From: Apollon Oikonomopoulos Date: Tue, 4 Apr 2017 11:25:38 +0000 (+0100) Subject: Import haproxy_1.7.5.orig.tar.gz X-Git-Tag: archive/raspbian/2.0.5-1+rpi1~1^2^2~5 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=73fb82def587dadab097fd82923c8e1380f09a7a;p=haproxy.git Import haproxy_1.7.5.orig.tar.gz [dgit import orig haproxy_1.7.5.orig.tar.gz] --- 73fb82def587dadab097fd82923c8e1380f09a7a diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7f889a0 --- /dev/null +++ b/.gitignore @@ -0,0 +1,39 @@ +# Below we forbid everything and only allow what we know, that's much easier +# than blocking about 500 different test files and bug report outputs. +/.* +/* +!/.gitignore +!/CHANGELOG +!/LICENSE +!/Makefile +!/README +!/CONTRIBUTING +!/MAINTAINERS +!/ROADMAP +!/SUBVERS +!/VERDATE +!/VERSION +!/contrib +!/doc +!/ebtree +!/examples +!/include +!/src +!/tests +!/debian +!/scripts +# Reject some generic files +*.o +*~ +*.rej +*.orig +*.bak +# And reject some specific files +/contrib/base64/base64rev +/contrib/halog/halog +/contrib/ip6range/ip6range +/contrib/iprange/iprange +/contrib/systemd/haproxy.service +/contrib/spoa_example/spoa +/src/dlmalloc.c +/tests/test_hashes diff --git a/CHANGELOG b/CHANGELOG new file mode 100644 index 0000000..b4698b8 --- /dev/null +++ b/CHANGELOG @@ -0,0 +1,6393 @@ +ChangeLog : +=========== + +2017/04/03 : 1.7.5 + - BUG/MEDIUM: peers: fix buffer overflow control in intdecode. + - BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers + - BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled + - BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze + - DOC: fix parenthesis and add missing "Example" tags + - DOC: update the contributing file + - DOC: log-format/tcplog/httplog update + - MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections + +2017/03/27 : 1.7.4 + - MINOR: config: warn when some HTTP rules are used in a TCP proxy + - BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters + - BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section + - BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file + - BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup + - BUG/MINOR: Fix "get map " CLI command + - BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer + - BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING + - BUG/MINOR: checks: attempt clean shutw for SSL check + - CONTRIB: tcploop: add limits.h to fix build issue with some compilers + - CONTRIB: tcploop: make it build on FreeBSD + - CONTRIB: tcploop: fix time format to silence build warnings + - CONTRIB: tcploop: report action 'K' (kill) in usage message + - CONTRIB: tcploop: fix connect's address length + - CONTRIB: tcploop: use the trash instead of NULL for recv() + - BUG/MEDIUM: listener: do not try to rebind another process' socket + - BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze + - BUG/MAJOR: stream-int: do not depend on connection flags to detect connection + - BUG/MEDIUM: connection: ensure to always report the end of handshakes + - BUG: payload: fix payload not retrieving arbitrary lengths + - BUG/MAJOR: http: fix typo in http_apply_redirect_rule + - MINOR: doc: 2.4. Examples should be 2.5. Examples + - BUG/MEDIUM: stream: fix client-fin/server-fin handling + - MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller + - BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available + - DOC/MINOR: Fix typos in proxy protocol doc + - DOC: Protocol doc: add checksum, TLV type ranges + - DOC: Protocol doc: add SSL TLVs, rename CHECKSUM + - DOC: Protocol doc: add noop TLV + - MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time + - BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity(). + - MINOR: server: irrelevant error message with 'default-server' config file keyword. + - MINOR: doc: fix use-server example (imap vs mail) + - BUG/MEDIUM: tcp: don't require privileges to bind to device + - BUILD: make the release script use shortlog for the final changelog + - BUILD: scripts: fix typo in announce-release error message + +2017/02/28 : 1.7.3 + - BUG/MINOR: stream: Fix how backend-specific analyzers are set on a stream + - BUILD: ssl: fix build on OpenSSL 1.0.0 + - BUILD: ssl: silence a warning reported for ERR_remove_state() + - BUILD: ssl: eliminate warning with OpenSSL 1.1.0 regarding RAND_pseudo_bytes() + - BUG/MEDIUM: tcp: don't poll for write when connect() succeeds + - BUG/MINOR: unix: fix connect's polling in case no data are scheduled + - DOC: lua: improve links + - BUG/MINOR: lua: Map.end are not reliable because "end" is a reserved keyword + - MINOR: dns: give ability to dns_init_resolvers() to close a socket when requested + - BUG/MAJOR: dns: restart sockets after fork() + - MINOR: chunks: implement a simple dynamic allocator for trash buffers + - BUG/MEDIUM: http: prevent redirect from overwriting a buffer + - BUG/MEDIUM: filters: Do not truncate HTTP response when body length is undefined + - BUG/MEDIUM: http: Prevent replace-header from overwriting a buffer + - BUG/MINOR: http: Return an error when a replace-header rule failed on the response + - BUG/MINOR: sendmail: The return of vsnprintf is not cleanly tested + - BUG/MAJOR: lua segmentation fault when the request is like 'GET ?arg=val HTTP/1.1' + - BUG/MEDIUM: config: reject anything but "if" or "unless" after a use-backend rule + - MINOR: http: don't close when redirect location doesn't start with "/" + +2017/01/13 : 1.7.2 + - BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2) + - SCRIPTS: git-show-backports: fix a harmless typo + - SCRIPTS: git-show-backports: add -H to use the hash of the commit message + - BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW + - DOC: lua: documentation about time parser functions + - DOC: lua: section declared twice + - BUG/MINOR: lua/cli: bad error message + - DOC: fix small typo in fe_id (backend instead of frontend) + - BUG/MINOR: Fix the sending function in Lua's cosocket + - BUG/MINOR: lua: memory leak executing tasks + - BUG/MINOR: lua: bad return code + - BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake + - BUG/MEDIUM: ssl: avoid double free when releasing bind_confs + - BUG/MINOR: stats: fix be/sessions/current out in typed stats + - BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled + - BUG/MEDIUM: ssl: for a handshake when server-side SNI changes + - BUG/MINOR: systemd: potential zombie processes + - DOC: Add timings events schemas + - BUILD: lua: build failed on FreeBSD. + - BUG/MINOR: option prefer-last-server must be ignored in some case + - MINOR: stats: Support "select all" for backend actions + - BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches sc*_get_gpt0 + - BUG/MAJOR: channel: Fix the definition order of channel analyzers + - BUG/MINOR: http: report real parser state in error captures + - BUILD: scripts: automatically update the branch in version.h when releasing + - BUG/MAJOR: http: fix risk of getting invalid reports of bad requests + - MINOR: http: custom status reason. + - MINOR: connection: add sample fetch "fc_rcvd_proxy" + - BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options + - BUG/MINOR: tools: fix off-by-one in port size check + - BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family + - MEDIUM: server: split the address and the port into two different fields + - MINOR: tools: make str2sa_range() return the port in a separate argument + - MINOR: server: take the destination port from the port field, not the addr + - MEDIUM: server: disable protocol validations when the server doesn't resolve + - BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0 + - BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage + - MINOR: proto_http.c 502 error txt typo. + - DOC: add deprecation notice to "block" + - BUG/MINOR: Reset errno variable before calling strtol(3) + +2016/12/13 : 1.7.1 + - BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos + - BUG/MINOR: stats: make field_str() return an empty string on NULL + - DOC: Spelling fixes + - BUG/MEDIUM: http: Fix tunnel mode when the CONNECT method is used + - BUG/MINOR: http: Keep the same behavior between 1.6 and 1.7 for tunneled txn + - BUG/MINOR: filters: Protect args in macros HAS_DATA_FILTERS and IS_DATA_FILTER + - BUG/MINOR: filters: Invert evaluation order of HTTP_XFER_BODY and XFER_DATA analyzers + - BUG/MINOR: http: Call XFER_DATA analyzer when HTTP txn is switched in tunnel mode + - BUG/MAJOR: stream: fix session abort on resource shortage + - BUG/MINOR: cli: allow the backslash to be escaped on the CLI + - BUG/MEDIUM: cli: fix "show stat resolvers" and "show tls-keys" + - DOC: Fix map table's format + - DOC: Added 51Degrees conv and fetch functions to documentation. + - BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect + - DOC: mention that req_tot is for both frontends and backends + - BUG/MEDIUM: variables: some variable name can hide another ones + - BUG/MINOR: stats: fix be/sessions/max output in html stats + - MINOR: proxy: Add fe_name/be_name fetchers next to existing fe_id/be_id + - DOC: lua: Documentation about some entry missing + - MINOR: Do not forward the header "Expect: 100-continue" when the option http-buffer-request is set + - DOC: Add undocumented argument of the trace filter + - DOC: Fix some typo in SPOE documentation + - BUG/MINOR: cli: be sure to always warn the cli applet when input buffer is full + - MINOR: applet: Count number of (active) applets + - MINOR: task: Rename run_queue and run_queue_cur counters + - BUG/MEDIUM: stream: Save unprocessed events for a stream + - BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled + - BUILD/MEDIUM: Fixing the build using LibreSSL + +2016/11/25 : 1.7.0 + - SCRIPTS: make publish-release also copy the new SPOE doc + - BUILD: http: include types/sample.h in proto_http.h + - BUILD: debug/flags: remove test for SF_COMP_READY + - CONTRIB: debug/flags: add check for SF_ERR_CHK_PORT + - MINOR: lua: add function which return true if the channel is full. + - MINOR: lua: add ip addresses and network manipulation function + - CONTRIB: tcploop: scriptable TCP I/O for debugging purposes + - CONTRIB: tcploop: implement fork() + - CONTRIB: tcploop: implement logging when called with -v + - CONTRIB: tcploop: update the usage output + - CONTRIB: tcploop: support sending plain strings + - CONTRIB: tcploop: don't report failed send() or recv() + - CONTRIB: tcploop: add basic loops via a jump instruction + - BUG/MEDIUM: channel: bad unlikely macro + - CLEANUP: lua: move comment + - CLEANUP: lua: control executed twice + - BUG/MEDIUM: ssl: Store certificate filename in a variable + - BUG/MINOR: ssl: Print correct filename when error occurs reading OCSP + - CLEANUP: ssl: Remove goto after return dead code + - CLEANUP: ssl: Fix bind keywords name in comments + - DOC: ssl: Use correct wording for ca-sign-pass + - CLEANUP: lua: avoid directly calling getsockname/getpeername() + - BUG/MINOR: stick-table: handle out-of-memory condition gracefully + - MINOR: cli: add private pointer and release function + - MEDIUM: lua: Add cli handler for Lua + - BUG/MEDIUM: connection: check the control layer before stopping polling + - DEBUG: connection: mark the closed FDs with a value that is easier to detect + - BUG/MEDIUM: stick-table: fix regression caused by recent fix for out-of-memory + - BUG/MINOR: cli: properly decrement ref count on tables during failed dumps + - BUG/MEDIUM: lua: In some case, the return of sample-fetche is ignored + - MINOR: filters: Add check_timeouts callback to handle timers expiration on streams + - MINOR: spoe: Add 'timeout processing' option to limit time to process an event + - MINOR: spoe: Remove useless 'timeout ack' option + - MINOR: spoe: Add 'option continue-on-error' statement in spoe-agent section + - MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements + - MINOR: spoe: Add "option set-on-error" statement + - MINOR: stats: correct documentation of process ID for typed output + - BUILD: contrib: fix ip6range build on Centos 7 + - BUILD: fix build on Solaris 10/11 + - BUG/MINOR: cli: fix pointer size when reporting data/transport layer name + - BUG/MINOR: cli: dequeue from the proxy when changing a maxconn + - BUG/MINOR: cli: wake up the CLI's task after a timeout update + - MINOR: connection: add a few functions to report the data and xprt layers' names + - MINOR: connection: add names for transport and data layers + - REORG: cli: split dumpstats.c in src/cli.c and src/stats.c + - REORG: cli: split dumpstats.h in stats.h and cli.h + - REORG: cli: move ssl CLI functions to ssl_sock.c + - REORG: cli: move map and acl code to map.c + - REORG: cli: move show stat resolvers to dns.c + - MINOR: cli: create new function cli_has_level() to validate permissions + - MINOR: server: create new function cli_find_server() to find a server + - MINOR: proxy: create new function cli_find_frontend() to find a frontend + - REORG: cli: move 'set server' to server.c + - REORG: cli: move 'show pools' to memory.c + - REORG: cli: move 'show servers' to proxy.c + - REORG: cli: move 'show sess' to stream.c + - REORG: cli: move 'show backend' to proxy.c + - REORG: cli: move get/set weight to server.c + - REORG: cli: move "show stat" to stats.c + - REORG: cli: move "show info" to stats.c + - REORG: cli: move dump_text(), dump_text_line(), and dump_binary() to standard.c + - REORG: cli: move table dump/clear/set to stick_table.c + - REORG: cli: move "show errors" out of cli.c + - REORG: cli: make "show env" also use the generic keyword registration + - REORG: cli: move "set timeout" to its own handler + - REORG: cli: move "clear counters" to stats.c + - REORG: cli: move "set maxconn global" to its own handler + - REORG: cli: move "set maxconn server" to server.c + - REORG: cli: move "set maxconn frontend" to proxy.c + - REORG: cli: move "shutdown sessions server" to stream.c + - REORG: cli: move "shutdown session" to stream.c + - REORG: cli: move "shutdown frontend" to proxy.c + - REORG: cli: move "{enable|disable} frontend" to proxy.c + - REORG: cli: move "{enable|disable} server" to server.c + - REORG: cli: move "{enable|disable} health" to server.c + - REORG: cli: move "{enable|disable} agent" to server.c + - REORG: cli: move the "set rate-limit" functions to their own parser + - CLEANUP: cli: rename STAT_CLI_* to CLI_ST_* + - CLEANUP: cli: simplify the request parser a little bit + - CLEANUP: cli: remove assignments to st0 and st2 in keyword parsers + - BUILD: server: remove a build warning introduced by latest series + - BUG/MINOR: log-format: uncatched memory allocation functions + - CLEANUP: log-format: useless file and line in json converter + - CLEANUP/MINOR: log-format: unexport functions parse_logformat_var_args() and parse_logformat_var() + - CLEANUP: log-format: fix return code of the function parse_logformat_var() + - CLEANUP: log-format: fix return code of function parse_logformat_var_args() + - CLEANUP: log-format: remove unused arguments + - MEDIUM: log-format: strict parsing and enable fail + - MEDIUM: log-format/conf: take into account the parse_logformat_string() return code + - BUILD: ssl: make the SSL layer build again with openssl 0.9.8 + - BUILD: vars: remove a build warning on vars.c + - MINOR: lua: add utility function for check boolean argument + - MINOR: lua: Add tokenize function. + - BUG/MINOR: conf: calloc untested + - MINOR: http/conf: store the use_backend configuration file and line for logs + - MEDIUM: log-format: Use standard HAProxy log system to report errors + - CLEANUP: sample: report "converter" instead of "conv method" in error messages + - BUG: spoe: Fix parsing of SPOE actions in ACK frames + - MINOR: cli: make "show stat" support a proxy name + - MINOR: cli: make "show errors" support a proxy name + - MINOR: cli: make "show errors" capable of dumping only request or response + - BUG/MINOR: freq-ctr: make swrate_add() support larger values + - CLEANUP: counters: move from 3 types to 2 types + - CLEANUP: cfgparse: cascade the warnif_misplaced_* rules + - REORG: tcp-rules: move tcp rules processing to their own file + - REORG: stkctr: move all the stick counters processing to stick-tables.c + - DOC: update the roadmap file with the latest changes + +2016/11/09 : 1.7-dev6 + - DOC: fix the entry for hash-balance-factor config option + - DOC: Fix typo in description of `-st` parameter in man page + - CLEANUP: cfgparse: Very minor spelling correction + - MINOR: examples: Update haproxy.spec URLs to haproxy.org + - BUG/MEDIUM: peers: on shutdown, wake up the appctx, not the stream + - BUG/MEDIUM: peers: fix use after free in peer_session_create() + - MINOR: peers: make peer_session_forceshutdown() use the appctx and not the stream + - MINOR: peers: remove the pointer to the stream + - BUG/MEDIUM: systemd-wrapper: return correct exit codes + - DOC: stats: provide state details for show servers state + - MEDIUM: tools: make str2ip2() preserve existing ports + - CLEANUP: tools: make ipcpy() preserve the original port + - OPTIM: http: move all http character classs tables into a single one + - OPTIM: http: improve parsing performance of long header lines + - OPTIM: http: improve parsing performance of long URIs + - OPTIM: http: optimize lookup of comma and quote in header values + - BUG/MEDIUM: srv-state: properly restore the DRAIN state + - BUG/MINOR: srv-state: allow to have both CMAINT and FDRAIN flags + - MINOR: server: do not emit warnings/logs/alerts on server state changes at boot + - BUG/MEDIUM: servers: properly propagate the maintenance states during startup + - MEDIUM: wurfl: add Scientiamobile WURFL device detection module + - DOC: move the device detection modules documentation to their own files + - CLEANUP: wurfl: reduce exposure in the rest of the code + - MEDIUM: ssl: Add support for OpenSSL 1.1.0 + - MINOR: stream: make option contstats usable again + - MEDIUM: tools: make str2sa_range() return the FQDN even when not resolving + - MINOR: init: move apply_server_state in haproxy.c before MODE_CHECK + - MAJOR: server: postpone address resolution + - MINOR: new srv_admin flag: SRV_ADMF_RMAINT + - MINOR: server: indicate in the logs when RMAINT is cleared + - MINOR: stats: indicate it when a server is down due to resolution + - MINOR: server: make srv_set_admin_state() capable of telling why this happens + - MINOR: dns: implement extra 'hold' timers. + - MAJOR: dns: runtime resolution can change server admin state + - MEDIUM: cli: leave the RMAINT state when setting an IP address on the CLI + - MEDIUM: server: add a new init-addr server line setting + - MEDIUM: server: make use of init-addr + - MINOR: server: implement init-addr none + - MEDIUM: server: make libc resolution failure non-fatal + - MINOR: server: add support for explicit numeric address in init-addr + - DOC: add some documentation for the "init-addr" server keyword + - MINOR: init: add -dr to ignore server address resolution failures + - MEDIUM: server: do not restrict anymore usage of IP address from the state file + - BUG: vars: Fix 'set-var' converter because of a typo + - CLEANUP: remove last references to 'ruleset' section + - MEDIUM: filters: Add attch/detach and stream_set_backend callbacks + - MINOR: filters: Update filters documentation accordingly to recent changes + - MINOR: filters: Call stream_set_backend callbacks before updating backend stats + - MINOR: filters: Remove backend filters attached to a stream only for HTTP streams + - MINOR: flt_trace: Add hexdump option to dump forwarded data + - MINOR: cfgparse: Add functions to backup and restore registered sections + - MINOR: cfgparse: Parse scope lines and save the last one parsed + - REORG: sample: move code to release a sample expression in sample.c + - MINOR: vars: Allow '.' in variable names + - MINOR: vars: Add vars_set_by_name_ifexist function + - MEDIUM: vars: Add a per-process scope for variables + - MINOR: vars: Add 'unset-var' action/converter + - MAJOR: spoe: Add an experimental Stream Processing Offload Engine + - MINOR: spoe: add random ip-reputation service as SPOA example + - MINOR: spoe/checks: Add support for SPOP health checks + - DOC: update ROADMAP file + +2016/10/25 : 1.7-dev5 + - MINOR: cfgparse: few memory leaks fixes. + - MEDIUM: log: Decompose %Tq in %Th %Ti %TR + - CLEANUP: logs: remove unused log format field definitions + - BUILD/MAJOR:updated 51d Trie implementation to incorperate latest update to 51Degrees.c + - BUG/MAJOR: stream: properly mark the server address as unset on connect retry + - CLEANUP: proto_http: Removing useless variable assignation + - CLEANUP: dumpstats: Removing useless variables allocation + - CLEANUP: dns: Removing usless variable & assignation + - BUG/MINOR: payload: fix SSLv2 version parser + - MINOR: cli: allow the semi-colon to be escaped on the CLI + - MINOR: cli: change a server health check port through the stats socket + - BUG/MINOR: Fix OSX compilation errors + - MAJOR: check: find out which port to use for health check at run time + - MINOR: server: introduction of 3 new server flags + - MINOR: new update_server_addr_port() function to change both server's ADDR and service PORT + - MINOR: cli: ability to change a server's port + - CLEANUP/MINOR dns: comment do not follow up code update + - MINOR: chunk: new strncat function + - MINOR: dns: wrong DNS_MAX_UDP_MESSAGE value + - MINOR: dns: new MAX values + - MINOR: dns: new macro to compute DNS header size + - MINOR: dns: new DNS structures to store received packets + - MEDIUM: dns: new DNS response parser + - MINOR: dns: query type change when last record is a CNAME + - MINOR: dns: proper domain name validation when receiving DNS response + - MINOR: dns: comments in types/dns.h about structures endianness + - BUG/MINOR: displayed PCRE version is running release + - MINOR: show Built with PCRE version + - MINOR: show Running on zlib version + - MEDIUM: make SO_REUSEPORT configurable + - MINOR: enable IP_BIND_ADDRESS_NO_PORT on backend connections + - BUG/MEDIUM: http/compression: Fix how chunked data are copied during the HTTP body parsing + - BUG/MINOR: stats: report the correct conn_time in backend's html output + - BUG/MEDIUM: dns: don't randomly crash on out-of-memory + - MINOR: Add fe_req_rate sample fetch + - MEDIUM: peers: Fix a peer stick-tables synchronization issue. + - MEDIUM: cli: register CLI keywords with cli_register_kw() + - BUILD: Make use of accept4() on OpenBSD. + - MINOR: tcp: make set-src/set-src-port and set-dst/set-dst-port commutative + - DOC: fix missed entry for "set-{src,dst}{,-port}" + - BUG/MINOR: vars: use sess and not s->sess in action_store() + - BUG/MINOR: vars: make smp_fetch_var() more robust against misuses + - BUG/MINOR: vars: smp_fetch_var() doesn't depend on HTTP but on the session + - MINOR: stats: output dcon + - CLEANUP: tcp rules: mention everywhere that tcp-conn rules are L4 + - MINOR: counters: add new fields for denied_sess + - MEDIUM: tcp: add registration and processing of TCP L5 rules + - MINOR: stats: emit dses + - DOC: document tcp-request session + - MINOR: ssl: add debug traces + - BUILD/CLEANUP: ssl: Check BIO_reset() return code + - BUG/MINOR: ssl: Check malloc return code + - BUG/MINOR: ssl: prevent multiple entries for the same certificate + - BUG/MINOR: systemd: make the wrapper return a non-null status code on error + - BUG/MINOR: systemd: always restore signals before execve() + - BUG/MINOR: systemd: check return value of calloc() + - MINOR: systemd: report it when execve() fails + - BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed + - MINOR: proxy: add 'served' field to proxy, equal to total of all servers' + - MINOR: backend: add hash-balance-factor option for hash-type consistent + - MINOR: server: compute a "cumulative weight" to allow chash balancing to hit its target + - MEDIUM: server: Implement bounded-load hash algorithm + - SCRIPTS: make git-show-backports also dump a "git show" command + - MINOR: build: Allow linking to device-atlas library file + - MINOR: stats: Escape equals sign on socket dump + +2016/08/14 : 1.7-dev4 + - MINOR: add list_append_word function + - MEDIUM: init: use list_append_word in haproxy.c + - MEDIUM: init: allow directory as argument of -f + - CLEANUP: config: detect double registration of a config section + - MINOR: log: add the %Td log-format specifier + - MEDIUM: filters: Move HTTP headers filtering in its own callback + - MINOR: filters: Simplify calls to analyzers using 2 new macros + - MEDIUM: filters: Add pre and post analyzer callbacks + - DOC: filters: Update the filters documentation accordingly to recent changes + - BUG/MEDIUM: init: don't use environment locale + - SCRIPTS: teach git-show-backports how to report upstream commits + - SCRIPTS: make git-show-backports capable of limiting its history + - BUG/MAJOR: fix listening IP address storage for frontends + - BUG/MINOR: fix listening IP address storage for frontends (cont) + - DOC: Fix typo so fetch is properly parsed by Cyril's converter + - BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes + - BUG/MEDIUM: stick-tables: fix breakage in table converters + - MINOR: stick-table: change all stick-table converters' inputs to SMP_T_ANY + - BUG/MEDIUM: dns: unbreak DNS resolver after header fix + - BUILD: fix build on Solaris 11 + - BUG/MEDIUM: config: fix multiple declaration of section parsers + - BUG/MEDIUM: stats: show servers state may show an servers from another backend + - BUG/MEDIUM: fix risk of segfault with "show tls-keys" + - MEDIUM: dumpstats: 'show tls-keys' is now able to show secrets + - DOC: update doc about tls-tickets-keys dump + - MEDIUM: tcp: add 'set-src' to 'tcp-request connection' + - MINOR: set the CO_FL_ADDR_FROM_SET flags with 'set-src' + - MEDIUM: tcp/http: add 'set-src-port' action + - MEDIUM: tcp/http: new set-dst/set-dst-port actions + - BUG/MEDIUM: sticktables: segfault in some configuration error cases + - BUILD/MEDIUM: rebuild everything when an include file is changed + - BUILD/MEDIUM: force a full rebuild if some build options change + - BUG/MEDIUM: lua: converters doesn't work + - BUG/MINOR: http: add-header: header name copied twice + - BUG/MEDIUM: http: add-header: buffer overwritten + - BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params() + - MINOR: stream: export the function 'smp_create_src_stkctr' + - BUG/MEDIUM: dumpstats: undefined behavior in stats_tlskeys_list() + - MEDIUM: dumpstats: make stats_tlskeys_list() yield-aware during tls-keys dump + - BUG/MINOR: http: url32+src should use the big endian version of url32 + - BUG/MINOR: http: url32+src should check cli_conn before using it + - DOC: http: add documentation for url32 and url32+src + - BUG/MINOR: fix http-response set-log-level parsing error + - MINOR: systemd: Use variable for config and pidfile paths + - MINOR: systemd: Perform sanity check on config before reload + - MEDIUM: ssl: support SNI filters with multicerts + - MINOR: ssl: crt-list parsing factor + - BUILD: ssl: fix typo causing a build failure in the multicert patch + - MINOR: listener: add the "accept-netscaler-cip" option to the "bind" keyword + - MINOR: tcp: add "tcp-request connection expect-netscaler-cip layer4" + - BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual limits + - BUG/MINOR: init: ensure that FD limit is raised to the max allowed + - BUG/MEDIUM: external-checks: close all FDs right after the fork() + - BUG/MAJOR: external-checks: use asynchronous signal delivery + - BUG/MINOR: external-checks: do not unblock undesired signals + - CLEANUP: external-check: don't block/unblock SIGCHLD when manipulating the list + - BUG/MEDIUM: filters: Fix data filtering when data are modified + - BUG/MINOR: filters: Fix HTTP parsing when a filter loops on data forwarding + - BUG/MINOR: srv-state: fix incorrect output of state file + - BUG/MINOR: ssl: close ssl key file on error + - BUG/MINOR: http: fix misleading error message for response captures + - BUG/BUILD: don't automatically run "make" on "make install" + - DOC: add missing doc for http-request deny [deny_status ] + - CLEANUP: dumpstats: u64 field is an unsigned type. + - BUG/MEDIUM: http: unbreak uri/header/url_param hashing + - BUG/MINOR: Rework slightly commit 9962f8fc to clean code and avoid mistakes + - MINOR: new function my_realloc2 = realloc + free upon failure + - CLEANUP: fixed some usages of realloc leading to memory leak + - Revert "BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()" + - CLEANUP: connection: using internal struct to hold source and dest port. + - DOC: spelling fixes + - BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params() + - BUG/MEDIUM: dns: fix alignment issues in the DNS response parser + - BUG/MINOR: Fix endiness issue in DNS header creation code + - BUG/MEDIUM: lua: the function txn_done() from sample fetches can crash + - BUG/MEDIUM: lua: the function txn_done() from action wrapper can crash + - MEDIUM: http: implement http-response track-sc* directive + - BUG/MINOR: peers: Fix peers data decoding issue + - BUG/MINOR: peers: don't count track-sc multiple times on errors + - MINOR: standard: add function "escape_string" + - BUG/MEDIUM: log: use function "escape_string" instead of "escape_chunk" + - MINOR: tcp: Return TCP statistics like RTT and RTT variance + - DOC: lua: remove old functions + - BUG/MEDIUM: lua: somme HTTP manipulation functions are called without valid requests + - DOC: fix json converter example and error message + - BUG/MEDIUM: stream-int: completely detach connection on connect error + - DOC: minor typo fixes to improve HTML parsing by haproxy-dconv + - BUILD: make proto_tcp.c compatible with musl library + - BUG/MAJOR: compression: initialize avail_in/next_in even during flush + - BUG/MEDIUM: samples: make smp_dup() always duplicate the sample + - MINOR: sample: implement smp_is_safe() and smp_make_safe() + - MINOR: sample: provide smp_is_rw() and smp_make_rw() + - BUG/MAJOR: server: the "sni" directive could randomly cause trouble + - BUG/MEDIUM: stick-tables: do not fail on string keys with no allocated size + - BUG/MEDIUM: stick-table: properly convert binary samples to keys + - MINOR: sample: use smp_make_rw() in upper/lower converters + - MINOR: tcp: add dst_is_local and src_is_local + - BUG/MINOR: peers: some updates are pushed twice after a resync. + - BUILD: protocol: fix some build errors on OpenBSD + - BUILD: log: iovec requires to include sys/uio.h on OpenBSD + - BUILD: tcp: do not include netinet/ip.h for IP_TTL + - BUILD: connection: fix build breakage on openbsd due to missing in_systm.h + - BUILD: checks: remove the last strcat and eliminate a warning on OpenBSD + - BUILD: tcp: define SOL_TCP when only IPPROTO_TCP exists + - BUILD: compression: remove a warning when no compression lib is used + - BUILD: poll: remove unused hap_fd_isset() which causes a warning with clang + - MINOR: tcp: add further tcp info fetchers + - BUG/MINOR: peers: empty chunks after a resync. + - BUG/MAJOR: stick-counters: possible crash when using sc_trackers with wrong table + - MINOR: standard.c: ipcmp() function to compare 2 IP addresses stored in 2 struct sockaddr_storage + - MINOR: standard.c: ipcpy() function to copy an IP address from a struct sockaddr_storage into an other one + - MAJOR: listen section: don't use first bind port anymore when no server ports are provided + +2016/05/10 : 1.7-dev3 + - MINOR: sample: Moves ARGS underlying type from 32 to 64 bits. + - BUG/MINOR: log: Don't use strftime() which can clobber timezone if chrooted + - BUILD: namespaces: fix a potential build warning in namespaces.c + - MINOR: da: Using ARG12 macro for the sample fetch and the convertor. + - DOC: add encoding to json converter example + - BUG/MINOR: conf: "listener id" expects integer, but its not checked + - DOC: Clarify tunes.vars.xxx-max-size settings + - CLEANUP: chunk: adding NULL check to chunk_dup allocation. + - CLEANUP: connection: fix double negation on memcmp() + - BUG/MEDIUM: peers: fix incorrect age in frequency counters + - BUG/MEDIUM: Fix RFC5077 resumption when more than TLS_TICKETS_NO are present + - BUG/MAJOR: Fix crash in http_get_fhdr with exactly MAX_HDR_HISTORY headers + - BUG/MINOR: lua: can't load external libraries + - BUG/MINOR: prevent the dump of uninitialized vars + - CLEANUP: map: it seems that the map were planed to be chained + - MINOR: lua: move class registration facilities + - MINOR: lua: remove some useless checks + - CLEANUP: lua: Remove two same functions + - MINOR: lua: refactor the Lua object registration + - MINOR: lua: precise message when a critical error is catched + - MINOR: lua: post initialization + - MINOR: lua: Add internal function which strip spaces + - MINOR: lua: convert field to lua type + - DOC: "addr" parameter applies to both health and agent checks + - DOC: timeout client: pointers to timeout http-request + - DOC: typo on stick-store response + - DOC: stick-table: amend paragraph blaming the loss of table upon reload + - DOC: typo: ACL subdir match + - DOC: typo: maxconn paragraph is wrong due to a wrong buffer size + - DOC: regsub: parser limitation about the inability to use closing square brackets + - DOC: typo: req.uri is now replaced by capture.req.uri + - DOC: name set-gpt0 mismatch with the expected keyword + - MINOR: http: sample fetch which returns unique-id + - MINOR: dumpstats: extract stats fields enum and names + - MINOR: dumpstats: split stats_dump_info_to_buffer() in two parts + - MINOR: dumpstats: split stats_dump_fe_stats() in two parts + - MINOR: dumpstats: split stats_dump_li_stats() in two parts + - MINOR: dumpstats: split stats_dump_sv_stats() in two parts + - MINOR: dumpstats: split stats_dump_be_stats() in two parts + - MINOR: lua: dump general info + - MINOR: lua: add class proxy + - MINOR: lua: add class server + - MINOR: lua: add class listener + - BUG/MEDIUM: stick-tables: some sample-fetch doesn't work in the connection state. + - MEDIUM: proxy: use dynamic allocation for error dumps + - CLEANUP: remove unneeded casts + - CLEANUP: uniformize last argument of malloc/calloc + - DOC: fix "needed" typo + - BUG/MINOR: dumpstats: fix write to global chunk + - BUG/MINOR: dns: inapropriate way out after a resolution timeout + - BUG/MINOR: dns: trigger a DNS query type change on resolution timeout + - CLEANUP: proto_http: few corrections for gcc warnings. + - BUG/MINOR: DNS: resolution structure change + - BUG/MINOR : allow to log cookie for tarpit and denied request + - BUG/MEDIUM: ssl: rewind the BIO when reading certificates + - OPTIM/MINOR: session: abort if possible before connecting to the backend + - DOC: http: rename the unique-id sample and add the documentation + - BUG/MEDIUM: trace.c: rdtsc() is defined in two files + - BUG/MEDIUM: channel: fix miscalculation of available buffer space (2nd try) + - BUG/MINOR: server: risk of over reading the pref_net array. + - BUG/MINOR: cfgparse: couple of small memory leaks. + - BUG/MEDIUM: sample: initialize the pointer before parse_binary call. + - DOC: fix discrepancy in the example for http-request redirect + - MINOR: acl: Add predefined METH_DELETE, METH_PUT + - CLEANUP: .gitignore cleanup + - DOC: Clarify IPv4 address / mask notation rules + - CLEANUP: fix inconsistency between fd->iocb, proto->accept and accept() + - BUG/MEDIUM: fix maxaccept computation on per-process listeners + - BUG/MINOR: listener: stop unbound listeners on startup + - BUG/MINOR: fix maxaccept computation according to the frontend process range + - TESTS: add blocksig.c to run tests with all signals blocked + - MEDIUM: unblock signals on startup. + - MINOR: filters: Print the list of existing filters during HA startup + - MINOR: filters: Typo in an error message + - MINOR: filters: Filters must define the callbacks struct during config parsing + - DOC: filters: Add filters documentation + - BUG/MEDIUM: channel: don't allow to overwrite the reserve until connected + - BUG/MEDIUM: channel: incorrect polling condition may delay event delivery + - BUG/MEDIUM: channel: fix miscalculation of available buffer space (3rd try) + - BUG/MEDIUM: log: fix risk of segfault when logging HTTP fields in TCP mode + - MINOR: Add ability for agent-check to set server maxconn + - CLEANUP: Use server_parse_maxconn_change_request for maxconn CLI updates + - MINOR: filters: add opaque data + - BUG/MEDIUM: lua: protects the upper boundary of the argument list for converters/fetches. + - MINOR: lua: migrate the argument mask to 64 bits type. + - BUG/MINOR: dumpstats: Fix the "Total bytes saved" counter in backends stats + - BUG/MINOR: log: fix a typo that would cause %HP to log + - BUG/MEDIUM: http: fix incorrect reporting of server errors + - MINOR: channel: add new function channel_congested() + - BUG/MEDIUM: http: fix risk of CPU spikes with pipelined requests from dead client + - BUG/MAJOR: channel: fix miscalculation of available buffer space (4th try) + - BUG/MEDIUM: stream: ensure the SI_FL_DONT_WAKE flag is properly cleared + - BUG/MEDIUM: channel: fix inconsistent handling of 4GB-1 transfers + - BUG/MEDIUM: stats: show servers state may show an empty or incomplete result + - BUG/MEDIUM: stats: show backend may show an empty or incomplete result + - MINOR: stats: fix typo in help messages + - MINOR: stats: show stat resolvers missing in the help message + - BUG/MINOR: dns: fix DNS header definition + - BUG/MEDIUM: dns: fix alignment issue when building DNS queries + - CLEANUP: don't ignore scripts in .gitignore + - BUILD: add a few release and backport scripts in scripts/ + +2016/03/14 : 1.7-dev2 + - DOC: lua: fix lua API + - DOC: mailers: typo in 'hostname' description + - DOC: compression: missing mention of libslz for compression algorithm + - BUILD/MINOR: regex: missing header + - BUG/MINOR: stream: bad return code + - DOC: lua: fix somme errors and add implicit types + - MINOR: lua: add set/get priv for applets + - BUG/MINOR: http: fix several off-by-one errors in the url_param parser + - BUG/MINOR: http: Be sure to process all the data received from a server + - MINOR: filters/http: Use a wrapper function instead of stream_int_retnclose + - BUG/MINOR: chunk: make chunk_dup() always check and set dst->size + - DOC: ssl: fixed some formatting errors in crt tag + - MINOR: chunks: ensure that chunk_strcpy() adds a trailing zero + - MINOR: chunks: add chunk_strcat() and chunk_newstr() + - MINOR: chunk: make chunk_initstr() take a const string + - MEDIUM: tools: add csv_enc_append() to preserve the original chunk + - MINOR: tools: make csv_enc_append() always start at the first byte of the chunk + - MINOR: lru: new function to delete least recently used keys + - DOC: add Ben Shillito as the maintainer of 51d + - BUG/MINOR: 51d: Ensures a unique domain for each configuration + - BUG/MINOR: 51d: Aligns Pattern cache implementation with HAProxy best practices. + - BUG/MINOR: 51d: Releases workset back to pool. + - BUG/MINOR: 51d: Aligned const pointers to changes in 51Degrees. + - CLEANUP: 51d: Aligned if statements with HAProxy best practices and removed casts from malloc. + - MINOR: rename master process name in -Ds (systemd mode) + - DOC: fix a few spelling mistakes + - DOC: fix "workaround" spelling + - BUG/MINOR: examples: Fixing haproxy.spec to remove references to .cfg files + - MINOR: fix the return type for dns_response_get_query_id() function + - MINOR: server state: missing LF (\n) on error message printed when parsing server state file + - BUG/MEDIUM: dns: no DNS resolution happens if no ports provided to the nameserver + - BUG/MAJOR: servers state: server port is erased when dns resolution is enabled on a server + - BUG/MEDIUM: servers state: server port is used uninitialized + - BUG/MEDIUM: config: Adding validation to stick-table expire value. + - BUG/MEDIUM: sample: http_date() doesn't provide the right day of the week + - BUG/MEDIUM: channel: fix miscalculation of available buffer space. + - MEDIUM: pools: add a new flag to avoid rounding pool size up + - BUG/MEDIUM: buffers: do not round up buffer size during allocation + - BUG/MINOR: stream: don't force retries if the server is DOWN + - BUG/MINOR: counters: make the sc-inc-gpc0 and sc-set-gpt0 touch the table + - MINOR: unix: don't mention free ports on EAGAIN + - BUG/CLEANUP: CLI: report the proper field states in "show sess" + - MINOR: stats: send content-length with the redirect to allow keep-alive + - BUG: stream_interface: Reuse connection even if the output channel is empty + - DOC: remove old tunnel mode assumptions + - BUG/MAJOR: http-reuse: fix risk of orphaned connections + - BUG/MEDIUM: http-reuse: do not share private connections across backends + - BUG/MINOR: ssl: Be sure to use unique serial for regenerated certificates + - BUG/MINOR: stats: fix missing comma in stats on agent drain + - MAJOR: filters: Add filters support + - MINOR: filters: Do not reset stream analyzers if the client is gone + - REORG: filters: Prepare creation of the HTTP compression filter + - MAJOR: filters/http: Rewrite the HTTP compression as a filter + - MEDIUM: filters: Use macros to call filters callbacks to speed-up processing + - MEDIUM: filters: remove http_start_chunk, http_last_chunk and http_chunk_end + - MEDIUM: filters: Replace filter_http_headers callback by an analyzer + - MEDIUM: filters/http: Move body parsing of HTTP messages in dedicated functions + - MINOR: filters: Add stream_filters structure to hide filters info + - MAJOR: filters: Require explicit registration to filter HTTP body and TCP data + - MINOR: filters: Remove unused or useless stuff and do small optimizations + - MEDIUM: filters: Optimize the HTTP compression for chunk encoded response + - MINOR: filters/http: Slightly update the parsing of chunks + - MINOR: filters/http: Forward remaining data when a channel has no "data" filters + - MINOR: filters: Add an filter example + - MINOR: filters: Extract proxy stuff from the struct filter + - MINOR: map: Add regex matching replacement + - BUG/MINOR: lua: unsafe initialization + - DOC: lua: fix somme errors + - MINOR: lua: file dedicated to unsafe functions + - MINOR: lua: add "now" time function + - MINOR: standard: add RFC HTTP date parser + - MINOR: lua: Add date functions + - MINOR: lua: move common function + - MINOR: lua: merge function + - MINOR: lua: Add concat class + - MINOR: standard: add function "escape_chunk" + - MEDIUM: log: add a new log format flag "E" + - DOC: add server name at rate-limit sessions example + - BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation + - BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation + - DOC: LUA: fix some typos and syntax errors + - MINOR: cli: add a new "show env" command + - MEDIUM: config: allow to manipulate environment variables in the global section + - MEDIUM: cfgparse: reject incorrect 'timeout retry' keyword spelling in resolvers + - MINOR: mailers: increase default timeout to 10 seconds + - MINOR: mailers: use for all line endings + - BUG/MAJOR: lua: segfault using Concat object + - DOC: lua: copyrights + - MINOR: common: mask conversion + - MEDIUM: dns: extract options + - MEDIUM: dns: add a "resolve-net" option which allow to prefer an ip in a network + - MINOR: mailers: make it possible to configure the connection timeout + - BUG/MAJOR: lua: applets can't sleep. + - BUG/MINOR: server: some prototypes are renamed + - BUG/MINOR: lua: Useless copy + - BUG/MEDIUM: stats: stats bind-process doesn't propagate the process mask correctly + - BUG/MINOR: server: fix the format of the warning on address change + - CLEANUP: server: add "const" to some message strings + - MINOR: server: generalize the "updater" source + - BUG/MEDIUM: chunks: always reject negative-length chunks + - BUG/MINOR: systemd: ensure we don't miss signals + - BUG/MINOR: systemd: report the correct signal in debug message output + - BUG/MINOR: systemd: propagate the correct signal to haproxy + - MINOR: systemd: ensure a reload doesn't mask a stop + - BUG/MEDIUM: cfgparse: wrong argument offset after parsing server "sni" keyword + - CLEANUP: stats: Avoid computation with uninitialized bits. + - CLEANUP: pattern: Ignore unknown samples in pat_match_ip(). + - CLEANUP: map: Avoid memory leak in out-of-memory condition. + - BUG/MINOR: tcpcheck: fix incorrect list usage resulting in failure to load certain configs + - BUG/MAJOR: samples: check smp->strm before using it + - MINOR: sample: add a new helper to initialize the owner of a sample + - MINOR: sample: always set a new sample's owner before evaluating it + - BUG/MAJOR: vars: always retrieve the stream and session from the sample + - CLEANUP: payload: remove useless and confusing nullity checks for channel buffer + - BUG/MINOR: ssl: fix usage of the various sample fetch functions + - MINOR: stats: create fields types suitable for all CSV output data + - MINOR: stats: add all the "show info" fields in a table + - MEDIUM: stats: fill all the show info elements prior to displaying them + - MINOR: stats: add a function to emit fields into a chunk + - MINOR: stats: add stats_dump_info_fields() to dump one field per line + - MEDIUM: stats: make use of stats_dump_info_fields() for "show info" + - MINOR: stats: add a declaration of all stats fields + - MINOR: stats: don't hard-code the CSV fields list anymore + - MINOR: stats: create stats fields storage and CSV dump function + - MEDIUM: stats: convert stats_dump_fe_stats() to use stats_dump_fields_csv() + - MEDIUM: stats: make stats_dump_fe_stats() use stats fields for HTML dump + - MEDIUM: stats: convert stats_dump_li_stats() to use stats_dump_fields_csv() + - MEDIUM: stats: make stats_dump_li_stats() use stats fields for HTML dump + - MEDIUM: stats: convert stats_dump_be_stats() to use stats_dump_fields_csv() + - MEDIUM: stats: make stats_dump_be_stats() use stats fields for HTML dump + - MEDIUM: stats: convert stats_dump_sv_stats() to use stats_dump_fields_csv() + - MEDIUM: stats: make stats_dump_sv_stats() use the stats field for HTML + - MEDIUM: stats: move the server state coloring logic to the server dump function + - MINOR: stats: do not use srv->admin & STATS_ADMF_MAINT in HTML dumps + - MINOR: stats: do not check srv->state for SRV_ST_STOPPED in HTML dumps + - MINOR: stats: make CSV report server check status only when enabled + - MINOR: stats: only report backend's down time if it has servers + - MINOR: stats: prepend '*' in front of the check status when in progress + - MINOR: stats: make HTML stats dump rely on the table for the check status + - MINOR: stats: add agent_status, agent_code, agent_duration to output + - MINOR: stats: add check_desc and agent_desc to the output fields + - MINOR: stats: add check and agent's health values in the output + - MEDIUM: stats: make the HTML server state dump use the CSV states + - MEDIUM: stats: only report observe errors when observe is set + - MEDIUM: stats: expose the same flags for CLI and HTTP accesses + - MEDIUM: stats: report server's address in the CSV output + - MEDIUM: stats: report the cookie value in the server & backend CSV dumps + - MEDIUM: stats: compute the color code only in the HTML form + - MEDIUM: stats: report the listeners' address in the CSV output + - MEDIUM: stats: make it possible to report the WAITING state for listeners + - REORG: stats: dump the frontend's HTML stats via a generic function + - REORG: stats: dump the socket stats via the generic function + - REORG: stats: dump the server stats via the generic function + - REORG: stats: dump the backend stats via the generic function + - MEDIUM: stats: add a new "mode" column to report the proxy mode + - MINOR: stats: report the load balancing algorithm in CSV output + - MINOR: stats: add 3 fields to report the frontend-specific connection stats + - MINOR: stats: report number of intercepted requests for frontend and backends + - MINOR: stats: introduce stats_dump_one_line() to dump one stats line + - CLEANUP: stats: make stats_dump_fields_html() not rely on proxy anymore + - MINOR: stats: add ST_SHOWADMIN to pass the admin info in the regular flags + - MINOR: stats: make stats_dump_fields_html() not use &trash by default + - MINOR: stats: add functions to emit typed fields into a chunk + - MEDIUM: stats: support "show info typed" on the CLI + - MEDIUM: stats: implement a typed output format for stats + - DOC: document the "show info typed" and "show stat typed" output formats + - MINOR: cfgparse: warn when uid parameter is not a number + - MINOR: cfgparse: warn when gid parameter is not a number + - BUG/MINOR: standard: Avoid free of non-allocated pointer + - BUG/MINOR: pattern: Avoid memory leak on out-of-memory condition + - CLEANUP: http: fix a build warning introduced by a recent fix + - BUG/MINOR: log: GMT offset not updated when entering/leaving DST + +2015/12/20 : 1.7-dev1 + - DOC: specify that stats socket doc (section 9.2) is in management + - BUILD: install only relevant and existing documentation + - CLEANUP: don't ignore debian/ directory if present + - BUG/MINOR: dns: parsing error of some DNS response + - BUG/MEDIUM: namespaces: don't fail if no namespace is used + - BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is disabled + - MEDIUM: dns: Don't use the ANY query type + - BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL < 1.0.0 + - DOC: fix a typo for a "deviceatlas" keyword + - FIX: small typo in an example using the "Referer" header + - MINOR: cli: ability to set per-server maxconn + - DEBUG/MINOR: memory: add a build option to disable memory pools sharing + - DEBUG/MEDIUM: memory: optionally protect free data in pools + - DEBUG/MEDIUM: memory: add optional control pool memory operations + - MEDIUM: memory: add accounting for failed allocations + - BUG/MEDIUM: config: count memory limits on 64 bits, not 32 + - BUG/MAJOR: dns: first DNS response packet not matching queried hostname may lead to a loop + - BUG/MINOR: dns: unable to parse CNAMEs response + - BUG/MINOR: examples/haproxy.init: missing brace in quiet_check() + - DOC: deviceatlas: more example use cases. + - MINOR: config: allow IPv6 bracketed literals + - BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin. + - BUILD: add Haiku as supported target. + - BUG/MAJOR: http: don't requeue an idle connection that is already queued + - DOC: typo on capture.res.hdr and capture.req.hdr + - BUG/MINOR: dns: check for duplicate nameserver id in a resolvers section was missing + - CLEANUP: use direction names in place of numeric values + - BUG/MEDIUM: lua: sample fetches based on response doesn't work + - MINOR: check: add agent-send server parameter + - BUG/MINOR: http rule: http capture 'id' rule points to a non existing id + - BUG/MINOR: server: check return value of fgets() in apply_server_state() + - BUG/MINOR: acl: don't use record layer in req_ssl_ver + - BUILD: freebsd: double declaration + - BUG/MEDIUM: lua: clean output buffer + - BUILD: check for libressl to be able to build against it + - DOC: lua-api/index.rst small example fixes, spelling correction. + - DOC: lua: architecture and first steps + - DOC: relation between timeout http-request and option http-buffer-request + - BUILD: Make deviceatlas require PCRE + - BUG: http: do not abort keep-alive connections on server timeout + - BUG/MEDIUM: http: switch the request channel to no-delay once done. + - BUG/MINOR: lua: don't force-sslv3 LUA's SSL socket + - BUILD/MINOR: http: proto_http.h needs sample.h + - BUG/MEDIUM: http: don't enable auto-close on the response side + - BUG/MEDIUM: stream: fix half-closed timeout handling + - CLEANUP: compression: don't allocate DEFAULT_MAXZLIBMEM without USE_ZLIB + - BUG/MEDIUM: cli: changing compression rate-limiting must require admin level + - BUG/MEDIUM: sample: urlp can't match an empty value + - BUILD: dumpstats: silencing warning for printf format specifier / time_t + - CLEANUP: proxy: calloc call inverted arguments + - MINOR: da: silent logging by default and displaying DeviceAtlas support if built. + - BUG/MEDIUM: da: stop DeviceAtlas processing in the convertor if there is no input. + - DOC: Edited 51Degrees section of README/ + - BUG/MEDIUM: checks: email-alert not working when declared in defaults + - BUG/MINOR: checks: email-alert causes a segfault when an unknown mailers section is configured + - BUG/MINOR: checks: typo in an email-alert error message + - BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and last rule is a CONNECT with no port + - BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and first rule(s) is (are) COMMENT + - BUG/MEDIUM: http: fix http-reuse when frontend and backend differ + - DOC: prefer using http-request/response over reqXXX/rspXXX directives + - CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro. + - MINOR: ssl: Added cert_key_and_chain struct + - MEDIUM: ssl: Added support for creating SSL_CTX with multiple certs + - MINOR: ssl: Added multi cert support for crt-list config keyword + - MEDIUM: ssl: Added multi cert support for loading crt directories + - MEDIUM: ssl: Added support for Multi-Cert OCSP Stapling + - BUILD: ssl: set SSL_SOCK_NUM_KEYTYPES with openssl < 1.0.2 + - MINOR: config: make tune.recv_enough configurable + - BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced + - DOC: ssl: Adding docs for Multi-Cert bundling + - BUG/MEDIUM: peers: table entries learned from a remote are pushed to others after a random delay. + - BUG/MEDIUM: peers: old stick table updates could be repushed. + - MINOR: lua: service/applet can have access to the HTTP headers when a POST is received + - REORG/MINOR: lua: convert boolean "int" to bitfield + - BUG/MEDIUM: lua: Lua applets must not fetch samples using http_txn + - BUG/MINOR: lua: Lua applets must not use http_txn + - BUG/MEDIUM: lua: Forbid HTTP applets from being called from tcp rulesets + - BUG/MAJOR: lua: Do not force the HTTP analysers in use-services + - CLEANUP: lua: bad error messages + - CONTRIB: initiate a debugging suite to make debugging easier + +2015/10/13 : 1.7-dev0 + - exact copy of 1.6.0 + +2015/10/13 : 1.6.0 + - BUG/MINOR: Handle interactive mode in cli handler + - DOC: global section missing parameters + - DOC: backend section missing parameters + - DOC: stats paramaters available in frontend + - MINOR: lru: do not allocate useless memory in lru64_lookup + - BUG/MINOR: http: Add OPTIONS in supported http methods (found by find_http_meth) + - BUG/MINOR: ssl: fix management of the cache where forged certificates are stored + - MINOR: ssl: Release Servers SSL context when HAProxy is shut down + - MINOR: ssl: Read the file used to generate certificates in any order + - MINOR: ssl: Add support for EC for the CA used to sign generated certificates + - MINOR: ssl: Add callbacks to set DH/ECDH params for generated certificates + - BUG/MEDIUM: logs: fix time zone offset format in RFC5424 + - BUILD: Fix the build on OSX (htonll/ntohll) + - BUILD: enable build on Linux/s390x + - BUG/MEDIUM: lua: direction test failed + - MINOR: lua: fix a spelling error in some error messages + - CLEANUP: cli: ensure we can never double-free error messages + - BUG/MEDIUM: lua: force server-close mode on Lua services + - MEDIUM: init: support more command line arguments after pid list + - MEDIUM: init: support a list of files on the command line + - MINOR: debug: enable memory poisonning to use byte 0 + - BUILD: ssl: fix build error introduced by recent commit + - BUG/MINOR: config: make the stats socket pass the correct proxy to the parsers + - MEDIUM: server: implement TCP_USER_TIMEOUT on the server + - DOC: mention the "namespace" options for bind and server lines + - DOC: add the "management" documentation + - DOC: move the stats socket documentation from config to management + - MINOR: examples: update haproxy.spec to mention new docs + - DOC: mention management.txt in README + - DOC: remove haproxy-{en,fr}.txt + - BUILD: properly report when USE_ZLIB and USE_SLZ are used together + - MINOR: init: report use of libslz instead of "no compression" + - CLEANUP: examples: remove some obsolete and confusing files + - CLEANUP: examples: remove obsolete configuration file samples + - CLEANUP: examples: fix the example file content-sw-sample.cfg + - CLEANUP: examples: update sample file option-http_proxy.cfg + - CLEANUP: examples: update sample file ssl.cfg + - CLEANUP: tests: move a test file from examples/ to tests/ + - CLEANUP: examples: shut up warnings in transparent proxy example + - CLEANUP: tests: removed completely obsolete test files + - DOC: update ROADMAP to remove what was done in 1.6 + - BUG/MEDIUM: pattern: fixup use_after_free in the pat_ref_delete_by_id + +2015/10/06 : 1.6-dev7 + - MINOR: cli: Dump all resolvers stats if no resolver section is given + - BUG: config: external-check command validation is checking for incorrect arguments. + - DOC: documentation format cleanups + - DOC: lua: few typos. + - BUG/MEDIUM: str2ip: make getaddrinfo() consider local address selection policy + - BUG/MEDIUM: logs: segfault writing to log from Lua + - DOC: fix lua use-service example + - MINOR: payload: add support for tls session ticket ext + - MINOR: lua: remove the run flag + - MEDIUM: lua: change the timeout execution + - MINOR: lua: rename the tune.lua.applet-timeout + - DOC: lua: update Lua doc + - DOC: lua: update doc according with the last Lua changes + - MINOR: http/tcp: fill the avalaible actions + - DOC: reorder misplaced res.ssl_hello_type in the doc + - BUG/MINOR: tcp: make silent-drop always force a TCP reset + - CLEANUP: tcp: silent-drop: only drain the connection when quick-ack is disabled + - BUILD: tcp: use IPPROTO_IP when SOL_IP is not available + - BUILD: server: fix build warnings introduced by load-server-state + - BUG/MEDIUM: server: fix misuse of format string in load-server-state's warnings + +2015/09/28 : 1.6-dev6 + - BUG/MAJOR: can't enable a server through the stat socket + - MINOR: server: Macro definition for server-state + - MINOR: cli: new stats socket command: show servers state + - DOC: stats socket command: show servers state + - MINOR: config: new global directive server-state-base + - DOC: global directive server-state-base + - MINOR: config: new global section directive: server-state-file + - DOC: new global directive: server-state-file + - MINOR: config: new backend directives: load-server-state-from-file and server-state-file-name + - DOC: load-server-state-from-file + - MINOR: init: server state loaded from file + - MINOR: server: startup slowstart task when using seamless reload of HAProxy + - MINOR: cli: new stats socket command: show backend + - DOC: servers state seamless reload example + - BUG: dns: can't connect UDP socket on FreeBSD + - MINOR: cfgparse: New function cfg_unregister_sections() + - MINOR: chunk: New function free_trash_buffers() + - BUG/MEDIUM: main: Freeing a bunch of static pointers + - MINOR: proto_http: Externalisation of previously internal functions + - MINOR: global: Few new struct fields for da module + - MAJOR: da: Update of the DeviceAtlas API module + - DOC: DeviceAtlas new keywords + - DOC: README: DeviceAtlas sample configuration updates + - MEDIUM: log: replace sendto() with sendmsg() in __send_log() + - MEDIUM: log: use a separate buffer for the header and for the message + - MEDIUM: logs: remove the hostname, tag and pid part from the logheader + - MEDIUM: logs: add support for RFC5424 header format per logger + - MEDIUM: logs: add a new RFC5424 log-format for the structured-data + - DOC: mention support for the RFC5424 syslog message format + - MEDIUM: logs: have global.log_send_hostname not contain the trailing space + - MEDIUM: logs: pass the trailing "\n" as an iovec + - BUG/MEDIUM: peers: some table updates are randomly not pushed. + - BUG/MEDIUM: peers: same table updates re-pushed after a re-connect + - BUG/MINOR: fct peer_prepare_ackmsg should not use trash. + - MINOR: http: made CHECK_HTTP_MESSAGE_FIRST accessible to other functions + - MINOR: global: Added new fields for 51Degrees device detection + - DOC: Added more explanation for 51Degrees V3.2 + - BUILD: Changed 51Degrees option to support V3.2 + - MAJOR: 51d: Upgraded to support 51Degrees V3.2 and new features + - MINOR: 51d: Improved string handling for LRU cache + - DOC: add references to rise/fall for the fastinter explanation + - MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD + - BUG/MAJOR: lua: potential unexpected aborts() + - BUG/MINOR: lua: breaks the log message if his size exceed one buffer + - MINOR: action: add private configuration + - MINOR: action: add reference to the original keywork matched for the called parser. + - MINOR: lua: change actions registration + - MEDIUM: proto_http: smp_prefetch_http initialize txn + - MINOR: channel: rename function chn_sess to chn_strm + - CLEANUP: lua: align defines + - MINOR: http: export http_get_path() function + - MINOR: http: export the get_reason() function + - MINOR: http: export function http_msg_analyzer() + - MINOR: http: split initialization + - MINOR: lua: reset pointer after use + - MINOR: lua: identify userdata objects + - MEDIUM: lua: use the function lua_rawset in place of lua_settable + - BUG/MAJOR: lua: segfault after the channel data is modified by some Lua action. + - CLEANUP: lua: use calloc in place of malloc + - BUG/MEDIUM: lua: longjmp function must be unregistered + - BUG/MEDIUM: lua: forces a garbage collection + - BUG/MEDIUM: lua: wakeup task on bad conditions + - MINOR: standard: avoid DNS resolution from the function str2sa_range() + - MINOR: lua: extend socket address to support non-IP families + - MINOR: lua/applet: the cosocket applet should use appctx_wakeup in place of task_wakeup + - BUG/MEDIUM: lua: socket destroy before reading pending data + - MEDIUM: lua: change the GC policy + - OPTIM/MEDIUM: lua: executes the garbage collector only when using cosocket + - BUG/MEDIUM: lua: don't reset undesired flags in hlua_ctx_resume + - MINOR: applet: add init function + - MINOR: applet: add an execution timeout + - MINOR: stream/applet: add use-service action + - MINOR: lua: add AppletTCP class and service + - MINOR: lua: add AppletHTTP class and service + - DOC: lua: some documentation update + - DOC: add the documentation about internal circular lists + - DOC: add a CONTRIBUTING file + - DOC: add a MAINTAINERS file + - BUG/MAJOR: peers: fix a crash when stopping peers on unbound processes + - DOC: update coding-style to reference checkpatch.pl + - BUG/MEDIUM: stick-tables: fix double-decrement of tracked entries + - BUG/MINOR: args: add name for ARGT_VAR + - DOC: add more entries to MAINTAINERS + - DOC: add more entries to MAINTAINERS + - CLEANUP: stream-int: remove obsolete function si_applet_call() + - BUG/MAJOR: cli: do not dereference strm_li()->proto->name + - BUG/MEDIUM: http: do not dereference strm_li(stream) + - BUG/MEDIUM: proxy: do not dereference strm_li(stream) + - BUG/MEDIUM: stream: do not dereference strm_li(stream) + - MINOR: stream-int: use si_release_endpoint() to close idle conns + - BUG/MEDIUM: payload: make req.payload and payload_lv aware of dynamic buffers + - BUG/MEDIUM: acl: always accept match "found" + - MINOR: applet: rename applet_runq to applet_active_queue + - BUG/MAJOR: applet: use a separate run queue to maintain list integrity + - MEDIUM: stream-int: split stream_int_update_conn() into si- and conn-specific parts + - MINOR: stream-int: implement a new stream_int_update() function + - MEDIUM: stream-int: factor out the stream update functions + - MEDIUM: stream-int: call stream_int_update() from si_update() + - MINOR: stream-int: export stream_int_update_* + - MINOR: stream-int: move the applet_pause call out of the stream updates + - MEDIUM: stream-int: clean up the conditions to enable reading in si_conn_wake_cb + - MINOR: stream-int: implement the stream_int_notify() function + - MEDIUM: stream-int: use the same stream notification function for applets and conns + - MEDIUM: stream-int: completely remove stream_int_update_embedded() + - MINOR: stream-int: rename si_applet_done() to si_applet_wake_cb() + - BUG/MEDIUM: applet: fix reporting of broken write situation + - BUG/MINOR: stats: do not call cli_release_handler 3 times + - BUG/MEDIUM: cli: properly handle closed output + - MINOR: cli: do not call the release handler on internal error. + - BUG/MEDIUM: stream-int: avoid double-call to applet->release + - DEBUG: add p_malloc() to return a poisonned memory area + - CLEANUP: lua: remove unneeded memset(0) after calloc() + - MINOR: lua: use the proper applet wakeup mechanism + - BUG/MEDIUM: lua: better fix for the protocol check + - BUG/MEDIUM: lua: properly set the target on the connection + - MEDIUM: actions: pass a new "flags" argument to custom actions + - MEDIUM: actions: add new flag ACT_FLAG_FINAL to notify about last call + - MEDIUM: http: pass ACT_FLAG_FINAL to custom actions + - MEDIUM: lua: only allow actions to yield if not in a final call + - DOC: clarify how to make use of abstract sockets in socat + - CLEANUP: config: make the errorloc/errorfile messages less confusing + - MEDIUM: action: add a new flag ACT_FLAG_FIRST + - BUG/MINOR: config: check that tune.bufsize is always positive + - MEDIUM: config: set tune.maxrewrite to 1024 by default + - DOC: add David Carlier as maintainer of da.c + - DOC: fix some broken unexpected unicode chars in the Lua doc. + - BUG/MEDIUM: proxy: ignore stopped peers + - BUG/MEDIUM: proxy: do not wake stopped proxies' tasks during soft_stop() + - MEDIUM: init: completely deallocate unused peers + - BUG/MEDIUM: tcp: fix inverted condition to call custom actions + - DOC: remove outdated actions lists on tcp-request/response + - MEDIUM: tcp: add new tcp action "silent-drop" + - DOC: add URLs to optional libraries in the README + +2015/09/14 : 1.6-dev5 + - MINOR: dns: dns_resolution structure update: time_t to unsigned int + - BUG/MEDIUM: dns: DNS resolution doesn't start + - BUG/MAJOR: dns: dns client resolution infinite loop + - MINOR: dns: coding style update + - MINOR: dns: new bitmasks to use against DNS flags + - MINOR: dns: dns_nameserver structure update: new counter for truncated response + - MINOR: dns: New DNS response analysis code: DNS_RESP_TRUNCATED + - MEDIUM: dns: handling of truncated response + - MINOR: DNS client query type failover management + - MINOR: dns: no expected DNS record type found + - MINOR: dns: new flag to report that no IP can be found in a DNS response packet + - BUG/MINOR: DNS request retry counter used for retry only + - DOC: DNS documentation updated + - MEDIUM: actions: remove ACTION_STOP + - BUG/MEDIUM: lua: outgoing connection was broken since 1.6-dev2 (bis) + - BUG/MINOR: lua: last log character truncated. + - CLEANUP: typo: bad indent + - CLEANUP: actions: missplaced includes + - MINOR: build: missing header + - CLEANUP: lua: Merge log functions + - BUG/MAJOR: http: don't manipulate the server connection if it's killed + - BUG/MINOR: http: remove stupid HTTP_METH_NONE entry + - BUG/MAJOR: http: don't call http_send_name_header() after an error + - MEDIUM: tools: make str2sa_range() optionally return the FQDN + - BUG/MINOR: tools: make str2sa_range() report unresolvable addresses + - BUG/MEDIUM: dns: use the correct server hostname when resolving + +2015/08/30 : 1.6-dev4 + - MINOR: log: Add log-format variable %HQ, to log HTTP query strings + - DOC: typo in 'redirect', 302 code meaning + - DOC: typos in tcp-check expect examples + - DOC: resolve-prefer default value and default-server update + - MINOR: DNS counters: increment valid counter + - BUG/MEDIUM: DNS resolution response parsing broken + - MINOR: server: add new SRV_ADMF_CMAINT flag + - MINOR: server SRV_ADMF_CMAINT flag doesn't imply SRV_ADMF_FMAINT + - BUG/MEDIUM: dns: wrong first time DNS resolution + - BUG/MEDIUM: lua: Lua tasks fail to start. + - BUILD: add USE_LUA to BUILD_OPTIONS when it's used + - DOC/MINOR: fix OpenBSD versions where haproxy works + - MINOR: 51d: unable to start haproxy without "51degrees-data-file" + - BUG/MEDIUM: peers: fix wrong message id on stick table updates acknowledgement. + - BUG/MAJOR: peers: fix current table pointer not re-initialized on session release. + - BUILD: ssl: Allow building against libssl without SSLv3. + - DOC: clarify some points about SSL and the proxy protocol + - DOC: mention support for RFC 5077 TLS Ticket extension in starter guide + - BUG/MEDIUM: mailer: DATA part must be terminated with . + - DOC: match several lua configuration option names to those implemented in code + - MINOR cfgparse: Correct the mailer warning text to show the right names to the user + - BUG/MINOR: ssl: TLS Ticket Key rotation broken via socket command + - MINOR: stream: initialize the current_rule field to NULL on stream init + - BUG/MEDIUM: lua: timeout error with converters, wrapper and actions. + - CLEANUP: proto_http: remove useless initialisation + - CLEANUP: http/tcp actions: remove the scope member + - BUG/MINOR: proto_tcp: custom action continue is ignored + - MINOR: proto_tcp: add session in the action prototype + - MINOR: vars: reduce the code size of some wrappers + - MINOR: Move http method enum from proto_http to sample + - MINOR: sample: Add ipv6 to ipv4 and sint to ipv6 casts + - MINOR: sample/proto_tcp: export "smp_fetch_src" + - MEDIUM: cli: rely on the map's output type instead of the sample type + - BUG/MEDIUM: stream: The stream doen't inherit SC from the session + - BUG/MEDIUM: vars: segfault during the configuration parsing + - BUG/MEDIUM: stick-tables: refcount error after copying SC for the session to the stream + - BUG/MEDIUM: lua: bad error processing + - MINOR: samples: rename a struct from sample_storage to sample_data + - MINOR: samples: rename some struct member from "smp" to "data" + - MEDIUM: samples: Use the "struct sample_data" in the "struct sample" + - MINOR: samples: extract the anonymous union and create the union sample_value + - MINOR: samples: rename union from "data" to "u" + - MEDIUM: 51degrees: Adapt the 51Degrees library + - MINOR: samples: data assignation simplification + - MEDIUM: pattern/map: Maps can returns various types + - MINOR: map: The map can return IPv4 and IPv6 + - MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs + - MINOR: actions: Remove the data opaque pointer + - MINOR: lua: use the hlua_rule type in place of opaque type + - MINOR: vars: use the vars types as argument in place of opaque type + - MINOR: proto_http: use an "expr" type in place of generic opaque type. + - MINOR: proto_http: replace generic opaque types by real used types for the actions on thr request line + - MINOR: proto_http: replace generic opaque types by real used types in "http_capture" + - MINOR: proto_http: replace generic opaque types by real used types in "http_capture" by id + - MEDIUM: track-sc: Move the track-sc configuration storage in the union + - MEDIUM: capture: Move the capture configuration storage in the union + - MINOR: actions: add "from" information + - MINOR: actions: remove the mark indicating the last entry in enum + - MINOR: actions: Declare all the embedded actions in the same header file + - MINOR: actions: change actions names + - MEDIUM: actions: Add standard return code for the action API + - MEDIUM: actions: Merge (http|tcp)-(request|reponse) keywords structs + - MINOR: proto_tcp: proto_tcp.h is now useles + - MINOR: actions: mutualise the action keyword lookup + - MEDIUM: actions: Normalize the return code of the configuration parsers + - MINOR: actions: Remove wrappers + - MAJOR: stick-tables: use sample types in place of dedicated types + - MEDIUM: stick-tables: use the sample type names + - MAJOR: stick-tables: remove key storage from the key struct + - MEDIUM: stick-tables: Add GPT0 in the stick tables + - MINOR: stick-tables: Add GPT0 access + - MINOR: stick-tables: Add GPC0 actions + - BUG/MEDIUM: lua: the lua fucntion Channel:close() causes a segfault + - DOC: ssl: missing LF + - MINOR: lua: add core.done() function + - DOC: fix function name + - BUG/MINOR: lua: in some case a sample may remain undefined + - DOC: fix "http_action_set_req_line()" comments + - MINOR: http: Action for manipulating the returned status code. + - MEDIUM: lua: turns txn:close into txn:done + - BUG/MEDIUM: lua: cannot process more Lua hooks after a "done()" function call + - BUILD: link with libdl if needed for Lua support + - CLEANUP: backend: factor out objt_server() in connect_server() + - MEDIUM: backend: don't call si_alloc_conn() when we reuse a valid connection + - MEDIUM: stream-int: simplify si_alloc_conn() + - MINOR: stream-int: add new function si_detach_endpoint() + - MINOR: server: add a list of private idle connections + - MINOR: connection: add a new list member in the connection struct + - MEDIUM: stream-int: queue idle connections at the server + - MINOR: stream-int: make si_idle_conn() only accept valid connections + - MINOR: server: add a list of already used idle connections + - MINOR: connection: add a new flag CO_FL_PRIVATE + - MINOR: config: add new setting "http-reuse" + - MAJOR: backend: initial work towards connection reuse + - MAJOR: backend: improve the connection reuse mechanism + - MEDIUM: backend: implement "http-reuse safe" + - MINOR: server: add a list of safe, already reused idle connections + - MEDIUM: backend: add the "http-reuse aggressive" strategy + - DOC: document the new http-reuse directive + - DOC: internals: document next steps for HTTP connection reuse + - DOC: mention that %ms is left-padded with zeroes. + - MINOR: init: indicate to check 'bind' lines when no listeners were found. + - MAJOR: http: remove references to appsession + - CLEANUP: config: remove appsession initialization + - CLEANUP: appsession: remove appsession.c and sessionhash.c + - CLEANUP: tests: remove sessionhash_test.c and test-cookie-appsess.cfg + - CLEANUP: proxy: remove last references to appsession + - CLEANUP: appsession: remove the last include files + - DOC: remove documentation about appsession + - CLEANUP: .gitignore: ignore more test files + - CLEANUP: .gitignore: finally ignore everything but what is known. + - MEDIUM: config: emit a warning on a frontend without listener + - DOC: add doc/internals/entities-v2.txt + - DOC: add doc/linux-syn-cookies.txt + - DOC: add design thoughts on HTTP/2 + - DOC: add some thoughts on connection sharing for HTTP/2 + - DOC: add design thoughts on dynamic buffer allocation + - BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 creates a missing entry + - DOC: add new file intro.txt + - MAJOR: tproxy: remove support for cttproxy + - BUG/MEDIUM: lua: outgoing connection was broken since 1.6-dev2 + - DOC: lua: replace txn:close with txn:done in lua-api + - DOC: intro: minor updates and fixes + - DOC: intro: fix too long line. + - DOC: fix example of http-request using ssl_fc_session_id + - BUG/MEDIUM: lua: txn:done() still causes a segfault in TCP mode + - CLEANUP: lua: fix some indent issues + - BUG/MEDIUM: lua: fix a segfault in txn:done() if called twice + - DOC: lua: mention than txn:close was renamed txn:done. + +2015/07/22 : 1.6-dev3 + - CLEANUP: sample: generalize sample_fetch_string() as sample_fetch_as_type() + - MEDIUM: http: Add new 'set-src' option to http-request + - DOC usesrc root privileges requirments + - BUG/MINOR: dns: wrong time unit for some DNS default parameters + - MINOR: proxy: bit field for proxy_find_best_match diff status + - MINOR: server: new server flag: SRV_F_FORCED_ID + - MINOR: server: server_find functions: id, name, best_match + - DOC: dns: fix chapters syntax + - BUILD/MINOR: tools: rename popcount to my_popcountl + - BUILD: add netbsd TARGET + - MEDIUM: 51Degrees code refactoring and cleanup + - MEDIUM: 51d: add LRU-based cache on User-Agent string detection + - DOC: add notes about the "51degrees-cache-size" parameter + - BUG/MEDIUM: 51d: possible incorrect operations on smp->data.str.str + - BUG/MAJOR: connection: fix TLV offset calculation for proxy protocol v2 parsing + - MINOR: Add sample fetch to detect Supported Elliptic Curves Extension + - BUG/MINOR: payload: Add volatile flag to smp_fetch_req_ssl_ec_ext + - BUG/MINOR: lua: type error in the arguments wrapper + - CLEANUP: vars: remove unused struct + - BUG/MINOR: http/sample: gmtime/localtime can fail + - MINOR: standard: add 64 bits conversion functions + - MAJOR: sample: converts uint and sint in 64 bits signed integer + - MAJOR: arg: converts uint and sint in sint + - MEDIUM: sample: switch to saturated arithmetic + - MINOR: vars: returns variable content + - MEDIUM: vars/sample: operators can use variables as parameter + - BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id + - BUILD/MINOR: lua: fix a harmless build warning + - BUILD/MINOR: stats: fix build warning due to condition always true + - BUG/MAJOR: lru: fix unconditional call to free due to unexpected semi-colon + - BUG/MEDIUM: logs: fix improper systematic use of quotes with a few tags + - BUILD/MINOR: lua: ensure that hlua_ctx_destroy is properly defined + - BUG/MEDIUM: lru: fix possible memory leak when ->free() is used + - MINOR: vars: make the accounting not depend on the stream + - MEDIUM: vars: move the session variables to the session, not the stream + - BUG/MEDIUM: vars: do not freeze the connection when the expression cannot be fetched + - BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data + - BUG/MAJOR: tcp: tcp rulesets were still broken + - MINOR: stats: improve compression stats reporting + - MINOR: ssl: make self-generated certs also work with raw IPv6 addresses + - CLEANUP: ssl: make ssl_sock_generated_cert_serial() take a const + - CLEANUP: ssl: make ssl_sock_generate_certificate() use ssl_sock_generated_cert_serial() + - BUG/MINOR: log: missing some ARGC_* entries in fmt_directives() + - MINOR: args: add new context for servers + - MINOR: stream: maintain consistence between channel_forward and HTTP forward + - MINOR: ssl: provide ia function to set the SNI extension on a connection + - MEDIUM: ssl: add sni support on the server lines + - CLEANUP: stream: remove a useless call to si_detach() + - CLEANUP: stream-int: fix a few outdated comments about stream_int_register_handler() + - CLEANUP: stream-int: remove stream_int_unregister_handler() and si_detach() + - MINOR: stream-int: only use si_release_endpoint() to release a connection + - MINOR: standard: provide htonll() and ntohll() + - CLEANUP/MINOR: dns: dns_str_to_dn_label() only needs a const char + - BUG/MAJOR: dns: fix the length of the string to be copied + +2015/06/17 : 1.6-dev2 + - BUG/MINOR: ssl: Display correct filename in error message + - MEDIUM: logs: Add HTTP request-line log format directives + - BUG/MEDIUM: check: tcpcheck regression introduced by e16c1b3f + - BUG/MINOR: check: fix tcpcheck error message + - MINOR: use an int instead of calling tcpcheck_get_step_id + - MINOR: tcpcheck_rule structure update + - MINOR: include comment in tcpcheck error log + - DOC: tcpcheck comment documentation + - MEDIUM: server: add support for changing a server's address + - MEDIUM: server: change server ip address from stats socket + - MEDIUM: protocol: add minimalist UDP protocol client + - MEDIUM: dns: implement a DNS resolver + - MAJOR: server: add DNS-based server name resolution + - DOC: server name resolution + proto DNS + - MINOR: dns: add DNS statistics + - MEDIUM: http: configurable http result codes for http-request deny + - BUILD: Compile clean when debug options defined + - MINOR: lru: Add the possibility to free data when an item is removed + - MINOR: lru: Add lru64_lookup function + - MEDIUM: ssl: Add options to forge SSL certificates + - MINOR: ssl: Export functions to manipulate generated certificates + - MEDIUM: config: add DeviceAtlas global keywords + - MEDIUM: global: add the DeviceAtlas required elements to struct global + - MEDIUM: sample: add the da-csv converter + - MEDIUM: init: DeviceAtlas initialization + - BUILD: Makefile: add options to build with DeviceAtlas + - DOC: README: explain how to build with DeviceAtlas + - BUG/MEDIUM: http: fix the url_param fetch + - BUG/MEDIUM: init: segfault if global._51d_property_names is not initialized + - MAJOR: peers: peers protocol version 2.0 + - MINOR: peers: avoid re-scheduling of pending stick-table's updates still not pushed. + - MEDIUM: peers: re-schedule stick-table's entry for sync when data is modified. + - MEDIUM: peers: support of any stick-table data-types for sync + - BUG/MAJOR: sample: regression on sample cast to stick table types. + - CLEANUP: deinit: remove codes for cleaning p->block_rules + - DOC: Fix L4TOUT typo in documentation + - DOC: set-log-level in Logging section preamble + - BUG/MEDIUM: compat: fix segfault on FreeBSD + - MEDIUM: check: include server address and port in the send-state header + - MEDIUM: backend: Allow redispatch on retry intervals + - MINOR: Add TLS ticket keys reference and use it in the listener struct + - MEDIUM: Add support for updating TLS ticket keys via socket + - DOC: Document new socket commands "show tls-keys" and "set ssl tls-key" + - MINOR: Add sample fetch which identifies if the SSL session has been resumed + - DOC: Update doc about weight, act and bck fields in the statistics + - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten + - MINOR: ssl: add a destructor to free allocated SSL ressources + - MEDIUM: ssl: add the possibility to use a global DH parameters file + - MEDIUM: ssl: replace standards DH groups with custom ones + - MEDIUM: stats: Add enum srv_stats_state + - MEDIUM: stats: Separate server state and colour in stats + - MEDIUM: stats: Only report drain state in stats if server has SRV_ADMF_DRAIN set + - MEDIUM: stats: Differentiate between DRAIN and DRAIN (agent) + - MEDIUM: Lower priority of email alerts for log-health-checks messages + - MEDIUM: Send email alerts when servers are marked as UP or enter the drain state + - MEDIUM: Document when email-alerts are sent + - BUG/MEDIUM: lua: bad argument number in analyser and in error message + - MEDIUM: lua: automatically converts strings in proxy, tables, server and ip + - BUG/MINOR: utf8: remove compilator warning + - MEDIUM: map: uses HAProxy facilities to store default value + - BUG/MINOR: lua: error in detection of mandatory arguments + - BUG/MINOR: lua: set current proxy as default value if it is possible + - BUG/MEDIUM: http: the action set-{method|path|query|uri} doesn't run. + - BUG/MEDIUM: lua: undetected infinite loop + - BUG/MAJOR: http: don't read past buffer's end in http_replace_value + - BUG/MEDIUM: http: the function "(req|res)-replace-value" doesn't respect the HTTP syntax + - MEDIUM/CLEANUP: http: rewrite and lighten http_transform_header() prototype + - BUILD: lua: it miss the '-ldl' directive + - MEDIUM: http: allows 'R' and 'S' in the protocol alphabet + - MINOR: http: split the function http_action_set_req_line() in two parts + - MINOR: http: split http_transform_header() function in two parts. + - MINOR: http: export function inet_set_tos() + - MINOR: lua: txn: add function set_(loglevel|tos|mark) + - MINOR: lua: create and register HTTP class + - DOC: lua: fix some typos + - MINOR: lua: add log functions + - BUG/MINOR: lua: Fix SSL initialisation + - DOC: lua: some fixes + - MINOR: lua: (req|res)_get_headers return more than one header value + - MINOR: lua: map system integration in Lua + - BUG/MEDIUM: http: functions set-{path,query,method,uri} breaks the HTTP parser + - MINOR: sample: add url_dec converter + - MEDIUM: sample: fill the struct sample with the session, proxy and stream pointers + - MEDIUM: sample change the prototype of sample-fetches and converters functions + - MINOR: sample: fill the struct sample with the options. + - MEDIUM: sample: change the prototype of sample-fetches functions + - MINOR: http: split the url_param in two parts + - CLEANUP: http: bad indentation + - MINOR: http: add body_param fetch + - MEDIUM: http: url-encoded parsing function can run throught wrapped buffer + - DOC: http: req.body_param documentation + - MINOR: proxy: custom capture declaration + - MINOR: capture: add two "capture" converters + - MEDIUM: capture: Allow capture with slot identifier + - MINOR: http: add array of generic pointers in http_res_rules + - MEDIUM: capture: adds http-response capture + - MINOR: common: escape CSV strings + - MEDIUM: stats: escape some strings in the CSV dump + - MINOR: tcp: add custom actions that can continue tcp-(request|response) processing + - MINOR: lua: Lua tcp action are not final action + - DOC: lua: schematics about lua socket organization + - BUG/MINOR: debug: display (null) in place of "meth" + - DOC: mention the "lua action" in documentation + - MINOR: standard: add function that converts signed int to a string + - BUG/MINOR: sample: wrong conversion of signed values + - MEDIUM: sample: Add type any + - MINOR: debug: add a special converter which display its input sample content. + - MINOR: tcp: increase the opaque data array + - MINOR: tcp/http/conf: extends the keyword registration options + - MINOR: build: fix build dependency + - MEDIUM: vars: adds support of variables + - MINOR: vars: adds get and set functions + - MINOR: lua: Variable access + - MINOR: samples: add samples which returns constants + - BUG/MINOR: vars/compil: fix some warnings + - BUILD: add 51degrees options to makefile. + - MINOR: global: add several 51Degrees members to global + - MINOR: config: add 51Degrees config parsing. + - MINOR: init: add 51Degrees initialisation code + - MEDIUM: sample: add fiftyone_degrees converter. + - MEDIUM: deinit: add cleanup for 51Degrees to deinit + - MEDIUM: sample: add trie support to 51Degrees + - DOC: add 51Degrees notes to configuration.txt. + - DOC: add build indications for 51Degrees to README. + - MEDIUM: cfgparse: introduce weak and strong quoting + - BUG/MEDIUM: cfgparse: incorrect memmove in quotes management + - MINOR: cfgparse: remove line size limitation + - MEDIUM: cfgparse: expand environment variables + - BUG/MINOR: cfgparse: fix typo in 'option httplog' error message + - BUG/MEDIUM: cfgparse: segfault when userlist is misused + - CLEANUP: cfgparse: remove reference to 'ruleset' section + - MEDIUM: cfgparse: check section maximum number of arguments + - MEDIUM: cfgparse: max arguments check in the global section + - MEDIUM: cfgparse: check max arguments in the proxies sections + - CLEANUP: stream-int: remove a redundant clearing of the linger_risk flag + - MINOR: connection: make conn_sock_shutw() actually perform the shutdown() call + - MINOR: stream-int: use conn_sock_shutw() to shutdown a connection + - MINOR: connection: perform the call to xprt->shutw() in conn_data_shutw() + - MEDIUM: stream-int: replace xprt->shutw calls with conn_data_shutw() + - MINOR: checks: use conn_data_shutw_hard() instead of call via xprt + - MINOR: connection: implement conn_sock_send() + - MEDIUM: stream-int: make conn_si_send_proxy() use conn_sock_send() + - MEDIUM: connection: make conn_drain() perform more controls + - REORG: connection: move conn_drain() to connection.c and rename it + - CLEANUP: stream-int: remove inclusion of fd.h that is not used anymore + - MEDIUM: channel: don't always set CF_WAKE_WRITE on bi_put* + - CLEANUP: lua: don't use si_ic/si_oc on known stream-ints + - BUG/MEDIUM: peers: correctly configure the client timeout + - MINOR: peers: centralize configuration of the peers frontend + - MINOR: proxy: store the default target into the frontend's configuration + - MEDIUM: stats: use frontend_accept() as the accept function + - MEDIUM: peers: use frontend_accept() instead of peer_accept() + - CLEANUP: listeners: remove unused timeout + - MEDIUM: listener: store the default target per listener + - BUILD: fix automatic inclusion of libdl. + - MEDIUM: lua: implement a simple memory allocator + - MEDIUM: compression: postpone buffer adjustments after compression + - MEDIUM: compression: don't send leading zeroes with chunk size + - BUG/MINOR: compression: consider the expansion factor in init + - MINOR: http: check the algo name "identity" instead of the function pointer + - CLEANUP: compression: statify all algo-specific functions + - MEDIUM: compression: add a distinction between UA- and config- algorithms + - MEDIUM: compression: add new "raw-deflate" compression algorithm + - MEDIUM: compression: split deflate_flush() into flush and finish + - CLEANUP: compression: remove unused reset functions + - MAJOR: compression: integrate support for libslz + - BUG/MEDIUM: http: hdr_cnt would not count any header when called without name + - BUG/MAJOR: http: null-terminate the http actions keywords list + - CLEANUP: lua: remove the unused hlua_sleep memory pool + - BUG/MAJOR: lua: use correct object size when initializing a new converter + - CLEANUP: lua: remove hard-coded sizeof() in object creations and mallocs + - CLEANUP: lua: fix confusing local variable naming in hlua_txn_new() + - CLEANUP: hlua: stop using variable name "s" alternately for hlua_txn and hlua_smp + - CLEANUP: lua: get rid of the last "*ht" for struct hlua_txn. + - CLEANUP: lua: rename last occurrences of "*s" to "*htxn" for hlua_txn + - CLEANUP: lua: rename variable "sc" for struct hlua_smp + - CLEANUP: lua: get rid of the last two "*hs" for hlua_smp + - REORG/MAJOR: session: rename the "session" entity to "stream" + - REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* + - MINOR: session: start to reintroduce struct session + - MEDIUM: stream: allocate the session when a stream is created + - MEDIUM: stream: move the listener's pointer to the session + - MEDIUM: stream: move the frontend's pointer to the session + - MINOR: session: add a pointer to the session's origin + - MEDIUM: session: use the pointer to the origin instead of s->si[0].end + - CLEANUP: sample: remove useless tests in fetch functions for l4 != NULL + - MEDIUM: http: move header captures from http_txn to struct stream + - MINOR: http: create a dedicated pool for http_txn + - MAJOR: http: move http_txn out of struct stream + - MAJOR: sample: don't pass l7 anymore to sample fetch functions + - CLEANUP: lua: remove unused hlua_smp->l7 and hlua_txn->l7 + - MEDIUM: http: remove the now useless http_txn from {req/res} rules + - CLEANUP: lua: don't pass http_txn anymore to hlua_request_act_wrapper() + - MAJOR: sample: pass a pointer to the session to each sample fetch function + - MINOR: stream: provide a few helpers to retrieve frontend, listener and origin + - CLEANUP: stream: don't set ->target to the incoming connection anymore + - MINOR: stream: move session initialization before the stream's + - MINOR: session: store the session's accept date + - MINOR: session: don't rely on s->logs.logwait in embryonic sessions + - MINOR: session: implement session_free() and use it everywhere + - MINOR: session: add stick counters to the struct session + - REORG: stktable: move the stkctr_* functions from stream to sticktable + - MEDIUM: streams: support looking up stkctr in the session + - MEDIUM: session: update the session's stick counters upon session_free() + - MEDIUM: proto_tcp: track the session's counters in the connection ruleset + - MAJOR: tcp: make tcp_exec_req_rules() only rely on the session + - MEDIUM: stream: don't call stream_store_counters() in kill_mini_session() nor session_accept() + - MEDIUM: stream: move all the session-specific stuff of stream_accept() earlier + - MAJOR: stream: don't initialize the stream anymore in stream_accept + - MEDIUM: session: remove the task pointer from the session + - REORG: session: move the session parts out of stream.c + - MINOR: stream-int: make appctx_new() take the applet in argument + - MEDIUM: peers: move the appctx initialization earlier + - MINOR: session: introduce session_new() + - MINOR: session: make use of session_new() when creating a new session + - MINOR: peers: make use of session_new() when creating a new session + - MEDIUM: peers: initialize the task before the stream + - MINOR: session: set the CO_FL_CONNECTED flag on the connection once ready + - CLEANUP: stream.c: do not re-attach the connection to the stream + - MEDIUM: stream: isolate connection-specific initialization code + - MEDIUM: stream: also accept appctx as origin in stream_accept_session() + - MEDIUM: peers: make use of stream_accept_session() + - MEDIUM: frontend: make ->accept only return +/-1 + - MEDIUM: stream: return the stream upon accept() + - MEDIUM: frontend: move some stream initialisation to stream_new() + - MEDIUM: frontend: move the fd-specific settings to session_accept_fd() + - MEDIUM: frontend: don't restrict frontend_accept() to connections anymore + - MEDIUM: frontend: move some remaining stream settings to stream_new() + - CLEANUP: frontend: remove one useless local variable + - MEDIUM: stream: don't rely on the session's listener anymore in stream_new() + - MEDIUM: lua: make use of stream_new() to create an outgoing connection + - MINOR: lua: minor cleanup in hlua_socket_new() + - MINOR: lua: no need for setting timeouts / conn_retries in hlua_socket_new() + - MINOR: peers: no need for setting timeouts / conn_retries in peer_session_create() + - CLEANUP: stream-int: swap stream-int and appctx declarations + - CLEANUP: namespaces: fix protection against multiple inclusions + - MINOR: session: maintain the session count stats in the session, not the stream + - MEDIUM: session: adjust the connection flags before stream_new() + - MINOR: stream: pass the pointer to the origin explicitly to stream_new() + - CLEANUP: poll: move the conditions for waiting out of the poll functions + - BUG/MEDIUM: listener: don't report an error when resuming unbound listeners + - BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only + - BUG/MAJOR: tcp/http: fix current_rule assignment when restarting over a ruleset + - BUG/MEDIUM: stream-int: always reset si->ops when si->end is nullified + - DOC: update the entities diagrams + - BUG/MEDIUM: http: properly retrieve the front connection + - MINOR: applet: add a new "owner" pointer in the appctx + - MEDIUM: applet: make the applet not depend on a stream interface anymore + - REORG: applet: move the applet definitions out of stream_interface + - CLEANUP: applet: rename struct si_applet to applet + - REORG: stream-int: create si_applet_ops dedicated to applets + - MEDIUM: applet: add basic support for an applet run queue + - MEDIUM: applet: implement a run queue for active appctx + - MEDIUM: stream-int: add a new function si_applet_done() + - MAJOR: applet: now call si_applet_done() instead of si_update() in I/O handlers + - MAJOR: stream: use a regular ->update for all stream interfaces + - MEDIUM: dumpstats: don't unregister the applet anymore + - MEDIUM: applet: centralize the call to si_applet_done() in the I/O handler + - MAJOR: stream: do not allocate request buffers anymore when the left side is an applet + - MINOR: stream-int: add two flags to indicate an applet's wishes regarding I/O + - MEDIUM: applet: make the applets only use si_applet_{cant|want|stop}_{get|put} + - MEDIUM: stream-int: pause the appctx if the task is woken up + - BUG/MAJOR: tcp: only call registered actions when they're registered + - BUG/MEDIUM: peers: fix applet scheduling + - BUG/MEDIUM: peers: recent applet changes broke peers updates scheduling + - MINOR: tools: provide an rdtsc() function for time comparisons + - IMPORT: lru: import simple ebtree-based LRU functions + - IMPORT: hash: import xxhash-r39 + - MEDIUM: pattern: add a revision to all pattern expressions + - MAJOR: pattern: add LRU-based cache on pattern matching + - BUG/MEDIUM: http: remove content-length from chunked messages + - DOC: http: update the comments about the rules for determining transfer-length + - BUG/MEDIUM: http: do not restrict parsing of transfer-encoding to HTTP/1.1 + - BUG/MEDIUM: http: incorrect transfer-coding in the request is a bad request + - BUG/MEDIUM: http: remove content-length form responses with bad transfer-encoding + - MEDIUM: http: restrict the HTTP version token to 1 digit as per RFC7230 + - MEDIUM: http: disable support for HTTP/0.9 by default + - MEDIUM: http: add option-ignore-probes to get rid of the floods of 408 + - BUG/MINOR: config: clear proxy->table.peers.p for disabled proxies + - MEDIUM: init: don't stop proxies in parent process when exiting + - MINOR: stick-table: don't attach to peers in stopped state + - MEDIUM: config: initialize stick-tables after peers, not before + - MEDIUM: peers: add the ability to disable a peers section + - MINOR: peers: store the pointer to the signal handler + - MEDIUM: peers: unregister peers that were never started + - MEDIUM: config: propagate the table's process list to the peers sections + - MEDIUM: init: stop any peers section not bound to the correct process + - MEDIUM: config: validate that peers sections are bound to exactly one process + - MAJOR: peers: allow peers section to be used with nbproc > 1 + - DOC: relax the peers restriction to single-process + - DOC: document option http-ignore-probes + - DOC: fix the comments about the meaning of msg->sol in HTTP + - BUG/MEDIUM: http: wait for the exact amount of body bytes in wait_for_request_body + - BUG/MAJOR: http: prevent risk of reading past end with balance url_param + - MEDIUM: stream: move HTTP request body analyser before process_common + - MEDIUM: http: add a new option http-buffer-request + - MEDIUM: http: provide 3 fetches for the body + - DOC: update the doc on the proxy protocol + - BUILD: pattern: fix build warnings introduced in the LRU cache + - BUG/MEDIUM: stats: properly initialize the scope before dumping stats + - CLEANUP: config: fix misleading information in error message. + - MINOR: config: report the number of processes using a peers section in the error case + - BUG/MEDIUM: config: properly compute the default number of processes for a proxy + - MEDIUM: http: add new "capture" action for http-request + - BUG/MEDIUM: http: fix the http-request capture parser + - BUG/MEDIUM: http: don't forward client shutdown without NOLINGER except for tunnels + - BUILD/MINOR: ssl: fix build failure introduced by recent patch + - BUG/MAJOR: check: fix breakage of inverted tcp-check rules + - CLEANUP: checks: fix double usage of cur / current_step in tcp-checks + - BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end + - CLEANUP: checks: simplify the loop processing of tcp-checks + - BUG/MAJOR: checks: always check for end of list before proceeding + - BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct + - BUG/MAJOR: checks: break infinite loops when tcp-checks starts with comment + - MEDIUM: http: make url_param iterate over multiple occurrences + - BUG/MEDIUM: peers: apply a random reconnection timeout + - MEDIUM: config: reject invalid config with name duplicates + - MEDIUM: config: reject conflicts in table names + - CLEANUP: proxy: make the proxy lookup functions more user-friendly + - MINOR: proxy: simply ignore duplicates in proxy name lookups + - MINOR: config: don't open-code proxy name lookups + - MEDIUM: config: clarify the conflicting modes detection for backend rules + - CLEANUP: proxy: remove now unused function findproxy_mode() + - MEDIUM: stick-table: remove the now duplicate find_stktable() function + - MAJOR: config: remove the deprecated reqsetbe / reqisetbe actions + - MINOR: proxy: add a new function proxy_find_by_id() + - MINOR: proxy: add a flag to memorize that the proxy's ID was forced + - MEDIUM: proxy: add a new proxy_find_best_match() function + - CLEANUP: http: explicitly reference request in http_apply_redirect_rules() + - MINOR: http: prepare support for parsing redirect actions on responses + - MEDIUM: http: implement http-response redirect rules + - MEDIUM: http: no need to close the request on redirect if data was parsed + - BUG/MEDIUM: http: fix body processing for the stats applet + - BUG/MINOR: da: fix log-level comparison to emove annoying warning + - CLEANUP: global: remove one ifdef USE_DEVICEATLAS + - CLEANUP: da: move the converter registration to da.c + - CLEANUP: da: register the config keywords in da.c + - CLEANUP: adjust the envelope name in da.h to reflect the file name + - CLEANUP: da: remove ifdef USE_DEVICEATLAS from da.c + - BUILD: make 51D easier to build by defaulting to 51DEGREES_SRC + - BUILD: fix build warning when not using 51degrees + - BUILD: make DeviceAtlas easier to build by defaulting to DEVICEATLAS_SRC + - BUILD: ssl: fix recent build breakage on older SSL libs + +2015/03/11 : 1.6-dev1 + - CLEANUP: extract temporary $CFG to eliminate duplication + - CLEANUP: extract temporary $BIN to eliminate duplication + - CLEANUP: extract temporary $PIDFILE to eliminate duplication + - CLEANUP: extract temporary $LOCKFILE to eliminate duplication + - CLEANUP: extract quiet_check() to avoid duplication + - BUG/MINOR: don't start haproxy on reload + - DOC: Address issue where documentation is excluded due to a gitignore rule. + - BUG/MEDIUM: systemd: set KillMode to 'mixed' + - BUILD: fix "make install" to support spaces in the install dirs + - BUG/MINOR: config: http-request replace-header arg typo + - BUG: config: error in http-response replace-header number of arguments + - DOC: missing track-sc* in http-request rules + - BUILD: lua: missing ifdef related to SSL when enabling LUA + - BUG/MEDIUM: regex: fix pcre_study error handling + - MEDIUM: regex: Use pcre_study always when PCRE is used, regardless of JIT + - BUG/MINOR: Fix search for -p argument in systemd wrapper. + - MEDIUM: Improve signal handling in systemd wrapper. + - DOC: fix typo in Unix Socket commands + - BUG/MEDIUM: checks: external checks can't change server status to UP + - BUG/MEDIUM: checks: segfault with external checks in a backend section + - BUG/MINOR: checks: external checks shouldn't wait for timeout to return the result + - BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm + - BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported + - BUG/MINOR: config: don't propagate process binding for dynamic use_backend + - BUG/MINOR: log: fix request flags when keep-alive is enabled + - BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks + - MINOR: checks: allow external checks in backend sections + - MEDIUM: checks: provide environment variables to the external checks + - MINOR: checks: update dynamic environment variables in external checks + - DOC: checks: environment variables used by "external-check command" + - BUG/MEDIUM: backend: correctly detect the domain when use_domain_only is used + - MINOR: ssl: load certificates in alphabetical order + - BUG/MINOR: checks: prevent http keep-alive with http-check expect + - MINOR: lua: typo in an error message + - MINOR: report the Lua version in -vv + - MINOR: lua: add a compilation error message when compiled with an incompatible version + - BUG/MEDIUM: lua: segfault when calling haproxy sample fetches from lua + - BUILD: try to automatically detect the Lua library name + - BUILD/CLEANUP: systemd: avoid a warning due to mixed code and declaration + - BUG/MEDIUM: backend: Update hash to use unsigned int throughout + - BUG/MEDIUM: connection: fix memory corruption when building a proxy v2 header + - MEDIUM: connection: add new bit in Proxy Protocol V2 + - BUG/MINOR: ssl: rejects OCSP response without nextupdate. + - BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses. + - BUG/MINOR: ssl: Fix OCSP resp update fails with the same certificate configured twice. + - BUG/MINOR: ssl: Fix external function in order not to return a pointer on an internal trash buffer. + - MINOR: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER formatted certs + - MINOR: ssl: add statement to force some ssl options in global. + - BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates + - BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM. + - BUG/MINOR: samples: fix unnecessary memcopy converting binary to string. + - MINOR: samples: adds the bytes converter. + - MINOR: samples: adds the field converter. + - MINOR: samples: add the word converter. + - BUG/MINOR: server: move the directive #endif to the end of file + - BUG/MAJOR: buffer: check the space left is enough or not when input data in a buffer is wrapped + - DOC: fix a few typos + - CLEANUP: epoll: epoll_events should be allocated according to global.tune.maxpollevents + - BUG/MINOR: http: fix typo: "401 Unauthorized" => "407 Unauthorized" + - BUG/MINOR: parse: refer curproxy instead of proxy + - BUG/MINOR: parse: check the validity of size string in a more strict way + - BUILD: add new target 'make uninstall' to support uninstalling haproxy from OS + - DOC: expand the docs for the provided stats. + - BUG/MEDIUM: unix: do not unlink() abstract namespace sockets upon failure. + - MEDIUM: ssl: Certificate Transparency support + - MEDIUM: stats: proxied stats admin forms fix + - MEDIUM: http: Compress HTTP responses with status codes 201,202,203 in addition to 200 + - BUG/MEDIUM: connection: sanitize PPv2 header length before parsing address information + - MAJOR: namespace: add Linux network namespace support + - MINOR: systemd: Check configuration before start + - BUILD: ssl: handle boringssl in openssl version detection + - BUILD: ssl: disable OCSP when using boringssl + - BUILD: ssl: don't call get_rfc2409_prime when using boringssl + - MINOR: ssl: don't use boringssl's cipher_list + - BUILD: ssl: use OPENSSL_NO_OCSP to detect OCSP support + - MINOR: stats: fix minor typo in HTML page + - MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper + - MEDIUM: Add support for configurable TLS ticket keys + - DOC: Document the new tls-ticket-keys bind keyword + - DOC: clearly state that the "show sess" output format is not fixed + - MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer() + - DOC: httplog does not support 'no' + - BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange + - MINOR: ssl: use SSL_get_ciphers() instead of directly accessing the cipher list. + - BUG/MEDIUM: Consistently use 'check' in process_chk + - MEDIUM: Add external check + - BUG/MEDIUM: Do not set agent health to zero if server is disabled in config + - MEDIUM/BUG: Only explicitly report "DOWN (agent)" if the agent health is zero + - MEDIUM: Remove connect_chk + - MEDIUM: Refactor init_check and move to checks.c + - MEDIUM: Add free_check() helper + - MEDIUM: Move proto and addr fields struct check + - MEDIUM: Attach tcpcheck_rules to check + - MEDIUM: Add parsing of mailers section + - MEDIUM: Allow configuration of email alerts + - MEDIUM: Support sending email alerts + - DOC: Document email alerts + - MINOR: Remove trailing '.' from email alert messages + - MEDIUM: Allow suppression of email alerts by log level + - BUG/MEDIUM: Do not consider an agent check as failed on L7 error + - MINOR: deinit: fix memory leak + - MINOR: http: export the function 'smp_fetch_base32' + - BUG/MEDIUM: http: tarpit timeout is reset + - MINOR: sample: add "json" converter + - BUG/MEDIUM: pattern: don't load more than once a pattern list. + - MINOR: map/acl/dumpstats: remove the "Done." message + - BUG/MAJOR: ns: HAProxy segfault if the cli_conn is not from a network connection + - BUG/MINOR: pattern: error message missing + - BUG/MEDIUM: pattern: some entries are not deleted with case insensitive match + - BUG/MINOR: ARG6 and ARG7 don't fit in a 32 bits word + - MAJOR: poll: only rely on wake_expired_tasks() to compute the wait delay + - MEDIUM: task: call session analyzers if the task is woken by a message. + - MEDIUM: protocol: automatically pick the proto associated to the connection. + - MEDIUM: channel: wake up any request analyzer on response activity + - MINOR: converters: add a "void *private" argument to converters + - MINOR: converters: give the session pointer as converter argument + - MINOR: sample: add private argument to the struct sample_fetch + - MINOR: global: export function and permits to not resolve DNS names + - MINOR: sample: add function for browsing samples. + - MINOR: global: export many symbols. + - MINOR: includes: fix a lot of missing or useless includes + - MEDIUM: tcp: add register keyword system. + - MEDIUM: buffer: make bo_putblk/bo_putstr/bo_putchk return the number of bytes copied. + - MEDIUM: http: change the code returned by the response processing rule functions + - MEDIUM: http/tcp: permit to resume http and tcp custom actions + - MINOR: channel: functions to get data from a buffer without copy + - MEDIUM: lua: lua integration in the build and init system. + - MINOR: lua: add ease functions + - MINOR: lua: add runtime execution context + - MEDIUM: lua: "com" signals + - MINOR: lua: add the configuration directive "lua-load" + - MINOR: lua: core: create "core" class and object + - MINOR: lua: post initialisation bindings + - MEDIUM: lua: add coroutine as tasks. + - MINOR: lua: add sample and args type converters + - MINOR: lua: txn: create class TXN associated with the transaction. + - MINOR: lua: add shared context in the lua stack + - MINOR: lua: txn: import existing sample-fetches in the class TXN + - MINOR: lua: txn: add lua function in TXN that returns an array of http headers + - MINOR: lua: register and execute sample-fetches in LUA + - MINOR: lua: register and execute converters in LUA + - MINOR: lua: add bindings for tcp and http actions + - MINOR: lua: core: add sleep functions + - MEDIUM: lua: socket: add "socket" class for TCP I/O + - MINOR: lua: core: pattern and acl manipulation + - MINOR: lua: channel: add "channel" class + - MINOR: lua: txn: object "txn" provides two objects "channel" + - MINOR: lua: core: can set the nice of the current task + - MINOR: lua: core: can yield an execution stack + - MINOR: lua: txn: add binding for closing the client connection. + - MEDIUM: lua: Lua initialisation "on demand" + - BUG/MAJOR: lua: send function fails and return bad bytes + - MINOR: remove unused declaration. + - MINOR: lua: remove some #define + - MINOR: lua: use bitfield and macro in place of integer and enum + - MINOR: lua: set skeleton for Lua execution expiration + - MEDIUM: lua: each yielding function returns a wake up time. + - MINOR: lua: adds "forced yield" flag + - MEDIUM: lua: interrupt the Lua execution for running other process + - MEDIUM: lua: change the sleep function core + - BUG/MEDIUM: lua: the execution timeout is ignored in yield case + - DOC: lua: Lua configuration documentation + - MINOR: lua: add the struct session in the lua channel struct + - BUG/MINOR: lua: set buffer if it is nnot avalaible. + - BUG/MEDIUM: lua: reset flags before resuming execution + - BUG/MEDIUM: lua: fix infinite loop about channel + - BUG/MEDIUM: lua: the Lua process is not waked up after sending data on requests side + - BUG/MEDIUM: lua: many errors when we try to send data with the channel API + - MEDIUM: lua: use the Lua-5.3 version of the library + - BUG/MAJOR: lua: some function are not yieldable, the forced yield causes errors + - BUG/MEDIUM: lua: can't handle the response bytes + - BUG/MEDIUM: lua: segfault with buffer_replace2 + - BUG/MINOR: lua: check buffers before initializing socket + - BUG/MINOR: log: segfault if there are no proxy reference + - BUG/MEDIUM: lua: sockets don't have buffer to write data + - BUG/MEDIUM: lua: cannot connect socket + - BUG/MINOR: lua: sockets receive behavior doesn't follows the specs + - BUG/BUILD: lua: The strict Lua 5.3 version check is not done. + - BUG/MEDIUM: buffer: one byte miss in buffer free space check + - MEDIUM: lua: make the functions hlua_gethlua() and hlua_sethlua() faster + - MINOR: replace the Core object by a simple model. + - MEDIUM: lua: change the objects configuration + - MEDIUM: lua: create a namespace for the fetches + - MINOR: converters: add function to browse converters + - MINOR: lua: wrapper for converters + - MINOR: lua: replace function (req|get)_channel by a variable + - MINOR: lua: fetches and converters can return an empty string in place of nil + - DOC: lua api + - BUG/MEDIUM: sample: fix random number upper-bound + - BUG/MINOR: stats:Fix incorrect printf type. + - BUG/MAJOR: session: revert all the crappy client-side timeout changes + - BUG/MINOR: logs: properly initialize and count log sockets + - BUG/MEDIUM: http: fetch "base" is not compatible with set-header + - BUG/MINOR: counters: do not untrack counters before logging + - BUG/MAJOR: sample: correctly reinitialize sample fetch context before calling sample_process() + - MINOR: stick-table: make stktable_fetch_key() indicate why it failed + - BUG/MEDIUM: counters: fix track-sc* to wait on unstable contents + - BUILD: remove TODO from the spec file and add README + - MINOR: log: make MAX_SYSLOG_LEN overridable at build time + - MEDIUM: log: support a user-configurable max log line length + - DOC: provide an example of how to use ssl_c_sha1 + - BUILD: checks: external checker needs signal.h + - BUILD: checks: kill a minor warning on Solaris in external checks + - BUILD: http: fix isdigit & isspace warnings on Solaris + - BUG/MINOR: listener: set the listener's fd to -1 after deletion + - BUG/MEDIUM: unix: failed abstract socket binding is retryable + - MEDIUM: listener: implement a per-protocol pause() function + - MEDIUM: listener: support rebinding during resume() + - BUG/MEDIUM: unix: completely unbind abstract sockets during a pause() + - DOC: explicitly mention the limits of abstract namespace sockets + - DOC: minor fix on {sc,src}_kbytes_{in,out} + - DOC: fix alphabetical sort of converters + - MEDIUM: stick-table: implement lookup from a sample fetch + - MEDIUM: stick-table: add new converters to fetch table data + - MINOR: samples: add two converters for the date format + - BUG/MAJOR: http: correctly rewind the request body after start of forwarding + - DOC: remove references to CPU=native in the README + - DOC: mention that "compression offload" is ignored in defaults section + - DOC: mention that Squid correctly responds 400 to PPv2 header + - BUILD: fix dependencies between config and compat.h + - MINOR: session: export the function 'smp_fetch_sc_stkctr' + - MEDIUM: stick-table: make it easier to register extra data types + - BUG/MINOR: http: base32+src should use the big endian version of base32 + - MINOR: sample: allow IP address to cast to binary + - MINOR: sample: add new converters to hash input + - MINOR: sample: allow integers to cast to binary + - BUILD: report commit ID in git versions as well + - CLEANUP: session: move the stick counters declarations to stick_table.h + - MEDIUM: http: add the track-sc* actions to http-request rules + - BUG/MEDIUM: connection: fix proxy v2 header again! + - BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc* + - OPTIM/MINOR: proxy: reduce struct proxy by 48 bytes on 64-bit archs + - MINOR: log: add a new field "%lc" to implement a per-frontend log counter + - BUG/MEDIUM: http: fix inverted condition in pat_match_meth() + - BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs + - BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg() + - BUG/MEDIUM: acl: correctly compute the output type when a converter is used + - CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix + - BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer + - MEDIUM: http: enable header manipulation for 101 responses + - BUG/MEDIUM: config: propagate frontend to backend process binding again. + - MEDIUM: config: properly propagate process binding between proxies + - MEDIUM: config: make the frontends automatically bind to the listeners' processes + - MEDIUM: config: compute the exact bind-process before listener's maxaccept + - MEDIUM: config: only warn if stats are attached to multi-process bind directives + - MEDIUM: config: report it when tcp-request rules are misplaced + - DOC: indicate in the doc that track-sc* can wait if data are missing + - MINOR: config: detect the case where a tcp-request content rule has no inspect-delay + - MEDIUM: systemd-wrapper: support multiple executable versions and names + - BUG/MEDIUM: remove debugging code from systemd-wrapper + - BUG/MEDIUM: http: adjust close mode when switching to backend + - BUG/MINOR: config: don't propagate process binding on fatal errors. + - BUG/MEDIUM: check: rule-less tcp-check must detect connect failures + - BUG/MINOR: tcp-check: report the correct failed step in the status + - DOC: indicate that weight zero is reported as DRAIN + - BUG/MEDIUM: config: avoid skipping disabled proxies + - BUG/MINOR: config: do not accept more track-sc than configured + - BUG/MEDIUM: backend: fix URI hash when a query string is present + - BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR + - BUG/MAJOR: cli: explicitly call cli_release_handler() upon error + - BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol + - BUILD/MINOR: ssl: de-constify "ciphers" to avoid a warning on openssl-0.9.8 + - BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets + - BUG/BUILD: revert accidental change in the makefile from latest SSL fix + - BUG/MEDIUM: ssl: force a full GC in case of memory shortage + - MEDIUM: ssl: add support for smaller SSL records + - MINOR: session: release a few other pools when stopping + - MINOR: task: release the task pool when stopping + - BUG/MINOR: config: don't inherit the default balance algorithm in frontends + - BUG/MAJOR: frontend: initialize capture pointers earlier + - BUG/MINOR: stats: correctly set the request/response analysers + - MAJOR: polling: centralize calls to I/O callbacks + - DOC: fix typo in the body parser documentation for msg.sov + - BUG/MINOR: peers: the buffer size is global.tune.bufsize, not trash.size + - MINOR: sample: add a few basic internal fetches (nbproc, proc, stopping) + - DEBUG: pools: apply poisonning on every allocated pool + - BUG/MAJOR: sessions: unlink session from list on out of memory + - BUG/MEDIUM: patterns: previous fix was incomplete + - BUG/MEDIUM: payload: ensure that a request channel is available + - BUG/MINOR: tcp-check: don't condition data polling on check type + - BUG/MEDIUM: tcp-check: don't rely on random memory contents + - BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect + - BUG/MINOR: config: fix typo in condition when propagating process binding + - BUG/MEDIUM: config: do not propagate processes between stopped processes + - BUG/MAJOR: stream-int: properly check the memory allocation return + - BUG/MEDIUM: memory: fix freeing logic in pool_gc2() + - BUG/MAJOR: namespaces: conn->target is not necessarily a server + - BUG/MEDIUM: compression: correctly report zlib_mem + - CLEANUP: lists: remove dead code + - CLEANUP: memory: remove dead code + - CLEANUP: memory: replace macros pool_alloc2/pool_free2 with functions + - MINOR: memory: cut pool allocator in 3 layers + - MEDIUM: memory: improve pool_refill_alloc() to pass a refill count + - MINOR: stream-int: retrieve session pointer from stream-int + - MINOR: buffer: reset a buffer in b_reset() and not channel_init() + - MEDIUM: buffer: use b_alloc() to allocate and initialize a buffer + - MINOR: buffer: move buffer initialization after channel initialization + - MINOR: buffer: only use b_free to release buffers + - MEDIUM: buffer: always assign a dummy empty buffer to channels + - MEDIUM: buffer: add a new buf_wanted dummy buffer to report failed allocations + - MEDIUM: channel: do not report full when buf_empty is present on a channel + - MINOR: session: group buffer allocations together + - MINOR: buffer: implement b_alloc_fast() + - MEDIUM: buffer: implement b_alloc_margin() + - MEDIUM: session: implement a basic atomic buffer allocator + - MAJOR: session: implement a wait-queue for sessions who need a buffer + - MAJOR: session: only allocate buffers when needed + - MINOR: stats: report a "waiting" flags for sessions + - MAJOR: session: only wake up as many sessions as available buffers permit + - MINOR: config: implement global setting tune.buffers.reserve + - MINOR: config: implement global setting tune.buffers.limit + - MEDIUM: channel: implement a zero-copy buffer transfer + - MEDIUM: stream-int: support splicing from applets + - OPTIM: stream-int: try to send pending spliced data + - CLEANUP: session: remove session_from_task() + - DOC: add missing entry for log-format and clarify the text + - MINOR: logs: add a new per-proxy "log-tag" directive + - BUG/MEDIUM: http: fix header removal when previous header ends with pure LF + - MINOR: config: extend the default max hostname length to 64 and beyond + - BUG/MEDIUM: channel: fix possible integer overflow on reserved size computation + - BUG/MINOR: channel: compare to_forward with buf->i, not buf->size + - MINOR: channel: add channel_in_transit() + - MEDIUM: channel: make buffer_reserved() use channel_in_transit() + - MEDIUM: channel: make bi_avail() use channel_in_transit() + - BUG/MEDIUM: channel: don't schedule data in transit for leaving until connected + - CLEANUP: channel: rename channel_reserved -> channel_is_rewritable + - MINOR: channel: rename channel_full() to !channel_may_recv() + - MINOR: channel: rename buffer_reserved() to channel_reserved() + - MINOR: channel: rename buffer_max_len() to channel_recv_limit() + - MINOR: channel: rename bi_avail() to channel_recv_max() + - MINOR: channel: rename bi_erase() to channel_truncate() + - BUG/MAJOR: log: don't try to emit a log if no logger is set + - MINOR: tools: add new round_2dig() function to round integers + - MINOR: global: always export some SSL-specific metrics + - MINOR: global: report information about the cost of SSL connections + - MAJOR: init: automatically set maxconn and/or maxsslconn when possible + - MINOR: http: add a new fetch "query" to extract the request's query string + - MINOR: hash: add new function hash_crc32 + - MINOR: samples: provide a "crc32" converter + - MEDIUM: backend: add the crc32 hash algorithm for load balancing + - BUG/MINOR: args: add missing entry for ARGT_MAP in arg_type_names + - BUG/MEDIUM: http: make http-request set-header compute the string before removal + - MEDIUM: args: use #define to specify the number of bits used by arg types and counts + - MEDIUM: args: increase arg type to 5 bits and limit arg count to 5 + - MINOR: args: add type-specific flags for each arg in a list + - MINOR: args: implement a new arg type for regex : ARGT_REG + - MEDIUM: regex: add support for passing regex flags to regex_exec_match() + - MEDIUM: samples: add a regsub converter to perform regex-based transformations + - BUG/MINOR: sample: fix case sensitivity for the regsub converter + - MEDIUM: http: implement http-request set-{method,path,query,uri} + - DOC: fix missing closing brackend on regsub + - MEDIUM: samples: provide basic arithmetic and bitwise operators + - MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set + - BUG/MINOR: http: fix incorrect header value offset in replace-hdr/replace-value + - BUG/MINOR: http: abort request processing on filter failure + - MEDIUM: tcp: implement tcp-ut bind option to set TCP_USER_TIMEOUT + - MINOR: ssl/server: add the "no-ssl-reuse" server option + - BUG/MAJOR: peers: initialize s->buffer_wait when creating the session + - MINOR: http: add a new function to iterate over each header line + - MINOR: http: add the new sample fetches req.hdr_names and res.hdr_names + - MEDIUM: task: always ensure that the run queue is consistent + - BUILD: Makefile: add -Wdeclaration-after-statement + - BUILD/CLEANUP: ssl: avoid a warning due to mixed code and declaration + - BUILD/CLEANUP: config: silent 3 warnings about mixed declarations with code + - MEDIUM: protocol: use a family array to index the protocol handlers + - BUILD: lua: cleanup many mixed occurrences declarations & code + - BUG/MEDIUM: task: fix recently introduced scheduler skew + - BUG/MINOR: lua: report the correct function name in an error message + - BUG/MAJOR: http: fix stats regression consecutive to HTTP_RULE_RES_YIELD + - Revert "BUG/MEDIUM: lua: can't handle the response bytes" + - MINOR: lua: convert IP addresses to type string + - CLEANUP: lua: use the same function names in C and Lua + - REORG/MAJOR: move session's req and resp channels back into the session + - CLEANUP: remove now unused channel pool + - REORG/MEDIUM: stream-int: introduce si_ic/si_oc to access channels + - MEDIUM: stream-int: add a flag indicating which side the SI is on + - MAJOR: stream-int: only rely on SI_FL_ISBACK to find the requested channel + - MEDIUM: stream-interface: remove now unused pointers to channels + - MEDIUM: stream-int: make si_sess() use the stream int's side + - MEDIUM: stream-int: use si_task() to retrieve the task from the stream int + - MEDIUM: stream-int: remove any reference to the owner + - CLEANUP: stream-int: add si_ib/si_ob to dereference the buffers + - CLEANUP: stream-int: add si_opposite() to find the other stream interface + - REORG/MEDIUM: channel: only use chn_prod / chn_cons to find stream-interfaces + - MEDIUM: channel: add a new flag "CF_ISRESP" for the response channel + - MAJOR: channel: only rely on the new CF_ISRESP flag to find the SI + - MEDIUM: channel: remove now unused ->prod and ->cons pointers + - CLEANUP: session: simplify references to chn_{prod,cons}(&s->{req,res}) + - CLEANUP: session: use local variables to access channels / stream ints + - CLEANUP: session: don't needlessly pass a pointer to the stream-int + - CLEANUP: session: don't use si_{ic,oc} when we know the session. + - CLEANUP: stream-int: limit usage of si_ic/si_oc + - CLEANUP: lua: limit usage of si_ic/si_oc + - MINOR: channel: add chn_sess() helper to retrieve session from channel + - MEDIUM: session: simplify receive buffer allocator to only use the channel + - MEDIUM: lua: use CF_ISRESP to detect the channel's side + - CLEANUP: lua: remove the session pointer from hlua_channel + - CLEANUP: lua: hlua_channel_new() doesn't need the pointer to the session anymore + - MEDIUM: lua: remove struct hlua_channel + - MEDIUM: lua: remove hlua_sample_fetch + +2014/06/19 : 1.6-dev0 + - exact copy of 1.5.0 + +2014/06/19 : 1.5.0 + - MEDIUM: ssl: ignored file names ending as '.issuer' or '.ocsp'. + - MEDIUM: ssl: basic OCSP stapling support. + - MINOR: ssl/cli: Fix unapropriate comment in code on 'set ssl ocsp-response' + - MEDIUM: ssl: add 300s supported time skew on OCSP response update. + - MINOR: checks: mysql-check: Add support for v4.1+ authentication + - MEDIUM: ssl: Add the option to use standardized DH parameters >= 1024 bits + - MEDIUM: ssl: fix detection of ephemeral diffie-hellman key exchange by using the cipher description. + - MEDIUM: http: add actions "replace-header" and "replace-values" in http-req/resp + - MEDIUM: Break out check establishment into connect_chk() + - MEDIUM: Add port_to_str helper + - BUG/MEDIUM: fix ignored values for half-closed timeouts (client-fin and server-fin) in defaults section. + - BUG/MEDIUM: Fix unhandled connections problem with systemd daemon mode and SO_REUSEPORT. + - MINOR: regex: fix a little configuration memory leak. + - MINOR: regex: Create JIT compatible function that return match strings + - MEDIUM: regex: replace all standard regex function by own functions + - MEDIUM: regex: Remove null terminated strings. + - MINOR: regex: Use native PCRE API. + - MINOR: missing regex.h include + - DOC: Add Exim as Proxy Protocol implementer. + - BUILD: don't use type "uint" which is not portable + - BUILD: stats: workaround stupid and bogus -Werror=format-security behaviour + - BUG/MEDIUM: http: clear CF_READ_NOEXP when preparing a new transaction + - CLEANUP: http: don't clear CF_READ_NOEXP twice + - DOC: fix proxy protocol v2 decoder example + - DOC: fix remaining occurrences of "pattern extraction" + - MINOR: log: allow the HTTP status code to be logged even in TCP frontends + - MINOR: logs: don't limit HTTP header captures to HTTP frontends + - MINOR: sample: improve sample_fetch_string() to report partial contents + - MINOR: capture: extend the captures to support non-header keys + - MINOR: tcp: prepare support for the "capture" action + - MEDIUM: tcp: add a new tcp-request capture directive + - MEDIUM: session: allow shorter retry delay if timeout connect is small + - MEDIUM: session: don't apply the retry delay when redispatching + - MEDIUM: session: redispatch earlier when possible + - MINOR: config: warn when tcp-check rules are used without option tcp-check + - BUG/MINOR: connection: make proxy protocol v1 support the UNKNOWN protocol + - DOC: proxy protocol example parser was still wrong + - DOC: minor updates to the proxy protocol doc + - CLEANUP: connection: merge proxy proto v2 header and address block + - MEDIUM: connection: add support for proxy protocol v2 in accept-proxy + - MINOR: tools: add new functions to quote-encode strings + - DOC: clarify the CSV format + - MEDIUM: stats: report the last check and last agent's output on the CSV status + - MINOR: freq_ctr: introduce a new averaging method + - MEDIUM: session: maintain per-backend and per-server time statistics + - MEDIUM: stats: report per-backend and per-server time stats in HTML and CSV outputs + - BUG/MINOR: http: fix typos in previous patch + - DOC: remove the ultra-obsolete TODO file + - DOC: update roadmap + - DOC: minor updates to the README + - DOC: mention the maxconn limitations with the select poller + - DOC: commit a few old design thoughts files + +2014/05/28 : 1.5-dev26 + - BUG/MEDIUM: polling: fix possible CPU hogging of worker processes after receiving SIGUSR1. + - BUG/MINOR: stats: fix a typo on a closing tag for a server tracking another one + - OPTIM: stats: avoid the calculation of a useless link on tracking servers in maintenance + - MINOR: fix a few memory usage errors + - CONTRIB: halog: Filter input lines by date and time through timestamp + - MINOR: ssl: SSL_CTX_set_options() and SSL_CTX_set_mode() take a long, not an int + - BUG/MEDIUM: regex: fix risk of buffer overrun in exp_replace() + - MINOR: acl: set "str" as default match for strings + - DOC: Add some precisions about acl default matching method + - MEDIUM: acl: strenghten the option parser to report invalid options + - BUG/MEDIUM: config: a stats-less config crashes in 1.5-dev25 + - BUG/MINOR: checks: tcp-check must not stop on '\0' for binary checks + - MINOR: stats: improve alignment of color codes to save one line of header + - MINOR: checks: simplify and improve reporting of state changes when using log-health-checks + - MINOR: server: remove the SRV_DRAIN flag which can always be deduced + - MINOR: server: use functions to detect state changes and to update them + - MINOR: server: create srv_was_usable() from srv_is_usable() and use a pointer + - BUG/MINOR: stats: do not report "100%" in the thottle column when server is draining + - BUG/MAJOR: config: don't free valid regex memory + - BUG/MEDIUM: session: don't clear CF_READ_NOEXP if analysers are not called + - BUG/MINOR: stats: tracking servers may incorrectly report an inherited DRAIN status + - MEDIUM: proxy: make timeout parser a bit stricter + - REORG/MEDIUM: server: split server state and flags in two different variables + - REORG/MEDIUM: server: move the maintenance bits out of the server state + - MAJOR: server: use states instead of flags to store the server state + - REORG: checks: put the functions in the appropriate files ! + - MEDIUM: server: properly support and propagate the maintenance status + - MEDIUM: server: allow multi-level server tracking + - CLEANUP: checks: rename the server_status_printf function + - MEDIUM: checks: simplify server up/down/nolb transitions + - MAJOR: checks: move health checks changes to set_server_check_status() + - MINOR: server: make the status reporting function support a reason + - MINOR: checks: simplify health check reporting functions + - MINOR: server: implement srv_set_stopped() + - MINOR: server: implement srv_set_running() + - MINOR: server: implement srv_set_stopping() + - MEDIUM: checks: simplify failure notification using srv_set_stopped() + - MEDIUM: checks: simplify success notification using srv_set_running() + - MEDIUM: checks: simplify stopping mode notification using srv_set_stopping() + - MEDIUM: stats: report a server's own state instead of the tracked one's + - MINOR: server: make use of srv_is_usable() instead of checking eweight + - MAJOR: checks: add support for a new "drain" administrative mode + - MINOR: stats: use the admin flags for soft enable/disable/stop/start on the web page + - MEDIUM: stats: introduce new actions to simplify admin status management + - MINOR: cli: introduce a new "set server" command + - MINOR: stats: report a distinct output for DOWN caused by agent + - MINOR: checks: support specific check reporting for the agent + - MINOR: checks: support a neutral check result + - BUG/MINOR: cli: "agent" was missing from the "enable"/"disable" help message + - MEDIUM: cli: add support for enabling/disabling health checks. + - MEDIUM: stats: report down caused by agent prior to reporting up + - MAJOR: agent: rework the response processing and support additional actions + - MINOR: stats: improve the stats web page to support more actions + - CONTRIB: halog: avoid calling time/localtime/mktime for each line + - DOC: document the workarouds for Google Chrome's bogus pre-connect + - MINOR: stats: report SSL key computations per second + - MINOR: stats: add counters for SSL cache lookups and misses + +2014/05/10 : 1.5-dev25 + - MEDIUM: connection: Implement and extented PROXY Protocol V2 + - MINOR: ssl: clean unused ACLs declarations + - MINOR: ssl: adds fetchs and ACLs for ssl back connection. + - MINOR: ssl: merge client's and frontend's certificate functions. + - MINOR: ssl: adds ssl_f_sha1 fetch to return frontend's certificate fingerprint + - MINOR: ssl: adds sample converter base64 for binary type. + - MINOR: ssl: convert to binary ssl_fc_unique_id and ssl_bc_unique_id. + - BUG/MAJOR: ssl: Fallback to private session cache if current lock mode is not supported. + - MAJOR: ssl: Change default locks on ssl session cache. + - BUG/MINOR: chunk: Fix function chunk_strcmp and chunk_strcasecmp match a substring. + - MINOR: ssl: add global statement tune.ssl.force-private-cache. + - MINOR: ssl: remove fallback to SSL session private cache if lock init fails. + - BUG/MEDIUM: patterns: last fix was still not enough + - MINOR: http: export the smp_fetch_cookie function + - MINOR: http: generic pointer to rule argument + - BUG/MEDIUM: pattern: a typo breaks automatic acl/map numbering + - BUG/MAJOR: patterns: -i and -n are ignored for inlined patterns + - BUG/MINOR: proxy: unsafe initialization of HTTP transaction when switching from TCP frontend + - BUG/MINOR: http: log 407 in case of proxy auth + - MINOR: http: rely on the message body parser to send 100-continue + - MEDIUM: http: move reqadd after execution of http_request redirect + - MEDIUM: http: jump to dedicated labels after http-request processing + - BUG/MINOR: http: block rules forgot to increment the denied_req counter + - BUG/MINOR: http: block rules forgot to increment the session's request counter + - MEDIUM: http: move Connection header processing earlier + - MEDIUM: http: remove even more of the spaghetti in the request path + - MINOR: http: silently support the "block" action for http-request + - CLEANUP: proxy: rename "block_cond" to "block_rules" + - MEDIUM: http: emulate "block" rules using "http-request" rules + - MINOR: http: remove the now unused loop over "block" rules + - MEDIUM: http: factorize the "auth" action of http-request and stats + - MEDIUM: http: make http-request rules processing return a verdict instead of a rule + - MINOR: config: add minimum support for emitting warnings only once + - MEDIUM: config: inform the user about the deprecatedness of "block" rules + - MEDIUM: config: inform the user that "reqsetbe" is deprecated + - MEDIUM: config: inform the user only once that "redispatch" is deprecated + - MEDIUM: config: warn that '{cli,con,srv}timeout' are deprecated + - BUG/MINOR: auth: fix wrong return type in pat_match_auth() + - BUILD: config: remove a warning with clang + - BUG/MAJOR: http: connection setup may stall on balance url_param + - BUG/MEDIUM: http/session: disable client-side expiration only after body + - BUG/MEDIUM: http: correctly report request body timeouts + - BUG/MEDIUM: http: disable server-side expiration until client has sent the body + - MEDIUM: listener: make the accept function more robust against pauses + - BUILD: syscalls: remove improper inline statement in front of syscalls + - BUILD: ssl: SSL_CTX_set_msg_callback() needs openssl >= 0.9.7 + - BUG/MAJOR: session: recover the correct connection pointer in half-initialized sessions + - DOC: add some explanation on the shared cache build options in the readme. + - MEDIUM: proxy: only adjust the backend's bind-process when already set + - MEDIUM: config: limit nbproc to the machine's word size + - MEDIUM: config: check the bind-process settings according to nbproc + - MEDIUM: listener: parse the new "process" bind keyword + - MEDIUM: listener: inherit the process mask from the proxy + - MAJOR: listener: only start listeners bound to the same processes + - MINOR: config: only report a warning when stats sockets are bound to more than 1 process + - CLEANUP: config: set the maxaccept value for peers listeners earlier + - BUG/MINOR: backend: only match IPv4 addresses with RDP cookies + - BUG/MINOR: checks: correctly configure the address family and protocol + - MINOR: tools: split is_addr() and is_inet_addr() + - MINOR: protocols: use is_inet_addr() when only INET addresses are desired + - MEDIUM: unix: add preliminary support for connecting to servers over UNIX sockets + - MEDIUM: checks: only complain about the missing port when the check uses TCP + - MEDIUM: unix: implement support for Linux abstract namespace sockets + - DOC: map_beg was missing from the table of map_* converters + - DOC: ebtree: indicate that prefix insertion/lookup may be used with strings + - MEDIUM: pattern: use ebtree's longest match to index/lookup string beginning + - BUILD: remove the obsolete BSD and OSX makefiles + - MEDIUM: unix: avoid a double connect probe when no data are sent + - DOC: stop referencing the slow git repository in the README + - BUILD: only build the systemd wrapper on Linux 2.6 and above + - DOC: update roadmap with completed tasks + - MEDIUM: session: implement half-closed timeouts (client-fin and server-fin) + +2014/04/26 : 1.5-dev24 + - MINOR: pattern: find element in a reference + - MEDIUM: http: ACL and MAP updates through http-(request|response) rules + - MEDIUM: ssl: explicitly log failed handshakes after a heartbeat + - DOC: Full section dedicated to the converters + - MEDIUM: http: register http-request and http-response keywords + - BUG/MINOR: compression: correctly report incoming byte count + - BUG/MINOR: http: don't report server aborts as client aborts + - BUG/MEDIUM: channel: bi_putblk() must not wrap before the end of buffer + - CLEANUP: buffers: remove unused function buffer_contig_space_with_res() + - MEDIUM: stats: reimplement HTTP keep-alive on the stats page + - BUG/MAJOR: http: fix timeouts during data forwarding + - BUG/MEDIUM: http: 100-continue responses must process the next part immediately + - MEDIUM: http: move skipping of 100-continue earlier + - BUILD: stats: let gcc know that last_fwd cannot be used uninitialized... + - CLEANUP: general: get rid of all old occurrences of "session *t" + - CLEANUP: http: remove the useless "if (1)" inherited from version 1.4 + - BUG/MEDIUM: stats: mismatch between behaviour and doc about front/back + - MEDIUM: http: enable analysers to have keep-alive on stats + - REORG: http: move HTTP Connection response header parsing earlier + - MINOR: stats: always emit HTTP/1.1 in responses + - MINOR: http: add capture.req.ver and capture.res.ver + - MINOR: checks: add a new global max-spread-checks directive + - BUG/MAJOR: http: fix the 'next' pointer when performing a redirect + - MINOR: http: implement the max-keep-alive-queue setting + - DOC: fix alphabetic order of tcp-check + - MINOR: connection: add a new error code for SSL with heartbeat + - MEDIUM: ssl: implement a workaround for the OpenSSL heartbleed attack + - BUG/MEDIUM: Revert "MEDIUM: ssl: Add standardized DH parameters >= 1024 bits" + - BUILD: http: remove a warning on strndup + - BUILD: ssl: avoid a warning about conn not used with OpenSSL < 1.0.1 + - BUG/MINOR: ssl: really block OpenSSL's response to heartbleed attack + - MINOR: ssl: finally catch the heartbeats missing the padding + +2014/04/23 : 1.5-dev23 + - BUG/MINOR: reject malformed HTTP/0.9 requests + - MINOR: systemd wrapper: re-execute on SIGUSR2 + - MINOR: systemd wrapper: improve logging + - MINOR: systemd wrapper: propagate exit status + - BUG/MINOR: tcpcheck connect wrong behavior + - MEDIUM: proxy: support use_backend with dynamic names + - MINOR: stats: Enhancement to stats page to provide information of last session time. + - BUG/MEDIUM: peers: fix key consistency for integer stick tables + - DOC: fix a typo on http-server-close and encapsulate options with double-quotes + - DOC: fix fetching samples syntax + - MINOR: ssl: add ssl_fc_unique_id to fetch TLS Unique ID + - MEDIUM: ssl: Use ALPN support as it will be available in OpenSSL 1.0.2 + - DOC: fix typo + - CLEANUP: code style: use tabs to indent codes instead of spaces + - DOC: fix a few config typos. + - BUG/MINOR: raw_sock: also consider ENOTCONN in addition to EAGAIN for recv() + - DOC: lowercase format string in unique-id + - MINOR: set IP_FREEBIND on IPv6 sockets in transparent mode + - BUG/MINOR: acl: req_ssl_sni fails with SSLv3 record version + - BUG/MINOR: build: add missing objects in osx and bsd Makefiles + - BUG/MINOR: build: handle whitespaces in wc -l output + - BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO + - MEDIUM: ssl: Add standardized DH parameters >= 1024 bits + - BUG/MEDIUM: map: The map parser includes blank lines. + - BUG/MINOR: log: The log of quotted capture header has been terminated by 2 quotes. + - MINOR: standard: add function "encode_chunk" + - BUG/MINOR: http: fix encoding of samples used in http headers + - MINOR: sample: add hex converter + - MEDIUM: sample: change the behavior of the bin2str cast + - MAJOR: auth: Change the internal authentication system. + - MEDIUM: acl/pattern: standardisation "of pat_parse_int()" and "pat_parse_dotted_ver()" + - MEDIUM: pattern: The pattern parser no more uses and just takes one string. + - MEDIUM: pattern: Change the prototype of the function pattern_register(). + - CONTRIB: ip6range: add a network IPv6 range to mask converter + - MINOR: pattern: separe list element from the data part. + - MEDIUM: pattern: add indexation function. + - MEDIUM: pattern: The parse functions just return "struct pattern" without memory allocation + - MINOR: pattern: Rename "pat_idx_elt" to "pattern_tree" + - MINOR: sample: dont call the sample cast function "c_none" + - MINOR: standard: Add function for converting cidr to network mask. + - MEDIUM: sample: Remove types SMP_T_CSTR and SMP_T_CBIN, replace it by SMP_F_CONST flags + - MEDIUM: sample/http_proto: Add new type called method + - MINOR: dumpstats: Group map inline help + - MEDIUM: pattern: The function pattern_exec_match() returns "struct pattern" if the patten match. + - MINOR: dumpstats: change map inline sentences + - MINOR: dumpstats: change the "get map" display management + - MINOR: map/dumpstats: The cli cmd "get map ..." display the "int" format. + - MEDIUM: pattern: The match function browse itself the list or the tree. + - MEDIUM: pattern: Index IPv6 addresses in a tree. + - MEDIUM: pattern: add delete functions + - MEDIUM: pattern: add prune function + - MEDIUM: pattern: add sample lookup function. + - MEDIUM: pattern/dumpstats: The function pattern_lookup() is no longer used + - MINOR: map/pattern: The sample parser is stored in the pattern + - MAJOR: pattern/map: Extends the map edition system in the patterns + - MEDIUM: pattern: merge same pattern + - MEDIUM: pattern: The expected type is stored in the pattern head, and conversion is executed once. + - MINOR: pattern: Each pattern is identified by unique id. + - MINOR: pattern/acl: Each pattern of each acl can be load with specified id + - MINOR: pattern: The function "pattern_register()" is no longer used. + - MINOR: pattern: Merge function pattern_add() with pat_ref_push(). + - MINOR: pattern: store configuration reference for each acl or map pattern. + - MINOR: pattern: Each pattern expression element store the reference struct. + - MINOR: dumpstats: display the reference for th key/pattern and value. + - MEDIUM: pattern: delete() function uses the pat_ref_elt to find the element to be removed + - MEDIUM: pattern_find_smp: functions find_smp uses the pat_ref_elt to find the element to be removed + - MEDIUM: dumpstats/pattern: display and use each pointer of each pattern dumped + - MINOR: pattern/map/acl: Centralization of the file parsers + - MINOR: pattern: Check if the file reference is not used with acl and map + - MINOR: acl/pattern: Acl "-M" option force to load file as map file with two columns + - MEDIUM: dumpstats: Display error message during add of values. + - MINOR: pattern: The function pat_ref_set() have now atomic behavior + - MINOR: regex: The pointer regstr in the struc regex is no longer used. + - MINOR: cli: Block the usage of the command "acl add" in many cases. + - MINOR: doc: Update the documentation about the map and acl + - MINOR: pattern: index duplicates + - MINOR: configuration: File and line propagation + - MINOR: dumpstat/conf: display all the configuration lines that using pattern reference + - MINOR: standard: Disable ip resolution during the runtime + - MINOR: pattern: Remove the flag "PAT_F_FROM_FILE". + - MINOR: pattern: forbid dns resolutions + - DOC: document "get map" / "get acl" on the CLI + - MEDIUM: acl: Change the acl register struct + - BUG/MEDIUM: acl: boolean only matches were broken by recent changes + - DOC: pattern: pattern organisation schematics + - MINOR: pattern/cli: Update used terms in documentation and cli + - MINOR: cli: remove information about acl or map owner. + - MINOR: session: don't always assume there's a listener + - MINOR: pattern: Add function to prune and reload pattern list. + - MINOR: standard: Add ipv6 support in the function url2sa(). + - MEDIUM: config: Dynamic sections. + - BUG/MEDIUM: stick-table: fix IPv4-to-IPv6 conversion in src_* fetches + - MINOR: http: Add the "language" converter to for use with accept-language + - BUG/MINOR: log: Don't dump empty unique-id + - BUG/MAJOR: session: fix a possible crash with src_tracked + - DOC: Update "language" documentation + - MINOR: http: add the function "del-header" to the directives http-request and http-response + - DOC: add some information on capture.(req|res).hdr + - MINOR: http: capture.req.method and capture.req.uri + - MINOR: http: optimize capture.req.method and capture.req.uri + - MINOR: session: clean up the connection free code + - BUG/MEDIUM: checks: immediately report a connection success + - MEDIUM: connection: don't use real send() flags in snd_buf() + - OPTIM: ssl: implement dynamic record size adjustment + - MINOR: stats: report exact last session time in backend too + - BUG/MEDIUM: stats: the "lastsess" field must appear last in the CSV. + - BUG/MAJOR: check: fix memory leak in "tcp-check connect" over SSL + - BUG/MINOR: channel: initialize xfer_small/xfer_large on new buffers + - MINOR: channel: add the date of last read in the channel + - MEDIUM: stream-int: automatically disable CF_STREAMER flags after idle + - MINOR: ssl: add DEFAULT_SSL_MAX_RECORD to set the record size at build time + - MINOR: config: make the stream interface idle timer user-configurable + - MINOR: config: add global directives to set default SSL ciphers + - MINOR: sample: add a rand() sample fetch to return a sample. + - BUG/MEDIUM: config: immediately abort if peers section has no name + - BUG/MINOR: ssl: fix syntax in config error message + - BUG/MEDIUM: ssl: always send a full buffer after EAGAIN + - BUG/MINOR: config: server on-marked-* statement is ignored in default-server + - BUG/MEDIUM: backend: prefer-last-server breaks redispatch + - BUG/MEDIUM: http: continue to emit 503 on keep-alive to different server + - MEDIUM: acl: fix pattern type for payload / payload_lv + - BUG/MINOR: config: fix a crash on startup when a disabled backend references a peer + - BUG/MEDIUM: compression: fix the output type of the compressor name + - BUG/MEDIUM: http: don't start to forward request data before the connect + - MINOR: http: release compression context only in http_end_txn() + - MINOR: protect ebimtree/ebistree against multiple inclusions + - MEDIUM: proxy: create a tree to store proxies by name + - MEDIUM: proxy: make findproxy() use trees to look up proxies + - MEDIUM: proxy: make get_backend_server() use findproxy() to lookup proxies + - MEDIUM: stick-table: lookup table names using trees. + - MEDIUM: config: faster lookup for duplicated proxy name + - CLEANUP: acl: remove obsolete test in parse_acl_expr() + - MINOR: sample: move smp_to_type to sample.c + - MEDIUM: compression: consider the "q=" attribute in Accept-Encoding + - REORG: cfgparse: move server keyword parsing to server.c + - BUILD: adjust makefile for AIX 5.1 + - BUG/MEDIUM: pattern: fix wrong definition of the pat_prune_fcts array + - CLEANUP: pattern: move array definitions to proto/ and not types/ + - BUG/MAJOR: counters: check for null-deref when looking up an alternate table + - BUILD: ssl: previous patch failed + - BUILD/MEDIUM: standard: get rid of the last strcpy() + - BUILD/MEDIUM: standard: get rid of sprintf() + - BUILD/MEDIUM: cfgparse: get rid of sprintf() + - BUILD/MEDIUM: checks: get rid of sprintf() + - BUILD/MEDIUM: http: remove calls to sprintf() + - BUG/MEDIUM: systemd-wrapper: fix locating of haproxy binary + - BUILD/MINOR: ssl: remove one call to sprintf() + - MEDIUM: http: don't reject anymore message bodies not containing the url param + - MEDIUM: http: wait for the first chunk or message body length in http_process_body + - CLEANUP: http: rename http_process_request_body() + - CLEANUP: http: prepare dedicated processing for chunked encoded message bodies + - MINOR: http: make msg->eol carry the last CRLF length + - MAJOR: http: do not use msg->sol while processing messages or forwarding data + - MEDIUM: http: http_parse_chunk_crlf() must not advance the buffer pointer + - MAJOR: http: don't update msg->sov anymore while processing the body + - MINOR: http: add a small helper to compute the amount of body bytes present + - MEDIUM: http: add a small helper to compute how far to rewind to find headers + - MINOR: http: add a small helper to compute how far to rewind to find URI + - MEDIUM: http: small helpers to compute how far to rewind to find BODY and DATA + - MAJOR: http: reset msg->sov after headers are forwarded + - MEDIUM: http: forward headers again while waiting for connection to complete + - BUG/MINOR: http: deinitialize compression after a parsing error + - BUG/MINOR: http: deinitialize compression after a compression error + - MEDIUM: http: headers must be forwarded even if data was already inspected + - MAJOR: http: re-enable compression on chunked encoding + - MAJOR: http/compression: fix chunked-encoded response processing + - MEDIUM: http: cleanup: centralize a little bit HTTP compression end + - MEDIUM: http: start to centralize the forwarding code + - MINOR: http: further cleanups of response forwarding function + - MEDIUM: http: only allocate the temporary compression buffer when needed + - MAJOR: http: centralize data forwarding in the request path + - CLEANUP: http: document the response forwarding states + - CLEANUP: http: remove all calls to http_silent_debug() + - DOC: internal: add some reminders about HTTP parsing and pointer states + - BUG/MAJOR: http: fix bug in parse_qvalue() when selecting compression algo + - BUG/MINOR: stats: last session was not always set + - DOC: add pointer to the Cyril's HTML doc in the README + - MEDIUM: config: relax use_backend check to make the condition optional + - MEDIUM: config: report misplaced http-request rules + - MEDIUM: config: report misplaced use-server rules + - DOC: update roadmap with what was done. + +2014/02/03 : 1.5-dev22 + - MEDIUM: tcp-check new feature: connect + - MEDIUM: ssl: Set verify 'required' as global default for servers side. + - MINOR: ssl: handshake optim for long certificate chains. + - BUG/MINOR: pattern: pattern comparison executed twice + - BUG/MEDIUM: map: segmentation fault with the stats's socket command "set map ..." + - BUG/MEDIUM: pattern: Segfault in binary parser + - MINOR: pattern: move functions for grouping pat_match_* and pat_parse_* and add documentation. + - MINOR: standard: The parse_binary() returns the length consumed and his documentation is updated + - BUG/MINOR: payload: the patterns of the acl "req.ssl_ver" are no parsed with the good function. + - BUG/MEDIUM: pattern: "pat_parse_dotted_ver()" set bad expect_type. + - BUG/MINOR: sample: The c_str2int converter does not fail if the entry is not an integer + - BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests + - MINOR: doc: Bad cli function name. + - MINOR: http: smp_fetch_capture_header_* fetch captured headers + - BUILD: last release inadvertently prepended a "+" in front of the date + - BUG/MEDIUM: stream-int: fix the keep-alive idle connection handler + - BUG/MEDIUM: backend: do not re-initialize the connection's context upon reuse + - BUG: Revert "OPTIM/MEDIUM: epoll: fuse active events into polled ones during polling changes" + - BUG/MINOR: checks: successful check completion must not re-enable MAINT servers + - MINOR: http: try to stick to same server after status 401/407 + - BUG/MINOR: http: always disable compression on HTTP/1.0 + - OPTIM: poll: restore polling after a poll/stop/want sequence + - OPTIM: http: don't stop polling for read on the client side after a request + - BUG/MEDIUM: checks: unchecked servers could not be enabled anymore + - BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling + - BUG/MINOR: channel: CHN_INFINITE_FORWARD must be unsigned + - BUG/MINOR: stream-int: do not clear the owner upon unregister + - MEDIUM: stats: add support for HTTP keep-alive on the stats page + - BUG/MEDIUM: stats: fix HTTP/1.0 breakage introduced in previous patch + - Revert "MEDIUM: stats: add support for HTTP keep-alive on the stats page" + - MAJOR: channel: add a new flag CF_WAKE_WRITE to notify the task of writes + - OPTIM: session: set the READ_DONTWAIT flag when connecting + - BUG/MINOR: http: don't clear the SI_FL_DONT_WAKE flag between requests + - MINOR: session: factor out the connect time measurement + - MEDIUM: session: prepare to support earlier transitions to the established state + - MEDIUM: stream-int: make si_connect() return an established state when possible + - MINOR: checks: use an inline function for health_adjust() + - OPTIM: session: put unlikely() around the freewheeling code + - MEDIUM: config: report a warning when multiple servers have the same name + - BUG: Revert "OPTIM: poll: restore polling after a poll/stop/want sequence" + - BUILD/MINOR: listener: remove a glibc warning on accept4() + - BUG/MAJOR: connection: fix mismatch between rcv_buf's API and usage + - BUILD: listener: fix recent accept4() again + - BUG/MAJOR: ssl: fix breakage caused by recent fix abf08d9 + - BUG/MEDIUM: polling: ensure we update FD status when there's no more activity + - MEDIUM: listener: fix polling management in the accept loop + - MINOR: protocol: improve the proto->drain() API + - MINOR: connection: add a new conn_drain() function + - MEDIUM: tcp: report in tcp_drain() that lingering is already disabled on close + - MEDIUM: connection: update callers of ctrl->drain() to use conn_drain() + - MINOR: connection: add more error codes to report connection errors + - MEDIUM: tcp: report connection error at the connection level + - MEDIUM: checks: make use of chk_report_conn_err() for connection errors + - BUG/MEDIUM: unique_id: HTTP request counter is not stable + - DOC: fix misleading information about SIGQUIT + - BUG/MAJOR: fix freezes during compression + - BUG/MEDIUM: stream-interface: don't wake the task up before end of transfer + - BUILD: fix VERDATE exclusion regex + - CLEANUP: polling: rename "spec_e" to "state" + - DOC: add a diagram showing polling state transitions + - REORG: polling: rename "spec_e" to "state" and "spec_p" to "cache" + - REORG: polling: rename "fd_spec" to "fd_cache" + - REORG: polling: rename the cache allocation functions + - REORG: polling: rename "fd_process_spec_events()" to "fd_process_cached_events()" + - MAJOR: polling: rework the whole polling system + - MAJOR: connection: remove the CO_FL_WAIT_{RD,WR} flags + - MEDIUM: connection: remove conn_{data,sock}_poll_{recv,send} + - MEDIUM: connection: add check for readiness in I/O handlers + - MEDIUM: stream-interface: the polling flags must always be updated in chk_snd_conn + - MINOR: stream-interface: no need to call fd_stop_both() on error + - MEDIUM: connection: no need to recheck FD state + - CLEANUP: connection: use conn_ctrl_ready() instead of checking the flag + - CLEANUP: connection: use conn_xprt_ready() instead of checking the flag + - CLEANUP: connection: fix comments in connection.h to reflect new behaviour. + - OPTIM: raw-sock: don't speculate after a short read if polling is enabled + - MEDIUM: polling: centralize polled events processing + - MINOR: polling: create function fd_compute_new_polled_status() + - MINOR: cli: add more information to the "show info" output + - MEDIUM: listener: add support for limiting the session rate in addition to the connection rate + - MEDIUM: listener: apply a limit on the session rate submitted to SSL + - REORG: stats: move the stats socket states to dumpstats.c + - MINOR: cli: add the new "show pools" command + - BUG/MEDIUM: counters: flush content counters after each request + - BUG/MEDIUM: counters: fix stick-table entry leak when using track-sc2 in connection + - MINOR: tools: add very basic support for composite pointers + - MEDIUM: counters: stop relying on session flags at all + - BUG/MINOR: cli: fix missing break in command line parser + - BUG/MINOR: config: correctly report when log-format headers require HTTP mode + - MAJOR: http: update connection mode configuration + - MEDIUM: http: make keep-alive + httpclose be passive mode + - MAJOR: http: switch to keep-alive mode by default + - BUG/MEDIUM: http: fix regression caused by recent switch to keep-alive by default + - BUG/MEDIUM: listener: improve detection of non-working accept4() + - BUILD: listener: add fcntl.h and unistd.h + - BUG/MINOR: raw_sock: correctly set the MSG_MORE flag + +2013/12/17 : 1.5-dev21 + - MINOR: stats: don't use a monospace font to report numbers + - MINOR: session: remove debugging code + - BUG/MAJOR: patterns: fix double free caused by loading strings from files + - MEDIUM: http: make option http_proxy automatically rewrite the URL + - BUG/MEDIUM: http: cook_cnt() forgets to set its output type + - BUG/MINOR: stats: correctly report throttle rate of low weight servers + - BUG/MEDIUM: checks: servers must not start in slowstart mode + - BUG/MINOR: acl: parser must also stop at comma on ACL-only keywords + - MEDIUM: stream-int: implement a very simplistic idle connection manager + - DOC: update the ROADMAP file + +2013/12/16 : 1.5-dev20 + - DOC: add missing options to the manpage + - DOC: add manpage references to all system calls + - DOC: update manpage reference to haproxy-en.txt + - DOC: remove -s and -l options from the manpage + - DOC: missing information for the "description" keyword + - DOC: missing http-send-name-header keyword in keyword table + - MINOR: tools: function my_memmem() to lookup binary contents + - MEDIUM: checks: add send/expect tcp based check + - MEDIUM: backend: Enhance hash-type directive with an algorithm options + - MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. + - DOC: Documentation for hashing function, with test results. + - BUG/MEDIUM: ssl: potential memory leak using verifyhost + - BUILD: ssl: compilation issue with openssl v0.9.6. + - BUG/MINOR: ssl: potential memory leaks using ssl_c_key_alg or ssl_c_sig_alg. + - MINOR: ssl: optimization of verifyhost on wildcard certificates. + - BUG/MINOR: ssl: verifyhost does not match empty strings on wildcard. + - MINOR: ssl: Add statement 'verifyhost' to "server" statements + - CLEANUP: session: remove event_accept() which was not used anymore + - BUG/MINOR: deinit: free fdinfo while doing cleanup + - DOC: minor typo fix in documentation + - BUG/MEDIUM: server: set the macro for server's max weight SRV_UWGHT_MAX to SRV_UWGHT_RANGE + - BUG/MINOR: use the same check condition for server as other algorithms + - DOC: fix typo in comments + - BUG/MINOR: deinit: free server map which is allocated in init_server_map() + - CLEANUP: stream_interface: cleanup loop information in si_conn_send_loop() + - MINOR: buffer: align the last output line of buffer_dump() + - MINOR: buffer: align the last output line if there are less than 8 characters left + - DOC: stick-table: modify the description + - OPTIM: stream_interface: return directly if the connection flag CO_FL_ERROR has been set + - CLEANUP: code style: use tabs to indent codes + - DOC: checkcache: block responses with cacheable cookies + - BUG/MINOR: check_config_validity: check the returned value of stktable_init() + - MEDIUM: haproxy-systemd-wrapper: Use haproxy in same directory + - MEDIUM: systemd-wrapper: Kill child processes when interrupted + - LOW: systemd-wrapper: Write debug information to stdout + - BUG/MINOR: http: fix "set-tos" not working in certain configurations + - MEDIUM: http: add IPv6 support for "set-tos" + - DOC: ssl: update build instructions to use new SSL_* variables + - BUILD/MINOR: systemd: fix compiler warning about unused result + - url32+src - like base32+src but whole url including parameters + - BUG/MINOR: fix forcing fastinter in "on-error" + - CLEANUP: Make parameters of srv_downtime and srv_getinter const + - CLEANUP: Remove unused 'last_slowstart_change' field from struct peer + - MEDIUM: Split up struct server's check element + - MEDIUM: Move result element to struct check + - MEDIUM: Paramatise functions over the check of a server + - MEDIUM: cfgparse: Factor out check initialisation + - MEDIUM: Add state to struct check + - MEDIUM: Move health element to struct check + - MEDIUM: Add helper for task creation for checks + - MEDIUM: Add helper function for failed checks + - MEDIUM: Log agent fail, stopped or down as info + - MEDIUM: Remove option lb-agent-chk + - MEDIUM: checks: Add supplementary agent checks + - MEDIUM: Do not mark a server as down if the agent is unavailable + - MEDIUM: Set rise and fall of agent checks to 1 + - MEDIUM: Add enable and disable agent unix socket commands + - MEDIUM: Add DRAIN state and report it on the stats page + - BUILD/MINOR: missing header file + - CLEANUP: regex: Create regex_comp function that compiles regex using compilation options + - CLEANUP: The function "regex_exec" needs the string length but in many case they expect null terminated char. + - MINOR: http: some exported functions were not in the header file + - MINOR: http: change url_decode to return the size of the decoded string. + - BUILD/MINOR: missing header file + - BUG/MEDIUM: sample: The function v4tov6 cannot support input and output overlap + - BUG/MINOR: arg: fix error reporting for add-header/set-header sample fetch arguments + - MINOR: sample: export the generic sample conversion parser + - MINOR: sample: export sample_casts + - MEDIUM: acl: use the fetch syntax 'fetch(args),conv(),conv()' into the ACL keyword + - MINOR: stick-table: use smp_expr_output_type() to retrieve the output type of a "struct sample_expr" + - MINOR: sample: provide the original sample_conv descriptor struct to the argument checker function. + - MINOR: tools: Add a function to convert buffer to an ipv6 address + - MINOR: acl: export acl arrays + - MINOR: acl: Extract the pattern parsing and indexation from the "acl_read_patterns_from_file()" function + - MINOR: acl: Extract the pattern matching function + - MINOR: sample: Define new struct sample_storage + - MEDIUM: acl: associate "struct sample_storage" to each "struct acl_pattern" + - REORG: acl/pattern: extract pattern matching from the acl file and create pattern.c + - MEDIUM: pattern: create pattern expression + - MEDIUM: pattern: rename "acl" prefix to "pat" + - MEDIUM: sample: let the cast functions set their output type + - MINOR: sample: add a private field to the struct sample_conv + - MINOR: map: Define map types + - MEDIUM: sample: add the "map" converter + - MEDIUM: http: The redirect strings follows the log format rules. + - BUG/MINOR: acl: acl parser does not recognize empty converter list + - BUG/MINOR: map: The map list was declared in the map.h file + - MINOR: map: Cleanup the initialisation of map descriptors. + - MEDIUM: map: merge identical maps + - BUG/MEDIUM: pattern: Pattern node has type of "struct pat_idx_elt" in place of "struct eb_node" + - BUG/MEDIUM: map: Bad map file parser + - CLEANUP/MINOR: standard: use the system define INET6_ADDRSTRLEN in place of MAX_IP6_LEN + - BUG/MEDIUM: sample: conversion from str to ipv6 may read data past end + - MINOR: map: export map_get_reference() function + - MINOR: pattern: Each pattern sets the expected input type + - MEDIUM: acl: Last patch change the output type + - MEDIUM: pattern: Extract the index process from the pat_parse_*() functions + - MINOR: standard: The function parse_binary() can use preallocated buffer + - MINOR: regex: Change the struct containing regex + - MINOR: regex: Copy the original regex expression into string. + - MINOR: pattern: add support for compiling patterns for lookups + - MINOR: pattern: make the pattern matching function return a pointer to the matched element + - MINOR: map: export parse output sample functions + - MINOR: pattern: add function to lookup a specific entry in pattern list + - MINOR: pattern/map: Each pattern must free the associated sample + - MEDIUM: dumpstat: make the CLI parser understand the backslash as an escape char + - MEDIUM: map: dynamic manipulation of maps + - BUG/MEDIUM: unique_id: junk in log on empty unique_id + - BUG/MINOR: log: junk at the end of syslog packet + - MINOR: Makefile: provide cscope rule + - DOC: compression: chunk are not compressed anymore + - MEDIUM: session: disable lingering on the server when the client aborts + - BUG/MEDIUM: prevent gcc from moving empty keywords lists into BSS + - DOC: remove the comment saying that SSL certs are not checked on the server side + - BUG: counters: third counter was not stored if others unset + - BUG/MAJOR: http: don't emit the send-name-header when no server is available + - BUG/MEDIUM: http: "option checkcache" fails with the no-cache header + - BUG/MAJOR: http: sample prefetch code was not properly migrated + - BUG/MEDIUM: splicing: fix abnormal CPU usage with splicing + - BUG/MINOR: stream_interface: don't call chk_snd() on polled events + - OPTIM: splicing: use splice() for the last block when relevant + - MEDIUM: sample: handle comma-delimited converter list + - MINOR: sample: fix sample_process handling of unstable data + - CLEANUP: acl: move the 3 remaining sample fetches to samples.c + - MINOR: sample: add a new "date" fetch to return the current date + - MINOR: samples: add the http_date([]) sample converter. + - DOC: minor improvements to the part on the stats socket. + - MEDIUM: sample: systematically pass the keyword pointer to the keyword + - MINOR: payload: split smp_fetch_rdp_cookie() + - MINOR: counters: factor out smp_fetch_sc*_tracked + - MINOR: counters: provide a generic function to retrieve a stkctr for sc* and src. + - MEDIUM: counters: factor out smp_fetch_sc*_get_gpc0 + - MEDIUM: counters: factor out smp_fetch_sc*_gpc0_rate + - MEDIUM: counters: factor out smp_fetch_sc*_inc_gpc0 + - MEDIUM: counters: factor out smp_fetch_sc*_clr_gpc0 + - MEDIUM: counters: factor out smp_fetch_sc*_conn_cnt + - MEDIUM: counters: factor out smp_fetch_sc*_conn_rate + - MEDIUM: counters: factor out smp_fetch_sc*_conn_cur + - MEDIUM: counters: factor out smp_fetch_sc*_sess_cnt + - MEDIUM: counters: factor out smp_fetch_sc*_sess_rate + - MEDIUM: counters: factor out smp_fetch_sc*_http_req_cnt + - MEDIUM: counters: factor out smp_fetch_sc*_http_req_rate + - MEDIUM: counters: factor out smp_fetch_sc*_http_err_cnt + - MEDIUM: counters: factor out smp_fetch_sc*_http_err_rate + - MEDIUM: counters: factor out smp_fetch_sc*_kbytes_in + - MEDIUM: counters: factor out smp_fetch_sc*_bytes_in_rate + - MEDIUM: counters: factor out smp_fetch_sc*_kbytes_out + - MEDIUM: counters: factor out smp_fetch_sc*_bytes_out_rate + - MEDIUM: counters: factor out smp_fetch_sc*_trackers + - MINOR: session: make the number of stick counter entries more configurable + - MEDIUM: counters: support passing the counter number as a fetch argument + - MEDIUM: counters: support looking up a key in an alternate table + - MEDIUM: cli: adjust the method for feeding frequency counters in tables + - MINOR: cli: make it possible to enter multiple values at once with "set table" + - MINOR: payload: allow the payload sample fetches to retrieve arbitrary lengths + - BUG/MINOR: cli: "clear table" must not kill entries that don't match condition + - MINOR: ssl: use MAXPATHLEN instead of PATH_MAX + - MINOR: config: warn when a server with no specific port uses rdp-cookie + - BUG/MEDIUM: unique_id: HTTP request counter must be unique! + - DOC: add a mention about the limited chunk size + - BUG/MEDIUM: fix broken send_proxy on FreeBSD + - MEDIUM: stick-tables: flush old entries upon soft-stop + - MINOR: tcp: add new "close" action for tcp-response + - MINOR: payload: provide the "res.len" fetch method + - BUILD: add SSL_INC/SSL_LIB variables to force the path to openssl + - MINOR: http: compute response time before processing headers + - BUG/MINOR: acl: fix improper string size assignment in proxy argument + - BUG/MEDIUM: http: accept full buffers on smp_prefetch_http + - BUG/MINOR: acl: implicit arguments of ACL keywords were not properly resolved + - BUG/MEDIUM: session: risk of crash on out of memory conditions + - BUG/MINOR: peers: set the accept date in outgoing connections + - BUG/MEDIUM: tcp: do not skip tracking rules on second pass + - BUG/MEDIUM: acl: do not evaluate next terms after a miss + - MINOR: acl: add a warning when an ACL keyword is used without any value + - MINOR: tcp: don't use tick_add_ifset() when timeout is known to be set + - BUG/MINOR: acl: remove patterns from the tree before freeing them + - MEDIUM: backend: add support for the wt6 hash + - OPTIM/MEDIUM: epoll: fuse active events into polled ones during polling changes + - OPTIM/MINOR: mark the source address as already known on accept() + - BUG/MINOR: stats: don't count tarpitted connections twice + - CLEANUP: http: homogenize processing of denied req counter + - CLEANUP: http: merge error handling for req* and http-request * + - BUG/MEDIUM: http: fix possible parser crash when parsing erroneous "http-request redirect" rules + - BUG/MINOR: http: fix build warning introduced with url32/url32_src + - BUG/MEDIUM: checks: fix slow start regression after fix attempt + - BUG/MAJOR: server: weight calculation fails for map-based algorithms + - MINOR: stats: report correct throttling percentage for servers in slowstart + - OPTIM: connection: fold the error handling with handshake handling + - MINOR: peers: accept to learn strings of different lengths + - BUG/MAJOR: fix haproxy crash when using server tracking instead of checks + - BUG/MAJOR: check: fix haproxy crash during soft-stop/soft-start + - BUG/MINOR: stats: do not report "via" on tracking servers in maintenance + - BUG/MINOR: connection: fix typo in error message report + - BUG/MINOR: backend: fix target address retrieval in transparent mode + - BUG/MINOR: config: report the correct track-sc number in tcp-rules + - BUG/MINOR: log: fix log-format parsing errors + - DOC: add some information about how to apply converters to samples + - MINOR: acl/pattern: use types different from int to clarify who does what. + - MINOR: pattern: import acl_find_match_name() into pattern.h + - MEDIUM: stick-tables: support automatic conversion from ipv4<->ipv6 + - MEDIUM: log-format: relax parsing of '%' followed by unsupported characters + - BUG/MINOR: http: usual deinit stuff in last commit + - BUILD: log: silent a warning about isblank() with latest patches + - BUG/MEDIUM: checks: fix health check regression causing them to depend on declaration order + - BUG/MEDIUM: checks: fix a long-standing issue with reporting connection errors + - BUG/MINOR: checks: don't consider errno and use conn->err_code + - BUG/MEDIUM: checks: also update the DRAIN state from the web interface + - MINOR: stats: remove some confusion between the DRAIN state and NOLB + - BUG/MINOR: tcp: check that no error is pending during a connect probe + - BUG/MINOR: connection: check EINTR when sending a PROXY header + - MEDIUM: connection: set the socket shutdown flags on socket errors + - BUG/MEDIUM: acl: fix regression introduced by latest converters support + - MINOR: connection: clear errno prior to checking for errors + - BUG/MINOR: checks: do not trust errno in write event before any syscall + - MEDIUM: checks: centralize error reporting + - OPTIM: checks: don't poll on recv when using plain TCP connects + - OPTIM: checks: avoid setting SO_LINGER twice + - MINOR: tools: add a generic binary hex string parser + - BUG/MEDIUM: checks: tcp-check: do not poll when there's nothing to send + - BUG/MEDIUM: check: tcp-check might miss some outgoing data when socket buffers are full + - BUG/MEDIUM: args: fix double free on error path in argument expression parser + - BUG/MINOR: acl: fix sample expression error reporting + - BUG/MINOR: checks: tcp-check actions are enums, not flags + - MEDIUM: checks: make tcp-check perform multiple send() at once + - BUG/MEDIUM: stick: completely remove the unused flag from the store entries + - OPTIM: ebtree: pack the struct eb_node to avoid holes on 64-bit + - BUG/MEDIUM: stick-tables: complete the latest fix about store-responses + - CLEANUP: stream_interface: remove unused field err_loc + - MEDIUM: stats: don't use conn->xprt_st anymore + - MINOR: session: add a simple function to retrieve a session from a task + - MEDIUM: stats: don't use conn->xprt_ctx anymore + - MEDIUM: peers: don't rely on conn->xprt_ctx anymore + - MINOR: http: prevent smp_fetch_url_{ip,port} from using si->conn + - MINOR: connection: make it easier to emit proxy protocol for unknown addresses + - MEDIUM: stats: prepare the HTTP stats I/O handler to support more states + - MAJOR: stats: move the HTTP stats handling to its applet + - MEDIUM: stats: move request argument processing to the final step + - MEDIUM: session: detect applets from the session by using s->target + - MAJOR: session: check for a connection to an applet in sess_prepare_conn_req() + - MAJOR: session: pass applet return traffic through the response analysers + - MEDIUM: stream-int: split the shutr/shutw functions between applet and conn + - MINOR: stream-int: make the shutr/shutw functions void + - MINOR: obj: provide a safe and an unsafe access to pointed objects + - MINOR: connection: add a field to store an object type + - MINOR: connection: always initialize conn->objt_type to OBJ_TYPE_CONN + - MEDIUM: stream interface: move the peers' ptr into the applet context + - MINOR: stream-interface: move the applet context to its own struct + - MINOR: obj: introduce a new type appctx + - MINOR: stream-int: rename ->applet to ->appctx + - MINOR: stream-int: split si_prepare_embedded into si_prepare_none and si_prepare_applet + - MINOR: stream-int: add a new pointer to the end point + - MEDIUM: stream-interface: set the pointer to the applet into the applet context + - MAJOR: stream interface: remove the ->release function pointer + - MEDIUM: stream-int: make ->end point to the connection or the appctx + - CLEANUP: stream-int: remove obsolete si_ctrl function + - MAJOR: stream-int: stop using si->conn and use si->end instead + - MEDIUM: stream-int: do not allocate a connection in parallel to applets + - MEDIUM: session: attach incoming connection to target on embryonic sessions + - MINOR: connection: add conn_init() to (re)initialize a connection + - MINOR: checks: call conn_init() to properly initialize the connection. + - MINOR: peers: make use of conn_init() to initialize the connection + - MINOR: session: use conn_init() to initialize the connections + - MINOR: http: use conn_init() to reinitialize the server connection + - MEDIUM: connection: replace conn_prepare with conn_assign + - MINOR: get rid of si_takeover_conn() + - MINOR: connection: add conn_new() / conn_free() + - MAJOR: connection: add two new flags to indicate readiness of control/transport + - MINOR: stream-interface: introduce si_reset() and si_set_state() + - MINOR: connection: reintroduce conn_prepare to set the protocol and transport + - MINOR: connection: replace conn_assign with conn_attach + - MEDIUM: stream-interface: introduce si_attach_conn to replace si_prepare_conn + - MAJOR: stream interface: dynamically allocate the outgoing connection + - MEDIUM: connection: move the send_proxy offset to the connection + - MINOR: connection: check for send_proxy during the connect(), not the SI + - MEDIUM: connection: merge the send_proxy and local_send_proxy calls + - MEDIUM: stream-int: replace occurrences of si->appctx with si_appctx() + - MEDIUM: stream-int: return the allocated appctx in stream_int_register_handler() + - MAJOR: stream-interface: dynamically allocate the applet context + - MEDIUM: session: automatically register the applet designated by the target + - MEDIUM: stats: delay appctx initialization + - CLEANUP: peers: use less confusing state/status code names + - MEDIUM: peers: delay appctx initialization + - MINOR: stats: provide some appctx information in "show sess all" + - DIET/MINOR: obj: pack the obj_type enum to 8 bits + - DIET/MINOR: connection: rearrange a few fields to save 8 bytes in the struct + - DIET/MINOR: listener: rearrange a few fields in struct listener to save 16 bytes + - DIET/MINOR: proxy: rearrange a few fields in struct proxy to save 16 bytes + - DIET/MINOR: session: reduce the struct session size by 8 bytes + - DIET/MINOR: stream-int: rearrange a few fields in struct stream_interface to save 8 bytes + - DIET/MINOR: http: reduce the size of struct http_txn by 8 bytes + - MINOR: http: switch the http state to an enum + - MINOR: http: use an enum for the auth method in http_auth_data + - DIET/MINOR: task: reduce struct task size by 8 bytes + - MINOR: stream_interface: add reporting of ressouce allocation errors + - MINOR: session: report lack of resources using the new stream-interface's error code + - BUILD: simplify the date and version retrieval in the makefile + - BUILD: prepare the makefile to skip format lines in SUBVERS and VERDATE + - BUILD: use format tags in VERDATE and SUBVERS files + - BUG/MEDIUM: channel: bo_getline() must wait for \n until buffer is full + - CLEANUP: check: server port is unsigned + - BUG/MEDIUM: checks: agent doesn't get the response if server does not closes + - MINOR: tools: buf2ip6 must not modify output on failure + - MINOR: pattern: do not assign SMP_TYPES by default to patterns + - MINOR: sample: make sample_parse_expr() use memprintf() to report parse errors + - MINOR: arg: improve wording on error reporting + - BUG/MEDIUM: sample: simplify and fix the argument parsing + - MEDIUM: acl: fix the argument parser to let the lower layer report detailed errors + - MEDIUM: acl: fix the initialization order of the ACL expression + - CLEANUP: acl: remove useless blind copy-paste from sample converters + - TESTS: add regression tests for ACL and sample expression parsers + - BUILD: time: adapt the type of TV_ETERNITY to the local system + - MINOR: chunks: allocate the trash chunks before parsing the config + - BUILD: definitely silence some stupid GCC warnings + - MINOR: chunks: always initialize the output chunk in get_trash_chunk() + - MINOR: checks: improve handling of the servers tracking chain + - REORG: checks: retrieve the check-specific defines from server.h to checks.h + - MINOR: checks: use an enum instead of flags to report a check result + - MINOR: checks: rename the state flags + - MINOR: checks: replace state DISABLED with CONFIGURED and ENABLED + - MINOR: checks: use check->state instead of srv->state & SRV_CHECKED + - MINOR: checks: fix agent check interval computation + - MINOR: checks: add a PAUSED state for the checks + - MINOR: checks: create the agent tasks even when no check is configured + - MINOR: checks: add a flag to indicate what check is an agent + - MEDIUM: checks: enable agent checks even if health checks are disabled + - BUG/MEDIUM: checks: ensure we can enable a server after boot + - BUG/MEDIUM: checks: tracking servers must not inherit the MAINT flag + - BUG/MAJOR: session: repair tcp-request connection rules + - BUILD: fix SUBVERS extraction in the Makefile + - BUILD: pattern: silence a warning about uninitialized value + - BUILD: log: fix build warning on Solaris + - BUILD: dumpstats: fix build error on Solaris + - DOC: move option pgsql-check to the correct place + - DOC: move option tcp-check to the proper place + - MINOR: connection: add simple functions to report connection readiness + - MEDIUM: connection: centralize handling of nolinger in fd management + - OPTIM: http: set CF_READ_DONTWAIT on response message + - OPTIM: http: do not re-enable reading on client side while closing the server side + - MINOR: config: add option http-keep-alive + - MEDIUM: connection: inform si_alloc_conn() whether existing conn is OK or not + - MAJOR: stream-int: handle the connection reuse in si_connect() + - MAJOR: http: add the keep-alive transition on the server side + - MAJOR: backend: enable connection reuse + - MINOR: http: add option prefer-last-server + - MEDIUM: http: do not report connection errors for second and further requests + +2013/06/17 : 1.5-dev19 + - MINOR: stats: remove the autofocus on the scope input field + - BUG/MEDIUM: Fix crt-list file parsing error: filtered name was ignored. + - BUG/MEDIUM: ssl: EDH ciphers are not usable if no DH parameters present in pem file. + - BUG/MEDIUM: shctx: makes the code independent on SSL runtime version. + - MEDIUM: ssl: improve crt-list format to support negation + - BUG: ssl: fix crt-list for clients not supporting SNI + - MINOR: stats: show soft-stopped servers in different color + - BUG/MINOR: config: "source" does not work in defaults section + - BUG: regex: fix pcre compile error when using JIT + - MINOR: ssl: add pattern fetch 'ssl_c_sha1' + - BUG: ssl: send payload gets corrupted if tune.ssl.maxrecord is used + - MINOR: show PCRE version and JIT status in -vv + - BUG/MINOR: jit: don't rely on USE flag to detect support + - DOC: readme: add suggestion to link against static openssl + - DOC: examples: provide simplified ssl configuration + - REORG: tproxy: prepare the transparent proxy defines for accepting other OSes + - MINOR: tproxy: add support for FreeBSD + - MINOR: tproxy: add support for OpenBSD + - DOC: examples: provide an example of transparent proxy configuration for FreeBSD 8 + - CLEANUP: fix minor typo in error message. + - CLEANUP: fix missing include in proto/listener.h + - CLEANUP: protect checks.h from multiple inclusions + - MINOR: compression: acl "res.comp" and fetch "res.comp_algo" + - BUG/MINOR: http: add-header/set-header did not accept the ACL condition + - BUILD: mention in the Makefile that USE_PCRE_JIT is for libpcre >= 8.32 + - BUG/MEDIUM: splicing is broken since 1.5-dev12 + - BUG/MAJOR: acl: add implicit arguments to the resolve list + - BUG/MINOR: tcp: fix error reporting for TCP rules + - CLEANUP: peers: remove a bit of spaghetti to prepare for the next bugfix + - MINOR: stick-table: allow to allocate an entry without filling it + - BUG/MAJOR: peers: fix an overflow when syncing strings larger than 16 bytes + - MINOR: session: only call http_send_name_header() when changing the server + - MINOR: tcp: report the erroneous word in tcp-request track* + - BUG/MAJOR: backend: consistent hash can loop forever in certain circumstances + - BUG/MEDIUM: log: fix regression on log-format handling + - MEDIUM: log: report file name, line number, and directive name with log-format errors + - BUG/MINOR: cli: "clear table" did not work anymore without a key + - BUG/MINOR: cli: "clear table xx data.xx" does not work anymore + - BUG/MAJOR: http: compression still has defects on chunked responses + - BUG/MINOR: stats: fix confirmation links on the stats interface + - BUG/MINOR: stats: the status bar does not appear anymore after a change + - BUG/MEDIUM: stats: allocate the stats frontend also on "stats bind-process" + - BUG/MEDIUM: stats: fix a regression when dealing with POST requests + - BUG/MINOR: fix unterminated ACL array in compression + - BUILD: last fix broke non-linux platforms + - MINOR: init: indicate the SSL runtime version on -vv. + - BUG/MEDIUM: compression: the deflate algorithm must use global settings as well + - BUILD: stdbool is not portable (again) + - DOC: readme: add a small reminder about restrictions to respect in the code + - MINOR: ebtree: add new eb_next_dup/eb_prev_dup() functions to visit duplicates + - BUG/MINOR: acl: fix a double free during exit when using PCRE_JIT + - DOC: fix wrong copy-paste in the rspdel example + - MINOR: counters: make it easier to extend the amount of tracked counters + - MEDIUM: counters: add support for tracking a third counter + - MEDIUM: counters: add a new "gpc0_rate" counter in stick-tables + - BUG/MAJOR: http: always ensure response buffer has some room for a response + - MINOR: counters: add fetch/acl sc*_tracked to indicate whether a counter is tracked + - MINOR: defaults: allow REQURI_LEN and CAPTURE_LEN to be redefined + - MINOR: log: add a new flag 'L' for locally processed requests + - MINOR: http: add full-length header fetch methods + - MEDIUM: protocol: implement a "drain" function in protocol layers + - MEDIUM: http: add a new "http-response" ruleset + - MEDIUM: http: add the "set-nice" action to http-request and http-response + - MEDIUM: log: add a log level override value in struct session + - MEDIUM: http: add support for action "set-log-level" in http-request/http-response + - MEDIUM: http: add support for "set-tos" in http-request/http-response + - MEDIUM: http: add the "set-mark" action on http-request/http-response rules + - MEDIUM: tcp: add "tcp-request connection expect-proxy layer4" + - MEDIUM: acl: automatically detect the type of certain fetches + - MEDIUM: acl: remove a lot of useless ACLs that are equivalent to their fetches + - MEDIUM: acl: remove 15 additional useless ACLs that are equivalent to their fetches + - DOC: major reorg of ACL + sample fetch + - CLEANUP: http: remove the bogus urlp_ip ACL match + - MINOR: acl: add the new "env()" fetch method to retrieve an environment variable + - BUG/MINOR: acl: correctly consider boolean fetches when doing casts + - BUG/CRITICAL: fix a possible crash when using negative header occurrences + - DOC: update ROADMAP file + - MEDIUM: counters: use sc0/sc1/sc2 instead of sc1/sc2/sc3 + - MEDIUM: stats: add proxy name filtering on the statistic page + +2013/04/03 : 1.5-dev18 + - DOCS: Add explanation of intermediate certs to crt paramater + - DOC: typo and minor fixes in compression paragraph + - MINOR: config: http-request configuration error message misses new keywords + - DOC: minor typo fix in documentation + - BUG/MEDIUM: ssl: ECDHE ciphers not usable without named curve configured. + - MEDIUM: ssl: add bind-option "strict-sni" + - MEDIUM: ssl: add mapping from SNI to cert file using "crt-list" + - MEDIUM: regex: Use PCRE JIT in acl + - DOC: simplify bind option "interface" explanation + - DOC: tfo: bump required kernel to linux-3.7 + - BUILD: add explicit support for TFO with USE_TFO + - MEDIUM: New cli option -Ds for systemd compatibility + - MEDIUM: add haproxy-systemd-wrapper + - MEDIUM: add systemd service + - BUG/MEDIUM: systemd-wrapper: don't leak zombie processes + - BUG/MEDIUM: remove supplementary groups when changing gid + - BUG/MEDIUM: config: fix parser crash with bad bind or server address + - BUG/MINOR: Correct logic in cut_crlf() + - CLEANUP: checks: Make desc argument to set_server_check_status const + - CLEANUP: dumpstats: Make cli_release_handler() static + - MEDIUM: server: Break out set weight processing code + - MEDIUM: server: Allow relative weights greater than 100% + - MEDIUM: server: Tighten up parsing of weight string + - MEDIUM: checks: Add agent health check + - BUG/MEDIUM: ssl: openssl 0.9.8 doesn't open /dev/random before chroot + - BUG/MINOR: time: frequency counters are not totally accurate + - BUG/MINOR: http: don't process abortonclose when request was sent + - BUG/MEDIUM: stream_interface: don't close outgoing connections on shutw() + - BUG/MEDIUM: checks: ignore late resets after valid responses + - DOC: fix bogus recommendation on usage of gpc0 counter + - BUG/MINOR: http-compression: lookup Cache-Control in the response, not the request + - MINOR: signal: don't block SIGPROF by default + - OPTIM: epoll: make use of EPOLLRDHUP + - OPTIM: splice: detect shutdowns and avoid splice() == 0 + - OPTIM: splice: assume by default that splice is working correctly + - BUG/MINOR: log: temporary fix for lost SSL info in some situations + - BUG/MEDIUM: peers: only the last peers section was used by tables + - BUG/MEDIUM: config: verbosely reject peers sections with multiple local peers + - BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait() + - BUG/MINOR: config: fix improper check for failed memory alloc in ACL parser + - BUG/MINOR: config: free peer's address when exiting upon parsing error + - BUG/MINOR: config: check the proper variable when parsing log minlvl + - BUG/MEDIUM: checks: ensure the health_status is always within bounds + - BUG/MINOR: cli: show sess should always validate s->listener + - BUG/MINOR: log: improper NULL return check on utoa_pad() + - CLEANUP: http: remove a useless null check + - CLEANUP: tcp/unix: remove useless NULL check in {tcp,unix}_bind_listener() + - BUG/MEDIUM: signal: signal handler does not properly check for signal bounds + - BUG/MEDIUM: tools: off-by-one in quote_arg() + - BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage + - BUG/MINOR: unix: remove the 'level' field from the ux struct + - CLEANUP: http: don't try to deinitialize http compression if it fails before init + - CLEANUP: config: slowstart is never negative + - CLEANUP: config: maxcompcpuusage is never negative + - BUG/MEDIUM: log: emit '-' for empty fields again + - BUG/MEDIUM: checks: fix a race condition between checks and observe layer7 + - BUILD: fix a warning emitted by isblank() on non-c99 compilers + - BUILD: improve the makefile's support for libpcre + - MEDIUM: halog: add support for counting per source address (-ic) + - MEDIUM: tools: make str2sa_range support all address syntaxes + - MEDIUM: config: make use of str2sa_range() instead of str2sa() + - MEDIUM: config: use str2sa_range() to parse server addresses + - MEDIUM: config: use str2sa_range() to parse peers addresses + - MINOR: tests: add a config file to ease address parsing tests. + - MINOR: ssl: add a global tunable for the max SSL/TLS record size + - BUG/MINOR: syscall: fix NR_accept4 system call on sparc/linux + - BUILD/MINOR: syscall: add definition of NR_accept4 for ARM + - MINOR: config: report missing peers section name + - BUG/MEDIUM: tools: fix bad character handling in str2sa_range() + - BUG/MEDIUM: stats: never apply "unix-bind prefix" to the global stats socket + - MINOR: tools: prepare str2sa_range() to return an error message + - BUG/MEDIUM: checks: don't call connect() on unsupported address families + - MINOR: tools: prepare str2sa_range() to accept a prefix + - MEDIUM: tools: make str2sa_range() parse unix addresses too + - MEDIUM: config: make str2listener() use str2sa_range() to parse unix addresses + - MEDIUM: config: use a single str2sa_range() call to parse bind addresses + - MEDIUM: config: use str2sa_range() to parse log addresses + - CLEANUP: tools: remove str2sun() which is not used anymore. + - MEDIUM: config: add complete support for str2sa_range() in dispatch + - MEDIUM: config: add complete support for str2sa_range() in server addr + - MEDIUM: config: add complete support for str2sa_range() in 'server' + - MEDIUM: config: add complete support for str2sa_range() in 'peer' + - MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc' + - CLEANUP: minor cleanup in str2sa_range() and str2ip() + - CLEANUP: config: do not use multiple errmsg at once + - MEDIUM: tools: support specifying explicit address families in str2sa_range() + - MAJOR: listener: support inheriting a listening fd from the parent + - MAJOR: tools: support environment variables in addresses + - BUG/MEDIUM: http: add-header should not emit "-" for empty fields + - BUG/MEDIUM: config: ACL compatibility check on "redirect" was wrong + - BUG/MEDIUM: http: fix another issue caused by http-send-name-header + - DOC: mention the new HTTP 307 and 308 redirect statues + - MEDIUM: poll: do not use FD_* macros anymore + - BUG/MAJOR: ev_select: disable the select() poller if maxsock > FD_SETSIZE + - BUG/MINOR: acl: ssl_fc_{alg,use}_keysize must parse integers, not strings + - BUG/MINOR: acl: ssl_c_used, ssl_fc{,_has_crt,_has_sni} take no pattern + - BUILD: fix usual isdigit() warning on solaris + - BUG/MEDIUM: tools: vsnprintf() is not always reliable on Solaris + - OPTIM: buffer: remove one jump in buffer_count() + - OPTIM: http: improve branching in chunk size parser + - OPTIM: http: optimize the response forward state machine + - BUILD: enable poll() by default in the makefile + - BUILD: add explicit support for Mac OS/X + - BUG/MAJOR: http: use a static storage for sample fetch context + - BUG/MEDIUM: ssl: improve error processing and reporting in ssl_sock_load_cert_list_file() + - BUG/MAJOR: http: fix regression introduced by commit a890d072 + - BUG/MAJOR: http: fix regression introduced by commit d655ffe + - BUG/CRITICAL: using HTTP information in tcp-request content may crash the process + - MEDIUM: acl: remove flag ACL_MAY_LOOKUP which is improperly used + - MEDIUM: samples: use new flags to describe compatibility between fetches and their usages + - MINOR: log: indicate it when some unreliable sample fetches are logged + - MEDIUM: samples: move payload-based fetches and ACLs to their own file + - MINOR: backend: rename sample fetch functions and declare the sample keywords + - MINOR: frontend: rename sample fetch functions and declare the sample keywords + - MINOR: listener: rename sample fetch functions and declare the sample keywords + - MEDIUM: http: unify acl and sample fetch functions + - MINOR: session: rename sample fetch functions and declare the sample keywords + - MAJOR: acl: make all ACLs reference the fetch function via a sample. + - MAJOR: acl: remove the arg_mask from the ACL definition and use the sample fetch's + - MAJOR: acl: remove fetch argument validation from the ACL struct + - MINOR: http: add new direction-explicit sample fetches for headers and cookies + - MINOR: payload: add new direction-explicit sample fetches + - CLEANUP: acl: remove ACL hooks which were never used + - MEDIUM: proxy: remove acl_requires and just keep a flag "http_needed" + - MINOR: sample: provide a function to report the name of a sample check point + - MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires + - CLEANUP: acl: remove unused references to ACL_USE_* + - MINOR: http: replace acl_parse_ver with acl_parse_str + - MEDIUM: acl: move the ->parse, ->match and ->smp fields to acl_expr + - MAJOR: acl: add option -m to change the pattern matching method + - MINOR: acl: remove the use_count in acl keywords + - MEDIUM: acl: have a pointer to the keyword name in acl_expr + - MEDIUM: acl: support using sample fetches directly in ACLs + - MEDIUM: http: remove val_usr() to validate user_lists + - MAJOR: sample: maintain a per-proxy list of the fetch args to resolve + - MINOR: ssl: add support for the "alpn" bind keyword + - MINOR: http: status code 303 is HTTP/1.1 only + - MEDIUM: http: implement redirect 307 and 308 + - MINOR: http: status 301 should not be marked non-cacheable + +2012/12/28 : 1.5-dev17 + - MINOR: ssl: Setting global tune.ssl.cachesize value to 0 disables SSL session cache. + - BUG/MEDIUM: stats: fix stats page regression introduced by commit 20b0de5 + - BUG/MINOR: stats: last fix was still wrong + - BUG/MINOR: stats: http-request rules still don't cope with stats + - BUG/MINOR: http: http-request add-header emits a corrupted header + - BUG/MEDIUM: stats: disable request analyser when processing POST or HEAD + - BUG/MINOR: log: make log-format, unique-id-format and add-header more independant + - BUILD: log: unused variable svid + - CLEANUP: http: rename the misleading http_check_access_rule + - MINOR: http: move redirect rule processing to its own function + - REORG: config: move the http redirect rule parser to proto_http.c + - MEDIUM: http: add support for "http-request redirect" rules + - MEDIUM: http: add support for "http-request tarpit" rule + +2012/12/24 : 1.5-dev16 + - BUG/MEDIUM: ssl: Prevent ssl error from affecting other connections. + - BUG/MINOR: ssl: error is not reported if it occurs simultaneously with peer close detection. + - MINOR: ssl: add fetch and acl "ssl_c_used" to check if current SSL session uses a client certificate. + - MINOR: contrib: make the iprange tool grep for addresses + - CLEANUP: polling: gcc doesn't always optimize constants away + - OPTIM: poll: optimize fd management functions for low register count CPUs + - CLEANUP: poll: remove a useless double-check on fdtab[fd].owner + - OPTIM: epoll: use a temp variable for intermediary flag computations + - OPTIM: epoll: current fd does not count as a new one + - BUG/MINOR: poll: the I/O handler was called twice for polled I/Os + - MINOR: http: make resp_ver and status ACLs check for the presence of a response + - BUG/MEDIUM: stream-interface: fix possible stalls during transfers + - BUG/MINOR: stream_interface: don't return when the fd is already set + - BUG/MEDIUM: connection: always update connection flags prior to computing polling + - CLEANUP: buffer: use buffer_empty() instead of buffer_len()==0 + - BUG/MAJOR: stream_interface: fix occasional data transfer freezes + - BUG/MEDIUM: stream_interface: fix another case where the reader might not be woken up + - BUG/MINOR: http: don't abort client connection on premature responses + - BUILD: no need to clean up when making git-tar + - MINOR: log: add a tag for amount of bytes uploaded from client to server + - BUG/MEDIUM: log: fix possible segfault during config parsing + - MEDIUM: log: change a few log tokens to make them easier to remember + - BUG/MINOR: log: add_to_logformat_list() used the wrong constants + - MEDIUM: log-format: make the format parser more robust and more extensible + - MINOR: sample: support cast from bool to string + - MINOR: samples: add a function to fetch and convert any sample to a string + - MINOR: log: add lf_text_len + - MEDIUM: log: add the ability to include samples in logs + - REORG: stats: massive code reorg and cleanup + - REORG: stats: move the HTTP header injection to proto_http + - REORG: stats: functions are now HTTP/CLI agnostic + - BUG/MINOR: log: fix regression introduced by commit 8a3f52 + - MINOR: chunks: centralize the trash chunk allocation + - MEDIUM: stats: use hover boxes instead of title to report details + - MEDIUM: stats: use multi-line tips to display detailed counters + - MINOR: tools: simplify the use of the int to ascii macros + - MINOR: stats: replace STAT_FMT_CSV with STAT_FMT_HTML + - MINOR: http: prepare to support more http-request actions + - MINOR: log: make parse_logformat_string() take a const char * + - MEDIUM: http: add http-request 'add-header' and 'set-header' to build headers + +2012/12/12 : 1.5-dev15 + - DOC: add a few precisions on compression + - BUG/MEDIUM: ssl: Fix handshake failure on session resumption with client cert. + - BUG/MINOR: ssl: One free session in cache remains unused. + - BUG/MEDIUM: ssl: first outgoing connection would fail with {ca,crt}-ignore-err + - MEDIUM: ssl: manage shared cache by blocks for huge sessions. + - MINOR: acl: add fetch for server session rate + - BUG/MINOR: compression: Content-Type is case insensitive + - MINOR: compression: disable on multipart or status != 200 + - BUG/MINOR: http: don't report client aborts as server errors + - MINOR: stats: compute the ratio of compressed response based on 2xx responses + - MINOR: http: factor out the content-type checks + - BUG/MAJOR: stats: correctly check for a possible divide error when showing compression ratios + - BUILD: ssl: OpenSSL 0.9.6 has no renegociation + - BUG/MINOR: http: disable compression when message has no body + - MINOR: compression: make the stats a bit more robust + - BUG/MEDIUM: comp: DEFAULT_MAXZLIBMEM was expressed in bytes and not megabytes + - MINOR: connection: don't remove failed handshake flags + - MEDIUM: connection: add an error code in connections + - MEDIUM: connection: add minimal error reporting in logs for incomplete connections + - MEDIUM: connection: add error reporting for the PROXY protocol header + - MEDIUM: connection: add error reporting for the SSL + - DOC: document the connection error format in logs + - BUG/MINOR: http: don't log a 503 on client errors while waiting for requests + - BUILD: stdbool is not portable + - BUILD: ssl: NAME_MAX is not portable, use MAXPATHLEN instead + - BUG/MAJOR: raw_sock: must check error code on hangup + - BUG/MAJOR: polling: do not set speculative events on ERR nor HUP + - BUG/MEDIUM: session: fix FD leak when transport layer logging is enabled + - MINOR: stats: add a few more information on session dump + - BUG/MINOR: tcp: set the ADDR_TO_SET flag on outgoing connections + - CLEANUP: connection: remove unused server/proxy/task/si_applet declarations + - BUG/MEDIUM: tcp: process could theorically crash on lack of source ports + - MINOR: cfgparse: mention "interface" in the list of allowed "source" options + - MEDIUM: connection: introduce "struct conn_src" for servers and proxies + - CLEANUP: proto_tcp: use the same code to bind servers and backends + - CLEANUP: backend: use the same tproxy address selection code for servers and backends + - BUG/MEDIUM: stick-tables: conversions to strings were broken in dev13 + - MEDIUM: proto_tcp: add support for tracking L7 information + - MEDIUM: counters: add sc1_trackers/sc2_trackers + - MINOR: http: add the "base32" pattern fetch function + - MINOR: http: add the "base32+src" fetch method. + - CLEANUP: session: use an array for the stick counters + - BUG/MINOR: proto_tcp: fix parsing of "table" in track-sc1/2 + - BUG/MINOR: proto_tcp: bidirectional fetches not supported anymore in track-sc1/2 + - BUG/MAJOR: connection: always recompute polling status upon I/O + - BUG/MINOR: connection: remove a few synchronous calls to polling updates + - MINOR: config: improve error checking on TCP stick-table tracking + - DOC: add some clarifications to the readme + +2012/11/26 : 1.5-dev14 + - DOC: fix minor typos + - BUG/MEDIUM: compression: does not forward trailers + - MINOR: buffer_dump with ASCII + - BUG/MEDIUM: checks: mark the check as stopped after a connect error + - BUG/MEDIUM: checks: ensure we completely disable polling upon success + - BUG/MINOR: checks: don't mark the FD as closed before transport close + - MEDIUM: checks: avoid accumulating TIME_WAITs during checks + - MINOR: cli: report the msg state in full text in "show sess $PTR" + - CLEANUP: checks: rename some server check flags + - MAJOR: checks: rework completely bogus state machine + - BUG/MINOR: checks: slightly clean the state machine up + - MEDIUM: checks: avoid waking the application up for pure TCP checks + - MEDIUM: checks: close the socket as soon as we have a response + - BUG/MAJOR: checks: close FD on all timeouts + - MINOR: checks: fix recv polling after connect() + - MEDIUM: connection: provide a common conn_full_close() function + - BUG/MEDIUM: checks: prevent TIME_WAITs from appearing also on timeouts + - BUG/MAJOR: peers: the listener's maxaccept was not set and caused loops + - MINOR: listeners: make the accept loop more robust when maxaccept==0 + - BUG/MEDIUM: acl: correctly resolve all args, not just the first one + - BUG/MEDIUM: acl: make prue_acl_expr() correctly free ACL expressions upon exit + - BUG/MINOR: stats: fix inversion of the report of a check in progress + - MEDIUM: tcp: add explicit support for delayed ACK in connect() + - BUG/MEDIUM: connection: always disable polling upon error + - MINOR: connection: abort earlier when errors are detected + - BUG/MEDIUM: checks: report handshake failures + - BUG/MEDIUM: connection: local_send_proxy must wait for connection to establish + - MINOR: tcp: add support for the "v6only" bind option + - MINOR: stats: also report the computed compression savings in html stats + - MINOR: stats: report the total number of compressed responses per front/back + - MINOR: tcp: add support for the "v4v6" bind option + - DOC: stats: document the comp_rsp stats column + - BUILD: buffer: fix another isprint() warning on solaris + - MINOR: cli: add support for the "show sess all" command + - BUG/MAJOR: cli: show sess may randomly corrupt the back-ref list + - MINOR: cli: improve output format for show sess $ptr + +2012/11/22 : 1.5-dev13 + - BUILD: fix build issue without USE_OPENSSL + - BUILD: fix compilation error with DEBUG_FULL + - DOC: ssl: remove prefer-server-ciphers documentation + - DOC: ssl: surround keywords with quotes + - DOC: fix minor typo on http-send-name-header + - BUG/MEDIUM: acls using IPv6 subnets patterns incorrectly match IPs + - BUG/MAJOR: fix a segfault on option http_proxy and url_ip acl + - MEDIUM: http: accept IPv6 values with (s)hdr_ip acl + - BUILD: report zlib support in haproxy -vv + - DOC: compression: add some details and clean up the formatting + - DOC: Change is_ssl acl to ssl_fc acl in example + - DOC: make it clear what the HTTP request size is + - MINOR: ssl: try to load Diffie-Hellman parameters from cert file + - DOC: ssl: update 'crt' statement on 'bind' about Diffie-Hellman parameters loading + - MINOR: ssl: add elliptic curve Diffie-Hellman support for ssl key generation + - DOC: ssl: add 'ecdhe' statement on 'bind' + - MEDIUM: ssl: add client certificate authentication support + - DOC: ssl: add 'verify', 'cafile' and 'crlfile' statements on 'bind' + - MINOR: ssl: add fetch and ACL 'client_crt' to test a client cert is present + - DOC: ssl: add fetch and ACL 'client_cert' + - MINOR: ssl: add ignore verify errors options + - DOC: ssl: add 'ca-ignore-err' and 'crt-ignore-err' statements on 'bind' + - MINOR: ssl: add fetch and ACL 'ssl_verify_result' + - DOC: ssl: add fetch and ACL 'ssl_verify_result' + - MINOR: ssl: add fetches and ACLs to return verify errors + - DOC: ssl: add fetches and ACLs 'ssl_verify_crterr', 'ssl_verify_caerr', and 'ssl_verify_crterr_depth' + - MINOR: ssl: disable shared memory and locks on session cache if nbproc == 1 + - MINOR: ssl: add build param USE_PRIVATE_CACHE to build cache without shared memory + - MINOR: ssl : add statements 'notlsv11' and 'notlsv12' and rename 'notlsv1' to 'notlsv10'. + - DOC: ssl : add statements 'notlsv11' and 'notlsv12' and rename 'notlsv1' to 'notlsv10'. + - MEDIUM: config: authorize frontend and listen without bind. + - MINOR: ssl: add statement 'no-tls-tickets' on bind to disable stateless session resumption + - DOC: ssl: add 'no-tls-tickets' statement documentation. + - BUG/MINOR: ssl: Fix CRL check was not enabled when crlfile was specified. + - BUG/MINOR: build: Fix compilation issue on openssl 0.9.6 due to missing CRL feature. + - BUG/MINOR: conf: Fix 'maxsslconn' statement error if built without OPENSSL. + - BUG/MINOR: build: Fix failure with USE_OPENSSL=1 and USE_FUTEX=1 on archs i486 and i686. + - MINOR: ssl: remove prefer-server-ciphers statement and set it as the default on ssl listeners. + - BUG/MEDIUM: ssl: subsequent handshakes fail after server configuration changes + - MINOR: ssl: add 'crt-base' and 'ca-base' global statements. + - MEDIUM: conf: rename 'nosslv3' and 'notlsvXX' statements 'no-sslv3' and 'no-tlsvXX'. + - MEDIUM: conf: rename 'cafile' and 'crlfile' statements 'ca-file' and 'crl-file' + - MINOR: ssl: use bit fields to store ssl options instead of one int each + - MINOR: ssl: add 'force-sslv3' and 'force-tlsvXX' statements on bind. + - MINOR: ssl: add 'force-sslv3' and 'force-tlsvXX' statements on server + - MINOR: ssl: add defines LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS. + - BUG/MINOR: ssl: Fix issue on server statements 'no-tls*' and 'no-sslv3' + - MINOR: ssl: move ssl context init for servers from cfgparse.c to ssl_sock.c + - MEDIUM: ssl: reject ssl server keywords in default-server statement + - MINOR: ssl: add statement 'no-tls-tickets' on server side. + - MINOR: ssl: add statements 'verify', 'ca-file' and 'crl-file' on servers. + - DOC: Fix rename of options cafile and crlfile to ca-file and crl-file. + - MINOR: sample: manage binary to string type convertion in stick-table and samples. + - MINOR: acl: add parse and match primitives to use binary type on ACLs + - MINOR: sample: export 'sample_get_trash_chunk(void)' + - MINOR: conf: rename all ssl modules fetches using prefix 'ssl_fc' and 'ssl_c' + - MINOR: ssl: add pattern and ACLs fetches 'ssl_fc_protocol', 'ssl_fc_cipher', 'ssl_fc_use_keysize' and 'ssl_fc_alg_keysize' + - MINOR: ssl: add pattern fetch 'ssl_fc_session_id' + - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_version' and 'ssl_f_version' + - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_s_dn', 'ssl_c_i_dn', 'ssl_f_s_dn' and 'ssl_c_i_dn' + - MINOR: ssl: add pattern and ACLs 'ssl_c_sig_alg' and 'ssl_f_sig_alg' + - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_key_alg' and 'ssl_f_key_alg' + - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_notbefore', 'ssl_c_notafter', 'ssl_f_notbefore' and 'ssl_f_notafter' + - MINOR: ssl: add 'crt' statement on server. + - MINOR: ssl: checks the consistency of a private key with the corresponding certificate + - BUG/MEDIUM: ssl: review polling on reneg. + - BUG/MEDIUM: ssl: Fix some reneg cases not correctly handled. + - BUG/MEDIUM: ssl: Fix sometimes reneg fails if requested by server. + - MINOR: build: allow packagers to specify the ssl cache size + - MINOR: conf: add warning if ssl is not enabled and a certificate is present on bind. + - MINOR: ssl: Add tune.ssl.lifetime statement in global. + - MINOR: compression: Enable compression for IE6 w/SP2, IE7 and IE8 + - BUG: http: revert broken optimisation from 82fe75c1a79dac933391501b9d293bce34513755 + - DOC: duplicate ssl_sni section + - MEDIUM: HTTP compression (zlib library support) + - CLEANUP: use struct comp_ctx instead of union + - BUILD: remove dependency to zlib.h + - MINOR: compression: memlevel and windowsize + - MEDIUM: use pool for zlib + - MINOR: compression: try init in cfgparse.c + - MINOR: compression: init before deleting headers + - MEDIUM: compression: limit RAM usage + - MINOR: compression: tune.comp.maxlevel + - MINOR: compression: maximum compression rate limit + - MINOR: log-format: check number of arguments in cfgparse.c + - BUG/MEDIUM: compression: no Content-Type header but type in configuration + - BUG/MINOR: compression: deinit zlib only when required + - MEDIUM: compression: don't compress when no data + - MEDIUM: compression: use pool for comp_ctx + - MINOR: compression: rate limit in 'show info' + - MINOR: compression: report zlib memory usage + - BUG/MINOR: compression: dynamic level increase + - DOC: compression: unsupported cases. + - MINOR: compression: CPU usage limit + - MEDIUM: http: add "redirect scheme" to ease HTTP to HTTPS redirection + - BUG/MAJOR: ssl: missing tests in ACL fetch functions + - MINOR: config: add a function to indent error messages + - REORG: split "protocols" files into protocol and listener + - MEDIUM: config: replace ssl_conf by bind_conf + - CLEANUP: listener: remove unused conf->file and conf->line + - MEDIUM: listener: add a minimal framework to register "bind" keyword options + - MEDIUM: config: move the "bind" TCP parameters to proto_tcp + - MEDIUM: move bind SSL parsing to ssl_sock + - MINOR: config: improve error reporting for "bind" lines + - MEDIUM: config: move the common "bind" settings to listener.c + - MEDIUM: config: move all unix-specific bind keywords to proto_uxst.c + - MEDIUM: config: enumerate full list of registered "bind" keywords upon error + - MINOR: listener: add a scope field in the bind keyword lists + - MINOR: config: pass the file and line to config keyword parsers + - MINOR: stats: fill the file and line numbers in the stats frontend + - MINOR: config: set the bind_conf entry on listeners created from a "listen" line. + - MAJOR: listeners: use dual-linked lists to chain listeners with frontends + - REORG: listener: move unix perms from the listener to the bind_conf + - BUG: backend: balance hdr was broken since 1.5-dev11 + - MINOR: standard: make memprintf() support a NULL destination + - MINOR: config: make str2listener() use memprintf() to report errors. + - MEDIUM: stats: remove the stats_sock struct from the global struct + - MINOR: ssl: set the listeners' data layer to ssl during parsing + - MEDIUM: stats: make use of the standard "bind" parsers to parse global socket + - DOC: move bind options to their own section + - DOC: stats: refer to "bind" section for "stats socket" settings + - DOC: fix index to reference bind and server options + - BUG: http: do not print garbage on invalid requests in debug mode + - BUG/MINOR: config: check the proper pointer to report unknown protocol + - CLEANUP: connection: offer conn_prepare() to set up a connection + - CLEANUP: config: fix typo inteface => interface + - BUG: stats: fix regression introduced by commit 4348fad1 + - MINOR: cli: allow to set frontend maxconn to zero + - BUG/MAJOR: http: chunk parser was broken with buffer changes + - MEDIUM: monitor: simplify handling of monitor-net and mode health + - MINOR: connection: add a pointer to the connection owner + - MEDIUM: connection: make use of the owner instead of container_of + - BUG/MINOR: ssl: report the L4 connection as established when possible + - BUG/MEDIUM: proxy: must not try to stop disabled proxies upon reload + - BUG/MINOR: config: use a copy of the file name in proxy configurations + - BUG/MEDIUM: listener: don't pause protocols that do not support it + - MEDIUM: proxy: add the global frontend to the list of normal proxies + - BUG/MINOR: epoll: correctly disable FD polling in fd_rem() + - MINOR: signal: really ignore signals configured with no handler + - MINOR: buffers: add a few functions to write chars, strings and blocks + - MINOR: raw_sock: always report asynchronous connection errors + - MEDIUM: raw_sock: improve connection error reporting + - REORG: connection: rename the data layer the "transport layer" + - REORG: connection: rename app_cb "data" + - MINOR: connection: provide a generic data layer wakeup callback + - MINOR: connection: split conn_prepare() in two functions + - MINOR: connection: add an init callback to the data_cb struct + - MEDIUM: session: use a specific data_cb for embryonic sessions + - MEDIUM: connection: use a generic data-layer init() callback + - MEDIUM: connection: reorganize connection flags + - MEDIUM: connection: only call the data->wake callback on activity + - MEDIUM: connection: make it possible for data->wake to return an error + - MEDIUM: session: register a data->wake callback to process errors + - MEDIUM: connection: don't call the data->init callback upon error + - MEDIUM: connection: it's not the data layer's role to validate the connection + - MEDIUM: connection: automatically disable polling on error + - REORG: connection: move the PROXY protocol management to connection.c + - MEDIUM: connection: add a new local send-proxy transport callback + - MAJOR: checks: make use of the connection layer to send checks + - REORG: server: move the check-specific parts into a check subsection + - MEDIUM: checks: use real buffers to store requests and responses + - MEDIUM: check: add the ctrl and transport layers in the server check structure + - MAJOR: checks: completely use the connection transport layer + - MEDIUM: checks: add the "check-ssl" server option + - MEDIUM: checks: enable the PROXY protocol with health checks + - CLEANUP: checks: remove minor warnings for assigned but not used variables + - MEDIUM: tcp: enable TCP Fast Open on systems which support it + - BUG: connection: fix regression from commit 9e272bf9 + - CLEANUP: cttproxy: remove a warning on undeclared close() + - BUG/MAJOR: ensure that hdr_idx is always reserved when L7 fetches are used + - MEDIUM: listener: add support for linux's accept4() syscall + - MINOR: halog: sort output by cookie code + - BUG/MINOR: halog: -ad/-ac report the correct number of output lines + - BUG/MINOR: halog: fix help message for -ut/-uto + - MINOR: halog: add a parameter to limit output line count + - BUILD: accept4: move the socketcall declaration outside of accept4() + - MINOR: server: add minimal infrastructure to parse keywords + - MINOR: standard: make indent_msg() support empty messages + - MEDIUM: server: check for registered keywords when parsing unknown keywords + - MEDIUM: server: move parsing of keyword "id" to server.c + - BUG/MEDIUM: config: check-send-proxy was ignored if SSL was not builtin + - MEDIUM: ssl: move "server" keyword SSL options parsing to ssl_sock.c + - MEDIUM: log: suffix the frontend's name with '~' when using SSL + - MEDIUM: connection: always unset the transport layer upon close + - BUG/MINOR: session: fix some leftover from debug code + - BUG/MEDIUM: session: enable the conn_session_update() callback + - MEDIUM: connection: add a flag to hold the transport layer + - MEDIUM: log: add a new LW_XPRT flag to pin the transport layer + - MINOR: log: make lf_text use a const char * + - MEDIUM: log: report SSL ciphers and version in logs using logformat %sslc/%sslv + - REORG: http: rename msg->buf to msg->chn since it's a channel + - CLEANUP: http: use 'chn' to name channel variables, not 'buf' + - CLEANUP: channel: use 'chn' instead of 'buf' as local variable names + - CLEANUP: tcp: use 'chn' instead of 'buf' or 'b' for channel pointer names + - CLEANUP: stream_interface: use 'chn' instead of 'b' to name channel pointers + - CLEANUP: acl: use 'chn' instead of 'b' to name channel pointers + - MAJOR: channel: replace the struct buffer with a pointer to a buffer + - OPTIM: channel: reorganize struct members to improve cache efficiency + - CLEANUP: session: remove term_trace which is not used anymore + - OPTIM: session: reorder struct session fields + - OPTIM: connection: pack the struct target + - DOC: document relations between internal entities + - MINOR: ssl: add 'ssl_npn' sample/acl to extract TLS/NPN information + - BUILD: ssl: fix shctx build on older compilers + - MEDIUM: ssl: add support for the "npn" bind keyword + - BUG: ssl: fix ssl_sni ACLs to correctly process regular expressions + - MINOR: chunk: provide string compare functions + - MINOR: sample: accept fetch keywords without parenthesis + - MEDIUM: sample: pass an empty list instead of a null for fetch args + - MINOR: ssl: improve socket behaviour upon handshake abort. + - BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel mode + - MEDIUM: listener: provide a fallback for accept4() when not supported + - BUG/MAJOR: connection: risk of crash on certain tricky close scenario + - MEDIUM: cli: allow the stats socket to be bound to a specific set of processes + - OPTIM: channel: inline channel_forward's fast path + - OPTIM: http: inline http_parse_chunk_size() and http_skip_chunk_crlf() + - OPTIM: tools: inline hex2i() + - CLEANUP: http: rename HTTP_MSG_DATA_CRLF state + - MINOR: compression: automatically disable compression for older browsers + - MINOR: compression: optimize memLevel to improve byte rate + - BUG/MINOR: http: compression should consider all Accept-Encoding header values + - BUILD: fix coexistence of openssl and zlib + - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_serial' and 'ssl_f_serial' + - BUG/MEDIUM: command-line option -D must have precedence over "debug" + - MINOR: tools: add a clear_addr() function to unset an address + - BUG/MEDIUM: tcp: transparent bind to the source only when address is set + - CLEANUP: remove trashlen + - MAJOR: session: detach the connections from the stream interfaces + - DOC: update document describing relations between internal entities + - BUILD: make it possible to specify ZLIB path + - MINOR: compression: add an offload option to remove the Accept-Encoding header + - BUG: compression: disable auto-close and enable MSG_MORE during transfer + - CLEANUP: completely remove trashlen + - MINOR: chunk: add a function to reset a chunk + - CLEANUP: replace chunk_printf() with chunk_appendf() + - MEDIUM: make the trash be a chunk instead of a char * + - MEDIUM: remove remains of BUFSIZE in HTTP auth and sample conversions + - MEDIUM: stick-table: allocate the table key of size buffer size + - BUG/MINOR: stream_interface: don't loop over ->snd_buf() + - BUG/MINOR: session: ensure that we don't retry connection if some data were sent + - OPTIM: session: don't process the whole session when only timers need a refresh + - BUG/MINOR: session: mark the handshake as complete earlier + - MAJOR: connection: remove the CO_FL_CURR_*_POL flag + - BUG/MAJOR: always clear the CO_FL_WAIT_* flags after updating polling flags + - MAJOR: sepoll: make the poller totally event-driven + - OPTIM: stream_interface: disable reading when CF_READ_DONTWAIT is set + - BUILD: compression: remove a build warning + - MEDIUM: fd: don't unset fdtab[].updated upon delete + - REORG: fd: move the speculative I/O management from ev_sepoll + - REORG: fd: move the fd state management from ev_sepoll + - REORG: fd: centralize the processing of speculative events + - BUG: raw_sock: also consider ENOTCONN in addition to EAGAIN + - BUILD: stream_interface: remove si_fd() and its references + - BUILD: compression: enable build in BSD and OSX Makefiles + - MAJOR: ev_select: make the poller support speculative events + - MAJOR: ev_poll: make the poller support speculative events + - MAJOR: ev_kqueue: make the poller support speculative events + - MAJOR: polling: replace epoll with sepoll and remove sepoll + - MAJOR: polling: remove unused callbacks from the poller struct + - MEDIUM: http: refrain from sending "Connection: close" when Upgrade is present + - CLEANUP: channel: remove any reference of the hijackers + - CLEANUP: stream_interface: remove the external task type target + - MAJOR: connection: replace struct target with a pointer to an enum + - BUG: connection: fix typo in previous commit + - BUG: polling: don't skip polled events in the spec list + - MINOR: splice: disable it when the system returns EBADF + - MINOR: build: allow packagers to specify the default maxzlibmem + - BUG: halog: fix broken output limitation + - BUG: proxy: fix server name lookup in get_backend_server() + - BUG: compression: do not always increment the round counter on allocation failure + - BUG/MEDIUM: compression: release the zlib pools between keep-alive requests + - MINOR: global: don't prevent nbproc from being redefined + - MINOR: config: support process ranges for "bind-process" + - MEDIUM: global: add support for CPU binding on Linux ("cpu-map") + - MINOR: ssl: rename and document the tune.ssl.cachesize option + - DOC: update the PROXY protocol spec to support v2 + - MINOR: standard: add a simple popcount function + - MEDIUM: adjust the maxaccept per listener depending on the number of processes + - BUG: compression: properly disable compression when content-type does not match + - MINOR: cli: report connection status in "show sess xxx" + - BUG/MAJOR: stream_interface: certain workloads could cause get stuck + - BUILD: cli: fix build when SSL is enabled + - MINOR: cli: report the fd state in "show sess xxx" + - MINOR: cli: report an error message on missing argument to compression rate + - MINOR: http: add some debugging functions to pretty-print msg state names + - BUG/MAJOR: stream_interface: read0 not always handled since dev12 + - DOC: documentation on http header capture is wrong + - MINOR: http: allow the cookie capture size to be changed + - DOC: http header capture has not been limited in size for a long time + - DOC: update readme with build methods for BSD + - BUILD: silence a warning on Solaris about usage of isdigit() + - MINOR: stats: report HTTP compression stats per frontend and per backend + - MINOR: log: add '%Tl' to log-format + - MINOR: samples: update the url_param fetch to match parameters in the path + +2012/09/10 : 1.5-dev12 + - CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read + - MEDIUM: ssl: add support for prefer-server-ciphers option + - MINOR: IPv6 support for transparent proxy + - MINOR: protocol: add SSL context to listeners if USE_OPENSSL is defined + - MINOR: server: add SSL context to servers if USE_OPENSSL is defined + - MEDIUM: connection: add a new handshake flag for SSL (CO_FL_SSL_WAIT_HS). + - MEDIUM: ssl: add new files ssl_sock.[ch] to provide the SSL data layer + - MEDIUM: config: add the 'ssl' keyword on 'bind' lines + - MEDIUM: config: add support for the 'ssl' option on 'server' lines + - MEDIUM: ssl: protect against client-initiated renegociation + - BUILD: add optional support for SSL via the USE_OPENSSL flag + - MEDIUM: ssl: add shared memory session cache implementation. + - MEDIUM: ssl: replace OpenSSL's session cache with the shared cache + - MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size. + - MEDIUM: ssl: add support for SNI and wildcard certificates + - DOC: Typos cleanup + - DOC: fix name for "option independant-streams" + - DOC: specify the default value for maxconn in the context of a proxy + - BUG/MINOR: to_log erased with unique-id-format + - LICENSE: add licence exception for OpenSSL + - BUG/MAJOR: cookie prefix doesn't support cookie-less servers + - BUILD: add an AIX 5.2 (and later) target. + - MEDIUM: fd/si: move peeraddr from struct fdinfo to struct connection + - MINOR: halog: use the more recent dual-mode fgets2 implementation + - BUG/MEDIUM: ebtree: ebmb_insert() must not call cmp_bits on full-length matches + - CLEANUP: halog: make clean should also remove .o files + - OPTIM: halog: make use of memchr() on platforms which provide a fast one + - OPTIM: halog: improve cold-cache behaviour when loading a file + - BUG/MINOR: ACL implicit arguments must be created with unresolved flag + - MINOR: replace acl_fetch_{path,url}* with smp_fetch_* + - MEDIUM: pattern: add the "base" sample fetch method + - OPTIM: i386: make use of kernel-mode-linux when available + - BUG/MINOR: tarpit: fix condition to return the HTTP 500 message + - BUG/MINOR: polling: some events were not set in various pollers + - MINOR: http: add the urlp_val ACL match + - BUG: stktable: tcp_src_to_stktable_key() must return NULL on invalid families + - MINOR: stats/cli: add plans to support more stick-table actions + - MEDIUM: stats/cli: add support for "set table key" to enter values + - REORG/MEDIUM: fd: remove FD_STCLOSE from struct fdtab + - REORG/MEDIUM: fd: remove checks for FD_STERROR in ev_sepoll + - REORG/MEDIUM: fd: get rid of FD_STLISTEN + - REORG/MINOR: connection: move declaration to its own include file + - REORG/MINOR: checks: put a struct connection into the server + - MINOR: connection: add flags to the connection struct + - MAJOR: get rid of fdtab[].state and use connection->flags instead + - MINOR: fd: add a new I/O handler to fdtab + - MEDIUM: polling: prepare to call the iocb() function when defined. + - MEDIUM: checks: make use of fdtab->iocb instead of cb[] + - MEDIUM: protocols: use the generic I/O callback for accept callbacks + - MINOR: connection: add a handler for fd-based connections + - MAJOR: connection: replace direct I/O callbacks with the connection callback + - MINOR: fd: make fdtab->owner a connection and not a stream_interface anymore + - MEDIUM: connection: remove the FD_POLL_* flags only once + - MEDIUM: connection: extract the send_proxy callback from proto_tcp + - MAJOR: tcp: remove the specific I/O callbacks for TCP connection probes + - CLEANUP: remove the now unused fdtab direct I/O callbacks + - MAJOR: remove the stream interface and task management code from sock_* + - MEDIUM: stream_interface: pass connection instead of fd in sock_ops + - MEDIUM: stream_interface: centralize the SI_FL_ERR management + - MAJOR: connection: add a new CO_FL_CONNECTED flag + - MINOR: rearrange tcp_connect_probe() and fix wrong return codes + - MAJOR: connection: call data layer handshakes from the handler + - MEDIUM: fd: remove the EV_FD_COND_* primitives + - MINOR: sock_raw: move calls to si_data_close upper + - REORG: connection: replace si_data_close() with conn_data_close() + - MEDIUM: sock_raw: introduce a read0 callback that is different from shutr + - MAJOR: stream_int: use a common stream_int_shut*() functions regardless of the data layer + - MAJOR: fd: replace all EV_FD_* macros with new fd_*_* inline calls + - MEDIUM: fd: add fd_poll_{recv,send} for use when explicit polling is required + - MEDIUM: connection: add definitions for dual polling mechanisms + - MEDIUM: connection: make use of the new polling functions + - MAJOR: make use of conn_{data|sock}_{poll|stop|want}* in connection handlers + - MEDIUM: checks: don't use FD_WAIT_* anymore + - MINOR: fd: get rid of FD_WAIT_* + - MEDIUM: stream_interface: offer a generic function for connection updates + - MEDIUM: stream-interface: offer a generic chk_rcv function for connections + - MEDIUM: stream-interface: add a snd_buf() callback to sock_ops + - MEDIUM: stream-interface: provide a generic stream_int_chk_snd_conn() function + - MEDIUM: stream-interface: provide a generic si_conn_send_cb callback + - MEDIUM: stream-interface: provide a generic stream_sock_read0() function + - REORG/MAJOR: use "struct channel" instead of "struct buffer" + - REORG/MAJOR: extract "struct buffer" from "struct channel" + - MINOR: connection: provide conn_{data|sock}_{read0|shutw} functions + - REORG: sock_raw: rename the files raw_sock* + - MAJOR: raw_sock: extract raw_sock_to_buf() from raw_sock_read() + - MAJOR: raw_sock: temporarily disable splicing + - MINOR: stream-interface: add an rcv_buf callback to sock_ops + - REORG: stream-interface: move sock_raw_read() to si_conn_recv_cb() + - MAJOR: connection: split the send call into connection and stream interface + - MAJOR: stream-interface: restore splicing mechanism + - MAJOR: stream-interface: make conn_notify_si() more robust + - MEDIUM: proxy-proto: don't use buffer flags in conn_si_send_proxy() + - MAJOR: stream-interface: don't commit polling changes in every callback + - MAJOR: stream-interface: fix splice not to call chk_snd by itself + - MEDIUM: stream-interface: don't remove WAIT_DATA when a handshake is in progress + - CLEANUP: connection: split sock_ops into data_ops, app_cp and si_ops + - REORG: buffers: split buffers into chunk,buffer,channel + - MAJOR: channel: remove the BF_OUT_EMPTY flag + - REORG: buffer: move buffer_flush, b_adv and b_rew to buffer.h + - MINOR: channel: rename bi_full to channel_full as it checks the whole channel + - MINOR: buffer: provide a new buffer_full() function + - MAJOR: channel: stop relying on BF_FULL to take action + - MAJOR: channel: remove the BF_FULL flag + - REORG: channel: move buffer_{replace,insert_line}* to buffer.{c,h} + - CLEANUP: channel: usr CF_/CHN_ prefixes instead of BF_/BUF_ + - CLEANUP: channel: use "channel" instead of "buffer" in function names + - REORG: connection: move the target pointer from si to connection + - MAJOR: connection: move the addr field from the stream_interface + - MEDIUM: stream_interface: remove CAP_SPLTCP/CAP_SPLICE flags + - MEDIUM: proto_tcp: remove any dependence on stream_interface + - MINOR: tcp: replace tcp_src_to_stktable_key with addr_to_stktable_key + - MEDIUM: connection: add an ->init function to data layer + - MAJOR: session: introduce embryonic sessions + - MAJOR: connection: make the PROXY decoder a handshake handler + - CLEANUP: frontend: remove the old proxy protocol decoder + - MAJOR: connection: rearrange the polling flags. + - MEDIUM: connection: only call tcp_connect_probe when nothing was attempted yet + - MEDIUM: connection: complete the polling cleanups + - MEDIUM: connection: avoid calling handshakes when polling is required + - MAJOR: stream_interface: continue to update data polling flags during handshakes + - CLEANUP: fd: remove fdtab->flags + - CLEANUP: fdtab: flatten the struct and merge the spec struct with the rest + - CLEANUP: includes: fix includes for a number of users of fd.h + - MINOR: ssl: disable TCP quick-ack by default on SSL listeners + - MEDIUM: config: add a "ciphers" keyword to set SSL cipher suites + - MEDIUM: config: add "nosslv3" and "notlsv1" on bind and server lines + - BUG: ssl: mark the connection as waiting for an SSL connection during the handshake + - BUILD: http: rename error_message http_error_message to fix conflicts on RHEL + - BUILD: ssl: fix shctx build on RHEL with futex + - BUILD: include sys/socket.h to fix build failure on FreeBSD + - BUILD: fix build error without SSL (ssl_cert) + - BUILD: ssl: use MAP_ANON instead of MAP_ANONYMOUS + - BUG/MEDIUM: workaround an eglibc bug which truncates the pidfiles when nbproc > 1 + - MEDIUM: config: support per-listener backlog and maxconn + - MINOR: session: do not send an HTTP/500 error on SSL sockets + - MEDIUM: config: implement maxsslconn in the global section + - BUG: tcp: close socket fd upon connect error + - MEDIUM: connection: improve error handling around the data layer + - MINOR: config: make the tasks "nice" value configurable on "bind" lines. + - BUILD: shut a gcc warning introduced by commit 269ab31 + - MEDIUM: config: centralize handling of SSL config per bind line + - BUILD: makefile: report USE_OPENSSL status in build options + - BUILD: report openssl build settings in haproxy -vv + - MEDIUM: ssl: add sample fetches for is_ssl, ssl_has_sni, ssl_sni_* + - DOC: add a special acknowledgement for the stud project + - DOC: add missing SSL options for servers and listeners + - BUILD: automatically add -lcrypto for SSL + - DOC: add some info about openssl build in the README + +2012/06/04 : 1.5-dev11 + - BUG/MEDIUM: option forwardfor if-none doesn't work with some configurations + - BUG/MAJOR: trash must always be the size of a buffer + - DOC: fix minor regex example issue and improve doc on stats + - MINOR: stream_interface: add a pointer to the listener for TARG_TYPE_CLIENT + - MEDIUM: protocol: add a pointer to struct sock_ops to the listener struct + - MINOR: checks: add on-marked-up option + - MINOR: balance uri: added 'whole' parameter to include query string in hash calculation + - MEDIUM: stream_interface: remove the si->init + - MINOR: buffers: add a rewind function + - BUG/MAJOR: fix regression on content-based hashing and http-send-name-header + - MAJOR: http: stop using msg->sol outside the parsers + - CLEANUP: http: make it more obvious that msg->som is always null outside of chunks + - MEDIUM: http: get rid of msg->som which is not used anymore + - MEDIUM: http: msg->sov and msg->sol will never wrap + - BUG/MAJOR: checks: don't call set_server_status_* when no LB algo is set + - BUG/MINOR: stop connect timeout when connect succeeds + - REORG: move the send-proxy code to tcp_connect_write() + - REORG/MINOR: session: detect the TCP monitor checks at the protocol accept + - MINOR: stream_interface: introduce a new "struct connection" type + - REORG/MINOR: stream_interface: move si->fd to struct connection + - REORG/MEDIUM: stream_interface: move applet->state and private to connection + - MINOR: stream_interface: add a data channel close function + - MEDIUM: stream_interface: call si_data_close() before releasing the si + - MINOR: peers: use the socket layer operations from the peer instead of sock_raw + - BUG/MINOR: checks: expire on timeout.check if smaller than timeout.connect + - MINOR: add a new function call tracer for debugging purposes + - BUG/MINOR: perform_http_redirect also needs to rewind the buffer + - BUG/MAJOR: b_rew() must pass a signed offset to b_ptr() + - BUG/MEDIUM: register peer sync handler in the proper order + - BUG/MEDIUM: buffers: fix bi_putchr() to correctly advance the pointer + - BUG/MINOR: fix option httplog validation with TCP frontends + - BUG/MINOR: log: don't report logformat errors in backends + - REORG/MINOR: use dedicated proxy flags for the cookie handling + - BUG/MINOR: config: do not report twice the incompatibility between cookie and non-http + - MINOR: http: add support for "httponly" and "secure" cookie attributes + - BUG/MEDIUM: ensure that unresolved arguments are freed exactly once + - BUG/MINOR: commit 196729ef used wrong condition resulting in freeing constants + - MEDIUM: stats: add support for soft stop/soft start in the admin interface + - MEDIUM: stats: add the ability to kill sessions from the admin interface + - BUILD: add support for linux kernels >= 2.6.28 + +2012/05/14 : 1.5-dev10 + - BUG/MINOR: stats admin: "Unexpected result" was displayed unconditionally + - BUG/MAJOR: acl: http_auth_group() must not accept any user from the userlist + - CLEANUP: auth: make the code build again with DEBUG_AUTH + - BUG/MEDIUM: config: don't crash at config load time on invalid userlist names + - REORG: use the name sock_raw instead of stream_sock + - MINOR: stream_interface: add a client target : TARG_TYPE_CLIENT + - BUG/MEDIUM: stream_interface: restore get_src/get_dst + - CLEANUP: sock_raw: remove last references to stream_sock + - CLEANUP: stream_interface: stop exporting socket layer functions + - MINOR: stream_interface: add an init callback to sock_ops + - MEDIUM: stream_interface: derive the socket operations from the target + - MAJOR: fd: remove the need for the socket layer to recheck the connection + - MINOR: session: call the socket layer init function when a session establishes + - MEDIUM: session: add support for tunnel timeouts + - MINOR: standard: add a new debug macro : fddebug() + - CLEANUP: fd: remove unused cb->b pointers in the struct fdtab + - OPTIM: proto_http: don't enable quick-ack on empty buffers + - OPTIM/MAJOR: ev_sepoll: process spec events after polled events + - OPTIM/MEDIUM: stream_interface: add a new SI_FL_NOHALF flag + +2012/05/08 : 1.5-dev9 + - MINOR: Add release callback to si_applet + - CLEANUP: Fix some minor typos + - MINOR: Add TO/FROM_SET flags to struct stream_interface + - CLEANUP: Fix some minor whitespace issues + - MINOR: stats admin: allow unordered parameters in POST requests + - CLEANUP: fix typo in findserver() log message + - MINOR: stats admin: use the backend id instead of its name in the form + - MINOR: stats admin: reduce memcmp()/strcmp() calls on status codes + - DOC: cleanup indentation, alignment, columns and chapters + - DOC: fix some keywords arguments documentation + - MINOR: cli: display the 4 IP addresses and ports on "show sess XXX" + - BUG/MAJOR: log: possible segfault with logformat + - MEDIUM: log: split of log_format generation + - MEDIUM: log: New format-log flags: %Fi %Fp %Si %Sp %Ts %rt %H %pid + - MEDIUM: log: Unique ID + - MINOR: log: log-format: usable without httplog and tcplog + - BUG/MEDIUM: balance source did not properly hash IPv6 addresses + - MINOR: contrib/iprange: add a network IP range to mask converter + - MEDIUM: session: implement the "use-server" directive + - MEDIUM: log: add a new cookie flag 'U' to report situations where cookie is not used + - MEDIUM: http: make extract_cookie_value() iterate over cookie values + - MEDIUM: http: add cookie and scookie ACLs + - CLEANUP: lb_first: add reference to a paper describing the original idea + - MEDIUM: stream_sock: add a get_src and get_dst callback and remove SN_FRT_ADDR_SET + - BUG/MINOR: acl: req_ssl_sni would randomly fail if a session ID is present + - BUILD: http: make extract_cookie_value() return an int not size_t + - BUILD: http: stop gcc-4.1.2 from complaining about possibly uninitialized values + - CLEANUP: http: message parser must ignore HTTP_MSG_ERROR + - MINOR: standard: add a memprintf() function to build formatted error messages + - CLEANUP: remove a few warning about unchecked return values in debug code + - MEDIUM: move message-related flags from transaction to message + - DOC: add a diagram to explain how circular buffers work + - MAJOR: buffer rework: replace ->send_max with ->o + - MAJOR: buffer: replace buf->l with buf->{o+i} + - MINOR: buffers: provide simple pointer normalization functions + - MINOR: buffers: remove unused function buffer_contig_data() + - MAJOR: buffers: replace buf->w with buf->p - buf->o + - MAJOR: buffers: replace buf->r with buf->p + buf->i + - MAJOR: http: move buffer->lr to http_msg->next + - MAJOR: http: change msg->{som,col,sov,eoh} to be relative to buffer origin + - CLEANUP: http: remove unused http_msg->col + - MAJOR: http: turn http_msg->eol to a buffer-relative offset + - MEDIUM: http: add a pointer to the buffer in http_msg + - MAJOR: http: make http_msg->sol relative to buffer's origin + - MEDIUM: http: http_send_name_header: remove references to msg and buffer + - MEDIUM: http: remove buffer arg in a few header manipulation functions + - MEDIUM: http: remove buffer arg in http_capture_bad_message + - MEDIUM: http: remove buffer arg in http_msg_analyzer + - MEDIUM: http: remove buffer arg in http_upgrade_v09_to_v10 + - MEDIUM: http: remove buffer arg in http_buffer_heavy_realign + - MEDIUM: http: remove buffer arg in chunk parsing functions + - MINOR: http: remove useless wrapping checks in http_msg_analyzer + - MEDIUM: buffers: fix unsafe use of buffer_ignore at some places + - MEDIUM: buffers: add new pointer wrappers and get rid of almost all buffer_wrap_add calls + - MEDIUM: buffers: implement b_adv() to advance a buffer's pointer + - MEDIUM: buffers: rename a number of buffer management functions + - MEDIUM: http: add a prefetch function for ACL pattern fetch + - MEDIUM: http: make all ACL fetch function use acl_prefetch_http() + - BUG/MINOR: http_auth: ACLs are volatile, not permanent + - MEDIUM: http/acl: merge all request and response ACL fetches of headers and cookies + - MEDIUM: http/acl: make acl_fetch_hdr_{ip,val} rely on acl_fetch_hdr() + - MEDIUM: add a new typed argument list parsing framework + - MAJOR: acl: make use of the new argument parsing framework + - MAJOR: acl: store the ACL argument types in the ACL keyword declaration + - MEDIUM: acl: acl_find_target() now resolves arguments based on their types + - MAJOR: acl: make acl_find_targets also resolve proxy names at config time + - MAJOR: acl: ensure that implicit table and proxies are valid + - MEDIUM: acl: remove unused tests for missing args when args are mandatory + - MEDIUM: pattern: replace type pattern_arg with type arg + - MEDIUM: pattern: get rid of arg_i in all functions making use of arguments + - MEDIUM: pattern: use the standard arg parser + - MEDIUM: pattern: add an argument validation callback to pattern descriptors + - MEDIUM: pattern: report the precise argument parsing error when known. + - MEDIUM: acl: remove the ACL_TEST_F_NULL_MATCH flag + - MINOR: pattern: add a new 'sample' type to store fetched data + - MEDIUM: pattern: add new sample types to replace pattern types + - MAJOR: acl: make use of the new sample struct and get rid of acl_test + - MEDIUM: pattern/acl: get rid of temp_pattern in ACLs + - MEDIUM: acl: get rid of the SET_RES flags + - MEDIUM: get rid of SMP_F_READ_ONLY and SMP_F_MUST_FREE + - MINOR: pattern: replace struct pattern with struct sample + - MEDIUM: pattern: integrate pattern_data into sample and use sample everywhere + - MEDIUM: pattern: retrieve the sample type in the sample, not in the keyword description + - MEDIUM: acl/pattern: switch rdp_cookie functions stack up-down + - MEDIUM: acl: replace acl_expr with args in acl fetch_* functions + - MINOR: tcp: replace acl_fetch_rdp_cookie with smp_fetch_rdp_cookie + - MEDIUM: acl/pattern: use the same direction scheme + - MEDIUM: acl/pattern: start merging common sample fetch functions + - MEDIUM: pattern: ensure that sample types always cast into other types. + - MEDIUM: acl/pattern: factor out the src/dst address fetches + - MEDIUM: acl: implement payload and payload_lv + - CLEANUP: pattern: ensure that payload and payload_lv always stay in the buffer + - MINOR: stick_table: centralize the handling of empty keys + - MINOR: pattern: centralize handling of unstable data in pattern_process() + - MEDIUM: pattern: use smp_fetch_rdp_cookie instead of the pattern specific version + - MINOR: acl: set SMP_OPT_ITERATE on fetch functions + - MINOR: acl: add a val_args field to keywords + - MINOR: proto_tcp: validate arguments of payload and payload_lv ACLs + - MEDIUM: http: merge acl and pattern header fetch functions + - MEDIUM: http: merge ACL and pattern cookie fetches into a single one + - MEDIUM: acl: report parsing errors to the caller + - MINOR: arg: improve error reporting on invalid arguments + - MINOR: acl: report errors encountered when loading patterns from files + - MEDIUM: acl: extend the pattern parsers to report meaningful errors + - REORG: use the name "sample" instead of "pattern" to designate extracted data + - REORG: rename "pattern" files + - MINOR: acl: add types to ACL patterns + - MINOR: standard: add an IPv6 parsing function (str62net) + - MEDIUM: acl: support IPv6 address matching + - REORG: stream_interface: create a struct sock_ops to hold socket operations + - REORG/MEDIUM: move protocol->{read,write} to sock_ops + - REORG/MEDIUM: stream_interface: initialize socket ops from descriptors + - REORG/MEDIUM: replace stream interface protocol functions by a proto pointer + - REORG/MEDIUM: move the default accept function from sockstream to protocols.c + - MEDIUM: proto_tcp: remove src6 and dst6 pattern fetch methods + - BUG/MINOR: http: error snapshots are wrong if buffer wraps + - BUG/MINOR: http: ensure that msg->err_pos is always relative to buf->p + - MEDIUM: http: improve error capture reports + - MINOR: acl: add the cook_val() match to match a cookie against an integer + - BUG/MEDIUM: send_proxy: fix initialisation of send_proxy_ofs + - MEDIUM: memory: add the ability to poison memory at run time + - BUG/MEDIUM: log: ensure that unique_id is properly initialized + - MINOR: cfgparse: use a common errmsg pointer for all parsers + - MEDIUM: cfgparse: make backend_parse_balance() use memprintf to report errors + - MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords + - MINOR: http: replace http_message_realign() with buffer_slow_realign() + +2012/03/26 : 1.5-dev8 + - MINOR: patch for minor typo (ressources/resources) + - MEDIUM: http: add support for sending the server's name in the outgoing request + - DOC: mention that default checks are TCP connections + - BUG/MINOR: fix options forwardfor if-none when an alternative header name is specified + - CLEANUP: Make check_statuses, analyze_statuses and process_chk static + - CLEANUP: Fix HCHK spelling errors + - BUG/MINOR: fix typo in processing of http-send-name-header + - MEDIUM: log: Use linked lists for loggers + - BUILD: fix declaration inside a scope block + - REORG: log: split send_log function + - MINOR: config: Parse the string of the log-format config keyword + - MINOR: add ultoa, ulltoa, ltoa, lltoa implementations + - MINOR: Date and time fonctions that don't use snprintf + - MEDIUM: log: make http_sess_log use log_format + - DOC: log-format documentation + - MEDIUM: log: use log_format for mode tcplog + - MEDIUM: log-format: backend source address %Bi %Bp + - BUG/MINOR: log-format: fix %o flag + - BUG/MEDIUM: bad length in log_format and __send_log + - MINOR: logformat %st is signed + - BUILD/MINOR: fix the source URL in the spec file + - DOC: acl is http_first_req, not http_req_first + - BUG/MEDIUM: don't trim last spaces from headers consisting only of spaces + - MINOR: acl: add new matches for header/path/url length + - BUILD: halog: make halog build on solaris + - BUG/MINOR: don't use a wrong port when connecting to a server with mapped ports + - MINOR: remove the client/server side distinction in SI addresses + - MINOR: halog: add support for matching queued requests + - DOC: indicate that cookie "prefix" and "indirect" should not be mixed + - OPTIM/MINOR: move struct sockaddr_storage to the tail of structs + - OPTIM/MINOR: make it possible to change pipe size (tune.pipesize) + - BUILD/MINOR: silent a build warning in src/pipe.c (fcntl) + - OPTIM/MINOR: move the hdr_idx pools out of the proxy struct + - MEDIUM: tune.http.maxhdr makes it possible to configure the maximum number of HTTP headers + - BUG/MINOR: fix a segfault when parsing a config with undeclared peers + - CLEANUP: rename possibly confusing struct field "tracked" + - BUG/MEDIUM: checks: fix slowstart behaviour when server tracking is in use + - MINOR: config: tolerate server "cookie" setting in non-HTTP mode + - MEDIUM: buffers: add some new primitives and rework existing ones + - BUG: buffers: don't return a negative value on buffer_total_space_res() + - MINOR: buffers: make buffer_pointer() support negative pointers too + - CLEANUP: kill buffer_replace() and use an inline instead + - BUG: tcp: option nolinger does not work on backends + - CLEANUP: ebtree: remove a few annoying signedness warnings + - CLEANUP: ebtree: clarify licence and update to 6.0.6 + - CLEANUP: ebtree: remove 4-year old harmless typo in duplicates insertion code + - CLEANUP: ebtree: remove another typo, a wrong initialization in insertion code + - BUG: ebtree: ebst_lookup() could return the wrong entry + - OPTIM: stream_sock: reduce the amount of in-flight spliced data + - OPTIM: stream_sock: save a failed recv syscall when splice returns EAGAIN + - MINOR: acl: add support for TLS server name matching using SNI + - BUG: http: re-enable TCP quick-ack upon incomplete HTTP requests + - BUG: proto_tcp: don't try to bind to a foreign address if sin_family is unknown + - MINOR: pattern: export the global temporary pattern + - CLEANUP: patterns: get rid of pattern_data_setstring() + - MEDIUM: acl: use temp_pattern to store fetched information in the "method" match + - MINOR: acl: include pattern.h to make pattern migration more transparent + - MEDIUM: pattern: change the pattern data integer from unsigned to signed + - MEDIUM: acl: use temp_pattern to store any integer-type information + - MEDIUM: acl: use temp_pattern to store any address-type information + - CLEANUP: acl: integer part of acl_test is not used anymore + - MEDIUM: acl: use temp_pattern to store any string-type information + - CLEANUP: acl: remove last data fields from the acl_test struct + - MEDIUM: http: replace get_ip_from_hdr2() with http_get_hdr() + - MEDIUM: patterns: the hdr() pattern is now of type string + - DOC: add minimal documentation on how ACLs work internally + - DOC: add a coding-style file + - OPTIM: halog: keep a fast path for the lines-count only + - CLEANUP: silence a warning when building on sparc + - BUG: http: tighten the list of allowed characters in a URI + - MEDIUM: http: block non-ASCII characters in URIs by default + - DOC: add some documentation from RFC3986 about URI format + - BUG/MINOR: cli: correctly remove the whole table on "clear table" + - BUG/MEDIUM: correctly disable servers tracking another disabled servers. + - BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend + - MINOR: halog: add some help on the command line + - BUILD: fix build error on FreeBSD + - BUG: fix double free in peers config error path + - MEDIUM: improve config check return codes + - BUILD: make it possible to look for pcre in the default system paths + - MINOR: config: emit a warning when 'default_backend' masks servers + - MINOR: backend: rework the LC definition to support other connection-based algos + - MEDIUM: backend: add the 'first' balancing algorithm + - BUG: fix httplog trailing LF + - MEDIUM: increase chunk-size limit to 2GB-1 + - BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions + - BUG: http: disable TCP delayed ACKs when forwarding content-length data + - BUG: checks: fix server maintenance exit sequence + - BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on partial writes + - DOC: enumerate valid status codes for "observe layer7" + - MINOR: buffer: switch a number of buffer args to const + - CLEANUP: silence signedness warning in acl.c + - BUG: stream_sock: si->release was not called upon shutw() + - MINOR: log: use "%ts" to log term status only and "%tsc" to log with cookie + - BUG/CRITICAL: log: fix risk of crash in development snapshot + - BUG/MAJOR: possible crash when using capture headers on TCP frontends + - MINOR: config: disable header captures in TCP mode and complain + +2011/09/10 : 1.5-dev7 + - [BUG] fix binary stick-tables + - [MINOR] http: *_dom matching header functions now also split on ":" + - [BUG] checks: fix support of Mysqld >= 5.5 for mysql-check + - [MINOR] acl: add srv_conn acl to count connections on a specific backend server + - [MINOR] check: add redis check support + - [DOC] small fixes to clearly distinguish between keyword and variables + - [MINOR] halog: add support for termination code matching (-tcn/-TCN) + - [DOC] Minor spelling fixes and grammatical enhancements + - [CLEANUP] dumpstats: make symbols static where possible + - [MINOR] Break out dumping table + - [MINOR] Break out processing of clear table + - [MINOR] Allow listing of stick table by key + - [MINOR] Break out all stick table socat command parsing + - [MINOR] More flexible clearing of stick table + - [MINOR] Allow showing and clearing by key of ipv6 stick tables + - [MINOR] Allow showing and clearing by key of integer stick tables + - [MINOR] Allow showing and clearing by key of string stick tables + - [CLEANUP] Remove assigned but unused variables + - [CLEANUP] peers.h: fix declarations + - [CLEANUP] session.c: Make functions static where possible + - [MINOR] Add active connection list to server + - [MINOR] Allow shutdown of sessions when a server becomes unavailable + - [MINOR] Add down termination condition + - [MINOR] Make appsess{,ion}_refresh static + - [MINOR] Add rdp_cookie pattern fetch function + - [CLEANUP] Remove unnecessary casts + - [MINOR] Add non-stick server option + - [MINOR] Consistently use error in tcp_parse_tcp_req() + - [MINOR] Consistently free expr on error in cfg_parse_listen() + - [MINOR] Free rdp_cookie_name on denint() + - [MINOR] Free tcp rules on denint() + - [MINOR] Free stick table pool on denint() + - [MINOR] Free stick rules on denint() + - [MEDIUM] Fix stick-table replication on soft-restart + - [MEDIUM] Correct ipmask() logic + - [MINOR] Correct type in table dump examples + - [MINOR] Fix build error in stream_int_register_handler() + - [MINOR] Use DPRINTF in assign_server() + - [BUG] checks: http-check expect could fail a check on multi-packet responses + - [DOC] fix minor typo in the "dispatch" doc + - [BUG] proto_tcp: fix address binding on remote source + - [MINOR] http: don't report the "haproxy" word on the monitoring response + - [REORG] http: move HTTP error codes back to proto_http.h + - [MINOR] http: make the "HTTP 200" status code configurable. + - [MINOR] http: partially revert the chunking optimization for now + - [MINOR] stream_sock: always clear BF_EXPECT_MORE upon complete transfer + - [CLEANUP] stream_sock: remove unneeded FL_TCP and factor out test + - [MEDIUM] http: add support for "http-no-delay" + - [OPTIM] http: optimize chunking again in non-interactive mode + - [OPTIM] stream_sock: avoid fast-forwarding of partial data + - [OPTIM] stream_sock: don't use splice on too small payloads + - [MINOR] config: make it possible to specify a cookie even without a server + - [BUG] stats: support url-encoded forms + - [MINOR] config: automatically compute a default fullconn value + - [CLEANUP] config: remove some left-over printf debugging code from previous patch + - [DOC] add missing entry or stick store-response + - [MEDIUM] http: add support for 'cookie' and 'set-cookie' patterns + - [BUG] halog: correctly handle truncated last line + - [MINOR] halog: make SKIP_CHAR stop on field delimiters + - [MINOR] halog: add support for HTTP log matching (-H) + - [MINOR] halog: gain back performance before SKIP_CHAR fix + - [OPTIM] halog: cache some common fields positions + - [OPTIM] halog: check once for correct line format and reuse the pointer + - [OPTIM] halog: remove many 'if' by using a function pointer for the filters + - [OPTIM] halog: remove support for tab delimiters in input data + - [BUG] session: risk of crash on out of memory (1.5-dev regression) + - [MINOR] session: try to emit a 500 response on memory allocation errors + - [OPTIM] stream_sock: reduce the default number of accepted connections at once + - [BUG] stream_sock: disable listener when system resources are exhausted + - [MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c + - [BUG] stream_sock: ensure orphan listeners don't accept too many connections + - [MINOR] listeners: add listen_full() to mark a listener full + - [MINOR] listeners: add support for queueing resource limited listeners + - [MEDIUM] listeners: put listeners in queue upon resource shortage + - [MEDIUM] listeners: queue proxy-bound listeners at the proxy's + - [MEDIUM] listeners: don't stop proxies when global maxconn is reached + - [MEDIUM] listeners: don't change listeners states anymore in maintain_proxies + - [CLEANUP] proxy: rename a few proxy states (PR_STIDLE and PR_STRUN) + - [MINOR] stats: report a "WAITING" state for sockets waiting for resource + - [MINOR] proxy: make session rate-limit more accurate + - [MINOR] sessions: only wake waiting listeners up if rate limit is OK + - [BUG] proxy: peers must only be stopped once, not upon every call to maintain_proxies + - [CLEANUP] proxy: merge maintain_proxies() operation inside a single loop + - [MINOR] task: new function task_schedule() to schedule a wake up + - [MAJOR] proxy: finally get rid of maintain_proxies() + - [BUG] proxy: stats frontend and peers were missing many initializers + - [MEDIUM] listeners: add a global listener management task + - [MINOR] proxy: make findproxy() return proxies from numeric IDs too + - [DOC] fix typos, "#" is a sharp, not a dash + - [MEDIUM] stats: add support for changing frontend's maxconn at runtime + - [MEDIUM] checks: group health checks methods by values and save option bits + - [MINOR] session-counters: add the ability to clear the counters + - [BUG] check: http-check expect + regex would crash in defaults section + - [MEDIUM] http: make x-forwarded-for addition conditional + - [REORG] build: move syscall redefinition to specific places + - [CLEANUP] update the year in the copyright banner + - [BUG] possible crash in 'show table' on stats socket + - [BUG] checks: use the correct destination port for sending checks + - [BUG] backend: risk of picking a wrong port when mapping is used with crossed families + - [MINOR] make use of set_host_port() and get_host_port() to get rid of family mismatches + - [DOC] fixed a few "sensible" -> "sensitive" errors + - [MINOR] make use of addr_to_str() and get_host_port() to replace many inet_ntop() + - [BUG] http: trailing white spaces must also be trimmed after headers + - [MINOR] stats: display "" instead of the frontend name when unknown + - [MINOR] http: take a capture of too large requests and responses + - [MINOR] http: take a capture of truncated responses + - [MINOR] http: take a capture of bad content-lengths. + - [DOC] add a few old and uncommitted docs + - [CLEANUP] cfgparse: fix reported options for the "bind" keyword + - [MINOR] halog: add -hs/-HS to filter by HTTP status code range + - [MINOR] halog: support backslash-escaped quotes + - [CLEANUP] remove dirty left-over of a debugging message + - [MEDIUM] stats: disable complex socket reservation for stats socket + - [CLEANUP] remove a useless test in manage_global_listener_queue() + - [MEDIUM] stats: add the "set maxconn" setting to the command line interface + - [MEDIUM] add support for global.maxconnrate to limit the per-process conn rate. + - [MINOR] stats: report the current and max global connection rates + - [MEDIUM] stats: add the ability to adjust the global maxconnrate + - [BUG] peers: don't pre-allocate 65000 connections to each peer + - [MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate + - [BUG] peers: the peer frontend must not emit any log + - [CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs + - [BUG] peers: don't keep a peers section which has a NULL frontend + - [BUG] peers: ensure the peers are resumed if they were paused + - [MEDIUM] stats: add the ability to enable/disable/shutdown a frontend at runtime + - [MEDIUM] session: make session_shutdown() an independant function + - [MEDIUM] stats: offer the possibility to kill a session from the CLI + - [CLEANUP] stats: centralize tests for backend/server inputs on the CLI + - [MEDIUM] stats: offer the possibility to kill sessions by server + - [MINOR] halog: do not consider byte 0x8A as end of line + - [MINOR] frontend: ensure debug message length is always initialized + - [OPTIM] halog: make fgets parse more bytes by blocks + - [OPTIM] halog: add assembly version of the field lookup code + - [MEDIUM] poll: add a measurement of idle vs work time + - [CLEANUP] startup: report only the basename in the usage message + - [MINOR] startup: add an option to change to a new directory + - [OPTIM] task: don't scan the run queue if we know it's empty + - [BUILD] stats: stdint is not present on solaris + - [DOC] update the README file to reflect new naming rules for patches + - [MINOR] stats: report the number of requests intercepted by the frontend + - [DOC] update ROADMAP file + +2011/04/08 : 1.5-dev6 + - [BUG] stream_sock: use get_addr_len() instead of sizeof() on sockaddr_storage + - [BUG] TCP source tracking was broken with IPv6 changes + - [BUG] stick-tables did not work when converting IPv6 to IPv4 + - [CRITICAL] fix risk of crash when dealing with space in response cookies + +2011/03/29 : 1.5-dev5 + - [BUG] standard: is_addr return value for IPv4 was inverted + - [MINOR] update comment about IPv6 support for server + - [MEDIUM] use getaddrinfo to resolve names if gethostbyname fail + - [DOC] update IPv6 support for bind + - [DOC] document IPv6 support for server + - [DOC] fix a minor typo + - [MEDIUM] IPv6 support for syslog + - [DOC] document IPv6 support for syslog + - [MEDIUM] IPv6 support for stick-tables + - [DOC] document IPv6 support for stick-tables + - [DOC] update ROADMAP file + - [BUG] session: src_conn_cur was returning src_conn_cnt instead + - [MINOR] frontend: add a make_proxy_line function + - [MEDIUM] stream_sock: add support for sending the proxy protocol header line + - [MEDIUM] server: add support for the "send-proxy" option + - [DOC] update the spec on the proxy protocol + - [BUILD] proto_tcp: fix build issue with CTTPROXY + - [DOC] update ROADMAP file + - [MEDIUM] config: rework the IPv4/IPv6 address parser to support host-only addresses + - [MINOR] cfgparse: better report wrong listening addresses and make use of str2sa_range + - [BUILD] add the USE_GETADDRINFO build option + - [TESTS] provide a test case for various address formats + - [BUG] session: conn_retries was not always initialized + - [BUG] log: retrieve the target from the session, not the SI + - [BUG] http: fix possible incorrect forwarded wrapping chunk size (take 2) + - [MINOR] tools: add two macros MID_RANGE and MAX_RANGE + - [BUG] http: fix content-length handling on 32-bit platforms + - [OPTIM] buffers: uninline buffer_forward() + - [BUG] stream_sock: fix handling for server side PROXY protocol + - [MINOR] acl: add support for table_cnt and table_avl matches + - [DOC] update ROADMAP file + +2011/03/13 : 1.5-dev4 + - [MINOR] cfgparse: Check whether the path given for the stats socket actually fits into the sockaddr_un structure to avoid truncation. + - [MINOR] unix sockets : inherits the backlog size from the listener + - [CLEANUP] unix sockets : move create_uxst_socket() in uxst_bind_listener() + - [DOC] fix a minor typo + - [DOC] fix ignore-persist documentation + - [MINOR] add warnings on features not compatible with multi-process mode + - [BUG] http: fix http-pretend-keepalive and httpclose/tunnel mode + - [MINOR] stats: add support for several packets in stats admin + - [BUG] stats: admin commands must check the proxy state + - [BUG] stats: admin web interface must check the proxy state + - [MINOR] http: add pattern extraction method to stick on query string parameter + - [MEDIUM] add internal support for IPv6 server addresses + - [MINOR] acl: add be_id/srv_id to match backend's and server's id + - [MINOR] log: add support for passing the forwarded hostname + - [MINOR] log: ability to override the syslog tag + - [MINOR] checks: add PostgreSQL health check + - [DOC] update ROADMAP file + - [BUILD] pattern: use 'int' instead of 'int32_t' + - [OPTIM] linux: add support for bypassing libc to force using vsyscalls + - [BUG] debug: report the correct poller list in verbose mode + - [BUG] capture: do not capture a cookie if there is no memory left + - [BUG] appsession: fix possible double free in case of out of memory + - [CRITICAL] cookies: mixing cookies in indirect mode and appsession can crash the process + - [BUG] http: correctly update the header list when removing two consecutive headers + - [BUILD] add the CPU=native and ARCH=32/64 build options + - [BUILD] add -fno-strict-aliasing to fix warnings with gcc >= 4.4 + - [CLEANUP] hash: move the avalanche hash code globally available + - [MEDIUM] hash: add support for an 'avalanche' hash-type + - [DOC] update roadmap file + - [BUG] http: do not re-enable the PROXY analyser on keep-alive + - [OPTIM] http: don't send each chunk in a separate packet + - [DOC] fix minor typos reported recently in the peers section + - [DOC] fix another typo in the doc + - [MINOR] stats: report HTTP message state and buffer flags in error dumps + - [BUG] http chunking: don't report a parsing error on connection errors + - [BUG] stream_interface: truncate buffers when sending error messages + - [MINOR] http: support wrapping messages in error captures + - [MINOR] http: capture incorrectly chunked message bodies + - [MINOR] stats: add global event ID and count + - [BUG] http: analyser optimizations broke pipelining + - [CLEANUP] frontend: only apply TCP-specific settings to TCP/TCP6 sockets + - [BUG] http: fix incorrect error reporting during data transfers + - [CRITICAL] session: correctly leave turn-around and queue states on abort + - [BUG] session: release slot before processing pending connections + - [MINOR] tcp: add support for dynamic MSS setting + - [BUG] stick-table: correctly terminate string keys during lookups + - [BUG] acl: fix handling of empty lines in pattern files + - [BUG] stick-table: use the private buffer when padding strings + - [BUG] ebtree: fix ebmb_lookup() with len smaller than the tree's keys + - [OPTIM] ebtree: ebmb_lookup: reduce stack usage by moving the return code out of the loop + - [OPTIM] ebtree: inline ebst_lookup_len and ebis_lookup_len + - [REVERT] undo the stick-table string key lookup fixes + - [MINOR] http: improve url_param pattern extraction to ignore empty values + - [BUILD] frontend: shut a warning with TCP_MAXSEG + - [BUG] http: update the header list's tail when removing the last header + - [DOC] fix minor typo in the proxy protocol doc + - [DOC] fix typos (http-request instead of http-check) + - [BUG] http: use correct ACL pointer when evaluating authentication + - [BUG] cfgparse: correctly count one socket per port in ranges + - [BUG] startup: set the rlimits before binding ports, not after. + - [BUG] acl: srv_id must return no match when the server is NULL + - [MINOR] acl: add ability to check for internal response-only parameters + - [MINOR] acl: srv_id is only valid in responses + - [MINOR] config: warn if response-only conditions are used in "redirect" rules + - [BUG] acl: fd leak when reading patterns from file + - [DOC] fix minor typo in "usesrc" + - [BUG] http: fix possible incorrect forwarded wrapping chunk size + - [BUG] http: fix computation of message body length after forwarding has started + - [BUG] http: balance url_param did not work with first parameters on POST + - [TESTS] update the url_param regression test to test check_post too + - [DOC] update ROADMAP + - [DOC] internal: reflect the fact that SI_ST_ASS is transient + - [BUG] config: don't crash on empty pattern files. + - [MINOR] stream_interface: make use of an applet descriptor for IO handlers + - [REORG] stream_interface: move the st0, st1 and private members to the applet + - [REORG] stream_interface: split the struct members in 3 parts + - [REORG] session: move client and server address to the stream interface + - [REORG] tcp: make tcpv4_connect_server() take the target address from the SI + - [MEDIUM] stream_interface: store the target pointer and type + - [CLEANUP] stream_interface: remove the applet.handler pointer + - [MEDIUM] log: take the logged server name from the stream interface + - [CLEANUP] session: remove data_source from struct session + - [CLEANUP] stats: make all dump functions only rely on the stream interface + - [REORG] session: move the data_ctx struct to the stream interface's applet + - [MINOR] proxy: add PR_O2_DISPATCH to detect dispatch mode + - [MINOR] cfgparse: only keep one of dispatch, transparent, http_proxy + - [MINOR] session: add a pointer to the new target into the session + - [MEDIUM] session: remove s->prev_srv which is not needed anymore + - [CLEANUP] stream_interface: use inline functions to manipulate targets + - [MAJOR] session: remove the ->srv pointer from struct session + - [MEDIUM] stats: split frontend and backend stats + - [MEDIUM] http: always evaluate http-request rules before stats http-request + - [REORG] http: move the http-request rules to proto_http + - [BUG] http: stats were not incremented on http-request deny + - [MINOR] checks: report it if checks fail due to socket creation error + +2010/11/11 : 1.5-dev3 + - [DOC] fix http-request documentation + - [MEDIUM] enable/disable servers from the stats web interface + - [MEDIUM] stats: add an admin level + - [DOC] stats: document the "stats admin" statement + - [MINOR] startup: print the proxy socket which caused an error + - [CLEANUP] Remove unneeded chars allocation + - [MINOR] config: detect options not supported due to compilation options + - [MINOR] Add pattern's fetchs payload and payload_lv + - [MINOR] frontend: improve accept-proxy header parsing + - [MINOR] frontend: add tcpv6 support on accept-proxy bind + - [MEDIUM] Enhance message errors management on binds + - [MINOR] Manage unix socket source field on logs + - [MINOR] Manage unix socket source field on session dump on sock stats + - [MINOR] Support of unix listener sockets for debug and log event messages on frontend.c + - [MINOR] Add some tests on sockets family for port remapping and mode transparent. + - [MINOR] Manage socket type unix for some logs + - [MINOR] Enhance controls of socket's family on acls and pattern fetch + - [MINOR] Support listener's sockets unix on http logs. + - [MEDIUM] Add supports of bind on unix sockets. + - [BUG] stick table purge failure if size less than 255 + - [BUG] stick table entries expire on counters updates/read or show table, even if there is no "expire" parameter + - [MEDIUM] Implement tcp inspect response rules + - [DOC] tcp-response content and inspect + - [MINOR] new acls fetch req_ssl_hello_type and rep_ssl_hello_type + - [DOC] acls rep_ssl_hello and req_ssl_hello + - [MEDIUM] Create new protected pattern types CONSTSTRING and CONSTDATA to force memcpy if data from protected areas need to be manipulated. + - [DOC] new type binary in stick-table + - [DOC] stick store-response and new patterns payload and payload_lv + - [MINOR] Manage all types (ip, integer, string, binary) on cli "show table" command + - [MEDIUM] Create updates tree on stick table to manage sync. + - [MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management + - [MEDIUM] Manage peers section parsing and stick table registration on peers. + - [MEDIUM] Manage soft stop on peers proxy + - [DOC] add documentation for peers section + - [MINOR] checks: add support for LDAPv3 health checks + - [MINOR] add better support to "mysql-check" + - [BUG] Restore info about available active/backup servers + - [CONTRIB] Update haproxy.pl + - [CONTRIB] Update Cacti Tempates + - [CONTRIB] add templates for Cacti. + - [BUG] http: don't consider commas as a header delimitor within quotes + - [MINOR] support a global jobs counter + - [DOC] add a summary about cookie incompatibilities between specs and browsers + - [DOC] fix description of cookie "insert" and "indirect" modes + - [MEDIUM] http: fix space handling in the request cookie parser + - [MEDIUM] http: fix space handling in the response cookie parser + - [DOC] fix typo in the queue() definition (backend, not frontend) + - [BUG] deinit: unbind listeners before freeing them + - [BUG] stream_interface: only call si->release when both dirs are closed + - [MEDIUM] buffers: rework the functions to exchange between SI and buffers + - [DOC] fix typo in the avg_queue() and be_conn() definition (backend, not frontend) + - [MINOR] halog: add '-tc' to sort by termination codes + - [MINOR] halog: skip non-traffic logs for -st and -tc + - [BUG] stream_sock: cleanly disable the listener in case of resource shortage + - [BUILD] stream_sock: previous fix lacked the #include, causing a warning. + - [DOC] bind option is "defer-accept", not "defer_accept" + - [DOC] missing index entry for http-check send-state + - [DOC] tcp-request inspect-delay is for backends too + - [BUG] ebtree: string_equal_bits() could return garbage on identical strings + - [BUG] stream_sock: try to flush any extra pending request data after a POST + - [BUILD] proto_http: eliminate some build warnings with gcc-2.95 + - [MEDIUM] make it possible to combine http-pretend-keepalived with httpclose + - [MEDIUM] tcp-request : don't wait for inspect-delay to expire when the buffer is full + - [MEDIUM] checks: add support for HTTP contents lookup + - [TESTS] add test-check-expect to test various http-check methods + - [MINOR] global: add "tune.chksize" to change the default check buffer size + - [MINOR] cookie: add options "maxidle" and "maxlife" + - [MEDIUM] cookie: support client cookies with some contents appended to their value + - [MINOR] http: make some room in the transaction flags to extend cookies + - [MINOR] cookie: add the expired (E) and old (O) flags for request cookies + - [MEDIUM] cookie: reassign set-cookie status flags to store more states + - [MINOR] add encode/decode function for 30-bit integers from/to base64 + - [MEDIUM] cookie: check for maxidle and maxlife for incoming dated cookies + - [MEDIUM] cookie: set the date in the cookie if needed + - [DOC] document the cookie maxidle and maxlife parameters + - [BUG] checks: don't log backend down for all zero-weight servers + - [MEDIUM] checks: set server state to one state from failure when leaving maintenance + - [BUG] config: report correct keywords for "observe" + - [MINOR] checks: ensure that we can inherit binary checks from the defaults section + - [MINOR] acl: add the http_req_first match + - [DOC] fix typos about bind-process syntax + - [BUG] cookie: correctly unset default cookie parameters + - [MINOR] cookie: add support for the "preserve" option + - [BUG] ebtree: fix duplicate strings insertion + - [CONTRIB] halog: report per-url counts, errors and times + - [CONTRIB] halog: minor speed improvement in timer parser + - [MINOR] buffers: add a new request analyser flag for PROXY mode + - [MINOR] listener: add the "accept-proxy" option to the "bind" keyword + - [MINOR] standard: add read_uint() to parse a delimited unsigned integer + - [MINOR] standard: change arg type from const char* to char* + - [MINOR] frontend: add a new analyser to parse a proxied connection + - [MEDIUM] session: call the frontend_decode_proxy analyser on proxied connections + - [DOC] add the proxy protocol's specifications + - [DOC] document the 'accept-proxy' bind option + - [MINOR] cfgparse: report support of for the 'bind' statements + - [DOC] add references to unix socket handling + - [MINOR] move MAXPATHLEN definition to compat.h + - [MEDIUM] unix sockets: cleanup the error reporting path + - [BUG] session: don't stop forwarding of data upon last packet + - [CLEANUP] accept: replace some inappropriate Alert() calls with send_log() + - [BUILD] peers: shut a printf format warning (key_size is a size_t) + - [BUG] accept: don't close twice upon error + - [OPTIM] session: don't recheck analysers when buffer flags have not changed + - [OPTIM] stream_sock: don't clear FDs that are already cleared + - [BUG] proto_tcp: potential bug on pattern fetch dst and dport + +2010/08/28 : 1.5-dev2 + - [MINOR] startup: release unused structs after forking + - [MINOR] startup: don't wait for nothing when no old pid remains + - [CLEANUP] reference product branch 1.5 + - [MEDIUM] signals: add support for registering functions and tasks + - [MEDIUM] signals: support redistribution of signal zero when stopping + - [BUG] http: don't set auto_close if more data are expected + +2010/08/25 : 1.5-dev1 + - [BUG] stats: session rate limit gets garbaged in the stats + - [DOC] mention 'option http-server-close' effect in Tq section + - [DOC] summarize and highlight persistent connections behaviour + - [DOC] add configuration samples + - [BUG] http: dispatch and http_proxy modes were broken for a long time + - [BUG] http: the transaction must be initialized even in TCP mode + - [BUG] tcp: dropped connections must be counted as "denied" not "failed" + - [BUG] consistent hash: balance on all servers, not only 2 ! + - [CONTRIB] halog: report per-server status codes, errors and response times + - [BUG] http: the transaction must be initialized even in TCP mode (part 2) + - [BUG] client: always ensure to zero rep->analysers + - [BUG] session: clear BF_READ_ATTACHED before next I/O + - [BUG] http: automatically close response if req is aborted + - [BUG] proxy: connection rate limiting was eating lots of CPU + - [BUG] http: report correct flags in case of client aborts during body + - [TESTS] refine non-regression tests and add 4 new tests + - [BUG] debug: wrong pointer was used to report a status line + - [BUG] debug: correctly report truncated messages + - [DOC] document the "dispatch" keyword + - [BUG] stick_table: fix possible memory leak in case of connection error + - [CLEANUP] acl: use 'L6' instead of 'L4' in ACL flags relying on contents + - [MINOR] accept: count the incoming connection earlier + - [CLEANUP] tcp: move some non tcp-specific layer6 processing out of proto_tcp + - [CLEANUP] client: move some ACLs away to their respective locations + - [CLEANUP] rename client -> frontend + - [MEDIUM] separate protocol-level accept() from the frontend's + - [MINOR] proxy: add a list to hold future layer 4 rules + - [MEDIUM] config: parse tcp layer4 rules (tcp-request accept/reject) + - [MEDIUM] tcp: check for pure layer4 rules immediately after accept() + - [OPTIM] frontend: tell the compiler that errors are unlikely to occur + - [MEDIUM] frontend: check for LI_O_TCP_RULES in the listener + - [MINOR] frontend: only check for monitor-net rules if LI_O_CHK_MONNET is set + - [CLEANUP] buffer->cto is not used anymore + - [MEDIUM] session: finish session establishment sequence in with I/O handlers + - [MEDIUM] session: initialize server-side timeouts after connect() + - [MEDIUM] backend: initialize the server stream_interface upon connect() + - [MAJOR] frontend: don't initialize the server-side stream_int anymore + - [MEDIUM] session: move the conn_retries attribute to the stream interface + - [MEDIUM] session: don't assign conn_retries upon accept() anymore + - [MINOR] frontend: rely on the frontend and not the backend for INDEPSTR + - [MAJOR] frontend: reorder the session initialization upon accept + - [MINOR] proxy: add an accept() callback for the application layer + - [MAJOR] frontend: split accept() into frontend_accept() and session_accept() + - [MEDIUM] stats: rely on the standard session_accept() function + - [MINOR] buffer: refine the flags that may wake an analyser up. + - [MINOR] stream_sock: don't dereference a non-existing frontend + - [MINOR] session: differenciate between accepted connections and received connections + - [MEDIUM] frontend: count the incoming connection earlier + - [MINOR] frontend: count denied TCP requests separately + - [CLEANUP] stick_table: add/clarify some comments + - [BUILD] memory: add a few missing parenthesis to the pool management macros + - [MINOR] stick_table: add support for variable-sized data + - [CLEANUP] stick_table: rename some stksess struct members to avoid confusion + - [CLEANUP] stick_table: move pattern to key functions to stick_table.c + - [MEDIUM] stick_table: add room for extra data types + - [MINOR] stick_table: add support for "conn_cum" data type. + - [MEDIUM] stick_table: don't overwrite data when storing an entry + - [MINOR] config: initialize stick tables after all the parsing + - [MINOR] stick_table: provide functions to return stksess data from a type + - [MEDIUM] stick_table: move the server ID to a generic data type + - [MINOR] stick_table: enable it for frontends too + - [MINOR] stick_table: export the stick_table_key + - [MINOR] tcp: add per-source connection rate limiting + - [MEDIUM] stick_table: separate storage and update of session entries + - [MEDIUM] stick-tables: add a reference counter to each entry + - [MINOR] session: add a pointer to the tracked counters for the source + - [CLEANUP] proto_tcp: make the config parser a little bit more flexible + - [BUG] config: report the correct proxy type in tcp-request errors + - [MINOR] config: provide a function to quote args in a more friendly way + - [BUG] stick_table: the fix for the memory leak caused a regression + - [MEDIUM] backend: support servers on 0.0.0.0 + - [BUG] stick-table: correctly refresh expiration timers + - [MEDIUM] stream-interface: add a ->release callback + - [MINOR] proxy: add a "parent" member to the structure + - [MEDIUM] session: make it possible to call an I/O handler on both SI + - [MINOR] tools: add a fast div64_32 function + - [MINOR] freq_ctr: add new types and functions for periods different from 1s + - [MINOR] errors: provide new status codes for config parsing functions + - [BUG] http: denied requests must not be counted as denied resps in listeners + - [MINOR] tools: add a get_std_op() function to parse operators + - [MEDIUM] acl: make use of get_std_op() to parse intger ranges + - [MAJOR] stream_sock: better wakeup conditions on read() + - [BUG] session: analysers must be checked when SI state changes + - [MINOR] http: reset analysers to listener's, not frontend's + - [MEDIUM] session: support "tcp-request content" rules in backends + - [BUILD] always match official tags when doing git-tar + - [MAJOR] stream_interface: fix the wakeup conditions for embedded iohandlers + - [MEDIUM] buffer: make buffer_feed* support writing non-contiguous chunks + - [MINOR] tcp: src_count acl does not have a permanent result + - [MAJOR] session: add track-counters to track counters related to the session + - [MINOR] stick-table: provide a table lookup function + - [MINOR] stick-table: use suffix "_cnt" for cumulated counts + - [MEDIUM] session: move counter ACL fetches from proto_tcp + - [MEDIUM] session: add concurrent connections counter + - [MEDIUM] session: add data in and out volume counters + - [MINOR] session: add the trk_conn_cnt ACL keyword to track connection counts + - [MEDIUM] session-counters: automatically update tracked connection count + - [MINOR] session: add the trk_conn_cur ACL keyword to track concurrent connection + - [MINOR] session: add trk_kbytes_* ACL keywords to track data size + - [MEDIUM] session: add a counter on the cumulated number of sessions + - [MINOR] config: support a comma-separated list of store data types in stick-table + - [MEDIUM] stick-tables: add support for arguments to data_types + - [MEDIUM] stick-tables: add stored data argument type checking + - [MEDIUM] session counters: add conn_rate and sess_rate counters + - [MEDIUM] session counters: add bytes_in_rate and bytes_out_rate counters + - [MINOR] stktable: add a stktable_update_key() function + - [MINOR] session-counters: add a general purpose counter (gpc0) + - [MEDIUM] session-counters: add HTTP req/err tracking + - [MEDIUM] stats: add "show table []" to dump a stick-table + - [MEDIUM] stats: add "clear table key " to clear table entries + - [CLEANUP] stick-table: declare stktable_data_types as extern + - [MEDIUM] stick-table: make use of generic types for stored data + - [MINOR] stats: correctly report errors on "show table" and "clear table" + - [MEDIUM] stats: add the ability to dump table entries matching criteria + - [DOC] configuration: document all the new tracked counters + - [DOC] stats: document "show table" and "clear table" + - [MAJOR] session-counters: split FE and BE track counters + - [MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules + - [MEDIUM] session counters: automatically remove expired entries. + - [MEDIUM] config: replace 'tcp-request ' with "tcp-request connection" + - [MEDIUM] session-counters: make it possible to count connections from frontend + - [MINOR] session-counters: use "track-sc{1,2}" instead of "track-{fe,be}-counters" + - [MEDIUM] session-counters: correctly unbind the counters tracked by the backend + - [CLEANUP] stats: use stksess_kill() to remove table entries + - [DOC] update the references to session counters and to tcp-request connection + - [DOC] cleanup: split a few long lines + - [MEDIUM] http: forward client's close when abortonclose is set + - [BUG] queue: don't dequeue proxy-global requests on disabled servers + - [BUG] stats: global stats timeout may be specified before stats socket. + - [BUG] conf: add tcp-request content rules to the correct list + +2010/05/23 : 1.5-dev0 + - exact copy of 1.4.6 + +2010/05/16 : 1.4.6 + - [BUILD] ebtree: update to v6.0.1 to remove references to dprintf() + - [CLEANUP] acl: make use of eb_is_empty() instead of open coding the tree's emptiness test + - [MINOR] acl: add srv_is_up() to check that a specific server is up or not + - [DOC] add a few precisions about the use of RDP cookies + +2010/05/13 : 1.4.5 + - [DOC] report minimum kernel version for tproxy in the Makefile + - [MINOR] add the "ignore-persist" option to conditionally ignore persistence + - [DOC] add the "ignore-persist" option to conditionally ignore persistence + - [DOC] fix ignore-persist/force-persist documentation + - [BUG] cttproxy: socket fd leakage in check_cttproxy_version + - [DOC] doc/configuration.txt: fix typos + - [MINOR] option http-pretend-keepalive is both for FEs and BEs + - [MINOR] fix possible crash in debug mode with invalid responses + - [MINOR] halog: add support for statisticts on status codes + - [OPTIM] halog: use a faster zero test in fgets() + - [OPTIM] halog: minor speedup by using unlikely() + - [OPTIM] halog: speed up fgets2-64 by about 10% + - [DOC] refresh the README file and merge the CONTRIB file into it + - [MINOR] acl: support loading values from files + - [MEDIUM] ebtree: upgrade to version 6.0 + - [MINOR] acl trees: add flags and union members to store values in trees + - [MEDIUM] acl: add ability to insert patterns in trees + - [MEDIUM] acl: add tree-based lookups of exact strings + - [MEDIUM] acl: add tree-based lookups of networks + - [MINOR] acl: ignore empty lines and comments in pattern files + - [MINOR] stick-tables: add support for "stick on hdr" + +2010/04/07 : 1.4.4 + - [BUG] appsession should match the whole cookie name + - [CLEANUP] proxy: move PR_O_SSL3_CHK to options2 to release one flag + - [MEDIUM] backend: move the transparent proxy address selection to backend + - [MINOR] add very fast IP parsing functions + - [MINOR] add new tproxy flags for dynamic source address binding + - [MEDIUM] add ability to connect to a server from an IP found in a header + - [BUILD] config: last patch breaks build without CONFIG_HAP_LINUX_TPROXY + - [MINOR] http: make it possible to pretend keep-alive when doing close + - [MINOR] config: report "default-server" instead of "(null)" in error messages + +2010/03/30 : 1.4.3 + - [CLEANUP] stats: remove printf format warning in stats_dump_full_sess_to_buffer() + - [MEDIUM] session: better fix for connection to servers with closed input + - [DOC] indicate in the doc how to bind to port ranges + - [BUG] backend: L7 hashing must not be performed on incomplete requests + - [TESTS] add a simple program to test connection resets + - [MINOR] cli: "show errors" should display "backend " when backend was not used + - [MINOR] config: emit warnings when HTTP-only options are used in TCP mode + - [MINOR] config: allow "slowstart 0s" + - [BUILD] 'make tags' did not consider files ending in '.c' + - [MINOR] checks: add the ability to disable a server in the config + +2010/03/17 : 1.4.2 + - [CLEANUP] product branch update + - [DOC] Some more documentation cleanups + - [BUG] clf logs segfault when capturing a non existant header + - [OPTIM] config: only allocate check buffer when checks are enabled + - [MEDIUM] checks: support multi-packet health check responses + - [CLEANUP] session: remove duplicate test + - [BUG] http: don't wait for response data to leave buffer is client has left + - [MINOR] proto_uxst: set accept_date upon accept() to the wall clock time + - [MINOR] stats: don't send empty lines in "show errors" + - [MINOR] stats: make the data dump function reusable for other purposes + - [MINOR] stats socket: add show sess to dump details about a session + - [BUG] stats: connection reset counters must be plain ascii, not HTML + - [BUG] url_param hash may return a down server + - [MINOR] force null-termination of hostname + - [MEDIUM] connect to servers even when the input has already been closed + - [BUG] don't merge anonymous ACLs ! + - [BUG] config: fix endless loop when parsing "on-error" + - [MINOR] http: don't mark a server as failed when it returns 501/505 + - [OPTIM] checks: try to detect the end of response without polling again + - [BUG] checks: don't report an error when recv() returns an error after data + - [BUG] checks: don't abort when second poll returns an error + - [MINOR] checks: make shutdown() silently fail + - [BUG] http: fix truncated responses on chunk encoding when size divides buffer size + - [BUG] init: unconditionally catch SIGPIPE + - [BUG] checks: don't wait for a close to start parsing the response + +2010/03/04 : 1.4.1 + - [BUG] Clear-cookie path issue + - [DOC] fix typo on stickiness rules + - [BUILD] fix BSD and OSX makefiles for missing files + - [BUILD] includes order breaks OpenBSD build + - [BUILD] fix some build warnings on Solaris with is* macros + - [BUG] logs: don't report "last data" when we have just closed after an error + - [BUG] logs: don't report "proxy request" when server closes early + - [BUILD] fix platform-dependant build issues related to crypt() + - [STATS] count transfer aborts caused by client and by server + - [STATS] frontend requests were not accounted for failed requests + - [MINOR] report total number of processed connections when stopping a proxy + - [DOC] be more clear about the limitation to one single monitor-net entry + +2010/02/26 : 1.4.0 + - [MINOR] stats: report maint state for tracking servers too + - [DOC] fix summary to add pattern extraction + - [DOC] Documentation cleanups + - [BUG] cfgparse memory leak and missing free calls in deinit() + - [BUG] pxid/puid/luid: don't shift IDs when some of them are forced + - [EXAMPLES] add auth.cfg + - [BUG] uri_auth: ST_SHLGNDS should be 0x00000008 not 0x0000008 + - [BUG] uri_auth: do not attemp to convert uri_auth -> http-request more than once + - [BUILD] auth: don't use unnamed unions + - [BUG] config: report unresolvable host names as errors + - [BUILD] fix build breakage with DEBUG_FULL + - [DOC] fix a typo about timeout check and clarify the explanation. + - [MEDIUM] http: don't use trash to realign large buffers + - [STATS] report HTTP requests (total and rate) in frontends + - [STATS] separate frontend and backend HTTP stats + - [MEDIUM] http: revert to use a swap buffer for realignment + - [MINOR] stats: report the request rate in frontends as cell titles + - [MINOR] stats: mark areas with an underline when tooltips are available + - [DOC] reorder some entries to maintain the alphabetical order + - [DOC] cleanup of the keyword matrix + +2010/02/02 : 1.4-rc1 + - [MEDIUM] add a maintenance mode to servers + - [MINOR] http-auth: last fix was wrong + - [CONTRIB] add base64rev-gen.c that was used to generate the base64rev table. + - [MINOR] Base64 decode + - [MINOR] generic auth support with groups and encrypted passwords + - [MINOR] add ACL_TEST_F_NULL_MATCH + - [MINOR] http-request: allow/deny/auth support for frontend/backend/listen + - [MINOR] acl: add http_auth and http_auth_group + - [MAJOR] use the new auth framework for http stats + - [DOC] add info about userlists, http-request and http_auth/http_auth_group acls + - [STATS] make it possible to change a CLI connection timeout + - [BUG] patterns: copy-paste typo in type conversion arguments + - [MINOR] pattern: make the converter more flexible by supporting void* and int args + - [MINOR] standard: str2mask: string to netmask converter + - [MINOR] pattern: add support for argument parsers for converters + - [MINOR] pattern: add the "ipmask()" converting function + - [MINOR] config: off-by-one in "stick-table" after list of converters + - [CLEANUP] acl, patterns: make use of my_strndup() instead of malloc+memcpy + - [BUG] restore accidentely removed line in last patch ! + - [MINOR] checks: make the HTTP check code add the CRLF itself + - [MINOR] checks: add the server's status in the checks + - [BUILD] halog: make without arch-specific optimizations + - [BUG] halog: fix segfault in case of empty log in PCT mode (cherry picked from commit fe362fe4762151d209b9656639ee1651bc2b329d) + - [MINOR] http: disable keep-alive when process is going down + - [MINOR] acl: add build_acl_cond() to make it easier to add ACLs in config + - [CLEANUP] config: use build_acl_cond() instead of parse_acl_cond() + - [CLEANUP] config: use warnif_cond_requires_resp() to check for bad ACLs + - [MINOR] prepare req_*/rsp_* to receive a condition + - [CLEANUP] config: specify correct const char types to warnif_* functions + - [MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords + - [MEDIUM] http: make the request filter loop check for optional conditions + - [MEDIUM] http: add support for conditional request filter execution + - [DOC] add some build info about the AIX platform (cherry picked from commit e41914c77edbc40aebf827b37542d37d758e371e) + - [MEDIUM] http: add support for conditional request header addition + - [MEDIUM] http: add support for conditional response header rewriting + - [DOC] add some missing ACLs about response header matching + - [MEDIUM] http: add support for proxy authentication + - [MINOR] http-auth: make the 'unless' keyword work as expected + - [CLEANUP] config: use build_acl_cond() to simplify http-request ACL parsing + - [MEDIUM] add support for anonymous ACLs + - [MEDIUM] http: switch to tunnel mode after status 101 responses + - [MEDIUM] http: stricter processing of the CONNECT method + - [BUG] config: reset check request to avoid double free when switching to ssl/sql + - [MINOR] config: fix too large ssl-hello-check message. + - [BUG] fix error response in case of server error + +2010/01/25 : 1.4-dev8 + - [CLEANUP] Keep in sync "defaults" support between documentation and code + - [MEDIUM] http: add support for Proxy-Connection header + - [CRITICAL] buffers: buffer_insert_line2 must not change the ->w entry + - [MINOR] http: remove a copy-paste typo in transaction cleaning + - [BUG] http: trim any excess buffer data when recycling a connection + +2010/01/25 : 1.4-dev7 + - [BUG] appsession: possible memory leak in case of out of memory condition + - [MINOR] config: don't accept 'appsession' in defaults section + - [MINOR] Add function to parse a size in configuration + - [MEDIUM] Add stick table (persistence) management functions and types + - [MEDIUM] Add pattern fetch management types and functions + - [MEDIUM] Add src dst and dport pattern fetches. + - [MEDIUM] Add stick table configuration and init. + - [MEDIUM] Add stick and store rules analysers. + - [MINOR] add option "mysql-check" to use MySQL health checks + - [BUG] health checks: fix requeued message + - [OPTIM] remove SSP_O_VIA and SSP_O_STATUS + - [BUG] checks: fix newline termination + - [MINOR] acl: add fe_id/so_id to match frontend's and socket's id + - [BUG] appsession's sessid must be reset at end of transaction + - [BUILD] appsession did not build anymore under gcc-2.95 + - [BUG] server redirection used an uninitialized string. + - [MEDIUM] http: fix handling of message pointers + - [MINOR] http: fix double slash prefix with server redirect + - [MINOR] http redirect: add the ability to append a '/' to the URL + - [BUG] stream_interface: fix retnclose and remove cond_close + - [MINOR] http redirect: don't explicitly state keep-alive on 1.1 + - [MINOR] http: move appsession 'sessid' from session to http_txn + - [OPTIM] reorder http_txn to optimize cache lines placement + - [MINOR] http: differentiate waiting for new request and waiting for a complete requst + - [MINOR] http: add a separate "http-keep-alive" timeout + - [MINOR] config: remove undocumented and buggy 'timeout appsession' + - [DOC] fix various too large lines + - [DOC] remove several trailing spaces + - [DOC] add the doc about stickiness + - [BUILD] remove a warning in standard.h on AIX + - [BUG] checks: chars are unsigned on AIX, check was always true + - [CLEANUP] stream_sock: MSG_NOSIGNAL is only for send(), not recv() + - [BUG] check: we must not check for error before reading a response + - [BUG] buffers: remove remains of wrong obsolete length check + - [OPTIM] stream_sock: don't shutdown(write) when the socket is in error + - [BUG] http: don't count req errors on client resets or t/o during keep-alive + - [MEDIUM] http: don't switch to tunnel mode upon close + - [DOC] add documentation about connection header processing + - [MINOR] http: add http_remove_header2() to remove a header value. + - [MINOR] tools: add a "word_match()" function to match words and ignore spaces + - [MAJOR] http: rework request Connection header handling + - [MAJOR] http: rework response Connection header handling + - [MINOR] add the ability to force kernel socket buffer size. + - [BUG] http_server_error() must not purge a previous pending response + - [OPTIM] http: don't delay response if next request is incomplete + - [MINOR] add the "force-persist" statement to force persistence on down servers + - [MINOR] http: logs must report persistent connections to down servers + - [BUG] buffer_replace2 must never change the ->w entry + +2010/01/08 : 1.4-dev6 + - [BUILD] warning in stream_interface.h + - [BUILD] warning ultoa_r returns char * + - [MINOR] hana: only report stats if it is enabled + - [MINOR] stats: add "a link" & "a href" for sockets + - [MINOR]: stats: add show-legends to report additional informations + - [MEDIUM] default-server support + - [BUG]: add 'observer', 'on-error', 'error-limit' to supported options list + - [MINOR] stats: add href to tracked server + - [BUG] stats: show UP/DOWN status also in tracking servers + - [DOC] Restore ability to search a keyword at the beginning of a line + - [BUG] stats: cookie should be reported under backend not under proxy + - [BUG] cfgparser/stats: fix error message + - [BUG] http: disable auto-closing during chunk analysis + - [BUG] http: fix hopefully last closing issue on data forwarding + - [DEBUG] add an http_silent_debug function to debug HTTP states + - [MAJOR] http: fix again the forward analysers + - [BUG] http_process_res_common() must not skip the forward analyser + - [BUG] http: some possible missed close remain in the forward chain + - [BUG] http: redirect needed to be updated after recent changes + - [BUG] http: don't set no-linger on response in case of forced close + - [MEDIUM] http: restore the original behaviour of option httpclose + - [TESTS] add a file to test various connection modes + - [BUG] http: check options before the connection header + - [MAJOR] session: fix the order by which the analysers are run + - [MEDIUM] session: also consider request analysers added during response + - [MEDIUM] http: make safer use of the DONT_READ and AUTO_CLOSE flags + - [BUG] http: memory leak with captures when using keep-alive + - [BUG] http: fix for capture memory leak was incorrect + - [MINOR] http redirect: use proper call to return last response + - [MEDIUM] http: wait for some flush of the response buffer before a new request + - [MEDIUM] session: limit the number of analyser loops + +2010/01/03 : 1.4-dev5 + - [MINOR] server tracking: don't care about the tracked server's mode + - [MEDIUM] appsession: add "len", "prefix" and "mode" options + - [MEDIUM] appsession: add the "request-learn" option + - [BUG] Configuration parser bug when escaping characters + - [MINOR] CSS & HTML fun + - [MINOR] Collect & provide http response codes received from servers + - [BUG] Fix silly typo: hspr_other -> hrsp_other + - [MINOR] Add "a name" to stats page + - [MINOR] add additional "a href"s to stats page + - [MINOR] Collect & provide http response codes for frontends, fix backends + - [DOC] some small spell fixes and unifications + - [MEDIUM] Decrease server health based on http responses / events, version 3 + - [BUG] format '%d' expects type 'int', but argument 5 has type 'long int' + - [BUG] config: fix erroneous check on cookie domain names, again + - [BUG] Healthchecks: get a proper error code if connection cannot be completed immediately + - [DOC] trivial fix for man page + - [MINOR] config: report all supported options for the "bind" keyword + - [MINOR] tcp: add support for the defer_accept bind option + - [MINOR] unix socket: report the socket path in case of bind error + - [CONTRIB] halog: support searching by response time + - [DOC] add a reminder about obsolete documents + - [DOC] point to 1.4 doc, not 1.3 + - [DOC] option tcp-smart-connect was missing from index + - [MINOR] http: detect connection: close earlier + - [CLEANUP] sepoll: clean up the fd_clr/fd_set functions + - [OPTIM] move some rarely used fields out of fdtab + - [MEDIUM] fd: merge fd_list into fdtab + - [MAJOR] buffer: flag BF_DONT_READ to disable reads when not required + - [MINOR] http: add new transaction flags for keep-alive and content-length + - [MEDIUM] http request: parse connection, content-length and transfer-encoding + - [MINOR] http request: update the TX_SRV_CONN_KA flag on rewrite + - [MINOR] http request: simplify the test of no-data + - [MEDIUM] http request: simplify POST length detection + - [MEDIUM] http request: make use of pre-parsed transfer-encoding header + - [MAJOR] http: create the analyser which waits for a response + - [MINOR] http: pre-set the persistent flags in the transaction + - [MEDIUM] http response: check body length and set transaction flags + - [MINOR] http response: update the TX_CLI_CONN_KA flag on rewrite + - [MINOR] http: remove the last call to stream_int_return + - [IMPORT] import ebtree v5.0 into directory ebtree/ + - [MEDIUM] build: switch ebtree users to use new ebtree version + - [CLEANUP] ebtree: remove old unused files + - [BUG] definitely fix regparm issues between haproxy core and ebtree + - [CLEANUP] ebtree: cast to char * to get rid of gcc warning + - [BUILD] missing #ifndef in ebmbtree.h + - [BUILD] missing #ifndef in ebsttree.h + - [MINOR] tools: add hex2i() function to convert hex char to int + - [MINOR] http: create new MSG_BODY sub-states + - [BUG] stream_sock: BUF_INFINITE_FORWARD broke splice on 64-bit platforms + - [DOC] option is "defer-accept", not "defer_accept" + - [MINOR] http: keep pointer to beginning of data + - [BUG] x-original-to: name was not set in default instance + - [MINOR] http: detect tunnel mode and set it in the session + - [BUG] config: fix error message when config file is not found + - [BUG] config: fix wrong handling of too large argument count + - [BUG] config: disable 'option httplog' on TCP proxies + - [BUG] config: fix erroneous check on cookie domain names + - [BUG] config: cookie domain was ignored in defaults sections + - [MINOR] config: support passing multiple "domain" statements to cookies + - [MINOR] ebtree: add functions to lookup non-null terminated strings + - [MINOR] config: don't report error on all subsequent files on failure + - [BUG] second fix for the printf format warning + - [BUG] check_post: limit analysis to the buffer length + - [MEDIUM] http: process request body in a specific analyser + - [MEDIUM] backend: remove HTTP POST parsing from get_server_ph_post() + - [MAJOR] http: completely process the "connection" header + - [MINOR] http: only consider chunk encoding with HTTP/1.1 + - [MAJOR] buffers: automatically compute the maximum buffer length + - [MINOR] http: move the http transaction init/cleanup code to proto_http + - [MINOR] http: move 1xx handling earlier to eliminate a lot of ifs + - [MINOR] http: introduce a new synchronisation state : HTTP_MSG_DONE + - [MEDIUM] http: rework chunk-size parser + - [MEDIUM] http: add a new transaction flags indicating if we know the transfer length + - [MINOR] buffers: add buffer_ignore() to skip some bytes + - [BUG] http: offsets are relative to the buffer, not to ->som + - [MEDIUM] http: automatically re-aling request buffer + - [BUG] http: body parsing must consider the start of message + - [MINOR] new function stream_int_cond_close() + - [MAJOR] http: implement body parser + - [BUG] http: typos on several unlikely() around header insertion + - [BUG] stream_sock: wrong max computation on recv + - [MEDIUM] http: rework the buffer alignment logic + - [BUG] buffers: wrong size calculation for displaced data + - [MINOR] stream_sock: prepare for closing when all pending data are sent + - [MEDIUM] http: add two more states for the closing period + - [MEDIUM] http: properly handle "option forceclose" + - [MINOR] stream_sock: add SI_FL_NOLINGER for faster close + - [MEDIUM] http: make forceclose use SI_FL_NOLINGER + - [MEDIUM] session: set SI_FL_NOLINGER when aborting on write timeouts + - [MEDIUM] http: add some SI_FL_NOLINGER around server errors + - [MINOR] config: option forceclose is valid in frontends too + - [BUILD] halog: insufficient include path in makefile + - [MEDIUM] http: make the analyser not rely on msg being initialized anymore + - [MEDIUM] http: make the parsers able to wait for a buffer flush + - [MAJOR] http: add support for option http-server-close + - [BUG] http: ensure we abort data transfer on write error + - [BUG] last fix was overzealous and disabled server-close + - [BUG] http: fix erroneous trailers size computation + - [MINOR] stream_sock: enable MSG_MORE when forwarding finite amount of data + - [OPTIM] http: set MSG_MORE on response when a pipelined request is pending + - [BUG] http: redirects were broken by chunk changes + - [BUG] http: the request URI pointer is relative to the buffer + - [OPTIM] http: don't immediately enable reading on request + - [MINOR] http: move redirect messages to HTTP/1.1 with a content-length + - [BUG] http: take care of errors, timeouts and aborts during the data phase + - [MINOR] http: don't wait for sending requests to the server + - [MINOR] http: make the conditional redirect support keep-alive + - [BUG] http: fix cookie parser to support spaces and commas in values + - [MINOR] config: some options were missing for "redirect" + - [MINOR] redirect: add support for unconditional rules + - [MINOR] config: centralize proxy struct initialization + - [MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements + - [MEDIUM] config: remove the limitation of 10 config files + - [CLEANUP] http: remove a remaining impossible condition + - [OPTIM] http: optimize a bit the construct of the forward loops + +2009/10/12 : 1.4-dev4 + - [DOC] add missing rate_lim and rate_max + - [MAJOR] struct chunk rework + - [MEDIUM] Health check reporting code rework + health logging, v3 + - [BUG] check if rise/fall has an argument and it is > 0 + - [MINOR] health checks logging unification + - [MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 + - [MINOR] Allow dots in show-node & add "white-space: nowrap" in th.pxname. + - [DOC] Add information about http://haproxy.1wt.eu/contrib.html + - [MINOR] Introduce include/types/counters.h + - [CLEANUP] Move counters to dedicated structures + - [MINOR] Add "clear counters" to clear statistics counters + - [MEDIUM] Collect & provide separate statistics for sockets, v2 + - [BUG] Fix NULL pointer dereference in stats_check_uri_auth(), v2 + - [MINOR] acl: don't report valid acls as potential mistakes + - [MINOR] Add cut_crlf(), ltrim(), rtrim() and alltrim() + - [MINOR] Add chunk_htmlencode and chunk_asciiencode + - [MINOR] Capture & display more data from health checks, v2 + - [BUG] task.c: don't assing last_timer to node-less entries + - [BUG] http stats: large outputs sometimes got some parts chopped off + - [MINOR] backend: export some functions to recount servers + - [MINOR] backend: uninline some LB functions + - [MINOR] include time.h from freq_ctr.h as is uses "now". + - [CLEANUP] backend: move LB algos to individual files + - [MINOR] lb_map: reorder code in order to ease integration of new hash functions + - [CLEANUP] proxy: move last lb-specific bits to their respective files + - [MINOR] backend: separate declarations of LB algos from their lookup method + - [MINOR] backend: reorganize the LB algorithm selection + - [MEDIUM] backend: introduce the "static-rr" LB algorithm + - [MINOR] report list of supported pollers with -vv + - [DOC] log-health-checks is an option, not a directive + - [MEDIUM] new option "independant-streams" to stop updating read timeout on writes + - [BUG] stats: don't call buffer_shutw(), but ->shutw() instead + - [MINOR] stats: strip CR and LF from the input command line + - [BUG] don't refresh timeouts late after detected activity + - [MINOR] stats_dump_errors_to_buffer: use buffer_feed_chunk() + - [MINOR] stats_dump_sess_to_buffer: use buffer_feed_chunk() + - [MINOR] stats: make stats_dump_raw_to_buffer() use buffer_feed_chunk + - [MEDIUM] stats: don't use s->ana_state anymore + - [MINOR] remove now obsolete ana_state from the session struct + - [MEDIUM] stats: make HTTP stats use an I/O handler + - [MEDIUM] stream_int: adjust WAIT_ROOM handling + - [BUG] config: look for ID conflicts in all sockets, not only last ones. + - [MINOR] config: reference file and line with any listener/proxy/server declaration + - [MINOR] config: report places of duplicate names or IDs + - [MINOR] config: add pointer to file name in block/redirect/use_backend/monitor rules + - [MINOR] tools: add a new get_next_id() function + - [MEDIUM] config: automatically find unused IDs for proxies, servers and listeners + - [OPTIM] counters: move some max numbers to the counters struct + - [BUG] counters: fix segfault on missing counters for a listener + - [MEDIUM] backend: implement consistent hashing variation + - [MINOR] acl: add fe_conn, be_conn, queue, avg_queue + - [MINOR] stats: use 'clear counters all' to clear all values + - [MEDIUM] add access restrictions to the stats socket + - [MINOR] buffers: add buffer_feed2() and make buffer_feed() measure string length + - [MINOR] proxy: provide function to retrieve backend/server pointers + - [MINOR] add the "initial weight" to the server struct. + - [MEDIUM] stats: add the "get weight" command to report a server's weight + - [MEDIUM] stats: add the "set weight" command + - [BUILD] add a 'make tags' target + - [MINOR] stats: add support for numeric IDs in set weight/get weight + - [MINOR] stats: use a dedicated state to output static data + - [OPTIM] stats: check free space before trying to print + +2009/09/24 : 1.4-dev3 + - [BUILD] compilation of haproxy-1.4-dev2 on FreeBSD + - [MEDIUM] Collect & show information about last health check, v3 + - [MINOR] export the hostname variable so that all the code can access it + - [MINOR] stats: add a new node-name setting + - [MEDIUM] remove old experimental tcpsplice option + - [BUILD] fix build for systems without SOL_TCP + - [MEDIUM] move connection establishment from backend to the SI. + - [MEDIUM] make the global stats socket part of a frontend + - [MEDIUM] session: account per-listener connections + - [MINOR] session: switch to established state if no connect function + - [MEDIUM] make the unix stats sockets use the generic session handler + - [CLEANUP] unix: remove uxst_process_session() + - [CLEANUP] move remaining stats sockets code to dumpstats + - [MINOR] move the initial task's nice value to the listener + - [MINOR] cleanup set_session_backend by using pre-computed analysers + - [MINOR] set s->srv_error according to the analysers + - [MEDIUM] set rep->analysers from fe and be analysers + - [MEDIUM] replace BUFSIZE with buf->size in computations + - [MEDIUM] make it possible to change the buffer size in the configuration + - [MEDIUM] report error on buffer writes larger than buffer size + - [MEDIUM] stream_interface: add and use ->update function to resync + - [CLEANUP] remove ifdef MSG_NOSIGNAL and define it instead + - [MEDIUM] remove TCP_CORK and make use of MSG_MORE instead + - [BUG] tarpit did not work anymore + - [MINOR] acl: add support for hdr_ip to match IP addresses in headers + - [MAJOR] buffers: fix misuse of the BF_SHUTW_NOW flag + - [MINOR] buffers: provide more functions to handle buffer data + - [MEDIUM] buffers: provide new buffer_feed*() function + - [MINOR] buffers: add peekchar and peekline functions for stream interfaces + - [MINOR] buffers: provide buffer_si_putchar() to send a char from a stream interface + - [BUG] buffer_forward() would not correctly consider data already scheduled + - [MINOR] buffers: add buffer_cut_tail() to cut only unsent data + - [MEDIUM] stream_interface: make use of buffer_cut_tail() to report errors + - [MAJOR] http: add support for HTTP 1xx informational responses + - [MINOR] buffers: inline buffer_si_putchar() + - [MAJOR] buffers: split BF_WRITE_ENA into BF_AUTO_CONNECT and BF_AUTO_CLOSE + - [MAJOR] buffers: fix the BF_EMPTY flag's meaning + - [BUG] stream_interface: SI_ST_CLO must have buffers SHUT + - [MINOR] stream_sock: don't set SI_FL_WAIT_DATA if BF_SHUTW_NOW is set + - [MEDIUM] add support for infinite forwarding + - [BUILD] stream_interface: fix conflicting declaration + - [BUG] buffers: buffer_forward() must not always clear BF_OUT_EMPTY + - [BUG] variable buffer size ignored at initialization time + - [MINOR] ensure that buffer_feed() and buffer_skip() set BF_*_PARTIAL + - [BUG] fix buffer_skip() and buffer_si_getline() to correctly handle wrap-arounds + - [MINOR] stream_interface: add SI_FL_DONT_WAKE flag + - [MINOR] stream_interface: add iohandler callback + - [MINOR] stream_interface: add functions to support running as internal/external tasks + - [MEDIUM] session: call iohandler for embedded tasks (applets) + - [MINOR] add a ->private member to the stream_interface + - [MEDIUM] stats: prepare the connection for closing before dumping + - [MEDIUM] stats: replace the stats socket analyser with an SI applet + +2009/08/09 : 1.4-dev2 + - [BUG] task: fix possible crash when some timeouts are not configured + - [BUG] log: option tcplog would log to global if no logger was defined + +2009/07/29 : 1.4-dev1 + - [MINOR] acl: add support for matching of RDP cookies + - [MEDIUM] add support for RDP cookie load-balancing + - [MEDIUM] add support for RDP cookie persistence + - [MINOR] add a new CLF log format + - [MINOR] startup: don't imply -q with -D + - [BUG] ensure that we correctly re-start old process in case of error + - [MEDIUM] add support for binding to source port ranges during connect + - [MINOR] config: track "no option"/"option" changes + - [MINOR] config: support resetting options do default values + - [MEDIUM] implement option tcp-smart-accept at the frontend + - [MEDIUM] stream_sock: implement tcp-cork for use during shutdowns on Linux + - [MEDIUM] implement tcp-smart-connect option at the backend + - [MEDIUM] add support for TCP MSS adjustment for listeners + - [MEDIUM] support setting a server weight to zero + - [MINOR] make DEFAULT_MAXCONN user-configurable at build time + - [MAJOR] session: don't clear buffer status flags anymore + - [MAJOR] session: only check for timeouts when they have just occurred. + - [MAJOR] session: simplify buffer error handling + - [MEDIUM] config: split parser and checker in two functions + - [MEDIUM] config: support loading multiple configuration files + - [MEDIUM] stream_sock: don't close prematurely when nolinger is set + - [MEDIUM] session: rework buffer analysis to permit permanent analysers + - [MEDIUM] splice: set the capability on each stream_interface + - [BUG] http: redirect rules were processed too early + - [CLEANUP] remove unused DEBUG_PARSE_NO_SPEEDUP define + - [MEDIUM] http: split request waiter from request processor + - [MEDIUM] session: tell analysers what bit they were called for + - [MAJOR] http: complete splitting of the remaining stages + - [MINOR] report in the proxies the requirements for ACLs + - [MINOR] http: rely on proxy->acl_requires to allocate hdr_idx + - [MINOR] acl: add HTTP protocol detection (req_proto_http) + - [MINOR] prepare callers of session_set_backend to handle errors + - [BUG] default ACLs did not properly set the ->requires flag + - [MEDIUM] allow a TCP frontend to switch to an HTTP backend + - [MINOR] ensure we can jump from swiching rules to http without data + - [MINOR] http: take http request timeout from the backend + - [MINOR] allow TCP inspection rules to make use of HTTP ACLs + - [BUILD] report commit date and not author's date as build date + - [MINOR] acl: don't complain anymore when using L7 acls in TCP + - [BUG] stream_sock: always shutdown(SHUT_WR) before closing + - [BUG] stream_sock: don't stop reading when the poller reports an error + - [BUG] config: tcp-request content only accepts "if" or "unless" + - [BUG] task: fix possible timer drift after update + - [MINOR] apply tcp-smart-connect option for the checks too + - [MINOR] stats: better displaying in MSIE + - [MINOR] config: improve error reporting in global section + - [MINOR] config: improve error reporting in listen sections + - [MINOR] config: the "capture" keyword is not allowed in backends + - [MINOR] config: improve error reporting when checking configuration + - [BUILD] fix a minor build warning on AIX + - [BUILD] use "git cmd" instead of "git-cmd" + - [CLEANUP] report 2009 not 2008 in the copyright banner. + - [MINOR] print usage on the stats sockets upon invalid commands + - [MINOR] acl: detect and report potential mistakes in ACLs + - [BUILD] fix incorrect printf arg count with tcp_splice + - [BUG] fix random pauses on last segment of a series + - [BUILD] add support for build under Cygwin + +2009/06/09 : 1.4-dev0 + - exact copy of 1.3.18 + +2009/05/10 : 1.3.18 + - [MEDIUM] add support for "balance hdr(name)" + - [CLEANUP] give a little bit more information in error message + - [MINOR] add X-Original-To: header + - [BUG] x-original-to: fix missing initialization to default value + - [BUILD] spec file: fix broken pipe during rpmbuild and add man file + - [MINOR] improve reporting of misplaced acl/reqxxx rules + - [MEDIUM] http: add options to ignore invalid header names + - [MEDIUM] http: capture invalid requests/responses even if accepted + - [BUILD] add format(printf) to printf-like functions + - [MINOR] fix several printf formats and missing arguments + - [BUG] stats: total and lbtot are unsigned + - [MINOR] fix a few remaining printf-like formats on 64-bit platforms + - [CLEANUP] remove unused make option from haproxy.spec + - [BUILD] make it possible to pass alternative arch at build time + - [MINOR] switch all stat counters to 64-bit + - [MEDIUM] ensure we don't recursively call pool_gc2() + - [CRITICAL] uninitialized response field can sometimes cause crashes + - [BUG] fix wrong pointer arithmetics in HTTP message captures + - [MINOR] rhel init script : support the reload operation + - [MINOR] add basic signal handling functions + - [BUILD] add signal.o to all makefiles + - [MEDIUM] call signal_process_queue from run_poll_loop + - [MEDIUM] pollers: don't wait if a signal is pending + - [MEDIUM] convert all signals to asynchronous signals + - [BUG] O(1) pollers should check their FD before closing it + - [MINOR] don't close stdio fds twice + - [MINOR] add options dontlog-normal and log-separate-errors + - [DOC] minor fixes and rearrangements + - [BUG] fix parser crash on unconditional tcp content rules + - [DOC] rearrange the configuration manual and add a summary + - [MINOR] standard: provide a new 'my_strndup' function + - [MINOR] implement per-logger log level limitation + - [MINOR] compute the max of sessions/s on fe/be/srv + - [MINOR] stats: report max sessions/s and limit in CSV export + - [MINOR] stats: report max sessions/s and limit in HTML stats + - [MINOR] stats/html: use the arial font before helvetica + +2009/03/29 : 1.3.17 + - Update specfile to build for v2.6 kernel. + - [BUG] reset the stream_interface connect timeout upon connect or error + - [BUG] reject unix accepts when connection limit is reached + - [MINOR] show sess: report number of calls to each task + - [BUG] don't call epoll_ctl() on closed sockets + - [BUG] stream_sock: disable I/O on fds reporting an error + - [MINOR] sepoll: don't count two events on the same FD. + - [MINOR] show sess: report a lot more information about sessions + - [BUG] stream_sock: check for shut{r,w} before refreshing some timeouts + - [BUG] don't set an expiration date directly from now_ms + - [MINOR] implement ulltoh() to write HTML-formatted numbers + - [MINOR] stats/html: group digits by 3 to clarify numbers + - [BUILD] remove haproxy-small.spec + - [BUILD] makefile: remove unused references to linux24eold and EPOLL_CTL_WORKAROUND + +2009/03/22 : 1.3.16 + - [BUILD] Fixed Makefile for linking pcre + - [CONTRIB] selinux policy for haproxy + - [MINOR] show errors: encode backslash as well as non-ascii characters + - [MINOR] cfgparse: some cleanups in the consistency checks + - [MINOR] cfgparse: set backends to "balance roundrobin" by default + - [MINOR] tcp-inspect: permit the use of no-delay inspection + - [MEDIUM] reverse internal proxy declaration order to match configuration + - [CLEANUP] config: catch and report some possibly wrong rule ordering + - [BUG] connect timeout is in the stream interface, not the buffer + - [BUG] session: errors were not reported in termination flags in TCP mode + - [MINOR] tcp_request: let the caller take care of errors and timeouts + - [CLEANUP] http: remove some commented out obsolete code in process_response + - [MINOR] update ebtree to version 4.1 + - [MEDIUM] scheduler: get rid of the 4 trees thanks and use ebtree v4.1 + - [BUG] sched: don't leave 3 lasts tasks unprocessed when niced tasks are present + - [BUG] scheduler: fix improper handling of duplicates __task_queue() + - [MINOR] sched: permit a task to stay up between calls + - [MINOR] task: keep a task count and clean up task creators + - [MINOR] stats: report number of tasks (active and running) + - [BUG] server check intervals must not be null + - [OPTIM] stream_sock: don't retry to read after a large read + - [OPTIM] buffer: new BF_READ_DONTWAIT flag reduces EAGAIN rates + - [MEDIUM] session: don't resync FSMs on non-interesting changes + - [BUG] check for global.maxconn before doing accept() + - [OPTIM] sepoll: do not re-check whole list upon accepts + +2009/03/09 : 1.3.16-rc2 + - [BUG] stream_sock: write timeout must be updated when forwarding ! + +2009/03/09 : 1.3.16-rc1 + - appsessions: cleanup DEBUG_HASH and initialize request_counter + - [MINOR] acl: add new keyword "connslots" + - [MINOR] cfgparse: fix off-by 2 in error message size + - [BUILD] fix build with gcc 4.3 + - [BUILD] fix MANDIR default location to match documentation + - [TESTS] add a debug patch to help trigger the stats bug + - [BUG] Flush buffers also where there are exactly 0 bytes left + - [MINOR] Allow to specify a domain for a cookie + - [BUG/CLEANUP] cookiedomain -> cookie_domain rename + free(p->cookie_domain) + - [MEDIUM] Fix memory freeing at exit + - [MEDIUM] Fix memory freeing at exit, part 2 + - [BUG] Fix listen & more of 2 couples : + - [DOC] remove buggy comment for use_backend + - [CRITICAL] fix server state tracking: it was O(n!) instead of O(n) + - [MEDIUM] add support for URI hash depth and length limits + - [MINOR] permit renaming of x-forwarded-for header + - [BUILD] fix Makefile.bsd and Makefile.osx for stream_interface + - [BUILD] Haproxy won't compile if DEBUG_FULL is defined + - [MEDIUM] upgrade to ebtree v4.0 + - [DOC] update the README file with new build options + - [MEDIUM] reduce risk of event starvation in ev_sepoll + - [MEDIUM] detect streaming buffers and tag them as such + - [MEDIUM] add support for conditional HTTP redirection + - [BUILD] make install should depend on haproxy not "all" + - [DEBUG] add a TRACE macro to facilitate runtime data extraction + - [BUG] event pollers must not wait if a task exists in the run queue + - [BUG] queue management: wake oldest request in queues + - [BUG] log: reported queue position was offed-by-one + - [BUG] fix the dequeuing logic to ensure that all requests get served + - [DOC] documentation for the "retries" parameter was missing. + - [MEDIUM] implement a monotonic internal clock + - [MEDIUM] further improve monotonic clock by check forward jumps + - [OPTIM] add branch prediction hints in list manipulations + - [MAJOR] replace ultree with ebtree in wait-queues + - [BUG] we could segfault during exit while freeing uri_auths + - [BUG] wqueue: perform proper timeout comparisons with wrapping values + - [MINOR] introduce now_ms, the current date in milliseconds + - [BUG] disable buffer read timeout when reading stats + - [MEDIUM] rework the wait queue mechanism + - [BUILD] change declaration of base64tab to fix build with Intel C++ + - [OPTIM] shrink wake_expired_tasks() by using task_wakeup() + - [MAJOR] use an ebtree instead of a list for the run queue + - [MEDIUM] introduce task->nice and boot access to statistics + - [OPTIM] task_queue: assume most consecutive timers are equal + - [BUILD] silent a warning in unlikely() with gcc 4.x + - [MAJOR] convert all expiration timers from timeval to ticks + - [BUG] use_backend would not correctly consider "unless" + - [TESTS] added test-acl.cfg to test some ACL combinations + - [MEDIUM] add support for configuration keyword registration + - [MEDIUM] modularize the global "stats" keyword configuration parser + - [MINOR] cfgparse: add support for warnings in external functions + - [MEDIUM] modularize the "timeout" keyword configuration parser + - [MAJOR] implement tcp request content inspection + - [MINOR] acl: add a new parsing function: parse_dotted_ver + - [MINOR] acl: add req_ssl_ver in TCP, to match an SSL version + - [CLEANUP] remove unused include/types/client.h + - [CLEANUP] remove many #include from C files + - [CLEANUP] remove dependency on obsolete INTBITS macro + - [DOC] document the new "tcp-request" keyword and associated ACLs + - [MINOR] acl: add REQ_CONTENT to the list of default acls + - [MEDIUM] acl: permit fetch() functions to set the result themselves + - [MEDIUM] acl: get rid of dummy values in always_true/always_false + - [MINOR] acl: add the "wait_end" acl verb + - [MEDIUM] acl: enforce ACL type checking + - [MEDIUM] acl: set types on all currently known ACL verbs + - [MEDIUM] acl: when possible, report the name and requirements of ACLs in warnings + - [CLEANUP] remove 65 useless NULL checks before free + - [MEDIUM] memory: update pool_free2() to support NULL pointers + - [MEDIUM] buffers: ensure buffer_shut* are properly called upon shutdowns + - [MEDIUM] process_srv: rely on buffer flags for client shutdown + - [MEDIUM] process_srv: don't rely at all on client state + - [MEDIUM] process_cli: don't rely at all on server state + - [BUG] fix segfault with url_param + check_post + - [BUG] server timeout was not considered in some circumstances + - [BUG] client timeout incorrectly rearmed while waiting for server + - [MAJOR] kill CL_STINSPECT and CL_STHEADERS (step 1) + - [MAJOR] get rid of SV_STANALYZE (step 2) + - [MEDIUM] simplify and centralize request timeout cancellation and request forwarding + - [MAJOR] completely separate HTTP and TCP states on the request path + - [BUG] fix recently introduced loop when client closes early + - [MAJOR] get rid of the SV_STHEADERS state + - [MAJOR] better separation of response processing and server state + - [MAJOR] clearly separate HTTP response processing from TCP server state + - [MEDIUM] remove unused references to {CL|SV}_STSHUT* + - [MINOR] term_trace: add better instrumentations to trace the code + - [BUG] ev_sepoll: closed file descriptors could persist in the spec list + - [BUG] process_response must not enable the read FD + - [BUG] buffers: remove BF_MAY_CONNECT and fix forwarding issue + - [BUG] process_response: do not touch srv_state + - [BUG] maintain_proxies must not disable backends + - [CLEANUP] get rid of BF_SHUT*_PENDING + - [MEDIUM] buffers: add BF_EMPTY and BF_FULL to remove dependency on req/rep->l + - [MAJOR] process_session: rely only on buffer flags + - [MEDIUM] use buffer->wex instead of buffer->cex for connect timeout + - [MEDIUM] centralize buffer timeout checks at the top of process_session + - [MINOR] ensure the termination flags are set by process_xxx + - [MEDIUM] session: move the analysis bit field to the buffer + - [OPTIM] process_cli/process_srv: reduce the number of tests + - [BUG] regparm is broken on gcc < 3 + - [BUILD] fix warning in proto_tcp.c with gcc >= 4 + - [MEDIUM] merge inspect_exp and txn->exp into request buffer + - [BUG] process_cli/process_srv: don't call shutdown when already done + - [BUG] process_request: HTTP body analysis must return zero if missing data + - [TESTS] test-fsm: 22 regression tests for state machines + - [BUG] Fix empty X-Forwarded-For header name when set in defaults section + - [BUG] fix harmless but wrong fd insertion sequence + - [MEDIUM] make it possible for analysers to follow the whole session + - [MAJOR] rework of the server FSM + - [OPTIM] remove useless fd_set(read) upon shutdown(write) + - [MEDIUM] massive cleanup of process_srv() + - [MEDIUM] second level of code cleanup for process_srv_data + - [MEDIUM] third cleanup and optimization of process_srv_data() + - [MEDIUM] process_srv_data: ensure that we always correctly re-arm timeouts + - [MEDIUM] stream_sock_process_data moved to stream_sock.c + - [MAJOR] make the client side use stream_sock_process_data() + - [MEDIUM] split stream_sock_process_data + - [OPTIM] stream_sock_read must check for null-reads more often + - [MINOR] only call flow analysers when their read side is connected. + - [MEDIUM] reintroduce BF_HIJACK with produce_content + - [MINOR] re-arrange buffer flags and rename some of them + - [MINOR] do not check for BF_SHUTR when computing write timeout + - [OPTIM] ev_sepoll: detect newly created FDs and check them once + - [OPTIM] reduce the number of calls to task_wakeup() + - [OPTIM] force inlining of large functions with gcc >= 3 + - [MEDIUM] indicate a reason for a task wakeup + - [MINOR] change type of fdtab[]->owner to void* + - [MAJOR] make stream sockets aware of the stream interface + - [MEDIUM] stream interface: add the ->shutw method as well as in and out buffers + - [MEDIUM] buffers: add BF_READ_ATTACHED and BF_ANA_TIMEOUT + - [MEDIUM] process_session: make use of the new buffer flags + - [CLEANUP] process_session: move debug outputs out of the critical loop + - [MEDIUM] move QUEUE and TAR timers to stream interfaces + - [OPTIM] add compiler hints in tick_is_expired() + - [MINOR] add buffer_check_timeouts() to check what timeouts have fired. + - [MEDIUM] use buffer_check_timeouts instead of stream_sock_check_timeouts() + - [MINOR] add an expiration flag to the stream_sock_interface + - [MAJOR] migrate the connection logic to stream interface + - [MAJOR] add a connection error state to the stream_interface + - [MEDIUM] add the SN_CURR_SESS flag to the session to track open sessions + - [MEDIUM] continue layering cleanups. + - [MEDIUM] stream_interface: added a DISconnected state between CON/EST and CLO + - [MEDIUM] remove stream_sock_update_data() + - [MINOR] maintain a global session list in order to ease debugging + - [BUG] shutw must imply close during a connect + - [MEDIUM] process shutw during connection attempt + - [MEDIUM] make the stream interface control the SHUT{R,W} bits + - [MAJOR] complete layer4/7 separation + - [CLEANUP] move the session-related functions to session.c + - [MINOR] call session->do_log() for logging + - [MINOR] replace the ambiguous client_return function by stream_int_return + - [MINOR] replace client_retnclose() with stream_int_retnclose() + - [MINOR] replace srv_close_with_err() with http_server_error() + - [MEDIUM] make the http server error function a pointer in the session + - [CLEANUP] session.c: removed some migration left-overs in sess_establish() + - [MINOR] stream_sock_data_finish() should not expose fd + - [MEDIUM] extract TCP request processing from HTTP + - [MEDIUM] extract the HTTP tarpit code from process_request(). + - [MEDIUM] move the HTTP request body analyser out of process_request(). + - [MEDIUM] rename process_request to http_process_request + - [BUG] fix forgotten server session counter + - [MINOR] declare process_session in session.h, not proto_http.h + - [MEDIUM] first pass of lifting to proto_uxst.c:uxst_event_accept() + - [MINOR] add an analyser code for UNIX stats request + - [MINOR] pre-set analyser flags on the listener at registration time + - [BUG] do not forward close from cons to prod with analysers + - [MEDIUM] ensure that sock->shutw() also closes read for init states + - [MINOR] add an analyser state in struct session + - [MAJOR] make unix sockets work again with stats + - [MEDIUM] remove cli_fd, srv_fd, cli_state and srv_state from the session + - [MINOR] move the listener reference from fd to session + - [MEDIUM] reference the current hijack function in the buffer itself + - [MINOR] slightly rebalance stats_dump_{raw,http} + - [MINOR] add a new back-reference type : struct bref + - [MINOR] add back-references to sessions for later use by a dumper. + - [MEDIUM] add support for "show sess" in unix stats socket + - [BUG] do not release the connection slot during a retry + - [BUG] dynamic connection throttling could return a max of zero conns + - [BUG] do not try to pause backends during reload + - [BUG] ensure that listeners from disabled proxies are correctly unbound. + - [BUG] acl-related keywords are not allowed in defaults sections + - [BUG] cookie capture is declared in the frontend but checked on the backend + - [BUG] critical errors should be reported even in daemon mode + - [MINOR] redirect: add support for the "drop-query" option + - [MINOR] redirect: add support for "set-cookie" and "clear-cookie" + - [MINOR] redirect: in prefix mode a "/" means not to change the URI + - [BUG] do not dequeue requests on a dead server + - [BUG] do not dequeue the backend's pending connections on a dead server + - [MINOR] stats: indicate if a task is running in "show sess" + - [BUG] check timeout must not be changed if timeout.check is not set + - [BUG] "option transparent" is for backend, not frontend ! + - [MINOR] transfer errors were not reported anymore in data phase + - [MEDIUM] add a send limit to a buffer + - [MEDIUM] don't report buffer timeout when there is I/O activity + - [MEDIUM] indicate when we don't care about read timeout + - [MINOR] add flags to indicate when a stream interface is waiting for space/data + - [MEDIUM] enable inter-stream_interface wakeup calls + - [MAJOR] implement autonomous inter-socket forwarding + - [MINOR] add the splice_len member to the buffer struct in preparation of splice support + - [MEDIUM] stream_sock: factor out the return path in case of no-writes + - [MEDIUM] i/o: rework ->to_forward and ->send_max + - [OPTIM] stream_sock: do not ask for polling on EAGAIN if we have read + - [OPTIM] buffer: replace rlim by max_len + - [OPTIM] stream_sock: factor out the buffer full handling out of the loop + - [CLEANUP] replace a few occurrences of (flags & X) && !(flags & Y) + - [CLEANUP] stream_sock: move the write-nothing condition out of the loop + - [MEDIUM] split stream_sock_write() into callback and core functions + - [MEDIUM] stream_sock_read: call ->chk_snd whenever there are data pending + - [MINOR] stream_sock: fix a few wrong empty calculations + - [MEDIUM] stream_sock: try to send pending data on chk_snd() + - [MINOR] global.maxpipes: add the ability to reserve file descriptors for pipes + - [MEDIUM] splice: add configuration options and set global.maxpipes + - [MINOR] introduce structures required to support Linux kernel splicing + - [MEDIUM] add definitions for Linux kernel splicing + - [MAJOR] complete support for linux 2.6 kernel splicing + - [BUG] reserve some pipes for backends with splice enabled + - [MEDIUM] splice: add hints to support older buggy kernels + - [MEDIUM] introduce pipe pools + - [MEDIUM] splice: make use of pipe pools + - [STATS] report pipe usage in the statistics + - [OPTIM] make global.maxpipes default to global.maxconn/4 when not specified + - [BUILD] fix snapshot date extraction with negative timezones + - [MEDIUM] move global tuning options to the global structure + - [MEDIUM] splice: add the global "nosplice" option + - [BUILD] add USE_LINUX_SPLICE to enable LINUX_SPLICE on linux 2.6 + - [BUG] we must not exit if protocol binding only returns a warning + - [MINOR] add support for bind interface name + - [BUG] inform the user when root is expected but not set + - [MEDIUM] add support for source interface binding + - [MEDIUM] add support for source interface binding at the server level + - [MEDIUM] implement bind-process to limit service presence by process + - [DOC] document maxpipes, nosplice, option splice-{auto,request,response} + - [DOC] filled the logging section of the configuration manual + - [DOC] document HTTP status codes + - [DOC] document a few missing info about errorfile + - [BUG] fix random memory corruption using "show sess" + - [BUG] fix unix socket processing of interrupted output + - [DOC] add diagrams of queuing and future ACL design + - [BUILD] proto_http did not build on gcc-2.95 + - [BUG] the "source" keyword must first clear optional settings + - [BUG] global.tune.maxaccept must be limited even in mono-process mode + - [MINOR] ensure that http_msg_analyzer updates pointer to invalid char + - [MEDIUM] store a complete dump of request and response errors in proxies + - [MEDIUM] implement error dump on unix socket with "show errors" + - [DOC] document "show errors" + - [MINOR] errors dump must use user-visible date, not internal date. + - [MINOR] time: add __usec_to_1024th to convert usecs to 1024th of second + - [MINOR] add curr_sec_ms and curr_sec_ms_scaled for current second. + - [MEDIUM] measure and report session rate on frontend, backends and servers + - [BUG] the "connslots" keyword was matched as "connlots" + - [MINOR] acl: add 2 new verbs: fe_sess_rate and be_sess_rate + - [MEDIUM] implement "rate-limit sessions" for the frontend + - [BUG] interface binding: length must include the trailing zero + - [BUG] typo in timeout error reporting : report *res and not *err + - [OPTIM] maintain_proxies: only wake up when the frontend will be ready + - [OPTIM] rate-limit: cleaner behaviour on low rates and reduce consumption + - [BUG] switch server-side stream interface to close in case of abort + - [CLEANUP] remove last references to term_trace + - [OPTIM] freq_ctr: do not rotate the counters when reading + - [BUG] disable any analysers for monitoring requests + - [BUG] rate-limit in defaults section was ignored + - [BUG] task: fix handling of duplicate keys + - [OPTIM] task: don't unlink a task from a wait queue when waking it up + - [OPTIM] displace tasks in the wait queue only if absolutely needed + - [MEDIUM] minor update to the task api: let the scheduler queue itself + - [BUG] event_accept() must always wake the task up, even in health mode + - [CLEANUP] task: distinguish between clock ticks and timers + - [OPTIM] task: reduce the number of calls to task_queue() + - [OPTIM] do not re-check req buffer when only response has changed + - [CLEANUP] don't enable kernel splicing when socket is closed + - [CLEANUP] buffer_flush() was misleading, rename it as buffer_erase + - [MINOR] buffers: implement buffer_flush() + - [MEDIUM] rearrange forwarding condition to enable splice during analysis + - [BUILD] build fixes for Solaris + - [BUILD] proto_http did not build on gcc-2.95 (again) + - [CONTRIB] halog: fast log parser for haproxy + - [CONTRIB] halog: faster fgets() and add support for percentile reporting + +2008/04/19 : 1.3.15 + - [BUILD] Added support for 'make install' + - [BUILD] Added 'install-man' make target for installing the man page + - [BUILD] Added 'install-bin' make target + - [BUILD] Added 'install-doc' make target + - [BUILD] Removed "/" after '$(DESTDIR)' in install targets + - [BUILD] Changed 'install' target to install the binaries first + - [BUILD] Replace hardcoded 'LD = gcc' with 'LD = $(CC)' + - [MEDIUM]: Inversion for options + - [MEDIUM]: Count retries and redispatches also for servers, fix redistribute_pending, extend logs, %d->%u cleanup + - [BUG]: Restore clearing t->logs.bytes + - [MEDIUM]: rework checks handling + - [DOC] Update a "contrib" file with a hint about a scheme used for formathing subjects + - [MEDIUM] Implement "track [/]" + - [MINOR] Implement persistent id for proxies and servers + - [BUG] Don't increment server connections too much + fix retries + - [MEDIUM]: Prevent redispatcher from selecting the same server, version #3 + - [MAJOR] proto_uxst rework -> SNMP support + - [BUG] appsession lookup in URL does not work + - [BUG] transparent proxy address was ignored in backend + - [BUG] hot reconfiguration failed because of a wrong error check + - [DOC] big update to the configuration manual + - [DOC] large update to the configuration manual + - [DOC] document more options + - [BUILD] major rework of the GNU Makefile + - [STATS] add support for "show info" on the unix socket + - [DOC] document options forwardfor to logasap + - [MINOR] add support for the "backlog" parameter + - [OPTIM] introduce global parameter "tune.maxaccept" + - [MEDIUM] introduce "timeout http-request" in frontends + - [MINOR] tarpit timeout is also allowed in backends + - [BUG] increment server connections for each connect() + - [MEDIUM] add a turn-around state of one second after a connection failure + - [BUG] fix typo in redispatched connection + - [DOC] document options nolinger to ssl-hello-chk + - [DOC] added documentation for "option tcplog" to "use_backend" + - [BUG] connect_server: server might not exist when sending error report + - [MEDIUM] support fully transparent proxy on Linux (USE_LINUX_TPROXY) + - [MEDIUM] add non-local bind to connect() on Linux + - [MINOR] add transparent proxy support for balabit's Tproxy v4 + - [BUG] use backend's source and not server's source with tproxy + - [BUG] fix overlapping server flags + - [MEDIUM] fix server health checks source address selection + - [BUG] build failed on CONFIG_HAP_LINUX_TPROXY without CONFIG_HAP_CTTPROXY + - [DOC] added "server", "source" and "stats" keywords + - [DOC] all server parameters have been documented + - [DOC] document all req* and rsp* keywords. + - [DOC] added documentation about HTTP header manipulations + - [BUG] log response byte count, not request + - [BUILD] code did not build in full debug mode + - [BUG] fix truncated responses with sepoll + - [MINOR] use s->frt_addr as the server's address in transparent proxy + - [MINOR] fix configuration hint about timeouts + - [DOC] minor cleanup of the doc and notice to contributors + - [MINOR] report correct section type for unknown keywords. + - [BUILD] update MacOS Makefile to build on newer versions + - [DOC] fix erroneous "useallbackups" option in the doc + - [DOC] applied small fixes from early readers + - [MINOR] add configuration support for "redir" server keyword + - [MEDIUM] completely implement the server redirection method + - [TESTS] add a test case for the server redirection mechanism + - [DOC] add a configuration entry for "server ... redir " + - [BUILD] backend.c and checks.c did not build without tproxy ! + - Revert "[BUILD] backend.c and checks.c did not build without tproxy !" + - [BUILD] backend.c and checks.c did not build without tproxy ! + - [OPTIM] used unsigned ints for HTTP state and message offsets + - [OPTIM] GCC4's builtin_expect() is suboptimal + - [BUG] failed conns were sometimes incremented in the frontend! + - [BUG] timeout.check was not pre-set to eternity + - [TESTS] add test-pollers.cfg to easily report pollers in use + - [BUG] do not apply timeout.connect in checks if unset + - [BUILD] ensure that makefile understands USE_DLMALLOC=1 + - [MINOR] silent gcc for a wrong warning + - [CLEANUP] update .gitignore to ignore more temporary files + - [CLEANUP] report dlmalloc's source path only if explictly specified + - [BUG] str2sun could leak a small buffer in case of error during parsing + - [BUG] option allbackups was not working anymore in roundrobin mode + - [MAJOR] implementation of the "leastconn" load balancing algorithm + - [BUILD] ensure that users don't build without setting the target anymore. + - [DOC] document the leastconn LB algo + - [MEDIUM] fix stats socket limitation to 16 kB + - [DOC] fix unescaped space in httpchk example. + - [BUG] fix double-decrement of server connections + - [TESTS] add a test case for port mapping + - [TESTS] add a benchmark for integer hashing + - [TESTS] add new methods in ip-hash test file + - [MAJOR] implement parameter hashing for POST requests + +2007/12/06 : 1.3.14 + - New option http_proxy (Alexandre Cassen) + - add support for "maxqueue" to limit server queue overload (Elijah Epifanov) + - Check for duplicated conflicting proxies (Krzysztof Oledzki) + - stats: report server and backend cumulated downtime (Krzysztof Oledzki) + - use backends only with use_backend directive (Krzysztof Oledzki) + - Handle long lines properly (Krzysztof Oledzki) + - Implement and use generic findproxy and relax duplicated proxy check (Krzysztof Oledzki) + - continous statistics (Krzysztof Oledzki) + - add support for logging via a UNIX socket (Robert Tsai) + - fix error checking in strl2ic/strl2uic() + - fix calls to localtime() + - provide easier-to-use ultoa_* functions + - provide easy-to-use limit_r and LIM2A* macros + - add a simple test for the status page + - move error codes to common/errors.h + - silent warning about LIST_* being redefined on OpenBSD + - add socket address length to the protocols + - group PR_O_BALANCE_* bits into a checkable value + - externalize the "balance" option parser to backend.c + - introduce the "url_param" balance method + - make default_backend work in TCP mode too + - disable warning about localtime_r on Solaris + - adjust error messages about conflicting proxies + - avoid calling some layer7 functions if not needed + - simplify error path in event_accept() + - add an options field to the listeners + - added a new state to listeners + - unbind_listener() must use fd_delete() and not close() + - add a generic unbind_listener() primitive + - add a generic delete_listener() primitive + - add a generic unbind_all_listeners() primitive + - create proto_tcp and move initialization of proxy listeners + - stats: report numerical process ID, proxy ID and server ID + - relative_pid was not initialized + - missing header names in raw stats output + - fix missing parenthesis in check_response_for_cacheability + - small optimization on session_process_counters() + - merge ebtree version 3.0 + - make ebtree headers multiple-include compatible + - ebtree: include config.h for REGPRM* + - differentiate between generic LB params and map-specific ones + - add a weight divisor to the struct proxy + - implement the Fast Weighted Round Robin (FWRR) algo + - include filltab25.c to experiment on FWRR for dynamic weights + - merge test-fwrr.cfg to validate dynamic weights + - move the load balancing algorithm to be->lbprm.algo + - change server check result to a bit field + - implement "http-check disable-on-404" for graceful shutdown + - secure the calling conditions of ->set_server_status_{up,down} + - report disabled servers as "NOLB" when they are still UP + - document the "http-check disable-on-404" option + - http-check disable-on-404 is not limited to HTTP mode + - add a test file for disable-on-404 + - use distinct bits per load-balancing algorithm type + - implement the slowstart parameter for servers + - document the server's slowstart parameter + - stats: report the server warm up status in a "throttle" column + - fix 2 minor issues on AIX + - add the "nbsrv" ACL verb + - add the "fail" condition to monitor requests + - remove a warning from gcc due to htons() in standard.c + - fwrr: ensure that we never overflow in placements + - store the build options to report with -vv + - fix the status return of the init script (R.I. Pienaar) + - stats: real time monitoring script for unix socket (Prizee) + - document "nbsrv" and "monitor fail" + - restrict the set of allowed characters for identifiers + - implement a time parsing function + - add support for time units in the configuration + - add a bit of documentation about timers + - introduce separation between contimeout, and tarpit + queue + - introduce the "timeout" keyword + - grouped all timeouts in one structure + - slowstart is in ms, not seconds + - slowstart: ensure we don't start with a null weight + - report the number of times each server was selected + - fix build on AIX due to recent log changes + - fix build on Solaris due to recent log changes + +2007/10/18 : 1.3.13 + - replace the code under O'Reilly license (Arnaud Cornet) + - add a small man page (Arnaud Cornet) + - stats: report haproxy's version by default (Krzysztof Oledzki) + - stats: count server retries and redispatches (Krzysztof Oledzki) + - core: added easy support for Doug Lea's malloc (dlmalloc) + - core: fade out memory usage when stopping proxies + - core: moved the sockaddr pointer to the fdtab structure + - core: add generic protocol support + - core: implement client-side support for PF_UNIX sockets + - stats: implement the CSV output + - stats: add a link to the CSV export HTML page + - stats: implement the statistics output on a unix socket + - config: introduce the "stats" keyword in global section + - build: centralize version and date into one file for each + - tests: added a new hash algorithm + +2007/10/18 : 1.3.12.3 + - add the "nolinger" option to disable data lingering (Alexandre Cassen) + - fix double-free during clean exit (Krzysztof Oledzki) + - prevent the system from sending an RST when closing health-checks + (Krzysztof Oledzki) + - do not add a cache-control header when on non-cacheable responses + (Krzysztof Oledzki) + - spread health checks even more (Krzysztof Oledzki) + - stats: scope "." must match the backend and not the frontend + - fixed call to chroot() during startup + - fix wrong timeout computation in event_accept() + - remove condition for exit() under fork() failure + +2007/09/20 : 1.3.12.2 + - fix configuration sanity checks for TCP listeners + - set the log socket receive window to zero bytes + - pre-initialize timeouts to infinity, not zero + - fix the SIGHUP message not to alert on server-less proxies + - timeouts and retries could be ignored when switching backend + - added a file to check that "retries" works. + - O'Reilly has clarified its license + +2007/09/05 : 1.3.12.1 + - spec I/O: fix allocations of spec entries for an FD + - ensure we never overflow in chunk_printf() + - improve behaviour with large number of servers per proxy + - add support for "stats refresh " + - stats page: added links for 'refresh' and 'hide down' + - fix backend's weight in the stats page. + - the "stats" keyword is not allowed in a pure frontend. + - provide a test configuration file for stats and checks + +2007/06/17 : 1.3.12 + - fix segfault at exit when using captures + - bug: negation in ACL conds was not cleared between terms + - errorfile: use a local file to feed error messages + - acl: support '-i' to ignore case when matching + - acl: smarter integer comparison with operators eq,lt,gt,le,ge + - acl: support maching on 'path' component + - acl: implement matching on header values + - acl: distinguish between request and response headers + - acl: permit to return any header when no name specified + - acl: provide default ACLs + - added the 'use_backend' keyword for full content-switching + - acl: specify the direction during fetches + - acl: provide the argument length for fetch functions + - acl: provide a reference to the expr to fetch() + - improve memory freeing upon exit + - str2net() must not change the const char * + - shut warnings 'is*' macros from ctype.h on solaris + +2007/06/03 : 1.3.11.4 + - do not re-arm read timeout in SHUTR state ! + - optimize I/O by detecting system starvation + - the epoll FD must not be shared between processes + - limit the number of events returned by *poll* + +2007/05/14 : 1.3.11.3 + - pre-initialize timeouts with tv_eternity during parsing + +2007/05/14 : 1.3.11.2 + - fixed broken health-checks since switch to timeval + +2007/05/14 : 1.3.11.1 + - fixed ev_kqueue which was forgotten during the switch to timeval + - allowed null timeouts for past events in select + +2007/05/14 : 1.3.11 + - fixed ev_sepoll again by rewriting the state machine + - switched all timeouts to timevals instead of milliseconds + - improved memory management using mempools v2. + - several minor optimizations + +2007/05/09 : 1.3.10.2 + - fixed build on OpenBSD (missing types.h) + +2007/05/09 : 1.3.10.1 + - fixed sepoll transition matrix (two states were missing) + +2007/05/08 : 1.3.10 + - several fixes in ev_sepoll + - fixed some expiration dates on some tasks + - fixed a bug in connection establishment detection due to speculative I/O + - fixed rare bug occuring on TCP with early close (reported by Andy Smith) + - implemented URI hashing algorithm (Guillaume Dallaire) + - implemented SMTP health checks (Peter van Dijk) + - replaced the rbtree with ul2tree from old scheduler project + - new framework for generic ACL support + - added the 'acl' and 'block' keywords to the config language + - added several ACL criteria and matches (IP, port, URI, ...) + - cleaned up and better modularization for some time functions + - fixed list macros + - fixed useless memory allocation in str2net() + - store the original destination address in the session + +2007/04/15 : 1.3.9 + - modularized the polling mechanisms and use function pointers instead + of macros at many places + - implemented support for FreeBSD's kqueue() polling mechanism + - fixed a warning on OpenBSD : MIN/MAX redefined + - change socket registration order at startup to accomodate kqueue. + - several makefile cleanups to support old shells + - fix build with limits.h once for all + - ev_epoll: do not rely on fd_sets anymore, use changes stacks instead. + - fdtab now holds the results of polling + - implemented support for speculative I/O processing with epoll() + - remove useless calls to shutdown(SHUT_RD), resulting in small speed boost + - auto-registering of pollers at load time + +2007/04/03 : 1.3.8.2 + - rewriting either the status line or request line could crash the + process due to a pointer which ought to be reset before parsing. + - rewriting the status line in the response did not work, it caused + a 502 Bad Gateway due to an erroneous state during parsing + +2007/04/01 : 1.3.8.1 + - fix reqadd when no option httpclose is used. + - removed now unused fiprm and beprm from proxies + - split logs into two versions : TCP and HTTP + - added some docs about http headers storage and acls + - added a VIM script for syntax color highlighting (Bruno Michel) + +2007/03/25 : 1.3.8 + - fixed several bugs which might have caused a crash with bad configs + - several optimizations in header processing + - many progresses towards transaction-based processing + - option forwardfor may be used in frontends + - completed HTTP response processing + - some code refactoring between request and response processing + - new HTTP header manipulation functions + - optimizations on the recv() patch to reduce CPU usage under very + high data rates. + - more user-friendly help about the 'usesrc' keyword (CTTPROXY) + - username/groupname support from Marcus Rueckert + - added the "except" keyword to the "forwardfor" option (Bryan German) + - support for health-checks on other addresses (Fabrice Dulaunoy) + - makefile for MacOS 10.4 / Darwin (Dan Zinngrabe) + - do not insert "Connection: close" in HTTP/1.0 messages + +2007/01/26 : 1.3.7 + - fix critical bug introduced with 1.3.6 : an empty request header + may lead to a crash due to missing pointer assignment + - hdr_idx might be left uninitialized in debug mode + - fixed build on FreeBSD due to missing fd_set declaration + +2007/01/22 : 1.3.6.1 + - change in the header chaining broke cookies and authentication + +2007/01/22 : 1.3.6 + - stats now support the HEAD method too + - extracted http request from the session + - huge rework of the HTTP parser which is now a 28-state FSM. + - linux-style likely/unlikely macros for optimization hints + - do not create a server socket when there's no server + - imported lots of docs + +2007/01/07 : 1.3.5 + - stats: swap color sets for active and backup servers + - try to guess server check port when unset + - added complete support and doc for TCP Splicing + - replace the wait-queue linked list with an rbtree. + - a few bugfixes and cleanups + +2007/01/02 : 1.3.4 + - support for cttproxy on the server side to present the client + address to the server. + - added support for SO_REUSEPORT on Linux (needs kernel patch) + - new RFC2616-compliant HTTP request parser with header indexing + - split proxies in frontends, rulesets and backends + - implemented the 'req[i]setbe' to select a backend depending + on the contents + - added the 'default_backend' keyword to select a default BE. + - new stats page featuring FEs and BEs + bytes in both dirs + - improved log format to indicate the backend and the time in ms. + - lots of cleanups + +2006/10/15 : 1.3.3 + - fix broken redispatch option in case the connection has already + been marked "in progress" (ie: nearly always). + - support regparm on x86 to speed up some often called functions + - removed a few useless calls to gettimeofday() in log functions. + - lots of 'const char*' cleanups + - turn every FD_* into functions which are faster on recent CPUs + +2006/09/03 : 1.3.2 + - started the changes towards I/O completion callbacks. stream_sock* have + replaced event_*. + - added the new "reqtarpit" and "reqitarpit" protection features + +2006/07/09 : 1.3.1 (1.2.15) + - now, haproxy warns about missing timeout during startup to try to + eliminate all those buggy configurations. + - added "Content-Type: text/html" in responses wherever appropriate, as + suggested by Cameron Simpson. + - implemented "option ssl-hello-chk" to use SSLv3 CLIENT HELLO messages to + test server's health + - implemented "monitor-uri" so that haproxy can reply to a specific URI with + an "HTTP/1.0 200 OK" response. This is useful to validate multiple proxies + at once. + +2006/06/29 : 1.3.0 + - exploded the whole file into multiple .c and .h. No functionnal + difference is expected at all. + - fixed a bug by which neither stats nor error messages could be returned if + 'clitimeout' was missing. + +2006/05/21 : 1.2.14 + - new HTML status report with the 'stats' keyword. + - added the 'abortonclose' option to better resist traffic surges + - implemented dynamic traffic regulation with the 'minconn' option + - show request time on denied requests + - definitely fixed hot reconf on OpenBSD by the use of SO_REUSEPORT + - now a proxy instance is allowed to run without servers, which is + useful to dedicate one instance to stats + - added lots of error counters + - a missing parenthesis preventd matching of cacheable cookies + - a missing parenthesis in poll_loop() might have caused missed events. + +2006/05/14 : 1.2.13.1 + - an uninitialized field in the struct session could cause a crash when + the session was freed. This has been encountered on Solaris only. + - Solaris and OpenBSD no not support shutdown() on listening socket. Let's + be nice to them by performing a soft stop if pause fails. + +2006/05/13 : 1.2.13 + - 'maxconn' server parameter to do per-server session limitation + - queueing to support non-blocking session limitation + - fixed removal of cookies for cookie-less servers such as backup servers + - two separate wait queues for expirable and non-expirable tasks provide + better performance with lots of sessions. + - some code cleanups and performance improvements + - made state dumps a bit more verbose + - fixed missing checks for NULL srv in dispatch mode + - load balancing on backup servers was not possible in source hash mode. + - two session flags shared the same bit, but fortunately they were not + compatible. + +2006/04/15 : 1.2.12 + Very few changes preparing for more important changes to support per-server + session limitations and queueing : + - ignore leading empty lines in HTTP requests as suggested by RFC2616. + - added the 'weight' parameter to the servers, limited to 1..256. It applies + to roundrobin and source hash. + - the optional '-s' option could clobber '-st' and '-sf' if compiled in. + +2006/03/30 : 1.2.11.1 + - under some conditions, it might have been possible that when the + last dead server became available, it would not have been used + till another one would have changed state. Could not be reproduced + at all, however seems possible from the code. + +2006/03/25 : 1.2.11 + - added the '-db' command-line option to disable backgrounding. + - added the -sf/-st command-line arguments which are used to specify + a list of pids to send a FINISH or TERMINATE signal upon startup. + They will also be asked to release their port if a bind fails. + - reworked the startup mechanism to allow the sending of a signal to a list + of old pids if a socket cannot be bound, with a retry for a limited amount + of time (1 second by default). + - added the ability to enforce limits on memory usage. + - added the 'source' load-balancing algorithm which uses the source IP(v4|v6) + - re-architectured the server round-robin mechanism to ease integration of + other algorithms. It now relies on the number of active and backup servers. + - added a counter for the number of active and backup servers, and report + these numbers upon SIGHUP or state change. + +2006/03/23 : 1.2.10.1 + - while fixing the backup server round-robin "feature", a new bug was + introduced which could miss some backup servers. + - the displayed proxy name was wrong when dumping upon SIGHUP. + +2006/03/19 : 1.2.10 + - assert.h is needed when DEBUG is defined. + - ENORMOUS long standing bug affecting the epoll polling system : + event_data is a union, not a structure ! + - Make fd management more robust and easier to debug. Also some + micro-optimisations. + - Limit the number of consecutive accept() in multi-process mode. + This produces a more evenly distributed load across the processes and + slightly improves performance by reducing bottlenecks. + - Make health-checks be more regular, and faster to retry after a timeout. + - Fixed some messages to ease parsing of alerts. + - provided a patch to enable epoll on RHEL3 kernels. + - Separated OpenBSD build from the main Makefile into a new one. + +2006/03/15 : 1.2.9 + - haproxy could not be stopped after being paused, it had to be woken up + first. This has been fixed. + - the 'ulimit-n' parameter is now optional and by default computed from + maxconn + the number of listeners + the number of health-checks. + - it is now possible to specify a maximum number of connections at build + time with the SYSTEM_MAXCONN define. The value set in the configuration + file will then be limited to this value, and only the command-line '-n' + option will be able to bypass it. It will prevent against accidental + high memory usage on small systems. + - RFC2616 expects that any HTTP agent accepts multi-line headers. Earlier + versions did not detect a line beginning with a space as the continuation + of previous header. It is now correct. + - health checks sent to servers configured with identical intervals were + sent in perfect synchronisation because the initial time was the same + for all. This could induce high load peaks when fragile servers were + hosting tens of instances for the same application. Now the load is + spread evenly across the smallest interval amongst a listener. + - a new 'forceclose' option was added to make the proxy close the outgoing + channel to the server once it has sent all its headers and the server + starts responding. This helps some servers which don't close upon the + 'Connection: close' header. It implies 'option httpclose'. + - there was a bug in the way the backup servers were handled. They were + erroneously load-balanced while the doc said the opposite. Since + load-balanced backup servers is one of the features some people have + been asking for, the problem was fixed to reflect the documented + behaviour and a new option 'allbackups' was introduced to provide the + feature to those who need it. + - a never ending connect() could lead to a fast select() loop if its + timeout times the number of retransmits exceeded the server read or write + timeout, because the later was used to compute select()'s timeout while + the connection timeout was not reached. + - now we initialize the libc's localtime structures very early so that even + under OOM conditions, we can still send dated error messages without + segfaulting. + - the 'daemon' mode implies 'quiet' and disables 'verbose' because file + descriptors are closed. + +2006/01/29 : 1.2.8 + - fixed a nasty bug affecting poll/epoll which could return unmodified data + from the server to the client, and sometimes lead to memory corruption + crashing the process. + - added the new pause/play mechanism with SIGTTOU/SIGTTIN for hot-reconf. + +2005/12/18 : 1.2.7.1 + - the "retries" option was ignored because connect() could not return an + error if the connection failed before the timeout. + - TCP health-checks could not detect a connection refused in poll/epoll + mode. + +2005/11/13 : 1.2.7 + - building with -DUSE_PCRE should include PCRE headers and not regex.h. At + least on Solaris, this caused the libc's regex primitives to be used instead + of PCRE, which caused trouble on group references. This is now fixed. + - delayed the quiet mode during startup so that most of the startup alerts can + be displayed even in quiet mode. + - display an alert when a listener has no address, invalid or no port, or when + there are no enabled listeners upon startup. + - added "static-pcre" to the list of supported regex options in the Makefile. + +2005/10/09 : 1.2.7rc (1.1.33rc) + - second batch of socklen_t changes. + - clean-ups from Cameron Simpson. + - because tv_remain() does not know about eternity, using no timeout can + make select() spin around a null time-out. Bug reported by Cameron Simpson. + - client read timeout was not properly set to eternity initialized after an + accept() if it was not set in the config. It remained undetected so long + because eternity is 0 and newly allocated pages are zeroed by the system. + - do not call get_original_dst() when not in transparent mode. + - implemented a workaround for a bug in certain epoll() implementations on + linux-2.4 kernels (epoll-lt <= 0.21). + - implemented TCP keepalive with new options : tcpka, clitcpka, srvtcpka. + +2005/08/07 : 1.2.6 + - clean-up patch from Alexander Lazic fixes build on Debian 3.1 (socklen_t). + +2005/07/06 : 1.2.6-pre5 (1.1.32) + - added the number of active sessions (proxy/process) in the logs + +2005/07/06 : 1.2.6-pre4 (1.1.32-pre4) + - the time-out fix introduced in 1.1.25 caused a corner case where it was + possible for a client to keep a connection maintained regardless of the + timeout if the server closed the connection during the HEADER phase, + while the client ignored the close request while doing nothing in the + other direction. This has been fixed now by ensuring that read timeouts + are re-armed when switching to any SHUTW state. + +2005/07/05 : 1.2.6-pre3 (1.1.32-pre3) + - enhanced error reporting in the logs. Now the proxy will precisely detect + various error conditions related to the system and/or process limits, and + generate LOG_EMERG logs indicating that a resource has been exhausted. + - logs will contain two new characters for the error cause : 'R' indicates + a resource exhausted, and 'I' indicates an internal error, though this + one should never happen. + - server connection timeouts can now be reported in the logs (sC), as well + as connections refused because of maxconn limitations (PC). + +2005/07/05 : 1.2.6-pre2 (1.1.32-pre2) + - new global configuration keyword "ulimit-n" may be used to raise the FD + limit to usable values. + - a warning is now displayed on startup if the FD limit is lower than the + configured maximum number of sockets. + +2005/07/05 : 1.2.6-pre1 (1.1.32-pre1) + - new configuration keyword "monitor-net" makes it possible to be monitored + by external devices which connect to the proxy without being logged nor + forwarded to any server. Particularly useful on generic TCPv4 relays. + +2005/06/21 : 1.2.5.2 + - fixed build on PPC where chars are unsigned by default + +2005/05/02 : 1.2.5.1 + - dirty hack to fix a bug introduced with epoll : if we close an FD and + immediately reassign it to another session through a connect(), the + Prev{Read,Write}Events are not updated, which causes trouble detecting + changes, thus leading to many timeouts at high loads. + +2005/04/30 : 1.2.5 (1.1.31) + - changed the runtime argument to disable epoll() to '-de' + - changed the runtime argument to disable poll() to '-dp' + - added global options 'nopoll' and 'noepoll' to do the same at the + configuration level. + - added a 'linux24e' target to the Makefile for Linux 2.4 systems patched to + support epoll(). + - changed default FD_SETSIZE to 65536 on Solaris (default=1024) + - conditionned signals redirection to #ifdef DEBUG_MEMORY + +2005/04/26 : 1.2.5-pre4 + - made epoll() support a compile-time option : ENABLE_EPOLL + - provided a very little libc replacement for a possibly missing epoll() + implementation which can be enabled by -DUSE_MY_EPOLL + - implemented the poll() poller, which can be enabled with -DENABLE_POLL. + The equivalent runtime argument becomes '-P'. A few tests show that it + performs like select() with many fds, but slightly slower (certainly + because of the higher amount of memory involved). + - separated the 3 polling methods and the tasks scheduler into 4 distinct + functions which makes the code a lot more modular. + - moved some event tables to private static declarations inside the poller + functions. + - the poller functions can now initialize themselves, run, and cleanup. + - changed the runtime argument to enable epoll() to '-E'. + - removed buggy epoll_ctl() code in the client_retnclose() function. This + function was never meant to remove anything. + - fixed a typo which caused glibc to yell about a double free on exit. + - removed error checking after epoll_ctl(DEL) because we can never know if + the fd is still active or already closed. + - added a few entries in the makefile + +2005/04/25 : 1.2.5-pre3 + - experimental epoll() support (use temporary '-e' argument) + +2005/04/24 : 1.2.5-pre2 + - implemented the HTTP 303 code for error redirection. This forces the + browser to fetch the given URI with a GET request. The new keyword for + this is 'errorloc303', and a new 'errorloc302' keyword has been created + to make them easily distinguishable. + - added more controls in the parser for valid use of '\x' sequence. + - few fixes from Alex & Klaus + +2005/02/17 : 1.2.5-pre1 + - fixed a few errors in the documentation + +2005/02/13 + - do not pre-initialize unused file-descriptors before select() anymore. + +2005/01/22 : 1.2.4 + - merged Alexander Lazic's and Klaus Wagner's work on application + cookie-based persistence. Since this is the first merge, this version is + not intended for general use and reports are more than welcome. Some + documentation is really needed though. + +2005/01/22 : 1.2.3 (1.1.30) + - add an architecture guide to the documentation + - released without any changes + +2004/12/26 : 1.2.3-pre1 (1.1.30-pre1) + - increased default BUFSIZE to 16 kB to accept max headers of 8 kB which is + compatible with Apache. This limit can be configured in the makefile now. + Thanks to Eric Fehr for the checks. + - added a per-server "source" option which now makes it possible to bind to + a different source for each (potentially identical) server. + - changed cookie-based server selection slightly to allow several servers to + share a same cookie, thus making it possible to associate backup servers to + live servers and ease soft-stop for maintenance periods. (Alexander Lazic) + - added the cookie 'prefix' mode which makes it possible to use persistence + with thin clients which support only one cookie. The server name is prefixed + before the application cookie, and restore back. + - fixed the order of servers within an instance to match documentation. Now + the servers are *really* used in the order of their declaration. This is + particularly important when multiple backup servers are in use. + +2004/10/18 : 1.2.2 (1.1.29) + - fixed a bug where a TCP connection would be logged twice if the 'logasap' + option was enabled without the 'tcplog' option. + - encode_string() would use hdr_encode_map instead of the map argument. + +2004/08/10 : (1.1.29-pre2) + - the logged request is now encoded with '#XX' for unprintable characters + - new keywords 'capture request header' and 'capture response header' enable + logging of arbitrary HTTP headers in requests and responses + - removed "-DSOLARIS" after replacing the last inet_aton() with inet_pton() + +2004/06/06 : 1.2.1 (1.1.28) + - added the '-V' command line option to verbosely report errors even though + the -q or 'quiet' options are specified. This is useful with '-c'. + - added a Red Hat init script and a .spec from Simon Matter + +2004/06/05 : + - added the "logasap" option which produces a log without waiting for the data + to be transferred from the server to the client. + - added the "httpclose" option which removes any "connection:" header and adds + "Connection: close" in both direction. + - added the 'checkcache' option which blocks cacheable responses containing + dangerous headers, such as 'set-cookie'. + - added 'rspdeny' and 'rspideny' to block certain responses to avoid sensible + information leak from servers. + +2004/04/18 : + - send an EMERG log when no server is available for a given proxy + - added the '-c' command line option to syntactically check the + configuration file without starting the service. + +2003/11/09 : 1.2.0 + - the same as 1.1.27 + IPv6 support on the client side + +2003/10/27 : 1.1.27 + - the configurable HTTP health check introduced in 1.1.23 revealed a shameful + bug : the code still assumed that HTTP requests were the same size as the + original ones (22 bytes), and failed if they were not. + - added support for pidfiles. + +2003/10/22 : 1.1.26 + - the fix introduced in 1.1.25 for client timeouts while waiting for servers + broke almost all compatibility with POST requests, because the proxy + stopped to read anything from the client as soon as it got all of its + headers. + +2003/10/15 : 1.1.25 + - added the 'tcplog' option, which provides enhanced, HTTP-like logs for + generic TCP proxies, or lighter logs for HTTP proxies. + - fixed a time-out condition wrongly reported as client time-out in data + phase if the client timeout was lower than the connect timeout times the + number of retries. + +2003/09/21 : 1.1.24 + - if a client sent a full request then shut its write connection down, then + the request was aborted. This case was detected only when using haproxy + both as health-check client and as a server. + - if 'option httpchk' is used in a 'health' mode server, then responses will + change from 'OK' to 'HTTP/1.0 200 OK'. + - fixed a Linux-only bug in case of HTTP server health-checks, where a single + server response followed by a close could be ignored, and the server seen + as failed. + +2003/09/19 : 1.1.23 + - fixed a stupid bug introduced in 1.1.22 which caused second and subsequent + 'default' sections to keep previous parameters, and not initialize logs + correctly. + - fixed a second stupid bug introduced in 1.1.22 which caused configurations + relying on 'dispatch' mode to segfault at the first connection. + - 'option httpchk' now supports method, HTTP version and a few headers. + - now, 'option httpchk', 'cookie' and 'capture' can be specified in + 'defaults' section + +2003/09/10 : 1.1.22 + - 'listen' now supports optionnal address:port-range lists + - 'bind' introduced to add new listen addresses + - fixed a bug which caused a session to be kept established on a server till + it timed out if the client closed during the DATA phase. + - the port part of each server address can now be empty to make the proxy + connect to the server on the same port it was connected to, be an absolute + unsigned number to reflect a single port (as in older versions), or an + explicitly signed number (+N/-N) to indicate that this offset must be + applied to the port the proxy was connected to, when connecting to the + server. + - the 'port' server option allows the user to specify a different + health-check port than the service one. It is mandatory when only relative + ports have been specified and check is required. By default, the checks are + sent to the service port. + - new 'defaults' section which is rather similar to 'listen' except that all + values are only used as default values for future 'listen' sections, until + a new 'defaults' resets them. At the moment, server options, regexes, + cookie names and captures cannot be set in the 'defaults' section. + +2003/05/06 : 1.1.21 + - changed the debug output format so that it now includes the session unique + ID followed by the instance name at the beginning of each line. + - in debug mode, accept now shows the client's IP and port. + - added one 3 small debugging scripts to search and pretty print debug output + - changed the default health check request to "OPTIONS /" instead of + "OPTIONS *" since not all servers implement the later one. + - "option httpchk" now accepts an optional parameter allowing the user to + specify and URI other than '/' during health-checks. + +2003/04/21 : 1.1.20 + - fixed two problems with time-outs, one where a server would be logged as + timed out during transfer that take longer to complete than the fixed + time-out, and one where clients were logged as timed-out during the data + phase because they didn't have anything to send. This sometimes caused + slow client connections to close too early while in fact there was no + problem. The proper fix would be to have a per-fd time-out with + conditions depending on the state of the HTTP FSM. + +2003/04/16 : 1.1.19 + - haproxy was NOT RFC compliant because it was case-sensitive on HTTP + "Cookie:" and "Set-Cookie:" headers. This caused JVM 1.4 to fail on + cookie persistence because it uses "cookie:". Two memcmp() have been + replaced with strncasecmp(). + +2003/04/02 : 1.1.18 + - Haproxy can be compiled with PCRE regex instead of libc regex, by setting + REGEX=pcre on the make command line. + - HTTP health-checks now use "OPTIONS *" instead of "OPTIONS /". + - when explicit source address binding is required, it is now also used for + health-checks. + - added 'reqpass' and 'reqipass' to allow certain headers but not the request + itself. + - factored several strings to reduce binary size by about 2 kB. + - replaced setreuid() and setregid() with more standard setuid() and setgid(). + - added 4 status flags to the log line indicating who ended the connection + first, the sessions state, the validity of the cookie, and action taken on + the set-cookie header. + +2002/10/18 : 1.1.17 + - add the notion of "backup" servers, which are used only when all other + servers are down. + - make Set-Cookie return "" instead of "(null)" when the server has no + cookie assigned (useful for backup servers). + - "log" now supports an optionnal level name (info, notice, err ...) above + which nothing is sent. + - replaced some strncmp() with memcmp() for better efficiency. + - added "capture cookie" option which logs client and/or server cookies + - cleaned up/down messages and dump servers states upon SIGHUP + - added a redirection feature for errors : "errorloc " + - now we won't insist on connecting to a dead server, even with a cookie, + unless option "persist" is specified. + - added HTTP/408 response for client request time-out and HTTP/50[234] for + server reply time-out or errors. + +2002/09/01 : 1.1.16 + - implement HTTP health checks when option "httpchk" is specified. + +2002/08/07 : 1.1.15 + - replaced setpgid()/setpgrp() with setsid() for better portability, because + setpgrp() doesn't have the same meaning under Solaris, Linux, and OpenBSD. + +2002/07/20 : 1.1.14 + - added "postonly" cookie mode + +2002/07/15 : 1.1.13 + - tv_diff used inverted parameters which led to negative times ! + +2002/07/13 : 1.1.12 + - fixed stats monitoring, and optimized some tv_* for most common cases. + - replaced temporary 'newhdr' with 'trash' to reduce stack size + - made HTTP errors more HTML-fiendly. + - renamed strlcpy() to strlcpy2() because of a slightly difference between + their behaviour (return value), to avoid confusion. + - restricted HTTP messages to HTTP proxies only + - added a 502 message when the connection has been refused by the server, + to prevent clients from believing this is a zero-byte HTTP 0.9 reply. + - changed 'Cache-control:' from 'no-cache="set-cookie"' to 'private' when + inserting a cookie, because some caches (apache) don't understand it. + - fixed processing of server headers when client is in SHUTR state + +2002/07/04 : + - automatically close fd's 0,1 and 2 when going daemon ; setpgrp() after + setpgid() + +2002/06/04 : 1.1.11 + - fixed multi-cookie handling in client request to allow clean deletion + in insert+indirect mode. Now, only the server cookie is deleted and not + all the header. Should now be compliant to RFC2965. + - added a "nocache" option to "cookie" to specify that we explicitly want + to add a "cache-control" header when we add a cookie. + It is also possible to add an "Expires: " to keep compatibility + with old/broken caches. + +2002/05/10 : 1.1.10 + - if a cookie is used in insert+indirect mode, it's desirable that the + the servers don't see it. It was not possible to remove it correctly + with regexps, so now it's removed automatically. + +2002/04/19 : 1.1.9 + - don't use snprintf()'s return value as an end of message since it may + be larger. This caused bus errors and segfaults in internal libc's + getenv() during localtime() in send_log(). + - removed dead insecure send_syslog() function and all references to it. + - fixed warnings on Solaris due to buggy implementation of isXXXX(). + +2002/04/18 : 1.1.8 + - option "dontlognull" + - fixed "double space" bug in config parser + - fixed an uninitialized server field in case of dispatch + with no existing server which could cause a segfault during + logging. + - the pid logged was always the father's, which was wrong for daemons. + - fixed wrong level "LOG_INFO" for message "proxy started". + +2002/04/13 : + - http logging is now complete : + - ip:port, date, proxy, server + - req_time, conn_time, hdr_time, tot_time + - status, size, request + - source address + +2002/04/12 : 1.1.7 + - added option forwardfor + - added reqirep, reqidel, reqiallow, reqideny, rspirep, rspidel + - added "log global" in "listen" section. + +2002/04/09 : + - added a new "global" section : + - logs + - debug, quiet, daemon modes + - uid, gid, chroot, nbproc, maxconn + +2002/04/08 : 1.1.6 + - regex are now chained and not limited anymore. + - unavailable server now returns HTTP/502. + - increased per-line args limit to 40 + - added reqallow/reqdeny to block some request on matches + - added HTTP 400/403 responses + +2002/04/03 : 1.1.5 + - connection logging displayed incorrect source address. + - added proxy start/stop and server up/down log events. + - replaced log message short buffers with larger trash. + - enlarged buffer to 8 kB and replace buffer to 4 kB. + +2002/03/25 : 1.1.4 + - made rise/fall/interval time configurable + +2002/03/22 : 1.1.3 + - fixed a bug : cr_expire and cw_expire were inverted in CL_STSHUT[WR] + which could lead to loops. + +2002/03/21 : 1.1.2 + - fixed a bug in buffer management where we could have a loop + between event_read() and process_{cli|srv} if R==BUFSIZE-MAXREWRITE. + => implemented an adjustable buffer limit. + - fixed a bug : expiration of tasks in wait queue timeout is used again, + and running tasks are skipped. + - added some debug lines for accept events. + - send warnings for servers up/down. + +2002/03/12 : 1.1.1 + - fixed a bug in total failure handling + - fixed a bug in timestamp comparison within same second (tv_cmp_ms) + +2002/03/10 : 1.1.0 + - fixed a few timeout bugs + - rearranged the task scheduler subsystem to improve performance, + add new tasks, and make it easier to later port to librt ; + - allow multiple accept() for one select() wake up ; + - implemented internal load balancing with basic health-check ; + - cookie insertion and header add/replace/delete, with better strings + support. + +2002/03/08 + - reworked buffer handling to fix a few rewrite bugs, and + improve overall performance. + - implement the "purge" option to delete server cookies in direct mode. + +2002/03/07 + - fixed some error cases where the maxfd was not decreased. + +2002/02/26 + - now supports transparent proxying, at least on linux 2.4. + +2002/02/12 + - soft stop works again (fixed select timeout computation). + - it seems that TCP proxies sometimes cannot timeout. + - added a "quiet" mode. + - enforce file descriptor limitation on socket() and accept(). + +2001/12/30 : release of version 1.0.2 : fixed a bug in header processing +2001/12/19 : release of version 1.0.1 : no MSG_NOSIGNAL on solaris +2001/12/16 : release of version 1.0.0. +2001/12/16 : added syslog capability for each accepted connection. +2001/11/19 : corrected premature end of files and occasional SIGPIPE. +2001/10/31 : added health-check type servers (mode health) which replies OK then closes. +2001/10/30 : added the ability to support standard TCP proxies and HTTP proxies + with or without cookies (use keyword http for this). +2001/09/01 : added client/server header replacing with regexps. + eg: + cliexp ^(Host:\ [^:]*).* Host:\ \1:80 + srvexp ^Server:\ .* Server:\ Apache +2000/11/29 : first fully working release with complete FSMs and timeouts. +2000/11/28 : major rewrite +2000/11/26 : first write diff --git a/CONTRIBUTING b/CONTRIBUTING new file mode 100644 index 0000000..74a099b --- /dev/null +++ b/CONTRIBUTING @@ -0,0 +1,751 @@ + HOW TO GET YOUR CODE ACCEPTED IN HAPROXY + READ THIS CAREFULLY BEFORE SUBMITTING CODE + +THIS DOCUMENT PROVIDES SOME RULES TO FOLLOW WHEN SENDING CONTRIBUTIONS. PATCHES +NOT FOLLOWING THESE RULES WILL SIMPLY BE REJECTED IN ORDER TO PROTECT ALL OTHER +RESPECTFUL CONTRIBUTORS' VALUABLE TIME. + + +Background +---------- + +During the development cycle of version 1.6, much more time was spent reviewing +poor quality submissions, fixing them and troubleshooting the bugs they +introduced than doing any development work. This is not acceptable as it ends +up with people actually slowing down the project for the features they're the +only ones interested in. On the other end of the scale, there are people who +make the effort of polishing their work to contribute excellent quality work +which doesn't even require a review. Contrary to what newcomers may think, it's +very easy to reach that level of quality and get your changes accepted quickly, +even late in the development cycle. It only requires that you make your homework +and not rely on others to do it for you. The most important point is that +HAProxy is a community-driven project, all involved participants must respect +all other ones' time and work. + + +Preparation +----------- + +It is possible that you'll want to add a specific feature to satisfy your needs +or one of your customers'. Contributions are welcome, however maintainers are +often very picky about changes. Patches that change massive parts of the code, +or that touch the core parts without any good reason will generally be rejected +if those changes have not been discussed first. + +The proper place to discuss your changes is the HAProxy Mailing List. There are +enough skilled readers to catch hazardous mistakes and to suggest improvements. +There is no other place where you'll find as many skilled people on the project, +and these people can help you get your code integrated quickly. You can +subscribe to it by sending an empty e-mail at the following address : + + haproxy+subscribe@formilux.org + +If you have an idea about something to implement, *please* discuss it on the +list first. It has already happened several times that two persons did the same +thing simultaneously. This is a waste of time for both of them. It's also very +common to see some changes rejected because they're done in a way that will +conflict with future evolutions, or that does not leave a good feeling. It's +always unpleasant for the person who did the work, and it is unpleasant in +general because value people's time and efforts are valuable and would be better +spent working on something else. That would not happen if these were discussed +first. There is no problem posting work in progress to the list, it happens +quite often in fact. Also, don't waste your time with the doc when submitting +patches for review, only add the doc with the patch you consider ready to merge. + +Another important point concerns code portability. Haproxy requires gcc as the +C compiler, and may or may not work with other compilers. However it's known to +build using gcc 2.95 or any later version. As such, it is important to keep in +mind that certain facilities offered by recent versions must not be used in the +code : + + - declarations mixed in the code (requires gcc >= 3.x and is a bad practice) + - GCC builtins without checking for their availability based on version and + architecture ; + - assembly code without any alternate portable form for other platforms + - use of stdbool.h, "bool", "false", "true" : simply use "int", "0", "1" + - in general, anything which requires C99 (such as declaring variables in + "for" statements) + +Since most of these restrictions are just a matter of coding style, it is +normally not a problem to comply. + +If your work is very confidential and you can't publicly discuss it, you can +also mail willy@haproxy.org directly about it, but your mail may be waiting +several days in the queue before you get a response, if you get a response at +all. Retransmit if you don't get a response by one week. Please note that +direct sent e-mails to this address for non-confidential subjects may simply +be forwarded to the list or be deleted without notification. + +If you'd like a feature to be added but you think you don't have the skills to +implement it yourself, you should follow these steps : + + 1. discuss the feature on the mailing list. It is possible that someone + else has already implemented it, or that someone will tell you how to + proceed without it, or even why not to do it. It is also possible that + in fact it's quite easy to implement and people will guide you through + the process. That way you'll finally have YOUR patch merged, providing + the feature YOU need. + + 2. if you really can't code it yourself after discussing it, then you may + consider contacting someone to do the job for you. Some people on the + list might sometimes be OK with trying to do it. + + +Rules : the 12 laws of patch contribution +----------------------------------------- + +People contributing patches must apply the following rules. That may sound heavy +at the beginning but it's common sense more than anything else and contributors +do not think about them anymore after a few patches. + +1) Comply with the license + + Before modifying some code, you have read the LICENSE file ("main license") + coming with the sources, and all the files this file references. Certain + files may be covered by different licenses, in which case it will be + indicated in the files themselves. In any case, you agree to respect these + licenses and to contribute your changes under the same licenses. If you want + to create new files, they will be under the main license, or any license of + your choice that you have verified to be compatible with the main license, + and that will be explicitly mentioned in the affected files. The project's + maintainers are free to reject contributions proposing license changes they + feel are not appropriate or could cause future trouble. + +2) Develop on development branch, not stable ones + + Your work may only be based on the latest development version. No development + is made on a stable branch. If your work needs to be applied to a stable + branch, it will first be applied to the development branch and only then will + be backported to the stable branch. You are responsible for ensuring that + your work correctly applies to the development version. If at any moment you + are going to work on restructuring something important which may impact other + contributors, the rule that applies is that the first sent is the first + served. However it is considered good practice and politeness to warn others + in advance if you know you're going to make changes that may force them to + re-adapt their code, because they did probably not expect to have to spend + more time discovering your changes and rebasing their work. + +3) Read and respect the coding style + + You have read and understood "doc/coding-style.txt", and you're actively + determined to respect it and to enforce it on your coworkers if you're going + to submit a team's work. We don't care what text editor you use, whether it's + an hex editor, cat, vi, emacs, Notepad, Word, or even Eclipse. The editor is + only the interface between you and the text file. What matters is what is in + the text file in the end. The editor is not an excuse for submitting poorly + indented code, which only proves that the person has no consideration for + quality and/or has done it in a hurry (probably worse). Please note that most + bugs were found in low-quality code. Reviewers know this and tend to be much + more reluctant to accept poorly formated code because by experience they + won't trust their author's ability to write correct code. It is also worth + noting that poor quality code is painful to read and may result in nobody + willing to waste their time even reviewing your work. + +4) Present clean work + + The time it takes for you to polish your code is always much smaller than the + time it takes others to do it for you, because they always have to wonder if + what they see is intended (meaning they didn't understand something) or if it + is a mistake that needs to be fixed. And since there are less reviewers than + submitters, it is vital to spread the effort closer to where the code is + written and not closer to where it gets merged. For example if you have to + write a report for a customer that your boss wants to review before you send + it to the customer, will you throw on his desk a pile of paper with stains, + typos and copy-pastes everywhere ? Will you say "come on, OK I made a mistake + in the company's name but they will find it by themselves, it's obvious it + comes from us" ? No. When in doubt, simply ask for help on the mailing list. + +5) Documentation is very important + + There are four levels of importance of quality in the project : + + - The most important one, and by far, is the quality of the user-facing + documentation. This is the first contact for most users and it immediately + gives them an accurate idea of how the project is maintained. Dirty docs + necessarily belong to a dirty project. Be careful to the way the text you + add is presented and indented. Be very careful about typos, usual mistakes + such as double consonants when only one is needed or "it's" instead of + "its", don't mix US english and UK english in the same paragraph, etc. + When in doubt, check in a dictionary. Fixes for existing typos in the doc + are always welcome and chasing them is a good way to become familiar with + the project and to get other participants' respect and consideration. + + - The second most important level is user-facing messages emitted by the + code. You must try to see all the messages your code produces to ensure + they are understandable outside of the context where you wrote them, + because the user often doesn't expect them. That's true for warnings, and + that's even more important for errors which prevent the program from + working and which require an immediate and well understood fix in the + configuration. It's much better to say "line 35: compression level must be + an integer between 1 and 9" than "invalid argument at line 35". In HAProxy, + error handling roughly represents half of the code, and that's about 3/4 of + the configuration parser. Take the time to do something you're proud of. A + good rule of thumb is to keep in mind that your code talks to a human and + tries to teach him/her how to proceed. It must then speak like a human. + + - The third most important level is the code and its accompanying comments, + including the commit message which is a complement to your code and + comments. It's important for all other contributors that the code is + readable, fluid, understandable and that the commit message describes what + was done, the choices made, the possible alternatives you thought about, + the reason for picking this one and its limits if any. Comments should be + written where it's easy to have a doubt or after some error cases have been + wiped out and you want to explain what possibilities remain. All functions + must have a comment indicating what they take on input and what they + provide on output. Please adjust the comments when you copy-paste a + function or change its prototype, this type of lazy mistake is too common + and very confusing when reading code later to debug an issue. Do not forget + that others will feel really angry at you when they have to dig into your + code for a bug that your code caused and they feel like this code is dirty + or confusing, that the commit message doesn't explain anything useful and + that the patch should never have been accepted in the first place. That + will strongly impact your reputation and will definitely affect your + chances to contribute again! + + - The fourth level of importance is in the technical documentation that you + may want to add with your code. Technical documentation is always welcome + as it helps others make the best use of your work and to go exactly in the + direction you thought about during the design. This is also what reduces + the risk that your design gets changed in the near future due to a misuse + and/or a poor understanding. All such documentation is actually considered + as a bonus. It is more important that this documentation exists than that + it looks clean. Sometimes just copy-pasting your draft notes in a file to + keep a record of design ideas is better than losing them. Please do your + best so that other ones can read your doc. If these docs require a special + tool such as a graphics utility, ensure that the file name makes it + unambiguous how to process it. So there are no rules here for the contents, + except one. Please write the date in your file. Design docs tend to stay + forever and to remain long after they become obsolete. At this point that + can cause harm more than it can help. Writing the date in the document + helps developers guess the degree of validity and/or compare them with the + date of certain commits touching the same area. + +6) US-ASCII only! + + All text files and commit messages are written using the US-ASCII charset. + Please be careful that your contributions do not contain any character not + printable using this charset, as they will render differently in different + editors and/or terminals. Avoid latin1 and more importantly UTF-8 which some + editors tend to abuse to replace some US-ASCII characters with their + typographic equivalent which aren't readable anymore in other editors. The + only place where alternative charsets are tolerated is in your name in the + commit message, but it's at your own risk as it can be mangled during the + merge. Anyway if you have an e-mail address, you probably have a valid + US-ASCII representation for it as well. + +7) Comments + + Be careful about comments when you move code around. It's not acceptable that + a block of code is moved to another place leaving irrelevant comments at the + old place, just like it's not acceptable that a function is duplicated without + the comments being adjusted. The example below started to become quite common + during the 1.6 cycle, it is not acceptable and wastes everyone's time : + + /* Parse switching to build rule . Returns 0 on error. */ + int parse_switching_rule(const char *str, struct rule *rule) + { + ... + } + + /* Parse switching to build rule . Returns 0 on error. */ + void execute_switching_rule(struct rule *rule) + { + ... + } + + This patch is not acceptable either (and it's unfortunately not that rare) : + + + if (!session || !arg || list_is_empty(&session->rules->head)) + + return 0; + + + /* Check if session->rules is valid before dereferencing it */ + if (!session->rules_allocated) + return 0; + + - if (!arg || list_is_empty(&session->rules->head)) + - return 0; + - + +8) Short, readable identifiers + + Limit the length of your identifiers in the code. When your identifiers start + to sound like sentences, it's very hard for the reader to keep on track with + what operation they are observing. Also long names force expressions to fit + on several lines which also cause some difficulties to the reader. See the + example below : + + int file_name_len_including_global_path; + int file_name_len_without_global_path; + int global_path_len_or_zero_if_default; + + if (global_path) + global_path_len_or_zero_if_default = strlen(global_path); + else + global_path_len_or_zero_if_default = 0; + + file_name_len_without_global_path = strlen(file_name); + file_name_len_including_global_path = + file_name_len_without_global_path + 1 + /* for '/' */ + global_path_len_or_zero_if_default ? + global_path_len_or_zero_if_default : default_path_len; + + Compare it to this one : + + int f, p; + + p = global_path ? strlen(global_path) : default_path_len; + f = p + 1 + strlen(file_name); /* 1 for '/' */ + + A good rule of thumb is that if your identifiers start to contain more than + 3 words or more than 15 characters, they can become confusing. For function + names it's less important especially if these functions are rarely used or + are used in a complex context where it is important to differenciate between + their multiple variants. + +9) Unified diff only + + The best way to build your patches is to use "git format-patch". This means + that you have committed your patch to a local branch, with an appropriate + subject line and a useful commit message explaining what the patch attempts + to do. It is not strictly required to use git, but what is strictly required + is to have all these elements in the same mail, easily distinguishible, and + a patch in "diff -up" format (which is also the format used by Git). This + means the "unified" diff format must be used exclusively, and with the + function name printed in the diff header of each block. That significantly + helps during reviews. Keep in mind that most reviews are done on the patch + and not on the code after applying the patch. Your diff must keep some + context (3 lines above and 3 lines below) so that there's no doubt where the + code has to be applied. Don't change code outside of the context of your + patch (eg: take care of not adding/removing empty lines once you remove + your debugging code). If you are using Git (which is strongly recommended), + always use "git show" after doing a commit to ensure it looks good, and + enable syntax coloring that will automatically report in red the trailing + spaces or tabs that your patch added to the code and that must absolutely be + removed. These ones cause a real pain to apply patches later because they + mangle the context in an invisible way. Such patches with trailing spaces at + end of lines will be rejected. + +10) One patch per feature + + Please cut your work in series of patches that can be independently reviewed + and merged. Each patch must do something on its own that you can explain to + someone without being ashamed of what you did. For example, you must not say + "This is the patch that implements SSL, it was tricky". There's clearly + something wrong there, your patch will be huge, will definitely break things + and nobody will be able to figure what exactly introduced the bug. However + it's much better to say "I needed to add some fields in the session to store + the SSL context so this patch does this and doesn't touch anything else, so + it's safe". Also when dealing with series, you will sometimes fix a bug that + one of your patches introduced. Please do merge these fixes (eg: using git + rebase -i and squash or fixup), as it is not acceptable to see patches which + introduce known bugs even if they're fixed later. Another benefit of cleanly + splitting patches is that if some of your patches need to be reworked after + a review, the other ones can still be merged so that you don't need to care + about them anymore. When sending multiple patches for review, prefer to send + one e-mail per patch than all patches in a single e-mail. The reason is that + not everyone is skilled in all areas nor has the time to review everything + at once. With one patch per e-mail, it's easy to comment on a single patch + without giving an opinion on the other ones, especially if a long thread + starts about one specific patch on the mailing list. "git send-email" does + that for you though it requires a few trials before getting it right. + + If you can, please always put all the bug fixes at the beginning of the + series. This often makes it easier to backport them because they will not + depend on context that your other patches changed. + +11) Real commit messages please! + + Please properly format your commit messages. To get an idea, just run + "git log" on the file you've just modified. Patches always have the format + of an e-mail made of a subject, a description and the actual patch. If you + are sending a patch as an e-mail formatted this way, it can quickly be + applied with limited effort so that's acceptable : + + - A subject line (may wrap to the next line, but please read below) + - an empty line (subject delimiter) + - a non-empty description (the body of the e-mail) + - the patch itself + + The subject describes the "What" of the change ; the description explains + the "why", the "how" and sometimes "what next". For example a commit message + looking like this will be rejected : + + | From: Mr Foobar + | Subject: BUG: fix typo in ssl_sock + | + + This one as well (too long subject, not the right place for the details) : + + | From: Mr Foobar + | Subject: BUG/MEDIUM: ssl: use an error flag to prevent ssl_read() from + | returning 0 when dealing with large buffers because that can cause + | an infinite loop + | + + This one ought to be used instead : + + | From: Mr Foobar + | Subject: BUG/MEDIUM: ssl: fix risk of infinite loop in ssl_sock + | + | ssl_read() must not return 0 on error or the caller may loop forever. + | Instead we add a flag to the connection to notify about the error and + | check it at all call places. This situation can only happen with large + | buffers so a workaround is to limit buffer sizes. Another option would + | have been to return -1 but it required to use signed ints everywhere + | and would have made the patch larger and riskier. This fix should be + | backported to versions 1.2 and upper. + + It is important to understand that for any reader to guess the text above + when it's absent, it will take a huge amount of time. If you made the + analysis leading to your patch, you must explain it, including the ideas + you dropped if you had a good reason for this. + + While it's not strictly required to use Git, it is strongly recommended + because it helps you do the cleanest job with the least effort. But if you + are comfortable with writing clean e-mails and inserting your patches, you + don't need to use Git. + + But in any case, it is important that there is a clean description of what + the patch does, the motivation for what it does, why it's the best way to do + it, its impacts, and what it does not yet cover. Also, in HAProxy, like many + projects which take a great care of maintaining stable branches, patches are + reviewed later so that some of them can be backported to stable releases. + + While reviewing hundreds of patches can seem cumbersome, with a proper + formatting of the subject line it actually becomes very easy. For example, + here's how one can find patches that need to be reviewed for backports (bugs + and doc) between since commit ID 827752e : + + $ git log --oneline 827752e.. | grep 'BUG\|DOC' + 0d79cf6 DOC: fix function name + bc96534 DOC: ssl: missing LF + 10ec214 BUG/MEDIUM: lua: the lua fucntion Channel:close() causes a segf + bdc97a8 BUG/MEDIUM: lua: outgoing connection was broken since 1.6-dev2 + ba56d9c DOC: mention support for RFC 5077 TLS Ticket extension in start + f1650a8 DOC: clarify some points about SSL and the proxy protocol + b157d73 BUG/MAJOR: peers: fix current table pointer not re-initialized + e1ab808 BUG/MEDIUM: peers: fix wrong message id on stick table updates + cc79b00 BUG/MINOR: ssl: TLS Ticket Key rotation broken via socket comma + d8e42b6 DOC: add new file intro.txt + c7d7607 BUG/MEDIUM: lua: bad error processing + 386a127 DOC: match several lua configuration option names to those impl + 0f4eadd BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 creates a + + It is made possible by the fact that subject lines are properly formatted and + always respect the same principle : one part indicating the nature and + severity of the patch, another one to indicate which subsystem is affected, + and the last one is a succinct description of the change, with the important + part at the beginning so that it's obvious what it does even when lines are + truncated like above. The whole stable maintenance process relies on this. + For this reason, it is mandatory to respect some easy rules regarding the + way the subject is built. Please see the section below for more information + regarding this formatting. + + As a rule of thumb, your patch must never be made only of a subject line, + it *must* contain a description. Even one or two lines, or indicating + whether a backport is desired or not. It turns out that single-line commits + are so rare in the Git world that they require special manual (hence + painful) handling when they are backported, and at least for this reason + it's important to keep this in mind. + +12) Discuss on the mailing list + + When submitting changes, please always CC the mailing list address so that + everyone gets a chance to spot any issue in your code. It will also serve + as an advertisement for your work, you'll get more testers quicker and + you'll feel better knowing that people really use your work. It's often + convenient to prepend "[PATCH]" in front of your mail's subject to mention + that this e-mail contains a patch (or a series of patches), because it will + easily catch reviewer's attention. It's automatically done by tools such as + "git format-patch" and "git send-email". If you don't want your patch to be + merged yet and prefer to show it for discussion, better tag it as "[RFC]" + (stands for "Request For Comments") and it will be reviewed but not merged + without your approval. It is also important to CC any author mentioned in + the file you change, or a subsystem maintainers whose address is mentioned + in a MAINTAINERS file. Not everyone reads the list on a daily basis so it's + very easy to miss some changes. Don't consider it as a failure when a + reviewer tells you you have to modify your patch, actually it's a success + because now you know what is missing for your work to get accepted. That's + why you should not hesitate to CC enough people. Don't copy people who have + no deal with your work area just because you found their address on the + list. That's the best way to appear careless about their time and make them + reject your changes in the future. + + +Patch classifying rules +----------------------- + +There are 3 criteria of particular importance in any patch : + - its nature (is it a fix for a bug, a new feature, an optimization, ...) + - its importance, which generally reflects the risk of merging/not merging it + - what area it applies to (eg: http, stats, startup, config, doc, ...) + +It's important to make these 3 criteria easy to spot in the patch's subject, +because it's the first (and sometimes the only) thing which is read when +reviewing patches to find which ones need to be backported to older versions. +It also helps when trying to find which patch is the most likely to have caused +a regression. + +Specifically, bugs must be clearly easy to spot so that they're never missed. +Any patch fixing a bug must have the "BUG" tag in its subject. Most common +patch types include : + + - BUG fix for a bug. The severity of the bug should also be indicated + when known. Similarly, if a backport is needed to older versions, + it should be indicated on the last line of the commit message. If + the bug has been identified as a regression brought by a specific + patch or version, this indication will be appreciated too. New + maintenance releases are generally emitted when a few of these + patches are merged. If the bug is a vulnerability for which a CVE + identifier was assigned before you publish the fix, you can mention + it in the commit message, it will help distro maintainers. + + - CLEANUP code cleanup, silence of warnings, etc... theoretically no impact. + These patches will rarely be seen in stable branches, though they + may appear when they remove some annoyance or when they make + backporting easier. By nature, a cleanup is always of minor + importance and it's not needed to mention it. + + - DOC updates to any of the documentation files, including README. Many + documentation updates are backported since they don't impact the + product's stability and may help users avoid bugs. So please + indicate in the commit message if a backport is desired. When a + feature gets documented, it's preferred that the doc patch appears + in the same patch or after the feature patch, but not before, as it + becomes confusing when someone working on a code base including + only the doc patch won't understand why a documented feature does + not work as documented. + + - REORG code reorganization. Some blocks may be moved to other places, + some important checks might be swapped, etc... These changes + always present a risk of regression. For this reason, they should + never be mixed with any bug fix nor functional change. Code is + only moved as-is. Indicating the risk of breakage is highly + recommended. Minor breakage is tolerated in such patches if trying + to fix it at once makes the whole change even more confusing. That + may happen for example when some #ifdefs need to be propagated in + every file consecutive to the change. + + - BUILD updates or fixes for build issues. Changes to makefiles also fall + into this category. The risk of breakage should be indicated if + known. It is also appreciated to indicate what platforms and/or + configurations were tested after the change. + + - OPTIM some code was optimised. Sometimes if the regression risk is very + low and the gains significant, such patches may be merged in the + stable branch. Depending on the amount of code changed or replaced + and the level of trust the author has in the change, the risk of + regression should be indicated. + + - RELEASE release of a new version (development or stable). + + - LICENSE licensing updates (may impact distro packagers). + + +When the patch cannot be categorized, it's best not to put any type tag, and to +only use a risk or complexity information only as below. This is commonly the +case for new features, which development versions are mostly made of. + +The importance, complexity of the patch, or severity of the bug it fixes must +be indicated when relevant. A single upper-case word is preferred, among : + + - MINOR minor change, very low risk of impact. It is often the case for + code additions that don't touch live code. As a rule of thumb, a + patch tagged "MINOR" is safe enough to be backported to stable + branches. For a bug, it generally indicates an annoyance, nothing + more. + + - MEDIUM medium risk, may cause unexpected regressions of low importance or + which may quickly be discovered. In short, the patch is safe but + touches working areas and it is always possible that you missed + something you didn't know existed (eg: adding a "case" entry or + an error message after adding an error code to an enum). For a bug, + it generally indicates something odd which requires changing the + configuration in an undesired way to work around the issue. + + - MAJOR major risk of hidden regression. This happens when large parts of + the code are rearranged, when new timeouts are introduced, when + sensitive parts of the session scheduling are touched, etc... We + should only exceptionally find such patches in stable branches when + there is no other option to fix a design issue. For a bug, it + indicates severe reliability issues for which workarounds are + identified with or without performance impacts. + + - CRITICAL medium-term reliability or security is at risk and workarounds, + if they exist, might not always be acceptable. An upgrade is + absolutely required. A maintenance release may be emitted even if + only one of these bugs are fixed. Note that this tag is only used + with bugs. Such patches must indicate what is the first version + affected, and if known, the commit ID which introduced the issue. + +The expected length of the commit message grows with the importance of the +change. While a MINOR patch may sometimes be described in 1 or 2 lines, MAJOR +or CRITICAL patches cannot have less than 10-15 lines to describe exactly the +impacts otherwise the submitter's work will be considered as rough sabotage. + +For BUILD, DOC and CLEANUP types, this tag is not always relevant and may be +omitted. + +The area the patch applies to is quite important, because some areas are known +to be similar in older versions, suggesting a backport might be desirable, and +conversely, some areas are known to be specific to one version. The area is a +single-word lowercase name the contributor find clear enough to describe what +part is being touched. The following tags are suggested but not limitative : + + - examples example files. Be careful, sometimes these files are packaged. + + - tests regression test files. No code is affected, no need to upgrade. + + - init initialization code, arguments parsing, etc... + + - config configuration parser, mostly used when adding new config keywords + + - http the HTTP engine + + - stats the stats reporting engine + + - cli the stats socket CLI + + - checks the health checks engine (eg: when adding new checks) + + - sample the sample fetch system (new fetch or converter functions) + + - acl the ACL processing core or some ACLs from other areas + + - filters everything related to the filters core + + - peers the peer synchronization engine + + - lua the Lua scripting engine + + - listeners everything related to incoming connection settings + + - frontend everything related to incoming connection processing + + - backend everything related to LB algorithms and server farm + + - session session processing and flags (very sensible, be careful) + + - server server connection management, queueing + + - spoe SPOE code + + - ssl the SSL/TLS interface + + - proxy proxy maintenance (start/stop) + + - log log management + + - poll any of the pollers + + - halog the halog sub-component in the contrib directory + + - contrib any addition to the contrib directory + +Other names may be invented when more precise indications are meaningful, for +instance : "cookie" which indicates cookie processing in the HTTP core. Last, +indicating the name of the affected file is also a good way to quickly spot +changes. Many commits were already tagged with "stream_sock" or "cfgparse" for +instance. + +It is required that the type of change and the severity when relevant are +indicated, as well as the touched area when relevant as well in the patch +subject. Normally, we would have the 3 most often. The two first criteria should +be present before a first colon (':'). If both are present, then they should be +delimited with a slash ('/'). The 3rd criterion (area) should appear next, also +followed by a colon. Thus, all of the following subject lines are valid : + +Examples of subject lines : + - DOC: document options forwardfor to logasap + - DOC/MAJOR: reorganize the whole document and change indenting + - BUG: stats: connection reset counters must be plain ascii, not HTML + - BUG/MINOR: stats: connection reset counters must be plain ascii, not HTML + - MEDIUM: checks: support multi-packet health check responses + - RELEASE: Released version 1.4.2 + - BUILD: stats: stdint is not present on solaris + - OPTIM/MINOR: halog: make fgets parse more bytes by blocks + - REORG/MEDIUM: move syscall redefinition to specific places + +Please do not use square brackets anymore around the tags, because they induce +more work when merging patches, which need to be hand-edited not to lose the +enclosed part. + +In fact, one of the only square bracket tags that still makes sense is '[RFC]' +at the beginning of the subject, when you're asking for someone to review your +change before getting it merged. If the patch is OK to be merged, then it can +be merge as-is and the '[RFC]' tag will automatically be removed. If you don't +want it to be merged at all, you can simply state it in the message, or use an +alternate 'WIP/' prefix in front of your tag tag ("work in progress"). + +The tags are not rigid, follow your intuition first, and they may be readjusted +when your patch is merged. It may happen that a same patch has a different tag +in two distinct branches. The reason is that a bug in one branch may just be a +cleanup or safety measure in the other one because the code cannot be triggered. + + +Working with Git +---------------- + +For a more efficient interaction between the mainline code and your code, you +are strongly encouraged to try the Git version control system : + + http://git-scm.com/ + +It's very fast, lightweight and lets you undo/redo your work as often as you +want, without making your mistakes visible to the rest of the world. It will +definitely help you contribute quality code and take other people's feedback +in consideration. In order to clone the HAProxy Git repository : + + $ git clone http://git.haproxy.org/git/haproxy.git/ (development) + +If you decide to use Git for your developments, then your commit messages will +have the subject line in the format described above, then the whole description +of your work (mainly why you did it) will be in the body. You can directly send +your commits to the mailing list, the format is convenient to read and process. + +It is recommended to create a branch for your work that is based on the master +branch : + + $ git checkout -b 20150920-fix-stats master + +You can then do your work and even experiment with multiple alternatives if you +are not completely sure that your solution is the best one : + + $ git checkout -b 20150920-fix-stats-v2 + +Then reorder/merge/edit your patches : + + $ git rebase -i master + +When you think you're ready, reread your whole patchset to ensure there is no +formatting or style issue : + + $ git show master.. + +And once you're satisfied, you should update your master branch to be sure that +nothing changed during your work (only needed if you left it unattended for days +or weeks) : + + $ git checkout -b 20150920-fix-stats-rebased + $ git fetch origin master:master + $ git rebase master + +You can build a list of patches ready for submission like this : + + $ git format-patch master + +The output files are the patches ready to be sent over e-mail, either via a +regular e-mail or via git send-email (carefully check the man page). Don't +destroy your other work branches until your patches get merged, it may happen +that earlier designs will be preferred for various reasons. Patches should be +sent to the mailing list : haproxy@formilux.org and CCed to relevant subsystem +maintainers or authors of the modified files if their address appears at the +top of the file. + +Please don't send pull-requests, they are really unconvenient. First, a pull +implies a merge operation and the code doesn't move fast enough to justify the +use of merges. Second, pull requests are not easily commented on by the +project's participants, contrary to e-mails where anyone is allowed to have an +opinion and to express it. + +-- end diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..717e303 --- /dev/null +++ b/LICENSE @@ -0,0 +1,37 @@ +HAPROXY's license - 2006/06/15 + +Historically, haproxy has been covered by GPL version 2. However, an issue +appeared in GPL which will prevent external non-GPL code from being built +using the headers provided with haproxy. My long-term goal is to build a core +system able to load external modules to support specific application protocols. + +Since some protocols are found in rare environments (finance, industry, ...), +some of them might be accessible only after signing an NDA. Enforcing GPL on +such modules would only prevent them from ever being implemented, while not +providing anything useful to ordinary users. + +For this reason, I *want* to be able to support binary only external modules +when needed, with a GPL core and GPL modules for standard protocols, so that +people fixing bugs don't keep them secretly to try to stay over competition. + +The solution was then to apply the LGPL license to the exportable include +files, while keeping the GPL for all the rest. This way, it still is mandatory +to redistribute modified code under customer request, but at the same time, it +is expressly permitted to write, compile, link and load non-GPL code using the +LGPL header files and not to distribute them if it causes a legal problem. + +Of course, users are strongly encouraged to continue the work under GPL as long +as possible, since this license has allowed useful enhancements, contributions +and fixes from talented people around the world. + +Due to the incompatibility between the GPL and the OpenSSL licence, you must +apply the GPL/LGPL licence with the following exception: +This program is released under the GPL with the additional exemption that +compiling, linking, and/or using OpenSSL is allowed. + +The text of the licenses lies in the "doc" directory. All the files provided in +this package are covered by the GPL unless expressly stated otherwise in them. +Every patch or contribution provided by external people will by default comply +with the license of the files it affects, or be rejected. + +Willy Tarreau - w@1wt.eu diff --git a/MAINTAINERS b/MAINTAINERS new file mode 100644 index 0000000..ea0060a --- /dev/null +++ b/MAINTAINERS @@ -0,0 +1,63 @@ +This file contains a list of people who are responsible for certain parts of +the HAProxy project and who have authority on them. This means that these +people have to be consulted before doing any change in the parts they maintain, +including when fixing bugs. These persons are allowed to reject any change on +the parts they maintain, and in parallel they try their best to ensure these +parts work well. Similarly, any change to these parts not being validated by +them will be rejected. + +The best way to deal with such subsystems when sending patches is to send the +patches to the mailing list and to CC these people. When no maintainer is +listed for a subsystem, you can simply send your changes the usual way, and it +is also a sign that if you want to strengthen your skills on certain parts you +can become yourself a maintainer of the parts you care a lot about. + +Please do not ask them to troubleshoot your bugs, it's not their job eventhough +they may occasionally help as time permits. + +List of maintainers +------------------- + +Lua +Maintainer: Thierry Fournier +Files: src/hlua.c, include/*/hlua.h + +Maps and pattern matching +Maintainer: Thierry Fournier +Files: src/maps.c, src/pattern.c, include/*/maps.h, include/*/pattern.h + +DNS +Maintainer: Baptiste Assmann +Files: src/dns.c, include/*/dns.h + +SSL +Maintainer: Emeric Brun +Files: src/ssl_sock.c, include/*/ssl_sock.h + +Peers +Maintainer: Emeric Brun +Files: src/peers.c, include/*/peers.h + +Doc to HTML converter (dconv) +Maintainer: Cyril Bonté +Files: doc/*.txt +Note: ask Cyril before changing any doc's format or structure. + +Health checks +Files: src/checks.c, include/*/checks.h +Maintainers: Simon Horman for external-check, Baptiste Assmann for tcp-check +Note: health checks are fragile and have been broken many times, so please + consult the relevant maintainers if you want to change these specific + parts. + +Mailers +Maintainer: Simon Horman +Files: src/mailers.c, include/*/mailers.h + +DeviceAtlas device identification +Maintainer: David Carlier +Files: src/da.c, include/*/da.h + +51Degrees device identification +Maintainer: Ben Shillito +Files: src/51d.c diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..8927919 --- /dev/null +++ b/Makefile @@ -0,0 +1,913 @@ +# This GNU Makefile supports different OS and CPU combinations. +# +# You should use it this way : +# [g]make TARGET=os ARCH=arch CPU=cpu USE_xxx=1 ... +# +# Valid USE_* options are the following. Most of them are automatically set by +# the TARGET, others have to be explictly specified : +# USE_DLMALLOC : enable use of dlmalloc (see DLMALLOC_SRC) +# USE_EPOLL : enable epoll() on Linux 2.6. Automatic. +# USE_GETSOCKNAME : enable getsockname() on Linux 2.2. Automatic. +# USE_KQUEUE : enable kqueue() on BSD. Automatic. +# USE_MY_EPOLL : redefine epoll_* syscalls. Automatic. +# USE_MY_SPLICE : redefine the splice syscall if build fails without. +# USE_NETFILTER : enable netfilter on Linux. Automatic. +# USE_PCRE : enable use of libpcre for regex. Recommended. +# USE_PCRE_JIT : enable JIT for faster regex on libpcre >= 8.32 +# USE_POLL : enable poll(). Automatic. +# USE_PRIVATE_CACHE : disable shared memory cache of ssl sessions. +# USE_PTHREAD_PSHARED : enable pthread process shared mutex on sslcache. +# USE_REGPARM : enable regparm optimization. Recommended on x86. +# USE_STATIC_PCRE : enable static libpcre. Recommended. +# USE_TPROXY : enable transparent proxy. Automatic. +# USE_LINUX_TPROXY : enable full transparent proxy. Automatic. +# USE_LINUX_SPLICE : enable kernel 2.6 splicing. Automatic. +# USE_LIBCRYPT : enable crypted passwords using -lcrypt +# USE_CRYPT_H : set it if your system requires including crypt.h +# USE_VSYSCALL : enable vsyscall on Linux x86, bypassing libc +# USE_GETADDRINFO : use getaddrinfo() to resolve IPv6 host names. +# USE_OPENSSL : enable use of OpenSSL. Recommended, but see below. +# USE_LUA : enable Lua support. +# USE_FUTEX : enable use of futex on kernel 2.6. Automatic. +# USE_ACCEPT4 : enable use of accept4() on linux. Automatic. +# USE_MY_ACCEPT4 : use own implemention of accept4() if glibc < 2.10. +# USE_ZLIB : enable zlib library support. +# USE_SLZ : enable slz library instead of zlib (pick at most one). +# USE_CPU_AFFINITY : enable pinning processes to CPU on Linux. Automatic. +# USE_TFO : enable TCP fast open. Supported on Linux >= 3.7. +# USE_NS : enable network namespace support. Supported on Linux >= 2.6.24. +# USE_DL : enable it if your system requires -ldl. Automatic on Linux. +# USE_DEVICEATLAS : enable DeviceAtlas api. +# USE_51DEGREES : enable third party device detection library from 51Degrees +# USE_WURFL : enable WURFL detection library from Scientiamobile +# +# Options can be forced by specifying "USE_xxx=1" or can be disabled by using +# "USE_xxx=" (empty string). +# +# Variables useful for packagers : +# CC is set to "gcc" by default and is used for compilation only. +# LD is set to "gcc" by default and is used for linking only. +# ARCH may be useful to force build of 32-bit binary on 64-bit systems +# CFLAGS is automatically set for the specified CPU and may be overridden. +# LDFLAGS is automatically set to -g and may be overridden. +# DEP may be cleared to ignore changes to include files during development +# SMALL_OPTS may be used to specify some options to shrink memory usage. +# DEBUG may be used to set some internal debugging options. +# ADDINC may be used to complete the include path in the form -Ipath. +# ADDLIB may be used to complete the library list in the form -Lpath -llib. +# DEFINE may be used to specify any additional define, which will be reported +# by "haproxy -vv" in CFLAGS. +# SILENT_DEFINE may be used to specify other defines which will not be +# reported by "haproxy -vv". +# EXTRA is used to force building or not building some extra tools. By +# default on Linux 2.6+, it contains "haproxy-systemd-wrapper". +# DESTDIR is not set by default and is used for installation only. +# It might be useful to set DESTDIR if you want to install haproxy +# in a sandbox. +# PREFIX is set to "/usr/local" by default and is used for installation only. +# SBINDIR is set to "$(PREFIX)/sbin" by default and is used for installation +# only. +# MANDIR is set to "$(PREFIX)/share/man" by default and is used for +# installation only. +# DOCDIR is set to "$(PREFIX)/doc/haproxy" by default and is used for +# installation only. +# +# Other variables : +# DLMALLOC_SRC : build with dlmalloc, indicate the location of dlmalloc.c. +# DLMALLOC_THRES : should match PAGE_SIZE on every platform (default: 4096). +# PCREDIR : force the path to libpcre. +# PCRE_LIB : force the lib path to libpcre (defaults to $PCREDIR/lib). +# PCRE_INC : force the include path to libpcre ($PCREDIR/inc) +# SSL_LIB : force the lib path to libssl/libcrypto +# SSL_INC : force the include path to libssl/libcrypto +# LUA_LIB : force the lib path to lua +# LUA_INC : force the include path to lua +# LUA_LIB_NAME : force the lib name (or automatically evaluated, by order of +# priority : lua5.3, lua53, lua). +# IGNOREGIT : ignore GIT commit versions if set. +# VERSION : force haproxy version reporting. +# SUBVERS : add a sub-version (eg: platform, model, ...). +# VERDATE : force haproxy's release date. + +#### Installation options. +DESTDIR = +PREFIX = /usr/local +SBINDIR = $(PREFIX)/sbin +MANDIR = $(PREFIX)/share/man +DOCDIR = $(PREFIX)/doc/haproxy + +#### TARGET system +# Use TARGET= to optimize for a specifc target OS among the +# following list (use the default "generic" if uncertain) : +# generic, linux22, linux24, linux24e, linux26, solaris, +# freebsd, openbsd, netbsd, cygwin, haiku, custom, aix51, aix52 +TARGET = + +#### TARGET CPU +# Use CPU= to optimize for a particular CPU, among the following +# list : +# generic, native, i586, i686, ultrasparc, custom +CPU = generic + +#### Architecture, used when not building for native architecture +# Use ARCH= to force build for a specific architecture. Known +# architectures will lead to "-m32" or "-m64" being added to CFLAGS and +# LDFLAGS. This can be required to build 32-bit binaries on 64-bit targets. +# Currently, only 32, 64, x86_64, i386, i486, i586 and i686 are understood. +ARCH = + +#### Toolchain options. +# GCC is normally used both for compiling and linking. +CC = gcc +LD = $(CC) + +#### Debug flags (typically "-g"). +# Those flags only feed CFLAGS so it is not mandatory to use this form. +DEBUG_CFLAGS = -g + +#### Compiler-specific flags that may be used to disable some negative over- +# optimization or to silence some warnings. -fno-strict-aliasing is needed with +# gcc >= 4.4. +SPEC_CFLAGS = -fno-strict-aliasing -Wdeclaration-after-statement + +#### Memory usage tuning +# If small memory footprint is required, you can reduce the buffer size. There +# are 2 buffers per concurrent session, so 16 kB buffers will eat 32 MB memory +# with 1000 concurrent sessions. Putting it slightly lower than a page size +# will prevent the additional parameters to go beyond a page. 8030 bytes is +# exactly 5.5 TCP segments of 1460 bytes and is generally good. Useful tuning +# macros include : +# SYSTEM_MAXCONN, BUFSIZE, MAXREWRITE, REQURI_LEN, CAPTURE_LEN. +# Example: SMALL_OPTS = -DBUFSIZE=8030 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=1024 +SMALL_OPTS = + +#### Debug settings +# You can enable debugging on specific code parts by setting DEBUG=-DDEBUG_xxx. +# Currently defined DEBUG macros include DEBUG_FULL, DEBUG_MEMORY, DEBUG_FSM, +# DEBUG_HASH, DEBUG_AUTH and DEBUG_SPOE. Please check sources for exact meaning +# or do not use at all. +DEBUG = + +#### Trace options +# Use TRACE=1 to trace function calls to file "trace.out" or to stderr if not +# possible. +TRACE = + +#### Additional include and library dirs +# Redefine this if you want to add some special PATH to include/libs +ADDINC = +ADDLIB = + +#### Specific macro definitions +# Use DEFINE=-Dxxx to set any tunable macro. Anything declared here will appear +# in the build options reported by "haproxy -vv". Use SILENT_DEFINE if you do +# not want to pollute the report with complex defines. +# The following settings might be of interest when SSL is enabled : +# LISTEN_DEFAULT_CIPHERS is a cipher suite string used to set the default SSL +# ciphers on "bind" lines instead of using OpenSSL's defaults. +# CONNECT_DEFAULT_CIPHERS is a cipher suite string used to set the default +# SSL ciphers on "server" lines instead of using OpenSSL's defaults. +DEFINE = +SILENT_DEFINE = + +#### extra programs to build (eg: haproxy-systemd-wrapper) +# Force this to enable building extra programs or to disable them. +# It's automatically appended depending on the targets. +EXTRA = + +#### CPU dependant optimizations +# Some CFLAGS are set by default depending on the target CPU. Those flags only +# feed CPU_CFLAGS, which in turn feed CFLAGS, so it is not mandatory to use +# them. You should not have to change these options. Better use CPU_CFLAGS or +# even CFLAGS instead. +CPU_CFLAGS.generic = -O2 +CPU_CFLAGS.native = -O2 -march=native +CPU_CFLAGS.i586 = -O2 -march=i586 +CPU_CFLAGS.i686 = -O2 -march=i686 +CPU_CFLAGS.ultrasparc = -O6 -mcpu=v9 -mtune=ultrasparc +CPU_CFLAGS = $(CPU_CFLAGS.$(CPU)) + +#### ARCH dependant flags, may be overriden by CPU flags +ARCH_FLAGS.32 = -m32 +ARCH_FLAGS.64 = -m64 +ARCH_FLAGS.i386 = -m32 -march=i386 +ARCH_FLAGS.i486 = -m32 -march=i486 +ARCH_FLAGS.i586 = -m32 -march=i586 +ARCH_FLAGS.i686 = -m32 -march=i686 +ARCH_FLAGS.x86_64 = -m64 -march=x86-64 +ARCH_FLAGS = $(ARCH_FLAGS.$(ARCH)) + +#### Common CFLAGS +# These CFLAGS contain general optimization options, CPU-specific optimizations +# and debug flags. They may be overridden by some distributions which prefer to +# set all of them at once instead of playing with the CPU and DEBUG variables. +CFLAGS = $(ARCH_FLAGS) $(CPU_CFLAGS) $(DEBUG_CFLAGS) $(SPEC_CFLAGS) + +#### Common LDFLAGS +# These LDFLAGS are used as the first "ld" options, regardless of any library +# path or any other option. They may be changed to add any linker-specific +# option at the beginning of the ld command line. +LDFLAGS = $(ARCH_FLAGS) -g + +#### Target system options +# Depending on the target platform, some options are set, as well as some +# CFLAGS and LDFLAGS. The USE_* values are set to "implicit" so that they are +# not reported in the build options string. You should not have to change +# anything there. poll() is always supported, unless explicitly disabled by +# passing USE_POLL="" on the make command line. +USE_POLL = default + +ifeq ($(TARGET),generic) + # generic system target has nothing specific + USE_POLL = implicit + USE_TPROXY = implicit +else +ifeq ($(TARGET),haiku) + # For Haiku + TARGET_LDFLAGS = -lnetwork + USE_POLL = implicit + USE_TPROXY = implicit +else +ifeq ($(TARGET),linux22) + # This is for Linux 2.2 + USE_GETSOCKNAME = implicit + USE_POLL = implicit + USE_TPROXY = implicit + USE_LIBCRYPT = implicit + USE_DL = implicit +else +ifeq ($(TARGET),linux24) + # This is for standard Linux 2.4 with netfilter but without epoll() + USE_GETSOCKNAME = implicit + USE_NETFILTER = implicit + USE_POLL = implicit + USE_TPROXY = implicit + USE_LIBCRYPT = implicit + USE_DL = implicit +else +ifeq ($(TARGET),linux24e) + # This is for enhanced Linux 2.4 with netfilter and epoll() patch > 0.21 + USE_GETSOCKNAME = implicit + USE_NETFILTER = implicit + USE_POLL = implicit + USE_EPOLL = implicit + USE_MY_EPOLL = implicit + USE_TPROXY = implicit + USE_LIBCRYPT = implicit + USE_DL = implicit +else +ifeq ($(TARGET),linux26) + # This is for standard Linux 2.6 with netfilter and standard epoll() + USE_GETSOCKNAME = implicit + USE_NETFILTER = implicit + USE_POLL = implicit + USE_EPOLL = implicit + USE_TPROXY = implicit + USE_LIBCRYPT = implicit + USE_FUTEX = implicit + EXTRA += haproxy-systemd-wrapper + USE_DL = implicit +else +ifeq ($(TARGET),linux2628) + # This is for standard Linux >= 2.6.28 with netfilter, epoll, tproxy and splice + USE_GETSOCKNAME = implicit + USE_NETFILTER = implicit + USE_POLL = implicit + USE_EPOLL = implicit + USE_TPROXY = implicit + USE_LIBCRYPT = implicit + USE_LINUX_SPLICE= implicit + USE_LINUX_TPROXY= implicit + USE_ACCEPT4 = implicit + USE_FUTEX = implicit + USE_CPU_AFFINITY= implicit + ASSUME_SPLICE_WORKS= implicit + EXTRA += haproxy-systemd-wrapper + USE_DL = implicit +else +ifeq ($(TARGET),solaris) + # This is for Solaris 8 + # We also enable getaddrinfo() which works since solaris 8. + USE_POLL = implicit + TARGET_CFLAGS = -fomit-frame-pointer -DFD_SETSIZE=65536 -D_REENTRANT + TARGET_LDFLAGS = -lnsl -lsocket + USE_TPROXY = implicit + USE_LIBCRYPT = implicit + USE_CRYPT_H = implicit + USE_GETADDRINFO = implicit +else +ifeq ($(TARGET),freebsd) + # This is for FreeBSD + USE_POLL = implicit + USE_KQUEUE = implicit + USE_TPROXY = implicit + USE_LIBCRYPT = implicit +else +ifeq ($(TARGET),osx) + # This is for Mac OS/X + USE_POLL = implicit + USE_KQUEUE = implicit + USE_TPROXY = implicit +else +ifeq ($(TARGET),openbsd) + # This is for OpenBSD >= 5.7 + USE_POLL = implicit + USE_KQUEUE = implicit + USE_TPROXY = implicit + USE_ACCEPT4 = implicit +else +ifeq ($(TARGET),netbsd) + # This is for NetBSD + USE_POLL = implicit + USE_KQUEUE = implicit + USE_TPROXY = implicit +else +ifeq ($(TARGET),aix51) + # This is for AIX 5.1 + USE_POLL = implicit + USE_LIBCRYPT = implicit + TARGET_CFLAGS = -Dss_family=__ss_family + DEBUG_CFLAGS = +else +ifeq ($(TARGET),aix52) + # This is for AIX 5.2 and later + USE_POLL = implicit + USE_LIBCRYPT = implicit + TARGET_CFLAGS = -D_MSGQSUPPORT + DEBUG_CFLAGS = +else +ifeq ($(TARGET),cygwin) + # This is for Cygwin + # Cygwin adds IPv6 support only in version 1.7 (in beta right now). + USE_POLL = implicit + USE_TPROXY = implicit + TARGET_CFLAGS = $(if $(filter 1.5.%, $(shell uname -r)), -DUSE_IPV6 -DAF_INET6=23 -DINET6_ADDRSTRLEN=46, ) +endif # cygwin +endif # aix52 +endif # aix51 +endif # netbsd +endif # openbsd +endif # osx +endif # freebsd +endif # solaris +endif # linux2628 +endif # linux26 +endif # linux24e +endif # linux24 +endif # linux22 +endif # haiku +endif # generic + + +#### Old-style REGEX library settings for compatibility with previous setups. +# It is still possible to use REGEX= to select an alternative regex +# library. By default, we use libc's regex. On Solaris 8/Sparc, grouping seems +# to be broken using libc, so consider using pcre instead. Supported values are +# "libc", "pcre", and "static-pcre". Use of this method is deprecated in favor +# of "USE_PCRE" and "USE_STATIC_PCRE" (see build options below). +REGEX = libc + +ifeq ($(REGEX),pcre) +USE_PCRE = 1 +$(warning WARNING! use of "REGEX=pcre" is deprecated, consider using "USE_PCRE=1" instead.) +endif + +ifeq ($(REGEX),static-pcre) +USE_STATIC_PCRE = 1 +$(warning WARNING! use of "REGEX=pcre-static" is deprecated, consider using "USE_STATIC_PCRE=1" instead.) +endif + +#### Old-style TPROXY settings +ifneq ($(findstring -DTPROXY,$(DEFINE)),) +USE_TPROXY = 1 +$(warning WARNING! use of "DEFINE=-DTPROXY" is deprecated, consider using "USE_TPROXY=1" instead.) +endif + + +#### Determine version, sub-version and release date. +# If GIT is found, and IGNOREGIT is not set, VERSION, SUBVERS and VERDATE are +# extracted from the last commit. Otherwise, use the contents of the files +# holding the same names in the current directory. + +ifeq ($(IGNOREGIT),) +VERSION := $(shell [ -d .git/. ] && ref=`(git describe --tags --match 'v*' --abbrev=0) 2>/dev/null` && ref=$${ref%-g*} && echo "$${ref\#v}") +ifneq ($(VERSION),) +# OK git is there and works. +SUBVERS := $(shell comms=`git log --format=oneline --no-merges v$(VERSION).. 2>/dev/null | wc -l | tr -dc '0-9'`; commit=`(git log -1 --pretty=%h --abbrev=6) 2>/dev/null`; [ $$comms -gt 0 ] && echo "-$$commit-$$comms") +VERDATE := $(shell git log -1 --pretty=format:%ci | cut -f1 -d' ' | tr '-' '/') +endif +endif + +# Last commit version not found, take it from the files. +ifeq ($(VERSION),) +VERSION := $(shell cat VERSION 2>/dev/null || touch VERSION) +endif +ifeq ($(SUBVERS),) +SUBVERS := $(shell (grep -v '\$$Format' SUBVERS 2>/dev/null || touch SUBVERS) | head -n 1) +endif +ifeq ($(VERDATE),) +VERDATE := $(shell (grep -v '^\$$Format' VERDATE 2>/dev/null || touch VERDATE) | head -n 1 | cut -f1 -d' ' | tr '-' '/') +endif + +#### Build options +# Do not change these ones, enable USE_* variables instead. +OPTIONS_CFLAGS = +OPTIONS_LDFLAGS = +OPTIONS_OBJS = + +# This variable collects all USE_* values except those set to "implicit". This +# is used to report a list of all flags which were used to build this version. +# Do not assign anything to it. +BUILD_OPTIONS = + +# Return USE_xxx=$(USE_xxx) unless $(USE_xxx) = "implicit" +# Usage: +# BUILD_OPTIONS += $(call ignore_implicit,USE_xxx) +ignore_implicit = $(patsubst %=implicit,,$(1)=$($(1))) + +ifneq ($(USE_TCPSPLICE),) +$(error experimental option USE_TCPSPLICE has been removed, check USE_LINUX_SPLICE) +endif + +ifneq ($(USE_LINUX_SPLICE),) +OPTIONS_CFLAGS += -DCONFIG_HAP_LINUX_SPLICE +BUILD_OPTIONS += $(call ignore_implicit,USE_LINUX_SPLICE) +endif + +ifneq ($(USE_TPROXY),) +OPTIONS_CFLAGS += -DTPROXY +BUILD_OPTIONS += $(call ignore_implicit,USE_TPROXY) +endif + +ifneq ($(USE_LINUX_TPROXY),) +OPTIONS_CFLAGS += -DCONFIG_HAP_LINUX_TPROXY +BUILD_OPTIONS += $(call ignore_implicit,USE_LINUX_TPROXY) +endif + +ifneq ($(USE_LIBCRYPT),) +OPTIONS_CFLAGS += -DCONFIG_HAP_CRYPT +BUILD_OPTIONS += $(call ignore_implicit,USE_LIBCRYPT) +OPTIONS_LDFLAGS += -lcrypt +endif + +ifneq ($(USE_CRYPT_H),) +OPTIONS_CFLAGS += -DNEED_CRYPT_H +BUILD_OPTIONS += $(call ignore_implicit,USE_CRYPT_H) +endif + +ifneq ($(USE_GETADDRINFO),) +OPTIONS_CFLAGS += -DUSE_GETADDRINFO +BUILD_OPTIONS += $(call ignore_implicit,USE_GETADDRINFO) +endif + +ifneq ($(USE_SLZ),) +# Use SLZ_INC and SLZ_LIB to force path to zlib.h and libz.{a,so} if needed. +SLZ_INC = +SLZ_LIB = +OPTIONS_CFLAGS += -DUSE_SLZ $(if $(SLZ_INC),-I$(SLZ_INC)) +BUILD_OPTIONS += $(call ignore_implicit,USE_SLZ) +OPTIONS_LDFLAGS += $(if $(SLZ_LIB),-L$(SLZ_LIB)) -lslz +endif + +ifneq ($(USE_ZLIB),) +# Use ZLIB_INC and ZLIB_LIB to force path to zlib.h and libz.{a,so} if needed. +ZLIB_INC = +ZLIB_LIB = +OPTIONS_CFLAGS += -DUSE_ZLIB $(if $(ZLIB_INC),-I$(ZLIB_INC)) +BUILD_OPTIONS += $(call ignore_implicit,USE_ZLIB) +OPTIONS_LDFLAGS += $(if $(ZLIB_LIB),-L$(ZLIB_LIB)) -lz +endif + +ifneq ($(USE_POLL),) +OPTIONS_CFLAGS += -DENABLE_POLL +OPTIONS_OBJS += src/ev_poll.o +BUILD_OPTIONS += $(call ignore_implicit,USE_POLL) +endif + +ifneq ($(USE_EPOLL),) +OPTIONS_CFLAGS += -DENABLE_EPOLL +OPTIONS_OBJS += src/ev_epoll.o +BUILD_OPTIONS += $(call ignore_implicit,USE_EPOLL) +endif + +ifneq ($(USE_MY_EPOLL),) +OPTIONS_CFLAGS += -DUSE_MY_EPOLL +BUILD_OPTIONS += $(call ignore_implicit,USE_MY_EPOLL) +endif + +ifneq ($(USE_KQUEUE),) +OPTIONS_CFLAGS += -DENABLE_KQUEUE +OPTIONS_OBJS += src/ev_kqueue.o +BUILD_OPTIONS += $(call ignore_implicit,USE_KQUEUE) +endif + +ifneq ($(USE_VSYSCALL),) +OPTIONS_OBJS += src/i386-linux-vsys.o +OPTIONS_CFLAGS += -DCONFIG_HAP_LINUX_VSYSCALL +BUILD_OPTIONS += $(call ignore_implicit,USE_VSYSCALL) +endif + +ifneq ($(USE_CPU_AFFINITY),) +OPTIONS_CFLAGS += -DUSE_CPU_AFFINITY +BUILD_OPTIONS += $(call ignore_implicit,USE_CPU_AFFINITY) +endif + +ifneq ($(USE_MY_SPLICE),) +OPTIONS_CFLAGS += -DUSE_MY_SPLICE +BUILD_OPTIONS += $(call ignore_implicit,USE_MY_SPLICE) +endif + +ifneq ($(ASSUME_SPLICE_WORKS),) +OPTIONS_CFLAGS += -DASSUME_SPLICE_WORKS +BUILD_OPTIONS += $(call ignore_implicit,ASSUME_SPLICE_WORKS) +endif + +ifneq ($(USE_ACCEPT4),) +OPTIONS_CFLAGS += -DUSE_ACCEPT4 +BUILD_OPTIONS += $(call ignore_implicit,USE_ACCEPT4) +endif + +ifneq ($(USE_MY_ACCEPT4),) +OPTIONS_CFLAGS += -DUSE_MY_ACCEPT4 +BUILD_OPTIONS += $(call ignore_implicit,USE_MY_ACCEPT4) +endif + +ifneq ($(USE_NETFILTER),) +OPTIONS_CFLAGS += -DNETFILTER +BUILD_OPTIONS += $(call ignore_implicit,USE_NETFILTER) +endif + +ifneq ($(USE_GETSOCKNAME),) +OPTIONS_CFLAGS += -DUSE_GETSOCKNAME +BUILD_OPTIONS += $(call ignore_implicit,USE_GETSOCKNAME) +endif + +ifneq ($(USE_REGPARM),) +OPTIONS_CFLAGS += -DCONFIG_REGPARM=3 +BUILD_OPTIONS += $(call ignore_implicit,USE_REGPARM) +endif + +ifneq ($(USE_DL),) +BUILD_OPTIONS += $(call ignore_implicit,USE_DL) +OPTIONS_LDFLAGS += -ldl +endif + +# report DLMALLOC_SRC only if explicitly specified +ifneq ($(DLMALLOC_SRC),) +BUILD_OPTIONS += DLMALLOC_SRC=$(DLMALLOC_SRC) +endif + +ifneq ($(USE_DLMALLOC),) +BUILD_OPTIONS += $(call ignore_implicit,USE_DLMALLOC) +ifeq ($(DLMALLOC_SRC),) +DLMALLOC_SRC=src/dlmalloc.c +endif +endif + +ifneq ($(DLMALLOC_SRC),) +# DLMALLOC_THRES may be changed to match PAGE_SIZE on every platform +DLMALLOC_THRES = 4096 +OPTIONS_OBJS += src/dlmalloc.o +endif + +ifneq ($(USE_OPENSSL),) +# OpenSSL is packaged in various forms and with various dependencies. +# In general -lssl is enough, but on some platforms, -lcrypto may be needed, +# reason why it's added by default. Some even need -lz, then you'll need to +# pass it in the "ADDLIB" variable if needed. If your SSL libraries are not +# in the usual path, use SSL_INC=/path/to/inc and SSL_LIB=/path/to/lib. +BUILD_OPTIONS += $(call ignore_implicit,USE_OPENSSL) +OPTIONS_CFLAGS += -DUSE_OPENSSL $(if $(SSL_INC),-I$(SSL_INC)) +OPTIONS_LDFLAGS += $(if $(SSL_LIB),-L$(SSL_LIB)) -lssl -lcrypto +ifneq ($(USE_DL),) +OPTIONS_LDFLAGS += -ldl +endif +OPTIONS_OBJS += src/ssl_sock.o src/shctx.o +ifneq ($(USE_PRIVATE_CACHE),) +OPTIONS_CFLAGS += -DUSE_PRIVATE_CACHE +else +ifneq ($(USE_PTHREAD_PSHARED),) +OPTIONS_CFLAGS += -DUSE_PTHREAD_PSHARED +OPTIONS_LDFLAGS += -lpthread +else +ifneq ($(USE_FUTEX),) +OPTIONS_CFLAGS += -DUSE_SYSCALL_FUTEX +endif +endif +endif +endif + +ifneq ($(USE_LUA),) +check_lua_lib = $(shell echo "int main(){}" | $(CC) -o /dev/null -x c - $(2) -l$(1) 2>/dev/null && echo $(1)) + +BUILD_OPTIONS += $(call ignore_implicit,USE_LUA) +OPTIONS_CFLAGS += -DUSE_LUA $(if $(LUA_INC),-I$(LUA_INC)) +LUA_LD_FLAGS := -Wl,--export-dynamic $(if $(LUA_LIB),-L$(LUA_LIB)) +ifeq ($(LUA_LIB_NAME),) +# Try to automatically detect the Lua library +LUA_LIB_NAME := $(firstword $(foreach lib,lua5.3 lua53 lua,$(call check_lua_lib,$(lib),$(LUA_LD_FLAGS)))) +ifeq ($(LUA_LIB_NAME),) +$(error unable to automatically detect the Lua library name, you can enforce its name with LUA_LIB_NAME= (where can be lua5.3, lua53, lua, ...)) +endif +endif + +OPTIONS_LDFLAGS += $(LUA_LD_FLAGS) -l$(LUA_LIB_NAME) -lm +ifneq ($(USE_DL),) +OPTIONS_LDFLAGS += -ldl +endif +OPTIONS_OBJS += src/hlua.o src/hlua_fcn.o +endif + +ifneq ($(USE_DEVICEATLAS),) +ifeq ($(USE_PCRE),) +$(error the DeviceAtlas module needs the PCRE library in order to compile) +endif +# Use DEVICEATLAS_SRC and possibly DEVICEATLAS_INC and DEVICEATLAS_LIB to force path +# to DeviceAtlas headers and libraries if needed. +DEVICEATLAS_SRC = +DEVICEATLAS_INC = $(DEVICEATLAS_SRC) +DEVICEATLAS_LIB = $(DEVICEATLAS_SRC) +ifeq ($(DEVICEATLAS_SRC),) +OPTIONS_LDFLAGS += -lda +else +OPTIONS_OBJS += $(DEVICEATLAS_LIB)/json.o +OPTIONS_OBJS += $(DEVICEATLAS_LIB)/dac.o +endif +OPTIONS_OBJS += src/da.o +OPTIONS_CFLAGS += -DUSE_DEVICEATLAS $(if $(DEVICEATLAS_INC),-I$(DEVICEATLAS_INC)) +BUILD_OPTIONS += $(call ignore_implicit,USE_DEVICEATLAS) +endif + +ifneq ($(USE_51DEGREES),) +# Use 51DEGREES_SRC and possibly 51DEGREES_INC and 51DEGREES_LIB to force path +# to 51degrees headers and libraries if needed. +51DEGREES_SRC = +51DEGREES_INC = $(51DEGREES_SRC) +51DEGREES_LIB = $(51DEGREES_SRC) +OPTIONS_OBJS += $(51DEGREES_LIB)/../cityhash/city.o +OPTIONS_OBJS += $(51DEGREES_LIB)/51Degrees.o +OPTIONS_OBJS += src/51d.o +OPTIONS_CFLAGS += -DUSE_51DEGREES -DFIFTYONEDEGREES_NO_THREADING $(if $(51DEGREES_INC),-I$(51DEGREES_INC)) +BUILD_OPTIONS += $(call ignore_implicit,USE_51DEGREES) +OPTIONS_LDFLAGS += $(if $(51DEGREES_LIB),-L$(51DEGREES_LIB)) -lm +endif + +ifneq ($(USE_WURFL),) +# Use WURFL_SRC and possibly WURFL_INC and WURFL_LIB to force path +# to WURFL headers and libraries if needed. +WURFL_SRC = +WURFL_INC = $(WURFL_SRC) +WURFL_LIB = $(WURFL_SRC) +OPTIONS_OBJS += src/wurfl.o +OPTIONS_CFLAGS += -DUSE_WURFL $(if $(WURFL_INC),-I$(WURFL_INC)) +ifneq ($(WURFL_DEBUG),) +OPTIONS_CFLAGS += -DWURFL_DEBUG +endif +ifneq ($(WURFL_HEADER_WITH_DETAILS),) +OPTIONS_CFLAGS += -DWURFL_HEADER_WITH_DETAILS +endif +BUILD_OPTIONS += $(call ignore_implicit,USE_WURFL) +OPTIONS_LDFLAGS += $(if $(WURFL_LIB),-L$(WURFL_LIB)) -lwurfl +endif + +ifneq ($(USE_PCRE)$(USE_STATIC_PCRE)$(USE_PCRE_JIT),) +# PCREDIR is used to automatically construct the PCRE_INC and PCRE_LIB paths, +# by appending /include and /lib respectively. If your system does not use the +# same sub-directories, simply force these variables instead of PCREDIR. It is +# automatically detected but can be forced if required (for cross-compiling). +# Forcing PCREDIR to an empty string will let the compiler use the default +# locations. + +PCREDIR := $(shell pcre-config --prefix 2>/dev/null || echo /usr/local) +ifneq ($(PCREDIR),) +PCRE_INC := $(PCREDIR)/include +PCRE_LIB := $(PCREDIR)/lib +endif + +ifeq ($(USE_STATIC_PCRE),) +# dynamic PCRE +OPTIONS_CFLAGS += -DUSE_PCRE $(if $(PCRE_INC),-I$(PCRE_INC)) +OPTIONS_LDFLAGS += $(if $(PCRE_LIB),-L$(PCRE_LIB)) -lpcreposix -lpcre +BUILD_OPTIONS += $(call ignore_implicit,USE_PCRE) +else +# static PCRE +OPTIONS_CFLAGS += -DUSE_PCRE $(if $(PCRE_INC),-I$(PCRE_INC)) +OPTIONS_LDFLAGS += $(if $(PCRE_LIB),-L$(PCRE_LIB)) -Wl,-Bstatic -lpcreposix -lpcre -Wl,-Bdynamic +BUILD_OPTIONS += $(call ignore_implicit,USE_STATIC_PCRE) +endif +# JIT PCRE +ifneq ($(USE_PCRE_JIT),) +OPTIONS_CFLAGS += -DUSE_PCRE_JIT +BUILD_OPTIONS += $(call ignore_implicit,USE_PCRE_JIT) +endif +endif + +# TCP Fast Open +ifneq ($(USE_TFO),) +OPTIONS_CFLAGS += -DUSE_TFO +BUILD_OPTIONS += $(call ignore_implicit,USE_TFO) +endif + +# This one can be changed to look for ebtree files in an external directory +EBTREE_DIR := ebtree + +#### Global compile options +VERBOSE_CFLAGS = $(CFLAGS) $(TARGET_CFLAGS) $(SMALL_OPTS) $(DEFINE) +COPTS = -Iinclude -I$(EBTREE_DIR) -Wall +COPTS += $(CFLAGS) $(TARGET_CFLAGS) $(SMALL_OPTS) $(DEFINE) $(SILENT_DEFINE) +COPTS += $(DEBUG) $(OPTIONS_CFLAGS) $(ADDINC) + +ifneq ($(VERSION)$(SUBVERS),) +COPTS += -DCONFIG_HAPROXY_VERSION=\"$(VERSION)$(SUBVERS)\" +endif + +ifneq ($(VERDATE),) +COPTS += -DCONFIG_HAPROXY_DATE=\"$(VERDATE)\" +endif + +ifneq ($(TRACE),) +# if tracing is enabled, we want it to be as fast as possible +TRACE_COPTS := $(filter-out -O0 -O1 -O2 -pg -finstrument-functions,$(COPTS)) -O3 -fomit-frame-pointer +COPTS += -finstrument-functions +endif + +ifneq ($(USE_NS),) +OPTIONS_CFLAGS += -DCONFIG_HAP_NS +BUILD_OPTIONS += $(call ignore_implicit,USE_NS) +endif + +#### Global link options +# These options are added at the end of the "ld" command line. Use LDFLAGS to +# add options at the beginning of the "ld" command line if needed. +LDOPTS = $(TARGET_LDFLAGS) $(OPTIONS_LDFLAGS) $(ADDLIB) + +ifeq ($(TARGET),) +all: + @echo + @echo "Due to too many reports of suboptimized setups, building without" + @echo "specifying the target is no longer supported. Please specify the" + @echo "target OS in the TARGET variable, in the following form:" + @echo + @echo " $ make TARGET=xxx" + @echo + @echo "Please choose the target among the following supported list :" + @echo + @echo " linux2628, linux26, linux24, linux24e, linux22, solaris" + @echo " freebsd, openbsd, cygwin, custom, generic" + @echo + @echo "Use \"generic\" if you don't want any optimization, \"custom\" if you" + @echo "want to precisely tweak every option, or choose the target which" + @echo "matches your OS the most in order to gain the maximum performance" + @echo "out of it. Please check the Makefile in case of doubts." + @echo + @exit 1 +else +all: haproxy $(EXTRA) +endif + +OBJS = src/haproxy.o src/base64.o src/protocol.o \ + src/uri_auth.o src/standard.o src/buffer.o src/log.o src/task.o \ + src/chunk.o src/channel.o src/listener.o src/lru.o src/xxhash.o \ + src/time.o src/fd.o src/pipe.o src/regex.o src/cfgparse.o src/server.o \ + src/checks.o src/queue.o src/frontend.o src/proxy.o src/peers.o \ + src/arg.o src/stick_table.o src/proto_uxst.o src/connection.o \ + src/proto_http.o src/raw_sock.o src/backend.o src/tcp_rules.o \ + src/lb_chash.o src/lb_fwlc.o src/lb_fwrr.o src/lb_map.o src/lb_fas.o \ + src/stream_interface.o src/stats.o src/proto_tcp.o src/applet.o \ + src/session.o src/stream.o src/hdr_idx.o src/ev_select.o src/signal.o \ + src/acl.o src/sample.o src/memory.o src/freq_ctr.o src/auth.o src/proto_udp.o \ + src/compression.o src/payload.o src/hash.o src/pattern.o src/map.o \ + src/namespace.o src/mailers.o src/dns.o src/vars.o src/filters.o \ + src/flt_http_comp.o src/flt_trace.o src/flt_spoe.o src/cli.o + +EBTREE_OBJS = $(EBTREE_DIR)/ebtree.o \ + $(EBTREE_DIR)/eb32tree.o $(EBTREE_DIR)/eb64tree.o \ + $(EBTREE_DIR)/ebmbtree.o $(EBTREE_DIR)/ebsttree.o \ + $(EBTREE_DIR)/ebimtree.o $(EBTREE_DIR)/ebistree.o + +ifneq ($(TRACE),) +OBJS += src/trace.o +endif + +WRAPPER_OBJS = src/haproxy-systemd-wrapper.o + +# Not used right now +LIB_EBTREE = $(EBTREE_DIR)/libebtree.a + +# Used only for forced dependency checking. May be cleared during development. +INCLUDES = $(wildcard include/*/*.h ebtree/*.h) +DEP = $(INCLUDES) .build_opts + +# Used only to force a rebuild if some build options change +.build_opts: $(shell rm -f .build_opts.new; echo \'$(TARGET) $(BUILD_OPTIONS) $(VERBOSE_CFLAGS)\' > .build_opts.new; if cmp -s .build_opts .build_opts.new; then rm -f .build_opts.new; else mv -f .build_opts.new .build_opts; fi) + +haproxy: $(OBJS) $(OPTIONS_OBJS) $(EBTREE_OBJS) + $(LD) $(LDFLAGS) -o $@ $^ $(LDOPTS) + +haproxy-systemd-wrapper: $(WRAPPER_OBJS) + $(LD) $(LDFLAGS) -o $@ $^ $(LDOPTS) + +$(LIB_EBTREE): $(EBTREE_OBJS) + $(AR) rv $@ $^ + +objsize: haproxy + @objdump -t $^|grep ' g '|grep -F '.text'|awk '{print $$5 FS $$6}'|sort + +%.o: %.c $(DEP) + $(CC) $(COPTS) -c -o $@ $< + +src/trace.o: src/trace.c $(DEP) + $(CC) $(TRACE_COPTS) -c -o $@ $< + +src/haproxy.o: src/haproxy.c $(DEP) + $(CC) $(COPTS) \ + -DBUILD_TARGET='"$(strip $(TARGET))"' \ + -DBUILD_ARCH='"$(strip $(ARCH))"' \ + -DBUILD_CPU='"$(strip $(CPU))"' \ + -DBUILD_CC='"$(strip $(CC))"' \ + -DBUILD_CFLAGS='"$(strip $(VERBOSE_CFLAGS))"' \ + -DBUILD_OPTIONS='"$(strip $(BUILD_OPTIONS))"' \ + -c -o $@ $< + +src/haproxy-systemd-wrapper.o: src/haproxy-systemd-wrapper.c $(DEP) + $(CC) $(COPTS) \ + -DSBINDIR='"$(strip $(SBINDIR))"' \ + -c -o $@ $< + +src/dlmalloc.o: $(DLMALLOC_SRC) $(DEP) + $(CC) $(COPTS) -DDEFAULT_MMAP_THRESHOLD=$(DLMALLOC_THRES) -c -o $@ $< + +install-man: + install -d "$(DESTDIR)$(MANDIR)"/man1 + install -m 644 doc/haproxy.1 "$(DESTDIR)$(MANDIR)"/man1 + +EXCLUDE_DOCUMENTATION = lgpl gpl coding-style +DOCUMENTATION = $(filter-out $(EXCLUDE_DOCUMENTATION),$(patsubst doc/%.txt,%,$(wildcard doc/*.txt))) + +install-doc: + install -d "$(DESTDIR)$(DOCDIR)" + for x in $(DOCUMENTATION); do \ + install -m 644 doc/$$x.txt "$(DESTDIR)$(DOCDIR)" ; \ + done + +install-bin: + @for i in haproxy $(EXTRA); do \ + if ! [ -e "$$i" ]; then \ + echo "Please run 'make' before 'make install'."; \ + exit 1; \ + fi; \ + done + install -d "$(DESTDIR)$(SBINDIR)" + install haproxy $(EXTRA) "$(DESTDIR)$(SBINDIR)" + +install: install-bin install-man install-doc + +uninstall: + rm -f "$(DESTDIR)$(MANDIR)"/man1/haproxy.1 + for x in $(DOCUMENTATION); do \ + rm -f "$(DESTDIR)$(DOCDIR)"/$$x.txt ; \ + done + -rmdir "$(DESTDIR)$(DOCDIR)" + rm -f "$(DESTDIR)$(SBINDIR)"/haproxy + rm -f "$(DESTDIR)$(SBINDIR)"/haproxy-systemd-wrapper + +clean: + rm -f *.[oas] src/*.[oas] ebtree/*.[oas] haproxy test .build_opts .build_opts.new + for dir in . src include/* doc ebtree; do rm -f $$dir/*~ $$dir/*.rej $$dir/core; done + rm -f haproxy-$(VERSION).tar.gz haproxy-$(VERSION)$(SUBVERS).tar.gz + rm -f haproxy-$(VERSION) haproxy-$(VERSION)$(SUBVERS) nohup.out gmon.out + rm -f haproxy-systemd-wrapper + +tags: + find src include \( -name '*.c' -o -name '*.h' \) -print0 | \ + xargs -0 etags --declarations --members + +cscope: + find src include -name "*.[ch]" -print | cscope -q -b -i - + +tar: clean + ln -s . haproxy-$(VERSION)$(SUBVERS) + tar --exclude=haproxy-$(VERSION)$(SUBVERS)/.git \ + --exclude=haproxy-$(VERSION)$(SUBVERS)/haproxy-$(VERSION)$(SUBVERS) \ + --exclude=haproxy-$(VERSION)$(SUBVERS)/haproxy-$(VERSION)$(SUBVERS).tar.gz \ + -cf - haproxy-$(VERSION)$(SUBVERS)/* | gzip -c9 >haproxy-$(VERSION)$(SUBVERS).tar.gz + rm -f haproxy-$(VERSION)$(SUBVERS) + +git-tar: + git archive --format=tar --prefix="haproxy-$(VERSION)$(SUBVERS)/" HEAD | gzip -9 > haproxy-$(VERSION)$(SUBVERS).tar.gz + +version: + @echo "VERSION: $(VERSION)" + @echo "SUBVERS: $(SUBVERS)" + @echo "VERDATE: $(VERDATE)" + +# never use this one if you don't know what it is used for. +update-version: + @echo "Ready to update the following versions :" + @echo "VERSION: $(VERSION)" + @echo "SUBVERS: $(SUBVERS)" + @echo "VERDATE: $(VERDATE)" + @echo "Press [ENTER] to continue or Ctrl-C to abort now.";read + echo "$(VERSION)" > VERSION + echo "$(SUBVERS)" > SUBVERS + echo "$(VERDATE)" > VERDATE diff --git a/README b/README new file mode 100644 index 0000000..0747838 --- /dev/null +++ b/README @@ -0,0 +1,324 @@ + ---------------------- + HAProxy how-to + ---------------------- + version 1.7 + willy tarreau + 2017/04/03 + + +1) How to build it +------------------ + +This is a development version, so it is expected to break from time to time, +to add and remove features without prior notification and it should not be used +in production. If you are not used to build from sources or if you are not used +to follow updates then it is recommended that instead you use the packages provided +by your software vendor or Linux distribution. Most of them are taking this task +seriously and are doing a good job at backporting important fixes. If for any +reason you'd prefer a different version than the one packaged for your system, +you want to be certain to have all the fixes or to get some commercial support, +other choices are available at : + + http://www.haproxy.com/ + +To build haproxy, you will need : + - GNU make. Neither Solaris nor OpenBSD's make work with the GNU Makefile. + If you get many syntax errors when running "make", you may want to retry + with "gmake" which is the name commonly used for GNU make on BSD systems. + - GCC between 2.95 and 4.8. Others may work, but not tested. + - GNU ld + +Also, you might want to build with libpcre support, which will provide a very +efficient regex implementation and will also fix some badness on Solaris' one. + +To build haproxy, you have to choose your target OS amongst the following ones +and assign it to the TARGET variable : + + - linux22 for Linux 2.2 + - linux24 for Linux 2.4 and above (default) + - linux24e for Linux 2.4 with support for a working epoll (> 0.21) + - linux26 for Linux 2.6 and above + - linux2628 for Linux 2.6.28, 3.x, and above (enables splice and tproxy) + - solaris for Solaris 8 or 10 (others untested) + - freebsd for FreeBSD 5 to 10 (others untested) + - netbsd for NetBSD + - osx for Mac OS/X + - openbsd for OpenBSD 5.7 and above + - aix51 for AIX 5.1 + - aix52 for AIX 5.2 + - cygwin for Cygwin + - haiku for Haiku + - generic for any other OS or version. + - custom to manually adjust every setting + +You may also choose your CPU to benefit from some optimizations. This is +particularly important on UltraSparc machines. For this, you can assign +one of the following choices to the CPU variable : + + - i686 for intel PentiumPro, Pentium 2 and above, AMD Athlon + - i586 for intel Pentium, AMD K6, VIA C3. + - ultrasparc : Sun UltraSparc I/II/III/IV processor + - native : use the build machine's specific processor optimizations. Use with + extreme care, and never in virtualized environments (known to break). + - generic : any other processor or no CPU-specific optimization. (default) + +Alternatively, you may just set the CPU_CFLAGS value to the optimal GCC options +for your platform. + +You may want to build specific target binaries which do not match your native +compiler's target. This is particularly true on 64-bit systems when you want +to build a 32-bit binary. Use the ARCH variable for this purpose. Right now +it only knows about a few x86 variants (i386,i486,i586,i686,x86_64), two +generic ones (32,64) and sets -m32/-m64 as well as -march= accordingly. + +If your system supports PCRE (Perl Compatible Regular Expressions), then you +really should build with libpcre which is between 2 and 10 times faster than +other libc implementations. Regex are used for header processing (deletion, +rewriting, allow, deny). The only inconvenient of libpcre is that it is not +yet widely spread, so if you build for other systems, you might get into +trouble if they don't have the dynamic library. In this situation, you should +statically link libpcre into haproxy so that it will not be necessary to +install it on target systems. Available build options for PCRE are : + + - USE_PCRE=1 to use libpcre, in whatever form is available on your system + (shared or static) + + - USE_STATIC_PCRE=1 to use a static version of libpcre even if the dynamic + one is available. This will enhance portability. + + - with no option, use your OS libc's standard regex implementation (default). + Warning! group references on Solaris seem broken. Use static-pcre whenever + possible. + +If your system doesn't provide PCRE, you are encouraged to download it from +http://www.pcre.org/ and build it yourself, it's fast and easy. + +Recent systems can resolve IPv6 host names using getaddrinfo(). This primitive +is not present in all libcs and does not work in all of them either. Support in +glibc was broken before 2.3. Some embedded libs may not properly work either, +thus, support is disabled by default, meaning that some host names which only +resolve as IPv6 addresses will not resolve and configs might emit an error +during parsing. If you know that your OS libc has reliable support for +getaddrinfo(), you can add USE_GETADDRINFO=1 on the make command line to enable +it. This is the recommended option for most Linux distro packagers since it's +working fine on all recent mainstream distros. It is automatically enabled on +Solaris 8 and above, as it's known to work. + +It is possible to add native support for SSL using the GNU makefile, by passing +"USE_OPENSSL=1" on the make command line. The libssl and libcrypto will +automatically be linked with haproxy. Some systems also require libz, so if the +build fails due to missing symbols such as deflateInit(), then try again with +"ADDLIB=-lz". + +Your are strongly encouraged to always use an up-to-date version of OpenSSL, as +found on https://www.openssl.org/ as vulnerabilities are occasionally found and +you don't want them on your systems. HAProxy is known to build correctly on all +currently supported branches (0.9.8, 1.0.0, 1.0.1 and 1.0.2 at the time of +writing). Branch 1.0.2 is recommended for the richest features. + +To link OpenSSL statically against haproxy, build OpenSSL with the no-shared +keyword and install it to a local directory, so your system is not affected : + + $ export STATICLIBSSL=/tmp/staticlibssl + $ ./config --prefix=$STATICLIBSSL no-shared + $ make && make install_sw + +When building haproxy, pass that path via SSL_INC and SSL_LIB to make and +include additional libs with ADDLIB if needed (in this case for example libdl): + + $ make TARGET=linux26 USE_OPENSSL=1 SSL_INC=$STATICLIBSSL/include SSL_LIB=$STATICLIBSSL/lib ADDLIB=-ldl + +It is also possible to include native support for zlib to benefit from HTTP +compression. For this, pass "USE_ZLIB=1" on the "make" command line and ensure +that zlib is present on the system. Alternatively it is possible to use libslz +for a faster, memory less, but slightly less efficient compression, by passing +"USE_SLZ=1". + +Zlib is commonly found on most systems, otherwise updates can be retrieved from +http://www.zlib.net/. It is easy and fast to build. Libslz can be downloaded +from http://1wt.eu/projects/libslz/ and is even easier to build. + +By default, the DEBUG variable is set to '-g' to enable debug symbols. It is +not wise to disable it on uncommon systems, because it's often the only way to +get a complete core when you need one. Otherwise, you can set DEBUG to '-s' to +strip the binary. + +For example, I use this to build for Solaris 8 : + + $ make TARGET=solaris CPU=ultrasparc USE_STATIC_PCRE=1 + +And I build it this way on OpenBSD or FreeBSD : + + $ gmake TARGET=freebsd USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 + +And on a classic Linux with SSL and ZLIB support (eg: Red Hat 5.x) : + + $ make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 + +And on a recent Linux >= 2.6.28 with SSL and ZLIB support : + + $ make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 + +In order to build a 32-bit binary on an x86_64 Linux system with SSL support +without support for compression but when OpenSSL requires ZLIB anyway : + + $ make TARGET=linux26 ARCH=i386 USE_OPENSSL=1 ADDLIB=-lz + +The SSL stack supports session cache synchronization between all running +processes. This involves some atomic operations and synchronization operations +which come in multiple flavors depending on the system and architecture : + + Atomic operations : + - internal assembler versions for x86/x86_64 architectures + + - gcc builtins for other architectures. Some architectures might not + be fully supported or might require a more recent version of gcc. + If your architecture is not supported, you willy have to either use + pthread if supported, or to disable the shared cache. + + - pthread (posix threads). Pthreads are very common but inter-process + support is not that common, and some older operating systems did not + report an error when enabling multi-process mode, so they used to + silently fail, possibly causing crashes. Linux's implementation is + fine. OpenBSD doesn't support them and doesn't build. FreeBSD 9 builds + and reports an error at runtime, while certain older versions might + silently fail. Pthreads are enabled using USE_PTHREAD_PSHARED=1. + + Synchronization operations : + - internal spinlock : this mode is OS-independant, light but will not + scale well to many processes. However, accesses to the session cache + are rare enough that this mode could certainly always be used. This + is the default mode. + + - Futexes, which are Linux-specific highly scalable light weight mutexes + implemented in user-space with some limited assistance from the kernel. + This is the default on Linux 2.6 and above and is enabled by passing + USE_FUTEX=1 + + - pthread (posix threads). See above. + +If none of these mechanisms is supported by your platform, you may need to +build with USE_PRIVATE_CACHE=1 to totally disable SSL cache sharing. Then +it is better not to run SSL on multiple processes. + +If you need to pass other defines, includes, libraries, etc... then please +check the Makefile to see which ones will be available in your case, and +use the USE_* variables in the Makefile. + +AIX 5.3 is known to work with the generic target. However, for the binary to +also run on 5.2 or earlier, you need to build with DEFINE="-D_MSGQSUPPORT", +otherwise __fd_select() will be used while not being present in the libc, but +this is easily addressed using the "aix52" target. If you get build errors +because of strange symbols or section mismatches, simply remove -g from +DEBUG_CFLAGS. + +You can easily define your own target with the GNU Makefile. Unknown targets +are processed with no default option except USE_POLL=default. So you can very +well use that property to define your own set of options. USE_POLL can even be +disabled by setting USE_POLL="". For example : + + $ gmake TARGET=tiny USE_POLL="" TARGET_CFLAGS=-fomit-frame-pointer + + +1.1) Device Detection +--------------------- + +HAProxy supports several device detection modules relying on third party +products. Some of them may provide free code, others free libs, others free +evaluation licenses. Please read about their respective details in the +following files : + + doc/DeviceAtlas-device-detection.txt for DeviceAtlas + doc/51Degrees-device-detection.txt for 51Degrees + doc/WURFL-device-detection.txt for Scientiamobile WURFL + + +2) How to install it +-------------------- + +To install haproxy, you can either copy the single resulting binary to the +place you want, or run : + + $ sudo make install + +If you're packaging it for another system, you can specify its root directory +in the usual DESTDIR variable. + + +3) How to set it up +------------------- + +There is some documentation in the doc/ directory : + + - intro.txt : this is an introduction to haproxy, it explains what it is + what it is not. Useful for beginners or to re-discover it when planning + for an upgrade. + + - architecture.txt : this is the architecture manual. It is quite old and + does not tell about the nice new features, but it's still a good starting + point when you know what you want but don't know how to do it. + + - configuration.txt : this is the configuration manual. It recalls a few + essential HTTP basic concepts, and details all the configuration file + syntax (keywords, units). It also describes the log and stats format. It + is normally always up to date. If you see that something is missing from + it, please report it as this is a bug. Please note that this file is + huge and that it's generally more convenient to review Cyril Bonté's + HTML translation online here : + + http://cbonte.github.io/haproxy-dconv/configuration-1.6.html + + - management.txt : it explains how to start haproxy, how to manage it at + runtime, how to manage it on multiple nodes, how to proceed with seamless + upgrades. + + - gpl.txt / lgpl.txt : the copy of the licenses covering the software. See + the 'LICENSE' file at the top for more information. + + - the rest is mainly for developers. + +There are also a number of nice configuration examples in the "examples" +directory as well as on several sites and articles on the net which are linked +to from the haproxy web site. + + +4) How to report a bug +---------------------- + +It is possible that from time to time you'll find a bug. A bug is a case where +what you see is not what is documented. Otherwise it can be a misdesign. If you +find that something is stupidly design, please discuss it on the list (see the +"how to contribute" section below). If you feel like you're proceeding right +and haproxy doesn't obey, then first ask yourself if it is possible that nobody +before you has even encountered this issue. If it's unlikely, the you probably +have an issue in your setup. Just in case of doubt, please consult the mailing +list archives : + + http://marc.info/?l=haproxy + +Otherwise, please try to gather the maximum amount of information to help +reproduce the issue and send that to the mailing list : + + haproxy@formilux.org + +Please include your configuration and logs. You can mask your IP addresses and +passwords, we don't need them. But it's essential that you post your config if +you want people to guess what is happening. + +Also, keep in mind that haproxy is designed to NEVER CRASH. If you see it die +without any reason, then it definitely is a critical bug that must be reported +and urgently fixed. It has happened a couple of times in the past, essentially +on development versions running on new architectures. If you think your setup +is fairly common, then it is possible that the issue is totally unrelated. +Anyway, if that happens, feel free to contact me directly, as I will give you +instructions on how to collect a usable core file, and will probably ask for +other captures that you'll not want to share with the list. + + +5) How to contribute +-------------------- + +Please carefully read the CONTRIBUTING file that comes with the sources. It is +mandatory. + +-- end diff --git a/ROADMAP b/ROADMAP new file mode 100644 index 0000000..5e2529d --- /dev/null +++ b/ROADMAP @@ -0,0 +1,91 @@ +Medium-long term wish list - 2016/11/25 + +Legend: '+' = done, '-' = todo, '*' = done except doc + +1.8 or later : + - return-html code xxx [ file "xxx" | text "xxx" ] if + + - return-raw [ file "xxx" | text "xxx" ] if + + - have multi-criteria analysers which subscribe to req flags, rsp flags, and + stream interface changes. This would result in a single analyser to wait + for the end of data transfer in HTTP. + + - support for time-ordered priority queues with ability to add an offset + based on request matching. Each session will have one ebtree node to be + attached to whatever queue the session is waiting in. + + - make it possible to condition a timeout on an ACL (dynamic timeouts) + + - forwardfor/originalto except with IPv6 + + - remove lots of remaining Alert() calls or ensure that they forward to + send_log() after the fork. + + - tcp-request session expect-proxy {L4|L5} if ... + + - wait on resource (time, mem, CPU, socket, server's conn, server's rate, ...) + + - bandwidth limits + + - buddy servers to build defined lists of failovers. Detect loops during + the config check. + + server XXX buddy YYY + server YYY # may replace XXX when XXX fails + + - spare servers : servers which are used in LB only when a minimum farm + weight threshold is not satisfied anymore. Useful for inter-site LB with + local pref by default. + + - add support for event-triggered epoll, and maybe change all events handling + to pass through an event cache to handle temporarily disabled events. + + - evaluate the changes required for multi-process+shared mem or multi-thread + +thread-local+fast locking. + +Old, maybe obsolete points : + - clarify licence by adding a 'MODULE_LICENCE("GPL")' or something equivalent. + + - 3 memory models : failsafe (prealloc), normal (current), optimal (alloc on + demand) + + - implement support for event-triggerred epoll() + + - verify if it would be worth implementing an epoll_ctl_batch() for Linux + + - option minservers XXX : activates some spare servers when active servers + are insufficient + + - initcwnd parameter for bind sockets : needed in kernel first + + - have a callback function which would be called after a server is selected, + for header post-processing. That would be mainly used to remove then add + the server's name or cookie in a header so that the server knows it. + +Unsorted : + - outgoing log load-balancing (round-robin or hash among multiple servers) + + - internal socket for "server XXX frontend:name" + + - HTTP/2.0 + + - XML inspection (content-switching for SOAP requests) + + - random cookie generator + + - fastcgi to servers + + - hot config reload + + - RAM-based cache for small files + + - RHI - BGP + + - telnet/SSH cli + + - dynamic memory allocation + + - dynamic weights based on check response headers and traffic response time + + - various kernel-level acceleration (multi-accept, ssplice, epoll2...) diff --git a/SUBVERS b/SUBVERS new file mode 100644 index 0000000..26d9d35 --- /dev/null +++ b/SUBVERS @@ -0,0 +1,2 @@ +-$Format:%h$ + diff --git a/VERDATE b/VERDATE new file mode 100644 index 0000000..5d3a225 --- /dev/null +++ b/VERDATE @@ -0,0 +1,2 @@ +$Format:%ci$ +2017/04/03 diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..6a126f4 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +1.7.5 diff --git a/contrib/base64/base64rev-gen.c b/contrib/base64/base64rev-gen.c new file mode 100644 index 0000000..faffc87 --- /dev/null +++ b/contrib/base64/base64rev-gen.c @@ -0,0 +1,70 @@ +/* + * base64rev generator + * + * Copyright 2009-2010 Krzysztof Piotr Oledzki + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + * + */ + +#include + +const char base64tab[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +char base64rev[128]; + +#define base '#' /* arbitrary chosen base value */ +#define B64MAX 64 +#define B64PADV B64MAX + +int main() { + char *p, c; + int i, min = 255, max = 0; + + for (i = 0; i < sizeof(base64rev); i++) + base64rev[i] = base; + + for (i = 0; i < B64MAX; i++) { + c = base64tab[i]; + + if (min > c) + min = c; + + if (max < c) + max = c; + } + + for (i = 0; i < B64MAX; i++) { + c = base64tab[i]; + + if (base+i+1 > 127) { + printf("Wrong base value @%d\n", i); + return 1; + } + + base64rev[c - min] = base+i+1; + } + + base64rev['=' - min] = base + B64PADV; + + base64rev[max - min + 1] = '\0'; + + printf("#define B64BASE '%c'\n", base); + printf("#define B64CMIN '%c'\n", min); + printf("#define B64CMAX '%c'\n", max); + printf("#define B64PADV %u\n", B64PADV); + + p = base64rev; + printf("const char base64rev[]=\""); + for (p = base64rev; *p; p++) { + if (*p == '\\') + printf("\\%c", *p); + else + printf("%c", *p); + } + printf("\"\n"); + + return 0; +} diff --git a/contrib/debug/Makefile b/contrib/debug/Makefile new file mode 100644 index 0000000..74e7547 --- /dev/null +++ b/contrib/debug/Makefile @@ -0,0 +1,12 @@ +INCLUDE = -I../../include -I../../ebtree + +CC = gcc +OPTIMIZE = -O2 +DEFINE = +OBJS = flags + +flags: flags.c + $(CC) $(OPTIMIZE) $(DEFINE) $(INCLUDE) -o $@ $^ + +clean: + rm -f $(OBJS) *.[oas] *~ diff --git a/contrib/debug/flags.c b/contrib/debug/flags.c new file mode 100644 index 0000000..bc71bde --- /dev/null +++ b/contrib/debug/flags.c @@ -0,0 +1,366 @@ +#include +#include + +#include +#include +#include +#include +#include +#include + +#define SHOW_FLAG(f,n) \ + do { \ + if (!((f) & (n))) break; \ + (f) &= ~(n); \ + printf(#n"%s", (f) ? " | " : ""); \ + } while (0) + +void show_chn_ana(unsigned int f) +{ + printf("chn->ana = "); + + if (!f) { + printf("0\n"); + return; + } + + SHOW_FLAG(f, AN_REQ_INSPECT_FE); + SHOW_FLAG(f, AN_REQ_WAIT_HTTP); + SHOW_FLAG(f, AN_REQ_HTTP_BODY); + SHOW_FLAG(f, AN_REQ_HTTP_PROCESS_FE); + SHOW_FLAG(f, AN_REQ_SWITCHING_RULES); + SHOW_FLAG(f, AN_REQ_INSPECT_BE); + SHOW_FLAG(f, AN_REQ_HTTP_PROCESS_BE); + SHOW_FLAG(f, AN_REQ_SRV_RULES); + SHOW_FLAG(f, AN_REQ_HTTP_INNER); + SHOW_FLAG(f, AN_REQ_HTTP_TARPIT); + SHOW_FLAG(f, AN_REQ_STICKING_RULES); + SHOW_FLAG(f, AN_REQ_PRST_RDP_COOKIE); + SHOW_FLAG(f, AN_REQ_HTTP_XFER_BODY); + SHOW_FLAG(f, AN_REQ_ALL); + SHOW_FLAG(f, AN_RES_INSPECT); + SHOW_FLAG(f, AN_RES_WAIT_HTTP); + SHOW_FLAG(f, AN_RES_HTTP_PROCESS_BE); + SHOW_FLAG(f, AN_RES_HTTP_PROCESS_FE); + SHOW_FLAG(f, AN_RES_STORE_RULES); + SHOW_FLAG(f, AN_RES_HTTP_XFER_BODY); + + if (f) { + printf("EXTRA(0x%08x)", f); + } + putchar('\n'); +} + +void show_chn_flags(unsigned int f) +{ + printf("chn->flags = "); + + if (!f) { + printf("0\n"); + return; + } + + SHOW_FLAG(f, CF_ISRESP); + SHOW_FLAG(f, CF_WAKE_ONCE); + SHOW_FLAG(f, CF_NEVER_WAIT); + SHOW_FLAG(f, CF_SEND_DONTWAIT); + SHOW_FLAG(f, CF_EXPECT_MORE); + SHOW_FLAG(f, CF_DONT_READ); + SHOW_FLAG(f, CF_AUTO_CONNECT); + SHOW_FLAG(f, CF_READ_DONTWAIT); + SHOW_FLAG(f, CF_KERN_SPLICING); + SHOW_FLAG(f, CF_READ_ATTACHED); + SHOW_FLAG(f, CF_ANA_TIMEOUT); + SHOW_FLAG(f, CF_WROTE_DATA); + SHOW_FLAG(f, CF_STREAMER_FAST); + SHOW_FLAG(f, CF_STREAMER); + SHOW_FLAG(f, CF_AUTO_CLOSE); + SHOW_FLAG(f, CF_SHUTW_NOW); + SHOW_FLAG(f, CF_SHUTW); + SHOW_FLAG(f, CF_WAKE_WRITE); + SHOW_FLAG(f, CF_WRITE_ERROR); + SHOW_FLAG(f, CF_WRITE_TIMEOUT); + SHOW_FLAG(f, CF_WRITE_PARTIAL); + SHOW_FLAG(f, CF_WRITE_NULL); + SHOW_FLAG(f, CF_READ_NOEXP); + SHOW_FLAG(f, CF_SHUTR_NOW); + SHOW_FLAG(f, CF_SHUTR); + SHOW_FLAG(f, CF_WAKE_CONNECT); + SHOW_FLAG(f, CF_READ_ERROR); + SHOW_FLAG(f, CF_READ_TIMEOUT); + SHOW_FLAG(f, CF_READ_PARTIAL); + SHOW_FLAG(f, CF_READ_NULL); + + if (f) { + printf("EXTRA(0x%08x)", f); + } + putchar('\n'); +} + +void show_conn_flags(unsigned int f) +{ + printf("conn->flags = "); + if (!f) { + printf("0\n"); + return; + } + + SHOW_FLAG(f, CO_FL_XPRT_TRACKED); + SHOW_FLAG(f, CO_FL_PRIVATE); + SHOW_FLAG(f, CO_FL_ACCEPT_PROXY); + SHOW_FLAG(f, CO_FL_SSL_WAIT_HS); + SHOW_FLAG(f, CO_FL_SEND_PROXY); + SHOW_FLAG(f, CO_FL_WAIT_L6_CONN); + SHOW_FLAG(f, CO_FL_WAIT_L4_CONN); + SHOW_FLAG(f, CO_FL_CONNECTED); + SHOW_FLAG(f, CO_FL_ERROR); + SHOW_FLAG(f, CO_FL_SOCK_WR_SH); + SHOW_FLAG(f, CO_FL_SOCK_RD_SH); + SHOW_FLAG(f, CO_FL_DATA_WR_SH); + SHOW_FLAG(f, CO_FL_DATA_RD_SH); + SHOW_FLAG(f, CO_FL_WAKE_DATA); + SHOW_FLAG(f, CO_FL_INIT_DATA); + SHOW_FLAG(f, CO_FL_ADDR_TO_SET); + SHOW_FLAG(f, CO_FL_ADDR_FROM_SET); + SHOW_FLAG(f, CO_FL_WAIT_ROOM); + SHOW_FLAG(f, CO_FL_WAIT_DATA); + SHOW_FLAG(f, CO_FL_XPRT_READY); + SHOW_FLAG(f, CO_FL_CTRL_READY); + SHOW_FLAG(f, CO_FL_CURR_WR_ENA); + SHOW_FLAG(f, CO_FL_DATA_WR_ENA); + SHOW_FLAG(f, CO_FL_SOCK_WR_ENA); + SHOW_FLAG(f, CO_FL_CURR_RD_ENA); + SHOW_FLAG(f, CO_FL_DATA_RD_ENA); + SHOW_FLAG(f, CO_FL_SOCK_RD_ENA); + + if (f) { + printf("EXTRA(0x%08x)", f); + } + putchar('\n'); +} + +void show_si_et(unsigned int f) +{ + printf("si->et = "); + if (!f) { + printf("SI_ET_NONE\n"); + return; + } + + SHOW_FLAG(f, SI_ET_QUEUE_TO); + SHOW_FLAG(f, SI_ET_QUEUE_ERR); + SHOW_FLAG(f, SI_ET_QUEUE_ABRT); + SHOW_FLAG(f, SI_ET_CONN_TO); + SHOW_FLAG(f, SI_ET_CONN_ERR); + SHOW_FLAG(f, SI_ET_CONN_ABRT); + SHOW_FLAG(f, SI_ET_CONN_RES); + SHOW_FLAG(f, SI_ET_CONN_OTHER); + SHOW_FLAG(f, SI_ET_DATA_TO); + SHOW_FLAG(f, SI_ET_DATA_ERR); + SHOW_FLAG(f, SI_ET_DATA_ABRT); + + if (f) { + printf("EXTRA(0x%08x)", f); + } + putchar('\n'); +} + +void show_si_flags(unsigned int f) +{ + f &= 0xFFFF; + + printf("si->flags = "); + if (!f) { + printf("SI_FL_NONE\n"); + return; + } + + SHOW_FLAG(f, SI_FL_EXP); + SHOW_FLAG(f, SI_FL_ERR); + SHOW_FLAG(f, SI_FL_WAIT_ROOM); + SHOW_FLAG(f, SI_FL_WAIT_DATA); + SHOW_FLAG(f, SI_FL_ISBACK); + SHOW_FLAG(f, SI_FL_DONT_WAKE); + SHOW_FLAG(f, SI_FL_INDEP_STR); + SHOW_FLAG(f, SI_FL_NOLINGER); + SHOW_FLAG(f, SI_FL_NOHALF); + SHOW_FLAG(f, SI_FL_SRC_ADDR); + SHOW_FLAG(f, SI_FL_WANT_PUT); + SHOW_FLAG(f, SI_FL_WANT_GET); + + if (f) { + printf("EXTRA(0x%04x)", f); + } + putchar('\n'); +} + +void show_task_state(unsigned int f) +{ + printf("task->state = "); + + if (!f) { + printf("TASK_SLEEPING\n"); + return; + } + + SHOW_FLAG(f, TASK_WOKEN_OTHER); + SHOW_FLAG(f, TASK_WOKEN_RES); + SHOW_FLAG(f, TASK_WOKEN_MSG); + SHOW_FLAG(f, TASK_WOKEN_SIGNAL); + SHOW_FLAG(f, TASK_WOKEN_IO); + SHOW_FLAG(f, TASK_WOKEN_TIMER); + SHOW_FLAG(f, TASK_WOKEN_INIT); + SHOW_FLAG(f, TASK_RUNNING); + + if (f) { + printf("EXTRA(0x%08x)", f); + } + putchar('\n'); +} + +void show_txn_flags(unsigned int f) +{ + printf("txn->flags = "); + + if (!f) { + printf("0\n"); + return; + } + + SHOW_FLAG(f, TX_NOT_FIRST); + SHOW_FLAG(f, TX_USE_PX_CONN); + SHOW_FLAG(f, TX_HDR_CONN_KAL); + SHOW_FLAG(f, TX_HDR_CONN_CLO); + SHOW_FLAG(f, TX_HDR_CONN_PRS); + SHOW_FLAG(f, TX_WAIT_NEXT_RQ); + SHOW_FLAG(f, TX_HDR_CONN_UPG); + SHOW_FLAG(f, TX_PREFER_LAST); + SHOW_FLAG(f, TX_CON_KAL_SET); + SHOW_FLAG(f, TX_CON_CLO_SET); + + //printf("%s", f ? "" : " | "); + switch (f & TX_CON_WANT_MSK) { + case TX_CON_WANT_KAL: /*f &= ~TX_CON_WANT_MSK ; printf("TX_CON_WANT_KAL%s", f ? " | " : "");*/ break; + case TX_CON_WANT_TUN: f &= ~TX_CON_WANT_MSK ; printf("TX_CON_WANT_TUN%s", f ? " | " : ""); break; + case TX_CON_WANT_SCL: f &= ~TX_CON_WANT_MSK ; printf("TX_CON_WANT_SCL%s", f ? " | " : ""); break; + case TX_CON_WANT_CLO: f &= ~TX_CON_WANT_MSK ; printf("TX_CON_WANT_CLO%s", f ? " | " : ""); break; + } + + SHOW_FLAG(f, TX_CACHE_COOK); + SHOW_FLAG(f, TX_CACHEABLE); + SHOW_FLAG(f, TX_SCK_PRESENT); + + //printf("%s", f ? "" : " | "); + switch (f & TX_SCK_MASK) { + case TX_SCK_NONE: f &= ~TX_SCK_MASK ; /*printf("TX_SCK_NONE%s", f ? " | " : "");*/ break; + case TX_SCK_FOUND: f &= ~TX_SCK_MASK ; printf("TX_SCK_FOUND%s", f ? " | " : ""); break; + case TX_SCK_DELETED: f &= ~TX_SCK_MASK ; printf("TX_SCK_DELETED%s", f ? " | " : ""); break; + case TX_SCK_INSERTED: f &= ~TX_SCK_MASK ; printf("TX_SCK_INSERTED%s", f ? " | " : ""); break; + case TX_SCK_REPLACED: f &= ~TX_SCK_MASK ; printf("TX_SCK_REPLACED%s", f ? " | " : ""); break; + case TX_SCK_UPDATED: f &= ~TX_SCK_MASK ; printf("TX_SCK_UPDATED%s", f ? " | " : ""); break; + default: printf("TX_SCK_MASK(%02x)", f); f &= ~TX_SCK_MASK ; printf("%s", f ? " | " : ""); break; + } + + //printf("%s", f ? "" : " | "); + switch (f & TX_CK_MASK) { + case TX_CK_NONE: f &= ~TX_CK_MASK ; /*printf("TX_CK_NONE%s", f ? " | " : "");*/ break; + case TX_CK_INVALID: f &= ~TX_CK_MASK ; printf("TX_CK_INVALID%s", f ? " | " : ""); break; + case TX_CK_DOWN: f &= ~TX_CK_MASK ; printf("TX_CK_DOWN%s", f ? " | " : ""); break; + case TX_CK_VALID: f &= ~TX_CK_MASK ; printf("TX_CK_VALID%s", f ? " | " : ""); break; + case TX_CK_EXPIRED: f &= ~TX_CK_MASK ; printf("TX_CK_EXPIRED%s", f ? " | " : ""); break; + case TX_CK_OLD: f &= ~TX_CK_MASK ; printf("TX_CK_OLD%s", f ? " | " : ""); break; + case TX_CK_UNUSED: f &= ~TX_CK_MASK ; printf("TX_CK_UNUSED%s", f ? " | " : ""); break; + default: printf("TX_CK_MASK(%02x)", f); f &= ~TX_CK_MASK ; printf("%s", f ? " | " : ""); break; + } + + SHOW_FLAG(f, TX_CLTARPIT); + SHOW_FLAG(f, TX_SVALLOW); + SHOW_FLAG(f, TX_SVDENY); + SHOW_FLAG(f, TX_CLALLOW); + SHOW_FLAG(f, TX_CLDENY); + + if (f) { + printf("EXTRA(0x%08x)", f); + } + putchar('\n'); +} + +void show_strm_flags(unsigned int f) +{ + printf("strm->flags = "); + + if (!f) { + printf("0\n"); + return; + } + + SHOW_FLAG(f, SF_SRV_REUSED); + SHOW_FLAG(f, SF_IGNORE_PRST); + + //printf("%s", f ? "" : " | "); + switch (f & SF_FINST_MASK) { + case SF_FINST_R: f &= ~SF_FINST_MASK ; printf("SF_FINST_R%s", f ? " | " : ""); break; + case SF_FINST_C: f &= ~SF_FINST_MASK ; printf("SF_FINST_C%s", f ? " | " : ""); break; + case SF_FINST_H: f &= ~SF_FINST_MASK ; printf("SF_FINST_H%s", f ? " | " : ""); break; + case SF_FINST_D: f &= ~SF_FINST_MASK ; printf("SF_FINST_D%s", f ? " | " : ""); break; + case SF_FINST_L: f &= ~SF_FINST_MASK ; printf("SF_FINST_L%s", f ? " | " : ""); break; + case SF_FINST_Q: f &= ~SF_FINST_MASK ; printf("SF_FINST_Q%s", f ? " | " : ""); break; + case SF_FINST_T: f &= ~SF_FINST_MASK ; printf("SF_FINST_T%s", f ? " | " : ""); break; + } + + switch (f & SF_ERR_MASK) { + case SF_ERR_LOCAL: f &= ~SF_ERR_MASK ; printf("SF_ERR_LOCAL%s", f ? " | " : ""); break; + case SF_ERR_CLITO: f &= ~SF_ERR_MASK ; printf("SF_ERR_CLITO%s", f ? " | " : ""); break; + case SF_ERR_CLICL: f &= ~SF_ERR_MASK ; printf("SF_ERR_CLICL%s", f ? " | " : ""); break; + case SF_ERR_SRVTO: f &= ~SF_ERR_MASK ; printf("SF_ERR_SRVTO%s", f ? " | " : ""); break; + case SF_ERR_SRVCL: f &= ~SF_ERR_MASK ; printf("SF_ERR_SRVCL%s", f ? " | " : ""); break; + case SF_ERR_PRXCOND: f &= ~SF_ERR_MASK ; printf("SF_ERR_PRXCOND%s", f ? " | " : ""); break; + case SF_ERR_RESOURCE: f &= ~SF_ERR_MASK ; printf("SF_ERR_RESOURCE%s", f ? " | " : ""); break; + case SF_ERR_INTERNAL: f &= ~SF_ERR_MASK ; printf("SF_ERR_INTERNAL%s", f ? " | " : ""); break; + case SF_ERR_DOWN: f &= ~SF_ERR_MASK ; printf("SF_ERR_DOWN%s", f ? " | " : ""); break; + case SF_ERR_KILLED: f &= ~SF_ERR_MASK ; printf("SF_ERR_KILLED%s", f ? " | " : ""); break; + case SF_ERR_UP: f &= ~SF_ERR_MASK ; printf("SF_ERR_UP%s", f ? " | " : ""); break; + case SF_ERR_CHK_PORT: f &= ~SF_ERR_MASK ; printf("SF_ERR_CHK_PORT%s", f ? " | " : ""); break; + } + + SHOW_FLAG(f, SF_TUNNEL); + SHOW_FLAG(f, SF_REDIRECTABLE); + SHOW_FLAG(f, SF_CONN_TAR); + SHOW_FLAG(f, SF_REDISP); + SHOW_FLAG(f, SF_INITIALIZED); + SHOW_FLAG(f, SF_CURR_SESS); + SHOW_FLAG(f, SF_MONITOR); + SHOW_FLAG(f, SF_FORCE_PRST); + SHOW_FLAG(f, SF_BE_ASSIGNED); + SHOW_FLAG(f, SF_ADDR_SET); + SHOW_FLAG(f, SF_ASSIGNED); + SHOW_FLAG(f, SF_DIRECT); + + if (f) { + printf("EXTRA(0x%08x)", f); + } + putchar('\n'); +} + +int main(int argc, char **argv) +{ + unsigned int flags; + + if (argc < 2) { + fprintf(stderr, "Usage: %s 0x\n", argv[0]); + exit(1); + } + + flags = strtoul(argv[1], NULL, 0); + + show_task_state(flags); + show_txn_flags(flags); + show_strm_flags(flags); + show_si_et(flags); + show_si_flags(flags); + show_conn_flags(flags); + show_chn_flags(flags); + show_chn_ana(flags); + + return 0; +} diff --git a/contrib/halog/Makefile b/contrib/halog/Makefile new file mode 100644 index 0000000..5e687c0 --- /dev/null +++ b/contrib/halog/Makefile @@ -0,0 +1,22 @@ +EBTREE_DIR = ../../ebtree +INCLUDE = -I../../include -I$(EBTREE_DIR) + +CC = gcc + +# note: it is recommended to also add -fomit-frame-pointer on i386 +OPTIMIZE = -O3 + +# most recent glibc provide platform-specific optimizations that make +# memchr faster than the generic C implementation (eg: SSE and prefetch +# on x86_64). Try with an without. In general, on x86_64 it's better to +# use memchr using the define below. +# DEFINE = -DUSE_MEMCHR +DEFINE = + +OBJS = halog + +halog: halog.c fgets2.c + $(CC) $(OPTIMIZE) $(DEFINE) -o $@ $(INCLUDE) $(EBTREE_DIR)/ebtree.c $(EBTREE_DIR)/eb32tree.c $(EBTREE_DIR)/eb64tree.c $(EBTREE_DIR)/ebmbtree.c $(EBTREE_DIR)/ebsttree.c $(EBTREE_DIR)/ebistree.c $(EBTREE_DIR)/ebimtree.c $^ + +clean: + rm -f $(OBJS) *.[oas] diff --git a/contrib/halog/fgets2.c b/contrib/halog/fgets2.c new file mode 100644 index 0000000..3db762c --- /dev/null +++ b/contrib/halog/fgets2.c @@ -0,0 +1,262 @@ +/* + * fast fgets() replacement for log parsing + * + * Copyright 2000-2012 Willy Tarreau + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation, version 2.1 + * exclusively. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * + * This function manages its own buffer and returns a pointer to that buffer + * in order to avoid expensive memory copies. It also checks for line breaks + * 32 or 64 bits at a time. It could be improved a lot using mmap() but we + * would not be allowed to replace trailing \n with zeroes and we would be + * limited to small log files on 32-bit machines. + * + */ + +#include +#include +#include +#include + +#ifndef FGETS2_BUFSIZE +#define FGETS2_BUFSIZE (256*1024) +#endif + +/* return non-zero if the integer contains at least one zero byte */ +static inline unsigned int has_zero32(unsigned int x) +{ + unsigned int y; + + /* Principle: we want to perform 4 tests on one 32-bit int at once. For + * this, we have to simulate an SIMD instruction which we don't have by + * default. The principle is that a zero byte is the only one which + * will cause a 1 to appear on the upper bit of a byte/word/etc... when + * we subtract 1. So we can detect a zero byte if a one appears at any + * of the bits 7, 15, 23 or 31 where it was not. It takes only one + * instruction to test for the presence of any of these bits, but it is + * still complex to check for their initial absence. Thus, we'll + * proceed differently : we first save and clear only those bits, then + * we check in the final result if one of them is present and was not. + * The order of operations below is important to save registers and + * tests. The result is used as a boolean, so the last test must apply + * on the constant so that it can efficiently be inlined. + */ +#if defined(__i386__) + /* gcc on x86 loves copying registers over and over even on code that + * simple, so let's do it by hand to prevent it from doing so :-( + */ + asm("lea -0x01010101(%0),%1\n" + "not %0\n" + "and %1,%0\n" + : "=a" (x), "=r"(y) + : "0" (x) + ); + return x & 0x80808080; +#else + y = x - 0x01010101; /* generate a carry */ + x = ~x & y; /* clear the bits that were already set */ + return x & 0x80808080; +#endif +} + +/* return non-zero if the argument contains at least one zero byte. See principle above. */ +static inline unsigned long long has_zero64(unsigned long long x) +{ + unsigned long long y; + + y = x - 0x0101010101010101ULL; /* generate a carry */ + y &= ~x; /* clear the bits that were already set */ + return y & 0x8080808080808080ULL; +} + +static inline unsigned long has_zero(unsigned long x) +{ + return (sizeof(x) == 8) ? has_zero64(x) : has_zero32(x); +} + +/* find a '\n' between and . Warning: may read slightly past . + * If no '\n' is found, is returned. + */ +static char *find_lf(char *next, char *end) +{ +#if defined USE_MEMCHR + /* some recent libc use platform-specific optimizations to provide more + * efficient byte search than below (eg: glibc 2.11 on x86_64). + */ + next = memchr(next, '\n', end - next); + if (!next) + next = end; +#else + if (sizeof(long) == 4) { /* 32-bit system */ + /* this is a speed-up, we read 32 bits at once and check for an + * LF character there. We stop if found then continue one at a + * time. + */ + while (next < end && (((unsigned long)next) & 3) && *next != '\n') + next++; + + /* Now next is multiple of 4 or equal to end. We know we can safely + * read up to 32 bytes past end if needed because they're allocated. + */ + while (next < end) { + if (has_zero32(*(unsigned int *)next ^ 0x0A0A0A0A)) + break; + next += 4; + if (has_zero32(*(unsigned int *)next ^ 0x0A0A0A0A)) + break; + next += 4; + if (has_zero32(*(unsigned int *)next ^ 0x0A0A0A0A)) + break; + next += 4; + if (has_zero32(*(unsigned int *)next ^ 0x0A0A0A0A)) + break; + next += 4; + if (has_zero32(*(unsigned int *)next ^ 0x0A0A0A0A)) + break; + next += 4; + if (has_zero32(*(unsigned int *)next ^ 0x0A0A0A0A)) + break; + next += 4; + if (has_zero32(*(unsigned int *)next ^ 0x0A0A0A0A)) + break; + next += 4; + if (has_zero32(*(unsigned int *)next ^ 0x0A0A0A0A)) + break; + next += 4; + } + } + else { /* 64-bit system */ + /* this is a speed-up, we read 64 bits at once and check for an + * LF character there. We stop if found then continue one at a + * time. + */ + if (next <= end) { + /* max 3 bytes tested here */ + while ((((unsigned long)next) & 3) && *next != '\n') + next++; + + /* maybe we have can skip 4 more bytes */ + if ((((unsigned long)next) & 4) && !has_zero32(*(unsigned int *)next ^ 0x0A0A0A0AU)) + next += 4; + } + + /* now next is multiple of 8 or equal to end */ + while (next <= (end-68)) { + if (has_zero64(*(unsigned long long *)next ^ 0x0A0A0A0A0A0A0A0AULL)) + break; + next += 8; + if (has_zero64(*(unsigned long long *)next ^ 0x0A0A0A0A0A0A0A0AULL)) + break; + next += 8; + if (has_zero64(*(unsigned long long *)next ^ 0x0A0A0A0A0A0A0A0AULL)) + break; + next += 8; + if (has_zero64(*(unsigned long long *)next ^ 0x0A0A0A0A0A0A0A0AULL)) + break; + next += 8; + if (has_zero64(*(unsigned long long *)next ^ 0x0A0A0A0A0A0A0A0AULL)) + break; + next += 8; + if (has_zero64(*(unsigned long long *)next ^ 0x0A0A0A0A0A0A0A0AULL)) + break; + next += 8; + if (has_zero64(*(unsigned long long *)next ^ 0x0A0A0A0A0A0A0A0AULL)) + break; + next += 8; + if (has_zero64(*(unsigned long long *)next ^ 0x0A0A0A0A0A0A0A0AULL)) + break; + next += 8; + } + + /* maybe we can skip 4 more bytes */ + if (!has_zero32(*(unsigned int *)next ^ 0x0A0A0A0AU)) + next += 4; + } + + /* We finish if needed : if is below , it means we + * found an LF in one of the 4 following bytes. + */ + while (next < end) { + if (*next == '\n') + break; + next++; + } +#endif + return next; +} + +const char *fgets2(FILE *stream) +{ + static char buffer[FGETS2_BUFSIZE + 68]; /* Note: +32 is enough on 32-bit systems */ + static char *end = buffer; + static char *line = buffer; + char *next; + int ret; + + next = line; + + while (1) { + next = find_lf(next, end); + if (next < end) { + const char *start = line; + *next = '\0'; + line = next + 1; + return start; + } + + /* we found an incomplete line. First, let's move the + * remaining part of the buffer to the beginning, then + * try to complete the buffer with a new read. We can't + * rely on anymore because it went past . + */ + if (line > buffer) { + if (end != line) + memmove(buffer, line, end - line); + end = buffer + (end - line); + next = end; + line = buffer; + } else { + if (end == buffer + FGETS2_BUFSIZE) + return NULL; + } + + ret = read(fileno(stream), end, buffer + FGETS2_BUFSIZE - end); + + if (ret <= 0) { + if (end == line) + return NULL; + + *end = '\0'; + end = line; /* ensure we stop next time */ + return line; + } + + end += ret; + *end = '\n'; /* make parser stop ASAP */ + /* search for '\n' again */ + } +} + +#ifdef BENCHMARK +int main() { + const char *p; + unsigned int lines = 0; + + while ((p=fgets2(stdin))) + lines++; + printf("lines=%d\n", lines); + return 0; +} +#endif diff --git a/contrib/halog/halog.c b/contrib/halog/halog.c new file mode 100644 index 0000000..fc927bd --- /dev/null +++ b/contrib/halog/halog.c @@ -0,0 +1,1794 @@ +/* + * haproxy log statistics reporter + * + * Copyright 2000-2012 Willy Tarreau + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#define SOURCE_FIELD 5 +#define ACCEPT_FIELD 6 +#define SERVER_FIELD 8 +#define TIME_FIELD 9 +#define STATUS_FIELD 10 +#define BYTES_SENT_FIELD 11 +#define TERM_CODES_FIELD 14 +#define CONN_FIELD 15 +#define QUEUE_LEN_FIELD 16 +#define METH_FIELD 17 +#define URL_FIELD 18 +#define MAXLINE 16384 +#define QBITS 4 + +#define SEP(c) ((unsigned char)(c) <= ' ') +#define SKIP_CHAR(p,c) do { while (1) { int __c = (unsigned char)*p++; if (__c == c) break; if (__c <= ' ') { p--; break; } } } while (0) + +/* [0] = err/date, [1] = req, [2] = conn, [3] = resp, [4] = data */ +static struct eb_root timers[5] = { + EB_ROOT_UNIQUE, EB_ROOT_UNIQUE, EB_ROOT_UNIQUE, + EB_ROOT_UNIQUE, EB_ROOT_UNIQUE, +}; + +struct timer { + struct eb32_node node; + unsigned int count; +}; + +struct srv_st { + unsigned int st_cnt[6]; /* 0xx to 5xx */ + unsigned int nb_ct, nb_rt, nb_ok; + unsigned long long cum_ct, cum_rt; + struct ebmb_node node; + /* don't put anything else here, the server name will be there */ +}; + +struct url_stat { + union { + struct ebpt_node url; + struct eb64_node val; + } node; + char *url; + unsigned long long total_time; /* sum(all reqs' times) */ + unsigned long long total_time_ok; /* sum(all OK reqs' times) */ + unsigned long long total_bytes_sent; /* sum(all bytes sent) */ + unsigned int nb_err, nb_req; +}; + +#define FILT_COUNT_ONLY 0x01 +#define FILT_INVERT 0x02 +#define FILT_QUIET 0x04 +#define FILT_ERRORS_ONLY 0x08 +#define FILT_ACC_DELAY 0x10 +#define FILT_ACC_COUNT 0x20 +#define FILT_GRAPH_TIMERS 0x40 +#define FILT_PERCENTILE 0x80 +#define FILT_TIME_RESP 0x100 + +#define FILT_INVERT_ERRORS 0x200 +#define FILT_INVERT_TIME_RESP 0x400 + +#define FILT_COUNT_STATUS 0x800 +#define FILT_COUNT_SRV_STATUS 0x1000 +#define FILT_COUNT_TERM_CODES 0x2000 + +#define FILT_COUNT_URL_ONLY 0x004000 +#define FILT_COUNT_URL_COUNT 0x008000 +#define FILT_COUNT_URL_ERR 0x010000 +#define FILT_COUNT_URL_TTOT 0x020000 +#define FILT_COUNT_URL_TAVG 0x040000 +#define FILT_COUNT_URL_TTOTO 0x080000 +#define FILT_COUNT_URL_TAVGO 0x100000 + +#define FILT_HTTP_ONLY 0x200000 +#define FILT_TERM_CODE_NAME 0x400000 +#define FILT_INVERT_TERM_CODE_NAME 0x800000 + +#define FILT_HTTP_STATUS 0x1000000 +#define FILT_INVERT_HTTP_STATUS 0x2000000 +#define FILT_QUEUE_ONLY 0x4000000 +#define FILT_QUEUE_SRV_ONLY 0x8000000 + +#define FILT_COUNT_URL_BAVG 0x10000000 +#define FILT_COUNT_URL_BTOT 0x20000000 + +#define FILT_COUNT_URL_ANY (FILT_COUNT_URL_ONLY|FILT_COUNT_URL_COUNT|FILT_COUNT_URL_ERR| \ + FILT_COUNT_URL_TTOT|FILT_COUNT_URL_TAVG|FILT_COUNT_URL_TTOTO|FILT_COUNT_URL_TAVGO| \ + FILT_COUNT_URL_BAVG|FILT_COUNT_URL_BTOT) + +#define FILT_COUNT_COOK_CODES 0x40000000 +#define FILT_COUNT_IP_COUNT 0x80000000 + +#define FILT2_TIMESTAMP 0x01 + +unsigned int filter = 0; +unsigned int filter2 = 0; +unsigned int filter_invert = 0; +const char *line; +int linenum = 0; +int parse_err = 0; +int lines_out = 0; +int lines_max = -1; + +const char *fgets2(FILE *stream); + +void filter_count_url(const char *accept_field, const char *time_field, struct timer **tptr); +void filter_count_ip(const char *source_field, const char *accept_field, const char *time_field, struct timer **tptr); +void filter_count_srv_status(const char *accept_field, const char *time_field, struct timer **tptr); +void filter_count_cook_codes(const char *accept_field, const char *time_field, struct timer **tptr); +void filter_count_term_codes(const char *accept_field, const char *time_field, struct timer **tptr); +void filter_count_status(const char *accept_field, const char *time_field, struct timer **tptr); +void filter_graphs(const char *accept_field, const char *time_field, struct timer **tptr); +void filter_output_line(const char *accept_field, const char *time_field, struct timer **tptr); +void filter_accept_holes(const char *accept_field, const char *time_field, struct timer **tptr); + +void usage(FILE *output, const char *msg) +{ + fprintf(output, + "%s" + "Usage: halog [-h|--help] for long help\n" + " halog [-q] [-c] [-m ]\n" + " {-cc|-gt|-pct|-st|-tc|-srv|-u|-uc|-ue|-ua|-ut|-uao|-uto|-uba|-ubt|-ic}\n" + " [-s ] [-e|-E] [-H] [-rt|-RT