mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-15 16:04:37 +00:00
b21152be7a
- acl: smarter integer comparison support in ACLs - acl: specify the direction during fetches - acl: provide the argument length for fetch functions - acl: provide a reference to the expr to fetch() - acl: implement matching on header values - acl: support maching on 'path' component - acl: permit to return any header when no name specified - errorfile: use a local file to feed error messages - negation in ACL conds was not cleared between terms - fix segfault at exit when using captures - improve memory freeing upon exit - acl: support '-i' to ignore case when matching - str2net() must not change the const char * - provide default ACLs - acl: distinguish between request and response headers - added the 'use_backend' keyword for full content-switching - acl: added the TRUE and FALSE ACLs. - shut warnings 'is*' macros from ctype.h on solaris
748 lines
35 KiB
Plaintext
748 lines
35 KiB
Plaintext
ChangeLog :
|
|
===========
|
|
|
|
2007/06/17 : 1.3.12
|
|
- fix segfault at exit when using captures
|
|
- bug: negation in ACL conds was not cleared between terms
|
|
- errorfile: use a local file to feed error messages
|
|
- acl: support '-i' to ignore case when matching
|
|
- acl: smarter integer comparison with operators eq,lt,gt,le,ge
|
|
- acl: support maching on 'path' component
|
|
- acl: implement matching on header values
|
|
- acl: distinguish between request and response headers
|
|
- acl: permit to return any header when no name specified
|
|
- acl: provide default ACLs
|
|
- added the 'use_backend' keyword for full content-switching
|
|
- acl: specify the direction during fetches
|
|
- acl: provide the argument length for fetch functions
|
|
- acl: provide a reference to the expr to fetch()
|
|
- improve memory freeing upon exit
|
|
- str2net() must not change the const char *
|
|
- shut warnings 'is*' macros from ctype.h on solaris
|
|
|
|
2007/06/03 : 1.3.11.4
|
|
- do not re-arm read timeout in SHUTR state !
|
|
- optimize I/O by detecting system starvation
|
|
- the epoll FD must not be shared between processes
|
|
- limit the number of events returned by *poll*
|
|
|
|
2007/05/14 : 1.3.11.3
|
|
- pre-initialize timeouts with tv_eternity during parsing
|
|
|
|
2007/05/14 : 1.3.11.2
|
|
- fixed broken health-checks since switch to timeval
|
|
|
|
2007/05/14 : 1.3.11.1
|
|
- fixed ev_kqueue which was forgotten during the switch to timeval
|
|
- allowed null timeouts for past events in select
|
|
|
|
2007/05/14 : 1.3.11
|
|
- fixed ev_sepoll again by rewriting the state machine
|
|
- switched all timeouts to timevals instead of milliseconds
|
|
- improved memory management using mempools v2.
|
|
- several minor optimizations
|
|
|
|
2007/05/09 : 1.3.10.2
|
|
- fixed build on OpenBSD (missing types.h)
|
|
|
|
2007/05/09 : 1.3.10.1
|
|
- fixed sepoll transition matrix (two states were missing)
|
|
|
|
2007/05/08 : 1.3.10
|
|
- several fixes in ev_sepoll
|
|
- fixed some expiration dates on some tasks
|
|
- fixed a bug in connection establishment detection due to speculative I/O
|
|
- fixed rare bug occuring on TCP with early close (reported by Andy Smith)
|
|
- implemented URI hashing algorithm (Guillaume Dallaire)
|
|
- implemented SMTP health checks (Peter van Dijk)
|
|
- replaced the rbtree with ul2tree from old scheduler project
|
|
- new framework for generic ACL support
|
|
- added the 'acl' and 'block' keywords to the config language
|
|
- added several ACL criteria and matches (IP, port, URI, ...)
|
|
- cleaned up and better modularization for some time functions
|
|
- fixed list macros
|
|
- fixed useless memory allocation in str2net()
|
|
- store the original destination address in the session
|
|
|
|
2007/04/15 : 1.3.9
|
|
- modularized the polling mechanisms and use function pointers instead
|
|
of macros at many places
|
|
- implemented support for FreeBSD's kqueue() polling mechanism
|
|
- fixed a warning on OpenBSD : MIN/MAX redefined
|
|
- change socket registration order at startup to accomodate kqueue.
|
|
- several makefile cleanups to support old shells
|
|
- fix build with limits.h once for all
|
|
- ev_epoll: do not rely on fd_sets anymore, use changes stacks instead.
|
|
- fdtab now holds the results of polling
|
|
- implemented support for speculative I/O processing with epoll()
|
|
- remove useless calls to shutdown(SHUT_RD), resulting in small speed boost
|
|
- auto-registering of pollers at load time
|
|
|
|
2007/04/03 : 1.3.8.2
|
|
- rewriting either the status line or request line could crash the
|
|
process due to a pointer which ought to be reset before parsing.
|
|
- rewriting the status line in the response did not work, it caused
|
|
a 502 Bad Gateway due to an erroneous state during parsing
|
|
|
|
2007/04/01 : 1.3.8.1
|
|
- fix reqadd when no option httpclose is used.
|
|
- removed now unused fiprm and beprm from proxies
|
|
- split logs into two versions : TCP and HTTP
|
|
- added some docs about http headers storage and acls
|
|
- added a VIM script for syntax color highlighting (Bruno Michel)
|
|
|
|
2007/03/25 : 1.3.8
|
|
- fixed several bugs which might have caused a crash with bad configs
|
|
- several optimizations in header processing
|
|
- many progresses towards transaction-based processing
|
|
- option forwardfor may be used in frontends
|
|
- completed HTTP response processing
|
|
- some code refactoring between request and response processing
|
|
- new HTTP header manipulation functions
|
|
- optimizations on the recv() patch to reduce CPU usage under very
|
|
high data rates.
|
|
- more user-friendly help about the 'usesrc' keyword (CTTPROXY)
|
|
- username/groupname support from Marcus Rueckert
|
|
- added the "except" keyword to the "forwardfor" option (Bryan German)
|
|
- support for health-checks on other addresses (Fabrice Dulaunoy)
|
|
- makefile for MacOS 10.4 / Darwin (Dan Zinngrabe)
|
|
- do not insert "Connection: close" in HTTP/1.0 messages
|
|
|
|
2007/01/26 : 1.3.7
|
|
- fix critical bug introduced with 1.3.6 : an empty request header
|
|
may lead to a crash due to missing pointer assignment
|
|
- hdr_idx might be left uninitialized in debug mode
|
|
- fixed build on FreeBSD due to missing fd_set declaration
|
|
|
|
2007/01/22 : 1.3.6.1
|
|
- change in the header chaining broke cookies and authentication
|
|
|
|
2007/01/22 : 1.3.6
|
|
- stats now support the HEAD method too
|
|
- extracted http request from the session
|
|
- huge rework of the HTTP parser which is now a 28-state FSM.
|
|
- linux-style likely/unlikely macros for optimization hints
|
|
- do not create a server socket when there's no server
|
|
- imported lots of docs
|
|
|
|
2007/01/07 : 1.3.5
|
|
- stats: swap color sets for active and backup servers
|
|
- try to guess server check port when unset
|
|
- added complete support and doc for TCP Splicing
|
|
- replace the wait-queue linked list with an rbtree.
|
|
- a few bugfixes and cleanups
|
|
|
|
2007/01/02 : 1.3.4
|
|
- support for cttproxy on the server side to present the client
|
|
address to the server.
|
|
- added support for SO_REUSEPORT on Linux (needs kernel patch)
|
|
- new RFC2616-compliant HTTP request parser with header indexing
|
|
- split proxies in frontends, rulesets and backends
|
|
- implemented the 'req[i]setbe' to select a backend depending
|
|
on the contents
|
|
- added the 'default_backend' keyword to select a default BE.
|
|
- new stats page featuring FEs and BEs + bytes in both dirs
|
|
- improved log format to indicate the backend and the time in ms.
|
|
- lots of cleanups
|
|
|
|
2006/10/15 : 1.3.3
|
|
- fix broken redispatch option in case the connection has already
|
|
been marked "in progress" (ie: nearly always).
|
|
- support regparm on x86 to speed up some often called functions
|
|
- removed a few useless calls to gettimeofday() in log functions.
|
|
- lots of 'const char*' cleanups
|
|
- turn every FD_* into functions which are faster on recent CPUs
|
|
|
|
2006/09/03 : 1.3.2
|
|
- started the changes towards I/O completion callbacks. stream_sock* have
|
|
replaced event_*.
|
|
- added the new "reqtarpit" and "reqitarpit" protection features
|
|
|
|
2006/07/09 : 1.3.1 (1.2.15)
|
|
- now, haproxy warns about missing timeout during startup to try to
|
|
eliminate all those buggy configurations.
|
|
- added "Content-Type: text/html" in responses wherever appropriate, as
|
|
suggested by Cameron Simpson.
|
|
- implemented "option ssl-hello-chk" to use SSLv3 CLIENT HELLO messages to
|
|
test server's health
|
|
- implemented "monitor-uri" so that haproxy can reply to a specific URI with
|
|
an "HTTP/1.0 200 OK" response. This is useful to validate multiple proxies
|
|
at once.
|
|
|
|
2006/06/29 : 1.3.0
|
|
- exploded the whole file into multiple .c and .h. No functionnal
|
|
difference is expected at all.
|
|
- fixed a bug by which neither stats nor error messages could be returned if
|
|
'clitimeout' was missing.
|
|
|
|
2006/05/21 : 1.2.14
|
|
- new HTML status report with the 'stats' keyword.
|
|
- added the 'abortonclose' option to better resist traffic surges
|
|
- implemented dynamic traffic regulation with the 'minconn' option
|
|
- show request time on denied requests
|
|
- definitely fixed hot reconf on OpenBSD by the use of SO_REUSEPORT
|
|
- now a proxy instance is allowed to run without servers, which is
|
|
useful to dedicate one instance to stats
|
|
- added lots of error counters
|
|
- a missing parenthesis preventd matching of cacheable cookies
|
|
- a missing parenthesis in poll_loop() might have caused missed events.
|
|
|
|
2006/05/14 : 1.2.13.1
|
|
- an uninitialized field in the struct session could cause a crash when
|
|
the session was freed. This has been encountered on Solaris only.
|
|
- Solaris and OpenBSD no not support shutdown() on listening socket. Let's
|
|
be nice to them by performing a soft stop if pause fails.
|
|
|
|
2006/05/13 : 1.2.13
|
|
- 'maxconn' server parameter to do per-server session limitation
|
|
- queueing to support non-blocking session limitation
|
|
- fixed removal of cookies for cookie-less servers such as backup servers
|
|
- two separate wait queues for expirable and non-expirable tasks provide
|
|
better performance with lots of sessions.
|
|
- some code cleanups and performance improvements
|
|
- made state dumps a bit more verbose
|
|
- fixed missing checks for NULL srv in dispatch mode
|
|
- load balancing on backup servers was not possible in source hash mode.
|
|
- two session flags shared the same bit, but fortunately they were not
|
|
compatible.
|
|
|
|
2006/04/15 : 1.2.12
|
|
Very few changes preparing for more important changes to support per-server
|
|
session limitations and queueing :
|
|
- ignore leading empty lines in HTTP requests as suggested by RFC2616.
|
|
- added the 'weight' parameter to the servers, limited to 1..256. It applies
|
|
to roundrobin and source hash.
|
|
- the optional '-s' option could clobber '-st' and '-sf' if compiled in.
|
|
|
|
2006/03/30 : 1.2.11.1
|
|
- under some conditions, it might have been possible that when the
|
|
last dead server became available, it would not have been used
|
|
till another one would have changed state. Could not be reproduced
|
|
at all, however seems possible from the code.
|
|
|
|
2006/03/25 : 1.2.11
|
|
- added the '-db' command-line option to disable backgrounding.
|
|
- added the -sf/-st command-line arguments which are used to specify
|
|
a list of pids to send a FINISH or TERMINATE signal upon startup.
|
|
They will also be asked to release their port if a bind fails.
|
|
- reworked the startup mechanism to allow the sending of a signal to a list
|
|
of old pids if a socket cannot be bound, with a retry for a limited amount
|
|
of time (1 second by default).
|
|
- added the ability to enforce limits on memory usage.
|
|
- added the 'source' load-balancing algorithm which uses the source IP(v4|v6)
|
|
- re-architectured the server round-robin mechanism to ease integration of
|
|
other algorithms. It now relies on the number of active and backup servers.
|
|
- added a counter for the number of active and backup servers, and report
|
|
these numbers upon SIGHUP or state change.
|
|
|
|
2006/03/23 : 1.2.10.1
|
|
- while fixing the backup server round-robin "feature", a new bug was
|
|
introduced which could miss some backup servers.
|
|
- the displayed proxy name was wrong when dumping upon SIGHUP.
|
|
|
|
2006/03/19 : 1.2.10
|
|
- assert.h is needed when DEBUG is defined.
|
|
- ENORMOUS long standing bug affecting the epoll polling system :
|
|
event_data is a union, not a structure !
|
|
- Make fd management more robust and easier to debug. Also some
|
|
micro-optimisations.
|
|
- Limit the number of consecutive accept() in multi-process mode.
|
|
This produces a more evenly distributed load across the processes and
|
|
slightly improves performance by reducing bottlenecks.
|
|
- Make health-checks be more regular, and faster to retry after a timeout.
|
|
- Fixed some messages to ease parsing of alerts.
|
|
- provided a patch to enable epoll on RHEL3 kernels.
|
|
- Separated OpenBSD build from the main Makefile into a new one.
|
|
|
|
2006/03/15 : 1.2.9
|
|
- haproxy could not be stopped after being paused, it had to be woken up
|
|
first. This has been fixed.
|
|
- the 'ulimit-n' parameter is now optional and by default computed from
|
|
maxconn + the number of listeners + the number of health-checks.
|
|
- it is now possible to specify a maximum number of connections at build
|
|
time with the SYSTEM_MAXCONN define. The value set in the configuration
|
|
file will then be limited to this value, and only the command-line '-n'
|
|
option will be able to bypass it. It will prevent against accidental
|
|
high memory usage on small systems.
|
|
- RFC2616 expects that any HTTP agent accepts multi-line headers. Earlier
|
|
versions did not detect a line beginning with a space as the continuation
|
|
of previous header. It is now correct.
|
|
- health checks sent to servers configured with identical intervals were
|
|
sent in perfect synchronisation because the initial time was the same
|
|
for all. This could induce high load peaks when fragile servers were
|
|
hosting tens of instances for the same application. Now the load is
|
|
spread evenly across the smallest interval amongst a listener.
|
|
- a new 'forceclose' option was added to make the proxy close the outgoing
|
|
channel to the server once it has sent all its headers and the server
|
|
starts responding. This helps some servers which don't close upon the
|
|
'Connection: close' header. It implies 'option httpclose'.
|
|
- there was a bug in the way the backup servers were handled. They were
|
|
erroneously load-balanced while the doc said the opposite. Since
|
|
load-balanced backup servers is one of the features some people have
|
|
been asking for, the problem was fixed to reflect the documented
|
|
behaviour and a new option 'allbackups' was introduced to provide the
|
|
feature to those who need it.
|
|
- a never ending connect() could lead to a fast select() loop if its
|
|
timeout times the number of retransmits exceeded the server read or write
|
|
timeout, because the later was used to compute select()'s timeout while
|
|
the connection timeout was not reached.
|
|
- now we initialize the libc's localtime structures very early so that even
|
|
under OOM conditions, we can still send dated error messages without
|
|
segfaulting.
|
|
- the 'daemon' mode implies 'quiet' and disables 'verbose' because file
|
|
descriptors are closed.
|
|
|
|
2006/01/29 : 1.2.8
|
|
- fixed a nasty bug affecting poll/epoll which could return unmodified data
|
|
from the server to the client, and sometimes lead to memory corruption
|
|
crashing the process.
|
|
- added the new pause/play mechanism with SIGTTOU/SIGTTIN for hot-reconf.
|
|
|
|
2005/12/18 : 1.2.7.1
|
|
- the "retries" option was ignored because connect() could not return an
|
|
error if the connection failed before the timeout.
|
|
- TCP health-checks could not detect a connection refused in poll/epoll
|
|
mode.
|
|
|
|
2005/11/13 : 1.2.7
|
|
- building with -DUSE_PCRE should include PCRE headers and not regex.h. At
|
|
least on Solaris, this caused the libc's regex primitives to be used instead
|
|
of PCRE, which caused trouble on group references. This is now fixed.
|
|
- delayed the quiet mode during startup so that most of the startup alerts can
|
|
be displayed even in quiet mode.
|
|
- display an alert when a listener has no address, invalid or no port, or when
|
|
there are no enabled listeners upon startup.
|
|
- added "static-pcre" to the list of supported regex options in the Makefile.
|
|
|
|
2005/10/09 : 1.2.7rc (1.1.33rc)
|
|
- second batch of socklen_t changes.
|
|
- clean-ups from Cameron Simpson.
|
|
- because tv_remain() does not know about eternity, using no timeout can
|
|
make select() spin around a null time-out. Bug reported by Cameron Simpson.
|
|
- client read timeout was not properly set to eternity initialized after an
|
|
accept() if it was not set in the config. It remained undetected so long
|
|
because eternity is 0 and newly allocated pages are zeroed by the system.
|
|
- do not call get_original_dst() when not in transparent mode.
|
|
- implemented a workaround for a bug in certain epoll() implementations on
|
|
linux-2.4 kernels (epoll-lt <= 0.21).
|
|
- implemented TCP keepalive with new options : tcpka, clitcpka, srvtcpka.
|
|
|
|
2005/08/07 : 1.2.6
|
|
- clean-up patch from Alexander Lazic fixes build on Debian 3.1 (socklen_t).
|
|
|
|
2005/07/06 : 1.2.6-pre5 (1.1.32)
|
|
- added the number of active sessions (proxy/process) in the logs
|
|
|
|
2005/07/06 : 1.2.6-pre4 (1.1.32-pre4)
|
|
- the time-out fix introduced in 1.1.25 caused a corner case where it was
|
|
possible for a client to keep a connection maintained regardless of the
|
|
timeout if the server closed the connection during the HEADER phase,
|
|
while the client ignored the close request while doing nothing in the
|
|
other direction. This has been fixed now by ensuring that read timeouts
|
|
are re-armed when switching to any SHUTW state.
|
|
|
|
2005/07/05 : 1.2.6-pre3 (1.1.32-pre3)
|
|
- enhanced error reporting in the logs. Now the proxy will precisely detect
|
|
various error conditions related to the system and/or process limits, and
|
|
generate LOG_EMERG logs indicating that a resource has been exhausted.
|
|
- logs will contain two new characters for the error cause : 'R' indicates
|
|
a resource exhausted, and 'I' indicates an internal error, though this
|
|
one should never happen.
|
|
- server connection timeouts can now be reported in the logs (sC), as well
|
|
as connections refused because of maxconn limitations (PC).
|
|
|
|
2005/07/05 : 1.2.6-pre2 (1.1.32-pre2)
|
|
- new global configuration keyword "ulimit-n" may be used to raise the FD
|
|
limit to usable values.
|
|
- a warning is now displayed on startup if the FD limit is lower than the
|
|
configured maximum number of sockets.
|
|
|
|
2005/07/05 : 1.2.6-pre1 (1.1.32-pre1)
|
|
- new configuration keyword "monitor-net" makes it possible to be monitored
|
|
by external devices which connect to the proxy without being logged nor
|
|
forwarded to any server. Particularly useful on generic TCPv4 relays.
|
|
|
|
2005/06/21 : 1.2.5.2
|
|
- fixed build on PPC where chars are unsigned by default
|
|
|
|
2005/05/02 : 1.2.5.1
|
|
- dirty hack to fix a bug introduced with epoll : if we close an FD and
|
|
immediately reassign it to another session through a connect(), the
|
|
Prev{Read,Write}Events are not updated, which causes trouble detecting
|
|
changes, thus leading to many timeouts at high loads.
|
|
|
|
2005/04/30 : 1.2.5 (1.1.31)
|
|
- changed the runtime argument to disable epoll() to '-de'
|
|
- changed the runtime argument to disable poll() to '-dp'
|
|
- added global options 'nopoll' and 'noepoll' to do the same at the
|
|
configuration level.
|
|
- added a 'linux24e' target to the Makefile for Linux 2.4 systems patched to
|
|
support epoll().
|
|
- changed default FD_SETSIZE to 65536 on Solaris (default=1024)
|
|
- conditionned signals redirection to #ifdef DEBUG_MEMORY
|
|
|
|
2005/04/26 : 1.2.5-pre4
|
|
- made epoll() support a compile-time option : ENABLE_EPOLL
|
|
- provided a very little libc replacement for a possibly missing epoll()
|
|
implementation which can be enabled by -DUSE_MY_EPOLL
|
|
- implemented the poll() poller, which can be enabled with -DENABLE_POLL.
|
|
The equivalent runtime argument becomes '-P'. A few tests show that it
|
|
performs like select() with many fds, but slightly slower (certainly
|
|
because of the higher amount of memory involved).
|
|
- separated the 3 polling methods and the tasks scheduler into 4 distinct
|
|
functions which makes the code a lot more modular.
|
|
- moved some event tables to private static declarations inside the poller
|
|
functions.
|
|
- the poller functions can now initialize themselves, run, and cleanup.
|
|
- changed the runtime argument to enable epoll() to '-E'.
|
|
- removed buggy epoll_ctl() code in the client_retnclose() function. This
|
|
function was never meant to remove anything.
|
|
- fixed a typo which caused glibc to yell about a double free on exit.
|
|
- removed error checking after epoll_ctl(DEL) because we can never know if
|
|
the fd is still active or already closed.
|
|
- added a few entries in the makefile
|
|
|
|
2005/04/25 : 1.2.5-pre3
|
|
- experimental epoll() support (use temporary '-e' argument)
|
|
|
|
2005/04/24 : 1.2.5-pre2
|
|
- implemented the HTTP 303 code for error redirection. This forces the
|
|
browser to fetch the given URI with a GET request. The new keyword for
|
|
this is 'errorloc303', and a new 'errorloc302' keyword has been created
|
|
to make them easily distinguishable.
|
|
- added more controls in the parser for valid use of '\x' sequence.
|
|
- few fixes from Alex & Klaus
|
|
|
|
2005/02/17 : 1.2.5-pre1
|
|
- fixed a few errors in the documentation
|
|
|
|
2005/02/13
|
|
- do not pre-initialize unused file-descriptors before select() anymore.
|
|
|
|
2005/01/22 : 1.2.4
|
|
- merged Alexander Lazic's and Klaus Wagner's work on application
|
|
cookie-based persistence. Since this is the first merge, this version is
|
|
not intended for general use and reports are more than welcome. Some
|
|
documentation is really needed though.
|
|
|
|
2005/01/22 : 1.2.3 (1.1.30)
|
|
- add an architecture guide to the documentation
|
|
- released without any changes
|
|
|
|
2004/12/26 : 1.2.3-pre1 (1.1.30-pre1)
|
|
- increased default BUFSIZE to 16 kB to accept max headers of 8 kB which is
|
|
compatible with Apache. This limit can be configured in the makefile now.
|
|
Thanks to Eric Fehr for the checks.
|
|
- added a per-server "source" option which now makes it possible to bind to
|
|
a different source for each (potentially identical) server.
|
|
- changed cookie-based server selection slightly to allow several servers to
|
|
share a same cookie, thus making it possible to associate backup servers to
|
|
live servers and ease soft-stop for maintenance periods. (Alexander Lazic)
|
|
- added the cookie 'prefix' mode which makes it possible to use persistence
|
|
with thin clients which support only one cookie. The server name is prefixed
|
|
before the application cookie, and restore back.
|
|
- fixed the order of servers within an instance to match documentation. Now
|
|
the servers are *really* used in the order of their declaration. This is
|
|
particularly important when multiple backup servers are in use.
|
|
|
|
2004/10/18 : 1.2.2 (1.1.29)
|
|
- fixed a bug where a TCP connection would be logged twice if the 'logasap'
|
|
option was enabled without the 'tcplog' option.
|
|
- encode_string() would use hdr_encode_map instead of the map argument.
|
|
|
|
2004/08/10 : (1.1.29-pre2)
|
|
- the logged request is now encoded with '#XX' for unprintable characters
|
|
- new keywords 'capture request header' and 'capture response header' enable
|
|
logging of arbitrary HTTP headers in requests and responses
|
|
- removed "-DSOLARIS" after replacing the last inet_aton() with inet_pton()
|
|
|
|
2004/06/06 : 1.2.1 (1.1.28)
|
|
- added the '-V' command line option to verbosely report errors even though
|
|
the -q or 'quiet' options are specified. This is useful with '-c'.
|
|
- added a Red Hat init script and a .spec from Simon Matter <simon.matter@invoca.ch>
|
|
|
|
2004/06/05 :
|
|
- added the "logasap" option which produces a log without waiting for the data
|
|
to be transferred from the server to the client.
|
|
- added the "httpclose" option which removes any "connection:" header and adds
|
|
"Connection: close" in both direction.
|
|
- added the 'checkcache' option which blocks cacheable responses containing
|
|
dangerous headers, such as 'set-cookie'.
|
|
- added 'rspdeny' and 'rspideny' to block certain responses to avoid sensible
|
|
information leak from servers.
|
|
|
|
2004/04/18 :
|
|
- send an EMERG log when no server is available for a given proxy
|
|
- added the '-c' command line option to syntactically check the
|
|
configuration file without starting the service.
|
|
|
|
2003/11/09 : 1.2.0
|
|
- the same as 1.1.27 + IPv6 support on the client side
|
|
|
|
2003/10/27 : 1.1.27
|
|
- the configurable HTTP health check introduced in 1.1.23 revealed a shameful
|
|
bug : the code still assumed that HTTP requests were the same size as the
|
|
original ones (22 bytes), and failed if they were not.
|
|
- added support for pidfiles.
|
|
|
|
2003/10/22 : 1.1.26
|
|
- the fix introduced in 1.1.25 for client timeouts while waiting for servers
|
|
broke almost all compatibility with POST requests, because the proxy
|
|
stopped to read anything from the client as soon as it got all of its
|
|
headers.
|
|
|
|
2003/10/15 : 1.1.25
|
|
- added the 'tcplog' option, which provides enhanced, HTTP-like logs for
|
|
generic TCP proxies, or lighter logs for HTTP proxies.
|
|
- fixed a time-out condition wrongly reported as client time-out in data
|
|
phase if the client timeout was lower than the connect timeout times the
|
|
number of retries.
|
|
|
|
2003/09/21 : 1.1.24
|
|
- if a client sent a full request then shut its write connection down, then
|
|
the request was aborted. This case was detected only when using haproxy
|
|
both as health-check client and as a server.
|
|
- if 'option httpchk' is used in a 'health' mode server, then responses will
|
|
change from 'OK' to 'HTTP/1.0 200 OK'.
|
|
- fixed a Linux-only bug in case of HTTP server health-checks, where a single
|
|
server response followed by a close could be ignored, and the server seen
|
|
as failed.
|
|
|
|
2003/09/19 : 1.1.23
|
|
- fixed a stupid bug introduced in 1.1.22 which caused second and subsequent
|
|
'default' sections to keep previous parameters, and not initialize logs
|
|
correctly.
|
|
- fixed a second stupid bug introduced in 1.1.22 which caused configurations
|
|
relying on 'dispatch' mode to segfault at the first connection.
|
|
- 'option httpchk' now supports method, HTTP version and a few headers.
|
|
- now, 'option httpchk', 'cookie' and 'capture' can be specified in
|
|
'defaults' section
|
|
|
|
2003/09/10 : 1.1.22
|
|
- 'listen' now supports optionnal address:port-range lists
|
|
- 'bind' introduced to add new listen addresses
|
|
- fixed a bug which caused a session to be kept established on a server till
|
|
it timed out if the client closed during the DATA phase.
|
|
- the port part of each server address can now be empty to make the proxy
|
|
connect to the server on the same port it was connected to, be an absolute
|
|
unsigned number to reflect a single port (as in older versions), or an
|
|
explicitly signed number (+N/-N) to indicate that this offset must be
|
|
applied to the port the proxy was connected to, when connecting to the
|
|
server.
|
|
- the 'port' server option allows the user to specify a different
|
|
health-check port than the service one. It is mandatory when only relative
|
|
ports have been specified and check is required. By default, the checks are
|
|
sent to the service port.
|
|
- new 'defaults' section which is rather similar to 'listen' except that all
|
|
values are only used as default values for future 'listen' sections, until
|
|
a new 'defaults' resets them. At the moment, server options, regexes,
|
|
cookie names and captures cannot be set in the 'defaults' section.
|
|
|
|
2003/05/06 : 1.1.21
|
|
- changed the debug output format so that it now includes the session unique
|
|
ID followed by the instance name at the beginning of each line.
|
|
- in debug mode, accept now shows the client's IP and port.
|
|
- added one 3 small debugging scripts to search and pretty print debug output
|
|
- changed the default health check request to "OPTIONS /" instead of
|
|
"OPTIONS *" since not all servers implement the later one.
|
|
- "option httpchk" now accepts an optional parameter allowing the user to
|
|
specify and URI other than '/' during health-checks.
|
|
|
|
2003/04/21 : 1.1.20
|
|
- fixed two problems with time-outs, one where a server would be logged as
|
|
timed out during transfer that take longer to complete than the fixed
|
|
time-out, and one where clients were logged as timed-out during the data
|
|
phase because they didn't have anything to send. This sometimes caused
|
|
slow client connections to close too early while in fact there was no
|
|
problem. The proper fix would be to have a per-fd time-out with
|
|
conditions depending on the state of the HTTP FSM.
|
|
|
|
2003/04/16 : 1.1.19
|
|
- haproxy was NOT RFC compliant because it was case-sensitive on HTTP
|
|
"Cookie:" and "Set-Cookie:" headers. This caused JVM 1.4 to fail on
|
|
cookie persistence because it uses "cookie:". Two memcmp() have been
|
|
replaced with strncasecmp().
|
|
|
|
2003/04/02 : 1.1.18
|
|
- Haproxy can be compiled with PCRE regex instead of libc regex, by setting
|
|
REGEX=pcre on the make command line.
|
|
- HTTP health-checks now use "OPTIONS *" instead of "OPTIONS /".
|
|
- when explicit source address binding is required, it is now also used for
|
|
health-checks.
|
|
- added 'reqpass' and 'reqipass' to allow certain headers but not the request
|
|
itself.
|
|
- factored several strings to reduce binary size by about 2 kB.
|
|
- replaced setreuid() and setregid() with more standard setuid() and setgid().
|
|
- added 4 status flags to the log line indicating who ended the connection
|
|
first, the sessions state, the validity of the cookie, and action taken on
|
|
the set-cookie header.
|
|
|
|
2002/10/18 : 1.1.17
|
|
- add the notion of "backup" servers, which are used only when all other
|
|
servers are down.
|
|
- make Set-Cookie return "" instead of "(null)" when the server has no
|
|
cookie assigned (useful for backup servers).
|
|
- "log" now supports an optionnal level name (info, notice, err ...) above
|
|
which nothing is sent.
|
|
- replaced some strncmp() with memcmp() for better efficiency.
|
|
- added "capture cookie" option which logs client and/or server cookies
|
|
- cleaned up/down messages and dump servers states upon SIGHUP
|
|
- added a redirection feature for errors : "errorloc <errnum> <url>"
|
|
- now we won't insist on connecting to a dead server, even with a cookie,
|
|
unless option "persist" is specified.
|
|
- added HTTP/408 response for client request time-out and HTTP/50[234] for
|
|
server reply time-out or errors.
|
|
|
|
2002/09/01 : 1.1.16
|
|
- implement HTTP health checks when option "httpchk" is specified.
|
|
|
|
2002/08/07 : 1.1.15
|
|
- replaced setpgid()/setpgrp() with setsid() for better portability, because
|
|
setpgrp() doesn't have the same meaning under Solaris, Linux, and OpenBSD.
|
|
|
|
2002/07/20 : 1.1.14
|
|
- added "postonly" cookie mode
|
|
|
|
2002/07/15 : 1.1.13
|
|
- tv_diff used inverted parameters which led to negative times !
|
|
|
|
2002/07/13 : 1.1.12
|
|
- fixed stats monitoring, and optimized some tv_* for most common cases.
|
|
- replaced temporary 'newhdr' with 'trash' to reduce stack size
|
|
- made HTTP errors more HTML-fiendly.
|
|
- renamed strlcpy() to strlcpy2() because of a slightly difference between
|
|
their behaviour (return value), to avoid confusion.
|
|
- restricted HTTP messages to HTTP proxies only
|
|
- added a 502 message when the connection has been refused by the server,
|
|
to prevent clients from believing this is a zero-byte HTTP 0.9 reply.
|
|
- changed 'Cache-control:' from 'no-cache="set-cookie"' to 'private' when
|
|
inserting a cookie, because some caches (apache) don't understand it.
|
|
- fixed processing of server headers when client is in SHUTR state
|
|
|
|
2002/07/04 :
|
|
- automatically close fd's 0,1 and 2 when going daemon ; setpgrp() after
|
|
setpgid()
|
|
|
|
2002/06/04 : 1.1.11
|
|
- fixed multi-cookie handling in client request to allow clean deletion
|
|
in insert+indirect mode. Now, only the server cookie is deleted and not
|
|
all the header. Should now be compliant to RFC2965.
|
|
- added a "nocache" option to "cookie" to specify that we explicitly want
|
|
to add a "cache-control" header when we add a cookie.
|
|
It is also possible to add an "Expires: <old-date>" to keep compatibility
|
|
with old/broken caches.
|
|
|
|
2002/05/10 : 1.1.10
|
|
- if a cookie is used in insert+indirect mode, it's desirable that the
|
|
the servers don't see it. It was not possible to remove it correctly
|
|
with regexps, so now it's removed automatically.
|
|
|
|
2002/04/19 : 1.1.9
|
|
- don't use snprintf()'s return value as an end of message since it may
|
|
be larger. This caused bus errors and segfaults in internal libc's
|
|
getenv() during localtime() in send_log().
|
|
- removed dead insecure send_syslog() function and all references to it.
|
|
- fixed warnings on Solaris due to buggy implementation of isXXXX().
|
|
|
|
2002/04/18 : 1.1.8
|
|
- option "dontlognull"
|
|
- fixed "double space" bug in config parser
|
|
- fixed an uninitialized server field in case of dispatch
|
|
with no existing server which could cause a segfault during
|
|
logging.
|
|
- the pid logged was always the father's, which was wrong for daemons.
|
|
- fixed wrong level "LOG_INFO" for message "proxy started".
|
|
|
|
2002/04/13 :
|
|
- http logging is now complete :
|
|
- ip:port, date, proxy, server
|
|
- req_time, conn_time, hdr_time, tot_time
|
|
- status, size, request
|
|
- source address
|
|
|
|
2002/04/12 : 1.1.7
|
|
- added option forwardfor
|
|
- added reqirep, reqidel, reqiallow, reqideny, rspirep, rspidel
|
|
- added "log global" in "listen" section.
|
|
|
|
2002/04/09 :
|
|
- added a new "global" section :
|
|
- logs
|
|
- debug, quiet, daemon modes
|
|
- uid, gid, chroot, nbproc, maxconn
|
|
|
|
2002/04/08 : 1.1.6
|
|
- regex are now chained and not limited anymore.
|
|
- unavailable server now returns HTTP/502.
|
|
- increased per-line args limit to 40
|
|
- added reqallow/reqdeny to block some request on matches
|
|
- added HTTP 400/403 responses
|
|
|
|
2002/04/03 : 1.1.5
|
|
- connection logging displayed incorrect source address.
|
|
- added proxy start/stop and server up/down log events.
|
|
- replaced log message short buffers with larger trash.
|
|
- enlarged buffer to 8 kB and replace buffer to 4 kB.
|
|
|
|
2002/03/25 : 1.1.4
|
|
- made rise/fall/interval time configurable
|
|
|
|
2002/03/22 : 1.1.3
|
|
- fixed a bug : cr_expire and cw_expire were inverted in CL_STSHUT[WR]
|
|
which could lead to loops.
|
|
|
|
2002/03/21 : 1.1.2
|
|
- fixed a bug in buffer management where we could have a loop
|
|
between event_read() and process_{cli|srv} if R==BUFSIZE-MAXREWRITE.
|
|
=> implemented an adjustable buffer limit.
|
|
- fixed a bug : expiration of tasks in wait queue timeout is used again,
|
|
and running tasks are skipped.
|
|
- added some debug lines for accept events.
|
|
- send warnings for servers up/down.
|
|
|
|
2002/03/12 : 1.1.1
|
|
- fixed a bug in total failure handling
|
|
- fixed a bug in timestamp comparison within same second (tv_cmp_ms)
|
|
|
|
2002/03/10 : 1.1.0
|
|
- fixed a few timeout bugs
|
|
- rearranged the task scheduler subsystem to improve performance,
|
|
add new tasks, and make it easier to later port to librt ;
|
|
- allow multiple accept() for one select() wake up ;
|
|
- implemented internal load balancing with basic health-check ;
|
|
- cookie insertion and header add/replace/delete, with better strings
|
|
support.
|
|
|
|
2002/03/08
|
|
- reworked buffer handling to fix a few rewrite bugs, and
|
|
improve overall performance.
|
|
- implement the "purge" option to delete server cookies in direct mode.
|
|
|
|
2002/03/07
|
|
- fixed some error cases where the maxfd was not decreased.
|
|
|
|
2002/02/26
|
|
- now supports transparent proxying, at least on linux 2.4.
|
|
|
|
2002/02/12
|
|
- soft stop works again (fixed select timeout computation).
|
|
- it seems that TCP proxies sometimes cannot timeout.
|
|
- added a "quiet" mode.
|
|
- enforce file descriptor limitation on socket() and accept().
|
|
|
|
2001/12/30 : release of version 1.0.2 : fixed a bug in header processing
|
|
2001/12/19 : release of version 1.0.1 : no MSG_NOSIGNAL on solaris
|
|
2001/12/16 : release of version 1.0.0.
|
|
2001/12/16 : added syslog capability for each accepted connection.
|
|
2001/11/19 : corrected premature end of files and occasional SIGPIPE.
|
|
2001/10/31 : added health-check type servers (mode health) which replies OK then closes.
|
|
2001/10/30 : added the ability to support standard TCP proxies and HTTP proxies
|
|
with or without cookies (use keyword http for this).
|
|
2001/09/01 : added client/server header replacing with regexps.
|
|
eg:
|
|
cliexp ^(Host:\ [^:]*).* Host:\ \1:80
|
|
srvexp ^Server:\ .* Server:\ Apache
|
|
2000/11/29 : first fully working release with complete FSMs and timeouts.
|
|
2000/11/28 : major rewrite
|
|
2000/11/26 : first write
|