req.hdr
- BUG/MINOR: dns: check for duplicate nameserver id in a resolvers section was missing
- CLEANUP: use direction names in place of numeric values
- BUG/MEDIUM: lua: sample fetches based on response doesn't work
- MINOR: check: add agent-send server parameter
- BUG/MINOR: http rule: http capture 'id' rule points to a non existing id
- BUG/MINOR: server: check return value of fgets() in apply_server_state()
- BUG/MINOR: acl: don't use record layer in req_ssl_ver
- BUILD: freebsd: double declaration
- BUG/MEDIUM: lua: clean output buffer
- BUILD: check for libressl to be able to build against it
- DOC: lua-api/index.rst small example fixes, spelling correction.
- DOC: lua: architecture and first steps
- DOC: relation between timeout http-request and option http-buffer-request
- BUILD: Make deviceatlas require PCRE
- BUG: http: do not abort keep-alive connections on server timeout
- BUG/MEDIUM: http: switch the request channel to no-delay once done.
- BUG/MINOR: lua: don't force-sslv3 LUA's SSL socket
- BUILD/MINOR: http: proto_http.h needs sample.h
- BUG/MEDIUM: http: don't enable auto-close on the response side
- BUG/MEDIUM: stream: fix half-closed timeout handling
- CLEANUP: compression: don't allocate DEFAULT_MAXZLIBMEM without USE_ZLIB
- BUG/MEDIUM: cli: changing compression rate-limiting must require admin level
- BUG/MEDIUM: sample: urlp can't match an empty value
- BUILD: dumpstats: silencing warning for printf format specifier / time_t
- CLEANUP: proxy: calloc call inverted arguments
- MINOR: da: silent logging by default and displaying DeviceAtlas support if built.
- BUG/MEDIUM: da: stop DeviceAtlas processing in the convertor if there is no input.
- DOC: Edited 51Degrees section of README/
- BUG/MEDIUM: checks: email-alert not working when declared in defaults
- BUG/MINOR: checks: email-alert causes a segfault when an unknown mailers section is configured
- BUG/MINOR: checks: typo in an email-alert error message
- BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and last rule is a CONNECT with no port
- BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and first rule(s) is (are) COMMENT
- BUG/MEDIUM: http: fix http-reuse when frontend and backend differ
- DOC: prefer using http-request/response over reqXXX/rspXXX directives
- CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro.
- MINOR: ssl: Added cert_key_and_chain struct
- MEDIUM: ssl: Added support for creating SSL_CTX with multiple certs
- MINOR: ssl: Added multi cert support for crt-list config keyword
- MEDIUM: ssl: Added multi cert support for loading crt directories
- MEDIUM: ssl: Added support for Multi-Cert OCSP Stapling
- BUILD: ssl: set SSL_SOCK_NUM_KEYTYPES with openssl < 1.0.2
- MINOR: config: make tune.recv_enough configurable
- BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced
- DOC: ssl: Adding docs for Multi-Cert bundling
- BUG/MEDIUM: peers: table entries learned from a remote are pushed to others after a random delay.
- BUG/MEDIUM: peers: old stick table updates could be repushed.
- MINOR: lua: service/applet can have access to the HTTP headers when a POST is received
- REORG/MINOR: lua: convert boolean "int" to bitfield
- BUG/MEDIUM: lua: Lua applets must not fetch samples using http_txn
- BUG/MINOR: lua: Lua applets must not use http_txn
- BUG/MEDIUM: lua: Forbid HTTP applets from being called from tcp rulesets
- BUG/MAJOR: lua: Do not force the HTTP analysers in use-services
- CLEANUP: lua: bad error messages
- CONTRIB: initiate a debugging suite to make debugging easier
|
||
jesse.defer@asu.edu
|
c04b16cb28 |
BUG/MINOR: examples/haproxy.init: missing brace in quiet_check()
There is a missing curly brace in the quiet_check function of the example init script. [note: This needs to be backported to 1.6] |
||
|
Willy Tarreau
|
991b47831a |
[RELEASE] Released version 1.7-dev0
Released version 1.7-dev0 with the following main changes :
- exact copy of 1.6.0
|
||
|
Willy Tarreau
|
844028bb11 |
[RELEASE] Released version 1.6.0
Released version 1.6.0 with the following main changes :
- BUG/MINOR: Handle interactive mode in cli handler
- DOC: global section missing parameters
- DOC: backend section missing parameters
- DOC: stats paramaters available in frontend
- MINOR: lru: do not allocate useless memory in lru64_lookup
- BUG/MINOR: http: Add OPTIONS in supported http methods (found by find_http_meth)
- BUG/MINOR: ssl: fix management of the cache where forged certificates are stored
- MINOR: ssl: Release Servers SSL context when HAProxy is shut down
- MINOR: ssl: Read the file used to generate certificates in any order
- MINOR: ssl: Add support for EC for the CA used to sign generated certificates
- MINOR: ssl: Add callbacks to set DH/ECDH params for generated certificates
- BUG/MEDIUM: logs: fix time zone offset format in RFC5424
- BUILD: Fix the build on OSX (htonll/ntohll)
- BUILD: enable build on Linux/s390x
- BUG/MEDIUM: lua: direction test failed
- MINOR: lua: fix a spelling error in some error messages
- CLEANUP: cli: ensure we can never double-free error messages
- BUG/MEDIUM: lua: force server-close mode on Lua services
- MEDIUM: init: support more command line arguments after pid list
- MEDIUM: init: support a list of files on the command line
- MINOR: debug: enable memory poisonning to use byte 0
- BUILD: ssl: fix build error introduced by recent commit
- BUG/MINOR: config: make the stats socket pass the correct proxy to the parsers
- MEDIUM: server: implement TCP_USER_TIMEOUT on the server
- DOC: mention the "namespace" options for bind and server lines
- DOC: add the "management" documentation
- DOC: move the stats socket documentation from config to management
- MINOR: examples: update haproxy.spec to mention new docs
- DOC: mention management.txt in README
- DOC: remove haproxy-{en,fr}.txt
- BUILD: properly report when USE_ZLIB and USE_SLZ are used together
- MINOR: init: report use of libslz instead of "no compression"
- CLEANUP: examples: remove some obsolete and confusing files
- CLEANUP: examples: remove obsolete configuration file samples
- CLEANUP: examples: fix the example file content-sw-sample.cfg
- CLEANUP: examples: update sample file option-http_proxy.cfg
- CLEANUP: examples: update sample file ssl.cfg
- CLEANUP: tests: move a test file from examples/ to tests/
- CLEANUP: examples: shut up warnings in transparent proxy example
- CLEANUP: tests: removed completely obsolete test files
- DOC: update ROADMAP to remove what was done in 1.6
- BUG/MEDIUM: pattern: fixup use_after_free in the pat_ref_delete_by_id
|
||
|
Willy Tarreau
|
29e7aca645 |
CLEANUP: examples: shut up warnings in transparent proxy example
Just add some missing timeouts. |
||
|
Willy Tarreau
|
e2daab49ab |
CLEANUP: tests: move a test file from examples/ to tests/
examples are for users, tests are for developers. |
||
|
Willy Tarreau
|
15255f7c12 |
CLEANUP: examples: update sample file ssl.cfg
This one emitted an error due to the lack of "verify none" on the server line. |
||
|
Willy Tarreau
|
05d50d0910 |
CLEANUP: examples: update sample file option-http_proxy.cfg
This one was still valid but emitted lots of warnings. |
||
|
Willy Tarreau
|
677457e882 |
CLEANUP: examples: fix the example file content-sw-sample.cfg
This one didn't load anymore, but it was worth updating it since it matches most common needs. |
||
|
Willy Tarreau
|
ae4865d802 |
CLEANUP: examples: remove obsolete configuration file samples
This removes the obsolete CTTPROXY configuration, the tarpit example, and the pre-content switching example involving 3 layers and cookie rewriting to emulate the use_backend feature... (9 years old). |
||
|
Willy Tarreau
|
27232d6ff1 |
CLEANUP: examples: remove some obsolete and confusing files
Some files are totally obsolete. The Formilux init scripts and packaging scripts for haproxy 1.1.21 should go. Linux 2.4 kernel patch to enable epoll() on EOLed RHEL3 should go. The tuning script is incomplete and only suited to older kernels, better stop shipping this one. |
||
|
Willy Tarreau
|
cf2316644d |
MINOR: examples: update haproxy.spec to mention new docs
intro.txt and management.txt were added. haproxy-{en,fr}.txt were removed.
|
||
|
Willy Tarreau
|
8c1ad716df |
[RELEASE] Released version 1.6-dev7
Released version 1.6-dev7 with the following main changes :
- MINOR: cli: Dump all resolvers stats if no resolver section is given
- BUG: config: external-check command validation is checking for incorrect arguments.
- DOC: documentation format cleanups
- DOC: lua: few typos.
- BUG/MEDIUM: str2ip: make getaddrinfo() consider local address selection policy
- BUG/MEDIUM: logs: segfault writing to log from Lua
- DOC: fix lua use-service example
- MINOR: payload: add support for tls session ticket ext
- MINOR: lua: remove the run flag
- MEDIUM: lua: change the timeout execution
- MINOR: lua: rename the tune.lua.applet-timeout
- DOC: lua: update Lua doc
- DOC: lua: update doc according with the last Lua changes
- MINOR: http/tcp: fill the avalaible actions
- DOC: reorder misplaced res.ssl_hello_type in the doc
- BUG/MINOR: tcp: make silent-drop always force a TCP reset
- CLEANUP: tcp: silent-drop: only drain the connection when quick-ack is disabled
- BUILD: tcp: use IPPROTO_IP when SOL_IP is not available
- BUILD: server: fix build warnings introduced by load-server-state
- BUG/MEDIUM: server: fix misuse of format string in load-server-state's warnings
|
||
|
Willy Tarreau
|
e7ae656cf7 |
[RELEASE] Released version 1.6-dev6
Released version 1.6-dev6 with the following main changes :
- BUG/MAJOR: can't enable a server through the stat socket
- MINOR: server: Macro definition for server-state
- MINOR: cli: new stats socket command: show servers state
- DOC: stats socket command: show servers state
- MINOR: config: new global directive server-state-base
- DOC: global directive server-state-base
- MINOR: config: new global section directive: server-state-file
- DOC: new global directive: server-state-file
- MINOR: config: new backend directives: load-server-state-from-file and server-state-file-name
- DOC: load-server-state-from-file
- MINOR: init: server state loaded from file
- MINOR: server: startup slowstart task when using seamless reload of HAProxy
- MINOR: cli: new stats socket command: show backend
- DOC: servers state seamless reload example
- BUG: dns: can't connect UDP socket on FreeBSD
- MINOR: cfgparse: New function cfg_unregister_sections()
- MINOR: chunk: New function free_trash_buffers()
- BUG/MEDIUM: main: Freeing a bunch of static pointers
- MINOR: proto_http: Externalisation of previously internal functions
- MINOR: global: Few new struct fields for da module
- MAJOR: da: Update of the DeviceAtlas API module
- DOC: DeviceAtlas new keywords
- DOC: README: DeviceAtlas sample configuration updates
- MEDIUM: log: replace sendto() with sendmsg() in __send_log()
- MEDIUM: log: use a separate buffer for the header and for the message
- MEDIUM: logs: remove the hostname, tag and pid part from the logheader
- MEDIUM: logs: add support for RFC5424 header format per logger
- MEDIUM: logs: add a new RFC5424 log-format for the structured-data
- DOC: mention support for the RFC5424 syslog message format
- MEDIUM: logs: have global.log_send_hostname not contain the trailing space
- MEDIUM: logs: pass the trailing "\n" as an iovec
- BUG/MEDIUM: peers: some table updates are randomly not pushed.
- BUG/MEDIUM: peers: same table updates re-pushed after a re-connect
- BUG/MINOR: fct peer_prepare_ackmsg should not use trash.
- MINOR: http: made CHECK_HTTP_MESSAGE_FIRST accessible to other functions
- MINOR: global: Added new fields for 51Degrees device detection
- DOC: Added more explanation for 51Degrees V3.2
- BUILD: Changed 51Degrees option to support V3.2
- MAJOR: 51d: Upgraded to support 51Degrees V3.2 and new features
- MINOR: 51d: Improved string handling for LRU cache
- DOC: add references to rise/fall for the fastinter explanation
- MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD
- BUG/MAJOR: lua: potential unexpected aborts()
- BUG/MINOR: lua: breaks the log message if his size exceed one buffer
- MINOR: action: add private configuration
- MINOR: action: add reference to the original keywork matched for the called parser.
- MINOR: lua: change actions registration
- MEDIUM: proto_http: smp_prefetch_http initialize txn
- MINOR: channel: rename function chn_sess to chn_strm
- CLEANUP: lua: align defines
- MINOR: http: export http_get_path() function
- MINOR: http: export the get_reason() function
- MINOR: http: export function http_msg_analyzer()
- MINOR: http: split initialization
- MINOR: lua: reset pointer after use
- MINOR: lua: identify userdata objects
- MEDIUM: lua: use the function lua_rawset in place of lua_settable
- BUG/MAJOR: lua: segfault after the channel data is modified by some Lua action.
- CLEANUP: lua: use calloc in place of malloc
- BUG/MEDIUM: lua: longjmp function must be unregistered
- BUG/MEDIUM: lua: forces a garbage collection
- BUG/MEDIUM: lua: wakeup task on bad conditions
- MINOR: standard: avoid DNS resolution from the function str2sa_range()
- MINOR: lua: extend socket address to support non-IP families
- MINOR: lua/applet: the cosocket applet should use appctx_wakeup in place of task_wakeup
- BUG/MEDIUM: lua: socket destroy before reading pending data
- MEDIUM: lua: change the GC policy
- OPTIM/MEDIUM: lua: executes the garbage collector only when using cosocket
- BUG/MEDIUM: lua: don't reset undesired flags in hlua_ctx_resume
- MINOR: applet: add init function
- MINOR: applet: add an execution timeout
- MINOR: stream/applet: add use-service action
- MINOR: lua: add AppletTCP class and service
- MINOR: lua: add AppletHTTP class and service
- DOC: lua: some documentation update
- DOC: add the documentation about internal circular lists
- DOC: add a CONTRIBUTING file
- DOC: add a MAINTAINERS file
- BUG/MAJOR: peers: fix a crash when stopping peers on unbound processes
- DOC: update coding-style to reference checkpatch.pl
- BUG/MEDIUM: stick-tables: fix double-decrement of tracked entries
- BUG/MINOR: args: add name for ARGT_VAR
- DOC: add more entries to MAINTAINERS
- DOC: add more entries to MAINTAINERS
- CLEANUP: stream-int: remove obsolete function si_applet_call()
- BUG/MAJOR: cli: do not dereference strm_li()->proto->name
- BUG/MEDIUM: http: do not dereference strm_li(stream)
- BUG/MEDIUM: proxy: do not dereference strm_li(stream)
- BUG/MEDIUM: stream: do not dereference strm_li(stream)
- MINOR: stream-int: use si_release_endpoint() to close idle conns
- BUG/MEDIUM: payload: make req.payload and payload_lv aware of dynamic buffers
- BUG/MEDIUM: acl: always accept match "found"
- MINOR: applet: rename applet_runq to applet_active_queue
- BUG/MAJOR: applet: use a separate run queue to maintain list integrity
- MEDIUM: stream-int: split stream_int_update_conn() into si- and conn-specific parts
- MINOR: stream-int: implement a new stream_int_update() function
- MEDIUM: stream-int: factor out the stream update functions
- MEDIUM: stream-int: call stream_int_update() from si_update()
- MINOR: stream-int: export stream_int_update_*
- MINOR: stream-int: move the applet_pause call out of the stream updates
- MEDIUM: stream-int: clean up the conditions to enable reading in si_conn_wake_cb
- MINOR: stream-int: implement the stream_int_notify() function
- MEDIUM: stream-int: use the same stream notification function for applets and conns
- MEDIUM: stream-int: completely remove stream_int_update_embedded()
- MINOR: stream-int: rename si_applet_done() to si_applet_wake_cb()
- BUG/MEDIUM: applet: fix reporting of broken write situation
- BUG/MINOR: stats: do not call cli_release_handler 3 times
- BUG/MEDIUM: cli: properly handle closed output
- MINOR: cli: do not call the release handler on internal error.
- BUG/MEDIUM: stream-int: avoid double-call to applet->release
- DEBUG: add p_malloc() to return a poisonned memory area
- CLEANUP: lua: remove unneeded memset(0) after calloc()
- MINOR: lua: use the proper applet wakeup mechanism
- BUG/MEDIUM: lua: better fix for the protocol check
- BUG/MEDIUM: lua: properly set the target on the connection
- MEDIUM: actions: pass a new "flags" argument to custom actions
- MEDIUM: actions: add new flag ACT_FLAG_FINAL to notify about last call
- MEDIUM: http: pass ACT_FLAG_FINAL to custom actions
- MEDIUM: lua: only allow actions to yield if not in a final call
- DOC: clarify how to make use of abstract sockets in socat
- CLEANUP: config: make the errorloc/errorfile messages less confusing
- MEDIUM: action: add a new flag ACT_FLAG_FIRST
- BUG/MINOR: config: check that tune.bufsize is always positive
- MEDIUM: config: set tune.maxrewrite to 1024 by default
- DOC: add David Carlier as maintainer of da.c
- DOC: fix some broken unexpected unicode chars in the Lua doc.
- BUG/MEDIUM: proxy: ignore stopped peers
- BUG/MEDIUM: proxy: do not wake stopped proxies' tasks during soft_stop()
- MEDIUM: init: completely deallocate unused peers
- BUG/MEDIUM: tcp: fix inverted condition to call custom actions
- DOC: remove outdated actions lists on tcp-request/response
- MEDIUM: tcp: add new tcp action "silent-drop"
- DOC: add URLs to optional libraries in the README
|
||
Baptiste Assmann
|
71503d32a7 |
DOC: servers state seamless reload example
A short doc + example to help people start using seamless reload for server state |
||
|
Willy Tarreau
|
a02e8a6cdf |
[RELEASE] Released version 1.6-dev5
Released version 1.6-dev5 with the following main changes :
- MINOR: dns: dns_resolution structure update: time_t to unsigned int
- BUG/MEDIUM: dns: DNS resolution doesn't start
- BUG/MAJOR: dns: dns client resolution infinite loop
- MINOR: dns: coding style update
- MINOR: dns: new bitmasks to use against DNS flags
- MINOR: dns: dns_nameserver structure update: new counter for truncated response
- MINOR: dns: New DNS response analysis code: DNS_RESP_TRUNCATED
- MEDIUM: dns: handling of truncated response
- MINOR: DNS client query type failover management
- MINOR: dns: no expected DNS record type found
- MINOR: dns: new flag to report that no IP can be found in a DNS response packet
- BUG/MINOR: DNS request retry counter used for retry only
- DOC: DNS documentation updated
- MEDIUM: actions: remove ACTION_STOP
- BUG/MEDIUM: lua: outgoing connection was broken since 1.6-dev2 (bis)
- BUG/MINOR: lua: last log character truncated.
- CLEANUP: typo: bad indent
- CLEANUP: actions: missplaced includes
- MINOR: build: missing header
- CLEANUP: lua: Merge log functions
- BUG/MAJOR: http: don't manipulate the server connection if it's killed
- BUG/MINOR: http: remove stupid HTTP_METH_NONE entry
- BUG/MAJOR: http: don't call http_send_name_header() after an error
- MEDIUM: tools: make str2sa_range() optionally return the FQDN
- BUG/MINOR: tools: make str2sa_range() report unresolvable addresses
- BUG/MEDIUM: dns: use the correct server hostname when resolving
|
||
|
Willy Tarreau
|
61d301fbfb |
[RELEASE] Released version 1.6-dev4
Released version 1.6-dev4 with the following main changes :
- MINOR: log: Add log-format variable %HQ, to log HTTP query strings
- DOC: typo in 'redirect', 302 code meaning
- DOC: typos in tcp-check expect examples
- DOC: resolve-prefer default value and default-server update
- MINOR: DNS counters: increment valid counter
- BUG/MEDIUM: DNS resolution response parsing broken
- MINOR: server: add new SRV_ADMF_CMAINT flag
- MINOR: server SRV_ADMF_CMAINT flag doesn't imply SRV_ADMF_FMAINT
- BUG/MEDIUM: dns: wrong first time DNS resolution
- BUG/MEDIUM: lua: Lua tasks fail to start.
- BUILD: add USE_LUA to BUILD_OPTIONS when it's used
- DOC/MINOR: fix OpenBSD versions where haproxy works
- MINOR: 51d: unable to start haproxy without "51degrees-data-file"
- BUG/MEDIUM: peers: fix wrong message id on stick table updates acknowledgement.
- BUG/MAJOR: peers: fix current table pointer not re-initialized on session release.
- BUILD: ssl: Allow building against libssl without SSLv3.
- DOC: clarify some points about SSL and the proxy protocol
- DOC: mention support for RFC 5077 TLS Ticket extension in starter guide
- BUG/MEDIUM: mailer: DATA part must be terminated with <CRLF>.<CRLF>
- DOC: match several lua configuration option names to those implemented in code
- MINOR cfgparse: Correct the mailer warning text to show the right names to the user
- BUG/MINOR: ssl: TLS Ticket Key rotation broken via socket command
- MINOR: stream: initialize the current_rule field to NULL on stream init
- BUG/MEDIUM: lua: timeout error with converters, wrapper and actions.
- CLEANUP: proto_http: remove useless initialisation
- CLEANUP: http/tcp actions: remove the scope member
- BUG/MINOR: proto_tcp: custom action continue is ignored
- MINOR: proto_tcp: add session in the action prototype
- MINOR: vars: reduce the code size of some wrappers
- MINOR: Move http method enum from proto_http to sample
- MINOR: sample: Add ipv6 to ipv4 and sint to ipv6 casts
- MINOR: sample/proto_tcp: export "smp_fetch_src"
- MEDIUM: cli: rely on the map's output type instead of the sample type
- BUG/MEDIUM: stream: The stream doen't inherit SC from the session
- BUG/MEDIUM: vars: segfault during the configuration parsing
- BUG/MEDIUM: stick-tables: refcount error after copying SC for the session to the stream
- BUG/MEDIUM: lua: bad error processing
- MINOR: samples: rename a struct from sample_storage to sample_data
- MINOR: samples: rename some struct member from "smp" to "data"
- MEDIUM: samples: Use the "struct sample_data" in the "struct sample"
- MINOR: samples: extract the anonymous union and create the union sample_value
- MINOR: samples: rename union from "data" to "u"
- MEDIUM: 51degrees: Adapt the 51Degrees library
- MINOR: samples: data assignation simplification
- MEDIUM: pattern/map: Maps can returns various types
- MINOR: map: The map can return IPv4 and IPv6
- MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs
- MINOR: actions: Remove the data opaque pointer
- MINOR: lua: use the hlua_rule type in place of opaque type
- MINOR: vars: use the vars types as argument in place of opaque type
- MINOR: proto_http: use an "expr" type in place of generic opaque type.
- MINOR: proto_http: replace generic opaque types by real used types for the actions on thr request line
- MINOR: proto_http: replace generic opaque types by real used types in "http_capture"
- MINOR: proto_http: replace generic opaque types by real used types in "http_capture" by id
- MEDIUM: track-sc: Move the track-sc configuration storage in the union
- MEDIUM: capture: Move the capture configuration storage in the union
- MINOR: actions: add "from" information
- MINOR: actions: remove the mark indicating the last entry in enum
- MINOR: actions: Declare all the embedded actions in the same header file
- MINOR: actions: change actions names
- MEDIUM: actions: Add standard return code for the action API
- MEDIUM: actions: Merge (http|tcp)-(request|reponse) keywords structs
- MINOR: proto_tcp: proto_tcp.h is now useles
- MINOR: actions: mutualise the action keyword lookup
- MEDIUM: actions: Normalize the return code of the configuration parsers
- MINOR: actions: Remove wrappers
- MAJOR: stick-tables: use sample types in place of dedicated types
- MEDIUM: stick-tables: use the sample type names
- MAJOR: stick-tables: remove key storage from the key struct
- MEDIUM: stick-tables: Add GPT0 in the stick tables
- MINOR: stick-tables: Add GPT0 access
- MINOR: stick-tables: Add GPC0 actions
- BUG/MEDIUM: lua: the lua fucntion Channel:close() causes a segfault
- DOC: ssl: missing LF
- MINOR: lua: add core.done() function
- DOC: fix function name
- BUG/MINOR: lua: in some case a sample may remain undefined
- DOC: fix "http_action_set_req_line()" comments
- MINOR: http: Action for manipulating the returned status code.
- MEDIUM: lua: turns txn:close into txn:done
- BUG/MEDIUM: lua: cannot process more Lua hooks after a "done()" function call
- BUILD: link with libdl if needed for Lua support
- CLEANUP: backend: factor out objt_server() in connect_server()
- MEDIUM: backend: don't call si_alloc_conn() when we reuse a valid connection
- MEDIUM: stream-int: simplify si_alloc_conn()
- MINOR: stream-int: add new function si_detach_endpoint()
- MINOR: server: add a list of private idle connections
- MINOR: connection: add a new list member in the connection struct
- MEDIUM: stream-int: queue idle connections at the server
- MINOR: stream-int: make si_idle_conn() only accept valid connections
- MINOR: server: add a list of already used idle connections
- MINOR: connection: add a new flag CO_FL_PRIVATE
- MINOR: config: add new setting "http-reuse"
- MAJOR: backend: initial work towards connection reuse
- MAJOR: backend: improve the connection reuse mechanism
- MEDIUM: backend: implement "http-reuse safe"
- MINOR: server: add a list of safe, already reused idle connections
- MEDIUM: backend: add the "http-reuse aggressive" strategy
- DOC: document the new http-reuse directive
- DOC: internals: document next steps for HTTP connection reuse
- DOC: mention that %ms is left-padded with zeroes.
- MINOR: init: indicate to check 'bind' lines when no listeners were found.
- MAJOR: http: remove references to appsession
- CLEANUP: config: remove appsession initialization
- CLEANUP: appsession: remove appsession.c and sessionhash.c
- CLEANUP: tests: remove sessionhash_test.c and test-cookie-appsess.cfg
- CLEANUP: proxy: remove last references to appsession
- CLEANUP: appsession: remove the last include files
- DOC: remove documentation about appsession
- CLEANUP: .gitignore: ignore more test files
- CLEANUP: .gitignore: finally ignore everything but what is known.
- MEDIUM: config: emit a warning on a frontend without listener
- DOC: add doc/internals/entities-v2.txt
- DOC: add doc/linux-syn-cookies.txt
- DOC: add design thoughts on HTTP/2
- DOC: add some thoughts on connection sharing for HTTP/2
- DOC: add design thoughts on dynamic buffer allocation
- BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 creates a missing entry
- DOC: add new file intro.txt
- MAJOR: tproxy: remove support for cttproxy
- BUG/MEDIUM: lua: outgoing connection was broken since 1.6-dev2
- DOC: lua: replace txn:close with txn:done in lua-api
- DOC: intro: minor updates and fixes
- DOC: intro: fix too long line.
- DOC: fix example of http-request using ssl_fc_session_id
- BUG/MEDIUM: lua: txn:done() still causes a segfault in TCP mode
- CLEANUP: lua: fix some indent issues
- BUG/MEDIUM: lua: fix a segfault in txn:done() if called twice
- DOC: lua: mention than txn:close was renamed txn:done.
|
||
|
Willy Tarreau
|
50bdda6e51 |
[RELEASE] Released version 1.6-dev3
Released version 1.6-dev3 with the following main changes :
- CLEANUP: sample: generalize sample_fetch_string() as sample_fetch_as_type()
- MEDIUM: http: Add new 'set-src' option to http-request
- DOC usesrc root privileges requirments
- BUG/MINOR: dns: wrong time unit for some DNS default parameters
- MINOR: proxy: bit field for proxy_find_best_match diff status
- MINOR: server: new server flag: SRV_F_FORCED_ID
- MINOR: server: server_find functions: id, name, best_match
- DOC: dns: fix chapters syntax
- BUILD/MINOR: tools: rename popcount to my_popcountl
- BUILD: add netbsd TARGET
- MEDIUM: 51Degrees code refactoring and cleanup
- MEDIUM: 51d: add LRU-based cache on User-Agent string detection
- DOC: add notes about the "51degrees-cache-size" parameter
- BUG/MEDIUM: 51d: possible incorrect operations on smp->data.str.str
- BUG/MAJOR: connection: fix TLV offset calculation for proxy protocol v2 parsing
- MINOR: Add sample fetch to detect Supported Elliptic Curves Extension
- BUG/MINOR: payload: Add volatile flag to smp_fetch_req_ssl_ec_ext
- BUG/MINOR: lua: type error in the arguments wrapper
- CLEANUP: vars: remove unused struct
- BUG/MINOR: http/sample: gmtime/localtime can fail
- MINOR: standard: add 64 bits conversion functions
- MAJOR: sample: converts uint and sint in 64 bits signed integer
- MAJOR: arg: converts uint and sint in sint
- MEDIUM: sample: switch to saturated arithmetic
- MINOR: vars: returns variable content
- MEDIUM: vars/sample: operators can use variables as parameter
- BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id
- BUILD/MINOR: lua: fix a harmless build warning
- BUILD/MINOR: stats: fix build warning due to condition always true
- BUG/MAJOR: lru: fix unconditional call to free due to unexpected semi-colon
- BUG/MEDIUM: logs: fix improper systematic use of quotes with a few tags
- BUILD/MINOR: lua: ensure that hlua_ctx_destroy is properly defined
- BUG/MEDIUM: lru: fix possible memory leak when ->free() is used
- MINOR: vars: make the accounting not depend on the stream
- MEDIUM: vars: move the session variables to the session, not the stream
- BUG/MEDIUM: vars: do not freeze the connection when the expression cannot be fetched
- BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data
- BUG/MAJOR: tcp: tcp rulesets were still broken
- MINOR: stats: improve compression stats reporting
- MINOR: ssl: make self-generated certs also work with raw IPv6 addresses
- CLEANUP: ssl: make ssl_sock_generated_cert_serial() take a const
- CLEANUP: ssl: make ssl_sock_generate_certificate() use ssl_sock_generated_cert_serial()
- BUG/MINOR: log: missing some ARGC_* entries in fmt_directives()
- MINOR: args: add new context for servers
- MINOR: stream: maintain consistence between channel_forward and HTTP forward
- MINOR: ssl: provide ia function to set the SNI extension on a connection
- MEDIUM: ssl: add sni support on the server lines
- CLEANUP: stream: remove a useless call to si_detach()
- CLEANUP: stream-int: fix a few outdated comments about stream_int_register_handler()
- CLEANUP: stream-int: remove stream_int_unregister_handler() and si_detach()
- MINOR: stream-int: only use si_release_endpoint() to release a connection
- MINOR: standard: provide htonll() and ntohll()
- CLEANUP/MINOR: dns: dns_str_to_dn_label() only needs a const char
- BUG/MAJOR: dns: fix the length of the string to be copied
|
||
|
Willy Tarreau
|
ad90f0d1aa |
[RELEASE] Released version 1.6-dev2
Released version 1.6-dev2 with the following main changes :
- BUG/MINOR: ssl: Display correct filename in error message
- MEDIUM: logs: Add HTTP request-line log format directives
- BUG/MEDIUM: check: tcpcheck regression introduced by
|
||
|
Willy Tarreau
|
8747b6dbc8 |
[RELEASE] Released version 1.6-dev1
Released version 1.6-dev1 with the following main changes :
- CLEANUP: extract temporary $CFG to eliminate duplication
- CLEANUP: extract temporary $BIN to eliminate duplication
- CLEANUP: extract temporary $PIDFILE to eliminate duplication
- CLEANUP: extract temporary $LOCKFILE to eliminate duplication
- CLEANUP: extract quiet_check() to avoid duplication
- BUG/MINOR: don't start haproxy on reload
- DOC: Address issue where documentation is excluded due to a gitignore rule.
- BUG/MEDIUM: systemd: set KillMode to 'mixed'
- BUILD: fix "make install" to support spaces in the install dirs
- BUG/MINOR: config: http-request replace-header arg typo
- BUG: config: error in http-response replace-header number of arguments
- DOC: missing track-sc* in http-request rules
- BUILD: lua: missing ifdef related to SSL when enabling LUA
- BUG/MEDIUM: regex: fix pcre_study error handling
- MEDIUM: regex: Use pcre_study always when PCRE is used, regardless of JIT
- BUG/MINOR: Fix search for -p argument in systemd wrapper.
- MEDIUM: Improve signal handling in systemd wrapper.
- DOC: fix typo in Unix Socket commands
- BUG/MEDIUM: checks: external checks can't change server status to UP
- BUG/MEDIUM: checks: segfault with external checks in a backend section
- BUG/MINOR: checks: external checks shouldn't wait for timeout to return the result
- BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm
- BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported
- BUG/MINOR: config: don't propagate process binding for dynamic use_backend
- BUG/MINOR: log: fix request flags when keep-alive is enabled
- BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks
- MINOR: checks: allow external checks in backend sections
- MEDIUM: checks: provide environment variables to the external checks
- MINOR: checks: update dynamic environment variables in external checks
- DOC: checks: environment variables used by "external-check command"
- BUG/MEDIUM: backend: correctly detect the domain when use_domain_only is used
- MINOR: ssl: load certificates in alphabetical order
- BUG/MINOR: checks: prevent http keep-alive with http-check expect
- MINOR: lua: typo in an error message
- MINOR: report the Lua version in -vv
- MINOR: lua: add a compilation error message when compiled with an incompatible version
- BUG/MEDIUM: lua: segfault when calling haproxy sample fetches from lua
- BUILD: try to automatically detect the Lua library name
- BUILD/CLEANUP: systemd: avoid a warning due to mixed code and declaration
- BUG/MEDIUM: backend: Update hash to use unsigned int throughout
- BUG/MEDIUM: connection: fix memory corruption when building a proxy v2 header
- MEDIUM: connection: add new bit in Proxy Protocol V2
- BUG/MINOR: ssl: rejects OCSP response without nextupdate.
- BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses.
- BUG/MINOR: ssl: Fix OCSP resp update fails with the same certificate configured twice.
- BUG/MINOR: ssl: Fix external function in order not to return a pointer on an internal trash buffer.
- MINOR: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER formatted certs
- MINOR: ssl: add statement to force some ssl options in global.
- BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
- BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM.
- BUG/MINOR: samples: fix unnecessary memcopy converting binary to string.
- MINOR: samples: adds the bytes converter.
- MINOR: samples: adds the field converter.
- MINOR: samples: add the word converter.
- BUG/MINOR: server: move the directive #endif to the end of file
- BUG/MAJOR: buffer: check the space left is enough or not when input data in a buffer is wrapped
- DOC: fix a few typos
- CLEANUP: epoll: epoll_events should be allocated according to global.tune.maxpollevents
- BUG/MINOR: http: fix typo: "401 Unauthorized" => "407 Unauthorized"
- BUG/MINOR: parse: refer curproxy instead of proxy
- BUG/MINOR: parse: check the validity of size string in a more strict way
- BUILD: add new target 'make uninstall' to support uninstalling haproxy from OS
- DOC: expand the docs for the provided stats.
- BUG/MEDIUM: unix: do not unlink() abstract namespace sockets upon failure.
- MEDIUM: ssl: Certificate Transparency support
- MEDIUM: stats: proxied stats admin forms fix
- MEDIUM: http: Compress HTTP responses with status codes 201,202,203 in addition to 200
- BUG/MEDIUM: connection: sanitize PPv2 header length before parsing address information
- MAJOR: namespace: add Linux network namespace support
- MINOR: systemd: Check configuration before start
- BUILD: ssl: handle boringssl in openssl version detection
- BUILD: ssl: disable OCSP when using boringssl
- BUILD: ssl: don't call get_rfc2409_prime when using boringssl
- MINOR: ssl: don't use boringssl's cipher_list
- BUILD: ssl: use OPENSSL_NO_OCSP to detect OCSP support
- MINOR: stats: fix minor typo in HTML page
- MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper
- MEDIUM: Add support for configurable TLS ticket keys
- DOC: Document the new tls-ticket-keys bind keyword
- DOC: clearly state that the "show sess" output format is not fixed
- MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer()
- DOC: httplog does not support 'no'
- BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
- MINOR: ssl: use SSL_get_ciphers() instead of directly accessing the cipher list.
- BUG/MEDIUM: Consistently use 'check' in process_chk
- MEDIUM: Add external check
- BUG/MEDIUM: Do not set agent health to zero if server is disabled in config
- MEDIUM/BUG: Only explicitly report "DOWN (agent)" if the agent health is zero
- MEDIUM: Remove connect_chk
- MEDIUM: Refactor init_check and move to checks.c
- MEDIUM: Add free_check() helper
- MEDIUM: Move proto and addr fields struct check
- MEDIUM: Attach tcpcheck_rules to check
- MEDIUM: Add parsing of mailers section
- MEDIUM: Allow configuration of email alerts
- MEDIUM: Support sending email alerts
- DOC: Document email alerts
- MINOR: Remove trailing '.' from email alert messages
- MEDIUM: Allow suppression of email alerts by log level
- BUG/MEDIUM: Do not consider an agent check as failed on L7 error
- MINOR: deinit: fix memory leak
- MINOR: http: export the function 'smp_fetch_base32'
- BUG/MEDIUM: http: tarpit timeout is reset
- MINOR: sample: add "json" converter
- BUG/MEDIUM: pattern: don't load more than once a pattern list.
- MINOR: map/acl/dumpstats: remove the "Done." message
- BUG/MAJOR: ns: HAProxy segfault if the cli_conn is not from a network connection
- BUG/MINOR: pattern: error message missing
- BUG/MEDIUM: pattern: some entries are not deleted with case insensitive match
- BUG/MINOR: ARG6 and ARG7 don't fit in a 32 bits word
- MAJOR: poll: only rely on wake_expired_tasks() to compute the wait delay
- MEDIUM: task: call session analyzers if the task is woken by a message.
- MEDIUM: protocol: automatically pick the proto associated to the connection.
- MEDIUM: channel: wake up any request analyzer on response activity
- MINOR: converters: add a "void *private" argument to converters
- MINOR: converters: give the session pointer as converter argument
- MINOR: sample: add private argument to the struct sample_fetch
- MINOR: global: export function and permits to not resolve DNS names
- MINOR: sample: add function for browsing samples.
- MINOR: global: export many symbols.
- MINOR: includes: fix a lot of missing or useless includes
- MEDIUM: tcp: add register keyword system.
- MEDIUM: buffer: make bo_putblk/bo_putstr/bo_putchk return the number of bytes copied.
- MEDIUM: http: change the code returned by the response processing rule functions
- MEDIUM: http/tcp: permit to resume http and tcp custom actions
- MINOR: channel: functions to get data from a buffer without copy
- MEDIUM: lua: lua integration in the build and init system.
- MINOR: lua: add ease functions
- MINOR: lua: add runtime execution context
- MEDIUM: lua: "com" signals
- MINOR: lua: add the configuration directive "lua-load"
- MINOR: lua: core: create "core" class and object
- MINOR: lua: post initialisation bindings
- MEDIUM: lua: add coroutine as tasks.
- MINOR: lua: add sample and args type converters
- MINOR: lua: txn: create class TXN associated with the transaction.
- MINOR: lua: add shared context in the lua stack
- MINOR: lua: txn: import existing sample-fetches in the class TXN
- MINOR: lua: txn: add lua function in TXN that returns an array of http headers
- MINOR: lua: register and execute sample-fetches in LUA
- MINOR: lua: register and execute converters in LUA
- MINOR: lua: add bindings for tcp and http actions
- MINOR: lua: core: add sleep functions
- MEDIUM: lua: socket: add "socket" class for TCP I/O
- MINOR: lua: core: pattern and acl manipulation
- MINOR: lua: channel: add "channel" class
- MINOR: lua: txn: object "txn" provides two objects "channel"
- MINOR: lua: core: can set the nice of the current task
- MINOR: lua: core: can yield an execution stack
- MINOR: lua: txn: add binding for closing the client connection.
- MEDIUM: lua: Lua initialisation "on demand"
- BUG/MAJOR: lua: send function fails and return bad bytes
- MINOR: remove unused declaration.
- MINOR: lua: remove some #define
- MINOR: lua: use bitfield and macro in place of integer and enum
- MINOR: lua: set skeleton for Lua execution expiration
- MEDIUM: lua: each yielding function returns a wake up time.
- MINOR: lua: adds "forced yield" flag
- MEDIUM: lua: interrupt the Lua execution for running other process
- MEDIUM: lua: change the sleep function core
- BUG/MEDIUM: lua: the execution timeout is ignored in yield case
- DOC: lua: Lua configuration documentation
- MINOR: lua: add the struct session in the lua channel struct
- BUG/MINOR: lua: set buffer if it is nnot avalaible.
- BUG/MEDIUM: lua: reset flags before resuming execution
- BUG/MEDIUM: lua: fix infinite loop about channel
- BUG/MEDIUM: lua: the Lua process is not waked up after sending data on requests side
- BUG/MEDIUM: lua: many errors when we try to send data with the channel API
- MEDIUM: lua: use the Lua-5.3 version of the library
- BUG/MAJOR: lua: some function are not yieldable, the forced yield causes errors
- BUG/MEDIUM: lua: can't handle the response bytes
- BUG/MEDIUM: lua: segfault with buffer_replace2
- BUG/MINOR: lua: check buffers before initializing socket
- BUG/MINOR: log: segfault if there are no proxy reference
- BUG/MEDIUM: lua: sockets don't have buffer to write data
- BUG/MEDIUM: lua: cannot connect socket
- BUG/MINOR: lua: sockets receive behavior doesn't follows the specs
- BUG/BUILD: lua: The strict Lua 5.3 version check is not done.
- BUG/MEDIUM: buffer: one byte miss in buffer free space check
- MEDIUM: lua: make the functions hlua_gethlua() and hlua_sethlua() faster
- MINOR: replace the Core object by a simple model.
- MEDIUM: lua: change the objects configuration
- MEDIUM: lua: create a namespace for the fetches
- MINOR: converters: add function to browse converters
- MINOR: lua: wrapper for converters
- MINOR: lua: replace function (req|get)_channel by a variable
- MINOR: lua: fetches and converters can return an empty string in place of nil
- DOC: lua api
- BUG/MEDIUM: sample: fix random number upper-bound
- BUG/MINOR: stats:Fix incorrect printf type.
- BUG/MAJOR: session: revert all the crappy client-side timeout changes
- BUG/MINOR: logs: properly initialize and count log sockets
- BUG/MEDIUM: http: fetch "base" is not compatible with set-header
- BUG/MINOR: counters: do not untrack counters before logging
- BUG/MAJOR: sample: correctly reinitialize sample fetch context before calling sample_process()
- MINOR: stick-table: make stktable_fetch_key() indicate why it failed
- BUG/MEDIUM: counters: fix track-sc* to wait on unstable contents
- BUILD: remove TODO from the spec file and add README
- MINOR: log: make MAX_SYSLOG_LEN overridable at build time
- MEDIUM: log: support a user-configurable max log line length
- DOC: provide an example of how to use ssl_c_sha1
- BUILD: checks: external checker needs signal.h
- BUILD: checks: kill a minor warning on Solaris in external checks
- BUILD: http: fix isdigit & isspace warnings on Solaris
- BUG/MINOR: listener: set the listener's fd to -1 after deletion
- BUG/MEDIUM: unix: failed abstract socket binding is retryable
- MEDIUM: listener: implement a per-protocol pause() function
- MEDIUM: listener: support rebinding during resume()
- BUG/MEDIUM: unix: completely unbind abstract sockets during a pause()
- DOC: explicitly mention the limits of abstract namespace sockets
- DOC: minor fix on {sc,src}_kbytes_{in,out}
- DOC: fix alphabetical sort of converters
- MEDIUM: stick-table: implement lookup from a sample fetch
- MEDIUM: stick-table: add new converters to fetch table data
- MINOR: samples: add two converters for the date format
- BUG/MAJOR: http: correctly rewind the request body after start of forwarding
- DOC: remove references to CPU=native in the README
- DOC: mention that "compression offload" is ignored in defaults section
- DOC: mention that Squid correctly responds 400 to PPv2 header
- BUILD: fix dependencies between config and compat.h
- MINOR: session: export the function 'smp_fetch_sc_stkctr'
- MEDIUM: stick-table: make it easier to register extra data types
- BUG/MINOR: http: base32+src should use the big endian version of base32
- MINOR: sample: allow IP address to cast to binary
- MINOR: sample: add new converters to hash input
- MINOR: sample: allow integers to cast to binary
- BUILD: report commit ID in git versions as well
- CLEANUP: session: move the stick counters declarations to stick_table.h
- MEDIUM: http: add the track-sc* actions to http-request rules
- BUG/MEDIUM: connection: fix proxy v2 header again!
- BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc*
- OPTIM/MINOR: proxy: reduce struct proxy by 48 bytes on 64-bit archs
- MINOR: log: add a new field "%lc" to implement a per-frontend log counter
- BUG/MEDIUM: http: fix inverted condition in pat_match_meth()
- BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs
- BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg()
- BUG/MEDIUM: acl: correctly compute the output type when a converter is used
- CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix
- BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer
- MEDIUM: http: enable header manipulation for 101 responses
- BUG/MEDIUM: config: propagate frontend to backend process binding again.
- MEDIUM: config: properly propagate process binding between proxies
- MEDIUM: config: make the frontends automatically bind to the listeners' processes
- MEDIUM: config: compute the exact bind-process before listener's maxaccept
- MEDIUM: config: only warn if stats are attached to multi-process bind directives
- MEDIUM: config: report it when tcp-request rules are misplaced
- DOC: indicate in the doc that track-sc* can wait if data are missing
- MINOR: config: detect the case where a tcp-request content rule has no inspect-delay
- MEDIUM: systemd-wrapper: support multiple executable versions and names
- BUG/MEDIUM: remove debugging code from systemd-wrapper
- BUG/MEDIUM: http: adjust close mode when switching to backend
- BUG/MINOR: config: don't propagate process binding on fatal errors.
- BUG/MEDIUM: check: rule-less tcp-check must detect connect failures
- BUG/MINOR: tcp-check: report the correct failed step in the status
- DOC: indicate that weight zero is reported as DRAIN
- BUG/MEDIUM: config: avoid skipping disabled proxies
- BUG/MINOR: config: do not accept more track-sc than configured
- BUG/MEDIUM: backend: fix URI hash when a query string is present
- BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
- BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
- BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
- BUILD/MINOR: ssl: de-constify "ciphers" to avoid a warning on openssl-0.9.8
- BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets
- BUG/BUILD: revert accidental change in the makefile from latest SSL fix
- BUG/MEDIUM: ssl: force a full GC in case of memory shortage
- MEDIUM: ssl: add support for smaller SSL records
- MINOR: session: release a few other pools when stopping
- MINOR: task: release the task pool when stopping
- BUG/MINOR: config: don't inherit the default balance algorithm in frontends
- BUG/MAJOR: frontend: initialize capture pointers earlier
- BUG/MINOR: stats: correctly set the request/response analysers
- MAJOR: polling: centralize calls to I/O callbacks
- DOC: fix typo in the body parser documentation for msg.sov
- BUG/MINOR: peers: the buffer size is global.tune.bufsize, not trash.size
- MINOR: sample: add a few basic internal fetches (nbproc, proc, stopping)
- DEBUG: pools: apply poisonning on every allocated pool
- BUG/MAJOR: sessions: unlink session from list on out of memory
- BUG/MEDIUM: patterns: previous fix was incomplete
- BUG/MEDIUM: payload: ensure that a request channel is available
- BUG/MINOR: tcp-check: don't condition data polling on check type
- BUG/MEDIUM: tcp-check: don't rely on random memory contents
- BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect
- BUG/MINOR: config: fix typo in condition when propagating process binding
- BUG/MEDIUM: config: do not propagate processes between stopped processes
- BUG/MAJOR: stream-int: properly check the memory allocation return
- BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
- BUG/MAJOR: namespaces: conn->target is not necessarily a server
- BUG/MEDIUM: compression: correctly report zlib_mem
- CLEANUP: lists: remove dead code
- CLEANUP: memory: remove dead code
- CLEANUP: memory: replace macros pool_alloc2/pool_free2 with functions
- MINOR: memory: cut pool allocator in 3 layers
- MEDIUM: memory: improve pool_refill_alloc() to pass a refill count
- MINOR: stream-int: retrieve session pointer from stream-int
- MINOR: buffer: reset a buffer in b_reset() and not channel_init()
- MEDIUM: buffer: use b_alloc() to allocate and initialize a buffer
- MINOR: buffer: move buffer initialization after channel initialization
- MINOR: buffer: only use b_free to release buffers
- MEDIUM: buffer: always assign a dummy empty buffer to channels
- MEDIUM: buffer: add a new buf_wanted dummy buffer to report failed allocations
- MEDIUM: channel: do not report full when buf_empty is present on a channel
- MINOR: session: group buffer allocations together
- MINOR: buffer: implement b_alloc_fast()
- MEDIUM: buffer: implement b_alloc_margin()
- MEDIUM: session: implement a basic atomic buffer allocator
- MAJOR: session: implement a wait-queue for sessions who need a buffer
- MAJOR: session: only allocate buffers when needed
- MINOR: stats: report a "waiting" flags for sessions
- MAJOR: session: only wake up as many sessions as available buffers permit
- MINOR: config: implement global setting tune.buffers.reserve
- MINOR: config: implement global setting tune.buffers.limit
- MEDIUM: channel: implement a zero-copy buffer transfer
- MEDIUM: stream-int: support splicing from applets
- OPTIM: stream-int: try to send pending spliced data
- CLEANUP: session: remove session_from_task()
- DOC: add missing entry for log-format and clarify the text
- MINOR: logs: add a new per-proxy "log-tag" directive
- BUG/MEDIUM: http: fix header removal when previous header ends with pure LF
- MINOR: config: extend the default max hostname length to 64 and beyond
- BUG/MEDIUM: channel: fix possible integer overflow on reserved size computation
- BUG/MINOR: channel: compare to_forward with buf->i, not buf->size
- MINOR: channel: add channel_in_transit()
- MEDIUM: channel: make buffer_reserved() use channel_in_transit()
- MEDIUM: channel: make bi_avail() use channel_in_transit()
- BUG/MEDIUM: channel: don't schedule data in transit for leaving until connected
- CLEANUP: channel: rename channel_reserved -> channel_is_rewritable
- MINOR: channel: rename channel_full() to !channel_may_recv()
- MINOR: channel: rename buffer_reserved() to channel_reserved()
- MINOR: channel: rename buffer_max_len() to channel_recv_limit()
- MINOR: channel: rename bi_avail() to channel_recv_max()
- MINOR: channel: rename bi_erase() to channel_truncate()
- BUG/MAJOR: log: don't try to emit a log if no logger is set
- MINOR: tools: add new round_2dig() function to round integers
- MINOR: global: always export some SSL-specific metrics
- MINOR: global: report information about the cost of SSL connections
- MAJOR: init: automatically set maxconn and/or maxsslconn when possible
- MINOR: http: add a new fetch "query" to extract the request's query string
- MINOR: hash: add new function hash_crc32
- MINOR: samples: provide a "crc32" converter
- MEDIUM: backend: add the crc32 hash algorithm for load balancing
- BUG/MINOR: args: add missing entry for ARGT_MAP in arg_type_names
- BUG/MEDIUM: http: make http-request set-header compute the string before removal
- MEDIUM: args: use #define to specify the number of bits used by arg types and counts
- MEDIUM: args: increase arg type to 5 bits and limit arg count to 5
- MINOR: args: add type-specific flags for each arg in a list
- MINOR: args: implement a new arg type for regex : ARGT_REG
- MEDIUM: regex: add support for passing regex flags to regex_exec_match()
- MEDIUM: samples: add a regsub converter to perform regex-based transformations
- BUG/MINOR: sample: fix case sensitivity for the regsub converter
- MEDIUM: http: implement http-request set-{method,path,query,uri}
- DOC: fix missing closing brackend on regsub
- MEDIUM: samples: provide basic arithmetic and bitwise operators
- MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set
- BUG/MINOR: http: fix incorrect header value offset in replace-hdr/replace-value
- BUG/MINOR: http: abort request processing on filter failure
- MEDIUM: tcp: implement tcp-ut bind option to set TCP_USER_TIMEOUT
- MINOR: ssl/server: add the "no-ssl-reuse" server option
- BUG/MAJOR: peers: initialize s->buffer_wait when creating the session
- MINOR: http: add a new function to iterate over each header line
- MINOR: http: add the new sample fetches req.hdr_names and res.hdr_names
- MEDIUM: task: always ensure that the run queue is consistent
- BUILD: Makefile: add -Wdeclaration-after-statement
- BUILD/CLEANUP: ssl: avoid a warning due to mixed code and declaration
- BUILD/CLEANUP: config: silent 3 warnings about mixed declarations with code
- MEDIUM: protocol: use a family array to index the protocol handlers
- BUILD: lua: cleanup many mixed occurrences declarations & code
- BUG/MEDIUM: task: fix recently introduced scheduler skew
- BUG/MINOR: lua: report the correct function name in an error message
- BUG/MAJOR: http: fix stats regression consecutive to HTTP_RULE_RES_YIELD
- Revert "BUG/MEDIUM: lua: can't handle the response bytes"
- MINOR: lua: convert IP addresses to type string
- CLEANUP: lua: use the same function names in C and Lua
- REORG/MAJOR: move session's req and resp channels back into the session
- CLEANUP: remove now unused channel pool
- REORG/MEDIUM: stream-int: introduce si_ic/si_oc to access channels
- MEDIUM: stream-int: add a flag indicating which side the SI is on
- MAJOR: stream-int: only rely on SI_FL_ISBACK to find the requested channel
- MEDIUM: stream-interface: remove now unused pointers to channels
- MEDIUM: stream-int: make si_sess() use the stream int's side
- MEDIUM: stream-int: use si_task() to retrieve the task from the stream int
- MEDIUM: stream-int: remove any reference to the owner
- CLEANUP: stream-int: add si_ib/si_ob to dereference the buffers
- CLEANUP: stream-int: add si_opposite() to find the other stream interface
- REORG/MEDIUM: channel: only use chn_prod / chn_cons to find stream-interfaces
- MEDIUM: channel: add a new flag "CF_ISRESP" for the response channel
- MAJOR: channel: only rely on the new CF_ISRESP flag to find the SI
- MEDIUM: channel: remove now unused ->prod and ->cons pointers
- CLEANUP: session: simplify references to chn_{prod,cons}(&s->{req,res})
- CLEANUP: session: use local variables to access channels / stream ints
- CLEANUP: session: don't needlessly pass a pointer to the stream-int
- CLEANUP: session: don't use si_{ic,oc} when we know the session.
- CLEANUP: stream-int: limit usage of si_ic/si_oc
- CLEANUP: lua: limit usage of si_ic/si_oc
- MINOR: channel: add chn_sess() helper to retrieve session from channel
- MEDIUM: session: simplify receive buffer allocator to only use the channel
- MEDIUM: lua: use CF_ISRESP to detect the channel's side
- CLEANUP: lua: remove the session pointer from hlua_channel
- CLEANUP: lua: hlua_channel_new() doesn't need the pointer to the session anymore
- MEDIUM: lua: remove struct hlua_channel
- MEDIUM: lua: remove hlua_sample_fetch
|
||
Adam Spiers
|
107ddc1b67 |
BUG/MINOR: don't start haproxy on reload
If haproxy is not already running, reload should not start it. Unfortunately the LSB spec does not explicitly cover this case: http://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html but it seems like the more correct behaviour, and actually fixes a real-world issue we saw in SUSE Cloud. Signed-off-by: Adam Spiers <aspiers@suse.com> |
||
|
Adam Spiers
|
ecb74a3d86 |
CLEANUP: extract quiet_check() to avoid duplication
Signed-off-by: Adam Spiers <aspiers@suse.com> |
||
|
Adam Spiers
|
c5123f3982 |
CLEANUP: extract temporary $LOCKFILE to eliminate duplication
Signed-off-by: Adam Spiers <aspiers@suse.com> |
||
|
Adam Spiers
|
922a37b2fb |
CLEANUP: extract temporary $PIDFILE to eliminate duplication
Signed-off-by: Adam Spiers <aspiers@suse.com> |
||
|
Adam Spiers
|
85bb5ca39b |
CLEANUP: extract temporary $BIN to eliminate duplication
Signed-off-by: Adam Spiers <aspiers@suse.com> |
||
|
Adam Spiers
|
5e71b6f803 |
CLEANUP: extract temporary $CFG to eliminate duplication
Signed-off-by: Adam Spiers <aspiers@suse.com> |
||
|
Willy Tarreau
|
ca3094d0b1 |
BUILD: remove TODO from the spec file and add README
This used to cause a build failure since 1.5.0, as reported by Timothy Shelton. The proxy protocol doc was also added. |
||
|
Willy Tarreau
|
15480d7250 |
[DEV] open new 1.6 development branch
This new branch is based on 1.5.0, which 1.6-dev0 is 100% equivalent to.
The README has been updated to mention that it is a development branch.
Released version 1.6-dev0 with the following main changes :
- exact copy of 1.5.0
|
||
|
Willy Tarreau
|
9229f1248f |
[RELEASE] Released version 1.5.0
Released version 1.5.0 with the following main changes :
- MEDIUM: ssl: ignored file names ending as '.issuer' or '.ocsp'.
- MEDIUM: ssl: basic OCSP stapling support.
- MINOR: ssl/cli: Fix unapropriate comment in code on 'set ssl ocsp-response'
- MEDIUM: ssl: add 300s supported time skew on OCSP response update.
- MINOR: checks: mysql-check: Add support for v4.1+ authentication
- MEDIUM: ssl: Add the option to use standardized DH parameters >= 1024 bits
- MEDIUM: ssl: fix detection of ephemeral diffie-hellman key exchange by using the cipher description.
- MEDIUM: http: add actions "replace-header" and "replace-values" in http-req/resp
- MEDIUM: Break out check establishment into connect_chk()
- MEDIUM: Add port_to_str helper
- BUG/MEDIUM: fix ignored values for half-closed timeouts (client-fin and server-fin) in defaults section.
- BUG/MEDIUM: Fix unhandled connections problem with systemd daemon mode and SO_REUSEPORT.
- MINOR: regex: fix a little configuration memory leak.
- MINOR: regex: Create JIT compatible function that return match strings
- MEDIUM: regex: replace all standard regex function by own functions
- MEDIUM: regex: Remove null terminated strings.
- MINOR: regex: Use native PCRE API.
- MINOR: missing regex.h include
- DOC: Add Exim as Proxy Protocol implementer.
- BUILD: don't use type "uint" which is not portable
- BUILD: stats: workaround stupid and bogus -Werror=format-security behaviour
- BUG/MEDIUM: http: clear CF_READ_NOEXP when preparing a new transaction
- CLEANUP: http: don't clear CF_READ_NOEXP twice
- DOC: fix proxy protocol v2 decoder example
- DOC: fix remaining occurrences of "pattern extraction"
- MINOR: log: allow the HTTP status code to be logged even in TCP frontends
- MINOR: logs: don't limit HTTP header captures to HTTP frontends
- MINOR: sample: improve sample_fetch_string() to report partial contents
- MINOR: capture: extend the captures to support non-header keys
- MINOR: tcp: prepare support for the "capture" action
- MEDIUM: tcp: add a new tcp-request capture directive
- MEDIUM: session: allow shorter retry delay if timeout connect is small
- MEDIUM: session: don't apply the retry delay when redispatching
- MEDIUM: session: redispatch earlier when possible
- MINOR: config: warn when tcp-check rules are used without option tcp-check
- BUG/MINOR: connection: make proxy protocol v1 support the UNKNOWN protocol
- DOC: proxy protocol example parser was still wrong
- DOC: minor updates to the proxy protocol doc
- CLEANUP: connection: merge proxy proto v2 header and address block
- MEDIUM: connection: add support for proxy protocol v2 in accept-proxy
- MINOR: tools: add new functions to quote-encode strings
- DOC: clarify the CSV format
- MEDIUM: stats: report the last check and last agent's output on the CSV status
- MINOR: freq_ctr: introduce a new averaging method
- MEDIUM: session: maintain per-backend and per-server time statistics
- MEDIUM: stats: report per-backend and per-server time stats in HTML and CSV outputs
- BUG/MINOR: http: fix typos in previous patch
- DOC: remove the ultra-obsolete TODO file
- DOC: update roadmap
- DOC: minor updates to the README
- DOC: mention the maxconn limitations with the select poller
- DOC: commit a few old design thoughts files
|
||
|
Willy Tarreau
|
2e85840266 |
[RELEASE] Released version 1.5-dev26
Released version 1.5-dev26 with the following main changes :
- BUG/MEDIUM: polling: fix possible CPU hogging of worker processes after receiving SIGUSR1.
- BUG/MINOR: stats: fix a typo on a closing tag for a server tracking another one
- OPTIM: stats: avoid the calculation of a useless link on tracking servers in maintenance
- MINOR: fix a few memory usage errors
- CONTRIB: halog: Filter input lines by date and time through timestamp
- MINOR: ssl: SSL_CTX_set_options() and SSL_CTX_set_mode() take a long, not an int
- BUG/MEDIUM: regex: fix risk of buffer overrun in exp_replace()
- MINOR: acl: set "str" as default match for strings
- DOC: Add some precisions about acl default matching method
- MEDIUM: acl: strenghten the option parser to report invalid options
- BUG/MEDIUM: config: a stats-less config crashes in 1.5-dev25
- BUG/MINOR: checks: tcp-check must not stop on '\0' for binary checks
- MINOR: stats: improve alignment of color codes to save one line of header
- MINOR: checks: simplify and improve reporting of state changes when using log-health-checks
- MINOR: server: remove the SRV_DRAIN flag which can always be deduced
- MINOR: server: use functions to detect state changes and to update them
- MINOR: server: create srv_was_usable() from srv_is_usable() and use a pointer
- BUG/MINOR: stats: do not report "100%" in the thottle column when server is draining
- BUG/MAJOR: config: don't free valid regex memory
- BUG/MEDIUM: session: don't clear CF_READ_NOEXP if analysers are not called
- BUG/MINOR: stats: tracking servers may incorrectly report an inherited DRAIN status
- MEDIUM: proxy: make timeout parser a bit stricter
- REORG/MEDIUM: server: split server state and flags in two different variables
- REORG/MEDIUM: server: move the maintenance bits out of the server state
- MAJOR: server: use states instead of flags to store the server state
- REORG: checks: put the functions in the appropriate files !
- MEDIUM: server: properly support and propagate the maintenance status
- MEDIUM: server: allow multi-level server tracking
- CLEANUP: checks: rename the server_status_printf function
- MEDIUM: checks: simplify server up/down/nolb transitions
- MAJOR: checks: move health checks changes to set_server_check_status()
- MINOR: server: make the status reporting function support a reason
- MINOR: checks: simplify health check reporting functions
- MINOR: server: implement srv_set_stopped()
- MINOR: server: implement srv_set_running()
- MINOR: server: implement srv_set_stopping()
- MEDIUM: checks: simplify failure notification using srv_set_stopped()
- MEDIUM: checks: simplify success notification using srv_set_running()
- MEDIUM: checks: simplify stopping mode notification using srv_set_stopping()
- MEDIUM: stats: report a server's own state instead of the tracked one's
- MINOR: server: make use of srv_is_usable() instead of checking eweight
- MAJOR: checks: add support for a new "drain" administrative mode
- MINOR: stats: use the admin flags for soft enable/disable/stop/start on the web page
- MEDIUM: stats: introduce new actions to simplify admin status management
- MINOR: cli: introduce a new "set server" command
- MINOR: stats: report a distinct output for DOWN caused by agent
- MINOR: checks: support specific check reporting for the agent
- MINOR: checks: support a neutral check result
- BUG/MINOR: cli: "agent" was missing from the "enable"/"disable" help message
- MEDIUM: cli: add support for enabling/disabling health checks.
- MEDIUM: stats: report down caused by agent prior to reporting up
- MAJOR: agent: rework the response processing and support additional actions
- MINOR: stats: improve the stats web page to support more actions
- CONTRIB: halog: avoid calling time/localtime/mktime for each line
- DOC: document the workarouds for Google Chrome's bogus pre-connect
- MINOR: stats: report SSL key computations per second
- MINOR: stats: add counters for SSL cache lookups and misses
|
||
|
Willy Tarreau
|
a3393955da |
[RELEASE] Released version 1.5-dev25
Released version 1.5-dev25 with the following main changes :
- MEDIUM: connection: Implement and extented PROXY Protocol V2
- MINOR: ssl: clean unused ACLs declarations
- MINOR: ssl: adds fetchs and ACLs for ssl back connection.
- MINOR: ssl: merge client's and frontend's certificate functions.
- MINOR: ssl: adds ssl_f_sha1 fetch to return frontend's certificate fingerprint
- MINOR: ssl: adds sample converter base64 for binary type.
- MINOR: ssl: convert to binary ssl_fc_unique_id and ssl_bc_unique_id.
- BUG/MAJOR: ssl: Fallback to private session cache if current lock mode is not supported.
- MAJOR: ssl: Change default locks on ssl session cache.
- BUG/MINOR: chunk: Fix function chunk_strcmp and chunk_strcasecmp match a substring.
- MINOR: ssl: add global statement tune.ssl.force-private-cache.
- MINOR: ssl: remove fallback to SSL session private cache if lock init fails.
- BUG/MEDIUM: patterns: last fix was still not enough
- MINOR: http: export the smp_fetch_cookie function
- MINOR: http: generic pointer to rule argument
- BUG/MEDIUM: pattern: a typo breaks automatic acl/map numbering
- BUG/MAJOR: patterns: -i and -n are ignored for inlined patterns
- BUG/MINOR: proxy: unsafe initialization of HTTP transaction when switching from TCP frontend
- BUG/MINOR: http: log 407 in case of proxy auth
- MINOR: http: rely on the message body parser to send 100-continue
- MEDIUM: http: move reqadd after execution of http_request redirect
- MEDIUM: http: jump to dedicated labels after http-request processing
- BUG/MINOR: http: block rules forgot to increment the denied_req counter
- BUG/MINOR: http: block rules forgot to increment the session's request counter
- MEDIUM: http: move Connection header processing earlier
- MEDIUM: http: remove even more of the spaghetti in the request path
- MINOR: http: silently support the "block" action for http-request
- CLEANUP: proxy: rename "block_cond" to "block_rules"
- MEDIUM: http: emulate "block" rules using "http-request" rules
- MINOR: http: remove the now unused loop over "block" rules
- MEDIUM: http: factorize the "auth" action of http-request and stats
- MEDIUM: http: make http-request rules processing return a verdict instead of a rule
- MINOR: config: add minimum support for emitting warnings only once
- MEDIUM: config: inform the user about the deprecatedness of "block" rules
- MEDIUM: config: inform the user that "reqsetbe" is deprecated
- MEDIUM: config: inform the user only once that "redispatch" is deprecated
- MEDIUM: config: warn that '{cli,con,srv}timeout' are deprecated
- BUG/MINOR: auth: fix wrong return type in pat_match_auth()
- BUILD: config: remove a warning with clang
- BUG/MAJOR: http: connection setup may stall on balance url_param
- BUG/MEDIUM: http/session: disable client-side expiration only after body
- BUG/MEDIUM: http: correctly report request body timeouts
- BUG/MEDIUM: http: disable server-side expiration until client has sent the body
- MEDIUM: listener: make the accept function more robust against pauses
- BUILD: syscalls: remove improper inline statement in front of syscalls
- BUILD: ssl: SSL_CTX_set_msg_callback() needs openssl >= 0.9.7
- BUG/MAJOR: session: recover the correct connection pointer in half-initialized sessions
- DOC: add some explanation on the shared cache build options in the readme.
- MEDIUM: proxy: only adjust the backend's bind-process when already set
- MEDIUM: config: limit nbproc to the machine's word size
- MEDIUM: config: check the bind-process settings according to nbproc
- MEDIUM: listener: parse the new "process" bind keyword
- MEDIUM: listener: inherit the process mask from the proxy
- MAJOR: listener: only start listeners bound to the same processes
- MINOR: config: only report a warning when stats sockets are bound to more than 1 process
- CLEANUP: config: set the maxaccept value for peers listeners earlier
- BUG/MINOR: backend: only match IPv4 addresses with RDP cookies
- BUG/MINOR: checks: correctly configure the address family and protocol
- MINOR: tools: split is_addr() and is_inet_addr()
- MINOR: protocols: use is_inet_addr() when only INET addresses are desired
- MEDIUM: unix: add preliminary support for connecting to servers over UNIX sockets
- MEDIUM: checks: only complain about the missing port when the check uses TCP
- MEDIUM: unix: implement support for Linux abstract namespace sockets
- DOC: map_beg was missing from the table of map_* converters
- DOC: ebtree: indicate that prefix insertion/lookup may be used with strings
- MEDIUM: pattern: use ebtree's longest match to index/lookup string beginning
- BUILD: remove the obsolete BSD and OSX makefiles
- MEDIUM: unix: avoid a double connect probe when no data are sent
- DOC: stop referencing the slow git repository in the README
- BUILD: only build the systemd wrapper on Linux 2.6 and above
- DOC: update roadmap with completed tasks
- MEDIUM: session: implement half-closed timeouts (client-fin and server-fin)
|
||
|
Willy Tarreau
|
8860dcd70a |
[RELEASE] Released version 1.5-dev24
Released version 1.5-dev24 with the following main changes :
- MINOR: pattern: find element in a reference
- MEDIUM: http: ACL and MAP updates through http-(request|response) rules
- MEDIUM: ssl: explicitly log failed handshakes after a heartbeat
- DOC: Full section dedicated to the converters
- MEDIUM: http: register http-request and http-response keywords
- BUG/MINOR: compression: correctly report incoming byte count
- BUG/MINOR: http: don't report server aborts as client aborts
- BUG/MEDIUM: channel: bi_putblk() must not wrap before the end of buffer
- CLEANUP: buffers: remove unused function buffer_contig_space_with_res()
- MEDIUM: stats: reimplement HTTP keep-alive on the stats page
- BUG/MAJOR: http: fix timeouts during data forwarding
- BUG/MEDIUM: http: 100-continue responses must process the next part immediately
- MEDIUM: http: move skipping of 100-continue earlier
- BUILD: stats: let gcc know that last_fwd cannot be used uninitialized...
- CLEANUP: general: get rid of all old occurrences of "session *t"
- CLEANUP: http: remove the useless "if (1)" inherited from version 1.4
- BUG/MEDIUM: stats: mismatch between behaviour and doc about front/back
- MEDIUM: http: enable analysers to have keep-alive on stats
- REORG: http: move HTTP Connection response header parsing earlier
- MINOR: stats: always emit HTTP/1.1 in responses
- MINOR: http: add capture.req.ver and capture.res.ver
- MINOR: checks: add a new global max-spread-checks directive
- BUG/MAJOR: http: fix the 'next' pointer when performing a redirect
- MINOR: http: implement the max-keep-alive-queue setting
- DOC: fix alphabetic order of tcp-check
- MINOR: connection: add a new error code for SSL with heartbeat
- MEDIUM: ssl: implement a workaround for the OpenSSL heartbleed attack
- BUG/MEDIUM: Revert "MEDIUM: ssl: Add standardized DH parameters >= 1024 bits"
- BUILD: http: remove a warning on strndup
- BUILD: ssl: avoid a warning about conn not used with OpenSSL < 1.0.1
- BUG/MINOR: ssl: really block OpenSSL's response to heartbleed attack
- MINOR: ssl: finally catch the heartbeats missing the padding
|
||
|
Willy Tarreau
|
8317b283fb |
[RELEASE] Released version 1.5-dev23
Released version 1.5-dev23 with the following main changes :
- BUG/MINOR: reject malformed HTTP/0.9 requests
- MINOR: systemd wrapper: re-execute on SIGUSR2
- MINOR: systemd wrapper: improve logging
- MINOR: systemd wrapper: propagate exit status
- BUG/MINOR: tcpcheck connect wrong behavior
- MEDIUM: proxy: support use_backend with dynamic names
- MINOR: stats: Enhancement to stats page to provide information of last session time.
- BUG/MEDIUM: peers: fix key consistency for integer stick tables
- DOC: fix a typo on http-server-close and encapsulate options with double-quotes
- DOC: fix fetching samples syntax
- MINOR: ssl: add ssl_fc_unique_id to fetch TLS Unique ID
- MEDIUM: ssl: Use ALPN support as it will be available in OpenSSL 1.0.2
- DOC: fix typo
- CLEANUP: code style: use tabs to indent codes instead of spaces
- DOC: fix a few config typos.
- BUG/MINOR: raw_sock: also consider ENOTCONN in addition to EAGAIN for recv()
- DOC: lowercase format string in unique-id
- MINOR: set IP_FREEBIND on IPv6 sockets in transparent mode
- BUG/MINOR: acl: req_ssl_sni fails with SSLv3 record version
- BUG/MINOR: build: add missing objects in osx and bsd Makefiles
- BUG/MINOR: build: handle whitespaces in wc -l output
- BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO
- MEDIUM: ssl: Add standardized DH parameters >= 1024 bits
- BUG/MEDIUM: map: The map parser includes blank lines.
- BUG/MINOR: log: The log of quotted capture header has been terminated by 2 quotes.
- MINOR: standard: add function "encode_chunk"
- BUG/MINOR: http: fix encoding of samples used in http headers
- MINOR: sample: add hex converter
- MEDIUM: sample: change the behavior of the bin2str cast
- MAJOR: auth: Change the internal authentication system.
- MEDIUM: acl/pattern: standardisation "of pat_parse_int()" and "pat_parse_dotted_ver()"
- MEDIUM: pattern: The pattern parser no more uses <opaque> and just takes one string.
- MEDIUM: pattern: Change the prototype of the function pattern_register().
- CONTRIB: ip6range: add a network IPv6 range to mask converter
- MINOR: pattern: separe list element from the data part.
- MEDIUM: pattern: add indexation function.
- MEDIUM: pattern: The parse functions just return "struct pattern" without memory allocation
- MINOR: pattern: Rename "pat_idx_elt" to "pattern_tree"
- MINOR: sample: dont call the sample cast function "c_none"
- MINOR: standard: Add function for converting cidr to network mask.
- MEDIUM: sample: Remove types SMP_T_CSTR and SMP_T_CBIN, replace it by SMP_F_CONST flags
- MEDIUM: sample/http_proto: Add new type called method
- MINOR: dumpstats: Group map inline help
- MEDIUM: pattern: The function pattern_exec_match() returns "struct pattern" if the patten match.
- MINOR: dumpstats: change map inline sentences
- MINOR: dumpstats: change the "get map" display management
- MINOR: map/dumpstats: The cli cmd "get map ..." display the "int" format.
- MEDIUM: pattern: The match function browse itself the list or the tree.
- MEDIUM: pattern: Index IPv6 addresses in a tree.
- MEDIUM: pattern: add delete functions
- MEDIUM: pattern: add prune function
- MEDIUM: pattern: add sample lookup function.
- MEDIUM: pattern/dumpstats: The function pattern_lookup() is no longer used
- MINOR: map/pattern: The sample parser is stored in the pattern
- MAJOR: pattern/map: Extends the map edition system in the patterns
- MEDIUM: pattern: merge same pattern
- MEDIUM: pattern: The expected type is stored in the pattern head, and conversion is executed once.
- MINOR: pattern: Each pattern is identified by unique id.
- MINOR: pattern/acl: Each pattern of each acl can be load with specified id
- MINOR: pattern: The function "pattern_register()" is no longer used.
- MINOR: pattern: Merge function pattern_add() with pat_ref_push().
- MINOR: pattern: store configuration reference for each acl or map pattern.
- MINOR: pattern: Each pattern expression element store the reference struct.
- MINOR: dumpstats: display the reference for th key/pattern and value.
- MEDIUM: pattern: delete() function uses the pat_ref_elt to find the element to be removed
- MEDIUM: pattern_find_smp: functions find_smp uses the pat_ref_elt to find the element to be removed
- MEDIUM: dumpstats/pattern: display and use each pointer of each pattern dumped
- MINOR: pattern/map/acl: Centralization of the file parsers
- MINOR: pattern: Check if the file reference is not used with acl and map
- MINOR: acl/pattern: Acl "-M" option force to load file as map file with two columns
- MEDIUM: dumpstats: Display error message during add of values.
- MINOR: pattern: The function pat_ref_set() have now atomic behavior
- MINOR: regex: The pointer regstr in the struc regex is no longer used.
- MINOR: cli: Block the usage of the command "acl add" in many cases.
- MINOR: doc: Update the documentation about the map and acl
- MINOR: pattern: index duplicates
- MINOR: configuration: File and line propagation
- MINOR: dumpstat/conf: display all the configuration lines that using pattern reference
- MINOR: standard: Disable ip resolution during the runtime
- MINOR: pattern: Remove the flag "PAT_F_FROM_FILE".
- MINOR: pattern: forbid dns resolutions
- DOC: document "get map" / "get acl" on the CLI
- MEDIUM: acl: Change the acl register struct
- BUG/MEDIUM: acl: boolean only matches were broken by recent changes
- DOC: pattern: pattern organisation schematics
- MINOR: pattern/cli: Update used terms in documentation and cli
- MINOR: cli: remove information about acl or map owner.
- MINOR: session: don't always assume there's a listener
- MINOR: pattern: Add function to prune and reload pattern list.
- MINOR: standard: Add ipv6 support in the function url2sa().
- MEDIUM: config: Dynamic sections.
- BUG/MEDIUM: stick-table: fix IPv4-to-IPv6 conversion in src_* fetches
- MINOR: http: Add the "language" converter to for use with accept-language
- BUG/MINOR: log: Don't dump empty unique-id
- BUG/MAJOR: session: fix a possible crash with src_tracked
- DOC: Update "language" documentation
- MINOR: http: add the function "del-header" to the directives http-request and http-response
- DOC: add some information on capture.(req|res).hdr
- MINOR: http: capture.req.method and capture.req.uri
- MINOR: http: optimize capture.req.method and capture.req.uri
- MINOR: session: clean up the connection free code
- BUG/MEDIUM: checks: immediately report a connection success
- MEDIUM: connection: don't use real send() flags in snd_buf()
- OPTIM: ssl: implement dynamic record size adjustment
- MINOR: stats: report exact last session time in backend too
- BUG/MEDIUM: stats: the "lastsess" field must appear last in the CSV.
- BUG/MAJOR: check: fix memory leak in "tcp-check connect" over SSL
- BUG/MINOR: channel: initialize xfer_small/xfer_large on new buffers
- MINOR: channel: add the date of last read in the channel
- MEDIUM: stream-int: automatically disable CF_STREAMER flags after idle
- MINOR: ssl: add DEFAULT_SSL_MAX_RECORD to set the record size at build time
- MINOR: config: make the stream interface idle timer user-configurable
- MINOR: config: add global directives to set default SSL ciphers
- MINOR: sample: add a rand() sample fetch to return a sample.
- BUG/MEDIUM: config: immediately abort if peers section has no name
- BUG/MINOR: ssl: fix syntax in config error message
- BUG/MEDIUM: ssl: always send a full buffer after EAGAIN
- BUG/MINOR: config: server on-marked-* statement is ignored in default-server
- BUG/MEDIUM: backend: prefer-last-server breaks redispatch
- BUG/MEDIUM: http: continue to emit 503 on keep-alive to different server
- MEDIUM: acl: fix pattern type for payload / payload_lv
- BUG/MINOR: config: fix a crash on startup when a disabled backend references a peer
- BUG/MEDIUM: compression: fix the output type of the compressor name
- BUG/MEDIUM: http: don't start to forward request data before the connect
- MINOR: http: release compression context only in http_end_txn()
- MINOR: protect ebimtree/ebistree against multiple inclusions
- MEDIUM: proxy: create a tree to store proxies by name
- MEDIUM: proxy: make findproxy() use trees to look up proxies
- MEDIUM: proxy: make get_backend_server() use findproxy() to lookup proxies
- MEDIUM: stick-table: lookup table names using trees.
- MEDIUM: config: faster lookup for duplicated proxy name
- CLEANUP: acl: remove obsolete test in parse_acl_expr()
- MINOR: sample: move smp_to_type to sample.c
- MEDIUM: compression: consider the "q=" attribute in Accept-Encoding
- REORG: cfgparse: move server keyword parsing to server.c
- BUILD: adjust makefile for AIX 5.1
- BUG/MEDIUM: pattern: fix wrong definition of the pat_prune_fcts array
- CLEANUP: pattern: move array definitions to proto/ and not types/
- BUG/MAJOR: counters: check for null-deref when looking up an alternate table
- BUILD: ssl: previous patch failed
- BUILD/MEDIUM: standard: get rid of the last strcpy()
- BUILD/MEDIUM: standard: get rid of sprintf()
- BUILD/MEDIUM: cfgparse: get rid of sprintf()
- BUILD/MEDIUM: checks: get rid of sprintf()
- BUILD/MEDIUM: http: remove calls to sprintf()
- BUG/MEDIUM: systemd-wrapper: fix locating of haproxy binary
- BUILD/MINOR: ssl: remove one call to sprintf()
- MEDIUM: http: don't reject anymore message bodies not containing the url param
- MEDIUM: http: wait for the first chunk or message body length in http_process_body
- CLEANUP: http: rename http_process_request_body()
- CLEANUP: http: prepare dedicated processing for chunked encoded message bodies
- MINOR: http: make msg->eol carry the last CRLF length
- MAJOR: http: do not use msg->sol while processing messages or forwarding data
- MEDIUM: http: http_parse_chunk_crlf() must not advance the buffer pointer
- MAJOR: http: don't update msg->sov anymore while processing the body
- MINOR: http: add a small helper to compute the amount of body bytes present
- MEDIUM: http: add a small helper to compute how far to rewind to find headers
- MINOR: http: add a small helper to compute how far to rewind to find URI
- MEDIUM: http: small helpers to compute how far to rewind to find BODY and DATA
- MAJOR: http: reset msg->sov after headers are forwarded
- MEDIUM: http: forward headers again while waiting for connection to complete
- BUG/MINOR: http: deinitialize compression after a parsing error
- BUG/MINOR: http: deinitialize compression after a compression error
- MEDIUM: http: headers must be forwarded even if data was already inspected
- MAJOR: http: re-enable compression on chunked encoding
- MAJOR: http/compression: fix chunked-encoded response processing
- MEDIUM: http: cleanup: centralize a little bit HTTP compression end
- MEDIUM: http: start to centralize the forwarding code
- MINOR: http: further cleanups of response forwarding function
- MEDIUM: http: only allocate the temporary compression buffer when needed
- MAJOR: http: centralize data forwarding in the request path
- CLEANUP: http: document the response forwarding states
- CLEANUP: http: remove all calls to http_silent_debug()
- DOC: internal: add some reminders about HTTP parsing and pointer states
- BUG/MAJOR: http: fix bug in parse_qvalue() when selecting compression algo
- BUG/MINOR: stats: last session was not always set
- DOC: add pointer to the Cyril's HTML doc in the README
- MEDIUM: config: relax use_backend check to make the condition optional
- MEDIUM: config: report misplaced http-request rules
- MEDIUM: config: report misplaced use-server rules
- DOC: update roadmap with what was done.
|
||
|
Willy Tarreau
|
1a34d57d26 |
[RELEASE] Released version 1.5-dev22
Released version 1.5-dev22 with the following main changes :
- MEDIUM: tcp-check new feature: connect
- MEDIUM: ssl: Set verify 'required' as global default for servers side.
- MINOR: ssl: handshake optim for long certificate chains.
- BUG/MINOR: pattern: pattern comparison executed twice
- BUG/MEDIUM: map: segmentation fault with the stats's socket command "set map ..."
- BUG/MEDIUM: pattern: Segfault in binary parser
- MINOR: pattern: move functions for grouping pat_match_* and pat_parse_* and add documentation.
- MINOR: standard: The parse_binary() returns the length consumed and his documentation is updated
- BUG/MINOR: payload: the patterns of the acl "req.ssl_ver" are no parsed with the good function.
- BUG/MEDIUM: pattern: "pat_parse_dotted_ver()" set bad expect_type.
- BUG/MINOR: sample: The c_str2int converter does not fail if the entry is not an integer
- BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests
- MINOR: doc: Bad cli function name.
- MINOR: http: smp_fetch_capture_header_* fetch captured headers
- BUILD: last release inadvertently prepended a "+" in front of the date
- BUG/MEDIUM: stream-int: fix the keep-alive idle connection handler
- BUG/MEDIUM: backend: do not re-initialize the connection's context upon reuse
- BUG: Revert "OPTIM/MEDIUM: epoll: fuse active events into polled ones during polling changes"
- BUG/MINOR: checks: successful check completion must not re-enable MAINT servers
- MINOR: http: try to stick to same server after status 401/407
- BUG/MINOR: http: always disable compression on HTTP/1.0
- OPTIM: poll: restore polling after a poll/stop/want sequence
- OPTIM: http: don't stop polling for read on the client side after a request
- BUG/MEDIUM: checks: unchecked servers could not be enabled anymore
- BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling
- BUG/MINOR: channel: CHN_INFINITE_FORWARD must be unsigned
- BUG/MINOR: stream-int: do not clear the owner upon unregister
- MEDIUM: stats: add support for HTTP keep-alive on the stats page
- BUG/MEDIUM: stats: fix HTTP/1.0 breakage introduced in previous patch
- Revert "MEDIUM: stats: add support for HTTP keep-alive on the stats page"
- MAJOR: channel: add a new flag CF_WAKE_WRITE to notify the task of writes
- OPTIM: session: set the READ_DONTWAIT flag when connecting
- BUG/MINOR: http: don't clear the SI_FL_DONT_WAKE flag between requests
- MINOR: session: factor out the connect time measurement
- MEDIUM: session: prepare to support earlier transitions to the established state
- MEDIUM: stream-int: make si_connect() return an established state when possible
- MINOR: checks: use an inline function for health_adjust()
- OPTIM: session: put unlikely() around the freewheeling code
- MEDIUM: config: report a warning when multiple servers have the same name
- BUG: Revert "OPTIM: poll: restore polling after a poll/stop/want sequence"
- BUILD/MINOR: listener: remove a glibc warning on accept4()
- BUG/MAJOR: connection: fix mismatch between rcv_buf's API and usage
- BUILD: listener: fix recent accept4() again
- BUG/MAJOR: ssl: fix breakage caused by recent fix
|
||
|
Willy Tarreau
|
6b07bf7598 |
[RELEASE] Released version 1.5-dev21
Released version 1.5-dev21 with the following main changes :
- MINOR: stats: don't use a monospace font to report numbers
- MINOR: session: remove debugging code
- BUG/MAJOR: patterns: fix double free caused by loading strings from files
- MEDIUM: http: make option http_proxy automatically rewrite the URL
- BUG/MEDIUM: http: cook_cnt() forgets to set its output type
- BUG/MINOR: stats: correctly report throttle rate of low weight servers
- BUG/MEDIUM: checks: servers must not start in slowstart mode
- BUG/MINOR: acl: parser must also stop at comma on ACL-only keywords
- MEDIUM: stream-int: implement a very simplistic idle connection manager
- DOC: update the ROADMAP file
|
||
|
Willy Tarreau
|
11f64d65ff |
[RELEASE] Released version 1.5-dev20
Released version 1.5-dev20 with the following main changes :
- DOC: add missing options to the manpage
- DOC: add manpage references to all system calls
- DOC: update manpage reference to haproxy-en.txt
- DOC: remove -s and -l options from the manpage
- DOC: missing information for the "description" keyword
- DOC: missing http-send-name-header keyword in keyword table
- MINOR: tools: function my_memmem() to lookup binary contents
- MEDIUM: checks: add send/expect tcp based check
- MEDIUM: backend: Enhance hash-type directive with an algorithm options
- MEDIUM: backend: Implement avalanche as a modifier of the hashing functions.
- DOC: Documentation for hashing function, with test results.
- BUG/MEDIUM: ssl: potential memory leak using verifyhost
- BUILD: ssl: compilation issue with openssl v0.9.6.
- BUG/MINOR: ssl: potential memory leaks using ssl_c_key_alg or ssl_c_sig_alg.
- MINOR: ssl: optimization of verifyhost on wildcard certificates.
- BUG/MINOR: ssl: verifyhost does not match empty strings on wildcard.
- MINOR: ssl: Add statement 'verifyhost' to "server" statements
- CLEANUP: session: remove event_accept() which was not used anymore
- BUG/MINOR: deinit: free fdinfo while doing cleanup
- DOC: minor typo fix in documentation
- BUG/MEDIUM: server: set the macro for server's max weight SRV_UWGHT_MAX to SRV_UWGHT_RANGE
- BUG/MINOR: use the same check condition for server as other algorithms
- DOC: fix typo in comments
- BUG/MINOR: deinit: free server map which is allocated in init_server_map()
- CLEANUP: stream_interface: cleanup loop information in si_conn_send_loop()
- MINOR: buffer: align the last output line of buffer_dump()
- MINOR: buffer: align the last output line if there are less than 8 characters left
- DOC: stick-table: modify the description
- OPTIM: stream_interface: return directly if the connection flag CO_FL_ERROR has been set
- CLEANUP: code style: use tabs to indent codes
- DOC: checkcache: block responses with cacheable cookies
- BUG/MINOR: check_config_validity: check the returned value of stktable_init()
- MEDIUM: haproxy-systemd-wrapper: Use haproxy in same directory
- MEDIUM: systemd-wrapper: Kill child processes when interrupted
- LOW: systemd-wrapper: Write debug information to stdout
- BUG/MINOR: http: fix "set-tos" not working in certain configurations
- MEDIUM: http: add IPv6 support for "set-tos"
- DOC: ssl: update build instructions to use new SSL_* variables
- BUILD/MINOR: systemd: fix compiler warning about unused result
- url32+src - like base32+src but whole url including parameters
- BUG/MINOR: fix forcing fastinter in "on-error"
- CLEANUP: Make parameters of srv_downtime and srv_getinter const
- CLEANUP: Remove unused 'last_slowstart_change' field from struct peer
- MEDIUM: Split up struct server's check element
- MEDIUM: Move result element to struct check
- MEDIUM: Paramatise functions over the check of a server
- MEDIUM: cfgparse: Factor out check initialisation
- MEDIUM: Add state to struct check
- MEDIUM: Move health element to struct check
- MEDIUM: Add helper for task creation for checks
- MEDIUM: Add helper function for failed checks
- MEDIUM: Log agent fail, stopped or down as info
- MEDIUM: Remove option lb-agent-chk
- MEDIUM: checks: Add supplementary agent checks
- MEDIUM: Do not mark a server as down if the agent is unavailable
- MEDIUM: Set rise and fall of agent checks to 1
- MEDIUM: Add enable and disable agent unix socket commands
- MEDIUM: Add DRAIN state and report it on the stats page
- BUILD/MINOR: missing header file
- CLEANUP: regex: Create regex_comp function that compiles regex using compilation options
- CLEANUP: The function "regex_exec" needs the string length but in many case they expect null terminated char.
- MINOR: http: some exported functions were not in the header file
- MINOR: http: change url_decode to return the size of the decoded string.
- BUILD/MINOR: missing header file
- BUG/MEDIUM: sample: The function v4tov6 cannot support input and output overlap
- BUG/MINOR: arg: fix error reporting for add-header/set-header sample fetch arguments
- MINOR: sample: export the generic sample conversion parser
- MINOR: sample: export sample_casts
- MEDIUM: acl: use the fetch syntax 'fetch(args),conv(),conv()' into the ACL keyword
- MINOR: stick-table: use smp_expr_output_type() to retrieve the output type of a "struct sample_expr"
- MINOR: sample: provide the original sample_conv descriptor struct to the argument checker function.
- MINOR: tools: Add a function to convert buffer to an ipv6 address
- MINOR: acl: export acl arrays
- MINOR: acl: Extract the pattern parsing and indexation from the "acl_read_patterns_from_file()" function
- MINOR: acl: Extract the pattern matching function
- MINOR: sample: Define new struct sample_storage
- MEDIUM: acl: associate "struct sample_storage" to each "struct acl_pattern"
- REORG: acl/pattern: extract pattern matching from the acl file and create pattern.c
- MEDIUM: pattern: create pattern expression
- MEDIUM: pattern: rename "acl" prefix to "pat"
- MEDIUM: sample: let the cast functions set their output type
- MINOR: sample: add a private field to the struct sample_conv
- MINOR: map: Define map types
- MEDIUM: sample: add the "map" converter
- MEDIUM: http: The redirect strings follows the log format rules.
- BUG/MINOR: acl: acl parser does not recognize empty converter list
- BUG/MINOR: map: The map list was declared in the map.h file
- MINOR: map: Cleanup the initialisation of map descriptors.
- MEDIUM: map: merge identical maps
- BUG/MEDIUM: pattern: Pattern node has type of "struct pat_idx_elt" in place of "struct eb_node"
- BUG/MEDIUM: map: Bad map file parser
- CLEANUP/MINOR: standard: use the system define INET6_ADDRSTRLEN in place of MAX_IP6_LEN
- BUG/MEDIUM: sample: conversion from str to ipv6 may read data past end
- MINOR: map: export map_get_reference() function
- MINOR: pattern: Each pattern sets the expected input type
- MEDIUM: acl: Last patch change the output type
- MEDIUM: pattern: Extract the index process from the pat_parse_*() functions
- MINOR: standard: The function parse_binary() can use preallocated buffer
- MINOR: regex: Change the struct containing regex
- MINOR: regex: Copy the original regex expression into string.
- MINOR: pattern: add support for compiling patterns for lookups
- MINOR: pattern: make the pattern matching function return a pointer to the matched element
- MINOR: map: export parse output sample functions
- MINOR: pattern: add function to lookup a specific entry in pattern list
- MINOR: pattern/map: Each pattern must free the associated sample
- MEDIUM: dumpstat: make the CLI parser understand the backslash as an escape char
- MEDIUM: map: dynamic manipulation of maps
- BUG/MEDIUM: unique_id: junk in log on empty unique_id
- BUG/MINOR: log: junk at the end of syslog packet
- MINOR: Makefile: provide cscope rule
- DOC: compression: chunk are not compressed anymore
- MEDIUM: session: disable lingering on the server when the client aborts
- BUG/MEDIUM: prevent gcc from moving empty keywords lists into BSS
- DOC: remove the comment saying that SSL certs are not checked on the server side
- BUG: counters: third counter was not stored if others unset
- BUG/MAJOR: http: don't emit the send-name-header when no server is available
- BUG/MEDIUM: http: "option checkcache" fails with the no-cache header
- BUG/MAJOR: http: sample prefetch code was not properly migrated
- BUG/MEDIUM: splicing: fix abnormal CPU usage with splicing
- BUG/MINOR: stream_interface: don't call chk_snd() on polled events
- OPTIM: splicing: use splice() for the last block when relevant
- MEDIUM: sample: handle comma-delimited converter list
- MINOR: sample: fix sample_process handling of unstable data
- CLEANUP: acl: move the 3 remaining sample fetches to samples.c
- MINOR: sample: add a new "date" fetch to return the current date
- MINOR: samples: add the http_date([<offset>]) sample converter.
- DOC: minor improvements to the part on the stats socket.
- MEDIUM: sample: systematically pass the keyword pointer to the keyword
- MINOR: payload: split smp_fetch_rdp_cookie()
- MINOR: counters: factor out smp_fetch_sc*_tracked
- MINOR: counters: provide a generic function to retrieve a stkctr for sc* and src.
- MEDIUM: counters: factor out smp_fetch_sc*_get_gpc0
- MEDIUM: counters: factor out smp_fetch_sc*_gpc0_rate
- MEDIUM: counters: factor out smp_fetch_sc*_inc_gpc0
- MEDIUM: counters: factor out smp_fetch_sc*_clr_gpc0
- MEDIUM: counters: factor out smp_fetch_sc*_conn_cnt
- MEDIUM: counters: factor out smp_fetch_sc*_conn_rate
- MEDIUM: counters: factor out smp_fetch_sc*_conn_cur
- MEDIUM: counters: factor out smp_fetch_sc*_sess_cnt
- MEDIUM: counters: factor out smp_fetch_sc*_sess_rate
- MEDIUM: counters: factor out smp_fetch_sc*_http_req_cnt
- MEDIUM: counters: factor out smp_fetch_sc*_http_req_rate
- MEDIUM: counters: factor out smp_fetch_sc*_http_err_cnt
- MEDIUM: counters: factor out smp_fetch_sc*_http_err_rate
- MEDIUM: counters: factor out smp_fetch_sc*_kbytes_in
- MEDIUM: counters: factor out smp_fetch_sc*_bytes_in_rate
- MEDIUM: counters: factor out smp_fetch_sc*_kbytes_out
- MEDIUM: counters: factor out smp_fetch_sc*_bytes_out_rate
- MEDIUM: counters: factor out smp_fetch_sc*_trackers
- MINOR: session: make the number of stick counter entries more configurable
- MEDIUM: counters: support passing the counter number as a fetch argument
- MEDIUM: counters: support looking up a key in an alternate table
- MEDIUM: cli: adjust the method for feeding frequency counters in tables
- MINOR: cli: make it possible to enter multiple values at once with "set table"
- MINOR: payload: allow the payload sample fetches to retrieve arbitrary lengths
- BUG/MINOR: cli: "clear table" must not kill entries that don't match condition
- MINOR: ssl: use MAXPATHLEN instead of PATH_MAX
- MINOR: config: warn when a server with no specific port uses rdp-cookie
- BUG/MEDIUM: unique_id: HTTP request counter must be unique!
- DOC: add a mention about the limited chunk size
- BUG/MEDIUM: fix broken send_proxy on FreeBSD
- MEDIUM: stick-tables: flush old entries upon soft-stop
- MINOR: tcp: add new "close" action for tcp-response
- MINOR: payload: provide the "res.len" fetch method
- BUILD: add SSL_INC/SSL_LIB variables to force the path to openssl
- MINOR: http: compute response time before processing headers
- BUG/MINOR: acl: fix improper string size assignment in proxy argument
- BUG/MEDIUM: http: accept full buffers on smp_prefetch_http
- BUG/MINOR: acl: implicit arguments of ACL keywords were not properly resolved
- BUG/MEDIUM: session: risk of crash on out of memory conditions
- BUG/MINOR: peers: set the accept date in outgoing connections
- BUG/MEDIUM: tcp: do not skip tracking rules on second pass
- BUG/MEDIUM: acl: do not evaluate next terms after a miss
- MINOR: acl: add a warning when an ACL keyword is used without any value
- MINOR: tcp: don't use tick_add_ifset() when timeout is known to be set
- BUG/MINOR: acl: remove patterns from the tree before freeing them
- MEDIUM: backend: add support for the wt6 hash
- OPTIM/MEDIUM: epoll: fuse active events into polled ones during polling changes
- OPTIM/MINOR: mark the source address as already known on accept()
- BUG/MINOR: stats: don't count tarpitted connections twice
- CLEANUP: http: homogenize processing of denied req counter
- CLEANUP: http: merge error handling for req* and http-request *
- BUG/MEDIUM: http: fix possible parser crash when parsing erroneous "http-request redirect" rules
- BUG/MINOR: http: fix build warning introduced with url32/url32_src
- BUG/MEDIUM: checks: fix slow start regression after fix attempt
- BUG/MAJOR: server: weight calculation fails for map-based algorithms
- MINOR: stats: report correct throttling percentage for servers in slowstart
- OPTIM: connection: fold the error handling with handshake handling
- MINOR: peers: accept to learn strings of different lengths
- BUG/MAJOR: fix haproxy crash when using server tracking instead of checks
- BUG/MAJOR: check: fix haproxy crash during soft-stop/soft-start
- BUG/MINOR: stats: do not report "via" on tracking servers in maintenance
- BUG/MINOR: connection: fix typo in error message report
- BUG/MINOR: backend: fix target address retrieval in transparent mode
- BUG/MINOR: config: report the correct track-sc number in tcp-rules
- BUG/MINOR: log: fix log-format parsing errors
- DOC: add some information about how to apply converters to samples
- MINOR: acl/pattern: use types different from int to clarify who does what.
- MINOR: pattern: import acl_find_match_name() into pattern.h
- MEDIUM: stick-tables: support automatic conversion from ipv4<->ipv6
- MEDIUM: log-format: relax parsing of '%' followed by unsupported characters
- BUG/MINOR: http: usual deinit stuff in last commit
- BUILD: log: silent a warning about isblank() with latest patches
- BUG/MEDIUM: checks: fix health check regression causing them to depend on declaration order
- BUG/MEDIUM: checks: fix a long-standing issue with reporting connection errors
- BUG/MINOR: checks: don't consider errno and use conn->err_code
- BUG/MEDIUM: checks: also update the DRAIN state from the web interface
- MINOR: stats: remove some confusion between the DRAIN state and NOLB
- BUG/MINOR: tcp: check that no error is pending during a connect probe
- BUG/MINOR: connection: check EINTR when sending a PROXY header
- MEDIUM: connection: set the socket shutdown flags on socket errors
- BUG/MEDIUM: acl: fix regression introduced by latest converters support
- MINOR: connection: clear errno prior to checking for errors
- BUG/MINOR: checks: do not trust errno in write event before any syscall
- MEDIUM: checks: centralize error reporting
- OPTIM: checks: don't poll on recv when using plain TCP connects
- OPTIM: checks: avoid setting SO_LINGER twice
- MINOR: tools: add a generic binary hex string parser
- BUG/MEDIUM: checks: tcp-check: do not poll when there's nothing to send
- BUG/MEDIUM: check: tcp-check might miss some outgoing data when socket buffers are full
- BUG/MEDIUM: args: fix double free on error path in argument expression parser
- BUG/MINOR: acl: fix sample expression error reporting
- BUG/MINOR: checks: tcp-check actions are enums, not flags
- MEDIUM: checks: make tcp-check perform multiple send() at once
- BUG/MEDIUM: stick: completely remove the unused flag from the store entries
- OPTIM: ebtree: pack the struct eb_node to avoid holes on 64-bit
- BUG/MEDIUM: stick-tables: complete the latest fix about store-responses
- CLEANUP: stream_interface: remove unused field err_loc
- MEDIUM: stats: don't use conn->xprt_st anymore
- MINOR: session: add a simple function to retrieve a session from a task
- MEDIUM: stats: don't use conn->xprt_ctx anymore
- MEDIUM: peers: don't rely on conn->xprt_ctx anymore
- MINOR: http: prevent smp_fetch_url_{ip,port} from using si->conn
- MINOR: connection: make it easier to emit proxy protocol for unknown addresses
- MEDIUM: stats: prepare the HTTP stats I/O handler to support more states
- MAJOR: stats: move the HTTP stats handling to its applet
- MEDIUM: stats: move request argument processing to the final step
- MEDIUM: session: detect applets from the session by using s->target
- MAJOR: session: check for a connection to an applet in sess_prepare_conn_req()
- MAJOR: session: pass applet return traffic through the response analysers
- MEDIUM: stream-int: split the shutr/shutw functions between applet and conn
- MINOR: stream-int: make the shutr/shutw functions void
- MINOR: obj: provide a safe and an unsafe access to pointed objects
- MINOR: connection: add a field to store an object type
- MINOR: connection: always initialize conn->objt_type to OBJ_TYPE_CONN
- MEDIUM: stream interface: move the peers' ptr into the applet context
- MINOR: stream-interface: move the applet context to its own struct
- MINOR: obj: introduce a new type appctx
- MINOR: stream-int: rename ->applet to ->appctx
- MINOR: stream-int: split si_prepare_embedded into si_prepare_none and si_prepare_applet
- MINOR: stream-int: add a new pointer to the end point
- MEDIUM: stream-interface: set the pointer to the applet into the applet context
- MAJOR: stream interface: remove the ->release function pointer
- MEDIUM: stream-int: make ->end point to the connection or the appctx
- CLEANUP: stream-int: remove obsolete si_ctrl function
- MAJOR: stream-int: stop using si->conn and use si->end instead
- MEDIUM: stream-int: do not allocate a connection in parallel to applets
- MEDIUM: session: attach incoming connection to target on embryonic sessions
- MINOR: connection: add conn_init() to (re)initialize a connection
- MINOR: checks: call conn_init() to properly initialize the connection.
- MINOR: peers: make use of conn_init() to initialize the connection
- MINOR: session: use conn_init() to initialize the connections
- MINOR: http: use conn_init() to reinitialize the server connection
- MEDIUM: connection: replace conn_prepare with conn_assign
- MINOR: get rid of si_takeover_conn()
- MINOR: connection: add conn_new() / conn_free()
- MAJOR: connection: add two new flags to indicate readiness of control/transport
- MINOR: stream-interface: introduce si_reset() and si_set_state()
- MINOR: connection: reintroduce conn_prepare to set the protocol and transport
- MINOR: connection: replace conn_assign with conn_attach
- MEDIUM: stream-interface: introduce si_attach_conn to replace si_prepare_conn
- MAJOR: stream interface: dynamically allocate the outgoing connection
- MEDIUM: connection: move the send_proxy offset to the connection
- MINOR: connection: check for send_proxy during the connect(), not the SI
- MEDIUM: connection: merge the send_proxy and local_send_proxy calls
- MEDIUM: stream-int: replace occurrences of si->appctx with si_appctx()
- MEDIUM: stream-int: return the allocated appctx in stream_int_register_handler()
- MAJOR: stream-interface: dynamically allocate the applet context
- MEDIUM: session: automatically register the applet designated by the target
- MEDIUM: stats: delay appctx initialization
- CLEANUP: peers: use less confusing state/status code names
- MEDIUM: peers: delay appctx initialization
- MINOR: stats: provide some appctx information in "show sess all"
- DIET/MINOR: obj: pack the obj_type enum to 8 bits
- DIET/MINOR: connection: rearrange a few fields to save 8 bytes in the struct
- DIET/MINOR: listener: rearrange a few fields in struct listener to save 16 bytes
- DIET/MINOR: proxy: rearrange a few fields in struct proxy to save 16 bytes
- DIET/MINOR: session: reduce the struct session size by 8 bytes
- DIET/MINOR: stream-int: rearrange a few fields in struct stream_interface to save 8 bytes
- DIET/MINOR: http: reduce the size of struct http_txn by 8 bytes
- MINOR: http: switch the http state to an enum
- MINOR: http: use an enum for the auth method in http_auth_data
- DIET/MINOR: task: reduce struct task size by 8 bytes
- MINOR: stream_interface: add reporting of ressouce allocation errors
- MINOR: session: report lack of resources using the new stream-interface's error code
- BUILD: simplify the date and version retrieval in the makefile
- BUILD: prepare the makefile to skip format lines in SUBVERS and VERDATE
- BUILD: use format tags in VERDATE and SUBVERS files
- BUG/MEDIUM: channel: bo_getline() must wait for \n until buffer is full
- CLEANUP: check: server port is unsigned
- BUG/MEDIUM: checks: agent doesn't get the response if server does not closes
- MINOR: tools: buf2ip6 must not modify output on failure
- MINOR: pattern: do not assign SMP_TYPES by default to patterns
- MINOR: sample: make sample_parse_expr() use memprintf() to report parse errors
- MINOR: arg: improve wording on error reporting
- BUG/MEDIUM: sample: simplify and fix the argument parsing
- MEDIUM: acl: fix the argument parser to let the lower layer report detailed errors
- MEDIUM: acl: fix the initialization order of the ACL expression
- CLEANUP: acl: remove useless blind copy-paste from sample converters
- TESTS: add regression tests for ACL and sample expression parsers
- BUILD: time: adapt the type of TV_ETERNITY to the local system
- MINOR: chunks: allocate the trash chunks before parsing the config
- BUILD: definitely silence some stupid GCC warnings
- MINOR: chunks: always initialize the output chunk in get_trash_chunk()
- MINOR: checks: improve handling of the servers tracking chain
- REORG: checks: retrieve the check-specific defines from server.h to checks.h
- MINOR: checks: use an enum instead of flags to report a check result
- MINOR: checks: rename the state flags
- MINOR: checks: replace state DISABLED with CONFIGURED and ENABLED
- MINOR: checks: use check->state instead of srv->state & SRV_CHECKED
- MINOR: checks: fix agent check interval computation
- MINOR: checks: add a PAUSED state for the checks
- MINOR: checks: create the agent tasks even when no check is configured
- MINOR: checks: add a flag to indicate what check is an agent
- MEDIUM: checks: enable agent checks even if health checks are disabled
- BUG/MEDIUM: checks: ensure we can enable a server after boot
- BUG/MEDIUM: checks: tracking servers must not inherit the MAINT flag
- BUG/MAJOR: session: repair tcp-request connection rules
- BUILD: fix SUBVERS extraction in the Makefile
- BUILD: pattern: silence a warning about uninitialized value
- BUILD: log: fix build warning on Solaris
- BUILD: dumpstats: fix build error on Solaris
- DOC: move option pgsql-check to the correct place
- DOC: move option tcp-check to the proper place
- MINOR: connection: add simple functions to report connection readiness
- MEDIUM: connection: centralize handling of nolinger in fd management
- OPTIM: http: set CF_READ_DONTWAIT on response message
- OPTIM: http: do not re-enable reading on client side while closing the server side
- MINOR: config: add option http-keep-alive
- MEDIUM: connection: inform si_alloc_conn() whether existing conn is OK or not
- MAJOR: stream-int: handle the connection reuse in si_connect()
- MAJOR: http: add the keep-alive transition on the server side
- MAJOR: backend: enable connection reuse
- MINOR: http: add option prefer-last-server
- MEDIUM: http: do not report connection errors for second and further requests
|
||
|
Willy Tarreau
|
eab1dc6234 |
[RELEASE] Released version 1.5-dev19
Released version 1.5-dev19 with the following main changes :
- MINOR: stats: remove the autofocus on the scope input field
- BUG/MEDIUM: Fix crt-list file parsing error: filtered name was ignored.
- BUG/MEDIUM: ssl: EDH ciphers are not usable if no DH parameters present in pem file.
- BUG/MEDIUM: shctx: makes the code independent on SSL runtime version.
- MEDIUM: ssl: improve crt-list format to support negation
- BUG: ssl: fix crt-list for clients not supporting SNI
- MINOR: stats: show soft-stopped servers in different color
- BUG/MINOR: config: "source" does not work in defaults section
- BUG: regex: fix pcre compile error when using JIT
- MINOR: ssl: add pattern fetch 'ssl_c_sha1'
- BUG: ssl: send payload gets corrupted if tune.ssl.maxrecord is used
- MINOR: show PCRE version and JIT status in -vv
- BUG/MINOR: jit: don't rely on USE flag to detect support
- DOC: readme: add suggestion to link against static openssl
- DOC: examples: provide simplified ssl configuration
- REORG: tproxy: prepare the transparent proxy defines for accepting other OSes
- MINOR: tproxy: add support for FreeBSD
- MINOR: tproxy: add support for OpenBSD
- DOC: examples: provide an example of transparent proxy configuration for FreeBSD 8
- CLEANUP: fix minor typo in error message.
- CLEANUP: fix missing include <string.h> in proto/listener.h
- CLEANUP: protect checks.h from multiple inclusions
- MINOR: compression: acl "res.comp" and fetch "res.comp_algo"
- BUG/MINOR: http: add-header/set-header did not accept the ACL condition
- BUILD: mention in the Makefile that USE_PCRE_JIT is for libpcre >= 8.32
- BUG/MEDIUM: splicing is broken since 1.5-dev12
- BUG/MAJOR: acl: add implicit arguments to the resolve list
- BUG/MINOR: tcp: fix error reporting for TCP rules
- CLEANUP: peers: remove a bit of spaghetti to prepare for the next bugfix
- MINOR: stick-table: allow to allocate an entry without filling it
- BUG/MAJOR: peers: fix an overflow when syncing strings larger than 16 bytes
- MINOR: session: only call http_send_name_header() when changing the server
- MINOR: tcp: report the erroneous word in tcp-request track*
- BUG/MAJOR: backend: consistent hash can loop forever in certain circumstances
- BUG/MEDIUM: log: fix regression on log-format handling
- MEDIUM: log: report file name, line number, and directive name with log-format errors
- BUG/MINOR: cli: "clear table" did not work anymore without a key
- BUG/MINOR: cli: "clear table xx data.xx" does not work anymore
- BUG/MAJOR: http: compression still has defects on chunked responses
- BUG/MINOR: stats: fix confirmation links on the stats interface
- BUG/MINOR: stats: the status bar does not appear anymore after a change
- BUG/MEDIUM: stats: allocate the stats frontend also on "stats bind-process"
- BUG/MEDIUM: stats: fix a regression when dealing with POST requests
- BUG/MINOR: fix unterminated ACL array in compression
- BUILD: last fix broke non-linux platforms
- MINOR: init: indicate the SSL runtime version on -vv.
- BUG/MEDIUM: compression: the deflate algorithm must use global settings as well
- BUILD: stdbool is not portable (again)
- DOC: readme: add a small reminder about restrictions to respect in the code
- MINOR: ebtree: add new eb_next_dup/eb_prev_dup() functions to visit duplicates
- BUG/MINOR: acl: fix a double free during exit when using PCRE_JIT
- DOC: fix wrong copy-paste in the rspdel example
- MINOR: counters: make it easier to extend the amount of tracked counters
- MEDIUM: counters: add support for tracking a third counter
- MEDIUM: counters: add a new "gpc0_rate" counter in stick-tables
- BUG/MAJOR: http: always ensure response buffer has some room for a response
- MINOR: counters: add fetch/acl sc*_tracked to indicate whether a counter is tracked
- MINOR: defaults: allow REQURI_LEN and CAPTURE_LEN to be redefined
- MINOR: log: add a new flag 'L' for locally processed requests
- MINOR: http: add full-length header fetch methods
- MEDIUM: protocol: implement a "drain" function in protocol layers
- MEDIUM: http: add a new "http-response" ruleset
- MEDIUM: http: add the "set-nice" action to http-request and http-response
- MEDIUM: log: add a log level override value in struct session
- MEDIUM: http: add support for action "set-log-level" in http-request/http-response
- MEDIUM: http: add support for "set-tos" in http-request/http-response
- MEDIUM: http: add the "set-mark" action on http-request/http-response rules
- MEDIUM: tcp: add "tcp-request connection expect-proxy layer4"
- MEDIUM: acl: automatically detect the type of certain fetches
- MEDIUM: acl: remove a lot of useless ACLs that are equivalent to their fetches
- MEDIUM: acl: remove 15 additional useless ACLs that are equivalent to their fetches
- DOC: major reorg of ACL + sample fetch
- CLEANUP: http: remove the bogus urlp_ip ACL match
- MINOR: acl: add the new "env()" fetch method to retrieve an environment variable
- BUG/MINOR: acl: correctly consider boolean fetches when doing casts
- BUG/CRITICAL: fix a possible crash when using negative header occurrences
- DOC: update ROADMAP file
- MEDIUM: counters: use sc0/sc1/sc2 instead of sc1/sc2/sc3
- MEDIUM: stats: add proxy name filtering on the statistic page
|
||
Lukas Tribus
|
19f7fda81f |
DOC: examples: provide simplified ssl configuration
Provides a minimalistic ssl configuration example - no details because they belong to doc/*. |
||
Pieter Baauw
|
06da4df056 |
DOC: examples: provide an example of transparent proxy configuration for FreeBSD 8
There is very little documentation on how to make haproxy work in transparent mode under FreeBSD, so let's start with this example. |
||
|
Willy Tarreau
|
289dd92a64 |
[RELEASE] Released version 1.5-dev18
Released version 1.5-dev18 with the following main changes :
- DOCS: Add explanation of intermediate certs to crt paramater
- DOC: typo and minor fixes in compression paragraph
- MINOR: config: http-request configuration error message misses new keywords
- DOC: minor typo fix in documentation
- BUG/MEDIUM: ssl: ECDHE ciphers not usable without named curve configured.
- MEDIUM: ssl: add bind-option "strict-sni"
- MEDIUM: ssl: add mapping from SNI to cert file using "crt-list"
- MEDIUM: regex: Use PCRE JIT in acl
- DOC: simplify bind option "interface" explanation
- DOC: tfo: bump required kernel to linux-3.7
- BUILD: add explicit support for TFO with USE_TFO
- MEDIUM: New cli option -Ds for systemd compatibility
- MEDIUM: add haproxy-systemd-wrapper
- MEDIUM: add systemd service
- BUG/MEDIUM: systemd-wrapper: don't leak zombie processes
- BUG/MEDIUM: remove supplementary groups when changing gid
- BUG/MEDIUM: config: fix parser crash with bad bind or server address
- BUG/MINOR: Correct logic in cut_crlf()
- CLEANUP: checks: Make desc argument to set_server_check_status const
- CLEANUP: dumpstats: Make cli_release_handler() static
- MEDIUM: server: Break out set weight processing code
- MEDIUM: server: Allow relative weights greater than 100%
- MEDIUM: server: Tighten up parsing of weight string
- MEDIUM: checks: Add agent health check
- BUG/MEDIUM: ssl: openssl 0.9.8 doesn't open /dev/random before chroot
- BUG/MINOR: time: frequency counters are not totally accurate
- BUG/MINOR: http: don't process abortonclose when request was sent
- BUG/MEDIUM: stream_interface: don't close outgoing connections on shutw()
- BUG/MEDIUM: checks: ignore late resets after valid responses
- DOC: fix bogus recommendation on usage of gpc0 counter
- BUG/MINOR: http-compression: lookup Cache-Control in the response, not the request
- MINOR: signal: don't block SIGPROF by default
- OPTIM: epoll: make use of EPOLLRDHUP
- OPTIM: splice: detect shutdowns and avoid splice() == 0
- OPTIM: splice: assume by default that splice is working correctly
- BUG/MINOR: log: temporary fix for lost SSL info in some situations
- BUG/MEDIUM: peers: only the last peers section was used by tables
- BUG/MEDIUM: config: verbosely reject peers sections with multiple local peers
- BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait()
- BUG/MINOR: config: fix improper check for failed memory alloc in ACL parser
- BUG/MINOR: config: free peer's address when exiting upon parsing error
- BUG/MINOR: config: check the proper variable when parsing log minlvl
- BUG/MEDIUM: checks: ensure the health_status is always within bounds
- BUG/MINOR: cli: show sess should always validate s->listener
- BUG/MINOR: log: improper NULL return check on utoa_pad()
- CLEANUP: http: remove a useless null check
- CLEANUP: tcp/unix: remove useless NULL check in {tcp,unix}_bind_listener()
- BUG/MEDIUM: signal: signal handler does not properly check for signal bounds
- BUG/MEDIUM: tools: off-by-one in quote_arg()
- BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage
- BUG/MINOR: unix: remove the 'level' field from the ux struct
- CLEANUP: http: don't try to deinitialize http compression if it fails before init
- CLEANUP: config: slowstart is never negative
- CLEANUP: config: maxcompcpuusage is never negative
- BUG/MEDIUM: log: emit '-' for empty fields again
- BUG/MEDIUM: checks: fix a race condition between checks and observe layer7
- BUILD: fix a warning emitted by isblank() on non-c99 compilers
- BUILD: improve the makefile's support for libpcre
- MEDIUM: halog: add support for counting per source address (-ic)
- MEDIUM: tools: make str2sa_range support all address syntaxes
- MEDIUM: config: make use of str2sa_range() instead of str2sa()
- MEDIUM: config: use str2sa_range() to parse server addresses
- MEDIUM: config: use str2sa_range() to parse peers addresses
- MINOR: tests: add a config file to ease address parsing tests.
- MINOR: ssl: add a global tunable for the max SSL/TLS record size
- BUG/MINOR: syscall: fix NR_accept4 system call on sparc/linux
- BUILD/MINOR: syscall: add definition of NR_accept4 for ARM
- MINOR: config: report missing peers section name
- BUG/MEDIUM: tools: fix bad character handling in str2sa_range()
- BUG/MEDIUM: stats: never apply "unix-bind prefix" to the global stats socket
- MINOR: tools: prepare str2sa_range() to return an error message
- BUG/MEDIUM: checks: don't call connect() on unsupported address families
- MINOR: tools: prepare str2sa_range() to accept a prefix
- MEDIUM: tools: make str2sa_range() parse unix addresses too
- MEDIUM: config: make str2listener() use str2sa_range() to parse unix addresses
- MEDIUM: config: use a single str2sa_range() call to parse bind addresses
- MEDIUM: config: use str2sa_range() to parse log addresses
- CLEANUP: tools: remove str2sun() which is not used anymore.
- MEDIUM: config: add complete support for str2sa_range() in dispatch
- MEDIUM: config: add complete support for str2sa_range() in server addr
- MEDIUM: config: add complete support for str2sa_range() in 'server'
- MEDIUM: config: add complete support for str2sa_range() in 'peer'
- MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc'
- CLEANUP: minor cleanup in str2sa_range() and str2ip()
- CLEANUP: config: do not use multiple errmsg at once
- MEDIUM: tools: support specifying explicit address families in str2sa_range()
- MAJOR: listener: support inheriting a listening fd from the parent
- MAJOR: tools: support environment variables in addresses
- BUG/MEDIUM: http: add-header should not emit "-" for empty fields
- BUG/MEDIUM: config: ACL compatibility check on "redirect" was wrong
- BUG/MEDIUM: http: fix another issue caused by http-send-name-header
- DOC: mention the new HTTP 307 and 308 redirect statues
- MEDIUM: poll: do not use FD_* macros anymore
- BUG/MAJOR: ev_select: disable the select() poller if maxsock > FD_SETSIZE
- BUG/MINOR: acl: ssl_fc_{alg,use}_keysize must parse integers, not strings
- BUG/MINOR: acl: ssl_c_used, ssl_fc{,_has_crt,_has_sni} take no pattern
- BUILD: fix usual isdigit() warning on solaris
- BUG/MEDIUM: tools: vsnprintf() is not always reliable on Solaris
- OPTIM: buffer: remove one jump in buffer_count()
- OPTIM: http: improve branching in chunk size parser
- OPTIM: http: optimize the response forward state machine
- BUILD: enable poll() by default in the makefile
- BUILD: add explicit support for Mac OS/X
- BUG/MAJOR: http: use a static storage for sample fetch context
- BUG/MEDIUM: ssl: improve error processing and reporting in ssl_sock_load_cert_list_file()
- BUG/MAJOR: http: fix regression introduced by commit
|
||
|
Willy Tarreau
|
a3ecbd9023 |
[RELEASE] Released version 1.5-dev17
Released version 1.5-dev17 with the following main changes :
- MINOR: ssl: Setting global tune.ssl.cachesize value to 0 disables SSL session cache.
- BUG/MEDIUM: stats: fix stats page regression introduced by commit
|
||
|
Willy Tarreau
|
69eda35acd |
[RELEASE] Released version 1.5-dev16
Released version 1.5-dev16 with the following main changes :
- BUG/MEDIUM: ssl: Prevent ssl error from affecting other connections.
- BUG/MINOR: ssl: error is not reported if it occurs simultaneously with peer close detection.
- MINOR: ssl: add fetch and acl "ssl_c_used" to check if current SSL session uses a client certificate.
- MINOR: contrib: make the iprange tool grep for addresses
- CLEANUP: polling: gcc doesn't always optimize constants away
- OPTIM: poll: optimize fd management functions for low register count CPUs
- CLEANUP: poll: remove a useless double-check on fdtab[fd].owner
- OPTIM: epoll: use a temp variable for intermediary flag computations
- OPTIM: epoll: current fd does not count as a new one
- BUG/MINOR: poll: the I/O handler was called twice for polled I/Os
- MINOR: http: make resp_ver and status ACLs check for the presence of a response
- BUG/MEDIUM: stream-interface: fix possible stalls during transfers
- BUG/MINOR: stream_interface: don't return when the fd is already set
- BUG/MEDIUM: connection: always update connection flags prior to computing polling
- CLEANUP: buffer: use buffer_empty() instead of buffer_len()==0
- BUG/MAJOR: stream_interface: fix occasional data transfer freezes
- BUG/MEDIUM: stream_interface: fix another case where the reader might not be woken up
- BUG/MINOR: http: don't abort client connection on premature responses
- BUILD: no need to clean up when making git-tar
- MINOR: log: add a tag for amount of bytes uploaded from client to server
- BUG/MEDIUM: log: fix possible segfault during config parsing
- MEDIUM: log: change a few log tokens to make them easier to remember
- BUG/MINOR: log: add_to_logformat_list() used the wrong constants
- MEDIUM: log-format: make the format parser more robust and more extensible
- MINOR: sample: support cast from bool to string
- MINOR: samples: add a function to fetch and convert any sample to a string
- MINOR: log: add lf_text_len
- MEDIUM: log: add the ability to include samples in logs
- REORG: stats: massive code reorg and cleanup
- REORG: stats: move the HTTP header injection to proto_http
- REORG: stats: functions are now HTTP/CLI agnostic
- BUG/MINOR: log: fix regression introduced by commit 8a3f52
- MINOR: chunks: centralize the trash chunk allocation
- MEDIUM: stats: use hover boxes instead of title to report details
- MEDIUM: stats: use multi-line tips to display detailed counters
- MINOR: tools: simplify the use of the int to ascii macros
- MINOR: stats: replace STAT_FMT_CSV with STAT_FMT_HTML
- MINOR: http: prepare to support more http-request actions
- MINOR: log: make parse_logformat_string() take a const char *
- MEDIUM: http: add http-request 'add-header' and 'set-header' to build headers
|
||
|
Willy Tarreau
|
0cae4b3218 |
[RELEASE] Released version 1.5-dev15
Released version 1.5-dev15 with the following main changes :
- DOC: add a few precisions on compression
- BUG/MEDIUM: ssl: Fix handshake failure on session resumption with client cert.
- BUG/MINOR: ssl: One free session in cache remains unused.
- BUG/MEDIUM: ssl: first outgoing connection would fail with {ca,crt}-ignore-err
- MEDIUM: ssl: manage shared cache by blocks for huge sessions.
- MINOR: acl: add fetch for server session rate
- BUG/MINOR: compression: Content-Type is case insensitive
- MINOR: compression: disable on multipart or status != 200
- BUG/MINOR: http: don't report client aborts as server errors
- MINOR: stats: compute the ratio of compressed response based on 2xx responses
- MINOR: http: factor out the content-type checks
- BUG/MAJOR: stats: correctly check for a possible divide error when showing compression ratios
- BUILD: ssl: OpenSSL 0.9.6 has no renegociation
- BUG/MINOR: http: disable compression when message has no body
- MINOR: compression: make the stats a bit more robust
- BUG/MEDIUM: comp: DEFAULT_MAXZLIBMEM was expressed in bytes and not megabytes
- MINOR: connection: don't remove failed handshake flags
- MEDIUM: connection: add an error code in connections
- MEDIUM: connection: add minimal error reporting in logs for incomplete connections
- MEDIUM: connection: add error reporting for the PROXY protocol header
- MEDIUM: connection: add error reporting for the SSL
- DOC: document the connection error format in logs
- BUG/MINOR: http: don't log a 503 on client errors while waiting for requests
- BUILD: stdbool is not portable
- BUILD: ssl: NAME_MAX is not portable, use MAXPATHLEN instead
- BUG/MAJOR: raw_sock: must check error code on hangup
- BUG/MAJOR: polling: do not set speculative events on ERR nor HUP
- BUG/MEDIUM: session: fix FD leak when transport layer logging is enabled
- MINOR: stats: add a few more information on session dump
- BUG/MINOR: tcp: set the ADDR_TO_SET flag on outgoing connections
- CLEANUP: connection: remove unused server/proxy/task/si_applet declarations
- BUG/MEDIUM: tcp: process could theorically crash on lack of source ports
- MINOR: cfgparse: mention "interface" in the list of allowed "source" options
- MEDIUM: connection: introduce "struct conn_src" for servers and proxies
- CLEANUP: proto_tcp: use the same code to bind servers and backends
- CLEANUP: backend: use the same tproxy address selection code for servers and backends
- BUG/MEDIUM: stick-tables: conversions to strings were broken in dev13
- MEDIUM: proto_tcp: add support for tracking L7 information
- MEDIUM: counters: add sc1_trackers/sc2_trackers
- MINOR: http: add the "base32" pattern fetch function
- MINOR: http: add the "base32+src" fetch method.
- CLEANUP: session: use an array for the stick counters
- BUG/MINOR: proto_tcp: fix parsing of "table" in track-sc1/2
- BUG/MINOR: proto_tcp: bidirectional fetches not supported anymore in track-sc1/2
- BUG/MAJOR: connection: always recompute polling status upon I/O
- BUG/MINOR: connection: remove a few synchronous calls to polling updates
- MINOR: config: improve error checking on TCP stick-table tracking
- DOC: add some clarifications to the readme
|
||
|
Willy Tarreau
|
fee48ce452 |
[RELEASE] Released version 1.5-dev14
Released version 1.5-dev14 with the following main changes :
- DOC: fix minor typos
- BUG/MEDIUM: compression: does not forward trailers
- MINOR: buffer_dump with ASCII
- BUG/MEDIUM: checks: mark the check as stopped after a connect error
- BUG/MEDIUM: checks: ensure we completely disable polling upon success
- BUG/MINOR: checks: don't mark the FD as closed before transport close
- MEDIUM: checks: avoid accumulating TIME_WAITs during checks
- MINOR: cli: report the msg state in full text in "show sess $PTR"
- CLEANUP: checks: rename some server check flags
- MAJOR: checks: rework completely bogus state machine
- BUG/MINOR: checks: slightly clean the state machine up
- MEDIUM: checks: avoid waking the application up for pure TCP checks
- MEDIUM: checks: close the socket as soon as we have a response
- BUG/MAJOR: checks: close FD on all timeouts
- MINOR: checks: fix recv polling after connect()
- MEDIUM: connection: provide a common conn_full_close() function
- BUG/MEDIUM: checks: prevent TIME_WAITs from appearing also on timeouts
- BUG/MAJOR: peers: the listener's maxaccept was not set and caused loops
- MINOR: listeners: make the accept loop more robust when maxaccept==0
- BUG/MEDIUM: acl: correctly resolve all args, not just the first one
- BUG/MEDIUM: acl: make prue_acl_expr() correctly free ACL expressions upon exit
- BUG/MINOR: stats: fix inversion of the report of a check in progress
- MEDIUM: tcp: add explicit support for delayed ACK in connect()
- BUG/MEDIUM: connection: always disable polling upon error
- MINOR: connection: abort earlier when errors are detected
- BUG/MEDIUM: checks: report handshake failures
- BUG/MEDIUM: connection: local_send_proxy must wait for connection to establish
- MINOR: tcp: add support for the "v6only" bind option
- MINOR: stats: also report the computed compression savings in html stats
- MINOR: stats: report the total number of compressed responses per front/back
- MINOR: tcp: add support for the "v4v6" bind option
- DOC: stats: document the comp_rsp stats column
- BUILD: buffer: fix another isprint() warning on solaris
- MINOR: cli: add support for the "show sess all" command
- BUG/MAJOR: cli: show sess <id> may randomly corrupt the back-ref list
- MINOR: cli: improve output format for show sess $ptr
|
||
|
Willy Tarreau
|
ad15d127a7 |
[RELEASE] Released version 1.5-dev13
Released version 1.5-dev13 with the following main changes :
- BUILD: fix build issue without USE_OPENSSL
- BUILD: fix compilation error with DEBUG_FULL
- DOC: ssl: remove prefer-server-ciphers documentation
- DOC: ssl: surround keywords with quotes
- DOC: fix minor typo on http-send-name-header
- BUG/MEDIUM: acls using IPv6 subnets patterns incorrectly match IPs
- BUG/MAJOR: fix a segfault on option http_proxy and url_ip acl
- MEDIUM: http: accept IPv6 values with (s)hdr_ip acl
- BUILD: report zlib support in haproxy -vv
- DOC: compression: add some details and clean up the formatting
- DOC: Change is_ssl acl to ssl_fc acl in example
- DOC: make it clear what the HTTP request size is
- MINOR: ssl: try to load Diffie-Hellman parameters from cert file
- DOC: ssl: update 'crt' statement on 'bind' about Diffie-Hellman parameters loading
- MINOR: ssl: add elliptic curve Diffie-Hellman support for ssl key generation
- DOC: ssl: add 'ecdhe' statement on 'bind'
- MEDIUM: ssl: add client certificate authentication support
- DOC: ssl: add 'verify', 'cafile' and 'crlfile' statements on 'bind'
- MINOR: ssl: add fetch and ACL 'client_crt' to test a client cert is present
- DOC: ssl: add fetch and ACL 'client_cert'
- MINOR: ssl: add ignore verify errors options
- DOC: ssl: add 'ca-ignore-err' and 'crt-ignore-err' statements on 'bind'
- MINOR: ssl: add fetch and ACL 'ssl_verify_result'
- DOC: ssl: add fetch and ACL 'ssl_verify_result'
- MINOR: ssl: add fetches and ACLs to return verify errors
- DOC: ssl: add fetches and ACLs 'ssl_verify_crterr', 'ssl_verify_caerr', and 'ssl_verify_crterr_depth'
- MINOR: ssl: disable shared memory and locks on session cache if nbproc == 1
- MINOR: ssl: add build param USE_PRIVATE_CACHE to build cache without shared memory
- MINOR: ssl : add statements 'notlsv11' and 'notlsv12' and rename 'notlsv1' to 'notlsv10'.
- DOC: ssl : add statements 'notlsv11' and 'notlsv12' and rename 'notlsv1' to 'notlsv10'.
- MEDIUM: config: authorize frontend and listen without bind.
- MINOR: ssl: add statement 'no-tls-tickets' on bind to disable stateless session resumption
- DOC: ssl: add 'no-tls-tickets' statement documentation.
- BUG/MINOR: ssl: Fix CRL check was not enabled when crlfile was specified.
- BUG/MINOR: build: Fix compilation issue on openssl 0.9.6 due to missing CRL feature.
- BUG/MINOR: conf: Fix 'maxsslconn' statement error if built without OPENSSL.
- BUG/MINOR: build: Fix failure with USE_OPENSSL=1 and USE_FUTEX=1 on archs i486 and i686.
- MINOR: ssl: remove prefer-server-ciphers statement and set it as the default on ssl listeners.
- BUG/MEDIUM: ssl: subsequent handshakes fail after server configuration changes
- MINOR: ssl: add 'crt-base' and 'ca-base' global statements.
- MEDIUM: conf: rename 'nosslv3' and 'notlsvXX' statements 'no-sslv3' and 'no-tlsvXX'.
- MEDIUM: conf: rename 'cafile' and 'crlfile' statements 'ca-file' and 'crl-file'
- MINOR: ssl: use bit fields to store ssl options instead of one int each
- MINOR: ssl: add 'force-sslv3' and 'force-tlsvXX' statements on bind.
- MINOR: ssl: add 'force-sslv3' and 'force-tlsvXX' statements on server
- MINOR: ssl: add defines LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS.
- BUG/MINOR: ssl: Fix issue on server statements 'no-tls*' and 'no-sslv3'
- MINOR: ssl: move ssl context init for servers from cfgparse.c to ssl_sock.c
- MEDIUM: ssl: reject ssl server keywords in default-server statement
- MINOR: ssl: add statement 'no-tls-tickets' on server side.
- MINOR: ssl: add statements 'verify', 'ca-file' and 'crl-file' on servers.
- DOC: Fix rename of options cafile and crlfile to ca-file and crl-file.
- MINOR: sample: manage binary to string type convertion in stick-table and samples.
- MINOR: acl: add parse and match primitives to use binary type on ACLs
- MINOR: sample: export 'sample_get_trash_chunk(void)'
- MINOR: conf: rename all ssl modules fetches using prefix 'ssl_fc' and 'ssl_c'
- MINOR: ssl: add pattern and ACLs fetches 'ssl_fc_protocol', 'ssl_fc_cipher', 'ssl_fc_use_keysize' and 'ssl_fc_alg_keysize'
- MINOR: ssl: add pattern fetch 'ssl_fc_session_id'
- MINOR: ssl: add pattern and ACLs fetches 'ssl_c_version' and 'ssl_f_version'
- MINOR: ssl: add pattern and ACLs fetches 'ssl_c_s_dn', 'ssl_c_i_dn', 'ssl_f_s_dn' and 'ssl_c_i_dn'
- MINOR: ssl: add pattern and ACLs 'ssl_c_sig_alg' and 'ssl_f_sig_alg'
- MINOR: ssl: add pattern and ACLs fetches 'ssl_c_key_alg' and 'ssl_f_key_alg'
- MINOR: ssl: add pattern and ACLs fetches 'ssl_c_notbefore', 'ssl_c_notafter', 'ssl_f_notbefore' and 'ssl_f_notafter'
- MINOR: ssl: add 'crt' statement on server.
- MINOR: ssl: checks the consistency of a private key with the corresponding certificate
- BUG/MEDIUM: ssl: review polling on reneg.
- BUG/MEDIUM: ssl: Fix some reneg cases not correctly handled.
- BUG/MEDIUM: ssl: Fix sometimes reneg fails if requested by server.
- MINOR: build: allow packagers to specify the ssl cache size
- MINOR: conf: add warning if ssl is not enabled and a certificate is present on bind.
- MINOR: ssl: Add tune.ssl.lifetime statement in global.
- MINOR: compression: Enable compression for IE6 w/SP2, IE7 and IE8
- BUG: http: revert broken optimisation from
|
||
|
Willy Tarreau
|
16216828fc |
[RELEASE] Released version 1.5-dev12
Released version 1.5-dev12 with the following main changes :
- CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read
- MEDIUM: ssl: add support for prefer-server-ciphers option
- MINOR: IPv6 support for transparent proxy
- MINOR: protocol: add SSL context to listeners if USE_OPENSSL is defined
- MINOR: server: add SSL context to servers if USE_OPENSSL is defined
- MEDIUM: connection: add a new handshake flag for SSL (CO_FL_SSL_WAIT_HS).
- MEDIUM: ssl: add new files ssl_sock.[ch] to provide the SSL data layer
- MEDIUM: config: add the 'ssl' keyword on 'bind' lines
- MEDIUM: config: add support for the 'ssl' option on 'server' lines
- MEDIUM: ssl: protect against client-initiated renegociation
- BUILD: add optional support for SSL via the USE_OPENSSL flag
- MEDIUM: ssl: add shared memory session cache implementation.
- MEDIUM: ssl: replace OpenSSL's session cache with the shared cache
- MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size.
- MEDIUM: ssl: add support for SNI and wildcard certificates
- DOC: Typos cleanup
- DOC: fix name for "option independant-streams"
- DOC: specify the default value for maxconn in the context of a proxy
- BUG/MINOR: to_log erased with unique-id-format
- LICENSE: add licence exception for OpenSSL
- BUG/MAJOR: cookie prefix doesn't support cookie-less servers
- BUILD: add an AIX 5.2 (and later) target.
- MEDIUM: fd/si: move peeraddr from struct fdinfo to struct connection
- MINOR: halog: use the more recent dual-mode fgets2 implementation
- BUG/MEDIUM: ebtree: ebmb_insert() must not call cmp_bits on full-length matches
- CLEANUP: halog: make clean should also remove .o files
- OPTIM: halog: make use of memchr() on platforms which provide a fast one
- OPTIM: halog: improve cold-cache behaviour when loading a file
- BUG/MINOR: ACL implicit arguments must be created with unresolved flag
- MINOR: replace acl_fetch_{path,url}* with smp_fetch_*
- MEDIUM: pattern: add the "base" sample fetch method
- OPTIM: i386: make use of kernel-mode-linux when available
- BUG/MINOR: tarpit: fix condition to return the HTTP 500 message
- BUG/MINOR: polling: some events were not set in various pollers
- MINOR: http: add the urlp_val ACL match
- BUG: stktable: tcp_src_to_stktable_key() must return NULL on invalid families
- MINOR: stats/cli: add plans to support more stick-table actions
- MEDIUM: stats/cli: add support for "set table key" to enter values
- REORG/MEDIUM: fd: remove FD_STCLOSE from struct fdtab
- REORG/MEDIUM: fd: remove checks for FD_STERROR in ev_sepoll
- REORG/MEDIUM: fd: get rid of FD_STLISTEN
- REORG/MINOR: connection: move declaration to its own include file
- REORG/MINOR: checks: put a struct connection into the server
- MINOR: connection: add flags to the connection struct
- MAJOR: get rid of fdtab[].state and use connection->flags instead
- MINOR: fd: add a new I/O handler to fdtab
- MEDIUM: polling: prepare to call the iocb() function when defined.
- MEDIUM: checks: make use of fdtab->iocb instead of cb[]
- MEDIUM: protocols: use the generic I/O callback for accept callbacks
- MINOR: connection: add a handler for fd-based connections
- MAJOR: connection: replace direct I/O callbacks with the connection callback
- MINOR: fd: make fdtab->owner a connection and not a stream_interface anymore
- MEDIUM: connection: remove the FD_POLL_* flags only once
- MEDIUM: connection: extract the send_proxy callback from proto_tcp
- MAJOR: tcp: remove the specific I/O callbacks for TCP connection probes
- CLEANUP: remove the now unused fdtab direct I/O callbacks
- MAJOR: remove the stream interface and task management code from sock_*
- MEDIUM: stream_interface: pass connection instead of fd in sock_ops
- MEDIUM: stream_interface: centralize the SI_FL_ERR management
- MAJOR: connection: add a new CO_FL_CONNECTED flag
- MINOR: rearrange tcp_connect_probe() and fix wrong return codes
- MAJOR: connection: call data layer handshakes from the handler
- MEDIUM: fd: remove the EV_FD_COND_* primitives
- MINOR: sock_raw: move calls to si_data_close upper
- REORG: connection: replace si_data_close() with conn_data_close()
- MEDIUM: sock_raw: introduce a read0 callback that is different from shutr
- MAJOR: stream_int: use a common stream_int_shut*() functions regardless of the data layer
- MAJOR: fd: replace all EV_FD_* macros with new fd_*_* inline calls
- MEDIUM: fd: add fd_poll_{recv,send} for use when explicit polling is required
- MEDIUM: connection: add definitions for dual polling mechanisms
- MEDIUM: connection: make use of the new polling functions
- MAJOR: make use of conn_{data|sock}_{poll|stop|want}* in connection handlers
- MEDIUM: checks: don't use FD_WAIT_* anymore
- MINOR: fd: get rid of FD_WAIT_*
- MEDIUM: stream_interface: offer a generic function for connection updates
- MEDIUM: stream-interface: offer a generic chk_rcv function for connections
- MEDIUM: stream-interface: add a snd_buf() callback to sock_ops
- MEDIUM: stream-interface: provide a generic stream_int_chk_snd_conn() function
- MEDIUM: stream-interface: provide a generic si_conn_send_cb callback
- MEDIUM: stream-interface: provide a generic stream_sock_read0() function
- REORG/MAJOR: use "struct channel" instead of "struct buffer"
- REORG/MAJOR: extract "struct buffer" from "struct channel"
- MINOR: connection: provide conn_{data|sock}_{read0|shutw} functions
- REORG: sock_raw: rename the files raw_sock*
- MAJOR: raw_sock: extract raw_sock_to_buf() from raw_sock_read()
- MAJOR: raw_sock: temporarily disable splicing
- MINOR: stream-interface: add an rcv_buf callback to sock_ops
- REORG: stream-interface: move sock_raw_read() to si_conn_recv_cb()
- MAJOR: connection: split the send call into connection and stream interface
- MAJOR: stream-interface: restore splicing mechanism
- MAJOR: stream-interface: make conn_notify_si() more robust
- MEDIUM: proxy-proto: don't use buffer flags in conn_si_send_proxy()
- MAJOR: stream-interface: don't commit polling changes in every callback
- MAJOR: stream-interface: fix splice not to call chk_snd by itself
- MEDIUM: stream-interface: don't remove WAIT_DATA when a handshake is in progress
- CLEANUP: connection: split sock_ops into data_ops, app_cp and si_ops
- REORG: buffers: split buffers into chunk,buffer,channel
- MAJOR: channel: remove the BF_OUT_EMPTY flag
- REORG: buffer: move buffer_flush, b_adv and b_rew to buffer.h
- MINOR: channel: rename bi_full to channel_full as it checks the whole channel
- MINOR: buffer: provide a new buffer_full() function
- MAJOR: channel: stop relying on BF_FULL to take action
- MAJOR: channel: remove the BF_FULL flag
- REORG: channel: move buffer_{replace,insert_line}* to buffer.{c,h}
- CLEANUP: channel: usr CF_/CHN_ prefixes instead of BF_/BUF_
- CLEANUP: channel: use "channel" instead of "buffer" in function names
- REORG: connection: move the target pointer from si to connection
- MAJOR: connection: move the addr field from the stream_interface
- MEDIUM: stream_interface: remove CAP_SPLTCP/CAP_SPLICE flags
- MEDIUM: proto_tcp: remove any dependence on stream_interface
- MINOR: tcp: replace tcp_src_to_stktable_key with addr_to_stktable_key
- MEDIUM: connection: add an ->init function to data layer
- MAJOR: session: introduce embryonic sessions
- MAJOR: connection: make the PROXY decoder a handshake handler
- CLEANUP: frontend: remove the old proxy protocol decoder
- MAJOR: connection: rearrange the polling flags.
- MEDIUM: connection: only call tcp_connect_probe when nothing was attempted yet
- MEDIUM: connection: complete the polling cleanups
- MEDIUM: connection: avoid calling handshakes when polling is required
- MAJOR: stream_interface: continue to update data polling flags during handshakes
- CLEANUP: fd: remove fdtab->flags
- CLEANUP: fdtab: flatten the struct and merge the spec struct with the rest
- CLEANUP: includes: fix includes for a number of users of fd.h
- MINOR: ssl: disable TCP quick-ack by default on SSL listeners
- MEDIUM: config: add a "ciphers" keyword to set SSL cipher suites
- MEDIUM: config: add "nosslv3" and "notlsv1" on bind and server lines
- BUG: ssl: mark the connection as waiting for an SSL connection during the handshake
- BUILD: http: rename error_message http_error_message to fix conflicts on RHEL
- BUILD: ssl: fix shctx build on RHEL with futex
- BUILD: include sys/socket.h to fix build failure on FreeBSD
- BUILD: fix build error without SSL (ssl_cert)
- BUILD: ssl: use MAP_ANON instead of MAP_ANONYMOUS
- BUG/MEDIUM: workaround an eglibc bug which truncates the pidfiles when nbproc > 1
- MEDIUM: config: support per-listener backlog and maxconn
- MINOR: session: do not send an HTTP/500 error on SSL sockets
- MEDIUM: config: implement maxsslconn in the global section
- BUG: tcp: close socket fd upon connect error
- MEDIUM: connection: improve error handling around the data layer
- MINOR: config: make the tasks "nice" value configurable on "bind" lines.
- BUILD: shut a gcc warning introduced by commit
|
||
|
Willy Tarreau
|
02c7c14ae7 |
[RELEASE] Released version 1.5-dev11
Released version 1.5-dev11 with the following main changes :
- BUG/MEDIUM: option forwardfor if-none doesn't work with some configurations
- BUG/MAJOR: trash must always be the size of a buffer
- DOC: fix minor regex example issue and improve doc on stats
- MINOR: stream_interface: add a pointer to the listener for TARG_TYPE_CLIENT
- MEDIUM: protocol: add a pointer to struct sock_ops to the listener struct
- MINOR: checks: add on-marked-up option
- MINOR: balance uri: added 'whole' parameter to include query string in hash calculation
- MEDIUM: stream_interface: remove the si->init
- MINOR: buffers: add a rewind function
- BUG/MAJOR: fix regression on content-based hashing and http-send-name-header
- MAJOR: http: stop using msg->sol outside the parsers
- CLEANUP: http: make it more obvious that msg->som is always null outside of chunks
- MEDIUM: http: get rid of msg->som which is not used anymore
- MEDIUM: http: msg->sov and msg->sol will never wrap
- BUG/MAJOR: checks: don't call set_server_status_* when no LB algo is set
- BUG/MINOR: stop connect timeout when connect succeeds
- REORG: move the send-proxy code to tcp_connect_write()
- REORG/MINOR: session: detect the TCP monitor checks at the protocol accept
- MINOR: stream_interface: introduce a new "struct connection" type
- REORG/MINOR: stream_interface: move si->fd to struct connection
- REORG/MEDIUM: stream_interface: move applet->state and private to connection
- MINOR: stream_interface: add a data channel close function
- MEDIUM: stream_interface: call si_data_close() before releasing the si
- MINOR: peers: use the socket layer operations from the peer instead of sock_raw
- BUG/MINOR: checks: expire on timeout.check if smaller than timeout.connect
- MINOR: add a new function call tracer for debugging purposes
- BUG/MINOR: perform_http_redirect also needs to rewind the buffer
- BUG/MAJOR: b_rew() must pass a signed offset to b_ptr()
- BUG/MEDIUM: register peer sync handler in the proper order
- BUG/MEDIUM: buffers: fix bi_putchr() to correctly advance the pointer
- BUG/MINOR: fix option httplog validation with TCP frontends
- BUG/MINOR: log: don't report logformat errors in backends
- REORG/MINOR: use dedicated proxy flags for the cookie handling
- BUG/MINOR: config: do not report twice the incompatibility between cookie and non-http
- MINOR: http: add support for "httponly" and "secure" cookie attributes
- BUG/MEDIUM: ensure that unresolved arguments are freed exactly once
- BUG/MINOR: commit
|
||
|
Willy Tarreau
|
ffb8947bb8 |
[RELEASE] Released version 1.5-dev10
Released version 1.5-dev10 with the following main changes :
- BUG/MINOR: stats admin: "Unexpected result" was displayed unconditionally
- BUG/MAJOR: acl: http_auth_group() must not accept any user from the userlist
- CLEANUP: auth: make the code build again with DEBUG_AUTH
- BUG/MEDIUM: config: don't crash at config load time on invalid userlist names
- REORG: use the name sock_raw instead of stream_sock
- MINOR: stream_interface: add a client target : TARG_TYPE_CLIENT
- BUG/MEDIUM: stream_interface: restore get_src/get_dst
- CLEANUP: sock_raw: remove last references to stream_sock
- CLEANUP: stream_interface: stop exporting socket layer functions
- MINOR: stream_interface: add an init callback to sock_ops
- MEDIUM: stream_interface: derive the socket operations from the target
- MAJOR: fd: remove the need for the socket layer to recheck the connection
- MINOR: session: call the socket layer init function when a session establishes
- MEDIUM: session: add support for tunnel timeouts
- MINOR: standard: add a new debug macro : fddebug()
- CLEANUP: fd: remove unused cb->b pointers in the struct fdtab
- OPTIM: proto_http: don't enable quick-ack on empty buffers
- OPTIM/MAJOR: ev_sepoll: process spec events after polled events
- OPTIM/MEDIUM: stream_interface: add a new SI_FL_NOHALF flag
|
||
|
Willy Tarreau
|
a0564f3541 |
[RELEASE] Released version 1.5-dev9
Released version 1.5-dev9 with the following main changes :
- MINOR: Add release callback to si_applet
- CLEANUP: Fix some minor typos
- MINOR: Add TO/FROM_SET flags to struct stream_interface
- CLEANUP: Fix some minor whitespace issues
- MINOR: stats admin: allow unordered parameters in POST requests
- CLEANUP: fix typo in findserver() log message
- MINOR: stats admin: use the backend id instead of its name in the form
- MINOR: stats admin: reduce memcmp()/strcmp() calls on status codes
- DOC: cleanup indentation, alignment, columns and chapters
- DOC: fix some keywords arguments documentation
- MINOR: cli: display the 4 IP addresses and ports on "show sess XXX"
- BUG/MAJOR: log: possible segfault with logformat
- MEDIUM: log: split of log_format generation
- MEDIUM: log: New format-log flags: %Fi %Fp %Si %Sp %Ts %rt %H %pid
- MEDIUM: log: Unique ID
- MINOR: log: log-format: usable without httplog and tcplog
- BUG/MEDIUM: balance source did not properly hash IPv6 addresses
- MINOR: contrib/iprange: add a network IP range to mask converter
- MEDIUM: session: implement the "use-server" directive
- MEDIUM: log: add a new cookie flag 'U' to report situations where cookie is not used
- MEDIUM: http: make extract_cookie_value() iterate over cookie values
- MEDIUM: http: add cookie and scookie ACLs
- CLEANUP: lb_first: add reference to a paper describing the original idea
- MEDIUM: stream_sock: add a get_src and get_dst callback and remove SN_FRT_ADDR_SET
- BUG/MINOR: acl: req_ssl_sni would randomly fail if a session ID is present
- BUILD: http: make extract_cookie_value() return an int not size_t
- BUILD: http: stop gcc-4.1.2 from complaining about possibly uninitialized values
- CLEANUP: http: message parser must ignore HTTP_MSG_ERROR
- MINOR: standard: add a memprintf() function to build formatted error messages
- CLEANUP: remove a few warning about unchecked return values in debug code
- MEDIUM: move message-related flags from transaction to message
- DOC: add a diagram to explain how circular buffers work
- MAJOR: buffer rework: replace ->send_max with ->o
- MAJOR: buffer: replace buf->l with buf->{o+i}
- MINOR: buffers: provide simple pointer normalization functions
- MINOR: buffers: remove unused function buffer_contig_data()
- MAJOR: buffers: replace buf->w with buf->p - buf->o
- MAJOR: buffers: replace buf->r with buf->p + buf->i
- MAJOR: http: move buffer->lr to http_msg->next
- MAJOR: http: change msg->{som,col,sov,eoh} to be relative to buffer origin
- CLEANUP: http: remove unused http_msg->col
- MAJOR: http: turn http_msg->eol to a buffer-relative offset
- MEDIUM: http: add a pointer to the buffer in http_msg
- MAJOR: http: make http_msg->sol relative to buffer's origin
- MEDIUM: http: http_send_name_header: remove references to msg and buffer
- MEDIUM: http: remove buffer arg in a few header manipulation functions
- MEDIUM: http: remove buffer arg in http_capture_bad_message
- MEDIUM: http: remove buffer arg in http_msg_analyzer
- MEDIUM: http: remove buffer arg in http_upgrade_v09_to_v10
- MEDIUM: http: remove buffer arg in http_buffer_heavy_realign
- MEDIUM: http: remove buffer arg in chunk parsing functions
- MINOR: http: remove useless wrapping checks in http_msg_analyzer
- MEDIUM: buffers: fix unsafe use of buffer_ignore at some places
- MEDIUM: buffers: add new pointer wrappers and get rid of almost all buffer_wrap_add calls
- MEDIUM: buffers: implement b_adv() to advance a buffer's pointer
- MEDIUM: buffers: rename a number of buffer management functions
- MEDIUM: http: add a prefetch function for ACL pattern fetch
- MEDIUM: http: make all ACL fetch function use acl_prefetch_http()
- BUG/MINOR: http_auth: ACLs are volatile, not permanent
- MEDIUM: http/acl: merge all request and response ACL fetches of headers and cookies
- MEDIUM: http/acl: make acl_fetch_hdr_{ip,val} rely on acl_fetch_hdr()
- MEDIUM: add a new typed argument list parsing framework
- MAJOR: acl: make use of the new argument parsing framework
- MAJOR: acl: store the ACL argument types in the ACL keyword declaration
- MEDIUM: acl: acl_find_target() now resolves arguments based on their types
- MAJOR: acl: make acl_find_targets also resolve proxy names at config time
- MAJOR: acl: ensure that implicit table and proxies are valid
- MEDIUM: acl: remove unused tests for missing args when args are mandatory
- MEDIUM: pattern: replace type pattern_arg with type arg
- MEDIUM: pattern: get rid of arg_i in all functions making use of arguments
- MEDIUM: pattern: use the standard arg parser
- MEDIUM: pattern: add an argument validation callback to pattern descriptors
- MEDIUM: pattern: report the precise argument parsing error when known.
- MEDIUM: acl: remove the ACL_TEST_F_NULL_MATCH flag
- MINOR: pattern: add a new 'sample' type to store fetched data
- MEDIUM: pattern: add new sample types to replace pattern types
- MAJOR: acl: make use of the new sample struct and get rid of acl_test
- MEDIUM: pattern/acl: get rid of temp_pattern in ACLs
- MEDIUM: acl: get rid of the SET_RES flags
- MEDIUM: get rid of SMP_F_READ_ONLY and SMP_F_MUST_FREE
- MINOR: pattern: replace struct pattern with struct sample
- MEDIUM: pattern: integrate pattern_data into sample and use sample everywhere
- MEDIUM: pattern: retrieve the sample type in the sample, not in the keyword description
- MEDIUM: acl/pattern: switch rdp_cookie functions stack up-down
- MEDIUM: acl: replace acl_expr with args in acl fetch_* functions
- MINOR: tcp: replace acl_fetch_rdp_cookie with smp_fetch_rdp_cookie
- MEDIUM: acl/pattern: use the same direction scheme
- MEDIUM: acl/pattern: start merging common sample fetch functions
- MEDIUM: pattern: ensure that sample types always cast into other types.
- MEDIUM: acl/pattern: factor out the src/dst address fetches
- MEDIUM: acl: implement payload and payload_lv
- CLEANUP: pattern: ensure that payload and payload_lv always stay in the buffer
- MINOR: stick_table: centralize the handling of empty keys
- MINOR: pattern: centralize handling of unstable data in pattern_process()
- MEDIUM: pattern: use smp_fetch_rdp_cookie instead of the pattern specific version
- MINOR: acl: set SMP_OPT_ITERATE on fetch functions
- MINOR: acl: add a val_args field to keywords
- MINOR: proto_tcp: validate arguments of payload and payload_lv ACLs
- MEDIUM: http: merge acl and pattern header fetch functions
- MEDIUM: http: merge ACL and pattern cookie fetches into a single one
- MEDIUM: acl: report parsing errors to the caller
- MINOR: arg: improve error reporting on invalid arguments
- MINOR: acl: report errors encountered when loading patterns from files
- MEDIUM: acl: extend the pattern parsers to report meaningful errors
- REORG: use the name "sample" instead of "pattern" to designate extracted data
- REORG: rename "pattern" files
- MINOR: acl: add types to ACL patterns
- MINOR: standard: add an IPv6 parsing function (str62net)
- MEDIUM: acl: support IPv6 address matching
- REORG: stream_interface: create a struct sock_ops to hold socket operations
- REORG/MEDIUM: move protocol->{read,write} to sock_ops
- REORG/MEDIUM: stream_interface: initialize socket ops from descriptors
- REORG/MEDIUM: replace stream interface protocol functions by a proto pointer
- REORG/MEDIUM: move the default accept function from sockstream to protocols.c
- MEDIUM: proto_tcp: remove src6 and dst6 pattern fetch methods
- BUG/MINOR: http: error snapshots are wrong if buffer wraps
- BUG/MINOR: http: ensure that msg->err_pos is always relative to buf->p
- MEDIUM: http: improve error capture reports
- MINOR: acl: add the cook_val() match to match a cookie against an integer
- BUG/MEDIUM: send_proxy: fix initialisation of send_proxy_ofs
- MEDIUM: memory: add the ability to poison memory at run time
- BUG/MEDIUM: log: ensure that unique_id is properly initialized
- MINOR: cfgparse: use a common errmsg pointer for all parsers
- MEDIUM: cfgparse: make backend_parse_balance() use memprintf to report errors
- MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords
- MINOR: http: replace http_message_realign() with buffer_slow_realign()
|
||
|
Willy Tarreau
|
9eeb57bd7f |
[RELEASE] Released version 1.5-dev8
Released version 1.5-dev8 with the following main changes :
- MINOR: patch for minor typo (ressources/resources)
- MEDIUM: http: add support for sending the server's name in the outgoing request
- DOC: mention that default checks are TCP connections
- BUG/MINOR: fix options forwardfor if-none when an alternative header name is specified
- CLEANUP: Make check_statuses, analyze_statuses and process_chk static
- CLEANUP: Fix HCHK spelling errors
- BUG/MINOR: fix typo in processing of http-send-name-header
- MEDIUM: log: Use linked lists for loggers
- BUILD: fix declaration inside a scope block
- REORG: log: split send_log function
- MINOR: config: Parse the string of the log-format config keyword
- MINOR: add ultoa, ulltoa, ltoa, lltoa implementations
- MINOR: Date and time fonctions that don't use snprintf
- MEDIUM: log: make http_sess_log use log_format
- DOC: log-format documentation
- MEDIUM: log: use log_format for mode tcplog
- MEDIUM: log-format: backend source address %Bi %Bp
- BUG/MINOR: log-format: fix %o flag
- BUG/MEDIUM: bad length in log_format and __send_log
- MINOR: logformat %st is signed
- BUILD/MINOR: fix the source URL in the spec file
- DOC: acl is http_first_req, not http_req_first
- BUG/MEDIUM: don't trim last spaces from headers consisting only of spaces
- MINOR: acl: add new matches for header/path/url length
- BUILD: halog: make halog build on solaris
- BUG/MINOR: don't use a wrong port when connecting to a server with mapped ports
- MINOR: remove the client/server side distinction in SI addresses
- MINOR: halog: add support for matching queued requests
- DOC: indicate that cookie "prefix" and "indirect" should not be mixed
- OPTIM/MINOR: move struct sockaddr_storage to the tail of structs
- OPTIM/MINOR: make it possible to change pipe size (tune.pipesize)
- BUILD/MINOR: silent a build warning in src/pipe.c (fcntl)
- OPTIM/MINOR: move the hdr_idx pools out of the proxy struct
- MEDIUM: tune.http.maxhdr makes it possible to configure the maximum number of HTTP headers
- BUG/MINOR: fix a segfault when parsing a config with undeclared peers
- CLEANUP: rename possibly confusing struct field "tracked"
- BUG/MEDIUM: checks: fix slowstart behaviour when server tracking is in use
- MINOR: config: tolerate server "cookie" setting in non-HTTP mode
- MEDIUM: buffers: add some new primitives and rework existing ones
- BUG: buffers: don't return a negative value on buffer_total_space_res()
- MINOR: buffers: make buffer_pointer() support negative pointers too
- CLEANUP: kill buffer_replace() and use an inline instead
- BUG: tcp: option nolinger does not work on backends
- CLEANUP: ebtree: remove a few annoying signedness warnings
- CLEANUP: ebtree: clarify licence and update to 6.0.6
- CLEANUP: ebtree: remove 4-year old harmless typo in duplicates insertion code
- CLEANUP: ebtree: remove another typo, a wrong initialization in insertion code
- BUG: ebtree: ebst_lookup() could return the wrong entry
- OPTIM: stream_sock: reduce the amount of in-flight spliced data
- OPTIM: stream_sock: save a failed recv syscall when splice returns EAGAIN
- MINOR: acl: add support for TLS server name matching using SNI
- BUG: http: re-enable TCP quick-ack upon incomplete HTTP requests
- BUG: proto_tcp: don't try to bind to a foreign address if sin_family is unknown
- MINOR: pattern: export the global temporary pattern
- CLEANUP: patterns: get rid of pattern_data_setstring()
- MEDIUM: acl: use temp_pattern to store fetched information in the "method" match
- MINOR: acl: include pattern.h to make pattern migration more transparent
- MEDIUM: pattern: change the pattern data integer from unsigned to signed
- MEDIUM: acl: use temp_pattern to store any integer-type information
- MEDIUM: acl: use temp_pattern to store any address-type information
- CLEANUP: acl: integer part of acl_test is not used anymore
- MEDIUM: acl: use temp_pattern to store any string-type information
- CLEANUP: acl: remove last data fields from the acl_test struct
- MEDIUM: http: replace get_ip_from_hdr2() with http_get_hdr()
- MEDIUM: patterns: the hdr() pattern is now of type string
- DOC: add minimal documentation on how ACLs work internally
- DOC: add a coding-style file
- OPTIM: halog: keep a fast path for the lines-count only
- CLEANUP: silence a warning when building on sparc
- BUG: http: tighten the list of allowed characters in a URI
- MEDIUM: http: block non-ASCII characters in URIs by default
- DOC: add some documentation from RFC3986 about URI format
- BUG/MINOR: cli: correctly remove the whole table on "clear table"
- BUG/MEDIUM: correctly disable servers tracking another disabled servers.
- BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend
- MINOR: halog: add some help on the command line
- BUILD: fix build error on FreeBSD
- BUG: fix double free in peers config error path
- MEDIUM: improve config check return codes
- BUILD: make it possible to look for pcre in the default system paths
- MINOR: config: emit a warning when 'default_backend' masks servers
- MINOR: backend: rework the LC definition to support other connection-based algos
- MEDIUM: backend: add the 'first' balancing algorithm
- BUG: fix httplog trailing LF
- MEDIUM: increase chunk-size limit to 2GB-1
- BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions
- BUG: http: disable TCP delayed ACKs when forwarding content-length data
- BUG: checks: fix server maintenance exit sequence
- BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on partial writes
- DOC: enumerate valid status codes for "observe layer7"
- MINOR: buffer: switch a number of buffer args to const
- CLEANUP: silence signedness warning in acl.c
- BUG: stream_sock: si->release was not called upon shutw()
- MINOR: log: use "%ts" to log term status only and "%tsc" to log with cookie
- BUG/CRITICAL: log: fix risk of crash in development snapshot
- BUG/MAJOR: possible crash when using capture headers on TCP frontends
- MINOR: config: disable header captures in TCP mode and complain
|