ChangeLog : =========== 2015/02/01 : 1.3.15.14 - BUG/MEDIUM: regex: fix risk of buffer overrun in exp_replace() - BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend - BUG/MEDIUM: http: "option checkcache" fails with the no-cache header - BUG: proto_tcp: set AF_INET on tproxy for use with recent kernels - BUG/MEDIUM: balance source did not properly hash IPv6 addresses - BUG/MINOR: epoll: correctly disable FD polling in fd_rem() - BUG/MINOR: config: fix improper check for failed memory alloc in ACL parser - BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets - BUG/MINOR: http: abort request processing on filter failure 2011/08/05 : 1.3.15.13 - [MINOR] cfgparse: Check whether the path given for the stats socket actually fits into the sockaddr_un structure to avoid truncation. - [BUG] Configuration parser bug when escaping characters - [BUG] cttproxy: socket fd leakage in check_cttproxy_version - [MINOR] server tracking: don't care about the tracked server's mode - [BUG] config: fix erroneous check on cookie domain names, again - [BUG] check_post: limit analysis to the buffer length - [MINOR] http: typos on several unlikely() around header insertion - [CLEANUP] buffers: wrong size calculation for displaced data - [MINOR] config: option forceclose is valid in frontends too - [BUILD] warning ultoa_r returns char * - [MINOR] http: fix double slash prefix with server redirect - [MINOR] config: indicate that timeout appsession should not be used - [MINOR] config: fix too large ssl-hello-check message. - [BUG] config: reset check request to avoid double free when switching to ssl - [DOC] fix a typo about timeout check and clarify the explanation. - [BUG] url_param hash may return a down server - [MINOR] force null-termination of hostname - [BUG] init: unconditionally catch SIGPIPE - [MINOR] config: allow "slowstart 0s" - [BUG] stream_sock: cleanly disable the listener in case of resource shortage - [BUG] queue: don't dequeue proxy-global requests on disabled servers - [MEDIUM] servers: support address 0.0.0.0 as the original destination address - [BUG] http: don't consider commas as a header delimitor within quotes - [BUG] http: correctly update the header list when removing two consecutive headers - [BUG] checks: don't log backend down for all zero-weight servers - [BUG] cookie: correctly unset default cookie parameters - [BUG] startup: set the rlimits before binding ports, not after. - [MINOR] config: fix endianness of server check port - [DOC] fix description of cookie "insert" and "indirect" modes - [DOC] fix minor typos in the doc - [DOC] fix minor typo in "usesrc" - [BUG] http: balance url_param did not work with first parameters on POST - [DOC] document the "dispatch" keyword - [DOC] fix minor typo in the "dispatch" doc - [BUILD] fix some build warnings on Solaris with is* macros - [CLEANUP] report 2011 and not 2009 in the copyright banner. 2009/12/30 : 1.3.15.12 - [BUG] http: fix cookie parser to support spaces and commas in values 2009/12/04 : 1.3.15.11 - [MINOR] Allow to specify a domain for a cookie - [BUG/CLEANUP] cookiedomain -> cookie_domain rename + free(p->cookie_domain) - [DOC] trivial fix for man page - [BUILD] use "git cmd" instead of "git-cmd" - [DOC] add a reminder about obsolete documents - [BUG] config: fix erroneous check on cookie domain names - [BUG] config: cookie domain was ignored in defaults sections - [MINOR] config: support passing multiple "domain" statements to cookies 2009/07/27 : 1.3.15.10 - [MINOR] startup: don't imply -q with -D - [BUG] ensure that we correctly re-start old process in case of error - [BUILD] report commit date and not author's date as build date - [BUG] stream_sock: don't stop reading when the poller reports an error - [CLEANUP] report 2009 not 2008 in the copyright banner. - [BUILD] fix incorrect printf arg count with tcp_splice 2009/05/10 : 1.3.15.9 - [BUILD] Fixed Makefile for linking pcre - [CONTRIB] selinux policy for haproxy - [DOC] Make the status listener example complete. - [BUILD] spec file: fix broken pipe during rpmbuild and add man file - [BUG] server check intervals must not be null - [BUG] check for global.maxconn before doing accept() - [BUILD] add format(printf) to printf-like functions - [MINOR] fix several printf formats and missing arguments - [BUG] stats: total and lbtot are unsigned - [MINOR] fix a few remaining printf-like formats on 64-bit platforms - [MEDIUM] ensure we don't recursively call pool_gc2() - [CRITICAL] uninitialized response field can sometimes cause crashes - [MINOR] rhel init script : support the reload operation - [BUG] O(1) pollers should check their FD before closing it - [MINOR] don't close stdio fds twice - [MINOR] stats/html: use the arial font before helvetica 2009/03/08 : 1.3.15.8 - [BUG] Fix listen & more of 2 couples : - [DOC] remove buggy comment for use_backend - [CRITICAL] fix server state tracking: it was O(n!) instead of O(n) - [BUG] "option transparent" is for backend, not frontend ! - [BUG] we must not exit if protocol binding only returns a warning - [BUG] inform the user when root is expected but not set - [DOC] large doc update backported from mainline - [BUG] the "source" keyword must first clear optional settings - [BUG] global.tune.maxaccept must be limited even in mono-process mode - [BUG] typo in timeout error reporting : report *res and not *err 2008/12/04 : 1.3.15.7 - [BUILD] fix MANDIR default location to match documentation - [BUG] critical errors should be reported even in daemon mode - [BUG] do not dequeue requests on a dead server - [BUG] do not dequeue the backend's pending connections on a dead server 2008/11/04 : 1.3.15.6 - [MINOR] cfgparse: fix off-by 2 in error message size - [BUG] cookie capture is declared in the frontend but checked on the backend 2008/10/12 : 1.3.15.5 - [BUG] do not try to pause backends during reload - [BUG] ensure that listeners from disabled proxies are correctly unbound. - [BUG] acl-related keywords are not allowed in defaults sections 2008/09/14 : 1.3.15.4 - [BUG] do not release the connection slot during a retry - [BUG] dynamic connection throttling could return a max of zero conns 2008/09/02 : 1.3.15.3 - [BUG] disable buffer read timeout when reading stats - [BUILD] change declaration of base64tab to fix build with Intel C++ - [BUILD] silent a warning in unlikely() with gcc 4.x - [BUG] use_backend would not correctly consider "unless" - [CLEANUP] remove dependency on obsolete INTBITS macro - [BUG] fix segfault with url_param + check_post - [BUG] server timeout was not considered in some circumstances - [BUG] ev_sepoll: closed file descriptors could persist in the spec list - [BUG] maintain_proxies must not disable backends - [BUG] regparm is broken on gcc < 3 - [OPTIM] force inlining of large functions with gcc >= 3 2008/06/21 : 1.3.15.2 - [BUILD] make install should depend on haproxy not "all" - [BUG] event pollers must not wait if a task exists in the run queue - [BUG] queue management: wake oldest request in queues - [BUG] log: reported queue position was offed-by-one - [BUG] fix the dequeuing logic to ensure that all requests get served - [DOC] documentation for the "retries" parameter was missing. 2008/05/25 : 1.3.15.1 - [BUILD] fix build with gcc 4.3 - [TESTS] add a debug patch to help trigger the stats bug - [BUG] Flush buffers also where there are exactly 0 bytes left - [DOC] update the README file with new build options - [MEDIUM] reduce risk of event starvation in ev_sepoll 2008/04/19 : 1.3.15 - [BUILD] Added support for 'make install' - [BUILD] Added 'install-man' make target for installing the man page - [BUILD] Added 'install-bin' make target - [BUILD] Added 'install-doc' make target - [BUILD] Removed "/" after '$(DESTDIR)' in install targets - [BUILD] Changed 'install' target to install the binaries first - [BUILD] Replace hardcoded 'LD = gcc' with 'LD = $(CC)' - [MEDIUM]: Inversion for options - [MEDIUM]: Count retries and redispatches also for servers, fix redistribute_pending, extend logs, %d->%u cleanup - [BUG]: Restore clearing t->logs.bytes - [MEDIUM]: rework checks handling - [DOC] Update a "contrib" file with a hint about a scheme used for formathing subjects - [MEDIUM] Implement "track [/]" - [MINOR] Implement persistent id for proxies and servers - [BUG] Don't increment server connections too much + fix retries - [MEDIUM]: Prevent redispatcher from selecting the same server, version #3 - [MAJOR] proto_uxst rework -> SNMP support - [BUG] appsession lookup in URL does not work - [BUG] transparent proxy address was ignored in backend - [BUG] hot reconfiguration failed because of a wrong error check - [DOC] big update to the configuration manual - [DOC] large update to the configuration manual - [DOC] document more options - [BUILD] major rework of the GNU Makefile - [STATS] add support for "show info" on the unix socket - [DOC] document options forwardfor to logasap - [MINOR] add support for the "backlog" parameter - [OPTIM] introduce global parameter "tune.maxaccept" - [MEDIUM] introduce "timeout http-request" in frontends - [MINOR] tarpit timeout is also allowed in backends - [BUG] increment server connections for each connect() - [MEDIUM] add a turn-around state of one second after a connection failure - [BUG] fix typo in redispatched connection - [DOC] document options nolinger to ssl-hello-chk - [DOC] added documentation for "option tcplog" to "use_backend" - [BUG] connect_server: server might not exist when sending error report - [MEDIUM] support fully transparent proxy on Linux (USE_LINUX_TPROXY) - [MEDIUM] add non-local bind to connect() on Linux - [MINOR] add transparent proxy support for balabit's Tproxy v4 - [BUG] use backend's source and not server's source with tproxy - [BUG] fix overlapping server flags - [MEDIUM] fix server health checks source address selection - [BUG] build failed on CONFIG_HAP_LINUX_TPROXY without CONFIG_HAP_CTTPROXY - [DOC] added "server", "source" and "stats" keywords - [DOC] all server parameters have been documented - [DOC] document all req* and rsp* keywords. - [DOC] added documentation about HTTP header manipulations - [BUG] log response byte count, not request - [BUILD] code did not build in full debug mode - [BUG] fix truncated responses with sepoll - [MINOR] use s->frt_addr as the server's address in transparent proxy - [MINOR] fix configuration hint about timeouts - [DOC] minor cleanup of the doc and notice to contributors - [MINOR] report correct section type for unknown keywords. - [BUILD] update MacOS Makefile to build on newer versions - [DOC] fix erroneous "useallbackups" option in the doc - [DOC] applied small fixes from early readers - [MINOR] add configuration support for "redir" server keyword - [MEDIUM] completely implement the server redirection method - [TESTS] add a test case for the server redirection mechanism - [DOC] add a configuration entry for "server ... redir " - [BUILD] backend.c and checks.c did not build without tproxy ! - Revert "[BUILD] backend.c and checks.c did not build without tproxy !" - [BUILD] backend.c and checks.c did not build without tproxy ! - [OPTIM] used unsigned ints for HTTP state and message offsets - [OPTIM] GCC4's builtin_expect() is suboptimal - [BUG] failed conns were sometimes incremented in the frontend! - [BUG] timeout.check was not pre-set to eternity - [TESTS] add test-pollers.cfg to easily report pollers in use - [BUG] do not apply timeout.connect in checks if unset - [BUILD] ensure that makefile understands USE_DLMALLOC=1 - [MINOR] silent gcc for a wrong warning - [CLEANUP] update .gitignore to ignore more temporary files - [CLEANUP] report dlmalloc's source path only if explictly specified - [BUG] str2sun could leak a small buffer in case of error during parsing - [BUG] option allbackups was not working anymore in roundrobin mode - [MAJOR] implementation of the "leastconn" load balancing algorithm - [BUILD] ensure that users don't build without setting the target anymore. - [DOC] document the leastconn LB algo - [MEDIUM] fix stats socket limitation to 16 kB - [DOC] fix unescaped space in httpchk example. - [BUG] fix double-decrement of server connections - [TESTS] add a test case for port mapping - [TESTS] add a benchmark for integer hashing - [TESTS] add new methods in ip-hash test file - [MAJOR] implement parameter hashing for POST requests 2007/12/06 : 1.3.14 - New option http_proxy (Alexandre Cassen) - add support for "maxqueue" to limit server queue overload (Elijah Epifanov) - Check for duplicated conflicting proxies (Krzysztof Oledzki) - stats: report server and backend cumulated downtime (Krzysztof Oledzki) - use backends only with use_backend directive (Krzysztof Oledzki) - Handle long lines properly (Krzysztof Oledzki) - Implement and use generic findproxy and relax duplicated proxy check (Krzysztof Oledzki) - continous statistics (Krzysztof Oledzki) - add support for logging via a UNIX socket (Robert Tsai) - fix error checking in strl2ic/strl2uic() - fix calls to localtime() - provide easier-to-use ultoa_* functions - provide easy-to-use limit_r and LIM2A* macros - add a simple test for the status page - move error codes to common/errors.h - silent warning about LIST_* being redefined on OpenBSD - add socket address length to the protocols - group PR_O_BALANCE_* bits into a checkable value - externalize the "balance" option parser to backend.c - introduce the "url_param" balance method - make default_backend work in TCP mode too - disable warning about localtime_r on Solaris - adjust error messages about conflicting proxies - avoid calling some layer7 functions if not needed - simplify error path in event_accept() - add an options field to the listeners - added a new state to listeners - unbind_listener() must use fd_delete() and not close() - add a generic unbind_listener() primitive - add a generic delete_listener() primitive - add a generic unbind_all_listeners() primitive - create proto_tcp and move initialization of proxy listeners - stats: report numerical process ID, proxy ID and server ID - relative_pid was not initialized - missing header names in raw stats output - fix missing parenthesis in check_response_for_cacheability - small optimization on session_process_counters() - merge ebtree version 3.0 - make ebtree headers multiple-include compatible - ebtree: include config.h for REGPRM* - differentiate between generic LB params and map-specific ones - add a weight divisor to the struct proxy - implement the Fast Weighted Round Robin (FWRR) algo - include filltab25.c to experiment on FWRR for dynamic weights - merge test-fwrr.cfg to validate dynamic weights - move the load balancing algorithm to be->lbprm.algo - change server check result to a bit field - implement "http-check disable-on-404" for graceful shutdown - secure the calling conditions of ->set_server_status_{up,down} - report disabled servers as "NOLB" when they are still UP - document the "http-check disable-on-404" option - http-check disable-on-404 is not limited to HTTP mode - add a test file for disable-on-404 - use distinct bits per load-balancing algorithm type - implement the slowstart parameter for servers - document the server's slowstart parameter - stats: report the server warm up status in a "throttle" column - fix 2 minor issues on AIX - add the "nbsrv" ACL verb - add the "fail" condition to monitor requests - remove a warning from gcc due to htons() in standard.c - fwrr: ensure that we never overflow in placements - store the build options to report with -vv - fix the status return of the init script (R.I. Pienaar) - stats: real time monitoring script for unix socket (Prizee) - document "nbsrv" and "monitor fail" - restrict the set of allowed characters for identifiers - implement a time parsing function - add support for time units in the configuration - add a bit of documentation about timers - introduce separation between contimeout, and tarpit + queue - introduce the "timeout" keyword - grouped all timeouts in one structure - slowstart is in ms, not seconds - slowstart: ensure we don't start with a null weight - report the number of times each server was selected - fix build on AIX due to recent log changes - fix build on Solaris due to recent log changes 2007/10/18 : 1.3.13 - replace the code under O'Reilly license (Arnaud Cornet) - add a small man page (Arnaud Cornet) - stats: report haproxy's version by default (Krzysztof Oledzki) - stats: count server retries and redispatches (Krzysztof Oledzki) - core: added easy support for Doug Lea's malloc (dlmalloc) - core: fade out memory usage when stopping proxies - core: moved the sockaddr pointer to the fdtab structure - core: add generic protocol support - core: implement client-side support for PF_UNIX sockets - stats: implement the CSV output - stats: add a link to the CSV export HTML page - stats: implement the statistics output on a unix socket - config: introduce the "stats" keyword in global section - build: centralize version and date into one file for each - tests: added a new hash algorithm 2007/10/18 : 1.3.12.3 - add the "nolinger" option to disable data lingering (Alexandre Cassen) - fix double-free during clean exit (Krzysztof Oledzki) - prevent the system from sending an RST when closing health-checks (Krzysztof Oledzki) - do not add a cache-control header when on non-cacheable responses (Krzysztof Oledzki) - spread health checks even more (Krzysztof Oledzki) - stats: scope "." must match the backend and not the frontend - fixed call to chroot() during startup - fix wrong timeout computation in event_accept() - remove condition for exit() under fork() failure 2007/09/20 : 1.3.12.2 - fix configuration sanity checks for TCP listeners - set the log socket receive window to zero bytes - pre-initialize timeouts to infinity, not zero - fix the SIGHUP message not to alert on server-less proxies - timeouts and retries could be ignored when switching backend - added a file to check that "retries" works. - O'Reilly has clarified its license 2007/09/05 : 1.3.12.1 - spec I/O: fix allocations of spec entries for an FD - ensure we never overflow in chunk_printf() - improve behaviour with large number of servers per proxy - add support for "stats refresh " - stats page: added links for 'refresh' and 'hide down' - fix backend's weight in the stats page. - the "stats" keyword is not allowed in a pure frontend. - provide a test configuration file for stats and checks 2007/06/17 : 1.3.12 - fix segfault at exit when using captures - bug: negation in ACL conds was not cleared between terms - errorfile: use a local file to feed error messages - acl: support '-i' to ignore case when matching - acl: smarter integer comparison with operators eq,lt,gt,le,ge - acl: support maching on 'path' component - acl: implement matching on header values - acl: distinguish between request and response headers - acl: permit to return any header when no name specified - acl: provide default ACLs - added the 'use_backend' keyword for full content-switching - acl: specify the direction during fetches - acl: provide the argument length for fetch functions - acl: provide a reference to the expr to fetch() - improve memory freeing upon exit - str2net() must not change the const char * - shut warnings 'is*' macros from ctype.h on solaris 2007/06/03 : 1.3.11.4 - do not re-arm read timeout in SHUTR state ! - optimize I/O by detecting system starvation - the epoll FD must not be shared between processes - limit the number of events returned by *poll* 2007/05/14 : 1.3.11.3 - pre-initialize timeouts with tv_eternity during parsing 2007/05/14 : 1.3.11.2 - fixed broken health-checks since switch to timeval 2007/05/14 : 1.3.11.1 - fixed ev_kqueue which was forgotten during the switch to timeval - allowed null timeouts for past events in select 2007/05/14 : 1.3.11 - fixed ev_sepoll again by rewriting the state machine - switched all timeouts to timevals instead of milliseconds - improved memory management using mempools v2. - several minor optimizations 2007/05/09 : 1.3.10.2 - fixed build on OpenBSD (missing types.h) 2007/05/09 : 1.3.10.1 - fixed sepoll transition matrix (two states were missing) 2007/05/08 : 1.3.10 - several fixes in ev_sepoll - fixed some expiration dates on some tasks - fixed a bug in connection establishment detection due to speculative I/O - fixed rare bug occuring on TCP with early close (reported by Andy Smith) - implemented URI hashing algorithm (Guillaume Dallaire) - implemented SMTP health checks (Peter van Dijk) - replaced the rbtree with ul2tree from old scheduler project - new framework for generic ACL support - added the 'acl' and 'block' keywords to the config language - added several ACL criteria and matches (IP, port, URI, ...) - cleaned up and better modularization for some time functions - fixed list macros - fixed useless memory allocation in str2net() - store the original destination address in the session 2007/04/15 : 1.3.9 - modularized the polling mechanisms and use function pointers instead of macros at many places - implemented support for FreeBSD's kqueue() polling mechanism - fixed a warning on OpenBSD : MIN/MAX redefined - change socket registration order at startup to accomodate kqueue. - several makefile cleanups to support old shells - fix build with limits.h once for all - ev_epoll: do not rely on fd_sets anymore, use changes stacks instead. - fdtab now holds the results of polling - implemented support for speculative I/O processing with epoll() - remove useless calls to shutdown(SHUT_RD), resulting in small speed boost - auto-registering of pollers at load time 2007/04/03 : 1.3.8.2 - rewriting either the status line or request line could crash the process due to a pointer which ought to be reset before parsing. - rewriting the status line in the response did not work, it caused a 502 Bad Gateway due to an erroneous state during parsing 2007/04/01 : 1.3.8.1 - fix reqadd when no option httpclose is used. - removed now unused fiprm and beprm from proxies - split logs into two versions : TCP and HTTP - added some docs about http headers storage and acls - added a VIM script for syntax color highlighting (Bruno Michel) 2007/03/25 : 1.3.8 - fixed several bugs which might have caused a crash with bad configs - several optimizations in header processing - many progresses towards transaction-based processing - option forwardfor may be used in frontends - completed HTTP response processing - some code refactoring between request and response processing - new HTTP header manipulation functions - optimizations on the recv() patch to reduce CPU usage under very high data rates. - more user-friendly help about the 'usesrc' keyword (CTTPROXY) - username/groupname support from Marcus Rueckert - added the "except" keyword to the "forwardfor" option (Bryan German) - support for health-checks on other addresses (Fabrice Dulaunoy) - makefile for MacOS 10.4 / Darwin (Dan Zinngrabe) - do not insert "Connection: close" in HTTP/1.0 messages 2007/01/26 : 1.3.7 - fix critical bug introduced with 1.3.6 : an empty request header may lead to a crash due to missing pointer assignment - hdr_idx might be left uninitialized in debug mode - fixed build on FreeBSD due to missing fd_set declaration 2007/01/22 : 1.3.6.1 - change in the header chaining broke cookies and authentication 2007/01/22 : 1.3.6 - stats now support the HEAD method too - extracted http request from the session - huge rework of the HTTP parser which is now a 28-state FSM. - linux-style likely/unlikely macros for optimization hints - do not create a server socket when there's no server - imported lots of docs 2007/01/07 : 1.3.5 - stats: swap color sets for active and backup servers - try to guess server check port when unset - added complete support and doc for TCP Splicing - replace the wait-queue linked list with an rbtree. - a few bugfixes and cleanups 2007/01/02 : 1.3.4 - support for cttproxy on the server side to present the client address to the server. - added support for SO_REUSEPORT on Linux (needs kernel patch) - new RFC2616-compliant HTTP request parser with header indexing - split proxies in frontends, rulesets and backends - implemented the 'req[i]setbe' to select a backend depending on the contents - added the 'default_backend' keyword to select a default BE. - new stats page featuring FEs and BEs + bytes in both dirs - improved log format to indicate the backend and the time in ms. - lots of cleanups 2006/10/15 : 1.3.3 - fix broken redispatch option in case the connection has already been marked "in progress" (ie: nearly always). - support regparm on x86 to speed up some often called functions - removed a few useless calls to gettimeofday() in log functions. - lots of 'const char*' cleanups - turn every FD_* into functions which are faster on recent CPUs 2006/09/03 : 1.3.2 - started the changes towards I/O completion callbacks. stream_sock* have replaced event_*. - added the new "reqtarpit" and "reqitarpit" protection features 2006/07/09 : 1.3.1 (1.2.15) - now, haproxy warns about missing timeout during startup to try to eliminate all those buggy configurations. - added "Content-Type: text/html" in responses wherever appropriate, as suggested by Cameron Simpson. - implemented "option ssl-hello-chk" to use SSLv3 CLIENT HELLO messages to test server's health - implemented "monitor-uri" so that haproxy can reply to a specific URI with an "HTTP/1.0 200 OK" response. This is useful to validate multiple proxies at once. 2006/06/29 : 1.3.0 - exploded the whole file into multiple .c and .h. No functionnal difference is expected at all. - fixed a bug by which neither stats nor error messages could be returned if 'clitimeout' was missing. 2006/05/21 : 1.2.14 - new HTML status report with the 'stats' keyword. - added the 'abortonclose' option to better resist traffic surges - implemented dynamic traffic regulation with the 'minconn' option - show request time on denied requests - definitely fixed hot reconf on OpenBSD by the use of SO_REUSEPORT - now a proxy instance is allowed to run without servers, which is useful to dedicate one instance to stats - added lots of error counters - a missing parenthesis preventd matching of cacheable cookies - a missing parenthesis in poll_loop() might have caused missed events. 2006/05/14 : 1.2.13.1 - an uninitialized field in the struct session could cause a crash when the session was freed. This has been encountered on Solaris only. - Solaris and OpenBSD no not support shutdown() on listening socket. Let's be nice to them by performing a soft stop if pause fails. 2006/05/13 : 1.2.13 - 'maxconn' server parameter to do per-server session limitation - queueing to support non-blocking session limitation - fixed removal of cookies for cookie-less servers such as backup servers - two separate wait queues for expirable and non-expirable tasks provide better performance with lots of sessions. - some code cleanups and performance improvements - made state dumps a bit more verbose - fixed missing checks for NULL srv in dispatch mode - load balancing on backup servers was not possible in source hash mode. - two session flags shared the same bit, but fortunately they were not compatible. 2006/04/15 : 1.2.12 Very few changes preparing for more important changes to support per-server session limitations and queueing : - ignore leading empty lines in HTTP requests as suggested by RFC2616. - added the 'weight' parameter to the servers, limited to 1..256. It applies to roundrobin and source hash. - the optional '-s' option could clobber '-st' and '-sf' if compiled in. 2006/03/30 : 1.2.11.1 - under some conditions, it might have been possible that when the last dead server became available, it would not have been used till another one would have changed state. Could not be reproduced at all, however seems possible from the code. 2006/03/25 : 1.2.11 - added the '-db' command-line option to disable backgrounding. - added the -sf/-st command-line arguments which are used to specify a list of pids to send a FINISH or TERMINATE signal upon startup. They will also be asked to release their port if a bind fails. - reworked the startup mechanism to allow the sending of a signal to a list of old pids if a socket cannot be bound, with a retry for a limited amount of time (1 second by default). - added the ability to enforce limits on memory usage. - added the 'source' load-balancing algorithm which uses the source IP(v4|v6) - re-architectured the server round-robin mechanism to ease integration of other algorithms. It now relies on the number of active and backup servers. - added a counter for the number of active and backup servers, and report these numbers upon SIGHUP or state change. 2006/03/23 : 1.2.10.1 - while fixing the backup server round-robin "feature", a new bug was introduced which could miss some backup servers. - the displayed proxy name was wrong when dumping upon SIGHUP. 2006/03/19 : 1.2.10 - assert.h is needed when DEBUG is defined. - ENORMOUS long standing bug affecting the epoll polling system : event_data is a union, not a structure ! - Make fd management more robust and easier to debug. Also some micro-optimisations. - Limit the number of consecutive accept() in multi-process mode. This produces a more evenly distributed load across the processes and slightly improves performance by reducing bottlenecks. - Make health-checks be more regular, and faster to retry after a timeout. - Fixed some messages to ease parsing of alerts. - provided a patch to enable epoll on RHEL3 kernels. - Separated OpenBSD build from the main Makefile into a new one. 2006/03/15 : 1.2.9 - haproxy could not be stopped after being paused, it had to be woken up first. This has been fixed. - the 'ulimit-n' parameter is now optional and by default computed from maxconn + the number of listeners + the number of health-checks. - it is now possible to specify a maximum number of connections at build time with the SYSTEM_MAXCONN define. The value set in the configuration file will then be limited to this value, and only the command-line '-n' option will be able to bypass it. It will prevent against accidental high memory usage on small systems. - RFC2616 expects that any HTTP agent accepts multi-line headers. Earlier versions did not detect a line beginning with a space as the continuation of previous header. It is now correct. - health checks sent to servers configured with identical intervals were sent in perfect synchronisation because the initial time was the same for all. This could induce high load peaks when fragile servers were hosting tens of instances for the same application. Now the load is spread evenly across the smallest interval amongst a listener. - a new 'forceclose' option was added to make the proxy close the outgoing channel to the server once it has sent all its headers and the server starts responding. This helps some servers which don't close upon the 'Connection: close' header. It implies 'option httpclose'. - there was a bug in the way the backup servers were handled. They were erroneously load-balanced while the doc said the opposite. Since load-balanced backup servers is one of the features some people have been asking for, the problem was fixed to reflect the documented behaviour and a new option 'allbackups' was introduced to provide the feature to those who need it. - a never ending connect() could lead to a fast select() loop if its timeout times the number of retransmits exceeded the server read or write timeout, because the later was used to compute select()'s timeout while the connection timeout was not reached. - now we initialize the libc's localtime structures very early so that even under OOM conditions, we can still send dated error messages without segfaulting. - the 'daemon' mode implies 'quiet' and disables 'verbose' because file descriptors are closed. 2006/01/29 : 1.2.8 - fixed a nasty bug affecting poll/epoll which could return unmodified data from the server to the client, and sometimes lead to memory corruption crashing the process. - added the new pause/play mechanism with SIGTTOU/SIGTTIN for hot-reconf. 2005/12/18 : 1.2.7.1 - the "retries" option was ignored because connect() could not return an error if the connection failed before the timeout. - TCP health-checks could not detect a connection refused in poll/epoll mode. 2005/11/13 : 1.2.7 - building with -DUSE_PCRE should include PCRE headers and not regex.h. At least on Solaris, this caused the libc's regex primitives to be used instead of PCRE, which caused trouble on group references. This is now fixed. - delayed the quiet mode during startup so that most of the startup alerts can be displayed even in quiet mode. - display an alert when a listener has no address, invalid or no port, or when there are no enabled listeners upon startup. - added "static-pcre" to the list of supported regex options in the Makefile. 2005/10/09 : 1.2.7rc (1.1.33rc) - second batch of socklen_t changes. - clean-ups from Cameron Simpson. - because tv_remain() does not know about eternity, using no timeout can make select() spin around a null time-out. Bug reported by Cameron Simpson. - client read timeout was not properly set to eternity initialized after an accept() if it was not set in the config. It remained undetected so long because eternity is 0 and newly allocated pages are zeroed by the system. - do not call get_original_dst() when not in transparent mode. - implemented a workaround for a bug in certain epoll() implementations on linux-2.4 kernels (epoll-lt <= 0.21). - implemented TCP keepalive with new options : tcpka, clitcpka, srvtcpka. 2005/08/07 : 1.2.6 - clean-up patch from Alexander Lazic fixes build on Debian 3.1 (socklen_t). 2005/07/06 : 1.2.6-pre5 (1.1.32) - added the number of active sessions (proxy/process) in the logs 2005/07/06 : 1.2.6-pre4 (1.1.32-pre4) - the time-out fix introduced in 1.1.25 caused a corner case where it was possible for a client to keep a connection maintained regardless of the timeout if the server closed the connection during the HEADER phase, while the client ignored the close request while doing nothing in the other direction. This has been fixed now by ensuring that read timeouts are re-armed when switching to any SHUTW state. 2005/07/05 : 1.2.6-pre3 (1.1.32-pre3) - enhanced error reporting in the logs. Now the proxy will precisely detect various error conditions related to the system and/or process limits, and generate LOG_EMERG logs indicating that a resource has been exhausted. - logs will contain two new characters for the error cause : 'R' indicates a resource exhausted, and 'I' indicates an internal error, though this one should never happen. - server connection timeouts can now be reported in the logs (sC), as well as connections refused because of maxconn limitations (PC). 2005/07/05 : 1.2.6-pre2 (1.1.32-pre2) - new global configuration keyword "ulimit-n" may be used to raise the FD limit to usable values. - a warning is now displayed on startup if the FD limit is lower than the configured maximum number of sockets. 2005/07/05 : 1.2.6-pre1 (1.1.32-pre1) - new configuration keyword "monitor-net" makes it possible to be monitored by external devices which connect to the proxy without being logged nor forwarded to any server. Particularly useful on generic TCPv4 relays. 2005/06/21 : 1.2.5.2 - fixed build on PPC where chars are unsigned by default 2005/05/02 : 1.2.5.1 - dirty hack to fix a bug introduced with epoll : if we close an FD and immediately reassign it to another session through a connect(), the Prev{Read,Write}Events are not updated, which causes trouble detecting changes, thus leading to many timeouts at high loads. 2005/04/30 : 1.2.5 (1.1.31) - changed the runtime argument to disable epoll() to '-de' - changed the runtime argument to disable poll() to '-dp' - added global options 'nopoll' and 'noepoll' to do the same at the configuration level. - added a 'linux24e' target to the Makefile for Linux 2.4 systems patched to support epoll(). - changed default FD_SETSIZE to 65536 on Solaris (default=1024) - conditionned signals redirection to #ifdef DEBUG_MEMORY 2005/04/26 : 1.2.5-pre4 - made epoll() support a compile-time option : ENABLE_EPOLL - provided a very little libc replacement for a possibly missing epoll() implementation which can be enabled by -DUSE_MY_EPOLL - implemented the poll() poller, which can be enabled with -DENABLE_POLL. The equivalent runtime argument becomes '-P'. A few tests show that it performs like select() with many fds, but slightly slower (certainly because of the higher amount of memory involved). - separated the 3 polling methods and the tasks scheduler into 4 distinct functions which makes the code a lot more modular. - moved some event tables to private static declarations inside the poller functions. - the poller functions can now initialize themselves, run, and cleanup. - changed the runtime argument to enable epoll() to '-E'. - removed buggy epoll_ctl() code in the client_retnclose() function. This function was never meant to remove anything. - fixed a typo which caused glibc to yell about a double free on exit. - removed error checking after epoll_ctl(DEL) because we can never know if the fd is still active or already closed. - added a few entries in the makefile 2005/04/25 : 1.2.5-pre3 - experimental epoll() support (use temporary '-e' argument) 2005/04/24 : 1.2.5-pre2 - implemented the HTTP 303 code for error redirection. This forces the browser to fetch the given URI with a GET request. The new keyword for this is 'errorloc303', and a new 'errorloc302' keyword has been created to make them easily distinguishable. - added more controls in the parser for valid use of '\x' sequence. - few fixes from Alex & Klaus 2005/02/17 : 1.2.5-pre1 - fixed a few errors in the documentation 2005/02/13 - do not pre-initialize unused file-descriptors before select() anymore. 2005/01/22 : 1.2.4 - merged Alexander Lazic's and Klaus Wagner's work on application cookie-based persistence. Since this is the first merge, this version is not intended for general use and reports are more than welcome. Some documentation is really needed though. 2005/01/22 : 1.2.3 (1.1.30) - add an architecture guide to the documentation - released without any changes 2004/12/26 : 1.2.3-pre1 (1.1.30-pre1) - increased default BUFSIZE to 16 kB to accept max headers of 8 kB which is compatible with Apache. This limit can be configured in the makefile now. Thanks to Eric Fehr for the checks. - added a per-server "source" option which now makes it possible to bind to a different source for each (potentially identical) server. - changed cookie-based server selection slightly to allow several servers to share a same cookie, thus making it possible to associate backup servers to live servers and ease soft-stop for maintenance periods. (Alexander Lazic) - added the cookie 'prefix' mode which makes it possible to use persistence with thin clients which support only one cookie. The server name is prefixed before the application cookie, and restore back. - fixed the order of servers within an instance to match documentation. Now the servers are *really* used in the order of their declaration. This is particularly important when multiple backup servers are in use. 2004/10/18 : 1.2.2 (1.1.29) - fixed a bug where a TCP connection would be logged twice if the 'logasap' option was enabled without the 'tcplog' option. - encode_string() would use hdr_encode_map instead of the map argument. 2004/08/10 : (1.1.29-pre2) - the logged request is now encoded with '#XX' for unprintable characters - new keywords 'capture request header' and 'capture response header' enable logging of arbitrary HTTP headers in requests and responses - removed "-DSOLARIS" after replacing the last inet_aton() with inet_pton() 2004/06/06 : 1.2.1 (1.1.28) - added the '-V' command line option to verbosely report errors even though the -q or 'quiet' options are specified. This is useful with '-c'. - added a Red Hat init script and a .spec from Simon Matter 2004/06/05 : - added the "logasap" option which produces a log without waiting for the data to be transferred from the server to the client. - added the "httpclose" option which removes any "connection:" header and adds "Connection: close" in both direction. - added the 'checkcache' option which blocks cacheable responses containing dangerous headers, such as 'set-cookie'. - added 'rspdeny' and 'rspideny' to block certain responses to avoid sensible information leak from servers. 2004/04/18 : - send an EMERG log when no server is available for a given proxy - added the '-c' command line option to syntactically check the configuration file without starting the service. 2003/11/09 : 1.2.0 - the same as 1.1.27 + IPv6 support on the client side 2003/10/27 : 1.1.27 - the configurable HTTP health check introduced in 1.1.23 revealed a shameful bug : the code still assumed that HTTP requests were the same size as the original ones (22 bytes), and failed if they were not. - added support for pidfiles. 2003/10/22 : 1.1.26 - the fix introduced in 1.1.25 for client timeouts while waiting for servers broke almost all compatibility with POST requests, because the proxy stopped to read anything from the client as soon as it got all of its headers. 2003/10/15 : 1.1.25 - added the 'tcplog' option, which provides enhanced, HTTP-like logs for generic TCP proxies, or lighter logs for HTTP proxies. - fixed a time-out condition wrongly reported as client time-out in data phase if the client timeout was lower than the connect timeout times the number of retries. 2003/09/21 : 1.1.24 - if a client sent a full request then shut its write connection down, then the request was aborted. This case was detected only when using haproxy both as health-check client and as a server. - if 'option httpchk' is used in a 'health' mode server, then responses will change from 'OK' to 'HTTP/1.0 200 OK'. - fixed a Linux-only bug in case of HTTP server health-checks, where a single server response followed by a close could be ignored, and the server seen as failed. 2003/09/19 : 1.1.23 - fixed a stupid bug introduced in 1.1.22 which caused second and subsequent 'default' sections to keep previous parameters, and not initialize logs correctly. - fixed a second stupid bug introduced in 1.1.22 which caused configurations relying on 'dispatch' mode to segfault at the first connection. - 'option httpchk' now supports method, HTTP version and a few headers. - now, 'option httpchk', 'cookie' and 'capture' can be specified in 'defaults' section 2003/09/10 : 1.1.22 - 'listen' now supports optionnal address:port-range lists - 'bind' introduced to add new listen addresses - fixed a bug which caused a session to be kept established on a server till it timed out if the client closed during the DATA phase. - the port part of each server address can now be empty to make the proxy connect to the server on the same port it was connected to, be an absolute unsigned number to reflect a single port (as in older versions), or an explicitly signed number (+N/-N) to indicate that this offset must be applied to the port the proxy was connected to, when connecting to the server. - the 'port' server option allows the user to specify a different health-check port than the service one. It is mandatory when only relative ports have been specified and check is required. By default, the checks are sent to the service port. - new 'defaults' section which is rather similar to 'listen' except that all values are only used as default values for future 'listen' sections, until a new 'defaults' resets them. At the moment, server options, regexes, cookie names and captures cannot be set in the 'defaults' section. 2003/05/06 : 1.1.21 - changed the debug output format so that it now includes the session unique ID followed by the instance name at the beginning of each line. - in debug mode, accept now shows the client's IP and port. - added one 3 small debugging scripts to search and pretty print debug output - changed the default health check request to "OPTIONS /" instead of "OPTIONS *" since not all servers implement the later one. - "option httpchk" now accepts an optional parameter allowing the user to specify and URI other than '/' during health-checks. 2003/04/21 : 1.1.20 - fixed two problems with time-outs, one where a server would be logged as timed out during transfer that take longer to complete than the fixed time-out, and one where clients were logged as timed-out during the data phase because they didn't have anything to send. This sometimes caused slow client connections to close too early while in fact there was no problem. The proper fix would be to have a per-fd time-out with conditions depending on the state of the HTTP FSM. 2003/04/16 : 1.1.19 - haproxy was NOT RFC compliant because it was case-sensitive on HTTP "Cookie:" and "Set-Cookie:" headers. This caused JVM 1.4 to fail on cookie persistence because it uses "cookie:". Two memcmp() have been replaced with strncasecmp(). 2003/04/02 : 1.1.18 - Haproxy can be compiled with PCRE regex instead of libc regex, by setting REGEX=pcre on the make command line. - HTTP health-checks now use "OPTIONS *" instead of "OPTIONS /". - when explicit source address binding is required, it is now also used for health-checks. - added 'reqpass' and 'reqipass' to allow certain headers but not the request itself. - factored several strings to reduce binary size by about 2 kB. - replaced setreuid() and setregid() with more standard setuid() and setgid(). - added 4 status flags to the log line indicating who ended the connection first, the sessions state, the validity of the cookie, and action taken on the set-cookie header. 2002/10/18 : 1.1.17 - add the notion of "backup" servers, which are used only when all other servers are down. - make Set-Cookie return "" instead of "(null)" when the server has no cookie assigned (useful for backup servers). - "log" now supports an optionnal level name (info, notice, err ...) above which nothing is sent. - replaced some strncmp() with memcmp() for better efficiency. - added "capture cookie" option which logs client and/or server cookies - cleaned up/down messages and dump servers states upon SIGHUP - added a redirection feature for errors : "errorloc " - now we won't insist on connecting to a dead server, even with a cookie, unless option "persist" is specified. - added HTTP/408 response for client request time-out and HTTP/50[234] for server reply time-out or errors. 2002/09/01 : 1.1.16 - implement HTTP health checks when option "httpchk" is specified. 2002/08/07 : 1.1.15 - replaced setpgid()/setpgrp() with setsid() for better portability, because setpgrp() doesn't have the same meaning under Solaris, Linux, and OpenBSD. 2002/07/20 : 1.1.14 - added "postonly" cookie mode 2002/07/15 : 1.1.13 - tv_diff used inverted parameters which led to negative times ! 2002/07/13 : 1.1.12 - fixed stats monitoring, and optimized some tv_* for most common cases. - replaced temporary 'newhdr' with 'trash' to reduce stack size - made HTTP errors more HTML-fiendly. - renamed strlcpy() to strlcpy2() because of a slightly difference between their behaviour (return value), to avoid confusion. - restricted HTTP messages to HTTP proxies only - added a 502 message when the connection has been refused by the server, to prevent clients from believing this is a zero-byte HTTP 0.9 reply. - changed 'Cache-control:' from 'no-cache="set-cookie"' to 'private' when inserting a cookie, because some caches (apache) don't understand it. - fixed processing of server headers when client is in SHUTR state 2002/07/04 : - automatically close fd's 0,1 and 2 when going daemon ; setpgrp() after setpgid() 2002/06/04 : 1.1.11 - fixed multi-cookie handling in client request to allow clean deletion in insert+indirect mode. Now, only the server cookie is deleted and not all the header. Should now be compliant to RFC2965. - added a "nocache" option to "cookie" to specify that we explicitly want to add a "cache-control" header when we add a cookie. It is also possible to add an "Expires: " to keep compatibility with old/broken caches. 2002/05/10 : 1.1.10 - if a cookie is used in insert+indirect mode, it's desirable that the the servers don't see it. It was not possible to remove it correctly with regexps, so now it's removed automatically. 2002/04/19 : 1.1.9 - don't use snprintf()'s return value as an end of message since it may be larger. This caused bus errors and segfaults in internal libc's getenv() during localtime() in send_log(). - removed dead insecure send_syslog() function and all references to it. - fixed warnings on Solaris due to buggy implementation of isXXXX(). 2002/04/18 : 1.1.8 - option "dontlognull" - fixed "double space" bug in config parser - fixed an uninitialized server field in case of dispatch with no existing server which could cause a segfault during logging. - the pid logged was always the father's, which was wrong for daemons. - fixed wrong level "LOG_INFO" for message "proxy started". 2002/04/13 : - http logging is now complete : - ip:port, date, proxy, server - req_time, conn_time, hdr_time, tot_time - status, size, request - source address 2002/04/12 : 1.1.7 - added option forwardfor - added reqirep, reqidel, reqiallow, reqideny, rspirep, rspidel - added "log global" in "listen" section. 2002/04/09 : - added a new "global" section : - logs - debug, quiet, daemon modes - uid, gid, chroot, nbproc, maxconn 2002/04/08 : 1.1.6 - regex are now chained and not limited anymore. - unavailable server now returns HTTP/502. - increased per-line args limit to 40 - added reqallow/reqdeny to block some request on matches - added HTTP 400/403 responses 2002/04/03 : 1.1.5 - connection logging displayed incorrect source address. - added proxy start/stop and server up/down log events. - replaced log message short buffers with larger trash. - enlarged buffer to 8 kB and replace buffer to 4 kB. 2002/03/25 : 1.1.4 - made rise/fall/interval time configurable 2002/03/22 : 1.1.3 - fixed a bug : cr_expire and cw_expire were inverted in CL_STSHUT[WR] which could lead to loops. 2002/03/21 : 1.1.2 - fixed a bug in buffer management where we could have a loop between event_read() and process_{cli|srv} if R==BUFSIZE-MAXREWRITE. => implemented an adjustable buffer limit. - fixed a bug : expiration of tasks in wait queue timeout is used again, and running tasks are skipped. - added some debug lines for accept events. - send warnings for servers up/down. 2002/03/12 : 1.1.1 - fixed a bug in total failure handling - fixed a bug in timestamp comparison within same second (tv_cmp_ms) 2002/03/10 : 1.1.0 - fixed a few timeout bugs - rearranged the task scheduler subsystem to improve performance, add new tasks, and make it easier to later port to librt ; - allow multiple accept() for one select() wake up ; - implemented internal load balancing with basic health-check ; - cookie insertion and header add/replace/delete, with better strings support. 2002/03/08 - reworked buffer handling to fix a few rewrite bugs, and improve overall performance. - implement the "purge" option to delete server cookies in direct mode. 2002/03/07 - fixed some error cases where the maxfd was not decreased. 2002/02/26 - now supports transparent proxying, at least on linux 2.4. 2002/02/12 - soft stop works again (fixed select timeout computation). - it seems that TCP proxies sometimes cannot timeout. - added a "quiet" mode. - enforce file descriptor limitation on socket() and accept(). 2001/12/30 : release of version 1.0.2 : fixed a bug in header processing 2001/12/19 : release of version 1.0.1 : no MSG_NOSIGNAL on solaris 2001/12/16 : release of version 1.0.0. 2001/12/16 : added syslog capability for each accepted connection. 2001/11/19 : corrected premature end of files and occasional SIGPIPE. 2001/10/31 : added health-check type servers (mode health) which replies OK then closes. 2001/10/30 : added the ability to support standard TCP proxies and HTTP proxies with or without cookies (use keyword http for this). 2001/09/01 : added client/server header replacing with regexps. eg: cliexp ^(Host:\ [^:]*).* Host:\ \1:80 srvexp ^Server:\ .* Server:\ Apache 2000/11/29 : first fully working release with complete FSMs and timeouts. 2000/11/28 : major rewrite 2000/11/26 : first write