pax_global_header00006660000000000000000000000064121576073560014526gustar00rootroot0000000000000052 comment=d7279a403dcf223d6b2332d58db02ad681c087f4 haproxy-1.4.24/000077500000000000000000000000001215760735600133105ustar00rootroot00000000000000haproxy-1.4.24/.gitignore000066400000000000000000000002041215760735600152740ustar00rootroot00000000000000*.o */.svn *~ .flxdisk* .flxpkg .flxstatus* .svn haproxy src/*.o *.rej *.orig *.log* *.trace* haproxy-* make-* dlmalloc.c 00*.patch haproxy-1.4.24/CHANGELOG000066400000000000000000003642451215760735600145400ustar00rootroot00000000000000ChangeLog : =========== 2013/06/17 : 1.4.24 - BUG/MAJOR: backend: consistent hash can loop forever in certain circumstances - BUG/MEDIUM: checks: disable TCP quickack when pure TCP checks are used - MEDIUM: protocol: implement a "drain" function in protocol layers - BUG/CRITICAL: fix a possible crash when using negative header occurrences 2013/04/03 : 1.4.23 - CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read - BUG: fix garbage data when http-send-name-header replaces an existing header - BUG/MEDIUM: remove supplementary groups when changing gid - BUG/MINOR: Correct logic in cut_crlf() - BUG/MINOR: config: use a copy of the file name in proxy configurations - BUG/MINOR: epoll: correctly disable FD polling in fd_rem() - MINOR: halog: sort output by cookie code - BUG/MINOR: halog: -ad/-ac report the correct number of output lines - BUG/MINOR: halog: fix help message for -ut/-uto - BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel mode - BUG/MEDIUM: command-line option -D must have precedence over "debug" - OPTIM: halog: keep a fast path for the lines-count only - MINOR: halog: add a parameter to limit output line count - BUG: halog: fix broken output limitation - MEDIUM: checks: avoid accumulating TIME_WAITs during checks - MEDIUM: checks: prevent TIME_WAITs from appearing also on timeouts - BUG/MAJOR: cli: show sess may randomly corrupt the back-ref list - BUG/MINOR: http: don't report client aborts as server errors - BUG/MINOR: http: don't log a 503 on client errors while waiting for requests - BUG/MEDIUM: tcp: process could theorically crash on lack of source ports - BUG/MINOR: http: don't abort client connection on premature responses - BUILD: no need to clean up when making git-tar - MINOR: http: always report PR-- flags for redirect rules - BUG/MINOR: time: frequency counters are not totally accurate - BUG/MINOR: http: don't process abortonclose when request was sent - BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait() - BUG/MINOR: config: fix improper check for failed memory alloc in ACL parser - BUG/MEDIUM: checks: ensure the health_status is always within bounds - CLEANUP: http: remove a useless null check - BUG/MEDIUM: signal: signal handler does not properly check for signal bounds - BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage - CLEANUP: config: slowstart is never negative - BUILD: improve the makefile's support for libpcre - BUG/MINOR: checks: fix an warning introduced by commit 2f61455a - MEDIUM: halog: add support for counting per source address (-ic) - DOC: mention the new HTTP 307 and 308 redirect statues (cherry picked from commit b67fdc4cd8bde202f2805d98683ddab929469a05) - MEDIUM: poll: do not use FD_* macros anymore - BUG/MAJOR: ev_select: disable the select() poller if maxsock > FD_SETSIZE - BUILD: enable poll() by default in the makefile - BUILD: add explicit support for Mac OS/X - BUG/CRITICAL: using HTTP information in tcp-request content may crash the process - MEDIUM: http: implement redirect 307 and 308 - MINOR: http: status 301 should not be marked non-cacheable 2012/08/14 : 1.4.22 - BUG/MEDIUM: option forwardfor if-none doesn't work with some configurations - MINOR: balance uri: added 'whole' parameter to include query string in hash calculation - DOC: specify the default value for maxconn in the context of a proxy - BUG/MINOR: checks: expire on timeout.check if smaller than timeout.connect - REORG/MINOR: use dedicated proxy flags for the cookie handling - BUG/MINOR: config: do not report twice the incompatibility between cookie and non-http - MINOR: http: add support for "httponly" and "secure" cookie attributes - MEDIUM: stats: add support for soft stop/soft start in the admin interface - BUILD: add support for linux kernels >= 2.6.28 - MINOR: contrib/iprange: add a network IP range to mask converter - BUILD: add an AIX 5.2 (and later) target. - MINOR: halog: use the more recent dual-mode fgets2 implementation - BUG/MEDIUM: ebtree: ebmb_insert() must not call cmp_bits on full-length matches - CLEANUP: halog: make clean should also remove .o files (cherry picked from commit 8ad4193100aafa19f04929670371bf823dbe11d0) - OPTIM: halog: make use of memchr() on platforms which provide a fast one - OPTIM: halog: improve cold-cache behaviour when loading a file - [MINOR] config: make it possible to specify a cookie even without a server - MINOR: config: tolerate server "cookie" setting in non-HTTP mode - BUG/MINOR: tarpit: fix condition to return the HTTP 500 message 2012/05/21 : 1.4.21 - MINOR: patch for minor typo (ressources/resources) - CLEANUP: fix typo in findserver() log message - DOC: cleanup indentation, alignment, columns and chapters - DOC: fix some keywords arguments documentation - MINOR: stats admin: allow unordered parameters in POST requests - MINOR: stats admin: use the backend id instead of its name in the form - BUG/MAJOR: trash must always be the size of a buffer - DOC: fix minor regex example issue and improve doc on stats - BUG/MAJOR: possible crash when using capture headers on TCP frontends - MINOR: config: disable header captures in TCP mode and complain - BUG/MEDIUM: balance source did not properly hash IPv6 addresses - CLEANUP: http: message parser must ignore HTTP_MSG_ERROR - CLEANUP: remove a few warning about unchecked return values in debug code - CLEANUP: http: remove unused http_msg->col - BUG/MINOR: http: error snapshots are wrong if buffer wraps - BUG/MAJOR: checks: don't call set_server_status_* when no LB algo is set - MINOR: proxy: make findproxy() return proxies from numeric IDs too - BUILD: http: stop gcc-4.1.2 from complaining about possibly uninitialized values - BUG/MINOR: stop connect timeout when connect succeeds 2012/03/10 : 1.4.20 - BUG/MINOR: fix typo in processing of http-send-name-header - BUG/MEDIUM: correctly disable servers tracking another disabled servers. - BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend - MINOR: halog: add some help on the command line (cherry picked from commit 615674cdec067066a42f53f5d55628ab7b207e6c) - BUILD: fix build error on FreeBSD - BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions - BUG: http: disable TCP delayed ACKs when forwarding content-length data - BUG: checks: fix server maintenance exit sequence - BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on partial writes - DOC: enumerate valid status codes for "observe layer7" - BUILD: make it possible to look for pcre in the default system paths 2012/01/08 : 1.4.19 - MEDIUM: http: add support for sending the server's name in the outgoing request - BUG/MINOR: fix options forwardfor if-none when an alternative header name is specified - MINOR: task: new function task_schedule() to schedule a wake up - BUG/MEDIUM: checks: fix slowstart behaviour when server tracking is in use - BUG: tcp: option nolinger does not work on backends - BUG: ebtree: ebst_lookup() could return the wrong entry - BUG: http: re-enable TCP quick-ack upon incomplete HTTP requests - CLEANUP: ebtree: remove a few annoying signedness warnings - CLEANUP: ebtree: remove 4-year old harmless typo in duplicates insertion code - CLEANUP: ebtree: remove another typo, a wrong initialization in insertion code - BUG: proto_tcp: set AF_INET on tproxy for use with recent kernels - MINOR: halog: add support for matching queued requests - BUG: http: tighten the list of allowed characters in a URI 2011/09/16 : 1.4.18 - [MINOR] http: *_dom matching header functions now also split on ":" - [MINOR] halog: support backslash-escaped quotes - BUILD/MINOR: fix the source URL in the spec file - DOC: acl is http_first_req, not http_req_first - BUG/MEDIUM: don't trim last spaces from headers consisting only of spaces - MINOR: acl: add new matches for header/path/url length - [MINOR] halog: do not consider byte 0x8A as end of line - [OPTIM] halog: make fgets parse more bytes by blocks - [OPTIM] halog: add assembly version of the field lookup code - [CLEANUP] startup: report only the basename in the usage message - [DOC] update the README file to reflect new naming rules for patches - BUILD: halog: make halog build on solaris 2011/09/05 : 1.4.17 - [MINOR] halog: add support for termination code matching (-tcn/-TCN) - [MINOR] halog: make SKIP_CHAR stop on field delimiters - [MINOR] halog: add support for HTTP log matching (-H) - [MINOR] halog: gain back performance before SKIP_CHAR fix - [OPTIM] halog: cache some common fields positions - [OPTIM] halog: check once for correct line format and reuse the pointer - [OPTIM] halog: remove many 'if' by using a function pointer for the filters - [OPTIM] halog: remove support for tab delimiters in input data - [MINOR] halog: add -hs/-HS to filter by HTTP status code range - [CLEANUP] update the year in the copyright banner - [BUG] check: http-check expect + regex would crash in defaults section - [MEDIUM] http: make x-forwarded-for addition conditional - [DOC] fixed a few "sensible" -> "sensitive" errors - [MINOR] stats: display "" instead of the frontend name when unknown - [BUG] http: trailing white spaces must also be trimmed after headers - [MINOR] http: take a capture of too large requests and responses - [MINOR] http: take a capture of truncated responses - [MINOR] http: take a capture of bad content-lengths. 2011/08/04 : 1.4.16 - [BUG] checks: fix support of Mysqld >= 5.5 for mysql-check - [DOC] Minor spelling fixes and grammatical enhancements - [CLEANUP] Remove assigned but unused variables - [BUG] checks: http-check expect could fail a check on multi-packet responses - [DOC] fix minor typo in the "dispatch" doc - [MINOR] http: make the "HTTP 200" status code configurable. - [MINOR] http: partially revert the chunking optimization for now - [MINOR] stream_sock: always clear BF_EXPECT_MORE upon complete transfer - [CLEANUP] stream_sock: remove unneeded FL_TCP and factor out test - [MEDIUM] http: add support for "http-no-delay" - [OPTIM] http: optimize chunking again in non-interactive mode - [OPTIM] stream_sock: avoid fast-forwarding of partial data - [OPTIM] stream_sock: don't use splice on too small payloads - [BUG] stats: support url-encoded forms - [BUG] halog: correctly handle truncated last line - [DOC] fix typos, "#" is a sharp, not a dash 2011/04/08 : 1.4.15 - [CRITICAL] fix risk of crash when dealing with space in response cookies 2011/03/29 : 1.4.14 - [MINOR] config: fix endianness of server check port - [BUG] http: fix possible incorrect forwarded wrapping chunk size (take 2) - [MINOR] tools: add two macros MID_RANGE and MAX_RANGE - [BUG] http: fix content-length handling on 32-bit platforms - [OPTIM] buffers: uninline buffer_forward() 2011/03/09 : 1.4.13 - [BUG] config: don't crash on empty pattern files. 2011/03/08 : 1.4.12 - [MINOR] stats: add support for several packets in stats admin - [BUG] stats: admin commands must check the proxy state - [BUG] stats: admin web interface must check the proxy state - [BUG] http: update the header list's tail when removing the last header - [DOC] fix typos (http-request instead of http-check) (cherry picked from commit 8f2a1e72bebea700f37add40997b716fdfd86b9c) - [BUG] http: use correct ACL pointer when evaluating authentication - [BUG] cfgparse: correctly count one socket per port in ranges - [BUG] startup: set the rlimits before binding ports, not after. - [BUG] acl: srv_id must return no match when the server is NULL - [BUG] acl: fd leak when reading patterns from file - [DOC] fix minor typo in "usesrc" - [BUG] http: fix possible incorrect forwarded wrapping chunk size - [BUG] http: fix computation of message body length after forwarding has started - [BUG] http: balance url_param did not work with first parameters on POST - [TESTS] update the url_param regression test to test check_post too 2011/02/10 : 1.4.11 - [MINOR] cfgparse: Check whether the path given for the stats socket actually fits into the sockaddr_un structure to avoid truncation. - [DOC] fix a minor typo - [DOC] fix ignore-persist documentation - [BUG] http: fix http-pretend-keepalive and httpclose/tunnel mode - [MINOR] add warnings on features not compatible with multi-process mode - [MINOR] acl: add be_id/srv_id to match backend's and server's id - [MINOR] log: add support for passing the forwarded hostname - [MINOR] log: ability to override the syslog tag - [DOC] fix minor typos in the doc - [DOC] fix another typo in the doc - [BUG] http chunking: don't report a parsing error on connection errors - [BUG] stream_interface: truncate buffers when sending error messages - [BUG] http: fix incorrect error reporting during data transfers - [CRITICAL] session: correctly leave turn-around and queue states on abort - [BUG] session: release slot before processing pending connections - [MINOR] stats: report HTTP message state and buffer flags in error dumps - [MINOR] http: support wrapping messages in error captures - [MINOR] http: capture incorrectly chunked message bodies - [MINOR] stats: add global event ID and count - [OPTIM] http: don't send each chunk in a separate packet - [BUG] acl: fix handling of empty lines in pattern files - [BUG] ebtree: fix ebmb_lookup() with len smaller than the tree's keys - [OPTIM] ebtree: ebmb_lookup: reduce stack usage by moving the return code out of the loop 2010/11/29 : 1.4.10 - [BUG] debug: report the correct poller list in verbose mode - [BUG] capture: do not capture a cookie if there is no memory left - [BUG] appsession: fix possible double free in case of out of memory - [CRITICAL] cookies: mixing cookies in indirect mode and appsession can crash the process - [BUG] http: correctly update the header list when removing two consecutive headers - [BUILD] add the CPU=native and ARCH=32/64 build options - [BUILD] add -fno-strict-aliasing to fix warnings with gcc >= 4.4 2010/10/29 : 1.4.9 - [BUG] stats: session rate limit gets garbaged in the stats - [DOC] fix http-request documentation - [MEDIUM] enable/disable servers from the stats web interface - [MEDIUM] stats: add an admin level - [DOC] stats: document the "stats admin" statement - [MINOR] checks: add support for LDAPv3 health checks - [MINOR] add better support to "mysql-check" - [BUG] Restore info about available active/backup servers - [CONTRIB] Update haproxy.pl - [CONTRIB] Update Cacti Tempates - [CONTRIB] add templates for Cacti. - [MEDIUM] http: forward client's close when abortonclose is set - [BUG] queue: don't dequeue proxy-global requests on disabled servers - [MEDIUM] servers: support address 0.0.0.0 as the original destination address - [BUG] stats: global stats timeout may be specified before stats socket. - [BUG] stream_sock: cleanly disable the listener in case of resource shortage - [BUG] ebtree: string_equal_bits() could return garbage on identical strings - [BUG] stream_sock: try to flush any extra pending request data after a POST - [BUILD] proto_http: eliminate some build warnings with gcc-2.95 - [MEDIUM] make it possible to combine http-pretend-keepalived with httpclose - [MEDIUM] tcp-request : don't wait for inspect-delay to expire when the buffer is full - [DOC] bind option is "defer-accept", not "defer_accept" - [MEDIUM] checks: add support for HTTP contents lookup - [TESTS] add test-check-expect to test various http-check methods - [MINOR] global: add "tune.chksize" to change the default check buffer size - [MINOR] startup: release unused structs after forking - [MINOR] startup: don't wait for nothing when no old pid remains - [BUG] http: don't consider commas as a header delimitor within quotes - [DOC] fix typo in the queue() definition (backend, not frontend) - [DOC] fix typo in the avg_queue() and be_conn() definition (backend, not frontend) - [BUG] deinit: unbind listeners before freeing them - [MINOR] halog: add '-tc' to sort by termination codes - [MINOR] halog: skip non-traffic logs for -st and -tc - [DOC] add a summary about cookie incompatibilities between specs and browsers - [DOC] fix description of cookie "insert" and "indirect" modes - [MEDIUM] http: fix space handling in the request cookie parser - [MEDIUM] http: fix space handling in the response cookie parser - [MINOR] cookie: add options "maxidle" and "maxlife" - [MEDIUM] cookie: support client cookies with some contents appended to their value - [MINOR] http: make some room in the transaction flags to extend cookies - [MINOR] cookie: add the expired (E) and old (O) flags for request cookies - [MEDIUM] cookie: reassign set-cookie status flags to store more states - [MINOR] add encode/decode function for 30-bit integers from/to base64 - [MEDIUM] cookie: check for maxidle and maxlife for incoming dated cookies - [MEDIUM] cookie: set the date in the cookie if needed - [DOC] document the cookie maxidle and maxlife parameters - [BUG] checks: don't log backend down for all zero-weight servers - [MEDIUM] checks: set server state to one state from failure when leaving maintenance - [BUG] config: report correct keywords for "observe" - [MINOR] checks: ensure that we can inherit binary checks from the defaults section - [MINOR] acl: add the http_req_first match - [DOC] fix typos about bind-process syntax - [BUG] cookie: correctly unset default cookie parameters - [MINOR] cookie: add support for the "preserve" option - [DOC] missing index entry for http-check send-state - [BUG] ebtree: fix duplicate strings insertion - [CONTRIB] halog: report per-url counts, errors and times - [CONTRIB] halog: minor speed improvement in timer parser - [BUG] http: denied requests must not be counted as denied resps in listeners - [BUG] config: report the correct proxy type in tcp-request errors - [BUG] proto_tcp: potential bug on pattern fetch dst and dport 2010/06/16 : 1.4.8 - [DOC] mention 'option http-server-close' effect in Tq section - [DOC] summarize and highlight persistent connections behaviour - [DOC] add configuration samples - [BUG] stick_table: the fix for the memory leak caused a regression - [BUG] client: don't add a new session to the list too early 2010/06/07 : 1.4.7 - [BUG] http: dispatch and http_proxy modes were broken for a long time - [BUG] http: the transaction must be initialized even in TCP mode - [BUG] tcp: dropped connections must be counted as "denied" not "failed" - [BUG] consistent hash: balance on all servers, not only 2 ! - [CONTRIB] halog: report per-server status codes, errors and response times - [BUG] http: the transaction must be initialized even in TCP mode (part 2) - [BUG] stick_table: fix possible memory leak in case of connection error - [BUG] proxy: connection rate limiting was eating lots of CPU - [BUG] frontend: always ensure to zero rep->analysers - [BUG] http: report correct flags in case of client aborts during body - [TESTS] refine non-regression tests and add 4 new tests - [BUG] debug: wrong pointer was used to report a status line - [BUG] debug: correctly report truncated messages - [DOC] document the "dispatch" keyword 2010/05/16 : 1.4.6 - [BUILD] ebtree: update to v6.0.1 to remove references to dprintf() - [CLEANUP] acl: make use of eb_is_empty() instead of open coding the tree's emptiness test - [MINOR] acl: add srv_is_up() to check that a specific server is up or not - [DOC] add a few precisions about the use of RDP cookies 2010/05/13 : 1.4.5 - [DOC] report minimum kernel version for tproxy in the Makefile - [MINOR] add the "ignore-persist" option to conditionally ignore persistence - [DOC] add the "ignore-persist" option to conditionally ignore persistence - [DOC] fix ignore-persist/force-persist documentation - [BUG] cttproxy: socket fd leakage in check_cttproxy_version - [DOC] doc/configuration.txt: fix typos - [MINOR] option http-pretend-keepalive is both for FEs and BEs - [MINOR] fix possible crash in debug mode with invalid responses - [MINOR] halog: add support for statisticts on status codes - [OPTIM] halog: use a faster zero test in fgets() - [OPTIM] halog: minor speedup by using unlikely() - [OPTIM] halog: speed up fgets2-64 by about 10% - [DOC] refresh the README file and merge the CONTRIB file into it - [MINOR] acl: support loading values from files - [MEDIUM] ebtree: upgrade to version 6.0 - [MINOR] acl trees: add flags and union members to store values in trees - [MEDIUM] acl: add ability to insert patterns in trees - [MEDIUM] acl: add tree-based lookups of exact strings - [MEDIUM] acl: add tree-based lookups of networks - [MINOR] acl: ignore empty lines and comments in pattern files - [MINOR] stick-tables: add support for "stick on hdr" 2010/04/07 : 1.4.4 - [BUG] appsession should match the whole cookie name - [CLEANUP] proxy: move PR_O_SSL3_CHK to options2 to release one flag - [MEDIUM] backend: move the transparent proxy address selection to backend - [MINOR] add very fast IP parsing functions - [MINOR] add new tproxy flags for dynamic source address binding - [MEDIUM] add ability to connect to a server from an IP found in a header - [BUILD] config: last patch breaks build without CONFIG_HAP_LINUX_TPROXY - [MINOR] http: make it possible to pretend keep-alive when doing close - [MINOR] config: report "default-server" instead of "(null)" in error messages 2010/03/30 : 1.4.3 - [CLEANUP] stats: remove printf format warning in stats_dump_full_sess_to_buffer() - [MEDIUM] session: better fix for connection to servers with closed input - [DOC] indicate in the doc how to bind to port ranges - [BUG] backend: L7 hashing must not be performed on incomplete requests - [TESTS] add a simple program to test connection resets - [MINOR] cli: "show errors" should display "backend " when backend was not used - [MINOR] config: emit warnings when HTTP-only options are used in TCP mode - [MINOR] config: allow "slowstart 0s" - [BUILD] 'make tags' did not consider files ending in '.c' - [MINOR] checks: add the ability to disable a server in the config 2010/03/17 : 1.4.2 - [CLEANUP] product branch update - [DOC] Some more documentation cleanups - [BUG] clf logs segfault when capturing a non existant header - [OPTIM] config: only allocate check buffer when checks are enabled - [MEDIUM] checks: support multi-packet health check responses - [CLEANUP] session: remove duplicate test - [BUG] http: don't wait for response data to leave buffer is client has left - [MINOR] proto_uxst: set accept_date upon accept() to the wall clock time - [MINOR] stats: don't send empty lines in "show errors" - [MINOR] stats: make the data dump function reusable for other purposes - [MINOR] stats socket: add show sess to dump details about a session - [BUG] stats: connection reset counters must be plain ascii, not HTML - [BUG] url_param hash may return a down server - [MINOR] force null-termination of hostname - [MEDIUM] connect to servers even when the input has already been closed - [BUG] don't merge anonymous ACLs ! - [BUG] config: fix endless loop when parsing "on-error" - [MINOR] http: don't mark a server as failed when it returns 501/505 - [OPTIM] checks: try to detect the end of response without polling again - [BUG] checks: don't report an error when recv() returns an error after data - [BUG] checks: don't abort when second poll returns an error - [MINOR] checks: make shutdown() silently fail - [BUG] http: fix truncated responses on chunk encoding when size divides buffer size - [BUG] init: unconditionally catch SIGPIPE - [BUG] checks: don't wait for a close to start parsing the response 2010/03/04 : 1.4.1 - [BUG] Clear-cookie path issue - [DOC] fix typo on stickiness rules - [BUILD] fix BSD and OSX makefiles for missing files - [BUILD] includes order breaks OpenBSD build - [BUILD] fix some build warnings on Solaris with is* macros - [BUG] logs: don't report "last data" when we have just closed after an error - [BUG] logs: don't report "proxy request" when server closes early - [BUILD] fix platform-dependant build issues related to crypt() - [STATS] count transfer aborts caused by client and by server - [STATS] frontend requests were not accounted for failed requests - [MINOR] report total number of processed connections when stopping a proxy - [DOC] be more clear about the limitation to one single monitor-net entry 2010/02/26 : 1.4.0 - [MINOR] stats: report maint state for tracking servers too - [DOC] fix summary to add pattern extraction - [DOC] Documentation cleanups - [BUG] cfgparse memory leak and missing free calls in deinit() - [BUG] pxid/puid/luid: don't shift IDs when some of them are forced - [EXAMPLES] add auth.cfg - [BUG] uri_auth: ST_SHLGNDS should be 0x00000008 not 0x0000008 - [BUG] uri_auth: do not attemp to convert uri_auth -> http-request more than once - [BUILD] auth: don't use unnamed unions - [BUG] config: report unresolvable host names as errors - [BUILD] fix build breakage with DEBUG_FULL - [DOC] fix a typo about timeout check and clarify the explanation. - [MEDIUM] http: don't use trash to realign large buffers - [STATS] report HTTP requests (total and rate) in frontends - [STATS] separate frontend and backend HTTP stats - [MEDIUM] http: revert to use a swap buffer for realignment - [MINOR] stats: report the request rate in frontends as cell titles - [MINOR] stats: mark areas with an underline when tooltips are available - [DOC] reorder some entries to maintain the alphabetical order - [DOC] cleanup of the keyword matrix 2010/02/02 : 1.4-rc1 - [MEDIUM] add a maintenance mode to servers - [MINOR] http-auth: last fix was wrong - [CONTRIB] add base64rev-gen.c that was used to generate the base64rev table. - [MINOR] Base64 decode - [MINOR] generic auth support with groups and encrypted passwords - [MINOR] add ACL_TEST_F_NULL_MATCH - [MINOR] http-request: allow/deny/auth support for frontend/backend/listen - [MINOR] acl: add http_auth and http_auth_group - [MAJOR] use the new auth framework for http stats - [DOC] add info about userlists, http-request and http_auth/http_auth_group acls - [STATS] make it possible to change a CLI connection timeout - [BUG] patterns: copy-paste typo in type conversion arguments - [MINOR] pattern: make the converter more flexible by supporting void* and int args - [MINOR] standard: str2mask: string to netmask converter - [MINOR] pattern: add support for argument parsers for converters - [MINOR] pattern: add the "ipmask()" converting function - [MINOR] config: off-by-one in "stick-table" after list of converters - [CLEANUP] acl, patterns: make use of my_strndup() instead of malloc+memcpy - [BUG] restore accidentely removed line in last patch ! - [MINOR] checks: make the HTTP check code add the CRLF itself - [MINOR] checks: add the server's status in the checks - [BUILD] halog: make without arch-specific optimizations - [BUG] halog: fix segfault in case of empty log in PCT mode (cherry picked from commit fe362fe4762151d209b9656639ee1651bc2b329d) - [MINOR] http: disable keep-alive when process is going down - [MINOR] acl: add build_acl_cond() to make it easier to add ACLs in config - [CLEANUP] config: use build_acl_cond() instead of parse_acl_cond() - [CLEANUP] config: use warnif_cond_requires_resp() to check for bad ACLs - [MINOR] prepare req_*/rsp_* to receive a condition - [CLEANUP] config: specify correct const char types to warnif_* functions - [MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords - [MEDIUM] http: make the request filter loop check for optional conditions - [MEDIUM] http: add support for conditional request filter execution - [DOC] add some build info about the AIX platform (cherry picked from commit e41914c77edbc40aebf827b37542d37d758e371e) - [MEDIUM] http: add support for conditional request header addition - [MEDIUM] http: add support for conditional response header rewriting - [DOC] add some missing ACLs about response header matching - [MEDIUM] http: add support for proxy authentication - [MINOR] http-auth: make the 'unless' keyword work as expected - [CLEANUP] config: use build_acl_cond() to simplify http-request ACL parsing - [MEDIUM] add support for anonymous ACLs - [MEDIUM] http: switch to tunnel mode after status 101 responses - [MEDIUM] http: stricter processing of the CONNECT method - [BUG] config: reset check request to avoid double free when switching to ssl/sql - [MINOR] config: fix too large ssl-hello-check message. - [BUG] fix error response in case of server error 2010/01/25 : 1.4-dev8 - [CLEANUP] Keep in sync "defaults" support between documentation and code - [MEDIUM] http: add support for Proxy-Connection header - [CRITICAL] buffers: buffer_insert_line2 must not change the ->w entry - [MINOR] http: remove a copy-paste typo in transaction cleaning - [BUG] http: trim any excess buffer data when recycling a connection 2010/01/25 : 1.4-dev7 - [BUG] appsession: possible memory leak in case of out of memory condition - [MINOR] config: don't accept 'appsession' in defaults section - [MINOR] Add function to parse a size in configuration - [MEDIUM] Add stick table (persistence) management functions and types - [MEDIUM] Add pattern fetch management types and functions - [MEDIUM] Add src dst and dport pattern fetches. - [MEDIUM] Add stick table configuration and init. - [MEDIUM] Add stick and store rules analysers. - [MINOR] add option "mysql-check" to use MySQL health checks - [BUG] health checks: fix requeued message - [OPTIM] remove SSP_O_VIA and SSP_O_STATUS - [BUG] checks: fix newline termination - [MINOR] acl: add fe_id/so_id to match frontend's and socket's id - [BUG] appsession's sessid must be reset at end of transaction - [BUILD] appsession did not build anymore under gcc-2.95 - [BUG] server redirection used an uninitialized string. - [MEDIUM] http: fix handling of message pointers - [MINOR] http: fix double slash prefix with server redirect - [MINOR] http redirect: add the ability to append a '/' to the URL - [BUG] stream_interface: fix retnclose and remove cond_close - [MINOR] http redirect: don't explicitly state keep-alive on 1.1 - [MINOR] http: move appsession 'sessid' from session to http_txn - [OPTIM] reorder http_txn to optimize cache lines placement - [MINOR] http: differentiate waiting for new request and waiting for a complete requst - [MINOR] http: add a separate "http-keep-alive" timeout - [MINOR] config: remove undocumented and buggy 'timeout appsession' - [DOC] fix various too large lines - [DOC] remove several trailing spaces - [DOC] add the doc about stickiness - [BUILD] remove a warning in standard.h on AIX - [BUG] checks: chars are unsigned on AIX, check was always true - [CLEANUP] stream_sock: MSG_NOSIGNAL is only for send(), not recv() - [BUG] check: we must not check for error before reading a response - [BUG] buffers: remove remains of wrong obsolete length check - [OPTIM] stream_sock: don't shutdown(write) when the socket is in error - [BUG] http: don't count req errors on client resets or t/o during keep-alive - [MEDIUM] http: don't switch to tunnel mode upon close - [DOC] add documentation about connection header processing - [MINOR] http: add http_remove_header2() to remove a header value. - [MINOR] tools: add a "word_match()" function to match words and ignore spaces - [MAJOR] http: rework request Connection header handling - [MAJOR] http: rework response Connection header handling - [MINOR] add the ability to force kernel socket buffer size. - [BUG] http_server_error() must not purge a previous pending response - [OPTIM] http: don't delay response if next request is incomplete - [MINOR] add the "force-persist" statement to force persistence on down servers - [MINOR] http: logs must report persistent connections to down servers - [BUG] buffer_replace2 must never change the ->w entry 2010/01/08 : 1.4-dev6 - [BUILD] warning in stream_interface.h - [BUILD] warning ultoa_r returns char * - [MINOR] hana: only report stats if it is enabled - [MINOR] stats: add "a link" & "a href" for sockets - [MINOR]: stats: add show-legends to report additional informations - [MEDIUM] default-server support - [BUG]: add 'observer', 'on-error', 'error-limit' to supported options list - [MINOR] stats: add href to tracked server - [BUG] stats: show UP/DOWN status also in tracking servers - [DOC] Restore ability to search a keyword at the beginning of a line - [BUG] stats: cookie should be reported under backend not under proxy - [BUG] cfgparser/stats: fix error message - [BUG] http: disable auto-closing during chunk analysis - [BUG] http: fix hopefully last closing issue on data forwarding - [DEBUG] add an http_silent_debug function to debug HTTP states - [MAJOR] http: fix again the forward analysers - [BUG] http_process_res_common() must not skip the forward analyser - [BUG] http: some possible missed close remain in the forward chain - [BUG] http: redirect needed to be updated after recent changes - [BUG] http: don't set no-linger on response in case of forced close - [MEDIUM] http: restore the original behaviour of option httpclose - [TESTS] add a file to test various connection modes - [BUG] http: check options before the connection header - [MAJOR] session: fix the order by which the analysers are run - [MEDIUM] session: also consider request analysers added during response - [MEDIUM] http: make safer use of the DONT_READ and AUTO_CLOSE flags - [BUG] http: memory leak with captures when using keep-alive - [BUG] http: fix for capture memory leak was incorrect - [MINOR] http redirect: use proper call to return last response - [MEDIUM] http: wait for some flush of the response buffer before a new request - [MEDIUM] session: limit the number of analyser loops 2010/01/03 : 1.4-dev5 - [MINOR] server tracking: don't care about the tracked server's mode - [MEDIUM] appsession: add "len", "prefix" and "mode" options - [MEDIUM] appsession: add the "request-learn" option - [BUG] Configuration parser bug when escaping characters - [MINOR] CSS & HTML fun - [MINOR] Collect & provide http response codes received from servers - [BUG] Fix silly typo: hspr_other -> hrsp_other - [MINOR] Add "a name" to stats page - [MINOR] add additional "a href"s to stats page - [MINOR] Collect & provide http response codes for frontends, fix backends - [DOC] some small spell fixes and unifications - [MEDIUM] Decrease server health based on http responses / events, version 3 - [BUG] format '%d' expects type 'int', but argument 5 has type 'long int' - [BUG] config: fix erroneous check on cookie domain names, again - [BUG] Healthchecks: get a proper error code if connection cannot be completed immediately - [DOC] trivial fix for man page - [MINOR] config: report all supported options for the "bind" keyword - [MINOR] tcp: add support for the defer_accept bind option - [MINOR] unix socket: report the socket path in case of bind error - [CONTRIB] halog: support searching by response time - [DOC] add a reminder about obsolete documents - [DOC] point to 1.4 doc, not 1.3 - [DOC] option tcp-smart-connect was missing from index - [MINOR] http: detect connection: close earlier - [CLEANUP] sepoll: clean up the fd_clr/fd_set functions - [OPTIM] move some rarely used fields out of fdtab - [MEDIUM] fd: merge fd_list into fdtab - [MAJOR] buffer: flag BF_DONT_READ to disable reads when not required - [MINOR] http: add new transaction flags for keep-alive and content-length - [MEDIUM] http request: parse connection, content-length and transfer-encoding - [MINOR] http request: update the TX_SRV_CONN_KA flag on rewrite - [MINOR] http request: simplify the test of no-data - [MEDIUM] http request: simplify POST length detection - [MEDIUM] http request: make use of pre-parsed transfer-encoding header - [MAJOR] http: create the analyser which waits for a response - [MINOR] http: pre-set the persistent flags in the transaction - [MEDIUM] http response: check body length and set transaction flags - [MINOR] http response: update the TX_CLI_CONN_KA flag on rewrite - [MINOR] http: remove the last call to stream_int_return - [IMPORT] import ebtree v5.0 into directory ebtree/ - [MEDIUM] build: switch ebtree users to use new ebtree version - [CLEANUP] ebtree: remove old unused files - [BUG] definitely fix regparm issues between haproxy core and ebtree - [CLEANUP] ebtree: cast to char * to get rid of gcc warning - [BUILD] missing #ifndef in ebmbtree.h - [BUILD] missing #ifndef in ebsttree.h - [MINOR] tools: add hex2i() function to convert hex char to int - [MINOR] http: create new MSG_BODY sub-states - [BUG] stream_sock: BUF_INFINITE_FORWARD broke splice on 64-bit platforms - [DOC] option is "defer-accept", not "defer_accept" - [MINOR] http: keep pointer to beginning of data - [BUG] x-original-to: name was not set in default instance - [MINOR] http: detect tunnel mode and set it in the session - [BUG] config: fix error message when config file is not found - [BUG] config: fix wrong handling of too large argument count - [BUG] config: disable 'option httplog' on TCP proxies - [BUG] config: fix erroneous check on cookie domain names - [BUG] config: cookie domain was ignored in defaults sections - [MINOR] config: support passing multiple "domain" statements to cookies - [MINOR] ebtree: add functions to lookup non-null terminated strings - [MINOR] config: don't report error on all subsequent files on failure - [BUG] second fix for the printf format warning - [BUG] check_post: limit analysis to the buffer length - [MEDIUM] http: process request body in a specific analyser - [MEDIUM] backend: remove HTTP POST parsing from get_server_ph_post() - [MAJOR] http: completely process the "connection" header - [MINOR] http: only consider chunk encoding with HTTP/1.1 - [MAJOR] buffers: automatically compute the maximum buffer length - [MINOR] http: move the http transaction init/cleanup code to proto_http - [MINOR] http: move 1xx handling earlier to eliminate a lot of ifs - [MINOR] http: introduce a new synchronisation state : HTTP_MSG_DONE - [MEDIUM] http: rework chunk-size parser - [MEDIUM] http: add a new transaction flags indicating if we know the transfer length - [MINOR] buffers: add buffer_ignore() to skip some bytes - [BUG] http: offsets are relative to the buffer, not to ->som - [MEDIUM] http: automatically re-aling request buffer - [BUG] http: body parsing must consider the start of message - [MINOR] new function stream_int_cond_close() - [MAJOR] http: implement body parser - [BUG] http: typos on several unlikely() around header insertion - [BUG] stream_sock: wrong max computation on recv - [MEDIUM] http: rework the buffer alignment logic - [BUG] buffers: wrong size calculation for displaced data - [MINOR] stream_sock: prepare for closing when all pending data are sent - [MEDIUM] http: add two more states for the closing period - [MEDIUM] http: properly handle "option forceclose" - [MINOR] stream_sock: add SI_FL_NOLINGER for faster close - [MEDIUM] http: make forceclose use SI_FL_NOLINGER - [MEDIUM] session: set SI_FL_NOLINGER when aborting on write timeouts - [MEDIUM] http: add some SI_FL_NOLINGER around server errors - [MINOR] config: option forceclose is valid in frontends too - [BUILD] halog: insufficient include path in makefile - [MEDIUM] http: make the analyser not rely on msg being initialized anymore - [MEDIUM] http: make the parsers able to wait for a buffer flush - [MAJOR] http: add support for option http-server-close - [BUG] http: ensure we abort data transfer on write error - [BUG] last fix was overzealous and disabled server-close - [BUG] http: fix erroneous trailers size computation - [MINOR] stream_sock: enable MSG_MORE when forwarding finite amount of data - [OPTIM] http: set MSG_MORE on response when a pipelined request is pending - [BUG] http: redirects were broken by chunk changes - [BUG] http: the request URI pointer is relative to the buffer - [OPTIM] http: don't immediately enable reading on request - [MINOR] http: move redirect messages to HTTP/1.1 with a content-length - [BUG] http: take care of errors, timeouts and aborts during the data phase - [MINOR] http: don't wait for sending requests to the server - [MINOR] http: make the conditional redirect support keep-alive - [BUG] http: fix cookie parser to support spaces and commas in values - [MINOR] config: some options were missing for "redirect" - [MINOR] redirect: add support for unconditional rules - [MINOR] config: centralize proxy struct initialization - [MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements - [MEDIUM] config: remove the limitation of 10 config files - [CLEANUP] http: remove a remaining impossible condition - [OPTIM] http: optimize a bit the construct of the forward loops 2009/10/12 : 1.4-dev4 - [DOC] add missing rate_lim and rate_max - [MAJOR] struct chunk rework - [MEDIUM] Health check reporting code rework + health logging, v3 - [BUG] check if rise/fall has an argument and it is > 0 - [MINOR] health checks logging unification - [MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 - [MINOR] Allow dots in show-node & add "white-space: nowrap" in th.pxname. - [DOC] Add information about http://haproxy.1wt.eu/contrib.html - [MINOR] Introduce include/types/counters.h - [CLEANUP] Move counters to dedicated structures - [MINOR] Add "clear counters" to clear statistics counters - [MEDIUM] Collect & provide separate statistics for sockets, v2 - [BUG] Fix NULL pointer dereference in stats_check_uri_auth(), v2 - [MINOR] acl: don't report valid acls as potential mistakes - [MINOR] Add cut_crlf(), ltrim(), rtrim() and alltrim() - [MINOR] Add chunk_htmlencode and chunk_asciiencode - [MINOR] Capture & display more data from health checks, v2 - [BUG] task.c: don't assing last_timer to node-less entries - [BUG] http stats: large outputs sometimes got some parts chopped off - [MINOR] backend: export some functions to recount servers - [MINOR] backend: uninline some LB functions - [MINOR] include time.h from freq_ctr.h as is uses "now". - [CLEANUP] backend: move LB algos to individual files - [MINOR] lb_map: reorder code in order to ease integration of new hash functions - [CLEANUP] proxy: move last lb-specific bits to their respective files - [MINOR] backend: separate declarations of LB algos from their lookup method - [MINOR] backend: reorganize the LB algorithm selection - [MEDIUM] backend: introduce the "static-rr" LB algorithm - [MINOR] report list of supported pollers with -vv - [DOC] log-health-checks is an option, not a directive - [MEDIUM] new option "independant-streams" to stop updating read timeout on writes - [BUG] stats: don't call buffer_shutw(), but ->shutw() instead - [MINOR] stats: strip CR and LF from the input command line - [BUG] don't refresh timeouts late after detected activity - [MINOR] stats_dump_errors_to_buffer: use buffer_feed_chunk() - [MINOR] stats_dump_sess_to_buffer: use buffer_feed_chunk() - [MINOR] stats: make stats_dump_raw_to_buffer() use buffer_feed_chunk - [MEDIUM] stats: don't use s->ana_state anymore - [MINOR] remove now obsolete ana_state from the session struct - [MEDIUM] stats: make HTTP stats use an I/O handler - [MEDIUM] stream_int: adjust WAIT_ROOM handling - [BUG] config: look for ID conflicts in all sockets, not only last ones. - [MINOR] config: reference file and line with any listener/proxy/server declaration - [MINOR] config: report places of duplicate names or IDs - [MINOR] config: add pointer to file name in block/redirect/use_backend/monitor rules - [MINOR] tools: add a new get_next_id() function - [MEDIUM] config: automatically find unused IDs for proxies, servers and listeners - [OPTIM] counters: move some max numbers to the counters struct - [BUG] counters: fix segfault on missing counters for a listener - [MEDIUM] backend: implement consistent hashing variation - [MINOR] acl: add fe_conn, be_conn, queue, avg_queue - [MINOR] stats: use 'clear counters all' to clear all values - [MEDIUM] add access restrictions to the stats socket - [MINOR] buffers: add buffer_feed2() and make buffer_feed() measure string length - [MINOR] proxy: provide function to retrieve backend/server pointers - [MINOR] add the "initial weight" to the server struct. - [MEDIUM] stats: add the "get weight" command to report a server's weight - [MEDIUM] stats: add the "set weight" command - [BUILD] add a 'make tags' target - [MINOR] stats: add support for numeric IDs in set weight/get weight - [MINOR] stats: use a dedicated state to output static data - [OPTIM] stats: check free space before trying to print 2009/09/24 : 1.4-dev3 - [BUILD] compilation of haproxy-1.4-dev2 on FreeBSD - [MEDIUM] Collect & show information about last health check, v3 - [MINOR] export the hostname variable so that all the code can access it - [MINOR] stats: add a new node-name setting - [MEDIUM] remove old experimental tcpsplice option - [BUILD] fix build for systems without SOL_TCP - [MEDIUM] move connection establishment from backend to the SI. - [MEDIUM] make the global stats socket part of a frontend - [MEDIUM] session: account per-listener connections - [MINOR] session: switch to established state if no connect function - [MEDIUM] make the unix stats sockets use the generic session handler - [CLEANUP] unix: remove uxst_process_session() - [CLEANUP] move remaining stats sockets code to dumpstats - [MINOR] move the initial task's nice value to the listener - [MINOR] cleanup set_session_backend by using pre-computed analysers - [MINOR] set s->srv_error according to the analysers - [MEDIUM] set rep->analysers from fe and be analysers - [MEDIUM] replace BUFSIZE with buf->size in computations - [MEDIUM] make it possible to change the buffer size in the configuration - [MEDIUM] report error on buffer writes larger than buffer size - [MEDIUM] stream_interface: add and use ->update function to resync - [CLEANUP] remove ifdef MSG_NOSIGNAL and define it instead - [MEDIUM] remove TCP_CORK and make use of MSG_MORE instead - [BUG] tarpit did not work anymore - [MINOR] acl: add support for hdr_ip to match IP addresses in headers - [MAJOR] buffers: fix misuse of the BF_SHUTW_NOW flag - [MINOR] buffers: provide more functions to handle buffer data - [MEDIUM] buffers: provide new buffer_feed*() function - [MINOR] buffers: add peekchar and peekline functions for stream interfaces - [MINOR] buffers: provide buffer_si_putchar() to send a char from a stream interface - [BUG] buffer_forward() would not correctly consider data already scheduled - [MINOR] buffers: add buffer_cut_tail() to cut only unsent data - [MEDIUM] stream_interface: make use of buffer_cut_tail() to report errors - [MAJOR] http: add support for HTTP 1xx informational responses - [MINOR] buffers: inline buffer_si_putchar() - [MAJOR] buffers: split BF_WRITE_ENA into BF_AUTO_CONNECT and BF_AUTO_CLOSE - [MAJOR] buffers: fix the BF_EMPTY flag's meaning - [BUG] stream_interface: SI_ST_CLO must have buffers SHUT - [MINOR] stream_sock: don't set SI_FL_WAIT_DATA if BF_SHUTW_NOW is set - [MEDIUM] add support for infinite forwarding - [BUILD] stream_interface: fix conflicting declaration - [BUG] buffers: buffer_forward() must not always clear BF_OUT_EMPTY - [BUG] variable buffer size ignored at initialization time - [MINOR] ensure that buffer_feed() and buffer_skip() set BF_*_PARTIAL - [BUG] fix buffer_skip() and buffer_si_getline() to correctly handle wrap-arounds - [MINOR] stream_interface: add SI_FL_DONT_WAKE flag - [MINOR] stream_interface: add iohandler callback - [MINOR] stream_interface: add functions to support running as internal/external tasks - [MEDIUM] session: call iohandler for embedded tasks (applets) - [MINOR] add a ->private member to the stream_interface - [MEDIUM] stats: prepare the connection for closing before dumping - [MEDIUM] stats: replace the stats socket analyser with an SI applet 2009/08/09 : 1.4-dev2 - [BUG] task: fix possible crash when some timeouts are not configured - [BUG] log: option tcplog would log to global if no logger was defined 2009/07/29 : 1.4-dev1 - [MINOR] acl: add support for matching of RDP cookies - [MEDIUM] add support for RDP cookie load-balancing - [MEDIUM] add support for RDP cookie persistence - [MINOR] add a new CLF log format - [MINOR] startup: don't imply -q with -D - [BUG] ensure that we correctly re-start old process in case of error - [MEDIUM] add support for binding to source port ranges during connect - [MINOR] config: track "no option"/"option" changes - [MINOR] config: support resetting options do default values - [MEDIUM] implement option tcp-smart-accept at the frontend - [MEDIUM] stream_sock: implement tcp-cork for use during shutdowns on Linux - [MEDIUM] implement tcp-smart-connect option at the backend - [MEDIUM] add support for TCP MSS adjustment for listeners - [MEDIUM] support setting a server weight to zero - [MINOR] make DEFAULT_MAXCONN user-configurable at build time - [MAJOR] session: don't clear buffer status flags anymore - [MAJOR] session: only check for timeouts when they have just occurred. - [MAJOR] session: simplify buffer error handling - [MEDIUM] config: split parser and checker in two functions - [MEDIUM] config: support loading multiple configuration files - [MEDIUM] stream_sock: don't close prematurely when nolinger is set - [MEDIUM] session: rework buffer analysis to permit permanent analysers - [MEDIUM] splice: set the capability on each stream_interface - [BUG] http: redirect rules were processed too early - [CLEANUP] remove unused DEBUG_PARSE_NO_SPEEDUP define - [MEDIUM] http: split request waiter from request processor - [MEDIUM] session: tell analysers what bit they were called for - [MAJOR] http: complete splitting of the remaining stages - [MINOR] report in the proxies the requirements for ACLs - [MINOR] http: rely on proxy->acl_requires to allocate hdr_idx - [MINOR] acl: add HTTP protocol detection (req_proto_http) - [MINOR] prepare callers of session_set_backend to handle errors - [BUG] default ACLs did not properly set the ->requires flag - [MEDIUM] allow a TCP frontend to switch to an HTTP backend - [MINOR] ensure we can jump from swiching rules to http without data - [MINOR] http: take http request timeout from the backend - [MINOR] allow TCP inspection rules to make use of HTTP ACLs - [BUILD] report commit date and not author's date as build date - [MINOR] acl: don't complain anymore when using L7 acls in TCP - [BUG] stream_sock: always shutdown(SHUT_WR) before closing - [BUG] stream_sock: don't stop reading when the poller reports an error - [BUG] config: tcp-request content only accepts "if" or "unless" - [BUG] task: fix possible timer drift after update - [MINOR] apply tcp-smart-connect option for the checks too - [MINOR] stats: better displaying in MSIE - [MINOR] config: improve error reporting in global section - [MINOR] config: improve error reporting in listen sections - [MINOR] config: the "capture" keyword is not allowed in backends - [MINOR] config: improve error reporting when checking configuration - [BUILD] fix a minor build warning on AIX - [BUILD] use "git cmd" instead of "git-cmd" - [CLEANUP] report 2009 not 2008 in the copyright banner. - [MINOR] print usage on the stats sockets upon invalid commands - [MINOR] acl: detect and report potential mistakes in ACLs - [BUILD] fix incorrect printf arg count with tcp_splice - [BUG] fix random pauses on last segment of a series - [BUILD] add support for build under Cygwin 2009/06/09 : 1.4-dev0 - exact copy of 1.3.18 2009/05/10 : 1.3.18 - [MEDIUM] add support for "balance hdr(name)" - [CLEANUP] give a little bit more information in error message - [MINOR] add X-Original-To: header - [BUG] x-original-to: fix missing initialization to default value - [BUILD] spec file: fix broken pipe during rpmbuild and add man file - [MINOR] improve reporting of misplaced acl/reqxxx rules - [MEDIUM] http: add options to ignore invalid header names - [MEDIUM] http: capture invalid requests/responses even if accepted - [BUILD] add format(printf) to printf-like functions - [MINOR] fix several printf formats and missing arguments - [BUG] stats: total and lbtot are unsigned - [MINOR] fix a few remaining printf-like formats on 64-bit platforms - [CLEANUP] remove unused make option from haproxy.spec - [BUILD] make it possible to pass alternative arch at build time - [MINOR] switch all stat counters to 64-bit - [MEDIUM] ensure we don't recursively call pool_gc2() - [CRITICAL] uninitialized response field can sometimes cause crashes - [BUG] fix wrong pointer arithmetics in HTTP message captures - [MINOR] rhel init script : support the reload operation - [MINOR] add basic signal handling functions - [BUILD] add signal.o to all makefiles - [MEDIUM] call signal_process_queue from run_poll_loop - [MEDIUM] pollers: don't wait if a signal is pending - [MEDIUM] convert all signals to asynchronous signals - [BUG] O(1) pollers should check their FD before closing it - [MINOR] don't close stdio fds twice - [MINOR] add options dontlog-normal and log-separate-errors - [DOC] minor fixes and rearrangements - [BUG] fix parser crash on unconditional tcp content rules - [DOC] rearrange the configuration manual and add a summary - [MINOR] standard: provide a new 'my_strndup' function - [MINOR] implement per-logger log level limitation - [MINOR] compute the max of sessions/s on fe/be/srv - [MINOR] stats: report max sessions/s and limit in CSV export - [MINOR] stats: report max sessions/s and limit in HTML stats - [MINOR] stats/html: use the arial font before helvetica 2009/03/29 : 1.3.17 - Update specfile to build for v2.6 kernel. - [BUG] reset the stream_interface connect timeout upon connect or error - [BUG] reject unix accepts when connection limit is reached - [MINOR] show sess: report number of calls to each task - [BUG] don't call epoll_ctl() on closed sockets - [BUG] stream_sock: disable I/O on fds reporting an error - [MINOR] sepoll: don't count two events on the same FD. - [MINOR] show sess: report a lot more information about sessions - [BUG] stream_sock: check for shut{r,w} before refreshing some timeouts - [BUG] don't set an expiration date directly from now_ms - [MINOR] implement ulltoh() to write HTML-formatted numbers - [MINOR] stats/html: group digits by 3 to clarify numbers - [BUILD] remove haproxy-small.spec - [BUILD] makefile: remove unused references to linux24eold and EPOLL_CTL_WORKAROUND 2009/03/22 : 1.3.16 - [BUILD] Fixed Makefile for linking pcre - [CONTRIB] selinux policy for haproxy - [MINOR] show errors: encode backslash as well as non-ascii characters - [MINOR] cfgparse: some cleanups in the consistency checks - [MINOR] cfgparse: set backends to "balance roundrobin" by default - [MINOR] tcp-inspect: permit the use of no-delay inspection - [MEDIUM] reverse internal proxy declaration order to match configuration - [CLEANUP] config: catch and report some possibly wrong rule ordering - [BUG] connect timeout is in the stream interface, not the buffer - [BUG] session: errors were not reported in termination flags in TCP mode - [MINOR] tcp_request: let the caller take care of errors and timeouts - [CLEANUP] http: remove some commented out obsolete code in process_response - [MINOR] update ebtree to version 4.1 - [MEDIUM] scheduler: get rid of the 4 trees thanks and use ebtree v4.1 - [BUG] sched: don't leave 3 lasts tasks unprocessed when niced tasks are present - [BUG] scheduler: fix improper handling of duplicates __task_queue() - [MINOR] sched: permit a task to stay up between calls - [MINOR] task: keep a task count and clean up task creators - [MINOR] stats: report number of tasks (active and running) - [BUG] server check intervals must not be null - [OPTIM] stream_sock: don't retry to read after a large read - [OPTIM] buffer: new BF_READ_DONTWAIT flag reduces EAGAIN rates - [MEDIUM] session: don't resync FSMs on non-interesting changes - [BUG] check for global.maxconn before doing accept() - [OPTIM] sepoll: do not re-check whole list upon accepts 2009/03/09 : 1.3.16-rc2 - [BUG] stream_sock: write timeout must be updated when forwarding ! 2009/03/09 : 1.3.16-rc1 - appsessions: cleanup DEBUG_HASH and initialize request_counter - [MINOR] acl: add new keyword "connslots" - [MINOR] cfgparse: fix off-by 2 in error message size - [BUILD] fix build with gcc 4.3 - [BUILD] fix MANDIR default location to match documentation - [TESTS] add a debug patch to help trigger the stats bug - [BUG] Flush buffers also where there are exactly 0 bytes left - [MINOR] Allow to specify a domain for a cookie - [BUG/CLEANUP] cookiedomain -> cookie_domain rename + free(p->cookie_domain) - [MEDIUM] Fix memory freeing at exit - [MEDIUM] Fix memory freeing at exit, part 2 - [BUG] Fix listen & more of 2 couples : - [DOC] remove buggy comment for use_backend - [CRITICAL] fix server state tracking: it was O(n!) instead of O(n) - [MEDIUM] add support for URI hash depth and length limits - [MINOR] permit renaming of x-forwarded-for header - [BUILD] fix Makefile.bsd and Makefile.osx for stream_interface - [BUILD] Haproxy won't compile if DEBUG_FULL is defined - [MEDIUM] upgrade to ebtree v4.0 - [DOC] update the README file with new build options - [MEDIUM] reduce risk of event starvation in ev_sepoll - [MEDIUM] detect streaming buffers and tag them as such - [MEDIUM] add support for conditional HTTP redirection - [BUILD] make install should depend on haproxy not "all" - [DEBUG] add a TRACE macro to facilitate runtime data extraction - [BUG] event pollers must not wait if a task exists in the run queue - [BUG] queue management: wake oldest request in queues - [BUG] log: reported queue position was offed-by-one - [BUG] fix the dequeuing logic to ensure that all requests get served - [DOC] documentation for the "retries" parameter was missing. - [MEDIUM] implement a monotonic internal clock - [MEDIUM] further improve monotonic clock by check forward jumps - [OPTIM] add branch prediction hints in list manipulations - [MAJOR] replace ultree with ebtree in wait-queues - [BUG] we could segfault during exit while freeing uri_auths - [BUG] wqueue: perform proper timeout comparisons with wrapping values - [MINOR] introduce now_ms, the current date in milliseconds - [BUG] disable buffer read timeout when reading stats - [MEDIUM] rework the wait queue mechanism - [BUILD] change declaration of base64tab to fix build with Intel C++ - [OPTIM] shrink wake_expired_tasks() by using task_wakeup() - [MAJOR] use an ebtree instead of a list for the run queue - [MEDIUM] introduce task->nice and boot access to statistics - [OPTIM] task_queue: assume most consecutive timers are equal - [BUILD] silent a warning in unlikely() with gcc 4.x - [MAJOR] convert all expiration timers from timeval to ticks - [BUG] use_backend would not correctly consider "unless" - [TESTS] added test-acl.cfg to test some ACL combinations - [MEDIUM] add support for configuration keyword registration - [MEDIUM] modularize the global "stats" keyword configuration parser - [MINOR] cfgparse: add support for warnings in external functions - [MEDIUM] modularize the "timeout" keyword configuration parser - [MAJOR] implement tcp request content inspection - [MINOR] acl: add a new parsing function: parse_dotted_ver - [MINOR] acl: add req_ssl_ver in TCP, to match an SSL version - [CLEANUP] remove unused include/types/client.h - [CLEANUP] remove many #include from C files - [CLEANUP] remove dependency on obsolete INTBITS macro - [DOC] document the new "tcp-request" keyword and associated ACLs - [MINOR] acl: add REQ_CONTENT to the list of default acls - [MEDIUM] acl: permit fetch() functions to set the result themselves - [MEDIUM] acl: get rid of dummy values in always_true/always_false - [MINOR] acl: add the "wait_end" acl verb - [MEDIUM] acl: enforce ACL type checking - [MEDIUM] acl: set types on all currently known ACL verbs - [MEDIUM] acl: when possible, report the name and requirements of ACLs in warnings - [CLEANUP] remove 65 useless NULL checks before free - [MEDIUM] memory: update pool_free2() to support NULL pointers - [MEDIUM] buffers: ensure buffer_shut* are properly called upon shutdowns - [MEDIUM] process_srv: rely on buffer flags for client shutdown - [MEDIUM] process_srv: don't rely at all on client state - [MEDIUM] process_cli: don't rely at all on server state - [BUG] fix segfault with url_param + check_post - [BUG] server timeout was not considered in some circumstances - [BUG] client timeout incorrectly rearmed while waiting for server - [MAJOR] kill CL_STINSPECT and CL_STHEADERS (step 1) - [MAJOR] get rid of SV_STANALYZE (step 2) - [MEDIUM] simplify and centralize request timeout cancellation and request forwarding - [MAJOR] completely separate HTTP and TCP states on the request path - [BUG] fix recently introduced loop when client closes early - [MAJOR] get rid of the SV_STHEADERS state - [MAJOR] better separation of response processing and server state - [MAJOR] clearly separate HTTP response processing from TCP server state - [MEDIUM] remove unused references to {CL|SV}_STSHUT* - [MINOR] term_trace: add better instrumentations to trace the code - [BUG] ev_sepoll: closed file descriptors could persist in the spec list - [BUG] process_response must not enable the read FD - [BUG] buffers: remove BF_MAY_CONNECT and fix forwarding issue - [BUG] process_response: do not touch srv_state - [BUG] maintain_proxies must not disable backends - [CLEANUP] get rid of BF_SHUT*_PENDING - [MEDIUM] buffers: add BF_EMPTY and BF_FULL to remove dependency on req/rep->l - [MAJOR] process_session: rely only on buffer flags - [MEDIUM] use buffer->wex instead of buffer->cex for connect timeout - [MEDIUM] centralize buffer timeout checks at the top of process_session - [MINOR] ensure the termination flags are set by process_xxx - [MEDIUM] session: move the analysis bit field to the buffer - [OPTIM] process_cli/process_srv: reduce the number of tests - [BUG] regparm is broken on gcc < 3 - [BUILD] fix warning in proto_tcp.c with gcc >= 4 - [MEDIUM] merge inspect_exp and txn->exp into request buffer - [BUG] process_cli/process_srv: don't call shutdown when already done - [BUG] process_request: HTTP body analysis must return zero if missing data - [TESTS] test-fsm: 22 regression tests for state machines - [BUG] Fix empty X-Forwarded-For header name when set in defaults section - [BUG] fix harmless but wrong fd insertion sequence - [MEDIUM] make it possible for analysers to follow the whole session - [MAJOR] rework of the server FSM - [OPTIM] remove useless fd_set(read) upon shutdown(write) - [MEDIUM] massive cleanup of process_srv() - [MEDIUM] second level of code cleanup for process_srv_data - [MEDIUM] third cleanup and optimization of process_srv_data() - [MEDIUM] process_srv_data: ensure that we always correctly re-arm timeouts - [MEDIUM] stream_sock_process_data moved to stream_sock.c - [MAJOR] make the client side use stream_sock_process_data() - [MEDIUM] split stream_sock_process_data - [OPTIM] stream_sock_read must check for null-reads more often - [MINOR] only call flow analysers when their read side is connected. - [MEDIUM] reintroduce BF_HIJACK with produce_content - [MINOR] re-arrange buffer flags and rename some of them - [MINOR] do not check for BF_SHUTR when computing write timeout - [OPTIM] ev_sepoll: detect newly created FDs and check them once - [OPTIM] reduce the number of calls to task_wakeup() - [OPTIM] force inlining of large functions with gcc >= 3 - [MEDIUM] indicate a reason for a task wakeup - [MINOR] change type of fdtab[]->owner to void* - [MAJOR] make stream sockets aware of the stream interface - [MEDIUM] stream interface: add the ->shutw method as well as in and out buffers - [MEDIUM] buffers: add BF_READ_ATTACHED and BF_ANA_TIMEOUT - [MEDIUM] process_session: make use of the new buffer flags - [CLEANUP] process_session: move debug outputs out of the critical loop - [MEDIUM] move QUEUE and TAR timers to stream interfaces - [OPTIM] add compiler hints in tick_is_expired() - [MINOR] add buffer_check_timeouts() to check what timeouts have fired. - [MEDIUM] use buffer_check_timeouts instead of stream_sock_check_timeouts() - [MINOR] add an expiration flag to the stream_sock_interface - [MAJOR] migrate the connection logic to stream interface - [MAJOR] add a connection error state to the stream_interface - [MEDIUM] add the SN_CURR_SESS flag to the session to track open sessions - [MEDIUM] continue layering cleanups. - [MEDIUM] stream_interface: added a DISconnected state between CON/EST and CLO - [MEDIUM] remove stream_sock_update_data() - [MINOR] maintain a global session list in order to ease debugging - [BUG] shutw must imply close during a connect - [MEDIUM] process shutw during connection attempt - [MEDIUM] make the stream interface control the SHUT{R,W} bits - [MAJOR] complete layer4/7 separation - [CLEANUP] move the session-related functions to session.c - [MINOR] call session->do_log() for logging - [MINOR] replace the ambiguous client_return function by stream_int_return - [MINOR] replace client_retnclose() with stream_int_retnclose() - [MINOR] replace srv_close_with_err() with http_server_error() - [MEDIUM] make the http server error function a pointer in the session - [CLEANUP] session.c: removed some migration left-overs in sess_establish() - [MINOR] stream_sock_data_finish() should not expose fd - [MEDIUM] extract TCP request processing from HTTP - [MEDIUM] extract the HTTP tarpit code from process_request(). - [MEDIUM] move the HTTP request body analyser out of process_request(). - [MEDIUM] rename process_request to http_process_request - [BUG] fix forgotten server session counter - [MINOR] declare process_session in session.h, not proto_http.h - [MEDIUM] first pass of lifting to proto_uxst.c:uxst_event_accept() - [MINOR] add an analyser code for UNIX stats request - [MINOR] pre-set analyser flags on the listener at registration time - [BUG] do not forward close from cons to prod with analysers - [MEDIUM] ensure that sock->shutw() also closes read for init states - [MINOR] add an analyser state in struct session - [MAJOR] make unix sockets work again with stats - [MEDIUM] remove cli_fd, srv_fd, cli_state and srv_state from the session - [MINOR] move the listener reference from fd to session - [MEDIUM] reference the current hijack function in the buffer itself - [MINOR] slightly rebalance stats_dump_{raw,http} - [MINOR] add a new back-reference type : struct bref - [MINOR] add back-references to sessions for later use by a dumper. - [MEDIUM] add support for "show sess" in unix stats socket - [BUG] do not release the connection slot during a retry - [BUG] dynamic connection throttling could return a max of zero conns - [BUG] do not try to pause backends during reload - [BUG] ensure that listeners from disabled proxies are correctly unbound. - [BUG] acl-related keywords are not allowed in defaults sections - [BUG] cookie capture is declared in the frontend but checked on the backend - [BUG] critical errors should be reported even in daemon mode - [MINOR] redirect: add support for the "drop-query" option - [MINOR] redirect: add support for "set-cookie" and "clear-cookie" - [MINOR] redirect: in prefix mode a "/" means not to change the URI - [BUG] do not dequeue requests on a dead server - [BUG] do not dequeue the backend's pending connections on a dead server - [MINOR] stats: indicate if a task is running in "show sess" - [BUG] check timeout must not be changed if timeout.check is not set - [BUG] "option transparent" is for backend, not frontend ! - [MINOR] transfer errors were not reported anymore in data phase - [MEDIUM] add a send limit to a buffer - [MEDIUM] don't report buffer timeout when there is I/O activity - [MEDIUM] indicate when we don't care about read timeout - [MINOR] add flags to indicate when a stream interface is waiting for space/data - [MEDIUM] enable inter-stream_interface wakeup calls - [MAJOR] implement autonomous inter-socket forwarding - [MINOR] add the splice_len member to the buffer struct in preparation of splice support - [MEDIUM] stream_sock: factor out the return path in case of no-writes - [MEDIUM] i/o: rework ->to_forward and ->send_max - [OPTIM] stream_sock: do not ask for polling on EAGAIN if we have read - [OPTIM] buffer: replace rlim by max_len - [OPTIM] stream_sock: factor out the buffer full handling out of the loop - [CLEANUP] replace a few occurrences of (flags & X) && !(flags & Y) - [CLEANUP] stream_sock: move the write-nothing condition out of the loop - [MEDIUM] split stream_sock_write() into callback and core functions - [MEDIUM] stream_sock_read: call ->chk_snd whenever there are data pending - [MINOR] stream_sock: fix a few wrong empty calculations - [MEDIUM] stream_sock: try to send pending data on chk_snd() - [MINOR] global.maxpipes: add the ability to reserve file descriptors for pipes - [MEDIUM] splice: add configuration options and set global.maxpipes - [MINOR] introduce structures required to support Linux kernel splicing - [MEDIUM] add definitions for Linux kernel splicing - [MAJOR] complete support for linux 2.6 kernel splicing - [BUG] reserve some pipes for backends with splice enabled - [MEDIUM] splice: add hints to support older buggy kernels - [MEDIUM] introduce pipe pools - [MEDIUM] splice: make use of pipe pools - [STATS] report pipe usage in the statistics - [OPTIM] make global.maxpipes default to global.maxconn/4 when not specified - [BUILD] fix snapshot date extraction with negative timezones - [MEDIUM] move global tuning options to the global structure - [MEDIUM] splice: add the global "nosplice" option - [BUILD] add USE_LINUX_SPLICE to enable LINUX_SPLICE on linux 2.6 - [BUG] we must not exit if protocol binding only returns a warning - [MINOR] add support for bind interface name - [BUG] inform the user when root is expected but not set - [MEDIUM] add support for source interface binding - [MEDIUM] add support for source interface binding at the server level - [MEDIUM] implement bind-process to limit service presence by process - [DOC] document maxpipes, nosplice, option splice-{auto,request,response} - [DOC] filled the logging section of the configuration manual - [DOC] document HTTP status codes - [DOC] document a few missing info about errorfile - [BUG] fix random memory corruption using "show sess" - [BUG] fix unix socket processing of interrupted output - [DOC] add diagrams of queuing and future ACL design - [BUILD] proto_http did not build on gcc-2.95 - [BUG] the "source" keyword must first clear optional settings - [BUG] global.tune.maxaccept must be limited even in mono-process mode - [MINOR] ensure that http_msg_analyzer updates pointer to invalid char - [MEDIUM] store a complete dump of request and response errors in proxies - [MEDIUM] implement error dump on unix socket with "show errors" - [DOC] document "show errors" - [MINOR] errors dump must use user-visible date, not internal date. - [MINOR] time: add __usec_to_1024th to convert usecs to 1024th of second - [MINOR] add curr_sec_ms and curr_sec_ms_scaled for current second. - [MEDIUM] measure and report session rate on frontend, backends and servers - [BUG] the "connslots" keyword was matched as "connlots" - [MINOR] acl: add 2 new verbs: fe_sess_rate and be_sess_rate - [MEDIUM] implement "rate-limit sessions" for the frontend - [BUG] interface binding: length must include the trailing zero - [BUG] typo in timeout error reporting : report *res and not *err - [OPTIM] maintain_proxies: only wake up when the frontend will be ready - [OPTIM] rate-limit: cleaner behaviour on low rates and reduce consumption - [BUG] switch server-side stream interface to close in case of abort - [CLEANUP] remove last references to term_trace - [OPTIM] freq_ctr: do not rotate the counters when reading - [BUG] disable any analysers for monitoring requests - [BUG] rate-limit in defaults section was ignored - [BUG] task: fix handling of duplicate keys - [OPTIM] task: don't unlink a task from a wait queue when waking it up - [OPTIM] displace tasks in the wait queue only if absolutely needed - [MEDIUM] minor update to the task api: let the scheduler queue itself - [BUG] event_accept() must always wake the task up, even in health mode - [CLEANUP] task: distinguish between clock ticks and timers - [OPTIM] task: reduce the number of calls to task_queue() - [OPTIM] do not re-check req buffer when only response has changed - [CLEANUP] don't enable kernel splicing when socket is closed - [CLEANUP] buffer_flush() was misleading, rename it as buffer_erase - [MINOR] buffers: implement buffer_flush() - [MEDIUM] rearrange forwarding condition to enable splice during analysis - [BUILD] build fixes for Solaris - [BUILD] proto_http did not build on gcc-2.95 (again) - [CONTRIB] halog: fast log parser for haproxy - [CONTRIB] halog: faster fgets() and add support for percentile reporting 2008/04/19 : 1.3.15 - [BUILD] Added support for 'make install' - [BUILD] Added 'install-man' make target for installing the man page - [BUILD] Added 'install-bin' make target - [BUILD] Added 'install-doc' make target - [BUILD] Removed "/" after '$(DESTDIR)' in install targets - [BUILD] Changed 'install' target to install the binaries first - [BUILD] Replace hardcoded 'LD = gcc' with 'LD = $(CC)' - [MEDIUM]: Inversion for options - [MEDIUM]: Count retries and redispatches also for servers, fix redistribute_pending, extend logs, %d->%u cleanup - [BUG]: Restore clearing t->logs.bytes - [MEDIUM]: rework checks handling - [DOC] Update a "contrib" file with a hint about a scheme used for formathing subjects - [MEDIUM] Implement "track [/]" - [MINOR] Implement persistent id for proxies and servers - [BUG] Don't increment server connections too much + fix retries - [MEDIUM]: Prevent redispatcher from selecting the same server, version #3 - [MAJOR] proto_uxst rework -> SNMP support - [BUG] appsession lookup in URL does not work - [BUG] transparent proxy address was ignored in backend - [BUG] hot reconfiguration failed because of a wrong error check - [DOC] big update to the configuration manual - [DOC] large update to the configuration manual - [DOC] document more options - [BUILD] major rework of the GNU Makefile - [STATS] add support for "show info" on the unix socket - [DOC] document options forwardfor to logasap - [MINOR] add support for the "backlog" parameter - [OPTIM] introduce global parameter "tune.maxaccept" - [MEDIUM] introduce "timeout http-request" in frontends - [MINOR] tarpit timeout is also allowed in backends - [BUG] increment server connections for each connect() - [MEDIUM] add a turn-around state of one second after a connection failure - [BUG] fix typo in redispatched connection - [DOC] document options nolinger to ssl-hello-chk - [DOC] added documentation for "option tcplog" to "use_backend" - [BUG] connect_server: server might not exist when sending error report - [MEDIUM] support fully transparent proxy on Linux (USE_LINUX_TPROXY) - [MEDIUM] add non-local bind to connect() on Linux - [MINOR] add transparent proxy support for balabit's Tproxy v4 - [BUG] use backend's source and not server's source with tproxy - [BUG] fix overlapping server flags - [MEDIUM] fix server health checks source address selection - [BUG] build failed on CONFIG_HAP_LINUX_TPROXY without CONFIG_HAP_CTTPROXY - [DOC] added "server", "source" and "stats" keywords - [DOC] all server parameters have been documented - [DOC] document all req* and rsp* keywords. - [DOC] added documentation about HTTP header manipulations - [BUG] log response byte count, not request - [BUILD] code did not build in full debug mode - [BUG] fix truncated responses with sepoll - [MINOR] use s->frt_addr as the server's address in transparent proxy - [MINOR] fix configuration hint about timeouts - [DOC] minor cleanup of the doc and notice to contributors - [MINOR] report correct section type for unknown keywords. - [BUILD] update MacOS Makefile to build on newer versions - [DOC] fix erroneous "useallbackups" option in the doc - [DOC] applied small fixes from early readers - [MINOR] add configuration support for "redir" server keyword - [MEDIUM] completely implement the server redirection method - [TESTS] add a test case for the server redirection mechanism - [DOC] add a configuration entry for "server ... redir " - [BUILD] backend.c and checks.c did not build without tproxy ! - Revert "[BUILD] backend.c and checks.c did not build without tproxy !" - [BUILD] backend.c and checks.c did not build without tproxy ! - [OPTIM] used unsigned ints for HTTP state and message offsets - [OPTIM] GCC4's builtin_expect() is suboptimal - [BUG] failed conns were sometimes incremented in the frontend! - [BUG] timeout.check was not pre-set to eternity - [TESTS] add test-pollers.cfg to easily report pollers in use - [BUG] do not apply timeout.connect in checks if unset - [BUILD] ensure that makefile understands USE_DLMALLOC=1 - [MINOR] silent gcc for a wrong warning - [CLEANUP] update .gitignore to ignore more temporary files - [CLEANUP] report dlmalloc's source path only if explictly specified - [BUG] str2sun could leak a small buffer in case of error during parsing - [BUG] option allbackups was not working anymore in roundrobin mode - [MAJOR] implementation of the "leastconn" load balancing algorithm - [BUILD] ensure that users don't build without setting the target anymore. - [DOC] document the leastconn LB algo - [MEDIUM] fix stats socket limitation to 16 kB - [DOC] fix unescaped space in httpchk example. - [BUG] fix double-decrement of server connections - [TESTS] add a test case for port mapping - [TESTS] add a benchmark for integer hashing - [TESTS] add new methods in ip-hash test file - [MAJOR] implement parameter hashing for POST requests 2007/12/06 : 1.3.14 - New option http_proxy (Alexandre Cassen) - add support for "maxqueue" to limit server queue overload (Elijah Epifanov) - Check for duplicated conflicting proxies (Krzysztof Oledzki) - stats: report server and backend cumulated downtime (Krzysztof Oledzki) - use backends only with use_backend directive (Krzysztof Oledzki) - Handle long lines properly (Krzysztof Oledzki) - Implement and use generic findproxy and relax duplicated proxy check (Krzysztof Oledzki) - continous statistics (Krzysztof Oledzki) - add support for logging via a UNIX socket (Robert Tsai) - fix error checking in strl2ic/strl2uic() - fix calls to localtime() - provide easier-to-use ultoa_* functions - provide easy-to-use limit_r and LIM2A* macros - add a simple test for the status page - move error codes to common/errors.h - silent warning about LIST_* being redefined on OpenBSD - add socket address length to the protocols - group PR_O_BALANCE_* bits into a checkable value - externalize the "balance" option parser to backend.c - introduce the "url_param" balance method - make default_backend work in TCP mode too - disable warning about localtime_r on Solaris - adjust error messages about conflicting proxies - avoid calling some layer7 functions if not needed - simplify error path in event_accept() - add an options field to the listeners - added a new state to listeners - unbind_listener() must use fd_delete() and not close() - add a generic unbind_listener() primitive - add a generic delete_listener() primitive - add a generic unbind_all_listeners() primitive - create proto_tcp and move initialization of proxy listeners - stats: report numerical process ID, proxy ID and server ID - relative_pid was not initialized - missing header names in raw stats output - fix missing parenthesis in check_response_for_cacheability - small optimization on session_process_counters() - merge ebtree version 3.0 - make ebtree headers multiple-include compatible - ebtree: include config.h for REGPRM* - differentiate between generic LB params and map-specific ones - add a weight divisor to the struct proxy - implement the Fast Weighted Round Robin (FWRR) algo - include filltab25.c to experiment on FWRR for dynamic weights - merge test-fwrr.cfg to validate dynamic weights - move the load balancing algorithm to be->lbprm.algo - change server check result to a bit field - implement "http-check disable-on-404" for graceful shutdown - secure the calling conditions of ->set_server_status_{up,down} - report disabled servers as "NOLB" when they are still UP - document the "http-check disable-on-404" option - http-check disable-on-404 is not limited to HTTP mode - add a test file for disable-on-404 - use distinct bits per load-balancing algorithm type - implement the slowstart parameter for servers - document the server's slowstart parameter - stats: report the server warm up status in a "throttle" column - fix 2 minor issues on AIX - add the "nbsrv" ACL verb - add the "fail" condition to monitor requests - remove a warning from gcc due to htons() in standard.c - fwrr: ensure that we never overflow in placements - store the build options to report with -vv - fix the status return of the init script (R.I. Pienaar) - stats: real time monitoring script for unix socket (Prizee) - document "nbsrv" and "monitor fail" - restrict the set of allowed characters for identifiers - implement a time parsing function - add support for time units in the configuration - add a bit of documentation about timers - introduce separation between contimeout, and tarpit + queue - introduce the "timeout" keyword - grouped all timeouts in one structure - slowstart is in ms, not seconds - slowstart: ensure we don't start with a null weight - report the number of times each server was selected - fix build on AIX due to recent log changes - fix build on Solaris due to recent log changes 2007/10/18 : 1.3.13 - replace the code under O'Reilly license (Arnaud Cornet) - add a small man page (Arnaud Cornet) - stats: report haproxy's version by default (Krzysztof Oledzki) - stats: count server retries and redispatches (Krzysztof Oledzki) - core: added easy support for Doug Lea's malloc (dlmalloc) - core: fade out memory usage when stopping proxies - core: moved the sockaddr pointer to the fdtab structure - core: add generic protocol support - core: implement client-side support for PF_UNIX sockets - stats: implement the CSV output - stats: add a link to the CSV export HTML page - stats: implement the statistics output on a unix socket - config: introduce the "stats" keyword in global section - build: centralize version and date into one file for each - tests: added a new hash algorithm 2007/10/18 : 1.3.12.3 - add the "nolinger" option to disable data lingering (Alexandre Cassen) - fix double-free during clean exit (Krzysztof Oledzki) - prevent the system from sending an RST when closing health-checks (Krzysztof Oledzki) - do not add a cache-control header when on non-cacheable responses (Krzysztof Oledzki) - spread health checks even more (Krzysztof Oledzki) - stats: scope "." must match the backend and not the frontend - fixed call to chroot() during startup - fix wrong timeout computation in event_accept() - remove condition for exit() under fork() failure 2007/09/20 : 1.3.12.2 - fix configuration sanity checks for TCP listeners - set the log socket receive window to zero bytes - pre-initialize timeouts to infinity, not zero - fix the SIGHUP message not to alert on server-less proxies - timeouts and retries could be ignored when switching backend - added a file to check that "retries" works. - O'Reilly has clarified its license 2007/09/05 : 1.3.12.1 - spec I/O: fix allocations of spec entries for an FD - ensure we never overflow in chunk_printf() - improve behaviour with large number of servers per proxy - add support for "stats refresh " - stats page: added links for 'refresh' and 'hide down' - fix backend's weight in the stats page. - the "stats" keyword is not allowed in a pure frontend. - provide a test configuration file for stats and checks 2007/06/17 : 1.3.12 - fix segfault at exit when using captures - bug: negation in ACL conds was not cleared between terms - errorfile: use a local file to feed error messages - acl: support '-i' to ignore case when matching - acl: smarter integer comparison with operators eq,lt,gt,le,ge - acl: support maching on 'path' component - acl: implement matching on header values - acl: distinguish between request and response headers - acl: permit to return any header when no name specified - acl: provide default ACLs - added the 'use_backend' keyword for full content-switching - acl: specify the direction during fetches - acl: provide the argument length for fetch functions - acl: provide a reference to the expr to fetch() - improve memory freeing upon exit - str2net() must not change the const char * - shut warnings 'is*' macros from ctype.h on solaris 2007/06/03 : 1.3.11.4 - do not re-arm read timeout in SHUTR state ! - optimize I/O by detecting system starvation - the epoll FD must not be shared between processes - limit the number of events returned by *poll* 2007/05/14 : 1.3.11.3 - pre-initialize timeouts with tv_eternity during parsing 2007/05/14 : 1.3.11.2 - fixed broken health-checks since switch to timeval 2007/05/14 : 1.3.11.1 - fixed ev_kqueue which was forgotten during the switch to timeval - allowed null timeouts for past events in select 2007/05/14 : 1.3.11 - fixed ev_sepoll again by rewriting the state machine - switched all timeouts to timevals instead of milliseconds - improved memory management using mempools v2. - several minor optimizations 2007/05/09 : 1.3.10.2 - fixed build on OpenBSD (missing types.h) 2007/05/09 : 1.3.10.1 - fixed sepoll transition matrix (two states were missing) 2007/05/08 : 1.3.10 - several fixes in ev_sepoll - fixed some expiration dates on some tasks - fixed a bug in connection establishment detection due to speculative I/O - fixed rare bug occuring on TCP with early close (reported by Andy Smith) - implemented URI hashing algorithm (Guillaume Dallaire) - implemented SMTP health checks (Peter van Dijk) - replaced the rbtree with ul2tree from old scheduler project - new framework for generic ACL support - added the 'acl' and 'block' keywords to the config language - added several ACL criteria and matches (IP, port, URI, ...) - cleaned up and better modularization for some time functions - fixed list macros - fixed useless memory allocation in str2net() - store the original destination address in the session 2007/04/15 : 1.3.9 - modularized the polling mechanisms and use function pointers instead of macros at many places - implemented support for FreeBSD's kqueue() polling mechanism - fixed a warning on OpenBSD : MIN/MAX redefined - change socket registration order at startup to accomodate kqueue. - several makefile cleanups to support old shells - fix build with limits.h once for all - ev_epoll: do not rely on fd_sets anymore, use changes stacks instead. - fdtab now holds the results of polling - implemented support for speculative I/O processing with epoll() - remove useless calls to shutdown(SHUT_RD), resulting in small speed boost - auto-registering of pollers at load time 2007/04/03 : 1.3.8.2 - rewriting either the status line or request line could crash the process due to a pointer which ought to be reset before parsing. - rewriting the status line in the response did not work, it caused a 502 Bad Gateway due to an erroneous state during parsing 2007/04/01 : 1.3.8.1 - fix reqadd when no option httpclose is used. - removed now unused fiprm and beprm from proxies - split logs into two versions : TCP and HTTP - added some docs about http headers storage and acls - added a VIM script for syntax color highlighting (Bruno Michel) 2007/03/25 : 1.3.8 - fixed several bugs which might have caused a crash with bad configs - several optimizations in header processing - many progresses towards transaction-based processing - option forwardfor may be used in frontends - completed HTTP response processing - some code refactoring between request and response processing - new HTTP header manipulation functions - optimizations on the recv() patch to reduce CPU usage under very high data rates. - more user-friendly help about the 'usesrc' keyword (CTTPROXY) - username/groupname support from Marcus Rueckert - added the "except" keyword to the "forwardfor" option (Bryan German) - support for health-checks on other addresses (Fabrice Dulaunoy) - makefile for MacOS 10.4 / Darwin (Dan Zinngrabe) - do not insert "Connection: close" in HTTP/1.0 messages 2007/01/26 : 1.3.7 - fix critical bug introduced with 1.3.6 : an empty request header may lead to a crash due to missing pointer assignment - hdr_idx might be left uninitialized in debug mode - fixed build on FreeBSD due to missing fd_set declaration 2007/01/22 : 1.3.6.1 - change in the header chaining broke cookies and authentication 2007/01/22 : 1.3.6 - stats now support the HEAD method too - extracted http request from the session - huge rework of the HTTP parser which is now a 28-state FSM. - linux-style likely/unlikely macros for optimization hints - do not create a server socket when there's no server - imported lots of docs 2007/01/07 : 1.3.5 - stats: swap color sets for active and backup servers - try to guess server check port when unset - added complete support and doc for TCP Splicing - replace the wait-queue linked list with an rbtree. - a few bugfixes and cleanups 2007/01/02 : 1.3.4 - support for cttproxy on the server side to present the client address to the server. - added support for SO_REUSEPORT on Linux (needs kernel patch) - new RFC2616-compliant HTTP request parser with header indexing - split proxies in frontends, rulesets and backends - implemented the 'req[i]setbe' to select a backend depending on the contents - added the 'default_backend' keyword to select a default BE. - new stats page featuring FEs and BEs + bytes in both dirs - improved log format to indicate the backend and the time in ms. - lots of cleanups 2006/10/15 : 1.3.3 - fix broken redispatch option in case the connection has already been marked "in progress" (ie: nearly always). - support regparm on x86 to speed up some often called functions - removed a few useless calls to gettimeofday() in log functions. - lots of 'const char*' cleanups - turn every FD_* into functions which are faster on recent CPUs 2006/09/03 : 1.3.2 - started the changes towards I/O completion callbacks. stream_sock* have replaced event_*. - added the new "reqtarpit" and "reqitarpit" protection features 2006/07/09 : 1.3.1 (1.2.15) - now, haproxy warns about missing timeout during startup to try to eliminate all those buggy configurations. - added "Content-Type: text/html" in responses wherever appropriate, as suggested by Cameron Simpson. - implemented "option ssl-hello-chk" to use SSLv3 CLIENT HELLO messages to test server's health - implemented "monitor-uri" so that haproxy can reply to a specific URI with an "HTTP/1.0 200 OK" response. This is useful to validate multiple proxies at once. 2006/06/29 : 1.3.0 - exploded the whole file into multiple .c and .h. No functionnal difference is expected at all. - fixed a bug by which neither stats nor error messages could be returned if 'clitimeout' was missing. 2006/05/21 : 1.2.14 - new HTML status report with the 'stats' keyword. - added the 'abortonclose' option to better resist traffic surges - implemented dynamic traffic regulation with the 'minconn' option - show request time on denied requests - definitely fixed hot reconf on OpenBSD by the use of SO_REUSEPORT - now a proxy instance is allowed to run without servers, which is useful to dedicate one instance to stats - added lots of error counters - a missing parenthesis preventd matching of cacheable cookies - a missing parenthesis in poll_loop() might have caused missed events. 2006/05/14 : 1.2.13.1 - an uninitialized field in the struct session could cause a crash when the session was freed. This has been encountered on Solaris only. - Solaris and OpenBSD no not support shutdown() on listening socket. Let's be nice to them by performing a soft stop if pause fails. 2006/05/13 : 1.2.13 - 'maxconn' server parameter to do per-server session limitation - queueing to support non-blocking session limitation - fixed removal of cookies for cookie-less servers such as backup servers - two separate wait queues for expirable and non-expirable tasks provide better performance with lots of sessions. - some code cleanups and performance improvements - made state dumps a bit more verbose - fixed missing checks for NULL srv in dispatch mode - load balancing on backup servers was not possible in source hash mode. - two session flags shared the same bit, but fortunately they were not compatible. 2006/04/15 : 1.2.12 Very few changes preparing for more important changes to support per-server session limitations and queueing : - ignore leading empty lines in HTTP requests as suggested by RFC2616. - added the 'weight' parameter to the servers, limited to 1..256. It applies to roundrobin and source hash. - the optional '-s' option could clobber '-st' and '-sf' if compiled in. 2006/03/30 : 1.2.11.1 - under some conditions, it might have been possible that when the last dead server became available, it would not have been used till another one would have changed state. Could not be reproduced at all, however seems possible from the code. 2006/03/25 : 1.2.11 - added the '-db' command-line option to disable backgrounding. - added the -sf/-st command-line arguments which are used to specify a list of pids to send a FINISH or TERMINATE signal upon startup. They will also be asked to release their port if a bind fails. - reworked the startup mechanism to allow the sending of a signal to a list of old pids if a socket cannot be bound, with a retry for a limited amount of time (1 second by default). - added the ability to enforce limits on memory usage. - added the 'source' load-balancing algorithm which uses the source IP(v4|v6) - re-architectured the server round-robin mechanism to ease integration of other algorithms. It now relies on the number of active and backup servers. - added a counter for the number of active and backup servers, and report these numbers upon SIGHUP or state change. 2006/03/23 : 1.2.10.1 - while fixing the backup server round-robin "feature", a new bug was introduced which could miss some backup servers. - the displayed proxy name was wrong when dumping upon SIGHUP. 2006/03/19 : 1.2.10 - assert.h is needed when DEBUG is defined. - ENORMOUS long standing bug affecting the epoll polling system : event_data is a union, not a structure ! - Make fd management more robust and easier to debug. Also some micro-optimisations. - Limit the number of consecutive accept() in multi-process mode. This produces a more evenly distributed load across the processes and slightly improves performance by reducing bottlenecks. - Make health-checks be more regular, and faster to retry after a timeout. - Fixed some messages to ease parsing of alerts. - provided a patch to enable epoll on RHEL3 kernels. - Separated OpenBSD build from the main Makefile into a new one. 2006/03/15 : 1.2.9 - haproxy could not be stopped after being paused, it had to be woken up first. This has been fixed. - the 'ulimit-n' parameter is now optional and by default computed from maxconn + the number of listeners + the number of health-checks. - it is now possible to specify a maximum number of connections at build time with the SYSTEM_MAXCONN define. The value set in the configuration file will then be limited to this value, and only the command-line '-n' option will be able to bypass it. It will prevent against accidental high memory usage on small systems. - RFC2616 expects that any HTTP agent accepts multi-line headers. Earlier versions did not detect a line beginning with a space as the continuation of previous header. It is now correct. - health checks sent to servers configured with identical intervals were sent in perfect synchronisation because the initial time was the same for all. This could induce high load peaks when fragile servers were hosting tens of instances for the same application. Now the load is spread evenly across the smallest interval amongst a listener. - a new 'forceclose' option was added to make the proxy close the outgoing channel to the server once it has sent all its headers and the server starts responding. This helps some servers which don't close upon the 'Connection: close' header. It implies 'option httpclose'. - there was a bug in the way the backup servers were handled. They were erroneously load-balanced while the doc said the opposite. Since load-balanced backup servers is one of the features some people have been asking for, the problem was fixed to reflect the documented behaviour and a new option 'allbackups' was introduced to provide the feature to those who need it. - a never ending connect() could lead to a fast select() loop if its timeout times the number of retransmits exceeded the server read or write timeout, because the later was used to compute select()'s timeout while the connection timeout was not reached. - now we initialize the libc's localtime structures very early so that even under OOM conditions, we can still send dated error messages without segfaulting. - the 'daemon' mode implies 'quiet' and disables 'verbose' because file descriptors are closed. 2006/01/29 : 1.2.8 - fixed a nasty bug affecting poll/epoll which could return unmodified data from the server to the client, and sometimes lead to memory corruption crashing the process. - added the new pause/play mechanism with SIGTTOU/SIGTTIN for hot-reconf. 2005/12/18 : 1.2.7.1 - the "retries" option was ignored because connect() could not return an error if the connection failed before the timeout. - TCP health-checks could not detect a connection refused in poll/epoll mode. 2005/11/13 : 1.2.7 - building with -DUSE_PCRE should include PCRE headers and not regex.h. At least on Solaris, this caused the libc's regex primitives to be used instead of PCRE, which caused trouble on group references. This is now fixed. - delayed the quiet mode during startup so that most of the startup alerts can be displayed even in quiet mode. - display an alert when a listener has no address, invalid or no port, or when there are no enabled listeners upon startup. - added "static-pcre" to the list of supported regex options in the Makefile. 2005/10/09 : 1.2.7rc (1.1.33rc) - second batch of socklen_t changes. - clean-ups from Cameron Simpson. - because tv_remain() does not know about eternity, using no timeout can make select() spin around a null time-out. Bug reported by Cameron Simpson. - client read timeout was not properly set to eternity initialized after an accept() if it was not set in the config. It remained undetected so long because eternity is 0 and newly allocated pages are zeroed by the system. - do not call get_original_dst() when not in transparent mode. - implemented a workaround for a bug in certain epoll() implementations on linux-2.4 kernels (epoll-lt <= 0.21). - implemented TCP keepalive with new options : tcpka, clitcpka, srvtcpka. 2005/08/07 : 1.2.6 - clean-up patch from Alexander Lazic fixes build on Debian 3.1 (socklen_t). 2005/07/06 : 1.2.6-pre5 (1.1.32) - added the number of active sessions (proxy/process) in the logs 2005/07/06 : 1.2.6-pre4 (1.1.32-pre4) - the time-out fix introduced in 1.1.25 caused a corner case where it was possible for a client to keep a connection maintained regardless of the timeout if the server closed the connection during the HEADER phase, while the client ignored the close request while doing nothing in the other direction. This has been fixed now by ensuring that read timeouts are re-armed when switching to any SHUTW state. 2005/07/05 : 1.2.6-pre3 (1.1.32-pre3) - enhanced error reporting in the logs. Now the proxy will precisely detect various error conditions related to the system and/or process limits, and generate LOG_EMERG logs indicating that a resource has been exhausted. - logs will contain two new characters for the error cause : 'R' indicates a resource exhausted, and 'I' indicates an internal error, though this one should never happen. - server connection timeouts can now be reported in the logs (sC), as well as connections refused because of maxconn limitations (PC). 2005/07/05 : 1.2.6-pre2 (1.1.32-pre2) - new global configuration keyword "ulimit-n" may be used to raise the FD limit to usable values. - a warning is now displayed on startup if the FD limit is lower than the configured maximum number of sockets. 2005/07/05 : 1.2.6-pre1 (1.1.32-pre1) - new configuration keyword "monitor-net" makes it possible to be monitored by external devices which connect to the proxy without being logged nor forwarded to any server. Particularly useful on generic TCPv4 relays. 2005/06/21 : 1.2.5.2 - fixed build on PPC where chars are unsigned by default 2005/05/02 : 1.2.5.1 - dirty hack to fix a bug introduced with epoll : if we close an FD and immediately reassign it to another session through a connect(), the Prev{Read,Write}Events are not updated, which causes trouble detecting changes, thus leading to many timeouts at high loads. 2005/04/30 : 1.2.5 (1.1.31) - changed the runtime argument to disable epoll() to '-de' - changed the runtime argument to disable poll() to '-dp' - added global options 'nopoll' and 'noepoll' to do the same at the configuration level. - added a 'linux24e' target to the Makefile for Linux 2.4 systems patched to support epoll(). - changed default FD_SETSIZE to 65536 on Solaris (default=1024) - conditionned signals redirection to #ifdef DEBUG_MEMORY 2005/04/26 : 1.2.5-pre4 - made epoll() support a compile-time option : ENABLE_EPOLL - provided a very little libc replacement for a possibly missing epoll() implementation which can be enabled by -DUSE_MY_EPOLL - implemented the poll() poller, which can be enabled with -DENABLE_POLL. The equivalent runtime argument becomes '-P'. A few tests show that it performs like select() with many fds, but slightly slower (certainly because of the higher amount of memory involved). - separated the 3 polling methods and the tasks scheduler into 4 distinct functions which makes the code a lot more modular. - moved some event tables to private static declarations inside the poller functions. - the poller functions can now initialize themselves, run, and cleanup. - changed the runtime argument to enable epoll() to '-E'. - removed buggy epoll_ctl() code in the client_retnclose() function. This function was never meant to remove anything. - fixed a typo which caused glibc to yell about a double free on exit. - removed error checking after epoll_ctl(DEL) because we can never know if the fd is still active or already closed. - added a few entries in the makefile 2005/04/25 : 1.2.5-pre3 - experimental epoll() support (use temporary '-e' argument) 2005/04/24 : 1.2.5-pre2 - implemented the HTTP 303 code for error redirection. This forces the browser to fetch the given URI with a GET request. The new keyword for this is 'errorloc303', and a new 'errorloc302' keyword has been created to make them easily distinguishable. - added more controls in the parser for valid use of '\x' sequence. - few fixes from Alex & Klaus 2005/02/17 : 1.2.5-pre1 - fixed a few errors in the documentation 2005/02/13 - do not pre-initialize unused file-descriptors before select() anymore. 2005/01/22 : 1.2.4 - merged Alexander Lazic's and Klaus Wagner's work on application cookie-based persistence. Since this is the first merge, this version is not intended for general use and reports are more than welcome. Some documentation is really needed though. 2005/01/22 : 1.2.3 (1.1.30) - add an architecture guide to the documentation - released without any changes 2004/12/26 : 1.2.3-pre1 (1.1.30-pre1) - increased default BUFSIZE to 16 kB to accept max headers of 8 kB which is compatible with Apache. This limit can be configured in the makefile now. Thanks to Eric Fehr for the checks. - added a per-server "source" option which now makes it possible to bind to a different source for each (potentially identical) server. - changed cookie-based server selection slightly to allow several servers to share a same cookie, thus making it possible to associate backup servers to live servers and ease soft-stop for maintenance periods. (Alexander Lazic) - added the cookie 'prefix' mode which makes it possible to use persistence with thin clients which support only one cookie. The server name is prefixed before the application cookie, and restore back. - fixed the order of servers within an instance to match documentation. Now the servers are *really* used in the order of their declaration. This is particularly important when multiple backup servers are in use. 2004/10/18 : 1.2.2 (1.1.29) - fixed a bug where a TCP connection would be logged twice if the 'logasap' option was enabled without the 'tcplog' option. - encode_string() would use hdr_encode_map instead of the map argument. 2004/08/10 : (1.1.29-pre2) - the logged request is now encoded with '#XX' for unprintable characters - new keywords 'capture request header' and 'capture response header' enable logging of arbitrary HTTP headers in requests and responses - removed "-DSOLARIS" after replacing the last inet_aton() with inet_pton() 2004/06/06 : 1.2.1 (1.1.28) - added the '-V' command line option to verbosely report errors even though the -q or 'quiet' options are specified. This is useful with '-c'. - added a Red Hat init script and a .spec from Simon Matter 2004/06/05 : - added the "logasap" option which produces a log without waiting for the data to be transferred from the server to the client. - added the "httpclose" option which removes any "connection:" header and adds "Connection: close" in both direction. - added the 'checkcache' option which blocks cacheable responses containing dangerous headers, such as 'set-cookie'. - added 'rspdeny' and 'rspideny' to block certain responses to avoid sensible information leak from servers. 2004/04/18 : - send an EMERG log when no server is available for a given proxy - added the '-c' command line option to syntactically check the configuration file without starting the service. 2003/11/09 : 1.2.0 - the same as 1.1.27 + IPv6 support on the client side 2003/10/27 : 1.1.27 - the configurable HTTP health check introduced in 1.1.23 revealed a shameful bug : the code still assumed that HTTP requests were the same size as the original ones (22 bytes), and failed if they were not. - added support for pidfiles. 2003/10/22 : 1.1.26 - the fix introduced in 1.1.25 for client timeouts while waiting for servers broke almost all compatibility with POST requests, because the proxy stopped to read anything from the client as soon as it got all of its headers. 2003/10/15 : 1.1.25 - added the 'tcplog' option, which provides enhanced, HTTP-like logs for generic TCP proxies, or lighter logs for HTTP proxies. - fixed a time-out condition wrongly reported as client time-out in data phase if the client timeout was lower than the connect timeout times the number of retries. 2003/09/21 : 1.1.24 - if a client sent a full request then shut its write connection down, then the request was aborted. This case was detected only when using haproxy both as health-check client and as a server. - if 'option httpchk' is used in a 'health' mode server, then responses will change from 'OK' to 'HTTP/1.0 200 OK'. - fixed a Linux-only bug in case of HTTP server health-checks, where a single server response followed by a close could be ignored, and the server seen as failed. 2003/09/19 : 1.1.23 - fixed a stupid bug introduced in 1.1.22 which caused second and subsequent 'default' sections to keep previous parameters, and not initialize logs correctly. - fixed a second stupid bug introduced in 1.1.22 which caused configurations relying on 'dispatch' mode to segfault at the first connection. - 'option httpchk' now supports method, HTTP version and a few headers. - now, 'option httpchk', 'cookie' and 'capture' can be specified in 'defaults' section 2003/09/10 : 1.1.22 - 'listen' now supports optionnal address:port-range lists - 'bind' introduced to add new listen addresses - fixed a bug which caused a session to be kept established on a server till it timed out if the client closed during the DATA phase. - the port part of each server address can now be empty to make the proxy connect to the server on the same port it was connected to, be an absolute unsigned number to reflect a single port (as in older versions), or an explicitly signed number (+N/-N) to indicate that this offset must be applied to the port the proxy was connected to, when connecting to the server. - the 'port' server option allows the user to specify a different health-check port than the service one. It is mandatory when only relative ports have been specified and check is required. By default, the checks are sent to the service port. - new 'defaults' section which is rather similar to 'listen' except that all values are only used as default values for future 'listen' sections, until a new 'defaults' resets them. At the moment, server options, regexes, cookie names and captures cannot be set in the 'defaults' section. 2003/05/06 : 1.1.21 - changed the debug output format so that it now includes the session unique ID followed by the instance name at the beginning of each line. - in debug mode, accept now shows the client's IP and port. - added one 3 small debugging scripts to search and pretty print debug output - changed the default health check request to "OPTIONS /" instead of "OPTIONS *" since not all servers implement the later one. - "option httpchk" now accepts an optional parameter allowing the user to specify and URI other than '/' during health-checks. 2003/04/21 : 1.1.20 - fixed two problems with time-outs, one where a server would be logged as timed out during transfer that take longer to complete than the fixed time-out, and one where clients were logged as timed-out during the data phase because they didn't have anything to send. This sometimes caused slow client connections to close too early while in fact there was no problem. The proper fix would be to have a per-fd time-out with conditions depending on the state of the HTTP FSM. 2003/04/16 : 1.1.19 - haproxy was NOT RFC compliant because it was case-sensitive on HTTP "Cookie:" and "Set-Cookie:" headers. This caused JVM 1.4 to fail on cookie persistence because it uses "cookie:". Two memcmp() have been replaced with strncasecmp(). 2003/04/02 : 1.1.18 - Haproxy can be compiled with PCRE regex instead of libc regex, by setting REGEX=pcre on the make command line. - HTTP health-checks now use "OPTIONS *" instead of "OPTIONS /". - when explicit source address binding is required, it is now also used for health-checks. - added 'reqpass' and 'reqipass' to allow certain headers but not the request itself. - factored several strings to reduce binary size by about 2 kB. - replaced setreuid() and setregid() with more standard setuid() and setgid(). - added 4 status flags to the log line indicating who ended the connection first, the sessions state, the validity of the cookie, and action taken on the set-cookie header. 2002/10/18 : 1.1.17 - add the notion of "backup" servers, which are used only when all other servers are down. - make Set-Cookie return "" instead of "(null)" when the server has no cookie assigned (useful for backup servers). - "log" now supports an optionnal level name (info, notice, err ...) above which nothing is sent. - replaced some strncmp() with memcmp() for better efficiency. - added "capture cookie" option which logs client and/or server cookies - cleaned up/down messages and dump servers states upon SIGHUP - added a redirection feature for errors : "errorloc " - now we won't insist on connecting to a dead server, even with a cookie, unless option "persist" is specified. - added HTTP/408 response for client request time-out and HTTP/50[234] for server reply time-out or errors. 2002/09/01 : 1.1.16 - implement HTTP health checks when option "httpchk" is specified. 2002/08/07 : 1.1.15 - replaced setpgid()/setpgrp() with setsid() for better portability, because setpgrp() doesn't have the same meaning under Solaris, Linux, and OpenBSD. 2002/07/20 : 1.1.14 - added "postonly" cookie mode 2002/07/15 : 1.1.13 - tv_diff used inverted parameters which led to negative times ! 2002/07/13 : 1.1.12 - fixed stats monitoring, and optimized some tv_* for most common cases. - replaced temporary 'newhdr' with 'trash' to reduce stack size - made HTTP errors more HTML-fiendly. - renamed strlcpy() to strlcpy2() because of a slightly difference between their behaviour (return value), to avoid confusion. - restricted HTTP messages to HTTP proxies only - added a 502 message when the connection has been refused by the server, to prevent clients from believing this is a zero-byte HTTP 0.9 reply. - changed 'Cache-control:' from 'no-cache="set-cookie"' to 'private' when inserting a cookie, because some caches (apache) don't understand it. - fixed processing of server headers when client is in SHUTR state 2002/07/04 : - automatically close fd's 0,1 and 2 when going daemon ; setpgrp() after setpgid() 2002/06/04 : 1.1.11 - fixed multi-cookie handling in client request to allow clean deletion in insert+indirect mode. Now, only the server cookie is deleted and not all the header. Should now be compliant to RFC2965. - added a "nocache" option to "cookie" to specify that we explicitly want to add a "cache-control" header when we add a cookie. It is also possible to add an "Expires: " to keep compatibility with old/broken caches. 2002/05/10 : 1.1.10 - if a cookie is used in insert+indirect mode, it's desirable that the the servers don't see it. It was not possible to remove it correctly with regexps, so now it's removed automatically. 2002/04/19 : 1.1.9 - don't use snprintf()'s return value as an end of message since it may be larger. This caused bus errors and segfaults in internal libc's getenv() during localtime() in send_log(). - removed dead insecure send_syslog() function and all references to it. - fixed warnings on Solaris due to buggy implementation of isXXXX(). 2002/04/18 : 1.1.8 - option "dontlognull" - fixed "double space" bug in config parser - fixed an uninitialized server field in case of dispatch with no existing server which could cause a segfault during logging. - the pid logged was always the father's, which was wrong for daemons. - fixed wrong level "LOG_INFO" for message "proxy started". 2002/04/13 : - http logging is now complete : - ip:port, date, proxy, server - req_time, conn_time, hdr_time, tot_time - status, size, request - source address 2002/04/12 : 1.1.7 - added option forwardfor - added reqirep, reqidel, reqiallow, reqideny, rspirep, rspidel - added "log global" in "listen" section. 2002/04/09 : - added a new "global" section : - logs - debug, quiet, daemon modes - uid, gid, chroot, nbproc, maxconn 2002/04/08 : 1.1.6 - regex are now chained and not limited anymore. - unavailable server now returns HTTP/502. - increased per-line args limit to 40 - added reqallow/reqdeny to block some request on matches - added HTTP 400/403 responses 2002/04/03 : 1.1.5 - connection logging displayed incorrect source address. - added proxy start/stop and server up/down log events. - replaced log message short buffers with larger trash. - enlarged buffer to 8 kB and replace buffer to 4 kB. 2002/03/25 : 1.1.4 - made rise/fall/interval time configurable 2002/03/22 : 1.1.3 - fixed a bug : cr_expire and cw_expire were inverted in CL_STSHUT[WR] which could lead to loops. 2002/03/21 : 1.1.2 - fixed a bug in buffer management where we could have a loop between event_read() and process_{cli|srv} if R==BUFSIZE-MAXREWRITE. => implemented an adjustable buffer limit. - fixed a bug : expiration of tasks in wait queue timeout is used again, and running tasks are skipped. - added some debug lines for accept events. - send warnings for servers up/down. 2002/03/12 : 1.1.1 - fixed a bug in total failure handling - fixed a bug in timestamp comparison within same second (tv_cmp_ms) 2002/03/10 : 1.1.0 - fixed a few timeout bugs - rearranged the task scheduler subsystem to improve performance, add new tasks, and make it easier to later port to librt ; - allow multiple accept() for one select() wake up ; - implemented internal load balancing with basic health-check ; - cookie insertion and header add/replace/delete, with better strings support. 2002/03/08 - reworked buffer handling to fix a few rewrite bugs, and improve overall performance. - implement the "purge" option to delete server cookies in direct mode. 2002/03/07 - fixed some error cases where the maxfd was not decreased. 2002/02/26 - now supports transparent proxying, at least on linux 2.4. 2002/02/12 - soft stop works again (fixed select timeout computation). - it seems that TCP proxies sometimes cannot timeout. - added a "quiet" mode. - enforce file descriptor limitation on socket() and accept(). 2001/12/30 : release of version 1.0.2 : fixed a bug in header processing 2001/12/19 : release of version 1.0.1 : no MSG_NOSIGNAL on solaris 2001/12/16 : release of version 1.0.0. 2001/12/16 : added syslog capability for each accepted connection. 2001/11/19 : corrected premature end of files and occasional SIGPIPE. 2001/10/31 : added health-check type servers (mode health) which replies OK then closes. 2001/10/30 : added the ability to support standard TCP proxies and HTTP proxies with or without cookies (use keyword http for this). 2001/09/01 : added client/server header replacing with regexps. eg: cliexp ^(Host:\ [^:]*).* Host:\ \1:80 srvexp ^Server:\ .* Server:\ Apache 2000/11/29 : first fully working release with complete FSMs and timeouts. 2000/11/28 : major rewrite 2000/11/26 : first write haproxy-1.4.24/LICENSE000066400000000000000000000033471215760735600143240ustar00rootroot00000000000000HAPROXY's license - 2006/06/15 Historically, haproxy has been covered by GPL version 2. However, an issue appeared in GPL which will prevent external non-GPL code from being built using the headers provided with haproxy. My long-term goal is to build a core system able to load external modules to support specific application protocols. Since some protocols are found in rare environments (finance, industry, ...), some of them might be accessible only after signing an NDA. Enforcing GPL on such modules would only prevent them from ever being implemented, while not providing anything useful to ordinary users. For this reason, I *want* to be able to support binary only external modules when needed, with a GPL core and GPL modules for standard protocols, so that people fixing bugs don't keep them secretly to try to stay over competition. The solution was then to apply the LGPL license to the exportable include files, while keeping the GPL for all the rest. This way, it still is mandatory to redistribute modified code under customer request, but at the same time, it is expressly permitted to write, compile, link and load non-GPL code using the LGPL header files and not to distribute them if it causes a legal problem. Of course, users are strongly encouraged to continue the work under GPL as long as possible, since this license has allowed useful enhancements, contributions and fixes from talented people around the world. The text of the licenses lies in the "doc" directory. All the files provided in this package are covered by the GPL unless expressly stated otherwise in them. Every patch or contribution provided by external people will by default comply with the license of the files it affects, or be rejected. Willy Tarreau - w@1wt.eu haproxy-1.4.24/Makefile000066400000000000000000000530531215760735600147560ustar00rootroot00000000000000# This GNU Makefile supports different OS and CPU combinations. # # You should use it this way : # [g]make TARGET=os ARCH=arch CPU=cpu USE_xxx=1 ... # # Valid USE_* options are the following. Most of them are automatically set by # the TARGET, others have to be explictly specified : # USE_CTTPROXY : enable CTTPROXY on Linux (needs kernel patch). # USE_DLMALLOC : enable use of dlmalloc (see DLMALLOC_SRC) # USE_EPOLL : enable epoll() on Linux 2.6. Automatic. # USE_GETSOCKNAME : enable getsockname() on Linux 2.2. Automatic. # USE_KQUEUE : enable kqueue() on BSD. Automatic. # USE_MY_EPOLL : redefine epoll_* syscalls. Automatic. # USE_NETFILTER : enable netfilter on Linux. Automatic. # USE_PCRE : enable use of libpcre for regex. Recommended. # USE_POLL : enable poll(). Automatic. # USE_REGPARM : enable regparm optimization. Recommended on x86. # USE_SEPOLL : enable speculative epoll(). Automatic. # USE_STATIC_PCRE : enable static libpcre. Recommended. # USE_TPROXY : enable transparent proxy. Automatic. # USE_LINUX_TPROXY : enable full transparent proxy. Automatic. # USE_LINUX_SPLICE : enable kernel 2.6 splicing. Automatic. # USE_LIBCRYPT : enable crypted passwords using -lcrypt # USE_CRYPT_H : set it if your system requires including crypt.h # # Options can be forced by specifying "USE_xxx=1" or can be disabled by using # "USE_xxx=" (empty string). # # Variables useful for packagers : # CC is set to "gcc" by default and is used for compilation only. # LD is set to "gcc" by default and is used for linking only. # ARCH may be useful to force build of 32-bit binary on 64-bit systems # CFLAGS is automatically set for the specified CPU and may be overridden. # LDFLAGS is automatically set to -g and may be overridden. # SMALL_OPTS may be used to specify some options to shrink memory usage. # DEBUG may be used to set some internal debugging options. # ADDINC may be used to complete the include path in the form -Ipath. # ADDLIB may be used to complete the library list in the form -Lpath -llib. # DEFINE may be used to specify any additional define, which will be reported # by "haproxy -vv" in CFLAGS. # SILENT_DEFINE may be used to specify other defines which will not be # reported by "haproxy -vv". # DESTDIR is not set by default and is used for installation only. # It might be useful to set DESTDIR if you want to install haproxy # in a sandbox. # PREFIX is set to "/usr/local" by default and is used for installation only. # SBINDIR is set to "$(PREFIX)/sbin" by default and is used for installation # only. # MANDIR is set to "$(PREFIX)/share/man" by default and is used for # installation only. # DOCDIR is set to "$(PREFIX)/doc/haproxy" by default and is used for # installation only. # # Other variables : # DLMALLOC_SRC : build with dlmalloc, indicate the location of dlmalloc.c. # DLMALLOC_THRES : should match PAGE_SIZE on every platform (default: 4096). # PCREDIR : force the path to libpcre. # PCRE_LIB : force the lib path to libpcre (defaults to $PCREDIR/lib). # PCRE_INC : force the include path to libpcre ($PCREDIR/inc) # IGNOREGIT : ignore GIT commit versions if set. # VERSION : force haproxy version reporting. # SUBVERS : add a sub-version (eg: platform, model, ...). # VERDATE : force haproxy's release date. #### Installation options. DESTDIR = PREFIX = /usr/local SBINDIR = $(PREFIX)/sbin MANDIR = $(PREFIX)/share/man DOCDIR = $(PREFIX)/doc/haproxy #### TARGET system # Use TARGET= to optimize for a specifc target OS among the # following list (use the default "generic" if uncertain) : # generic, linux22, linux24, linux24e, linux26, solaris, # freebsd, openbsd, cygwin, custom, aix52 TARGET = #### TARGET CPU # Use CPU= to optimize for a particular CPU, among the following # list : # generic, native, i586, i686, ultrasparc, custom CPU = generic #### Architecture, used when not building for native architecture # Use ARCH= to force build for a specific architecture. Known # architectures will lead to "-m32" or "-m64" being added to CFLAGS and # LDFLAGS. This can be required to build 32-bit binaries on 64-bit targets. # Currently, only 32, 64, x86_64, i386, i486, i586 and i686 are understood. ARCH = #### Toolchain options. # GCC is normally used both for compiling and linking. CC = gcc LD = $(CC) #### Debug flags (typically "-g"). # Those flags only feed CFLAGS so it is not mandatory to use this form. DEBUG_CFLAGS = -g #### Compiler-specific flags that may be used to disable some negative over- # optimization or to silence some warnings. -fno-strict-aliasing is needed with # gcc >= 4.4. SPEC_CFLAGS = -fno-strict-aliasing #### Memory usage tuning # If small memory footprint is required, you can reduce the buffer size. There # are 2 buffers per concurrent session, so 16 kB buffers will eat 32 MB memory # with 1000 concurrent sessions. Putting it slightly lower than a page size # will prevent the additional parameters to go beyond a page. 8030 bytes is # exactly 5.5 TCP segments of 1460 bytes and is generally good. Useful tuning # macros include : # SYSTEM_MAXCONN, BUFSIZE, MAXREWRITE, REQURI_LEN, CAPTURE_LEN. # Example: SMALL_OPTS = -DBUFSIZE=8030 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=1024 SMALL_OPTS = #### Debug settings # You can enable debugging on specific code parts by setting DEBUG=-DDEBUG_xxx. # Currently defined DEBUG macros include DEBUG_FULL, DEBUG_MEMORY, DEBUG_FSM, # DEBUG_HASH and DEBUG_AUTH. Please check sources for exact meaning or do not # use at all. DEBUG = #### Additional include and library dirs # Redefine this if you want to add some special PATH to include/libs ADDINC = ADDLIB = #### Specific macro definitions # Use DEFINE=-Dxxx to set any tunable macro. Anything declared here will appear # in the build options reported by "haproxy -vv". Use SILENT_DEFINE if you do # not want to pollute the report with complex defines. DEFINE = SILENT_DEFINE = #### CPU dependant optimizations # Some CFLAGS are set by default depending on the target CPU. Those flags only # feed CPU_CFLAGS, which in turn feed CFLAGS, so it is not mandatory to use # them. You should not have to change these options. Better use CPU_CFLAGS or # even CFLAGS instead. CPU_CFLAGS.generic = -O2 CPU_CFLAGS.native = -O2 -march=native CPU_CFLAGS.i586 = -O2 -march=i586 CPU_CFLAGS.i686 = -O2 -march=i686 CPU_CFLAGS.ultrasparc = -O6 -mcpu=v9 -mtune=ultrasparc CPU_CFLAGS = $(CPU_CFLAGS.$(CPU)) #### ARCH dependant flags, may be overriden by CPU flags ARCH_FLAGS.32 = -m32 ARCH_FLAGS.64 = -m64 ARCH_FLAGS.i386 = -m32 -march=i386 ARCH_FLAGS.i486 = -m32 -march=i486 ARCH_FLAGS.i586 = -m32 -march=i586 ARCH_FLAGS.i686 = -m32 -march=i686 ARCH_FLAGS.x86_64 = -m64 -march=x86-64 ARCH_FLAGS = $(ARCH_FLAGS.$(ARCH)) #### Common CFLAGS # These CFLAGS contain general optimization options, CPU-specific optimizations # and debug flags. They may be overridden by some distributions which prefer to # set all of them at once instead of playing with the CPU and DEBUG variables. CFLAGS = $(ARCH_FLAGS) $(CPU_CFLAGS) $(DEBUG_CFLAGS) $(SPEC_CFLAGS) #### Common LDFLAGS # These LDFLAGS are used as the first "ld" options, regardless of any library # path or any other option. They may be changed to add any linker-specific # option at the beginning of the ld command line. LDFLAGS = $(ARCH_FLAGS) -g #### Target system options # Depending on the target platform, some options are set, as well as some # CFLAGS and LDFLAGS. The USE_* values are set to "implicit" so that they are # not reported in the build options string. You should not have to change # anything there. poll() is always supported, unless explicitly disabled by # passing USE_POLL="" on the make command line. USE_POLL = default ifeq ($(TARGET),generic) # generic system target has nothing specific USE_POLL = implicit USE_TPROXY = implicit else ifeq ($(TARGET),linux22) # This is for Linux 2.2 USE_GETSOCKNAME = implicit USE_POLL = implicit USE_TPROXY = implicit USE_LIBCRYPT = implicit else ifeq ($(TARGET),linux24) # This is for standard Linux 2.4 with netfilter but without epoll() USE_GETSOCKNAME = implicit USE_NETFILTER = implicit USE_POLL = implicit USE_TPROXY = implicit USE_LIBCRYPT = implicit else ifeq ($(TARGET),linux24e) # This is for enhanced Linux 2.4 with netfilter and epoll() patch > 0.21 USE_GETSOCKNAME = implicit USE_NETFILTER = implicit USE_POLL = implicit USE_EPOLL = implicit USE_SEPOLL = implicit USE_MY_EPOLL = implicit USE_TPROXY = implicit USE_LIBCRYPT = implicit else ifeq ($(TARGET),linux26) # This is for standard Linux 2.6 with netfilter and standard epoll() USE_GETSOCKNAME = implicit USE_NETFILTER = implicit USE_POLL = implicit USE_EPOLL = implicit USE_SEPOLL = implicit USE_TPROXY = implicit USE_LIBCRYPT = implicit else ifeq ($(TARGET),linux2628) # This is for standard Linux >= 2.6.28 with netfilter, epoll, tproxy and splice USE_GETSOCKNAME = implicit USE_NETFILTER = implicit USE_POLL = implicit USE_EPOLL = implicit USE_SEPOLL = implicit USE_TPROXY = implicit USE_LIBCRYPT = implicit USE_LINUX_SPLICE= implicit USE_LINUX_TPROXY= implicit else ifeq ($(TARGET),solaris) # This is for Solaris 8 USE_POLL = implicit TARGET_CFLAGS = -fomit-frame-pointer -DFD_SETSIZE=65536 -D_REENTRANT TARGET_LDFLAGS = -lnsl -lsocket USE_TPROXY = implicit USE_LIBCRYPT = implicit USE_CRYPT_H = implicit else ifeq ($(TARGET),freebsd) # This is for FreeBSD USE_POLL = implicit USE_KQUEUE = implicit USE_TPROXY = implicit USE_LIBCRYPT = implicit else ifeq ($(TARGET),osx) # This is for Mac OS/X USE_POLL = implicit USE_KQUEUE = implicit USE_TPROXY = implicit USE_LIBCRYPT = implicit else ifeq ($(TARGET),openbsd) # This is for OpenBSD >= 3.0 USE_POLL = implicit USE_KQUEUE = implicit USE_TPROXY = implicit else ifeq ($(TARGET),aix52) # This is for AIX 5.2 and later USE_POLL = implicit USE_LIBCRYPT = implicit TARGET_CFLAGS = -D_MSGQSUPPORT DEBUG_CFLAGS = else ifeq ($(TARGET),cygwin) # This is for Cygwin # Cygwin adds IPv6 support only in version 1.7 (in beta right now). USE_POLL = implicit USE_TPROXY = implicit TARGET_CFLAGS = $(if $(filter 1.5.%, $(shell uname -r)), -DUSE_IPV6 -DAF_INET6=23 -DINET6_ADDRSTRLEN=46, ) endif # cygwin endif # aix52 endif # openbsd endif # osx endif # freebsd endif # solaris endif # linux2628 endif # linux26 endif # linux24e endif # linux24 endif # linux22 endif # generic #### Old-style REGEX library settings for compatibility with previous setups. # It is still possible to use REGEX= to select an alternative regex # library. By default, we use libc's regex. On Solaris 8/Sparc, grouping seems # to be broken using libc, so consider using pcre instead. Supported values are # "libc", "pcre", and "static-pcre". Use of this method is deprecated in favor # of "USE_PCRE" and "USE_STATIC_PCRE" (see build options below). REGEX = libc ifeq ($(REGEX),pcre) USE_PCRE = 1 $(warning WARNING! use of "REGEX=pcre" is deprecated, consider using "USE_PCRE=1" instead.) endif ifeq ($(REGEX),static-pcre) USE_STATIC_PCRE = 1 $(warning WARNING! use of "REGEX=pcre-static" is deprecated, consider using "USE_STATIC_PCRE=1" instead.) endif #### Old-style TPROXY settings ifneq ($(findstring -DTPROXY,$(DEFINE)),) USE_TPROXY = 1 $(warning WARNING! use of "DEFINE=-DTPROXY" is deprecated, consider using "USE_TPROXY=1" instead.) endif #### Determine version, sub-version and release date. # If GIT is found, and IGNOREGIT is not set, VERSION, SUBVERS and VERDATE are # extracted from the last commit. Otherwise, use the contents of the files # holding the same names in the current directory. ifeq ($(IGNOREGIT),) VERSION := $(shell [ -d .git/. ] && ref=`(git describe --tags) 2>/dev/null` && ref=$${ref%-g*} && echo "$${ref\#v}") ifneq ($(VERSION),) # OK git is there and works. SUBVERS := $(shell comms=`git log --no-merges v$(VERSION).. 2>/dev/null |grep -c ^commit `; [ $$comms -gt 0 ] && echo "-$$comms" ) VERDATE := $(shell date +%Y/%m/%d -d "`git log --pretty=fuller HEAD^.. 2>/dev/null | sed -ne '/^CommitDate:/{s/\(^[^ ]*:\)\|\( [-+].*\)//gp;q}'`" ) endif endif # Last commit version not found, take it from the files. ifeq ($(VERSION),) VERSION := $(shell cat VERSION 2>/dev/null || touch VERSION) endif ifeq ($(SUBVERS),) SUBVERS := $(shell cat SUBVERS 2>/dev/null || touch SUBVERS) endif ifeq ($(VERDATE),) VERDATE := $(shell cat VERDATE 2>/dev/null || touch VERDATE) endif #### Build options # Do not change these ones, enable USE_* variables instead. OPTIONS_CFLAGS = OPTIONS_LDFLAGS = OPTIONS_OBJS = # This variable collects all USE_* values except those set to "implicit". This # is used to report a list of all flags which were used to build this version. # Do not assign anything to it. BUILD_OPTIONS = # Return USE_xxx=$(USE_xxx) unless $(USE_xxx) = "implicit" # Usage: # BUILD_OPTIONS += $(call ignore_implicit,USE_xxx) ignore_implicit = $(patsubst %=implicit,,$(1)=$($(1))) ifneq ($(USE_TCPSPLICE),) $(error experimental option USE_TCPSPLICE has been removed, check USE_LINUX_SPLICE) endif ifneq ($(USE_LINUX_SPLICE),) OPTIONS_CFLAGS += -DCONFIG_HAP_LINUX_SPLICE BUILD_OPTIONS += $(call ignore_implicit,USE_LINUX_SPLICE) endif ifneq ($(USE_CTTPROXY),) OPTIONS_CFLAGS += -DCONFIG_HAP_CTTPROXY OPTIONS_OBJS += src/cttproxy.o BUILD_OPTIONS += $(call ignore_implicit,USE_CTTPROXY) endif ifneq ($(USE_TPROXY),) OPTIONS_CFLAGS += -DTPROXY BUILD_OPTIONS += $(call ignore_implicit,USE_TPROXY) endif ifneq ($(USE_LINUX_TPROXY),) OPTIONS_CFLAGS += -DCONFIG_HAP_LINUX_TPROXY BUILD_OPTIONS += $(call ignore_implicit,USE_LINUX_TPROXY) endif ifneq ($(USE_LIBCRYPT),) OPTIONS_CFLAGS += -DCONFIG_HAP_CRYPT BUILD_OPTIONS += $(call ignore_implicit,USE_LIBCRYPT) OPTIONS_LDFLAGS += -lcrypt endif ifneq ($(USE_CRYPT_H),) OPTIONS_CFLAGS += -DNEED_CRYPT_H BUILD_OPTIONS += $(call ignore_implicit,USE_CRYPT_H) endif ifneq ($(USE_POLL),) OPTIONS_CFLAGS += -DENABLE_POLL OPTIONS_OBJS += src/ev_poll.o BUILD_OPTIONS += $(call ignore_implicit,USE_POLL) endif ifneq ($(USE_EPOLL),) OPTIONS_CFLAGS += -DENABLE_EPOLL OPTIONS_OBJS += src/ev_epoll.o BUILD_OPTIONS += $(call ignore_implicit,USE_EPOLL) endif ifneq ($(USE_SEPOLL),) OPTIONS_CFLAGS += -DENABLE_SEPOLL OPTIONS_OBJS += src/ev_sepoll.o BUILD_OPTIONS += $(call ignore_implicit,USE_SEPOLL) endif ifneq ($(USE_MY_EPOLL),) OPTIONS_CFLAGS += -DUSE_MY_EPOLL BUILD_OPTIONS += $(call ignore_implicit,USE_MY_EPOLL) endif ifneq ($(USE_KQUEUE),) OPTIONS_CFLAGS += -DENABLE_KQUEUE OPTIONS_OBJS += src/ev_kqueue.o BUILD_OPTIONS += $(call ignore_implicit,USE_KQUEUE) endif ifneq ($(USE_NETFILTER),) OPTIONS_CFLAGS += -DNETFILTER BUILD_OPTIONS += $(call ignore_implicit,USE_NETFILTER) endif ifneq ($(USE_GETSOCKNAME),) OPTIONS_CFLAGS += -DUSE_GETSOCKNAME BUILD_OPTIONS += $(call ignore_implicit,USE_GETSOCKNAME) endif ifneq ($(USE_REGPARM),) OPTIONS_CFLAGS += -DCONFIG_REGPARM=3 BUILD_OPTIONS += $(call ignore_implicit,USE_REGPARM) endif # report DLMALLOC_SRC only if explicitly specified ifneq ($(DLMALLOC_SRC),) BUILD_OPTIONS += DLMALLOC_SRC=$(DLMALLOC_SRC) endif ifneq ($(USE_DLMALLOC),) BUILD_OPTIONS += $(call ignore_implicit,USE_DLMALLOC) ifeq ($(DLMALLOC_SRC),) DLMALLOC_SRC=src/dlmalloc.c endif endif ifneq ($(DLMALLOC_SRC),) # DLMALLOC_THRES may be changed to match PAGE_SIZE on every platform DLMALLOC_THRES = 4096 OPTIONS_OBJS += src/dlmalloc.o endif ifneq ($(USE_PCRE)$(USE_STATIC_PCRE),) # PCREDIR is used to automatically construct the PCRE_INC and PCRE_LIB paths, # by appending /include and /lib respectively. If your system does not use the # same sub-directories, simply force these variables instead of PCREDIR. It is # automatically detected but can be forced if required (for cross-compiling). # Forcing PCREDIR to an empty string will let the compiler use the default # locations. PCREDIR := $(shell pcre-config --prefix 2>/dev/null || echo /usr/local) ifneq ($(PCREDIR),) PCRE_INC := $(PCREDIR)/include PCRE_LIB := $(PCREDIR)/lib endif ifeq ($(USE_STATIC_PCRE),) # dynamic PCRE OPTIONS_CFLAGS += -DUSE_PCRE $(if $(PCRE_INC),-I$(PCRE_INC)) OPTIONS_LDFLAGS += $(if $(PCRE_LIB),-L$(PCRE_LIB)) -lpcreposix -lpcre BUILD_OPTIONS += $(call ignore_implicit,USE_PCRE) else # static PCRE OPTIONS_CFLAGS += -DUSE_PCRE $(if $(PCRE_INC),-I$(PCRE_INC)) OPTIONS_LDFLAGS += $(if $(PCRE_LIB),-L$(PCRE_LIB)) -Wl,-Bstatic -lpcreposix -lpcre -Wl,-Bdynamic BUILD_OPTIONS += $(call ignore_implicit,USE_STATIC_PCRE) endif endif # This one can be changed to look for ebtree files in an external directory EBTREE_DIR := ebtree #### Global compile options VERBOSE_CFLAGS = $(CFLAGS) $(TARGET_CFLAGS) $(SMALL_OPTS) $(DEFINE) COPTS = -Iinclude -I$(EBTREE_DIR) -Wall COPTS += $(CFLAGS) $(TARGET_CFLAGS) $(SMALL_OPTS) $(DEFINE) $(SILENT_DEFINE) COPTS += $(DEBUG) $(OPTIONS_CFLAGS) $(ADDINC) ifneq ($(VERSION)$(SUBVERS),) COPTS += -DCONFIG_HAPROXY_VERSION=\"$(VERSION)$(SUBVERS)\" endif ifneq ($(VERDATE),) COPTS += -DCONFIG_HAPROXY_DATE=\"$(VERDATE)\" endif #### Global link options # These options are added at the end of the "ld" command line. Use LDFLAGS to # add options at the beginning of the "ld" command line if needed. LDOPTS = $(TARGET_LDFLAGS) $(OPTIONS_LDFLAGS) $(ADDLIB) ifeq ($(TARGET),) all: @echo @echo "Due to too many reports of suboptimized setups, building without" @echo "specifying the target is no longer supported. Please specify the" @echo "target OS in the TARGET variable, in the following form:" @echo @echo " $ make TARGET=xxx" @echo @echo "Please choose the target among the following supported list :" @echo @echo " linux2628, linux26, linux24, linux24e, linux22, solaris" @echo " freebsd, openbsd, cygwin, custom, generic" @echo @echo "Use \"generic\" if you don't want any optimization, \"custom\" if you" @echo "want to precisely tweak every option, or choose the target which" @echo "matches your OS the most in order to gain the maximum performance" @echo "out of it. Please check the Makefile in case of doubts." @echo @exit 1 else all: haproxy endif OBJS = src/haproxy.o src/sessionhash.o src/base64.o src/protocols.o \ src/uri_auth.o src/standard.o src/buffers.o src/log.o src/task.o \ src/time.o src/fd.o src/pipe.o src/regex.o src/cfgparse.o src/server.o \ src/checks.o src/queue.o src/client.o src/proxy.o src/stick_table.o src/proto_uxst.o \ src/proto_http.o src/stream_sock.o src/appsession.o src/backend.o \ src/lb_chash.o src/lb_fwlc.o src/lb_fwrr.o src/lb_map.o \ src/stream_interface.o src/dumpstats.o src/proto_tcp.o \ src/session.o src/hdr_idx.o src/ev_select.o src/signal.o \ src/acl.o src/pattern.o src/memory.o src/freq_ctr.o src/auth.o EBTREE_OBJS = $(EBTREE_DIR)/ebtree.o \ $(EBTREE_DIR)/eb32tree.o $(EBTREE_DIR)/eb64tree.o \ $(EBTREE_DIR)/ebmbtree.o $(EBTREE_DIR)/ebsttree.o \ $(EBTREE_DIR)/ebimtree.o $(EBTREE_DIR)/ebistree.o # Not used right now LIB_EBTREE = $(EBTREE_DIR)/libebtree.a haproxy: $(OBJS) $(OPTIONS_OBJS) $(EBTREE_OBJS) $(LD) $(LDFLAGS) -o $@ $^ $(LDOPTS) $(LIB_EBTREE): $(EBTREE_OBJS) $(AR) rv $@ $^ objsize: haproxy @objdump -t $^|grep ' g '|grep -F '.text'|awk '{print $$5 FS $$6}'|sort %.o: %.c $(CC) $(COPTS) -c -o $@ $< src/haproxy.o: src/haproxy.c $(CC) $(COPTS) \ -DBUILD_TARGET='"$(strip $(TARGET))"' \ -DBUILD_ARCH='"$(strip $(ARCH))"' \ -DBUILD_CPU='"$(strip $(CPU))"' \ -DBUILD_CC='"$(strip $(CC))"' \ -DBUILD_CFLAGS='"$(strip $(VERBOSE_CFLAGS))"' \ -DBUILD_OPTIONS='"$(strip $(BUILD_OPTIONS))"' \ -c -o $@ $< src/dlmalloc.o: $(DLMALLOC_SRC) $(CC) $(COPTS) -DDEFAULT_MMAP_THRESHOLD=$(DLMALLOC_THRES) -c -o $@ $< install-man: install -d $(DESTDIR)$(MANDIR)/man1 install -m 644 doc/haproxy.1 $(DESTDIR)$(MANDIR)/man1 install-doc: install -d $(DESTDIR)$(DOCDIR) for x in configuration architecture haproxy-en haproxy-fr; do \ install -m 644 doc/$$x.txt $(DESTDIR)$(DOCDIR) ; \ done install-bin: haproxy install -d $(DESTDIR)$(SBINDIR) install haproxy $(DESTDIR)$(SBINDIR) install: install-bin install-man install-doc clean: rm -f *.[oas] src/*.[oas] ebtree/*.[oas] haproxy test for dir in . src include/* doc ebtree; do rm -f $$dir/*~ $$dir/*.rej $$dir/core; done rm -f haproxy-$(VERSION).tar.gz haproxy-$(VERSION)$(SUBVERS).tar.gz rm -f haproxy-$(VERSION) nohup.out gmon.out tags: find src include \( -name '*.c' -o -name '*.h' \) -print0 | \ xargs -0 etags --declarations --members tar: clean ln -s . haproxy-$(VERSION) tar --exclude=haproxy-$(VERSION)/.git \ --exclude=haproxy-$(VERSION)/haproxy-$(VERSION) \ --exclude=haproxy-$(VERSION)/haproxy-$(VERSION).tar.gz \ -cf - haproxy-$(VERSION)/* | gzip -c9 >haproxy-$(VERSION).tar.gz rm -f haproxy-$(VERSION) git-tar: git archive --format=tar --prefix="haproxy-$(VERSION)/" HEAD | gzip -9 > haproxy-$(VERSION)$(SUBVERS).tar.gz version: @echo "VERSION: $(VERSION)" @echo "SUBVERS: $(SUBVERS)" @echo "VERDATE: $(VERDATE)" # never use this one if you don't know what it is used for. update-version: @echo "Ready to update the following versions :" @echo "VERSION: $(VERSION)" @echo "SUBVERS: $(SUBVERS)" @echo "VERDATE: $(VERDATE)" @echo "Press [ENTER] to continue or Ctrl-C to abort now.";read echo "$(VERSION)" > VERSION echo "$(SUBVERS)" > SUBVERS echo "$(VERDATE)" > VERDATE haproxy-1.4.24/Makefile.bsd000066400000000000000000000115561215760735600155270ustar00rootroot00000000000000# This makefile is dedicated to OpenBSD (and possibly other BSDs) # You should use it this way : # make TARGET=os CPU=cpu # # Some optional components may be added, such as DLMALLOC : # # make TARGET=freebsd CPU=i686 DLMALLOC_SRC=/usr/local/src/dlmalloc.c \ # OPT_OBJS=src/dlmalloc.o # Select target OS. TARGET must match a system for which COPTS and LIBS are # correctly defined below. TARGET = openbsd # pass CPU= to make to optimize for a particular CPU CPU = generic #CPU = native #CPU = i586 #CPU = i686 #CPU = ultrasparc # By default, we use libc's regex. WARNING! On Solaris 8/Sparc, group # references seem broken using libc ! Use pcre instead. REGEX=libc #REGEX=pcre #REGEX=static-pcre # tools options CC = gcc LD = gcc # This is the directory hosting include/pcre.h and lib/libpcre.* when REGEX=pcre PCREDIR!= pcre-config --prefix 2>/dev/null || : #PCREDIR=/usr/local # This is for OpenBSD 3.0 and above COPTS.openbsd = -DENABLE_POLL -DENABLE_KQUEUE LIBS.openbsd = # CPU dependant optimizations COPTS.generic = -O2 COPTS.native = -O2 -march=native COPTS.i586 = -O2 -march=i586 COPTS.i686 = -O2 -march=i686 COPTS.ultrasparc = -O6 -mcpu=v9 -mtune=ultrasparc # options for standard regex library COPTS.libc= LIBS.libc= # options for libpcre COPTS.pcre=-DUSE_PCRE -I$(PCREDIR)/include LIBS.pcre=-L$(PCREDIR)/lib -lpcreposix -lpcre # options for static libpcre COPTS.static-pcre=-DUSE_PCRE -I$(PCREDIR)/include LIBS.static-pcre=-L$(PCREDIR)/lib -Wl,-Bstatic -lpcreposix -lpcre -Wl,-Bdynamic # you can enable debug arguments with "DEBUG=-g" or disable them with "DEBUG=" #DEBUG = -g -DDEBUG_MEMORY -DDEBUG_FULL DEBUG = -g # if small memory footprint is required, you can reduce the buffer size. There # are 2 buffers per concurrent session, so 16 kB buffers will eat 32 MB memory # with 1000 concurrent sessions. Putting it slightly lower than a page size # will avoid the additionnal paramters to overflow a page. 8030 bytes is # exactly 5.5 TCP segments of 1460 bytes. #SMALL_OPTS = SMALL_OPTS = -DBUFSIZE=8030 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=1024 # redefine this if you want to add some special PATH to include/libs ADDINC = ADDLIB = # redefine this if you want to add some special .o files OPT_OBJS = # set some defines when needed. # Known ones are -DENABLE_POLL # - use -DTPROXY to compile with transparent proxy support. DEFINE = -DTPROXY # May be changed to patch PAGE_SIZE on every platform when using dlmalloc DLMALLOC_THRES=4096 # global options TARGET_OPTS=$(COPTS.$(TARGET)) REGEX_OPTS=$(COPTS.$(REGEX)) CPU_OPTS=$(COPTS.$(CPU)) SPEC_OPTS=-fno-strict-aliasing VERSION != cat VERSION 2>/dev/null || touch VERSION SUBVERS != cat SUBVERS 2>/dev/null || touch SUBVERS VERDATE != cat VERDATE 2>/dev/null || touch VERDATE VER_OPTS := -DCONFIG_HAPROXY_VERSION=\"$(VERSION)$(SUBVERS)\" \ -DCONFIG_HAPROXY_DATE=\"$(VERDATE)\" # This one can be changed to look for ebtree files in an external directory EBTREE_DIR := ebtree COPTS = -Iinclude -I$(EBTREE_DIR) $(ADDINC) $(CPU_OPTS) $(TARGET_OPTS) \ $(SPEC_OPTS) $(REGEX_OPTS) $(SMALL_OPTS) $(VER_OPTS) $(DEFINE) LIBS = $(LIBS.$(TARGET)) $(LIBS.$(REGEX)) $(ADDLIB) CFLAGS = -Wall $(COPTS) $(DEBUG) LDFLAGS = -g OBJS = src/haproxy.o src/sessionhash.o src/base64.o src/protocols.o \ src/uri_auth.o src/standard.o src/buffers.o src/log.o src/task.o \ src/time.o src/fd.o src/pipe.o src/regex.o src/cfgparse.o src/server.o \ src/checks.o src/queue.o src/client.o src/proxy.o src/proto_uxst.o \ src/proto_http.o src/stream_sock.o src/appsession.o src/backend.o \ src/stream_interface.o src/dumpstats.o src/proto_tcp.o \ src/session.o src/hdr_idx.o src/ev_select.o src/signal.o \ src/lb_chash.o src/lb_fwlc.o src/lb_fwrr.o src/lb_map.o \ src/ev_poll.o src/ev_kqueue.o \ src/acl.o src/memory.o src/freq_ctr.o \ src/auth.o src/stick_table.o src/pattern.o EBTREE_OBJS = $(EBTREE_DIR)/ebtree.o \ $(EBTREE_DIR)/eb32tree.o $(EBTREE_DIR)/eb64tree.o \ $(EBTREE_DIR)/ebmbtree.o $(EBTREE_DIR)/ebsttree.o \ $(EBTREE_DIR)/ebimtree.o $(EBTREE_DIR)/ebistree.o all: haproxy haproxy: $(OBJS) $(OPT_OBJS) $(EBTREE_OBJS) $(LD) $(LDFLAGS) -o $@ $> $(LIBS) .SUFFIXES: .c.o .c.o: $(CC) $(CFLAGS) -c -o $@ $> src/haproxy.o: src/haproxy.c $(CC) $(CFLAGS) -DBUILD_TARGET='"$(TARGET)"' -DBUILD_CC='"$(CC)"' \ -DBUILD_CPU='"$(CPU)"' -DBUILD_REGEX='"$(REGEX)"' \ -DBUILD_OPTS='"$(COPTS)"' -c -o $@ $> src/dlmalloc.o: $(DLMALLOC_SRC) $(CC) $(CFLAGS) -DDEFAULT_MMAP_THRESHOLD=$(DLMALLOC_THRES) -c -o $@ $> clean: rm -f *.[oas] src/*.[oas] ebtree/*.[oas] haproxy test for dir in . src include/* doc ebtree; do rm -f $$dir/*~ $$dir/*.rej $$dir/core; done rm -f haproxy-$(VERSION).tar.gz haproxy-$(VERSION) nohup.out gmon.out version: @echo "VERSION: $(VERSION)" @echo "SUBVERS: $(SUBVERS)" @echo "VERDATE: $(VERDATE)" haproxy-1.4.24/Makefile.osx000066400000000000000000000116571215760735600155720ustar00rootroot00000000000000# This makefile is dedicated to darwin (and possibly other BSDs) # You should use it this way : # make TARGET=os CPU=cpu # # Some optional components may be added, such as DLMALLOC : # # make DLMALLOC_SRC=/usr/local/src/dlmalloc.c \ # OPT_OBJS=src/dlmalloc.o # Select target OS. TARGET must match a system for which COPTS and LIBS are # correctly defined below. TARGET = generic # pass CPU= to make to optimize for a particular CPU CPU = generic #CPU = native #CPU = i586 #CPU = i686 #CPU = ultrasparc # By default, we use libc's regex. WARNING! On Solaris 8/Sparc, group # references seem broken using libc ! Use pcre instead. REGEX=libc #REGEX=pcre #REGEX=static-pcre # tools options CC = gcc LD = gcc # This is the directory hosting include/pcre.h and lib/libpcre.* when REGEX=pcre PCREDIR!= pcre-config --prefix 2>/dev/null || : #PCREDIR=/usr/local # This one can be changed to look for ebtree files in an external directory EBTREE_DIR = ebtree # This is for darwin 3.0 and above COPTS.darwin = -DENABLE_POLL -DENABLE_KQUEUE LIBS.darwin = # CPU dependant optimizations COPTS.generic = -O2 COPTS.native = -O2 -march=native COPTS.i586 = -O2 -march=i586 COPTS.i686 = -O2 -march=i686 COPTS.ultrasparc = -O6 -mcpu=v9 -mtune=ultrasparc # options for standard regex library COPTS.libc= LIBS.libc= # options for libpcre COPTS.pcre=-DUSE_PCRE -I$(PCREDIR)/include LIBS.pcre=-L$(PCREDIR)/lib -lpcreposix -lpcre # options for static libpcre COPTS.static-pcre=-DUSE_PCRE -I$(PCREDIR)/include LIBS.static-pcre=-L$(PCREDIR)/lib -Wl,-Bstatic -lpcreposix -lpcre -Wl,-Bdynamic # you can enable debug arguments with "DEBUG=-g" or disable them with "DEBUG=" #DEBUG = -g -DDEBUG_MEMORY -DDEBUG_FULL DEBUG = -g # if small memory footprint is required, you can reduce the buffer size. There # are 2 buffers per concurrent session, so 16 kB buffers will eat 32 MB memory # with 1000 concurrent sessions. Putting it slightly lower than a page size # will avoid the additionnal paramters to overflow a page. 8030 bytes is # exactly 5.5 TCP segments of 1460 bytes. #SMALL_OPTS = SMALL_OPTS = -DBUFSIZE=8030 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=1024 # redefine this if you want to add some special PATH to include/libs ADDINC = ADDLIB = # set some defines when needed. # Known ones are -DENABLE_POLL # - use -DTPROXY to compile with transparent proxy support. DEFINE = -DTPROXY # May be changed to patch PAGE_SIZE on every platform when using dlmalloc DLMALLOC_THRES=4096 # global options TARGET_OPTS=$(COPTS.$(TARGET)) REGEX_OPTS=$(COPTS.$(REGEX)) CPU_OPTS=$(COPTS.$(CPU)) SPEC_OPTS=-fno-strict-aliasing VERSION != cat VERSION 2>/dev/null || touch VERSION SUBVERS != cat SUBVERS 2>/dev/null || touch SUBVERS VERDATE != cat VERDATE 2>/dev/null || touch VERDATE VER_OPTS := -DCONFIG_HAPROXY_VERSION=\"$(VERSION)$(SUBVERS)\" \ -DCONFIG_HAPROXY_DATE=\"$(VERDATE)\" COPTS = -Iinclude -I$(EBTREE_DIR) $(ADDINC) $(CPU_OPTS) $(TARGET_OPTS) \ $(SPEC_OPTS) $(REGEX_OPTS) $(SMALL_OPTS) $(VER_OPTS) $(DEFINE) LIBS = $(LIBS.$(TARGET)) $(LIBS.$(REGEX)) $(ADDLIB) CFLAGS = -Wall $(COPTS) $(DEBUG) -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch ppc -arch i386 -mmacosx-version-min=10.4 LDFLAGS = -g -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch ppc -arch i386 -mmacosx-version-min=10.4 OBJS = src/haproxy.o src/sessionhash.o src/base64.o src/protocols.o \ src/uri_auth.o src/standard.o src/buffers.o src/log.o src/task.o \ src/time.o src/fd.o src/pipe.o src/regex.o src/cfgparse.o src/server.o \ src/checks.o src/queue.o src/client.o src/proxy.o src/proto_uxst.o \ src/proto_http.o src/stream_sock.o src/appsession.o src/backend.o \ src/stream_interface.o src/dumpstats.o src/proto_tcp.o \ src/session.o src/hdr_idx.o src/ev_select.o src/signal.o \ src/lb_chash.o src/lb_fwlc.o src/lb_fwrr.o src/lb_map.o \ src/ev_poll.o \ src/acl.o src/memory.o src/freq_ctr.o \ src/auth.o src/stick_table.o src/pattern.o EBTREE_OBJS = $(EBTREE_DIR)/ebtree.o \ $(EBTREE_DIR)/eb32tree.o $(EBTREE_DIR)/eb64tree.o \ $(EBTREE_DIR)/ebmbtree.o $(EBTREE_DIR)/ebsttree.o \ $(EBTREE_DIR)/ebimtree.o $(EBTREE_DIR)/ebistree.o all: haproxy haproxy: $(OBJS) $(EBTREE_OBJS) $(LD) $(LDFLAGS) $(OBJS) $(EBTREE_OBJS) -o $@ .SUFFIXES: .c.o .c.o: $(CC) $(CFLAGS) -c -o $@ $< src/haproxy.o: src/haproxy.c $(CC) $(CFLAGS) -DBUILD_TARGET='"$(TARGET)"' -DBUILD_CC='"$(CC)"' \ -DBUILD_CPU='"$(CPU)"' -DBUILD_REGEX='"$(REGEX)"' \ -DBUILD_OPTS='"$(COPTS)"' -c -o $@ $< src/dlmalloc.o: $(DLMALLOC_SRC) $(CC) $(CFLAGS) -DDEFAULT_MMAP_THRESHOLD=$(DLMALLOC_THRES) -c -o $@ $< clean: rm -f *.[oas] src/*.[oas] ebtree/*.[oas] haproxy test for dir in . src include/* doc ebtree; do rm -f $$dir/*~ $$dir/*.rej $$dir/core; done rm -f haproxy-$(VERSION).tar.gz haproxy-$(VERSION) nohup.out gmon.out version: @echo "VERSION: $(VERSION)" @echo "SUBVERS: $(SUBVERS)" @echo "VERDATE: $(VERDATE)" haproxy-1.4.24/README000066400000000000000000000510741215760735600141770ustar00rootroot00000000000000 ---------------------- HAProxy how-to ---------------------- version 1.4 willy tarreau 2013/06/17 1) How to build it ------------------ To build haproxy, you will need : - GNU make. Neither Solaris nor OpenBSD's make work with the GNU Makefile. However, specific Makefiles for BSD and OSX are provided. - GCC between 2.91 and 4.7. Others may work, but not tested. - GNU ld Also, you might want to build with libpcre support, which will provide a very efficient regex implementation and will also fix some badness on Solaris' one. To build haproxy, you have to choose your target OS amongst the following ones and assign it to the TARGET variable : - linux22 for Linux 2.2 - linux24 for Linux 2.4 and above (default) - linux24e for Linux 2.4 with support for a working epoll (> 0.21) - linux26 for Linux 2.6 and above - linux2628 for Linux 2.6.28 and above (enables splice and tproxy) - solaris for Solaris 8 or 10 (others untested) - freebsd for FreeBSD 5 to 8.0 (others untested) - osx for Mac OS/X - openbsd for OpenBSD 3.1 to 5.2 (others untested) - aix52 for AIX 5.2 - cygwin for Cygwin - generic for any other OS. - custom to manually adjust every setting You may also choose your CPU to benefit from some optimizations. This is particularly important on UltraSparc machines. For this, you can assign one of the following choices to the CPU variable : - i686 for intel PentiumPro, Pentium 2 and above, AMD Athlon - i586 for intel Pentium, AMD K6, VIA C3. - ultrasparc : Sun UltraSparc I/II/III/IV processor - native : use the build machine's specific processor optimizations - generic : any other processor or no specific optimization. (default) Alternatively, you may just set the CPU_CFLAGS value to the optimal GCC options for your platform. You may want to build specific target binaries which do not match your native compiler's target. This is particularly true on 64-bit systems when you want to build a 32-bit binary. Use the ARCH variable for this purpose. Right now it only knows about a few x86 variants (i386,i486,i586,i686,x86_64), two generic ones (32,64) and sets -m32/-m64 as well as -march= accordingly. If your system supports PCRE (Perl Compatible Regular Expressions), then you really should build with libpcre which is between 2 and 10 times faster than other libc implementations. Regex are used for header processing (deletion, rewriting, allow, deny). The only inconvenient of libpcre is that it is not yet widely spread, so if you build for other systems, you might get into trouble if they don't have the dynamic library. In this situation, you should statically link libpcre into haproxy so that it will not be necessary to install it on target systems. Available build options for PCRE are : - USE_PCRE=1 to use libpcre, in whatever form is available on your system (shared or static) - USE_STATIC_PCRE=1 to use a static version of libpcre even if the dynamic one is available. This will enhance portability. - with no option, use your OS libc's standard regex implemntation (default). Warning! group references on Solaris seem broken. Use static-pcre whenever possible. By default, the DEBUG variable is set to '-g' to enable debug symbols. It is not wise to disable it on uncommon systems, because it's often the only way to get a complete core when you need one. Otherwise, you can set DEBUG to '-s' to strip the binary. For example, I use this to build for Solaris 8 : $ make TARGET=solaris CPU=ultrasparc USE_STATIC_PCRE=1 And I build it this way on OpenBSD or FreeBSD : $ make -f Makefile.bsd REGEX=pcre DEBUG= COPTS.generic="-Os -fomit-frame-pointer -mgnu" In order to build a 32-bit binary on an x86_64 Linux system : $ make TARGET=linux26 ARCH=i386 If you need to pass other defines, includes, libraries, etc... then please check the Makefile to see which ones will be available in your case, and use the USE_* variables in the GNU Makefile, or ADDINC, ADDLIB, and DEFINE variables in the BSD makefiles. AIX 5.3 is known to work with the generic target. However, for the binary to also run on 5.2 or earlier, you need to build with DEFINE="-D_MSGQSUPPORT", otherwise __fd_select() will be used while not being present in the libc. If you get build errors because of strange symbols or section mismatches, simply remove -g from DEBUG_CFLAGS. You can easily define your own target with the GNU Makefile. Unknown targets are processed with no default option except USE_POLL=default. So you can very well use that property to define your own set of options. USE_POLL can even be disabled by setting USE_POLL="". For example : $ gmake TARGET=tiny USE_POLL="" TARGET_CFLAGS=-fomit-frame-pointer 2) How to install it -------------------- To install haproxy, you can either copy the single resulting binary to the place you want, or run : $ sudo make install If you're packaging it for another system, you can specify its root directory in the usual DESTDIR variable. 3) How to set it up ------------------- There is some documentation in the doc/ directory : - architecture.txt : this is the architecture manual. It is quite old and does not tell about the nice new features, but it's still a good starting point when you know what you want but don't know how to do it. - configuration.txt : this is the configuration manual. It recalls a few essential HTTP basic concepts, and details all the configuration file syntax (keywords, units). It also describes the log and stats format. It is normally always up to date. If you see that something is missing from it, please report it as this is a bug. - haproxy-en.txt / haproxy-fr.txt : these are the old outdated docs. You should never need them. If you do, then please report what you didn't find in the other ones. - gpl.txt / lgpl.txt : the copy of the licenses covering the software. See the 'LICENSE' file at the top for more information. - the rest is mainly for developers. There are also a number of nice configuration examples in the "examples" directory as well as on several sites and articles on the net which are linked to from the haproxy web site. 4) How to report a bug ---------------------- It is possible that from time to time you'll find a bug. A bug is a case where what you see is not what is documented. Otherwise it can be a misdesign. If you find that something is stupidly design, please discuss it on the list (see the "how to contribute" section below). If you feel like you're proceeding right and haproxy doesn't obey, then first ask yourself if it is possible that nobody before you has even encountered this issue. If it's unlikely, the you probably have an issue in your setup. Just in case of doubt, please consult the mailing list archives : http://www.formilux.org/archives/haproxy/ http://marc.info/?l=haproxy Otherwise, please try to gather the maximum amount of information to help reproduce the issue and send that to the mailing list : haproxy@formilux.org Please include your configuration and logs. You can mask your IP addresses and passwords, we don't need them. But it's essential that you post your config if you want people to guess what is happening. Also, keep in mind that haproxy is designed to NEVER CRASH. If you see it die without any reason, then it definitely is a critical bug that must be reported and urgently fixed. It has happened a couple of times in the past, essentially on development versions running on new architectures. If you think your setup is fairly common, then it is possible that the issue is totally unrelated. Anyway, if that happens, feel free to contact me directly, as I will give you instructions on how to collect a usable core file, and will probably ask for other captures that you'll not want to share with the list. 5) How to contribute -------------------- It is possible that you'll want to add a specific feature to satisfy your needs or one of your customers'. Contributions are welcome, however I'm often very picky about changes. I will generally reject patches that change massive parts of the code, or that touch the core parts without any good reason if those changes have not been discussed first. The proper place to discuss your changes is the HAProxy Mailing List. There are enough skilled readers to catch hazardous mistakes and to suggest improvements. I trust a number of them enough to merge a patch if they say it's OK, so using the list is the fastest way to get your code reviewed and merged. You can subscribe to it by sending an empty e-mail at the following address : haproxy+subscribe@formilux.org If you have an idea about something to implement, *please* discuss it on the list first. It has already happened several times that two persons did the same thing simultaneously. This is a waste of time for both of them. It's also very common to see some changes rejected because they're done in a way that will conflict with future evolutions, or that does not leave a good feeling. It's always unpleasant for the person who did the work, and it is unpleasant for me too because I value people's time and efforts. That would not happen if these were discussed first. There is no problem posting work in progress to the list, it happens quite often in fact. Also, don't waste your time with the doc when submitting patches for review, only add the doc with the patch you consider ready to merge. If your work is very confidential and you can't publicly discuss it, you can also mail me directly about it, but your mail may be waiting several days in the queue before you get a response. If you'd like a feature to be added but you think you don't have the skills to implement it yourself, you should follow these steps : 1. discuss the feature on the mailing list. It is possible that someone else has already implemented it, or that someone will tell you how to proceed without it, or even why not to do it. It is also possible that in fact it's quite easy to implement and people will guide you through the process. That way you'll finally have YOUR patch merged, providing the feature YOU need. 2. if you really can't code it yourself after discussing it, then you may consider contacting someone to do the job for you. Some people on the list might be OK with trying to do it. Otherwise, you can check the list of contributors at the URL below, some of the regular contributors may be able to do the work, probably not for free but their time is as much valuable as yours after all, you can't eat the cake and have it too. The list of past and regular contributors is available below. It lists not only significant code contributions (features, fixes), but also time or money donations : http://haproxy.1wt.eu/contrib.html Note to contributors: it's very handy when patches comes with a properly formated subject. There are 3 criteria of particular importance in any patch : - its nature (is it a fix for a bug, a new feature, an optimization, ...) - its importance, which generally reflects the risk of merging/not merging it - what area it applies to (eg: http, stats, startup, config, doc, ...) It's important to make these 3 criteria easy to spot in the patch's subject, because it's the first (and sometimes the only) thing which is read when reviewing patches to find which ones need to be backported to older versions. Specifically, bugs must be clearly easy to spot so that they're never missed. Any patch fixing a bug must have the "BUG" tag in its subject. Most common patch types include : - BUG fix for a bug. The severity of the bug should also be indicated when known. Similarly, if a backport is needed to older versions, it should be indicated on the last line of the commit message. If the bug has been identified as a regression brought by a specific patch or version, this indication will be appreciated too. New maintenance releases are generally emitted when a few of these patches are merged. - CLEANUP code cleanup, silence of warnings, etc... theorically no impact. These patches will rarely be seen in stable branches, though they may appear when they remove some annoyance or when they make backporting easier. By nature, a cleanup is always minor. - REORG code reorganization. Some blocks may be moved to other places, some important checks might be swapped, etc... These changes always present a risk of regression. For this reason, they should never be mixed with any bug fix nor functional change. Code is only moved as-is. Indicating the risk of breakage is highly recommended. - BUILD updates or fixes for build issues. Changes to makefiles also fall into this category. The risk of breakage should be indicated if known. It is also appreciated to indicate what platforms and/or configurations were tested after the change. - OPTIM some code was optimised. Sometimes if the regression risk is very low and the gains significant, such patches may be merged in the stable branch. Depending on the amount of code changed or replaced and the level of trust the author has in the change, the risk of regression should be indicated. - RELEASE release of a new version (development or stable). - LICENSE licensing updates (may impact distro packagers). When the patch cannot be categorized, it's best not to put any tag. This is commonly the case for new features, which development versions are mostly made of. Additionally, the importance of the patch should be indicated when known. A single upper-case word is preferred, among : - MINOR minor change, very low risk of impact. It is often the case for code additions that don't touch live code. For a bug, it generally indicates an annoyance, nothing more. - MEDIUM medium risk, may cause unexpected regressions of low importance or which may quickly be discovered. For a bug, it generally indicates something odd which requires changing the configuration in an undesired way to work around the issue. - MAJOR major risk of hidden regression. This happens when I rearrange large parts of code, when I play with timeouts, with variable initializations, etc... We should only exceptionally find such patches in stable branches. For a bug, it indicates severe reliability issues for which workarounds are identified with or without performance impacts. - CRITICAL medium-term reliability or security is at risk and workarounds, if they exist, might not always be acceptable. An upgrade is absolutely required. A maintenance release may be emitted even if only one of these bugs are fixed. Note that this tag is only used with bugs. Such patches must indicate what is the first version affected, and if known, the commit ID which introduced the issue. If this criterion doesn't apply, it's best not to put it. For instance, most doc updates and most examples or test files are just added or updated without any need to qualify a level of importance. The area the patch applies to is quite important, because some areas are known to be similar in older versions, suggesting a backport might be desirable, and conversely, some areas are known to be specific to one version. When the tag is used alone, uppercase is preferred for readability, otherwise lowercase is fine too. The following tags are suggested but not limitative : - doc documentation updates or fixes. No code is affected, no need to upgrade. These patches can also be sent right after a new feature, to document it. - examples example files. Be careful, sometimes these files are packaged. - tests regression test files. No code is affected, no need to upgrade. - init initialization code, arguments parsing, etc... - config configuration parser, mostly used when adding new config keywords - http the HTTP engine - stats the stats reporting engine as well as the stats socket CLI - checks the health checks engine (eg: when adding new checks) - acl the ACL processing core or some ACLs from other areas - peers the peer synchronization engine - listeners everything related to incoming connection settings - frontend everything related to incoming connection processing - backend everything related to LB algorithms and server farm - session session processing and flags (very sensible, be careful) - server server connection management, queueing - proxy proxy maintenance (start/stop) - log log management - poll any of the pollers - halog the halog sub-component in the contrib directory - contrib any addition to the contrib directory Other names may be invented when more precise indications are meaningful, for instance : "cookie" which indicates cookie processing in the HTTP core. Last, indicating the name of the affected file is also a good way to quickly spot changes. Many commits were already tagged with "stream_sock" or "cfgparse" for instance. It is desired that AT LEAST one of the 3 criteria tags is reported in the patch subject. Ideally, we would have the 3 most often. The two first criteria should be present before a first colon (':'). If both are present, then they should be delimited with a slash ('/'). The 3rd criterion (area) should appear next, also followed by a colon. Thus, all of the following messages are valid : Examples of messages : - DOC: document options forwardfor to logasap - DOC/MAJOR: reorganize the whole document and change indenting - BUG: stats: connection reset counters must be plain ascii, not HTML - BUG/MINOR: stats: connection reset counters must be plain ascii, not HTML - MEDIUM: checks: support multi-packet health check responses - RELEASE: Released version 1.4.2 - BUILD: stats: stdint is not present on solaris - OPTIM/MINOR: halog: make fgets parse more bytes by blocks - REORG/MEDIUM: move syscall redefinition to specific places Please do not use square brackets anymore around the tags, because they give me more work when merging patches. By default I'm asking Git to keep them but this causes trouble when patches are prefixed with the [PATCH] tag because in order not to store it, I have to hand-edit the patches. So as of now, I will ask Git to remove whatever is located between square brackets, which implies that any subject formatted the old way will have its tag stripped out. In fact, one of the only square bracket tags that still makes sense is '[RFC]' at the beginning of the subject, when you're asking for someone to review your change before getting it merged. If the patch is OK to be merged, then I can merge it as-is and the '[RFC]' tag will automatically be removed. If you don't want it to be merged at all, you can simply state it in the message, or use an alternate '[WIP]' tag ("work in progress"). The tags are not rigid, follow your intuition first, anyway I reserve the right to change them when merging the patch. It may happen that a same patch has a different tag in two distinct branches. The reason is that a bug in one branch may just be a cleanup in the other one because the code cannot be triggered. For a more efficient interaction between the mainline code and your code, I can only strongly encourage you to try the Git version control system : http://git-scm.com/ It's very fast, lightweight and lets you undo/redo your work as often as you want, without making your mistakes visible to the rest of the world. It will definitely help you contribute quality code and take other people's feedback in consideration. In order to clone the HAProxy Git repository : $ git clone http://git.1wt.eu/git/haproxy-1.4.git (stable 1.4) $ git clone http://git.1wt.eu/git/haproxy.git/ (development) If you decide to use Git for your developments, then your commit messages will have the subject line in the format described above, then the whole description of your work (mainly why you did it) will be in the body. You can directly send your commits to the mailing list, the format is convenient to read and process. -- end haproxy-1.4.24/ROADMAP000066400000000000000000000100531215760735600143150ustar00rootroot00000000000000'+' = done, '-' = todo, '*' = done except doc 1.2.12 : + weighted RR/SH 1.2.13 : + maxconn + queueing 1.2.14 : + HTML status page stats enable stats uri /?stats stats realm w.ods.org\ statistics stats auth user1:pass1 stats auth user2:pass2 stats auth user3:pass3 stats scope | '.' + allow server-less proxies (for stats) - separate timeout controls + option 'abortonclose' : if the session is queued or being connecting to the server, and the client sends a shutdown(), then decide to abort the session early because in most situations, this will be caused by a client hitting the 'Stop' button, so there's no reason to overload the servers with unservable requests. However, this is not HTTP compliant and might cause little trouble to some very specific clients used to close immediately after sending the request (no support for KA, which ones?) + minconn : makes the server's maxconn dynamic, which will be computed as a ratio of the proxy's sessions : srv->effective_maxconn = max(srv->maxconn * px->nbsess / px->maxconn, srv->minconn) 1.2.15 : + monitor-uri : specify an URI for which we will always return 'HTTP/1.0 200' and never forward nor log it. + option ssl-hello-chk : send SSLv3 client hello messages to check the servers 1.3 : - remove unused STATTIME - reference all the include files that must be created, possibly under subdirs : - acl.h => more general ACL work - appcook.h => appsession-related cookies - backend.h => back-end part of the PR_O_* + backend definitions - buffers.h => buffer management relying on memory.h - capture.h => header and cookie capture - cfgparse.h => configuration parser - checks.h => health checks - clireq.h => the client side "request" part of the current sessions. - compat.h => compatibility with other OSes (TCP_NODELAY, ...) - config.h => config parameters, renamed CONFIG_HAP_*, includes defaults.h - controls.h => SN_CACHEABLE, ... - cookies.h => definitions related to cookie management + SN_SCK_* - defaults.h => many default values, might disappear soon after cleanup - frontend.h => front-end part of the PR_O_* + client definitions + listeners - global.h => shared global variables - http.h => HTTP state definitions and transitions - httperr.{hc} => HTTP return codes - libtask.h => task scheduler - libtime.h => time-related definitions - loadbal.h => load balancing algorithms - log.h => log definitions - memory.h => pools - polling.h => definitions of select(), poll(), INTBITS, ... - queue.h => queue management - regex.h => filtering - servers.h => servers definitions (SRV_*, states, ...) - fd.h => FD_ST* (add FD_DGRAM), RES_*, socket states, etc... - srvreq.h => the server side "request" part of the current sessions. - standard.h => general purpose macros and defines (eg: MIN/MAX, ...) - startup.h => MODE_* - tuning.h => platform-specific tuning parameters - clarify licence by adding a 'MODULE_LICENCE("GPL")' or something equivalent. - handle half-closed connections better (cli/srv would not distinguish DATA/SHUTR/SHUTW, it would be a session flag which would tell shutr/shutw). Check how it got changed in httpterm. - 3 memory models : failsafe (prealloc), normal (current), optimal (alloc on demand) - wait queues replaced for priority-based trees - ability to assign a prio based on L7 matching - prio-based O(1) scheduler - maxconn reserve for VIP/admins - verify if it would be worth implementing an epoll_ctl_batch() for Linux - balance LC/WLC (patch available) - option minservers XXX : activates some backup servers when active servers are insufficient - monitor minservers XXX : monitor-net and monitor-uri could report a failure when the number of active servers is below this threshold. - option smtp-chk : use SMTP health checks (avoid logs if possible) - new keyword 'check' : check http xxx, check smtp xxx, check ssl-hello haproxy-1.4.24/SUBVERS000066400000000000000000000000011215760735600143530ustar00rootroot00000000000000 haproxy-1.4.24/TODO000066400000000000000000000155171215760735600140110ustar00rootroot00000000000000* x-forwarded-for * implémenter l'option "log global" au niveau proxy pour utiliser les logs globaux. * matching case-insensitive * implémenter outgoing addr * loguer t_cnx, t_data, t_total + factoriser la fonction de log (send_log = send_syslog+warning+alert) + désactivation du keep-alive (suppression des ^Connection: et ajout des Connection: close) -> 4 lignes (2 del, 2 add) suffisent. + ne pas loguer certaines adresses IP sources -> pour les health-checks uniquement -> pas de log pour les requêtes vides (option dontlognull) - mesurer le tps consommé entre deux select, et fournir la conso CPU : %cpu = 100 * (tpreselect(n+1)-tpostselect(n)) / (tpreselect(n+1)-tpreselect(n)) * implémenter limitation fd dans la conf : setrlimit(RLIMIT_NOFILE, ...) - implémenter core/no-core dans la conf : setrlimit(RLIMIT_CORE, ...) - optimiser les regex pour accélérer les matches : - compter les matches - si match(n) & ([n].cpt > [n-1].cpt) & ([n].action == [n-1].action), swap(n,n-1) - régulièrement, diviser tous les compteurs (lors d'un dépassement par exemple) - filtrage sur l'adresse IP source, et stocker le pointeur sur la dernière regex matchée dans la "session" pour accélérer les regex. - gestion keep-alive + handle parametrable HTTP health-checks replies - differentiate http headers and http uris - support environment variables in config file - support keep-alive - support SSL ===================== demandes ========================== ok> 1) écoute sur une plage de ports : ok> listen XXX 1.2.3.4:21000-21060 ok> ok> 2) écoutes multiples : ok> listen XXX 1.2.3.4:21000 ok> bind 2.3.4.5:21001 ok> bind 2.3.4.5:21000-21060 ok> ok> => on en arrive à ceci : ok> ok> listen XXX [ address:port ] ok> bind addr:plage-port[,[addr:]plage-port]* ok> bind ... ok> ... ok> ok> => proxy->listen_fd et proxy->listen_addr doivent être ok> mis dans des listes ok> => OK pour listen, implémenter le BIND. ok> ok> 3) reconnexion sur le même port sur le serveur : ok> ok> server XXX 1.2.3.4[:port] ok> si n'est pas spécifié, on utilise le même port que celui qui a reçu ok> la connexion. Dans ce cas, il faut pouvoir forcer le port du health-check ok> par un nouveau parametre "port". ok> ok> => ça permet les forwardings de plages : ok> ok> listen XXX ok> bind 1.2.3.4:10000-11000 ok> server 1.2.3.5 ok> 4) paramètres par défaut : créer une section "defaults" qui précise les paramètres par défaut pour les sections suivantes, concernant les paramètres suivants : ok- les logs ok- les modes (tcp/http) ok- le balancing (round-robin/source) ok- les time-outs ok- maxconn ok- redisp ok- les options ok- le retry ok- les checks ok- les cookies/captures - les options des serveurs ? - les filtres et regex ? * implémenter "balance source" pour faire un hash sur la source. permettre de spécifier un masque sur lequel s'applique le hachage, ainsi qu'une option pour hacher en fonction de l'adresse dans le champ "x-forwarded-for". Problème pour le support des pannes: ce type de hash est utile là où la persistence par cookie ne peut pas s'appliquer, donc comment faire pour assurer un maximum de persistence en cas de panne ? 6) possibilité d'un process séparé par listen : listen XXX fork [ group_id ] le fait de spécifier group_id fera que toutes les instances utilisant le même identifiant de groupe seront gérées par un même processus. -> plus souple et plus compréhensible de faire des sections par processus, ce qui résoud également le cas ci-dessous. Ex: process_group X nbproc X uid X chroot X listen ... 7) gérer un chroot/uid/gid différents par process : listen XXX chroot /truc uid 123 gid 456 8) beaucoup de paramètres pourraient être spécifiques aux serveurs et non aux instances. Exemples : * adresse IP source pour atteindre le serveur - méthode de health-check (proto, ...) * méthode de health-check (port) - poids - alerte en cas de disparition - le nombre max de sessions à lui envoyer ok> 9) ajouter des paramètres optionnels à l'option "httpchk" permettant ok> de forcer la méthode, la version HTTP et des headers. ok> ex: option httpchk -> OPTIONS / HTTP/1.0 ok> option httpchk /test -> OPTIONS /test HTTP/1.0 ok> option httpchk HEAD / HTTP/1.0\nHost:\ www -> tel quel Todo for 1.1 ============ * "no more server" alert * config check - anti-flapping Todo for 1.2 ============ - direct - new config syntax allowing braces to be able to shorten lines - insert/learn/check/log unique request ID, and add the ability to block bad responses. - IPv6 : * listen [ip4.ip4.ip4.ip4]:port[-port] * listen [ip6::...ip6]/port[-port] - server xxx ipv4 | ipv4: | ipv4:port[-port] | ipv6/ | ipv6/port[-port] * appcookie * weighted round robin - option to shutdown(listen_sock) when max connections reached * epoll - replace the event scheduler with an O(log(N)) one. The timer queue will need a tree with a known end (to speed up queueing of latest events), and no entry for eternity. - refine memory management so that the request buffer is only allocated in cli_read() and response buffer during srv_read(). This would protect against attacks with thousands connections : 20000 connections consume 340 MB RSS and 1.3 GB VSZ on Linux. Data should be in a separate buffer to prevent any activity on the buffer's pointers from touching the buffer page itself. - make buffer size configurable in global options * monitor number of simultaneous sessions in logs (per srv/inst/global) * ignore leading empty lines in HTTP requests + limit the per-server number of sessions and queue incoming connections => still needs refinement (actions at servers UP/DOWN, timeouts) - new 'timeout' keyword to set all timeouts (including the queue) - ability to intercept an URI to report statistics - ability to intercept an URI to return 404 - embedded error pages loaded in memory at startup time (eg: for expired time in connection queue) TODO for 1.3 ============ - check all copyrights - fix Makefile.bsd - separate inline functions to put them in files covered by GPL - implement HTTP status 414 - request URI too long - implement 'use_filters ' and 'use_backend ' - fix the logs. The logs might be defined from the frontend and augmented depending on the backends' options. Another solution would be to support a 'log' type entity just like the frontend, filters and backend, on which every entity could rely. - implement 'on uri ', 'on host ' - remove the first now useless hop in hdr_idx - balance on URI hash (specify length or depth) - balance on any header hash (eg: host) - balance with redirections to real servers - multi-site LB with weighted redirections to the remote one haproxy-1.4.24/VERDATE000066400000000000000000000000131215760735600143170ustar00rootroot000000000000002013/06/17 haproxy-1.4.24/VERSION000066400000000000000000000000071215760735600143550ustar00rootroot000000000000001.4.24 haproxy-1.4.24/contrib/000077500000000000000000000000001215760735600147505ustar00rootroot00000000000000haproxy-1.4.24/contrib/base64/000077500000000000000000000000001215760735600160345ustar00rootroot00000000000000haproxy-1.4.24/contrib/base64/base64rev-gen.c000066400000000000000000000026071215760735600205550ustar00rootroot00000000000000/* * base64rev generator * * Copyright 2009-2010 Krzysztof Piotr Oledzki * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * */ #include const char base64tab[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; char base64rev[128]; #define base '#' /* arbitrary chosen base value */ #define B64MAX 64 #define B64PADV B64MAX int main() { char *p, c; int i, min = 255, max = 0; for (i = 0; i < sizeof(base64rev); i++) base64rev[i] = base; for (i = 0; i < B64MAX; i++) { c = base64tab[i]; if (min > c) min = c; if (max < c) max = c; } for (i = 0; i < B64MAX; i++) { c = base64tab[i]; if (base+i+1 > 127) { printf("Wrong base value @%d\n", i); return 1; } base64rev[c - min] = base+i+1; } base64rev['=' - min] = base + B64PADV; base64rev[max - min + 1] = '\0'; printf("#define B64BASE '%c'\n", base); printf("#define B64CMIN '%c'\n", min); printf("#define B64CMAX '%c'\n", max); printf("#define B64PADV %u\n", B64PADV); p = base64rev; printf("const char base64rev[]=\""); for (p = base64rev; *p; p++) { if (*p == '\\') printf("\\%c", *p); else printf("%c", *p); } printf("\"\n"); return 0; } haproxy-1.4.24/contrib/halog/000077500000000000000000000000001215760735600160425ustar00rootroot00000000000000haproxy-1.4.24/contrib/halog/Makefile000066400000000000000000000013611215760735600175030ustar00rootroot00000000000000EBTREE_DIR = ../../ebtree INCLUDE = -I../../include -I$(EBTREE_DIR) CC = gcc # note: it is recommended to also add -fomit-frame-pointer on i386 OPTIMIZE = -O3 # most recent glibc provide platform-specific optimizations that make # memchr faster than the generic C implementation (eg: SSE and prefetch # on x86_64). Try with an without. In general, on x86_64 it's better to # use memchr using the define below. # DEFINE = -DUSE_MEMCHR DEFINE = OBJS = halog halog: halog.c fgets2.c $(CC) $(OPTIMIZE) $(DEFINE) -o $@ $(INCLUDE) $(EBTREE_DIR)/ebtree.c $(EBTREE_DIR)/eb32tree.c $(EBTREE_DIR)/eb64tree.c $(EBTREE_DIR)/ebmbtree.c $(EBTREE_DIR)/ebsttree.c $(EBTREE_DIR)/ebistree.c $(EBTREE_DIR)/ebimtree.c $^ clean: rm -f $(OBJS) *.[oas] haproxy-1.4.24/contrib/halog/fgets2.c000066400000000000000000000170251215760735600174050ustar00rootroot00000000000000/* * fast fgets() replacement for log parsing * * Copyright 2000-2012 Willy Tarreau * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation, version 2.1 * exclusively. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this library; if not, write to the Free Software Foundation, * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA * * This function manages its own buffer and returns a pointer to that buffer * in order to avoid expensive memory copies. It also checks for line breaks * 32 or 64 bits at a time. It could be improved a lot using mmap() but we * would not be allowed to replace trailing \n with zeroes and we would be * limited to small log files on 32-bit machines. * */ #include #include #include #include #ifndef FGETS2_BUFSIZE #define FGETS2_BUFSIZE (256*1024) #endif /* return non-zero if the integer contains at least one zero byte */ static inline unsigned int has_zero32(unsigned int x) { unsigned int y; /* Principle: we want to perform 4 tests on one 32-bit int at once. For * this, we have to simulate an SIMD instruction which we don't have by * default. The principle is that a zero byte is the only one which * will cause a 1 to appear on the upper bit of a byte/word/etc... when * we subtract 1. So we can detect a zero byte if a one appears at any * of the bits 7, 15, 23 or 31 where it was not. It takes only one * instruction to test for the presence of any of these bits, but it is * still complex to check for their initial absence. Thus, we'll * proceed differently : we first save and clear only those bits, then * we check in the final result if one of them is present and was not. * The order of operations below is important to save registers and * tests. The result is used as a boolean, so the last test must apply * on the constant so that it can efficiently be inlined. */ #if defined(__i386__) /* gcc on x86 loves copying registers over and over even on code that * simple, so let's do it by hand to prevent it from doing so :-( */ asm("lea -0x01010101(%0),%1\n" "not %0\n" "and %1,%0\n" : "=a" (x), "=r"(y) : "0" (x) ); return x & 0x80808080; #else y = x - 0x01010101; /* generate a carry */ x = ~x & y; /* clear the bits that were already set */ return x & 0x80808080; #endif } /* return non-zero if the argument contains at least one zero byte. See principle above. */ static inline unsigned long long has_zero64(unsigned long long x) { unsigned long long y; y = x - 0x0101010101010101ULL; /* generate a carry */ y &= ~x; /* clear the bits that were already set */ return y & 0x8080808080808080ULL; } static inline unsigned long has_zero(unsigned long x) { return (sizeof(x) == 8) ? has_zero64(x) : has_zero32(x); } /* find a '\n' between and . Warning: may read slightly past . * If no '\n' is found, is returned. */ static char *find_lf(char *next, char *end) { #if defined USE_MEMCHR /* some recent libc use platform-specific optimizations to provide more * efficient byte search than below (eg: glibc 2.11 on x86_64). */ next = memchr(next, '\n', end - next); if (!next) next = end; #else if (sizeof(long) == 4) { /* 32-bit system */ /* this is a speed-up, we read 32 bits at once and check for an * LF character there. We stop if found then continue one at a * time. */ while (next < end && (((unsigned long)next) & 3) && *next != '\n') next++; /* Now next is multiple of 4 or equal to end. We know we can safely * read up to 32 bytes past end if needed because they're allocated. */ while (next < end) { if (has_zero32(*(unsigned int *)next ^ 0x0A0A0A0A)) break; next += 4; if (has_zero32(*(unsigned int *)next ^ 0x0A0A0A0A)) break; next += 4; if (has_zero32(*(unsigned int *)next ^ 0x0A0A0A0A)) break; next += 4; if (has_zero32(*(unsigned int *)next ^ 0x0A0A0A0A)) break; next += 4; if (has_zero32(*(unsigned int *)next ^ 0x0A0A0A0A)) break; next += 4; if (has_zero32(*(unsigned int *)next ^ 0x0A0A0A0A)) break; next += 4; if (has_zero32(*(unsigned int *)next ^ 0x0A0A0A0A)) break; next += 4; if (has_zero32(*(unsigned int *)next ^ 0x0A0A0A0A)) break; next += 4; } } else { /* 64-bit system */ /* this is a speed-up, we read 64 bits at once and check for an * LF character there. We stop if found then continue one at a * time. */ if (next <= end) { /* max 3 bytes tested here */ while ((((unsigned long)next) & 3) && *next != '\n') next++; /* maybe we have can skip 4 more bytes */ if ((((unsigned long)next) & 4) && !has_zero32(*(unsigned int *)next ^ 0x0A0A0A0AU)) next += 4; } /* now next is multiple of 8 or equal to end */ while (next <= (end-68)) { if (has_zero64(*(unsigned long long *)next ^ 0x0A0A0A0A0A0A0A0AULL)) break; next += 8; if (has_zero64(*(unsigned long long *)next ^ 0x0A0A0A0A0A0A0A0AULL)) break; next += 8; if (has_zero64(*(unsigned long long *)next ^ 0x0A0A0A0A0A0A0A0AULL)) break; next += 8; if (has_zero64(*(unsigned long long *)next ^ 0x0A0A0A0A0A0A0A0AULL)) break; next += 8; if (has_zero64(*(unsigned long long *)next ^ 0x0A0A0A0A0A0A0A0AULL)) break; next += 8; if (has_zero64(*(unsigned long long *)next ^ 0x0A0A0A0A0A0A0A0AULL)) break; next += 8; if (has_zero64(*(unsigned long long *)next ^ 0x0A0A0A0A0A0A0A0AULL)) break; next += 8; if (has_zero64(*(unsigned long long *)next ^ 0x0A0A0A0A0A0A0A0AULL)) break; next += 8; } /* maybe we can skip 4 more bytes */ if (!has_zero32(*(unsigned int *)next ^ 0x0A0A0A0AU)) next += 4; } /* We finish if needed : if is below , it means we * found an LF in one of the 4 following bytes. */ while (next < end) { if (*next == '\n') break; next++; } #endif return next; } const char *fgets2(FILE *stream) { static char buffer[FGETS2_BUFSIZE + 68]; /* Note: +32 is enough on 32-bit systems */ static char *end = buffer; static char *line = buffer; char *next; int ret; next = line; while (1) { next = find_lf(next, end); if (next < end) { const char *start = line; *next = '\0'; line = next + 1; return start; } /* we found an incomplete line. First, let's move the * remaining part of the buffer to the beginning, then * try to complete the buffer with a new read. We can't * rely on anymore because it went past . */ if (line > buffer) { if (end != line) memmove(buffer, line, end - line); end = buffer + (end - line); next = end; line = buffer; } else { if (end == buffer + FGETS2_BUFSIZE) return NULL; } ret = read(fileno(stream), end, buffer + FGETS2_BUFSIZE - end); if (ret <= 0) { if (end == line) return NULL; *end = '\0'; end = line; /* ensure we stop next time */ return line; } end += ret; *end = '\n'; /* make parser stop ASAP */ /* search for '\n' again */ } } #ifdef BENCHMARK int main() { const char *p; unsigned int lines = 0; while ((p=fgets2(stdin))) lines++; printf("lines=%d\n", lines); return 0; } #endif haproxy-1.4.24/contrib/halog/halog.c000066400000000000000000001253051215760735600173060ustar00rootroot00000000000000/* * haproxy log statistics reporter * * Copyright 2000-2012 Willy Tarreau * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * */ #include #include #include #include #include #include #include #include #include #include #include #include #define SOURCE_FIELD 5 #define ACCEPT_FIELD 6 #define SERVER_FIELD 8 #define TIME_FIELD 9 #define STATUS_FIELD 10 #define BYTES_SENT_FIELD 11 #define TERM_CODES_FIELD 14 #define CONN_FIELD 15 #define QUEUE_LEN_FIELD 16 #define METH_FIELD 17 #define URL_FIELD 18 #define MAXLINE 16384 #define QBITS 4 #define SEP(c) ((unsigned char)(c) <= ' ') #define SKIP_CHAR(p,c) do { while (1) { int __c = (unsigned char)*p++; if (__c == c) break; if (__c <= ' ') { p--; break; } } } while (0) /* [0] = err/date, [1] = req, [2] = conn, [3] = resp, [4] = data */ static struct eb_root timers[5] = { EB_ROOT_UNIQUE, EB_ROOT_UNIQUE, EB_ROOT_UNIQUE, EB_ROOT_UNIQUE, EB_ROOT_UNIQUE, }; struct timer { struct eb32_node node; unsigned int count; }; struct srv_st { unsigned int st_cnt[6]; /* 0xx to 5xx */ unsigned int nb_ct, nb_rt, nb_ok; unsigned long long cum_ct, cum_rt; struct ebmb_node node; /* don't put anything else here, the server name will be there */ }; struct url_stat { union { struct ebpt_node url; struct eb64_node val; } node; char *url; unsigned long long total_time; /* sum(all reqs' times) */ unsigned long long total_time_ok; /* sum(all OK reqs' times) */ unsigned long long total_bytes_sent; /* sum(all bytes sent) */ unsigned int nb_err, nb_req; }; #define FILT_COUNT_ONLY 0x01 #define FILT_INVERT 0x02 #define FILT_QUIET 0x04 #define FILT_ERRORS_ONLY 0x08 #define FILT_ACC_DELAY 0x10 #define FILT_ACC_COUNT 0x20 #define FILT_GRAPH_TIMERS 0x40 #define FILT_PERCENTILE 0x80 #define FILT_TIME_RESP 0x100 #define FILT_INVERT_ERRORS 0x200 #define FILT_INVERT_TIME_RESP 0x400 #define FILT_COUNT_STATUS 0x800 #define FILT_COUNT_SRV_STATUS 0x1000 #define FILT_COUNT_TERM_CODES 0x2000 #define FILT_COUNT_URL_ONLY 0x004000 #define FILT_COUNT_URL_COUNT 0x008000 #define FILT_COUNT_URL_ERR 0x010000 #define FILT_COUNT_URL_TTOT 0x020000 #define FILT_COUNT_URL_TAVG 0x040000 #define FILT_COUNT_URL_TTOTO 0x080000 #define FILT_COUNT_URL_TAVGO 0x100000 #define FILT_HTTP_ONLY 0x200000 #define FILT_TERM_CODE_NAME 0x400000 #define FILT_INVERT_TERM_CODE_NAME 0x800000 #define FILT_HTTP_STATUS 0x1000000 #define FILT_INVERT_HTTP_STATUS 0x2000000 #define FILT_QUEUE_ONLY 0x4000000 #define FILT_QUEUE_SRV_ONLY 0x8000000 #define FILT_COUNT_URL_BAVG 0x10000000 #define FILT_COUNT_URL_BTOT 0x20000000 #define FILT_COUNT_URL_ANY (FILT_COUNT_URL_ONLY|FILT_COUNT_URL_COUNT|FILT_COUNT_URL_ERR| \ FILT_COUNT_URL_TTOT|FILT_COUNT_URL_TAVG|FILT_COUNT_URL_TTOTO|FILT_COUNT_URL_TAVGO| \ FILT_COUNT_URL_BAVG|FILT_COUNT_URL_BTOT) #define FILT_COUNT_COOK_CODES 0x40000000 #define FILT_COUNT_IP_COUNT 0x80000000 unsigned int filter = 0; unsigned int filter_invert = 0; const char *line; int linenum = 0; int parse_err = 0; int lines_out = 0; int lines_max = -1; const char *fgets2(FILE *stream); void filter_count_url(const char *accept_field, const char *time_field, struct timer **tptr); void filter_count_ip(const char *source_field, const char *accept_field, const char *time_field, struct timer **tptr); void filter_count_srv_status(const char *accept_field, const char *time_field, struct timer **tptr); void filter_count_cook_codes(const char *accept_field, const char *time_field, struct timer **tptr); void filter_count_term_codes(const char *accept_field, const char *time_field, struct timer **tptr); void filter_count_status(const char *accept_field, const char *time_field, struct timer **tptr); void filter_graphs(const char *accept_field, const char *time_field, struct timer **tptr); void filter_output_line(const char *accept_field, const char *time_field, struct timer **tptr); void filter_accept_holes(const char *accept_field, const char *time_field, struct timer **tptr); void usage(FILE *output, const char *msg) { fprintf(output, "%s" "Usage: halog [-h|--help] for long help\n" " halog [-q] [-c] [-m ]\n" " {-cc|-gt|-pct|-st|-tc|-srv|-u|-uc|-ue|-ua|-ut|-uao|-uto|-uba|-ubt|-ic}\n" " [-s ] [-e|-E] [-H] [-rt|-RT