215 lines
7.5 KiB
Plaintext
215 lines
7.5 KiB
Plaintext
Medium-long term roadmap - 2013/06/17
|
|
|
|
Legend: '+' = done, '-' = todo, '*' = done except doc
|
|
|
|
1.5 (ETA 2013/12/31) :
|
|
- POST parameter extraction and size/speed measurement to use in ACLs
|
|
|
|
- return-html code xxx [ file "xxx" | text "xxx" ] if <acl>
|
|
|
|
- return-raw [ file "xxx" | text "xxx" ] if <acl>
|
|
|
|
- avg connect time, response time, connect errors, response errors in stats
|
|
|
|
- add a last activity date for each server (req/resp) that will be
|
|
displayed in the stats. It will be useful with soft stop.
|
|
|
|
- add the ability to only dump response errors to more easily detect
|
|
anomalies without being polluted with attacks in requests.
|
|
|
|
- add support for server-side unix sockets
|
|
|
|
- have multi-criteria analysers which subscribe to req flags, rsp flags, and
|
|
stream interface changes. This would result in a single analyser to wait
|
|
for the end of data transfer in HTTP.
|
|
|
|
- implement support for "connection freeze" after accept. A list of frozen
|
|
connections should be maintained so that it is possible to recycle them
|
|
when new file descriptors are required.
|
|
|
|
- support for time-ordered priority queues with ability to add an offset
|
|
based on request matching. Each session will have one ebtree node to be
|
|
attached to whatever queue the session is waiting in.
|
|
|
|
- half-closed timeouts ?
|
|
|
|
- add a flag in logs to indicate keep-alive requests ?
|
|
|
|
- make it possible to condition a timeout on an ACL (dynamic timeouts)
|
|
|
|
- forwardfor/originalto except with IPv6
|
|
|
|
- have a callback function which would be called after a server is selected,
|
|
for header post-processing. That would be mainly used to remove then add
|
|
the server's name or cookie in a header so that the server knows it.
|
|
|
|
- remove lots of remaining Alert() calls or ensure that they forward to
|
|
send_log() after the fork.
|
|
|
|
- tcp-request session
|
|
|
|
- tcp-request session expect-proxy {L4|L5} if ...
|
|
|
|
- http-request track-sc* to avoid having the ugly "if !HTTP" in tcp-request
|
|
|
|
- compression : to be fixed
|
|
|
|
DONE:
|
|
* server-side HTTP keepalive
|
|
=> maybe with limitation to only reuse connections that don't depend
|
|
on layer7 in a first time (just check the target).
|
|
|
|
* add support for complex pattern extraction rules :
|
|
|
|
pattern = <pattern_term>
|
|
| '{' pattern_expr '}'
|
|
|
|
pattern_expr = <pattern_term> [ <transform> ... ]
|
|
=> changed to <sample>[,<conv>]*
|
|
|
|
* support loading data sets from files
|
|
* present/not present (eg: netmasks)
|
|
* pattern conversion per prefixes. Eg: convert src IP to country.
|
|
=> maps
|
|
|
|
* what to do with data after a POST and how to detect some data were
|
|
received when responding ? In theory we should read everything because
|
|
the TCP stack does not notify us that the FIN was acked. In practice,
|
|
reading just before closing should be enough. Right now we simply read
|
|
whatever comes after the POST.
|
|
=> switch the connection to a "drain" state, where it monitors its
|
|
output queue on each I/O and where it can be stolen if fds are
|
|
missing.
|
|
|
|
* tcp-request {connection|session} expect-proxy {L4|L5} if ...
|
|
|
|
* rename L4 acls as L6 ACLs when some content is involved
|
|
|
|
* add new L4 ACL checks immediately after accept, before even allocating the
|
|
buffers ("connection {accept|reject|delay|freeze} {if|unless}").
|
|
|
|
* make new patterns available based on stickiness matching :
|
|
* number of entries in table for the matched pattern
|
|
* same after having increased the match counter
|
|
|
|
* add support for concurrency match in tables
|
|
* just like stickiness, but counted per session (or request), increased
|
|
on first match and decreased at end of request or connection. This
|
|
requires that the session has a list of matched terms that must be
|
|
released at the end.
|
|
|
|
* http_req_first ACL
|
|
|
|
* expirable cookies + "preserve"
|
|
|
|
* ECV, LDAPv3 & MySQL checks
|
|
|
|
* configurable check buffer size
|
|
|
|
* stats + ON/OFF
|
|
|
|
* halog: sort by URL
|
|
|
|
* "PROXY" protocol
|
|
|
|
* add support for client-side unix sockets
|
|
|
|
* hash: rehash non-consistent hashes with chash() for more randomness.
|
|
|
|
* add an error ID in captures to ease new error detection for scripts.
|
|
|
|
* try to remove srv==NULL internally and assign a dummy server to each backend
|
|
for dispatch, http_proxy and transparent modes. => done differently with the
|
|
target descriptors. The dummy server code exists in the "dummysrv" branch
|
|
which will die since it does not make sense anymore.
|
|
|
|
* ACL to report number of used entries in a table
|
|
|
|
* automatically compute fullconn for backends : by default, set it to
|
|
10% of the sum of the maxconn of all unique frontends which reference
|
|
it via use_backend, default_backend or that are in the same listen.
|
|
|
|
* count number of monitor requests on frontends, that's the only way
|
|
to explain the possible huge difference between frontend and backend
|
|
sessions.
|
|
|
|
* assign a nice priority based on ACLs.
|
|
|
|
* set-log-level if <acl> (front/back)
|
|
|
|
* fix "PR--" flags when accessing stats
|
|
|
|
* merged ACL/fetches
|
|
|
|
* use_server ... if ...
|
|
|
|
* ability to kill an arbitrary session from the command line. Put a "kill now"
|
|
flag in every session which preempts any other processing and wake the
|
|
session up.
|
|
|
|
1.6 (will probably change anyway) :
|
|
- wait on resource (time, mem, CPU, socket, buffers, server's conn, server's rate, ...)
|
|
|
|
- bandwidth limits
|
|
|
|
- create internal services and make stats, CLI, etc... part of that.
|
|
|
|
- buddy servers to build defined lists of failovers. Detect loops during
|
|
the config check.
|
|
|
|
server XXX buddy YYY
|
|
server YYY # may replace XXX when XXX fails
|
|
|
|
- spare servers : servers which are used in LB only when a minimum farm
|
|
weight threshold is not satisfied anymore. Useful for inter-site LB with
|
|
local pref by default.
|
|
|
|
- add support for event-triggered epoll, and maybe change all events handling
|
|
to pass through an event cache to handle temporarily disabled events.
|
|
|
|
- evaluate the changes required for multi-process+shared mem or multi-thread
|
|
+thread-local+fast locking.
|
|
|
|
- ability to decide whether to drain or kill sessions when putting a server
|
|
to maintenance mode => requires a per-server session list and the change
|
|
above.
|
|
|
|
Old, maybe obsolete points
|
|
- clarify licence by adding a 'MODULE_LICENCE("GPL")' or something equivalent.
|
|
|
|
- 3 memory models : failsafe (prealloc), normal (current), optimal (alloc on
|
|
demand)
|
|
|
|
- implement support for event-triggerred epoll()
|
|
|
|
- verify if it would be worth implementing an epoll_ctl_batch() for Linux
|
|
|
|
- option minservers XXX : activates some spare servers when active servers
|
|
are insufficient
|
|
|
|
- new keyword 'check' : check http xxx, check smtp xxx, check ssl-hello
|
|
|
|
- initcwnd parameter for bind sockets : needed in kernel first
|
|
|
|
Unsorted :
|
|
- outgoing log load-balancing (round-robin or hash among multiple servers)
|
|
- internal socket for "server XXX frontend:name"
|
|
- ACL feeding via the UNIX socket
|
|
- HTTP/2.0
|
|
- DNS requests on health checks
|
|
- XML inspection (content-switching for SOAP requests)
|
|
- lookup tables (eg: map IP to country)
|
|
- sync all stick-tables data, not just serverid.
|
|
- request, session and user variables
|
|
- random cookie generator
|
|
- external checker
|
|
- fastcgi to servers
|
|
- hot config reload
|
|
- RAM-based cache for small files
|
|
- RHI - BGP
|
|
- telnet/SSH cli
|
|
- dynamic memory allocation
|
|
- dynamic weights based on check response headers and traffic response time
|
|
- various kernel-level acceleration (multi-accept, ssplice, epoll2...)
|
|
- "show stats detail" with a different output format and encoding of quotes
|