ChangeLog : =========== 2016/12/25 : 1.5.19 - BUG/MAJOR: fix listening IP address storage for frontends - CLEANUP: connection: fix double negation on memcmp() - BUG/MEDIUM: sticktables: segfault in some configuration error cases - BUG/MINOR: http: add-header: header name copied twice - BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params() - BUG/MINOR: http: url32+src should use the big endian version of url32 - BUG/MINOR: http: url32+src should check cli_conn before using it - DOC: http: add documentation for url32 and url32+src - MINOR: systemd: Use variable for config and pidfile paths - MINOR: systemd: Perform sanity check on config before reload - BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual limits - BUG/MINOR: init: ensure that FD limit is raised to the max allowed - Revert "BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()" - BUG/MEDIUM: stream-int: completely detach connection on connect error - DOC: minor typo fixes to improve HTML parsing by haproxy-dconv - BUG/MAJOR: compression: initialize avail_in/next_in even during flush - BUG/MAJOR: stick-counters: possible crash when using sc_trackers with wrong table - BUG/MAJOR: stream: properly mark the server address as unset on connect retry - BUG/MINOR: payload: fix SSLv2 version parser - MINOR: cli: allow the semi-colon to be escaped on the CLI - BUG/MINOR: displayed PCRE version is running release - MINOR: show Built with PCRE version - MINOR: show Running on zlib version - BUG/MINOR: ssl: Check malloc return code - BUG/MINOR: ssl: prevent multiple entries for the same certificate - BUG/MINOR: systemd: make the wrapper return a non-null status code on error - BUILD/CLEANUP: systemd: avoid a warning due to mixed code and declaration - BUG/MINOR: systemd: always restore signals before execve() - BUG/MINOR: systemd: check return value of calloc() - MINOR: systemd: report it when execve() fails - BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed - BUILD: poll: remove unused hap_fd_isset() which causes a warning with clang - DOC: Fix typo in description of `-st` parameter in man page - BUG/MEDIUM: peers: fix use after free in peer_session_create() - BUG/MEDIUM: systemd-wrapper: return correct exit codes - BUG/MINOR: stick-table: handle out-of-memory condition gracefully - BUG/MEDIUM: connection: check the control layer before stopping polling - BUG/MEDIUM: stick-table: fix regression caused by recent fix for out-of-memory - BUG/MINOR: cli: properly decrement ref count on tables during failed dumps - BUG/MINOR: cli: fix pointer size when reporting data/transport layer name - BUG/MINOR: cli: dequeue from the proxy when changing a maxconn - BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos - BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect - DOC: fix small typo in fe_id (backend instead of frontend) - BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake - BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled - BUG/MINOR: systemd: potential zombie processes 2016/05/10 : 1.5.18 - DOC: Clarify IPv4 address / mask notation rules - CLEANUP: fix inconsistency between fd->iocb, proto->accept and accept() - BUG/MEDIUM: fix maxaccept computation on per-process listeners - BUG/MINOR: listener: stop unbound listeners on startup - BUG/MINOR: fix maxaccept computation according to the frontend process range - MEDIUM: unblock signals on startup. - BUG/MEDIUM: channel: don't allow to overwrite the reserve until connected - BUG/MEDIUM: channel: incorrect polling condition may delay event delivery - BUG/MEDIUM: channel: fix miscalculation of available buffer space (3rd try) - MINOR: channel: add new function channel_congested() - BUG/MEDIUM: http: fix risk of CPU spikes with pipelined requests from dead client - BUG/MAJOR: channel: fix miscalculation of available buffer space (4th try) - BUG/MEDIUM: stream: ensure the SI_FL_DONT_WAKE flag is properly cleared - BUG/MEDIUM: channel: fix inconsistent handling of 4GB-1 transfers - MINOR: stats: fix typo in help messages 2016/04/13 : 1.5.17 - BUG/MINOR: log: Don't use strftime() which can clobber timezone if chrooted - BUG/MINOR: conf: "listener id" expects integer, but its not checked - BUG/MAJOR: Fix crash in http_get_fhdr with exactly MAX_HDR_HISTORY headers - DOC: "addr" parameter applies to both health and agent checks - DOC: timeout client: pointers to timeout http-request - DOC: typo on stick-store response - DOC: typo: ACL subdir match - DOC: typo: maxconn paragraph is wrong due to a wrong buffer size - DOC: typo: req.uri is now replaced by capture.req.uri - DOC: fix "needed" typo - BUG/MINOR : allow to log cookie for tarpit and denied request - BUG/MAJOR: channel: fix miscalculation of available buffer space (2nd try) - DOC: fix discrepancy in the example for http-request redirect 2016/03/14 : 1.5.16 - BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin. - BUG/MINOR: acl: don't use record layer in req_ssl_ver - BUG: http: do not abort keep-alive connections on server timeout - BUG/MEDIUM: http: switch the request channel to no-delay once done. - MINOR: config: extend the default max hostname length to 64 and beyond - BUG/MEDIUM: http: don't enable auto-close on the response side - BUG/MEDIUM: stream: fix half-closed timeout handling - BUG/MEDIUM: cli: changing compression rate-limiting must require admin level - BUILD: freebsd: double declaration - BUG/MEDIUM: sample: urlp can't match an empty value - BUG/MEDIUM: peers: table entries learned from a remote are pushed to others after a random delay. - BUG/MEDIUM: peers: old stick table updates could be repushed. - CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro. - BUG/MINOR: chunk: make chunk_dup() always check and set dst->size - MINOR: chunks: ensure that chunk_strcpy() adds a trailing zero - MINOR: chunks: add chunk_strcat() and chunk_newstr() - MINOR: chunk: make chunk_initstr() take a const string - BUG/MEDIUM: config: Adding validation to stick-table expire value. - BUG/MEDIUM: sample: http_date() doesn't provide the right day of the week - BUG/MEDIUM: channel: fix miscalculation of available buffer space. - BUG/MINOR: stream: don't force retries if the server is DOWN - MINOR: unix: don't mention free ports on EAGAIN - BUG/CLEANUP: CLI: report the proper field states in "show sess" - MINOR: stats: send content-length with the redirect to allow keep-alive - BUG: stream_interface: Reuse connection even if the output channel is empty - DOC: remove old tunnel mode assumptions - DOC: add server name at rate-limit sessions example - BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation - BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation - BUG/MEDIUM: stats: stats bind-process doesn't propagate the process mask correctly - BUG/MINOR: http: Be sure to process all the data received from a server - BUG/MEDIUM: chunks: always reject negative-length chunks - BUG/MINOR: systemd: ensure we don't miss signals - BUG/MINOR: systemd: report the correct signal in debug message output - BUG/MINOR: systemd: propagate the correct signal to haproxy - MINOR: systemd: ensure a reload doesn't mask a stop - CLEANUP: stats: Avoid computation with uninitialized bits. - CLEANUP: pattern: Ignore unknown samples in pat_match_ip(). - CLEANUP: map: Avoid memory leak in out-of-memory condition. - BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and last rule is a CONNECT with no port - BUG/MINOR: tcpcheck: fix incorrect list usage resulting in failure to load certain configs - MINOR: cfgparse: warn when uid parameter is not a number - MINOR: cfgparse: warn when gid parameter is not a number - BUG/MINOR: standard: Avoid free of non-allocated pointer - BUG/MINOR: pattern: Avoid memory leak on out-of-memory condition - CLEANUP: http: fix a build warning introduced by a recent fix - BUG/MINOR: log: GMT offset not updated when entering/leaving DST 2015/11/01 : 1.5.15 - BUG/MINOR: log: missing some ARGC_* entries in fmt_directives() - DOC: usesrc root privileges requirements - BUILD: ssl: Allow building against libssl without SSLv3. - DOC/MINOR: fix OpenBSD versions where haproxy works - BUG/MINOR: http/sample: gmtime/localtime can fail - DOC: typo in 'redirect', 302 code meaning - DOC: mention that %ms is left-padded with zeroes. - CLEANUP: .gitignore: ignore more test files - CLEANUP: .gitignore: finally ignore everything but what is known. - MEDIUM: config: emit a warning on a frontend without listener - BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 creates a missing entry - DOC: ssl: missing LF - DOC: fix example of http-request using ssl_fc_session_id - BUG/MINOR: http: remove stupid HTTP_METH_NONE entry - BUG/MAJOR: http: don't call http_send_name_header() after an error - BUG/MINOR: tools: make str2sa_range() report unresolvable addresses - BUG/MEDIUM: acl: always accept match "found" - DOC: clarify how to make use of abstract sockets in socat - CLEANUP: config: make the errorloc/errorfile messages less confusing - BUG/MINOR: config: check that tune.bufsize is always positive - BUG/MEDIUM: proxy: ignore stopped peers - BUG/MEDIUM: proxy: do not wake stopped proxies' tasks during soft_stop() - BUG/MINOR: http: Add OPTIONS in supported http methods (found by find_http_meth) - BUILD: enable build on Linux/s390x - DOC: backend section missing parameters - DOC: stats paramaters available in frontend - BUG/MINOR: config: make the stats socket pass the correct proxy to the parsers - BUG/MEDIUM: pattern: fixup use_after_free in the pat_ref_delete_by_id - CLEANUP: don't ignore debian/ directory if present - FIX: small typo in an example using the "Referer" header - BUG/MEDIUM: config: count memory limits on 64 bits, not 32 - DOC: add a CONTRIBUTING file 2015/07/03 : 1.5.14 - BUILD/MINOR: tools: rename popcount to my_popcountl - BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data 2015/06/26 : 1.5.13 - BUG/MINOR: check: fix tcpcheck error message - CLEANUP: deinit: remove codes for cleaning p->block_rules - DOC: Update doc about weight, act and bck fields in the statistics - MINOR: ssl: add a destructor to free allocated SSL ressources - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten - MEDIUM: ssl: replace standards DH groups with custom ones - BUG/MINOR: debug: display (null) in place of "meth" - BUG/MINOR: cfgparse: fix typo in 'option httplog' error message - BUG/MEDIUM: cfgparse: segfault when userlist is misused - BUG/MEDIUM: stats: properly initialize the scope before dumping stats - BUG/MEDIUM: http: don't forward client shutdown without NOLINGER except for tunnels - CLEANUP: checks: fix double usage of cur / current_step in tcp-checks - BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end - CLEANUP: checks: simplify the loop processing of tcp-checks - BUG/MAJOR: checks: always check for end of list before proceeding - BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct - BUG/MEDIUM: peers: apply a random reconnection timeout - BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id - MEDIUM: init: don't stop proxies in parent process when exiting - MINOR: peers: store the pointer to the signal handler - MEDIUM: peers: unregister peers that were never started - MEDIUM: config: propagate the table's process list to the peers sections - MEDIUM: init: stop any peers section not bound to the correct process - MEDIUM: config: validate that peers sections are bound to exactly one process - MAJOR: peers: allow peers section to be used with nbproc > 1 - DOC: relax the peers restriction to single-process - CLEANUP: config: fix misleading information in error message. - MINOR: config: report the number of processes using a peers section in the error case - BUG/MEDIUM: config: properly compute the default number of processes for a proxy 2015/05/02 : 1.5.12 - BUG/MINOR: ssl: Display correct filename in error message - DOC: Fix L4TOUT typo in documentation - BUG/MEDIUM: Do not consider an agent check as failed on L7 error - BUG/MINOR: pattern: error message missing - BUG/MEDIUM: pattern: some entries are not deleted with case insensitive match - BUG/MEDIUM: buffer: one byte miss in buffer free space check - BUG/MAJOR: http: don't read past buffer's end in http_replace_value - BUG/MEDIUM: http: the function "(req|res)-replace-value" doesn't respect the HTTP syntax - BUG/MEDIUM: peers: correctly configure the client timeout - BUG/MINOR: compression: consider the expansion factor in init - BUG/MEDIUM: http: hdr_cnt would not count any header when called without name - BUG/MEDIUM: listener: don't report an error when resuming unbound listeners - BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only - BUG/MEDIUM: stream-int: always reset si->ops when si->end is nullified - BUG/MEDIUM: http: remove content-length from chunked messages - DOC: http: update the comments about the rules for determining transfer-length - BUG/MEDIUM: http: do not restrict parsing of transfer-encoding to HTTP/1.1 - BUG/MEDIUM: http: incorrect transfer-coding in the request is a bad request - BUG/MEDIUM: http: remove content-length form responses with bad transfer-encoding - MEDIUM: http: restrict the HTTP version token to 1 digit as per RFC7230 - MEDIUM: http: add option-ignore-probes to get rid of the floods of 408 - BUG/MINOR: config: clear proxy->table.peers.p for disabled proxies - MINOR: stick-table: don't attach to peers in stopped state - MEDIUM: config: initialize stick-tables after peers, not before - MEDIUM: peers: add the ability to disable a peers section - DOC: document option http-ignore-probes - DOC: fix the comments about the meaning of msg->sol in HTTP - BUG/MEDIUM: http: wait for the exact amount of body bytes in wait_for_request_body - BUG/MAJOR: http: prevent risk of reading past end with balance url_param - DOC: update the doc on the proxy protocol 2015/02/01 : 1.5.11 - BUG/MEDIUM: backend: correctly detect the domain when use_domain_only is used - MINOR: ssl: load certificates in alphabetical order - BUG/MINOR: checks: prevent http keep-alive with http-check expect - BUG/MEDIUM: Do not set agent health to zero if server is disabled in config - MEDIUM/BUG: Only explicitly report "DOWN (agent)" if the agent health is zero - BUG/MINOR: stats:Fix incorrect printf type. - DOC: add missing entry for log-format and clarify the text - BUG/MEDIUM: http: fix header removal when previous header ends with pure LF - BUG/MEDIUM: channel: fix possible integer overflow on reserved size computation - BUG/MINOR: channel: compare to_forward with buf->i, not buf->size - MINOR: channel: add channel_in_transit() - MEDIUM: channel: make buffer_reserved() use channel_in_transit() - MEDIUM: channel: make bi_avail() use channel_in_transit() - BUG/MEDIUM: channel: don't schedule data in transit for leaving until connected - BUG/MAJOR: log: don't try to emit a log if no logger is set - BUG/MINOR: args: add missing entry for ARGT_MAP in arg_type_names - BUG/MEDIUM: http: make http-request set-header compute the string before removal - BUG/MINOR: http: fix incorrect header value offset in replace-hdr/replace-value - BUG/MINOR: http: abort request processing on filter failure 2014/12/31 : 1.5.10 - DOC: fix a few typos - BUG/MINOR: http: fix typo: "401 Unauthorized" => "407 Unauthorized" - BUG/MINOR: parse: refer curproxy instead of proxy - DOC: httplog does not support 'no' - MINOR: map/acl/dumpstats: remove the "Done." message - BUG/MEDIUM: sample: fix random number upper-bound - BUG/MEDIUM: patterns: previous fix was incomplete - BUG/MEDIUM: payload: ensure that a request channel is available - BUG/MINOR: tcp-check: don't condition data polling on check type - BUG/MEDIUM: tcp-check: don't rely on random memory contents - BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect - BUG/MINOR: config: fix typo in condition when propagating process binding - BUG/MEDIUM: config: do not propagate processes between stopped processes - BUG/MAJOR: stream-int: properly check the memory allocation return - BUG/MEDIUM: memory: fix freeing logic in pool_gc2() - BUG/MEDIUM: compression: correctly report zlib_mem 2014/11/26 : 1.5.9 - BUILD: fix "make install" to support spaces in the install dirs - BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks - BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM. - BUG/MINOR: samples: fix unnecessary memcopy converting binary to string. - BUG/MEDIUM: connection: sanitize PPv2 header length before parsing address information - BUG/MEDIUM: pattern: don't load more than once a pattern list. - BUG/MEDIUM: ssl: force a full GC in case of memory shortage - BUG/MINOR: config: don't inherit the default balance algorithm in frontends - BUG/MAJOR: frontend: initialize capture pointers earlier - BUG/MINOR: stats: correctly set the request/response analysers - DOC: fix typo in the body parser documentation for msg.sov - BUG/MINOR: peers: the buffer size is global.tune.bufsize, not trash.size - MINOR: sample: add a few basic internal fetches (nbproc, proc, stopping) - BUG/MAJOR: sessions: unlink session from list on out of memory 2014/10/31 : 1.5.8 - BUG/MAJOR: buffer: check the space left is enough or not when input data in a buffer is wrapped - BUG/BUILD: revert accidental change in the makefile from latest SSL fix 2014/10/30 : 1.5.7 - BUG/MEDIUM: regex: fix pcre_study error handling - BUG/MINOR: log: fix request flags when keep-alive is enabled - MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER formatted certs - MINOR: ssl: add statement to force some ssl options in global. - BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates - BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR - BUG/MAJOR: cli: explicitly call cli_release_handler() upon error - BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol - BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets 2014/10/18 : 1.5.6 - BUG/MEDIUM: systemd: set KillMode to 'mixed' - MINOR: systemd: Check configuration before start - BUG/MEDIUM: config: avoid skipping disabled proxies - BUG/MINOR: config: do not accept more track-sc than configured - BUG/MEDIUM: backend: fix URI hash when a query string is present 2014/10/08 : 1.5.5 - DOC: Address issue where documentation is excluded due to a gitignore rule. - MEDIUM: Improve signal handling in systemd wrapper. - BUG/MINOR: config: don't propagate process binding for dynamic use_backend - MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper - DOC: clearly state that the "show sess" output format is not fixed - MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer() - DOC: indicate in the doc that track-sc* can wait if data are missing - MEDIUM: http: enable header manipulation for 101 responses - BUG/MEDIUM: config: propagate frontend to backend process binding again. - MEDIUM: config: properly propagate process binding between proxies - MEDIUM: config: make the frontends automatically bind to the listeners' processes - MEDIUM: config: compute the exact bind-process before listener's maxaccept - MEDIUM: config: only warn if stats are attached to multi-process bind directives - MEDIUM: config: report it when tcp-request rules are misplaced - MINOR: config: detect the case where a tcp-request content rule has no inspect-delay - MEDIUM: systemd-wrapper: support multiple executable versions and names - BUG/MEDIUM: remove debugging code from systemd-wrapper - BUG/MEDIUM: http: adjust close mode when switching to backend - BUG/MINOR: config: don't propagate process binding on fatal errors. - BUG/MEDIUM: check: rule-less tcp-check must detect connect failures - BUG/MINOR: tcp-check: report the correct failed step in the status - DOC: indicate that weight zero is reported as DRAIN 2014/09/02 : 1.5.4 - BUG: config: error in http-response replace-header number of arguments - BUG/MINOR: Fix search for -p argument in systemd wrapper. - BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm - BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported - MEDIUM: connection: add new bit in Proxy Protocol V2 - BUG/MINOR: server: move the directive #endif to the end of file - BUG/MEDIUM: http: tarpit timeout is reset - BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc* - BUG/MEDIUM: http: fix inverted condition in pat_match_meth() - BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs - BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg() - BUG/MEDIUM: acl: correctly compute the output type when a converter is used - CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix - BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer 2014/07/25 : 1.5.3 - DOC: fix typo in Unix Socket commands - BUG/MEDIUM: connection: fix memory corruption when building a proxy v2 header - BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange - DOC: mention that Squid correctly responds 400 to PPv2 header - BUG/MINOR: http: base32+src should use the big endian version of base32 - BUG/MEDIUM: connection: fix proxy v2 header again! 2014/07/12 : 1.5.2 - BUG/MEDIUM: backend: Update hash to use unsigned int throughout - BUG/MINOR: ssl: Fix external function in order not to return a pointer on an internal trash buffer. - DOC: expand the docs for the provided stats. - BUG/MEDIUM: unix: do not unlink() abstract namespace sockets upon failure. - MINOR: stats: fix minor typo in HTML page - BUG/MEDIUM: http: fetch "base" is not compatible with set-header - BUG/MINOR: counters: do not untrack counters before logging - BUG/MAJOR: sample: correctly reinitialize sample fetch context before calling sample_process() - MINOR: stick-table: make stktable_fetch_key() indicate why it failed - BUG/MEDIUM: counters: fix track-sc* to wait on unstable contents - BUILD: remove TODO from the spec file and add README - MINOR: log: make MAX_SYSLOG_LEN overridable at build time - MEDIUM: log: support a user-configurable max log line length - DOC: provide an example of how to use ssl_c_sha1 - BUILD: http: fix isdigit & isspace warnings on Solaris - BUG/MINOR: listener: set the listener's fd to -1 after deletion - BUG/MEDIUM: unix: failed abstract socket binding is retryable - MEDIUM: listener: implement a per-protocol pause() function - MEDIUM: listener: support rebinding during resume() - BUG/MEDIUM: unix: completely unbind abstract sockets during a pause() - DOC: explicitly mention the limits of abstract namespace sockets - DOC: minor fix on {sc,src}_kbytes_{in,out} - DOC: fix alphabetical sort of converters - BUG/MAJOR: http: correctly rewind the request body after start of forwarding - DOC: remove references to CPU=native in the README - DOC: mention that "compression offload" is ignored in defaults section 2014/06/24 : 1.5.1 - BUG/MINOR: config: http-request replace-header arg typo - BUG/MINOR: ssl: rejects OCSP response without nextupdate. - BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses. - BUG/MINOR: ssl: Fix OCSP resp update fails with the same certificate configured twice. (cherry picked from commit 1d3865b096b43b9a6d6a564ffb424ffa6f1ef79f) - BUG/MEDIUM: Consistently use 'check' in process_chk - BUG/MAJOR: session: revert all the crappy client-side timeout changes - BUG/MINOR: logs: properly initialize and count log sockets 2014/06/19 : 1.5.0 - MEDIUM: ssl: ignored file names ending as '.issuer' or '.ocsp'. - MEDIUM: ssl: basic OCSP stapling support. - MINOR: ssl/cli: Fix unapropriate comment in code on 'set ssl ocsp-response' - MEDIUM: ssl: add 300s supported time skew on OCSP response update. - MINOR: checks: mysql-check: Add support for v4.1+ authentication - MEDIUM: ssl: Add the option to use standardized DH parameters >= 1024 bits - MEDIUM: ssl: fix detection of ephemeral diffie-hellman key exchange by using the cipher description. - MEDIUM: http: add actions "replace-header" and "replace-values" in http-req/resp - MEDIUM: Break out check establishment into connect_chk() - MEDIUM: Add port_to_str helper - BUG/MEDIUM: fix ignored values for half-closed timeouts (client-fin and server-fin) in defaults section. - BUG/MEDIUM: Fix unhandled connections problem with systemd daemon mode and SO_REUSEPORT. - MINOR: regex: fix a little configuration memory leak. - MINOR: regex: Create JIT compatible function that return match strings - MEDIUM: regex: replace all standard regex function by own functions - MEDIUM: regex: Remove null terminated strings. - MINOR: regex: Use native PCRE API. - MINOR: missing regex.h include - DOC: Add Exim as Proxy Protocol implementer. - BUILD: don't use type "uint" which is not portable - BUILD: stats: workaround stupid and bogus -Werror=format-security behaviour - BUG/MEDIUM: http: clear CF_READ_NOEXP when preparing a new transaction - CLEANUP: http: don't clear CF_READ_NOEXP twice - DOC: fix proxy protocol v2 decoder example - DOC: fix remaining occurrences of "pattern extraction" - MINOR: log: allow the HTTP status code to be logged even in TCP frontends - MINOR: logs: don't limit HTTP header captures to HTTP frontends - MINOR: sample: improve sample_fetch_string() to report partial contents - MINOR: capture: extend the captures to support non-header keys - MINOR: tcp: prepare support for the "capture" action - MEDIUM: tcp: add a new tcp-request capture directive - MEDIUM: session: allow shorter retry delay if timeout connect is small - MEDIUM: session: don't apply the retry delay when redispatching - MEDIUM: session: redispatch earlier when possible - MINOR: config: warn when tcp-check rules are used without option tcp-check - BUG/MINOR: connection: make proxy protocol v1 support the UNKNOWN protocol - DOC: proxy protocol example parser was still wrong - DOC: minor updates to the proxy protocol doc - CLEANUP: connection: merge proxy proto v2 header and address block - MEDIUM: connection: add support for proxy protocol v2 in accept-proxy - MINOR: tools: add new functions to quote-encode strings - DOC: clarify the CSV format - MEDIUM: stats: report the last check and last agent's output on the CSV status - MINOR: freq_ctr: introduce a new averaging method - MEDIUM: session: maintain per-backend and per-server time statistics - MEDIUM: stats: report per-backend and per-server time stats in HTML and CSV outputs - BUG/MINOR: http: fix typos in previous patch - DOC: remove the ultra-obsolete TODO file - DOC: update roadmap - DOC: minor updates to the README - DOC: mention the maxconn limitations with the select poller - DOC: commit a few old design thoughts files 2014/05/28 : 1.5-dev26 - BUG/MEDIUM: polling: fix possible CPU hogging of worker processes after receiving SIGUSR1. - BUG/MINOR: stats: fix a typo on a closing tag for a server tracking another one - OPTIM: stats: avoid the calculation of a useless link on tracking servers in maintenance - MINOR: fix a few memory usage errors - CONTRIB: halog: Filter input lines by date and time through timestamp - MINOR: ssl: SSL_CTX_set_options() and SSL_CTX_set_mode() take a long, not an int - BUG/MEDIUM: regex: fix risk of buffer overrun in exp_replace() - MINOR: acl: set "str" as default match for strings - DOC: Add some precisions about acl default matching method - MEDIUM: acl: strenghten the option parser to report invalid options - BUG/MEDIUM: config: a stats-less config crashes in 1.5-dev25 - BUG/MINOR: checks: tcp-check must not stop on '\0' for binary checks - MINOR: stats: improve alignment of color codes to save one line of header - MINOR: checks: simplify and improve reporting of state changes when using log-health-checks - MINOR: server: remove the SRV_DRAIN flag which can always be deduced - MINOR: server: use functions to detect state changes and to update them - MINOR: server: create srv_was_usable() from srv_is_usable() and use a pointer - BUG/MINOR: stats: do not report "100%" in the thottle column when server is draining - BUG/MAJOR: config: don't free valid regex memory - BUG/MEDIUM: session: don't clear CF_READ_NOEXP if analysers are not called - BUG/MINOR: stats: tracking servers may incorrectly report an inherited DRAIN status - MEDIUM: proxy: make timeout parser a bit stricter - REORG/MEDIUM: server: split server state and flags in two different variables - REORG/MEDIUM: server: move the maintenance bits out of the server state - MAJOR: server: use states instead of flags to store the server state - REORG: checks: put the functions in the appropriate files ! - MEDIUM: server: properly support and propagate the maintenance status - MEDIUM: server: allow multi-level server tracking - CLEANUP: checks: rename the server_status_printf function - MEDIUM: checks: simplify server up/down/nolb transitions - MAJOR: checks: move health checks changes to set_server_check_status() - MINOR: server: make the status reporting function support a reason - MINOR: checks: simplify health check reporting functions - MINOR: server: implement srv_set_stopped() - MINOR: server: implement srv_set_running() - MINOR: server: implement srv_set_stopping() - MEDIUM: checks: simplify failure notification using srv_set_stopped() - MEDIUM: checks: simplify success notification using srv_set_running() - MEDIUM: checks: simplify stopping mode notification using srv_set_stopping() - MEDIUM: stats: report a server's own state instead of the tracked one's - MINOR: server: make use of srv_is_usable() instead of checking eweight - MAJOR: checks: add support for a new "drain" administrative mode - MINOR: stats: use the admin flags for soft enable/disable/stop/start on the web page - MEDIUM: stats: introduce new actions to simplify admin status management - MINOR: cli: introduce a new "set server" command - MINOR: stats: report a distinct output for DOWN caused by agent - MINOR: checks: support specific check reporting for the agent - MINOR: checks: support a neutral check result - BUG/MINOR: cli: "agent" was missing from the "enable"/"disable" help message - MEDIUM: cli: add support for enabling/disabling health checks. - MEDIUM: stats: report down caused by agent prior to reporting up - MAJOR: agent: rework the response processing and support additional actions - MINOR: stats: improve the stats web page to support more actions - CONTRIB: halog: avoid calling time/localtime/mktime for each line - DOC: document the workarouds for Google Chrome's bogus pre-connect - MINOR: stats: report SSL key computations per second - MINOR: stats: add counters for SSL cache lookups and misses 2014/05/10 : 1.5-dev25 - MEDIUM: connection: Implement and extented PROXY Protocol V2 - MINOR: ssl: clean unused ACLs declarations - MINOR: ssl: adds fetchs and ACLs for ssl back connection. - MINOR: ssl: merge client's and frontend's certificate functions. - MINOR: ssl: adds ssl_f_sha1 fetch to return frontend's certificate fingerprint - MINOR: ssl: adds sample converter base64 for binary type. - MINOR: ssl: convert to binary ssl_fc_unique_id and ssl_bc_unique_id. - BUG/MAJOR: ssl: Fallback to private session cache if current lock mode is not supported. - MAJOR: ssl: Change default locks on ssl session cache. - BUG/MINOR: chunk: Fix function chunk_strcmp and chunk_strcasecmp match a substring. - MINOR: ssl: add global statement tune.ssl.force-private-cache. - MINOR: ssl: remove fallback to SSL session private cache if lock init fails. - BUG/MEDIUM: patterns: last fix was still not enough - MINOR: http: export the smp_fetch_cookie function - MINOR: http: generic pointer to rule argument - BUG/MEDIUM: pattern: a typo breaks automatic acl/map numbering - BUG/MAJOR: patterns: -i and -n are ignored for inlined patterns - BUG/MINOR: proxy: unsafe initialization of HTTP transaction when switching from TCP frontend - BUG/MINOR: http: log 407 in case of proxy auth - MINOR: http: rely on the message body parser to send 100-continue - MEDIUM: http: move reqadd after execution of http_request redirect - MEDIUM: http: jump to dedicated labels after http-request processing - BUG/MINOR: http: block rules forgot to increment the denied_req counter - BUG/MINOR: http: block rules forgot to increment the session's request counter - MEDIUM: http: move Connection header processing earlier - MEDIUM: http: remove even more of the spaghetti in the request path - MINOR: http: silently support the "block" action for http-request - CLEANUP: proxy: rename "block_cond" to "block_rules" - MEDIUM: http: emulate "block" rules using "http-request" rules - MINOR: http: remove the now unused loop over "block" rules - MEDIUM: http: factorize the "auth" action of http-request and stats - MEDIUM: http: make http-request rules processing return a verdict instead of a rule - MINOR: config: add minimum support for emitting warnings only once - MEDIUM: config: inform the user about the deprecatedness of "block" rules - MEDIUM: config: inform the user that "reqsetbe" is deprecated - MEDIUM: config: inform the user only once that "redispatch" is deprecated - MEDIUM: config: warn that '{cli,con,srv}timeout' are deprecated - BUG/MINOR: auth: fix wrong return type in pat_match_auth() - BUILD: config: remove a warning with clang - BUG/MAJOR: http: connection setup may stall on balance url_param - BUG/MEDIUM: http/session: disable client-side expiration only after body - BUG/MEDIUM: http: correctly report request body timeouts - BUG/MEDIUM: http: disable server-side expiration until client has sent the body - MEDIUM: listener: make the accept function more robust against pauses - BUILD: syscalls: remove improper inline statement in front of syscalls - BUILD: ssl: SSL_CTX_set_msg_callback() needs openssl >= 0.9.7 - BUG/MAJOR: session: recover the correct connection pointer in half-initialized sessions - DOC: add some explanation on the shared cache build options in the readme. - MEDIUM: proxy: only adjust the backend's bind-process when already set - MEDIUM: config: limit nbproc to the machine's word size - MEDIUM: config: check the bind-process settings according to nbproc - MEDIUM: listener: parse the new "process" bind keyword - MEDIUM: listener: inherit the process mask from the proxy - MAJOR: listener: only start listeners bound to the same processes - MINOR: config: only report a warning when stats sockets are bound to more than 1 process - CLEANUP: config: set the maxaccept value for peers listeners earlier - BUG/MINOR: backend: only match IPv4 addresses with RDP cookies - BUG/MINOR: checks: correctly configure the address family and protocol - MINOR: tools: split is_addr() and is_inet_addr() - MINOR: protocols: use is_inet_addr() when only INET addresses are desired - MEDIUM: unix: add preliminary support for connecting to servers over UNIX sockets - MEDIUM: checks: only complain about the missing port when the check uses TCP - MEDIUM: unix: implement support for Linux abstract namespace sockets - DOC: map_beg was missing from the table of map_* converters - DOC: ebtree: indicate that prefix insertion/lookup may be used with strings - MEDIUM: pattern: use ebtree's longest match to index/lookup string beginning - BUILD: remove the obsolete BSD and OSX makefiles - MEDIUM: unix: avoid a double connect probe when no data are sent - DOC: stop referencing the slow git repository in the README - BUILD: only build the systemd wrapper on Linux 2.6 and above - DOC: update roadmap with completed tasks - MEDIUM: session: implement half-closed timeouts (client-fin and server-fin) 2014/04/26 : 1.5-dev24 - MINOR: pattern: find element in a reference - MEDIUM: http: ACL and MAP updates through http-(request|response) rules - MEDIUM: ssl: explicitly log failed handshakes after a heartbeat - DOC: Full section dedicated to the converters - MEDIUM: http: register http-request and http-response keywords - BUG/MINOR: compression: correctly report incoming byte count - BUG/MINOR: http: don't report server aborts as client aborts - BUG/MEDIUM: channel: bi_putblk() must not wrap before the end of buffer - CLEANUP: buffers: remove unused function buffer_contig_space_with_res() - MEDIUM: stats: reimplement HTTP keep-alive on the stats page - BUG/MAJOR: http: fix timeouts during data forwarding - BUG/MEDIUM: http: 100-continue responses must process the next part immediately - MEDIUM: http: move skipping of 100-continue earlier - BUILD: stats: let gcc know that last_fwd cannot be used uninitialized... - CLEANUP: general: get rid of all old occurrences of "session *t" - CLEANUP: http: remove the useless "if (1)" inherited from version 1.4 - BUG/MEDIUM: stats: mismatch between behaviour and doc about front/back - MEDIUM: http: enable analysers to have keep-alive on stats - REORG: http: move HTTP Connection response header parsing earlier - MINOR: stats: always emit HTTP/1.1 in responses - MINOR: http: add capture.req.ver and capture.res.ver - MINOR: checks: add a new global max-spread-checks directive - BUG/MAJOR: http: fix the 'next' pointer when performing a redirect - MINOR: http: implement the max-keep-alive-queue setting - DOC: fix alphabetic order of tcp-check - MINOR: connection: add a new error code for SSL with heartbeat - MEDIUM: ssl: implement a workaround for the OpenSSL heartbleed attack - BUG/MEDIUM: Revert "MEDIUM: ssl: Add standardized DH parameters >= 1024 bits" - BUILD: http: remove a warning on strndup - BUILD: ssl: avoid a warning about conn not used with OpenSSL < 1.0.1 - BUG/MINOR: ssl: really block OpenSSL's response to heartbleed attack - MINOR: ssl: finally catch the heartbeats missing the padding 2014/04/23 : 1.5-dev23 - BUG/MINOR: reject malformed HTTP/0.9 requests - MINOR: systemd wrapper: re-execute on SIGUSR2 - MINOR: systemd wrapper: improve logging - MINOR: systemd wrapper: propagate exit status - BUG/MINOR: tcpcheck connect wrong behavior - MEDIUM: proxy: support use_backend with dynamic names - MINOR: stats: Enhancement to stats page to provide information of last session time. - BUG/MEDIUM: peers: fix key consistency for integer stick tables - DOC: fix a typo on http-server-close and encapsulate options with double-quotes - DOC: fix fetching samples syntax - MINOR: ssl: add ssl_fc_unique_id to fetch TLS Unique ID - MEDIUM: ssl: Use ALPN support as it will be available in OpenSSL 1.0.2 - DOC: fix typo - CLEANUP: code style: use tabs to indent codes instead of spaces - DOC: fix a few config typos. - BUG/MINOR: raw_sock: also consider ENOTCONN in addition to EAGAIN for recv() - DOC: lowercase format string in unique-id - MINOR: set IP_FREEBIND on IPv6 sockets in transparent mode - BUG/MINOR: acl: req_ssl_sni fails with SSLv3 record version - BUG/MINOR: build: add missing objects in osx and bsd Makefiles - BUG/MINOR: build: handle whitespaces in wc -l output - BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO - MEDIUM: ssl: Add standardized DH parameters >= 1024 bits - BUG/MEDIUM: map: The map parser includes blank lines. - BUG/MINOR: log: The log of quotted capture header has been terminated by 2 quotes. - MINOR: standard: add function "encode_chunk" - BUG/MINOR: http: fix encoding of samples used in http headers - MINOR: sample: add hex converter - MEDIUM: sample: change the behavior of the bin2str cast - MAJOR: auth: Change the internal authentication system. - MEDIUM: acl/pattern: standardisation "of pat_parse_int()" and "pat_parse_dotted_ver()" - MEDIUM: pattern: The pattern parser no more uses and just takes one string. - MEDIUM: pattern: Change the prototype of the function pattern_register(). - CONTRIB: ip6range: add a network IPv6 range to mask converter - MINOR: pattern: separe list element from the data part. - MEDIUM: pattern: add indexation function. - MEDIUM: pattern: The parse functions just return "struct pattern" without memory allocation - MINOR: pattern: Rename "pat_idx_elt" to "pattern_tree" - MINOR: sample: dont call the sample cast function "c_none" - MINOR: standard: Add function for converting cidr to network mask. - MEDIUM: sample: Remove types SMP_T_CSTR and SMP_T_CBIN, replace it by SMP_F_CONST flags - MEDIUM: sample/http_proto: Add new type called method - MINOR: dumpstats: Group map inline help - MEDIUM: pattern: The function pattern_exec_match() returns "struct pattern" if the patten match. - MINOR: dumpstats: change map inline sentences - MINOR: dumpstats: change the "get map" display management - MINOR: map/dumpstats: The cli cmd "get map ..." display the "int" format. - MEDIUM: pattern: The match function browse itself the list or the tree. - MEDIUM: pattern: Index IPv6 addresses in a tree. - MEDIUM: pattern: add delete functions - MEDIUM: pattern: add prune function - MEDIUM: pattern: add sample lookup function. - MEDIUM: pattern/dumpstats: The function pattern_lookup() is no longer used - MINOR: map/pattern: The sample parser is stored in the pattern - MAJOR: pattern/map: Extends the map edition system in the patterns - MEDIUM: pattern: merge same pattern - MEDIUM: pattern: The expected type is stored in the pattern head, and conversion is executed once. - MINOR: pattern: Each pattern is identified by unique id. - MINOR: pattern/acl: Each pattern of each acl can be load with specified id - MINOR: pattern: The function "pattern_register()" is no longer used. - MINOR: pattern: Merge function pattern_add() with pat_ref_push(). - MINOR: pattern: store configuration reference for each acl or map pattern. - MINOR: pattern: Each pattern expression element store the reference struct. - MINOR: dumpstats: display the reference for th key/pattern and value. - MEDIUM: pattern: delete() function uses the pat_ref_elt to find the element to be removed - MEDIUM: pattern_find_smp: functions find_smp uses the pat_ref_elt to find the element to be removed - MEDIUM: dumpstats/pattern: display and use each pointer of each pattern dumped - MINOR: pattern/map/acl: Centralization of the file parsers - MINOR: pattern: Check if the file reference is not used with acl and map - MINOR: acl/pattern: Acl "-M" option force to load file as map file with two columns - MEDIUM: dumpstats: Display error message during add of values. - MINOR: pattern: The function pat_ref_set() have now atomic behavior - MINOR: regex: The pointer regstr in the struc regex is no longer used. - MINOR: cli: Block the usage of the command "acl add" in many cases. - MINOR: doc: Update the documentation about the map and acl - MINOR: pattern: index duplicates - MINOR: configuration: File and line propagation - MINOR: dumpstat/conf: display all the configuration lines that using pattern reference - MINOR: standard: Disable ip resolution during the runtime - MINOR: pattern: Remove the flag "PAT_F_FROM_FILE". - MINOR: pattern: forbid dns resolutions - DOC: document "get map" / "get acl" on the CLI - MEDIUM: acl: Change the acl register struct - BUG/MEDIUM: acl: boolean only matches were broken by recent changes - DOC: pattern: pattern organisation schematics - MINOR: pattern/cli: Update used terms in documentation and cli - MINOR: cli: remove information about acl or map owner. - MINOR: session: don't always assume there's a listener - MINOR: pattern: Add function to prune and reload pattern list. - MINOR: standard: Add ipv6 support in the function url2sa(). - MEDIUM: config: Dynamic sections. - BUG/MEDIUM: stick-table: fix IPv4-to-IPv6 conversion in src_* fetches - MINOR: http: Add the "language" converter to for use with accept-language - BUG/MINOR: log: Don't dump empty unique-id - BUG/MAJOR: session: fix a possible crash with src_tracked - DOC: Update "language" documentation - MINOR: http: add the function "del-header" to the directives http-request and http-response - DOC: add some information on capture.(req|res).hdr - MINOR: http: capture.req.method and capture.req.uri - MINOR: http: optimize capture.req.method and capture.req.uri - MINOR: session: clean up the connection free code - BUG/MEDIUM: checks: immediately report a connection success - MEDIUM: connection: don't use real send() flags in snd_buf() - OPTIM: ssl: implement dynamic record size adjustment - MINOR: stats: report exact last session time in backend too - BUG/MEDIUM: stats: the "lastsess" field must appear last in the CSV. - BUG/MAJOR: check: fix memory leak in "tcp-check connect" over SSL - BUG/MINOR: channel: initialize xfer_small/xfer_large on new buffers - MINOR: channel: add the date of last read in the channel - MEDIUM: stream-int: automatically disable CF_STREAMER flags after idle - MINOR: ssl: add DEFAULT_SSL_MAX_RECORD to set the record size at build time - MINOR: config: make the stream interface idle timer user-configurable - MINOR: config: add global directives to set default SSL ciphers - MINOR: sample: add a rand() sample fetch to return a sample. - BUG/MEDIUM: config: immediately abort if peers section has no name - BUG/MINOR: ssl: fix syntax in config error message - BUG/MEDIUM: ssl: always send a full buffer after EAGAIN - BUG/MINOR: config: server on-marked-* statement is ignored in default-server - BUG/MEDIUM: backend: prefer-last-server breaks redispatch - BUG/MEDIUM: http: continue to emit 503 on keep-alive to different server - MEDIUM: acl: fix pattern type for payload / payload_lv - BUG/MINOR: config: fix a crash on startup when a disabled backend references a peer - BUG/MEDIUM: compression: fix the output type of the compressor name - BUG/MEDIUM: http: don't start to forward request data before the connect - MINOR: http: release compression context only in http_end_txn() - MINOR: protect ebimtree/ebistree against multiple inclusions - MEDIUM: proxy: create a tree to store proxies by name - MEDIUM: proxy: make findproxy() use trees to look up proxies - MEDIUM: proxy: make get_backend_server() use findproxy() to lookup proxies - MEDIUM: stick-table: lookup table names using trees. - MEDIUM: config: faster lookup for duplicated proxy name - CLEANUP: acl: remove obsolete test in parse_acl_expr() - MINOR: sample: move smp_to_type to sample.c - MEDIUM: compression: consider the "q=" attribute in Accept-Encoding - REORG: cfgparse: move server keyword parsing to server.c - BUILD: adjust makefile for AIX 5.1 - BUG/MEDIUM: pattern: fix wrong definition of the pat_prune_fcts array - CLEANUP: pattern: move array definitions to proto/ and not types/ - BUG/MAJOR: counters: check for null-deref when looking up an alternate table - BUILD: ssl: previous patch failed - BUILD/MEDIUM: standard: get rid of the last strcpy() - BUILD/MEDIUM: standard: get rid of sprintf() - BUILD/MEDIUM: cfgparse: get rid of sprintf() - BUILD/MEDIUM: checks: get rid of sprintf() - BUILD/MEDIUM: http: remove calls to sprintf() - BUG/MEDIUM: systemd-wrapper: fix locating of haproxy binary - BUILD/MINOR: ssl: remove one call to sprintf() - MEDIUM: http: don't reject anymore message bodies not containing the url param - MEDIUM: http: wait for the first chunk or message body length in http_process_body - CLEANUP: http: rename http_process_request_body() - CLEANUP: http: prepare dedicated processing for chunked encoded message bodies - MINOR: http: make msg->eol carry the last CRLF length - MAJOR: http: do not use msg->sol while processing messages or forwarding data - MEDIUM: http: http_parse_chunk_crlf() must not advance the buffer pointer - MAJOR: http: don't update msg->sov anymore while processing the body - MINOR: http: add a small helper to compute the amount of body bytes present - MEDIUM: http: add a small helper to compute how far to rewind to find headers - MINOR: http: add a small helper to compute how far to rewind to find URI - MEDIUM: http: small helpers to compute how far to rewind to find BODY and DATA - MAJOR: http: reset msg->sov after headers are forwarded - MEDIUM: http: forward headers again while waiting for connection to complete - BUG/MINOR: http: deinitialize compression after a parsing error - BUG/MINOR: http: deinitialize compression after a compression error - MEDIUM: http: headers must be forwarded even if data was already inspected - MAJOR: http: re-enable compression on chunked encoding - MAJOR: http/compression: fix chunked-encoded response processing - MEDIUM: http: cleanup: centralize a little bit HTTP compression end - MEDIUM: http: start to centralize the forwarding code - MINOR: http: further cleanups of response forwarding function - MEDIUM: http: only allocate the temporary compression buffer when needed - MAJOR: http: centralize data forwarding in the request path - CLEANUP: http: document the response forwarding states - CLEANUP: http: remove all calls to http_silent_debug() - DOC: internal: add some reminders about HTTP parsing and pointer states - BUG/MAJOR: http: fix bug in parse_qvalue() when selecting compression algo - BUG/MINOR: stats: last session was not always set - DOC: add pointer to the Cyril's HTML doc in the README - MEDIUM: config: relax use_backend check to make the condition optional - MEDIUM: config: report misplaced http-request rules - MEDIUM: config: report misplaced use-server rules - DOC: update roadmap with what was done. 2014/02/03 : 1.5-dev22 - MEDIUM: tcp-check new feature: connect - MEDIUM: ssl: Set verify 'required' as global default for servers side. - MINOR: ssl: handshake optim for long certificate chains. - BUG/MINOR: pattern: pattern comparison executed twice - BUG/MEDIUM: map: segmentation fault with the stats's socket command "set map ..." - BUG/MEDIUM: pattern: Segfault in binary parser - MINOR: pattern: move functions for grouping pat_match_* and pat_parse_* and add documentation. - MINOR: standard: The parse_binary() returns the length consumed and his documentation is updated - BUG/MINOR: payload: the patterns of the acl "req.ssl_ver" are no parsed with the good function. - BUG/MEDIUM: pattern: "pat_parse_dotted_ver()" set bad expect_type. - BUG/MINOR: sample: The c_str2int converter does not fail if the entry is not an integer - BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests - MINOR: doc: Bad cli function name. - MINOR: http: smp_fetch_capture_header_* fetch captured headers - BUILD: last release inadvertently prepended a "+" in front of the date - BUG/MEDIUM: stream-int: fix the keep-alive idle connection handler - BUG/MEDIUM: backend: do not re-initialize the connection's context upon reuse - BUG: Revert "OPTIM/MEDIUM: epoll: fuse active events into polled ones during polling changes" - BUG/MINOR: checks: successful check completion must not re-enable MAINT servers - MINOR: http: try to stick to same server after status 401/407 - BUG/MINOR: http: always disable compression on HTTP/1.0 - OPTIM: poll: restore polling after a poll/stop/want sequence - OPTIM: http: don't stop polling for read on the client side after a request - BUG/MEDIUM: checks: unchecked servers could not be enabled anymore - BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling - BUG/MINOR: channel: CHN_INFINITE_FORWARD must be unsigned - BUG/MINOR: stream-int: do not clear the owner upon unregister - MEDIUM: stats: add support for HTTP keep-alive on the stats page - BUG/MEDIUM: stats: fix HTTP/1.0 breakage introduced in previous patch - Revert "MEDIUM: stats: add support for HTTP keep-alive on the stats page" - MAJOR: channel: add a new flag CF_WAKE_WRITE to notify the task of writes - OPTIM: session: set the READ_DONTWAIT flag when connecting - BUG/MINOR: http: don't clear the SI_FL_DONT_WAKE flag between requests - MINOR: session: factor out the connect time measurement - MEDIUM: session: prepare to support earlier transitions to the established state - MEDIUM: stream-int: make si_connect() return an established state when possible - MINOR: checks: use an inline function for health_adjust() - OPTIM: session: put unlikely() around the freewheeling code - MEDIUM: config: report a warning when multiple servers have the same name - BUG: Revert "OPTIM: poll: restore polling after a poll/stop/want sequence" - BUILD/MINOR: listener: remove a glibc warning on accept4() - BUG/MAJOR: connection: fix mismatch between rcv_buf's API and usage - BUILD: listener: fix recent accept4() again - BUG/MAJOR: ssl: fix breakage caused by recent fix abf08d9 - BUG/MEDIUM: polling: ensure we update FD status when there's no more activity - MEDIUM: listener: fix polling management in the accept loop - MINOR: protocol: improve the proto->drain() API - MINOR: connection: add a new conn_drain() function - MEDIUM: tcp: report in tcp_drain() that lingering is already disabled on close - MEDIUM: connection: update callers of ctrl->drain() to use conn_drain() - MINOR: connection: add more error codes to report connection errors - MEDIUM: tcp: report connection error at the connection level - MEDIUM: checks: make use of chk_report_conn_err() for connection errors - BUG/MEDIUM: unique_id: HTTP request counter is not stable - DOC: fix misleading information about SIGQUIT - BUG/MAJOR: fix freezes during compression - BUG/MEDIUM: stream-interface: don't wake the task up before end of transfer - BUILD: fix VERDATE exclusion regex - CLEANUP: polling: rename "spec_e" to "state" - DOC: add a diagram showing polling state transitions - REORG: polling: rename "spec_e" to "state" and "spec_p" to "cache" - REORG: polling: rename "fd_spec" to "fd_cache" - REORG: polling: rename the cache allocation functions - REORG: polling: rename "fd_process_spec_events()" to "fd_process_cached_events()" - MAJOR: polling: rework the whole polling system - MAJOR: connection: remove the CO_FL_WAIT_{RD,WR} flags - MEDIUM: connection: remove conn_{data,sock}_poll_{recv,send} - MEDIUM: connection: add check for readiness in I/O handlers - MEDIUM: stream-interface: the polling flags must always be updated in chk_snd_conn - MINOR: stream-interface: no need to call fd_stop_both() on error - MEDIUM: connection: no need to recheck FD state - CLEANUP: connection: use conn_ctrl_ready() instead of checking the flag - CLEANUP: connection: use conn_xprt_ready() instead of checking the flag - CLEANUP: connection: fix comments in connection.h to reflect new behaviour. - OPTIM: raw-sock: don't speculate after a short read if polling is enabled - MEDIUM: polling: centralize polled events processing - MINOR: polling: create function fd_compute_new_polled_status() - MINOR: cli: add more information to the "show info" output - MEDIUM: listener: add support for limiting the session rate in addition to the connection rate - MEDIUM: listener: apply a limit on the session rate submitted to SSL - REORG: stats: move the stats socket states to dumpstats.c - MINOR: cli: add the new "show pools" command - BUG/MEDIUM: counters: flush content counters after each request - BUG/MEDIUM: counters: fix stick-table entry leak when using track-sc2 in connection - MINOR: tools: add very basic support for composite pointers - MEDIUM: counters: stop relying on session flags at all - BUG/MINOR: cli: fix missing break in command line parser - BUG/MINOR: config: correctly report when log-format headers require HTTP mode - MAJOR: http: update connection mode configuration - MEDIUM: http: make keep-alive + httpclose be passive mode - MAJOR: http: switch to keep-alive mode by default - BUG/MEDIUM: http: fix regression caused by recent switch to keep-alive by default - BUG/MEDIUM: listener: improve detection of non-working accept4() - BUILD: listener: add fcntl.h and unistd.h - BUG/MINOR: raw_sock: correctly set the MSG_MORE flag 2013/12/17 : 1.5-dev21 - MINOR: stats: don't use a monospace font to report numbers - MINOR: session: remove debugging code - BUG/MAJOR: patterns: fix double free caused by loading strings from files - MEDIUM: http: make option http_proxy automatically rewrite the URL - BUG/MEDIUM: http: cook_cnt() forgets to set its output type - BUG/MINOR: stats: correctly report throttle rate of low weight servers - BUG/MEDIUM: checks: servers must not start in slowstart mode - BUG/MINOR: acl: parser must also stop at comma on ACL-only keywords - MEDIUM: stream-int: implement a very simplistic idle connection manager - DOC: update the ROADMAP file 2013/12/16 : 1.5-dev20 - DOC: add missing options to the manpage - DOC: add manpage references to all system calls - DOC: update manpage reference to haproxy-en.txt - DOC: remove -s and -l options from the manpage - DOC: missing information for the "description" keyword - DOC: missing http-send-name-header keyword in keyword table - MINOR: tools: function my_memmem() to lookup binary contents - MEDIUM: checks: add send/expect tcp based check - MEDIUM: backend: Enhance hash-type directive with an algorithm options - MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. - DOC: Documentation for hashing function, with test results. - BUG/MEDIUM: ssl: potential memory leak using verifyhost - BUILD: ssl: compilation issue with openssl v0.9.6. - BUG/MINOR: ssl: potential memory leaks using ssl_c_key_alg or ssl_c_sig_alg. - MINOR: ssl: optimization of verifyhost on wildcard certificates. - BUG/MINOR: ssl: verifyhost does not match empty strings on wildcard. - MINOR: ssl: Add statement 'verifyhost' to "server" statements - CLEANUP: session: remove event_accept() which was not used anymore - BUG/MINOR: deinit: free fdinfo while doing cleanup - DOC: minor typo fix in documentation - BUG/MEDIUM: server: set the macro for server's max weight SRV_UWGHT_MAX to SRV_UWGHT_RANGE - BUG/MINOR: use the same check condition for server as other algorithms - DOC: fix typo in comments - BUG/MINOR: deinit: free server map which is allocated in init_server_map() - CLEANUP: stream_interface: cleanup loop information in si_conn_send_loop() - MINOR: buffer: align the last output line of buffer_dump() - MINOR: buffer: align the last output line if there are less than 8 characters left - DOC: stick-table: modify the description - OPTIM: stream_interface: return directly if the connection flag CO_FL_ERROR has been set - CLEANUP: code style: use tabs to indent codes - DOC: checkcache: block responses with cacheable cookies - BUG/MINOR: check_config_validity: check the returned value of stktable_init() - MEDIUM: haproxy-systemd-wrapper: Use haproxy in same directory - MEDIUM: systemd-wrapper: Kill child processes when interrupted - LOW: systemd-wrapper: Write debug information to stdout - BUG/MINOR: http: fix "set-tos" not working in certain configurations - MEDIUM: http: add IPv6 support for "set-tos" - DOC: ssl: update build instructions to use new SSL_* variables - BUILD/MINOR: systemd: fix compiler warning about unused result - url32+src - like base32+src but whole url including parameters - BUG/MINOR: fix forcing fastinter in "on-error" - CLEANUP: Make parameters of srv_downtime and srv_getinter const - CLEANUP: Remove unused 'last_slowstart_change' field from struct peer - MEDIUM: Split up struct server's check element - MEDIUM: Move result element to struct check - MEDIUM: Paramatise functions over the check of a server - MEDIUM: cfgparse: Factor out check initialisation - MEDIUM: Add state to struct check - MEDIUM: Move health element to struct check - MEDIUM: Add helper for task creation for checks - MEDIUM: Add helper function for failed checks - MEDIUM: Log agent fail, stopped or down as info - MEDIUM: Remove option lb-agent-chk - MEDIUM: checks: Add supplementary agent checks - MEDIUM: Do not mark a server as down if the agent is unavailable - MEDIUM: Set rise and fall of agent checks to 1 - MEDIUM: Add enable and disable agent unix socket commands - MEDIUM: Add DRAIN state and report it on the stats page - BUILD/MINOR: missing header file - CLEANUP: regex: Create regex_comp function that compiles regex using compilation options - CLEANUP: The function "regex_exec" needs the string length but in many case they expect null terminated char. - MINOR: http: some exported functions were not in the header file - MINOR: http: change url_decode to return the size of the decoded string. - BUILD/MINOR: missing header file - BUG/MEDIUM: sample: The function v4tov6 cannot support input and output overlap - BUG/MINOR: arg: fix error reporting for add-header/set-header sample fetch arguments - MINOR: sample: export the generic sample conversion parser - MINOR: sample: export sample_casts - MEDIUM: acl: use the fetch syntax 'fetch(args),conv(),conv()' into the ACL keyword - MINOR: stick-table: use smp_expr_output_type() to retrieve the output type of a "struct sample_expr" - MINOR: sample: provide the original sample_conv descriptor struct to the argument checker function. - MINOR: tools: Add a function to convert buffer to an ipv6 address - MINOR: acl: export acl arrays - MINOR: acl: Extract the pattern parsing and indexation from the "acl_read_patterns_from_file()" function - MINOR: acl: Extract the pattern matching function - MINOR: sample: Define new struct sample_storage - MEDIUM: acl: associate "struct sample_storage" to each "struct acl_pattern" - REORG: acl/pattern: extract pattern matching from the acl file and create pattern.c - MEDIUM: pattern: create pattern expression - MEDIUM: pattern: rename "acl" prefix to "pat" - MEDIUM: sample: let the cast functions set their output type - MINOR: sample: add a private field to the struct sample_conv - MINOR: map: Define map types - MEDIUM: sample: add the "map" converter - MEDIUM: http: The redirect strings follows the log format rules. - BUG/MINOR: acl: acl parser does not recognize empty converter list - BUG/MINOR: map: The map list was declared in the map.h file - MINOR: map: Cleanup the initialisation of map descriptors. - MEDIUM: map: merge identical maps - BUG/MEDIUM: pattern: Pattern node has type of "struct pat_idx_elt" in place of "struct eb_node" - BUG/MEDIUM: map: Bad map file parser - CLEANUP/MINOR: standard: use the system define INET6_ADDRSTRLEN in place of MAX_IP6_LEN - BUG/MEDIUM: sample: conversion from str to ipv6 may read data past end - MINOR: map: export map_get_reference() function - MINOR: pattern: Each pattern sets the expected input type - MEDIUM: acl: Last patch change the output type - MEDIUM: pattern: Extract the index process from the pat_parse_*() functions - MINOR: standard: The function parse_binary() can use preallocated buffer - MINOR: regex: Change the struct containing regex - MINOR: regex: Copy the original regex expression into string. - MINOR: pattern: add support for compiling patterns for lookups - MINOR: pattern: make the pattern matching function return a pointer to the matched element - MINOR: map: export parse output sample functions - MINOR: pattern: add function to lookup a specific entry in pattern list - MINOR: pattern/map: Each pattern must free the associated sample - MEDIUM: dumpstat: make the CLI parser understand the backslash as an escape char - MEDIUM: map: dynamic manipulation of maps - BUG/MEDIUM: unique_id: junk in log on empty unique_id - BUG/MINOR: log: junk at the end of syslog packet - MINOR: Makefile: provide cscope rule - DOC: compression: chunk are not compressed anymore - MEDIUM: session: disable lingering on the server when the client aborts - BUG/MEDIUM: prevent gcc from moving empty keywords lists into BSS - DOC: remove the comment saying that SSL certs are not checked on the server side - BUG: counters: third counter was not stored if others unset - BUG/MAJOR: http: don't emit the send-name-header when no server is available - BUG/MEDIUM: http: "option checkcache" fails with the no-cache header - BUG/MAJOR: http: sample prefetch code was not properly migrated - BUG/MEDIUM: splicing: fix abnormal CPU usage with splicing - BUG/MINOR: stream_interface: don't call chk_snd() on polled events - OPTIM: splicing: use splice() for the last block when relevant - MEDIUM: sample: handle comma-delimited converter list - MINOR: sample: fix sample_process handling of unstable data - CLEANUP: acl: move the 3 remaining sample fetches to samples.c - MINOR: sample: add a new "date" fetch to return the current date - MINOR: samples: add the http_date([]) sample converter. - DOC: minor improvements to the part on the stats socket. - MEDIUM: sample: systematically pass the keyword pointer to the keyword - MINOR: payload: split smp_fetch_rdp_cookie() - MINOR: counters: factor out smp_fetch_sc*_tracked - MINOR: counters: provide a generic function to retrieve a stkctr for sc* and src. - MEDIUM: counters: factor out smp_fetch_sc*_get_gpc0 - MEDIUM: counters: factor out smp_fetch_sc*_gpc0_rate - MEDIUM: counters: factor out smp_fetch_sc*_inc_gpc0 - MEDIUM: counters: factor out smp_fetch_sc*_clr_gpc0 - MEDIUM: counters: factor out smp_fetch_sc*_conn_cnt - MEDIUM: counters: factor out smp_fetch_sc*_conn_rate - MEDIUM: counters: factor out smp_fetch_sc*_conn_cur - MEDIUM: counters: factor out smp_fetch_sc*_sess_cnt - MEDIUM: counters: factor out smp_fetch_sc*_sess_rate - MEDIUM: counters: factor out smp_fetch_sc*_http_req_cnt - MEDIUM: counters: factor out smp_fetch_sc*_http_req_rate - MEDIUM: counters: factor out smp_fetch_sc*_http_err_cnt - MEDIUM: counters: factor out smp_fetch_sc*_http_err_rate - MEDIUM: counters: factor out smp_fetch_sc*_kbytes_in - MEDIUM: counters: factor out smp_fetch_sc*_bytes_in_rate - MEDIUM: counters: factor out smp_fetch_sc*_kbytes_out - MEDIUM: counters: factor out smp_fetch_sc*_bytes_out_rate - MEDIUM: counters: factor out smp_fetch_sc*_trackers - MINOR: session: make the number of stick counter entries more configurable - MEDIUM: counters: support passing the counter number as a fetch argument - MEDIUM: counters: support looking up a key in an alternate table - MEDIUM: cli: adjust the method for feeding frequency counters in tables - MINOR: cli: make it possible to enter multiple values at once with "set table" - MINOR: payload: allow the payload sample fetches to retrieve arbitrary lengths - BUG/MINOR: cli: "clear table" must not kill entries that don't match condition - MINOR: ssl: use MAXPATHLEN instead of PATH_MAX - MINOR: config: warn when a server with no specific port uses rdp-cookie - BUG/MEDIUM: unique_id: HTTP request counter must be unique! - DOC: add a mention about the limited chunk size - BUG/MEDIUM: fix broken send_proxy on FreeBSD - MEDIUM: stick-tables: flush old entries upon soft-stop - MINOR: tcp: add new "close" action for tcp-response - MINOR: payload: provide the "res.len" fetch method - BUILD: add SSL_INC/SSL_LIB variables to force the path to openssl - MINOR: http: compute response time before processing headers - BUG/MINOR: acl: fix improper string size assignment in proxy argument - BUG/MEDIUM: http: accept full buffers on smp_prefetch_http - BUG/MINOR: acl: implicit arguments of ACL keywords were not properly resolved - BUG/MEDIUM: session: risk of crash on out of memory conditions - BUG/MINOR: peers: set the accept date in outgoing connections - BUG/MEDIUM: tcp: do not skip tracking rules on second pass - BUG/MEDIUM: acl: do not evaluate next terms after a miss - MINOR: acl: add a warning when an ACL keyword is used without any value - MINOR: tcp: don't use tick_add_ifset() when timeout is known to be set - BUG/MINOR: acl: remove patterns from the tree before freeing them - MEDIUM: backend: add support for the wt6 hash - OPTIM/MEDIUM: epoll: fuse active events into polled ones during polling changes - OPTIM/MINOR: mark the source address as already known on accept() - BUG/MINOR: stats: don't count tarpitted connections twice - CLEANUP: http: homogenize processing of denied req counter - CLEANUP: http: merge error handling for req* and http-request * - BUG/MEDIUM: http: fix possible parser crash when parsing erroneous "http-request redirect" rules - BUG/MINOR: http: fix build warning introduced with url32/url32_src - BUG/MEDIUM: checks: fix slow start regression after fix attempt - BUG/MAJOR: server: weight calculation fails for map-based algorithms - MINOR: stats: report correct throttling percentage for servers in slowstart - OPTIM: connection: fold the error handling with handshake handling - MINOR: peers: accept to learn strings of different lengths - BUG/MAJOR: fix haproxy crash when using server tracking instead of checks - BUG/MAJOR: check: fix haproxy crash during soft-stop/soft-start - BUG/MINOR: stats: do not report "via" on tracking servers in maintenance - BUG/MINOR: connection: fix typo in error message report - BUG/MINOR: backend: fix target address retrieval in transparent mode - BUG/MINOR: config: report the correct track-sc number in tcp-rules - BUG/MINOR: log: fix log-format parsing errors - DOC: add some information about how to apply converters to samples - MINOR: acl/pattern: use types different from int to clarify who does what. - MINOR: pattern: import acl_find_match_name() into pattern.h - MEDIUM: stick-tables: support automatic conversion from ipv4<->ipv6 - MEDIUM: log-format: relax parsing of '%' followed by unsupported characters - BUG/MINOR: http: usual deinit stuff in last commit - BUILD: log: silent a warning about isblank() with latest patches - BUG/MEDIUM: checks: fix health check regression causing them to depend on declaration order - BUG/MEDIUM: checks: fix a long-standing issue with reporting connection errors - BUG/MINOR: checks: don't consider errno and use conn->err_code - BUG/MEDIUM: checks: also update the DRAIN state from the web interface - MINOR: stats: remove some confusion between the DRAIN state and NOLB - BUG/MINOR: tcp: check that no error is pending during a connect probe - BUG/MINOR: connection: check EINTR when sending a PROXY header - MEDIUM: connection: set the socket shutdown flags on socket errors - BUG/MEDIUM: acl: fix regression introduced by latest converters support - MINOR: connection: clear errno prior to checking for errors - BUG/MINOR: checks: do not trust errno in write event before any syscall - MEDIUM: checks: centralize error reporting - OPTIM: checks: don't poll on recv when using plain TCP connects - OPTIM: checks: avoid setting SO_LINGER twice - MINOR: tools: add a generic binary hex string parser - BUG/MEDIUM: checks: tcp-check: do not poll when there's nothing to send - BUG/MEDIUM: check: tcp-check might miss some outgoing data when socket buffers are full - BUG/MEDIUM: args: fix double free on error path in argument expression parser - BUG/MINOR: acl: fix sample expression error reporting - BUG/MINOR: checks: tcp-check actions are enums, not flags - MEDIUM: checks: make tcp-check perform multiple send() at once - BUG/MEDIUM: stick: completely remove the unused flag from the store entries - OPTIM: ebtree: pack the struct eb_node to avoid holes on 64-bit - BUG/MEDIUM: stick-tables: complete the latest fix about store-responses - CLEANUP: stream_interface: remove unused field err_loc - MEDIUM: stats: don't use conn->xprt_st anymore - MINOR: session: add a simple function to retrieve a session from a task - MEDIUM: stats: don't use conn->xprt_ctx anymore - MEDIUM: peers: don't rely on conn->xprt_ctx anymore - MINOR: http: prevent smp_fetch_url_{ip,port} from using si->conn - MINOR: connection: make it easier to emit proxy protocol for unknown addresses - MEDIUM: stats: prepare the HTTP stats I/O handler to support more states - MAJOR: stats: move the HTTP stats handling to its applet - MEDIUM: stats: move request argument processing to the final step - MEDIUM: session: detect applets from the session by using s->target - MAJOR: session: check for a connection to an applet in sess_prepare_conn_req() - MAJOR: session: pass applet return traffic through the response analysers - MEDIUM: stream-int: split the shutr/shutw functions between applet and conn - MINOR: stream-int: make the shutr/shutw functions void - MINOR: obj: provide a safe and an unsafe access to pointed objects - MINOR: connection: add a field to store an object type - MINOR: connection: always initialize conn->objt_type to OBJ_TYPE_CONN - MEDIUM: stream interface: move the peers' ptr into the applet context - MINOR: stream-interface: move the applet context to its own struct - MINOR: obj: introduce a new type appctx - MINOR: stream-int: rename ->applet to ->appctx - MINOR: stream-int: split si_prepare_embedded into si_prepare_none and si_prepare_applet - MINOR: stream-int: add a new pointer to the end point - MEDIUM: stream-interface: set the pointer to the applet into the applet context - MAJOR: stream interface: remove the ->release function pointer - MEDIUM: stream-int: make ->end point to the connection or the appctx - CLEANUP: stream-int: remove obsolete si_ctrl function - MAJOR: stream-int: stop using si->conn and use si->end instead - MEDIUM: stream-int: do not allocate a connection in parallel to applets - MEDIUM: session: attach incoming connection to target on embryonic sessions - MINOR: connection: add conn_init() to (re)initialize a connection - MINOR: checks: call conn_init() to properly initialize the connection. - MINOR: peers: make use of conn_init() to initialize the connection - MINOR: session: use conn_init() to initialize the connections - MINOR: http: use conn_init() to reinitialize the server connection - MEDIUM: connection: replace conn_prepare with conn_assign - MINOR: get rid of si_takeover_conn() - MINOR: connection: add conn_new() / conn_free() - MAJOR: connection: add two new flags to indicate readiness of control/transport - MINOR: stream-interface: introduce si_reset() and si_set_state() - MINOR: connection: reintroduce conn_prepare to set the protocol and transport - MINOR: connection: replace conn_assign with conn_attach - MEDIUM: stream-interface: introduce si_attach_conn to replace si_prepare_conn - MAJOR: stream interface: dynamically allocate the outgoing connection - MEDIUM: connection: move the send_proxy offset to the connection - MINOR: connection: check for send_proxy during the connect(), not the SI - MEDIUM: connection: merge the send_proxy and local_send_proxy calls - MEDIUM: stream-int: replace occurrences of si->appctx with si_appctx() - MEDIUM: stream-int: return the allocated appctx in stream_int_register_handler() - MAJOR: stream-interface: dynamically allocate the applet context - MEDIUM: session: automatically register the applet designated by the target - MEDIUM: stats: delay appctx initialization - CLEANUP: peers: use less confusing state/status code names - MEDIUM: peers: delay appctx initialization - MINOR: stats: provide some appctx information in "show sess all" - DIET/MINOR: obj: pack the obj_type enum to 8 bits - DIET/MINOR: connection: rearrange a few fields to save 8 bytes in the struct - DIET/MINOR: listener: rearrange a few fields in struct listener to save 16 bytes - DIET/MINOR: proxy: rearrange a few fields in struct proxy to save 16 bytes - DIET/MINOR: session: reduce the struct session size by 8 bytes - DIET/MINOR: stream-int: rearrange a few fields in struct stream_interface to save 8 bytes - DIET/MINOR: http: reduce the size of struct http_txn by 8 bytes - MINOR: http: switch the http state to an enum - MINOR: http: use an enum for the auth method in http_auth_data - DIET/MINOR: task: reduce struct task size by 8 bytes - MINOR: stream_interface: add reporting of ressouce allocation errors - MINOR: session: report lack of resources using the new stream-interface's error code - BUILD: simplify the date and version retrieval in the makefile - BUILD: prepare the makefile to skip format lines in SUBVERS and VERDATE - BUILD: use format tags in VERDATE and SUBVERS files - BUG/MEDIUM: channel: bo_getline() must wait for \n until buffer is full - CLEANUP: check: server port is unsigned - BUG/MEDIUM: checks: agent doesn't get the response if server does not closes - MINOR: tools: buf2ip6 must not modify output on failure - MINOR: pattern: do not assign SMP_TYPES by default to patterns - MINOR: sample: make sample_parse_expr() use memprintf() to report parse errors - MINOR: arg: improve wording on error reporting - BUG/MEDIUM: sample: simplify and fix the argument parsing - MEDIUM: acl: fix the argument parser to let the lower layer report detailed errors - MEDIUM: acl: fix the initialization order of the ACL expression - CLEANUP: acl: remove useless blind copy-paste from sample converters - TESTS: add regression tests for ACL and sample expression parsers - BUILD: time: adapt the type of TV_ETERNITY to the local system - MINOR: chunks: allocate the trash chunks before parsing the config - BUILD: definitely silence some stupid GCC warnings - MINOR: chunks: always initialize the output chunk in get_trash_chunk() - MINOR: checks: improve handling of the servers tracking chain - REORG: checks: retrieve the check-specific defines from server.h to checks.h - MINOR: checks: use an enum instead of flags to report a check result - MINOR: checks: rename the state flags - MINOR: checks: replace state DISABLED with CONFIGURED and ENABLED - MINOR: checks: use check->state instead of srv->state & SRV_CHECKED - MINOR: checks: fix agent check interval computation - MINOR: checks: add a PAUSED state for the checks - MINOR: checks: create the agent tasks even when no check is configured - MINOR: checks: add a flag to indicate what check is an agent - MEDIUM: checks: enable agent checks even if health checks are disabled - BUG/MEDIUM: checks: ensure we can enable a server after boot - BUG/MEDIUM: checks: tracking servers must not inherit the MAINT flag - BUG/MAJOR: session: repair tcp-request connection rules - BUILD: fix SUBVERS extraction in the Makefile - BUILD: pattern: silence a warning about uninitialized value - BUILD: log: fix build warning on Solaris - BUILD: dumpstats: fix build error on Solaris - DOC: move option pgsql-check to the correct place - DOC: move option tcp-check to the proper place - MINOR: connection: add simple functions to report connection readiness - MEDIUM: connection: centralize handling of nolinger in fd management - OPTIM: http: set CF_READ_DONTWAIT on response message - OPTIM: http: do not re-enable reading on client side while closing the server side - MINOR: config: add option http-keep-alive - MEDIUM: connection: inform si_alloc_conn() whether existing conn is OK or not - MAJOR: stream-int: handle the connection reuse in si_connect() - MAJOR: http: add the keep-alive transition on the server side - MAJOR: backend: enable connection reuse - MINOR: http: add option prefer-last-server - MEDIUM: http: do not report connection errors for second and further requests 2013/06/17 : 1.5-dev19 - MINOR: stats: remove the autofocus on the scope input field - BUG/MEDIUM: Fix crt-list file parsing error: filtered name was ignored. - BUG/MEDIUM: ssl: EDH ciphers are not usable if no DH parameters present in pem file. - BUG/MEDIUM: shctx: makes the code independent on SSL runtime version. - MEDIUM: ssl: improve crt-list format to support negation - BUG: ssl: fix crt-list for clients not supporting SNI - MINOR: stats: show soft-stopped servers in different color - BUG/MINOR: config: "source" does not work in defaults section - BUG: regex: fix pcre compile error when using JIT - MINOR: ssl: add pattern fetch 'ssl_c_sha1' - BUG: ssl: send payload gets corrupted if tune.ssl.maxrecord is used - MINOR: show PCRE version and JIT status in -vv - BUG/MINOR: jit: don't rely on USE flag to detect support - DOC: readme: add suggestion to link against static openssl - DOC: examples: provide simplified ssl configuration - REORG: tproxy: prepare the transparent proxy defines for accepting other OSes - MINOR: tproxy: add support for FreeBSD - MINOR: tproxy: add support for OpenBSD - DOC: examples: provide an example of transparent proxy configuration for FreeBSD 8 - CLEANUP: fix minor typo in error message. - CLEANUP: fix missing include in proto/listener.h - CLEANUP: protect checks.h from multiple inclusions - MINOR: compression: acl "res.comp" and fetch "res.comp_algo" - BUG/MINOR: http: add-header/set-header did not accept the ACL condition - BUILD: mention in the Makefile that USE_PCRE_JIT is for libpcre >= 8.32 - BUG/MEDIUM: splicing is broken since 1.5-dev12 - BUG/MAJOR: acl: add implicit arguments to the resolve list - BUG/MINOR: tcp: fix error reporting for TCP rules - CLEANUP: peers: remove a bit of spaghetti to prepare for the next bugfix - MINOR: stick-table: allow to allocate an entry without filling it - BUG/MAJOR: peers: fix an overflow when syncing strings larger than 16 bytes - MINOR: session: only call http_send_name_header() when changing the server - MINOR: tcp: report the erroneous word in tcp-request track* - BUG/MAJOR: backend: consistent hash can loop forever in certain circumstances - BUG/MEDIUM: log: fix regression on log-format handling - MEDIUM: log: report file name, line number, and directive name with log-format errors - BUG/MINOR: cli: "clear table" did not work anymore without a key - BUG/MINOR: cli: "clear table xx data.xx" does not work anymore - BUG/MAJOR: http: compression still has defects on chunked responses - BUG/MINOR: stats: fix confirmation links on the stats interface - BUG/MINOR: stats: the status bar does not appear anymore after a change - BUG/MEDIUM: stats: allocate the stats frontend also on "stats bind-process" - BUG/MEDIUM: stats: fix a regression when dealing with POST requests - BUG/MINOR: fix unterminated ACL array in compression - BUILD: last fix broke non-linux platforms - MINOR: init: indicate the SSL runtime version on -vv. - BUG/MEDIUM: compression: the deflate algorithm must use global settings as well - BUILD: stdbool is not portable (again) - DOC: readme: add a small reminder about restrictions to respect in the code - MINOR: ebtree: add new eb_next_dup/eb_prev_dup() functions to visit duplicates - BUG/MINOR: acl: fix a double free during exit when using PCRE_JIT - DOC: fix wrong copy-paste in the rspdel example - MINOR: counters: make it easier to extend the amount of tracked counters - MEDIUM: counters: add support for tracking a third counter - MEDIUM: counters: add a new "gpc0_rate" counter in stick-tables - BUG/MAJOR: http: always ensure response buffer has some room for a response - MINOR: counters: add fetch/acl sc*_tracked to indicate whether a counter is tracked - MINOR: defaults: allow REQURI_LEN and CAPTURE_LEN to be redefined - MINOR: log: add a new flag 'L' for locally processed requests - MINOR: http: add full-length header fetch methods - MEDIUM: protocol: implement a "drain" function in protocol layers - MEDIUM: http: add a new "http-response" ruleset - MEDIUM: http: add the "set-nice" action to http-request and http-response - MEDIUM: log: add a log level override value in struct session - MEDIUM: http: add support for action "set-log-level" in http-request/http-response - MEDIUM: http: add support for "set-tos" in http-request/http-response - MEDIUM: http: add the "set-mark" action on http-request/http-response rules - MEDIUM: tcp: add "tcp-request connection expect-proxy layer4" - MEDIUM: acl: automatically detect the type of certain fetches - MEDIUM: acl: remove a lot of useless ACLs that are equivalent to their fetches - MEDIUM: acl: remove 15 additional useless ACLs that are equivalent to their fetches - DOC: major reorg of ACL + sample fetch - CLEANUP: http: remove the bogus urlp_ip ACL match - MINOR: acl: add the new "env()" fetch method to retrieve an environment variable - BUG/MINOR: acl: correctly consider boolean fetches when doing casts - BUG/CRITICAL: fix a possible crash when using negative header occurrences - DOC: update ROADMAP file - MEDIUM: counters: use sc0/sc1/sc2 instead of sc1/sc2/sc3 - MEDIUM: stats: add proxy name filtering on the statistic page 2013/04/03 : 1.5-dev18 - DOCS: Add explanation of intermediate certs to crt paramater - DOC: typo and minor fixes in compression paragraph - MINOR: config: http-request configuration error message misses new keywords - DOC: minor typo fix in documentation - BUG/MEDIUM: ssl: ECDHE ciphers not usable without named curve configured. - MEDIUM: ssl: add bind-option "strict-sni" - MEDIUM: ssl: add mapping from SNI to cert file using "crt-list" - MEDIUM: regex: Use PCRE JIT in acl - DOC: simplify bind option "interface" explanation - DOC: tfo: bump required kernel to linux-3.7 - BUILD: add explicit support for TFO with USE_TFO - MEDIUM: New cli option -Ds for systemd compatibility - MEDIUM: add haproxy-systemd-wrapper - MEDIUM: add systemd service - BUG/MEDIUM: systemd-wrapper: don't leak zombie processes - BUG/MEDIUM: remove supplementary groups when changing gid - BUG/MEDIUM: config: fix parser crash with bad bind or server address - BUG/MINOR: Correct logic in cut_crlf() - CLEANUP: checks: Make desc argument to set_server_check_status const - CLEANUP: dumpstats: Make cli_release_handler() static - MEDIUM: server: Break out set weight processing code - MEDIUM: server: Allow relative weights greater than 100% - MEDIUM: server: Tighten up parsing of weight string - MEDIUM: checks: Add agent health check - BUG/MEDIUM: ssl: openssl 0.9.8 doesn't open /dev/random before chroot - BUG/MINOR: time: frequency counters are not totally accurate - BUG/MINOR: http: don't process abortonclose when request was sent - BUG/MEDIUM: stream_interface: don't close outgoing connections on shutw() - BUG/MEDIUM: checks: ignore late resets after valid responses - DOC: fix bogus recommendation on usage of gpc0 counter - BUG/MINOR: http-compression: lookup Cache-Control in the response, not the request - MINOR: signal: don't block SIGPROF by default - OPTIM: epoll: make use of EPOLLRDHUP - OPTIM: splice: detect shutdowns and avoid splice() == 0 - OPTIM: splice: assume by default that splice is working correctly - BUG/MINOR: log: temporary fix for lost SSL info in some situations - BUG/MEDIUM: peers: only the last peers section was used by tables - BUG/MEDIUM: config: verbosely reject peers sections with multiple local peers - BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait() - BUG/MINOR: config: fix improper check for failed memory alloc in ACL parser - BUG/MINOR: config: free peer's address when exiting upon parsing error - BUG/MINOR: config: check the proper variable when parsing log minlvl - BUG/MEDIUM: checks: ensure the health_status is always within bounds - BUG/MINOR: cli: show sess should always validate s->listener - BUG/MINOR: log: improper NULL return check on utoa_pad() - CLEANUP: http: remove a useless null check - CLEANUP: tcp/unix: remove useless NULL check in {tcp,unix}_bind_listener() - BUG/MEDIUM: signal: signal handler does not properly check for signal bounds - BUG/MEDIUM: tools: off-by-one in quote_arg() - BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage - BUG/MINOR: unix: remove the 'level' field from the ux struct - CLEANUP: http: don't try to deinitialize http compression if it fails before init - CLEANUP: config: slowstart is never negative - CLEANUP: config: maxcompcpuusage is never negative - BUG/MEDIUM: log: emit '-' for empty fields again - BUG/MEDIUM: checks: fix a race condition between checks and observe layer7 - BUILD: fix a warning emitted by isblank() on non-c99 compilers - BUILD: improve the makefile's support for libpcre - MEDIUM: halog: add support for counting per source address (-ic) - MEDIUM: tools: make str2sa_range support all address syntaxes - MEDIUM: config: make use of str2sa_range() instead of str2sa() - MEDIUM: config: use str2sa_range() to parse server addresses - MEDIUM: config: use str2sa_range() to parse peers addresses - MINOR: tests: add a config file to ease address parsing tests. - MINOR: ssl: add a global tunable for the max SSL/TLS record size - BUG/MINOR: syscall: fix NR_accept4 system call on sparc/linux - BUILD/MINOR: syscall: add definition of NR_accept4 for ARM - MINOR: config: report missing peers section name - BUG/MEDIUM: tools: fix bad character handling in str2sa_range() - BUG/MEDIUM: stats: never apply "unix-bind prefix" to the global stats socket - MINOR: tools: prepare str2sa_range() to return an error message - BUG/MEDIUM: checks: don't call connect() on unsupported address families - MINOR: tools: prepare str2sa_range() to accept a prefix - MEDIUM: tools: make str2sa_range() parse unix addresses too - MEDIUM: config: make str2listener() use str2sa_range() to parse unix addresses - MEDIUM: config: use a single str2sa_range() call to parse bind addresses - MEDIUM: config: use str2sa_range() to parse log addresses - CLEANUP: tools: remove str2sun() which is not used anymore. - MEDIUM: config: add complete support for str2sa_range() in dispatch - MEDIUM: config: add complete support for str2sa_range() in server addr - MEDIUM: config: add complete support for str2sa_range() in 'server' - MEDIUM: config: add complete support for str2sa_range() in 'peer' - MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc' - CLEANUP: minor cleanup in str2sa_range() and str2ip() - CLEANUP: config: do not use multiple errmsg at once - MEDIUM: tools: support specifying explicit address families in str2sa_range() - MAJOR: listener: support inheriting a listening fd from the parent - MAJOR: tools: support environment variables in addresses - BUG/MEDIUM: http: add-header should not emit "-" for empty fields - BUG/MEDIUM: config: ACL compatibility check on "redirect" was wrong - BUG/MEDIUM: http: fix another issue caused by http-send-name-header - DOC: mention the new HTTP 307 and 308 redirect statues - MEDIUM: poll: do not use FD_* macros anymore - BUG/MAJOR: ev_select: disable the select() poller if maxsock > FD_SETSIZE - BUG/MINOR: acl: ssl_fc_{alg,use}_keysize must parse integers, not strings - BUG/MINOR: acl: ssl_c_used, ssl_fc{,_has_crt,_has_sni} take no pattern - BUILD: fix usual isdigit() warning on solaris - BUG/MEDIUM: tools: vsnprintf() is not always reliable on Solaris - OPTIM: buffer: remove one jump in buffer_count() - OPTIM: http: improve branching in chunk size parser - OPTIM: http: optimize the response forward state machine - BUILD: enable poll() by default in the makefile - BUILD: add explicit support for Mac OS/X - BUG/MAJOR: http: use a static storage for sample fetch context - BUG/MEDIUM: ssl: improve error processing and reporting in ssl_sock_load_cert_list_file() - BUG/MAJOR: http: fix regression introduced by commit a890d072 - BUG/MAJOR: http: fix regression introduced by commit d655ffe - BUG/CRITICAL: using HTTP information in tcp-request content may crash the process - MEDIUM: acl: remove flag ACL_MAY_LOOKUP which is improperly used - MEDIUM: samples: use new flags to describe compatibility between fetches and their usages - MINOR: log: indicate it when some unreliable sample fetches are logged - MEDIUM: samples: move payload-based fetches and ACLs to their own file - MINOR: backend: rename sample fetch functions and declare the sample keywords - MINOR: frontend: rename sample fetch functions and declare the sample keywords - MINOR: listener: rename sample fetch functions and declare the sample keywords - MEDIUM: http: unify acl and sample fetch functions - MINOR: session: rename sample fetch functions and declare the sample keywords - MAJOR: acl: make all ACLs reference the fetch function via a sample. - MAJOR: acl: remove the arg_mask from the ACL definition and use the sample fetch's - MAJOR: acl: remove fetch argument validation from the ACL struct - MINOR: http: add new direction-explicit sample fetches for headers and cookies - MINOR: payload: add new direction-explicit sample fetches - CLEANUP: acl: remove ACL hooks which were never used - MEDIUM: proxy: remove acl_requires and just keep a flag "http_needed" - MINOR: sample: provide a function to report the name of a sample check point - MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires - CLEANUP: acl: remove unused references to ACL_USE_* - MINOR: http: replace acl_parse_ver with acl_parse_str - MEDIUM: acl: move the ->parse, ->match and ->smp fields to acl_expr - MAJOR: acl: add option -m to change the pattern matching method - MINOR: acl: remove the use_count in acl keywords - MEDIUM: acl: have a pointer to the keyword name in acl_expr - MEDIUM: acl: support using sample fetches directly in ACLs - MEDIUM: http: remove val_usr() to validate user_lists - MAJOR: sample: maintain a per-proxy list of the fetch args to resolve - MINOR: ssl: add support for the "alpn" bind keyword - MINOR: http: status code 303 is HTTP/1.1 only - MEDIUM: http: implement redirect 307 and 308 - MINOR: http: status 301 should not be marked non-cacheable 2012/12/28 : 1.5-dev17 - MINOR: ssl: Setting global tune.ssl.cachesize value to 0 disables SSL session cache. - BUG/MEDIUM: stats: fix stats page regression introduced by commit 20b0de5 - BUG/MINOR: stats: last fix was still wrong - BUG/MINOR: stats: http-request rules still don't cope with stats - BUG/MINOR: http: http-request add-header emits a corrupted header - BUG/MEDIUM: stats: disable request analyser when processing POST or HEAD - BUG/MINOR: log: make log-format, unique-id-format and add-header more independant - BUILD: log: unused variable svid - CLEANUP: http: rename the misleading http_check_access_rule - MINOR: http: move redirect rule processing to its own function - REORG: config: move the http redirect rule parser to proto_http.c - MEDIUM: http: add support for "http-request redirect" rules - MEDIUM: http: add support for "http-request tarpit" rule 2012/12/24 : 1.5-dev16 - BUG/MEDIUM: ssl: Prevent ssl error from affecting other connections. - BUG/MINOR: ssl: error is not reported if it occurs simultaneously with peer close detection. - MINOR: ssl: add fetch and acl "ssl_c_used" to check if current SSL session uses a client certificate. - MINOR: contrib: make the iprange tool grep for addresses - CLEANUP: polling: gcc doesn't always optimize constants away - OPTIM: poll: optimize fd management functions for low register count CPUs - CLEANUP: poll: remove a useless double-check on fdtab[fd].owner - OPTIM: epoll: use a temp variable for intermediary flag computations - OPTIM: epoll: current fd does not count as a new one - BUG/MINOR: poll: the I/O handler was called twice for polled I/Os - MINOR: http: make resp_ver and status ACLs check for the presence of a response - BUG/MEDIUM: stream-interface: fix possible stalls during transfers - BUG/MINOR: stream_interface: don't return when the fd is already set - BUG/MEDIUM: connection: always update connection flags prior to computing polling - CLEANUP: buffer: use buffer_empty() instead of buffer_len()==0 - BUG/MAJOR: stream_interface: fix occasional data transfer freezes - BUG/MEDIUM: stream_interface: fix another case where the reader might not be woken up - BUG/MINOR: http: don't abort client connection on premature responses - BUILD: no need to clean up when making git-tar - MINOR: log: add a tag for amount of bytes uploaded from client to server - BUG/MEDIUM: log: fix possible segfault during config parsing - MEDIUM: log: change a few log tokens to make them easier to remember - BUG/MINOR: log: add_to_logformat_list() used the wrong constants - MEDIUM: log-format: make the format parser more robust and more extensible - MINOR: sample: support cast from bool to string - MINOR: samples: add a function to fetch and convert any sample to a string - MINOR: log: add lf_text_len - MEDIUM: log: add the ability to include samples in logs - REORG: stats: massive code reorg and cleanup - REORG: stats: move the HTTP header injection to proto_http - REORG: stats: functions are now HTTP/CLI agnostic - BUG/MINOR: log: fix regression introduced by commit 8a3f52 - MINOR: chunks: centralize the trash chunk allocation - MEDIUM: stats: use hover boxes instead of title to report details - MEDIUM: stats: use multi-line tips to display detailed counters - MINOR: tools: simplify the use of the int to ascii macros - MINOR: stats: replace STAT_FMT_CSV with STAT_FMT_HTML - MINOR: http: prepare to support more http-request actions - MINOR: log: make parse_logformat_string() take a const char * - MEDIUM: http: add http-request 'add-header' and 'set-header' to build headers 2012/12/12 : 1.5-dev15 - DOC: add a few precisions on compression - BUG/MEDIUM: ssl: Fix handshake failure on session resumption with client cert. - BUG/MINOR: ssl: One free session in cache remains unused. - BUG/MEDIUM: ssl: first outgoing connection would fail with {ca,crt}-ignore-err - MEDIUM: ssl: manage shared cache by blocks for huge sessions. - MINOR: acl: add fetch for server session rate - BUG/MINOR: compression: Content-Type is case insensitive - MINOR: compression: disable on multipart or status != 200 - BUG/MINOR: http: don't report client aborts as server errors - MINOR: stats: compute the ratio of compressed response based on 2xx responses - MINOR: http: factor out the content-type checks - BUG/MAJOR: stats: correctly check for a possible divide error when showing compression ratios - BUILD: ssl: OpenSSL 0.9.6 has no renegociation - BUG/MINOR: http: disable compression when message has no body - MINOR: compression: make the stats a bit more robust - BUG/MEDIUM: comp: DEFAULT_MAXZLIBMEM was expressed in bytes and not megabytes - MINOR: connection: don't remove failed handshake flags - MEDIUM: connection: add an error code in connections - MEDIUM: connection: add minimal error reporting in logs for incomplete connections - MEDIUM: connection: add error reporting for the PROXY protocol header - MEDIUM: connection: add error reporting for the SSL - DOC: document the connection error format in logs - BUG/MINOR: http: don't log a 503 on client errors while waiting for requests - BUILD: stdbool is not portable - BUILD: ssl: NAME_MAX is not portable, use MAXPATHLEN instead - BUG/MAJOR: raw_sock: must check error code on hangup - BUG/MAJOR: polling: do not set speculative events on ERR nor HUP - BUG/MEDIUM: session: fix FD leak when transport layer logging is enabled - MINOR: stats: add a few more information on session dump - BUG/MINOR: tcp: set the ADDR_TO_SET flag on outgoing connections - CLEANUP: connection: remove unused server/proxy/task/si_applet declarations - BUG/MEDIUM: tcp: process could theorically crash on lack of source ports - MINOR: cfgparse: mention "interface" in the list of allowed "source" options - MEDIUM: connection: introduce "struct conn_src" for servers and proxies - CLEANUP: proto_tcp: use the same code to bind servers and backends - CLEANUP: backend: use the same tproxy address selection code for servers and backends - BUG/MEDIUM: stick-tables: conversions to strings were broken in dev13 - MEDIUM: proto_tcp: add support for tracking L7 information - MEDIUM: counters: add sc1_trackers/sc2_trackers - MINOR: http: add the "base32" pattern fetch function - MINOR: http: add the "base32+src" fetch method. - CLEANUP: session: use an array for the stick counters - BUG/MINOR: proto_tcp: fix parsing of "table" in track-sc1/2 - BUG/MINOR: proto_tcp: bidirectional fetches not supported anymore in track-sc1/2 - BUG/MAJOR: connection: always recompute polling status upon I/O - BUG/MINOR: connection: remove a few synchronous calls to polling updates - MINOR: config: improve error checking on TCP stick-table tracking - DOC: add some clarifications to the readme 2012/11/26 : 1.5-dev14 - DOC: fix minor typos - BUG/MEDIUM: compression: does not forward trailers - MINOR: buffer_dump with ASCII - BUG/MEDIUM: checks: mark the check as stopped after a connect error - BUG/MEDIUM: checks: ensure we completely disable polling upon success - BUG/MINOR: checks: don't mark the FD as closed before transport close - MEDIUM: checks: avoid accumulating TIME_WAITs during checks - MINOR: cli: report the msg state in full text in "show sess $PTR" - CLEANUP: checks: rename some server check flags - MAJOR: checks: rework completely bogus state machine - BUG/MINOR: checks: slightly clean the state machine up - MEDIUM: checks: avoid waking the application up for pure TCP checks - MEDIUM: checks: close the socket as soon as we have a response - BUG/MAJOR: checks: close FD on all timeouts - MINOR: checks: fix recv polling after connect() - MEDIUM: connection: provide a common conn_full_close() function - BUG/MEDIUM: checks: prevent TIME_WAITs from appearing also on timeouts - BUG/MAJOR: peers: the listener's maxaccept was not set and caused loops - MINOR: listeners: make the accept loop more robust when maxaccept==0 - BUG/MEDIUM: acl: correctly resolve all args, not just the first one - BUG/MEDIUM: acl: make prue_acl_expr() correctly free ACL expressions upon exit - BUG/MINOR: stats: fix inversion of the report of a check in progress - MEDIUM: tcp: add explicit support for delayed ACK in connect() - BUG/MEDIUM: connection: always disable polling upon error - MINOR: connection: abort earlier when errors are detected - BUG/MEDIUM: checks: report handshake failures - BUG/MEDIUM: connection: local_send_proxy must wait for connection to establish - MINOR: tcp: add support for the "v6only" bind option - MINOR: stats: also report the computed compression savings in html stats - MINOR: stats: report the total number of compressed responses per front/back - MINOR: tcp: add support for the "v4v6" bind option - DOC: stats: document the comp_rsp stats column - BUILD: buffer: fix another isprint() warning on solaris - MINOR: cli: add support for the "show sess all" command - BUG/MAJOR: cli: show sess may randomly corrupt the back-ref list - MINOR: cli: improve output format for show sess $ptr 2012/11/22 : 1.5-dev13 - BUILD: fix build issue without USE_OPENSSL - BUILD: fix compilation error with DEBUG_FULL - DOC: ssl: remove prefer-server-ciphers documentation - DOC: ssl: surround keywords with quotes - DOC: fix minor typo on http-send-name-header - BUG/MEDIUM: acls using IPv6 subnets patterns incorrectly match IPs - BUG/MAJOR: fix a segfault on option http_proxy and url_ip acl - MEDIUM: http: accept IPv6 values with (s)hdr_ip acl - BUILD: report zlib support in haproxy -vv - DOC: compression: add some details and clean up the formatting - DOC: Change is_ssl acl to ssl_fc acl in example - DOC: make it clear what the HTTP request size is - MINOR: ssl: try to load Diffie-Hellman parameters from cert file - DOC: ssl: update 'crt' statement on 'bind' about Diffie-Hellman parameters loading - MINOR: ssl: add elliptic curve Diffie-Hellman support for ssl key generation - DOC: ssl: add 'ecdhe' statement on 'bind' - MEDIUM: ssl: add client certificate authentication support - DOC: ssl: add 'verify', 'cafile' and 'crlfile' statements on 'bind' - MINOR: ssl: add fetch and ACL 'client_crt' to test a client cert is present - DOC: ssl: add fetch and ACL 'client_cert' - MINOR: ssl: add ignore verify errors options - DOC: ssl: add 'ca-ignore-err' and 'crt-ignore-err' statements on 'bind' - MINOR: ssl: add fetch and ACL 'ssl_verify_result' - DOC: ssl: add fetch and ACL 'ssl_verify_result' - MINOR: ssl: add fetches and ACLs to return verify errors - DOC: ssl: add fetches and ACLs 'ssl_verify_crterr', 'ssl_verify_caerr', and 'ssl_verify_crterr_depth' - MINOR: ssl: disable shared memory and locks on session cache if nbproc == 1 - MINOR: ssl: add build param USE_PRIVATE_CACHE to build cache without shared memory - MINOR: ssl : add statements 'notlsv11' and 'notlsv12' and rename 'notlsv1' to 'notlsv10'. - DOC: ssl : add statements 'notlsv11' and 'notlsv12' and rename 'notlsv1' to 'notlsv10'. - MEDIUM: config: authorize frontend and listen without bind. - MINOR: ssl: add statement 'no-tls-tickets' on bind to disable stateless session resumption - DOC: ssl: add 'no-tls-tickets' statement documentation. - BUG/MINOR: ssl: Fix CRL check was not enabled when crlfile was specified. - BUG/MINOR: build: Fix compilation issue on openssl 0.9.6 due to missing CRL feature. - BUG/MINOR: conf: Fix 'maxsslconn' statement error if built without OPENSSL. - BUG/MINOR: build: Fix failure with USE_OPENSSL=1 and USE_FUTEX=1 on archs i486 and i686. - MINOR: ssl: remove prefer-server-ciphers statement and set it as the default on ssl listeners. - BUG/MEDIUM: ssl: subsequent handshakes fail after server configuration changes - MINOR: ssl: add 'crt-base' and 'ca-base' global statements. - MEDIUM: conf: rename 'nosslv3' and 'notlsvXX' statements 'no-sslv3' and 'no-tlsvXX'. - MEDIUM: conf: rename 'cafile' and 'crlfile' statements 'ca-file' and 'crl-file' - MINOR: ssl: use bit fields to store ssl options instead of one int each - MINOR: ssl: add 'force-sslv3' and 'force-tlsvXX' statements on bind. - MINOR: ssl: add 'force-sslv3' and 'force-tlsvXX' statements on server - MINOR: ssl: add defines LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS. - BUG/MINOR: ssl: Fix issue on server statements 'no-tls*' and 'no-sslv3' - MINOR: ssl: move ssl context init for servers from cfgparse.c to ssl_sock.c - MEDIUM: ssl: reject ssl server keywords in default-server statement - MINOR: ssl: add statement 'no-tls-tickets' on server side. - MINOR: ssl: add statements 'verify', 'ca-file' and 'crl-file' on servers. - DOC: Fix rename of options cafile and crlfile to ca-file and crl-file. - MINOR: sample: manage binary to string type convertion in stick-table and samples. - MINOR: acl: add parse and match primitives to use binary type on ACLs - MINOR: sample: export 'sample_get_trash_chunk(void)' - MINOR: conf: rename all ssl modules fetches using prefix 'ssl_fc' and 'ssl_c' - MINOR: ssl: add pattern and ACLs fetches 'ssl_fc_protocol', 'ssl_fc_cipher', 'ssl_fc_use_keysize' and 'ssl_fc_alg_keysize' - MINOR: ssl: add pattern fetch 'ssl_fc_session_id' - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_version' and 'ssl_f_version' - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_s_dn', 'ssl_c_i_dn', 'ssl_f_s_dn' and 'ssl_c_i_dn' - MINOR: ssl: add pattern and ACLs 'ssl_c_sig_alg' and 'ssl_f_sig_alg' - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_key_alg' and 'ssl_f_key_alg' - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_notbefore', 'ssl_c_notafter', 'ssl_f_notbefore' and 'ssl_f_notafter' - MINOR: ssl: add 'crt' statement on server. - MINOR: ssl: checks the consistency of a private key with the corresponding certificate - BUG/MEDIUM: ssl: review polling on reneg. - BUG/MEDIUM: ssl: Fix some reneg cases not correctly handled. - BUG/MEDIUM: ssl: Fix sometimes reneg fails if requested by server. - MINOR: build: allow packagers to specify the ssl cache size - MINOR: conf: add warning if ssl is not enabled and a certificate is present on bind. - MINOR: ssl: Add tune.ssl.lifetime statement in global. - MINOR: compression: Enable compression for IE6 w/SP2, IE7 and IE8 - BUG: http: revert broken optimisation from 82fe75c1a79dac933391501b9d293bce34513755 - DOC: duplicate ssl_sni section - MEDIUM: HTTP compression (zlib library support) - CLEANUP: use struct comp_ctx instead of union - BUILD: remove dependency to zlib.h - MINOR: compression: memlevel and windowsize - MEDIUM: use pool for zlib - MINOR: compression: try init in cfgparse.c - MINOR: compression: init before deleting headers - MEDIUM: compression: limit RAM usage - MINOR: compression: tune.comp.maxlevel - MINOR: compression: maximum compression rate limit - MINOR: log-format: check number of arguments in cfgparse.c - BUG/MEDIUM: compression: no Content-Type header but type in configuration - BUG/MINOR: compression: deinit zlib only when required - MEDIUM: compression: don't compress when no data - MEDIUM: compression: use pool for comp_ctx - MINOR: compression: rate limit in 'show info' - MINOR: compression: report zlib memory usage - BUG/MINOR: compression: dynamic level increase - DOC: compression: unsupported cases. - MINOR: compression: CPU usage limit - MEDIUM: http: add "redirect scheme" to ease HTTP to HTTPS redirection - BUG/MAJOR: ssl: missing tests in ACL fetch functions - MINOR: config: add a function to indent error messages - REORG: split "protocols" files into protocol and listener - MEDIUM: config: replace ssl_conf by bind_conf - CLEANUP: listener: remove unused conf->file and conf->line - MEDIUM: listener: add a minimal framework to register "bind" keyword options - MEDIUM: config: move the "bind" TCP parameters to proto_tcp - MEDIUM: move bind SSL parsing to ssl_sock - MINOR: config: improve error reporting for "bind" lines - MEDIUM: config: move the common "bind" settings to listener.c - MEDIUM: config: move all unix-specific bind keywords to proto_uxst.c - MEDIUM: config: enumerate full list of registered "bind" keywords upon error - MINOR: listener: add a scope field in the bind keyword lists - MINOR: config: pass the file and line to config keyword parsers - MINOR: stats: fill the file and line numbers in the stats frontend - MINOR: config: set the bind_conf entry on listeners created from a "listen" line. - MAJOR: listeners: use dual-linked lists to chain listeners with frontends - REORG: listener: move unix perms from the listener to the bind_conf - BUG: backend: balance hdr was broken since 1.5-dev11 - MINOR: standard: make memprintf() support a NULL destination - MINOR: config: make str2listener() use memprintf() to report errors. - MEDIUM: stats: remove the stats_sock struct from the global struct - MINOR: ssl: set the listeners' data layer to ssl during parsing - MEDIUM: stats: make use of the standard "bind" parsers to parse global socket - DOC: move bind options to their own section - DOC: stats: refer to "bind" section for "stats socket" settings - DOC: fix index to reference bind and server options - BUG: http: do not print garbage on invalid requests in debug mode - BUG/MINOR: config: check the proper pointer to report unknown protocol - CLEANUP: connection: offer conn_prepare() to set up a connection - CLEANUP: config: fix typo inteface => interface - BUG: stats: fix regression introduced by commit 4348fad1 - MINOR: cli: allow to set frontend maxconn to zero - BUG/MAJOR: http: chunk parser was broken with buffer changes - MEDIUM: monitor: simplify handling of monitor-net and mode health - MINOR: connection: add a pointer to the connection owner - MEDIUM: connection: make use of the owner instead of container_of - BUG/MINOR: ssl: report the L4 connection as established when possible - BUG/MEDIUM: proxy: must not try to stop disabled proxies upon reload - BUG/MINOR: config: use a copy of the file name in proxy configurations - BUG/MEDIUM: listener: don't pause protocols that do not support it - MEDIUM: proxy: add the global frontend to the list of normal proxies - BUG/MINOR: epoll: correctly disable FD polling in fd_rem() - MINOR: signal: really ignore signals configured with no handler - MINOR: buffers: add a few functions to write chars, strings and blocks - MINOR: raw_sock: always report asynchronous connection errors - MEDIUM: raw_sock: improve connection error reporting - REORG: connection: rename the data layer the "transport layer" - REORG: connection: rename app_cb "data" - MINOR: connection: provide a generic data layer wakeup callback - MINOR: connection: split conn_prepare() in two functions - MINOR: connection: add an init callback to the data_cb struct - MEDIUM: session: use a specific data_cb for embryonic sessions - MEDIUM: connection: use a generic data-layer init() callback - MEDIUM: connection: reorganize connection flags - MEDIUM: connection: only call the data->wake callback on activity - MEDIUM: connection: make it possible for data->wake to return an error - MEDIUM: session: register a data->wake callback to process errors - MEDIUM: connection: don't call the data->init callback upon error - MEDIUM: connection: it's not the data layer's role to validate the connection - MEDIUM: connection: automatically disable polling on error - REORG: connection: move the PROXY protocol management to connection.c - MEDIUM: connection: add a new local send-proxy transport callback - MAJOR: checks: make use of the connection layer to send checks - REORG: server: move the check-specific parts into a check subsection - MEDIUM: checks: use real buffers to store requests and responses - MEDIUM: check: add the ctrl and transport layers in the server check structure - MAJOR: checks: completely use the connection transport layer - MEDIUM: checks: add the "check-ssl" server option - MEDIUM: checks: enable the PROXY protocol with health checks - CLEANUP: checks: remove minor warnings for assigned but not used variables - MEDIUM: tcp: enable TCP Fast Open on systems which support it - BUG: connection: fix regression from commit 9e272bf9 - CLEANUP: cttproxy: remove a warning on undeclared close() - BUG/MAJOR: ensure that hdr_idx is always reserved when L7 fetches are used - MEDIUM: listener: add support for linux's accept4() syscall - MINOR: halog: sort output by cookie code - BUG/MINOR: halog: -ad/-ac report the correct number of output lines - BUG/MINOR: halog: fix help message for -ut/-uto - MINOR: halog: add a parameter to limit output line count - BUILD: accept4: move the socketcall declaration outside of accept4() - MINOR: server: add minimal infrastructure to parse keywords - MINOR: standard: make indent_msg() support empty messages - MEDIUM: server: check for registered keywords when parsing unknown keywords - MEDIUM: server: move parsing of keyword "id" to server.c - BUG/MEDIUM: config: check-send-proxy was ignored if SSL was not builtin - MEDIUM: ssl: move "server" keyword SSL options parsing to ssl_sock.c - MEDIUM: log: suffix the frontend's name with '~' when using SSL - MEDIUM: connection: always unset the transport layer upon close - BUG/MINOR: session: fix some leftover from debug code - BUG/MEDIUM: session: enable the conn_session_update() callback - MEDIUM: connection: add a flag to hold the transport layer - MEDIUM: log: add a new LW_XPRT flag to pin the transport layer - MINOR: log: make lf_text use a const char * - MEDIUM: log: report SSL ciphers and version in logs using logformat %sslc/%sslv - REORG: http: rename msg->buf to msg->chn since it's a channel - CLEANUP: http: use 'chn' to name channel variables, not 'buf' - CLEANUP: channel: use 'chn' instead of 'buf' as local variable names - CLEANUP: tcp: use 'chn' instead of 'buf' or 'b' for channel pointer names - CLEANUP: stream_interface: use 'chn' instead of 'b' to name channel pointers - CLEANUP: acl: use 'chn' instead of 'b' to name channel pointers - MAJOR: channel: replace the struct buffer with a pointer to a buffer - OPTIM: channel: reorganize struct members to improve cache efficiency - CLEANUP: session: remove term_trace which is not used anymore - OPTIM: session: reorder struct session fields - OPTIM: connection: pack the struct target - DOC: document relations between internal entities - MINOR: ssl: add 'ssl_npn' sample/acl to extract TLS/NPN information - BUILD: ssl: fix shctx build on older compilers - MEDIUM: ssl: add support for the "npn" bind keyword - BUG: ssl: fix ssl_sni ACLs to correctly process regular expressions - MINOR: chunk: provide string compare functions - MINOR: sample: accept fetch keywords without parenthesis - MEDIUM: sample: pass an empty list instead of a null for fetch args - MINOR: ssl: improve socket behaviour upon handshake abort. - BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel mode - MEDIUM: listener: provide a fallback for accept4() when not supported - BUG/MAJOR: connection: risk of crash on certain tricky close scenario - MEDIUM: cli: allow the stats socket to be bound to a specific set of processes - OPTIM: channel: inline channel_forward's fast path - OPTIM: http: inline http_parse_chunk_size() and http_skip_chunk_crlf() - OPTIM: tools: inline hex2i() - CLEANUP: http: rename HTTP_MSG_DATA_CRLF state - MINOR: compression: automatically disable compression for older browsers - MINOR: compression: optimize memLevel to improve byte rate - BUG/MINOR: http: compression should consider all Accept-Encoding header values - BUILD: fix coexistence of openssl and zlib - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_serial' and 'ssl_f_serial' - BUG/MEDIUM: command-line option -D must have precedence over "debug" - MINOR: tools: add a clear_addr() function to unset an address - BUG/MEDIUM: tcp: transparent bind to the source only when address is set - CLEANUP: remove trashlen - MAJOR: session: detach the connections from the stream interfaces - DOC: update document describing relations between internal entities - BUILD: make it possible to specify ZLIB path - MINOR: compression: add an offload option to remove the Accept-Encoding header - BUG: compression: disable auto-close and enable MSG_MORE during transfer - CLEANUP: completely remove trashlen - MINOR: chunk: add a function to reset a chunk - CLEANUP: replace chunk_printf() with chunk_appendf() - MEDIUM: make the trash be a chunk instead of a char * - MEDIUM: remove remains of BUFSIZE in HTTP auth and sample conversions - MEDIUM: stick-table: allocate the table key of size buffer size - BUG/MINOR: stream_interface: don't loop over ->snd_buf() - BUG/MINOR: session: ensure that we don't retry connection if some data were sent - OPTIM: session: don't process the whole session when only timers need a refresh - BUG/MINOR: session: mark the handshake as complete earlier - MAJOR: connection: remove the CO_FL_CURR_*_POL flag - BUG/MAJOR: always clear the CO_FL_WAIT_* flags after updating polling flags - MAJOR: sepoll: make the poller totally event-driven - OPTIM: stream_interface: disable reading when CF_READ_DONTWAIT is set - BUILD: compression: remove a build warning - MEDIUM: fd: don't unset fdtab[].updated upon delete - REORG: fd: move the speculative I/O management from ev_sepoll - REORG: fd: move the fd state management from ev_sepoll - REORG: fd: centralize the processing of speculative events - BUG: raw_sock: also consider ENOTCONN in addition to EAGAIN - BUILD: stream_interface: remove si_fd() and its references - BUILD: compression: enable build in BSD and OSX Makefiles - MAJOR: ev_select: make the poller support speculative events - MAJOR: ev_poll: make the poller support speculative events - MAJOR: ev_kqueue: make the poller support speculative events - MAJOR: polling: replace epoll with sepoll and remove sepoll - MAJOR: polling: remove unused callbacks from the poller struct - MEDIUM: http: refrain from sending "Connection: close" when Upgrade is present - CLEANUP: channel: remove any reference of the hijackers - CLEANUP: stream_interface: remove the external task type target - MAJOR: connection: replace struct target with a pointer to an enum - BUG: connection: fix typo in previous commit - BUG: polling: don't skip polled events in the spec list - MINOR: splice: disable it when the system returns EBADF - MINOR: build: allow packagers to specify the default maxzlibmem - BUG: halog: fix broken output limitation - BUG: proxy: fix server name lookup in get_backend_server() - BUG: compression: do not always increment the round counter on allocation failure - BUG/MEDIUM: compression: release the zlib pools between keep-alive requests - MINOR: global: don't prevent nbproc from being redefined - MINOR: config: support process ranges for "bind-process" - MEDIUM: global: add support for CPU binding on Linux ("cpu-map") - MINOR: ssl: rename and document the tune.ssl.cachesize option - DOC: update the PROXY protocol spec to support v2 - MINOR: standard: add a simple popcount function - MEDIUM: adjust the maxaccept per listener depending on the number of processes - BUG: compression: properly disable compression when content-type does not match - MINOR: cli: report connection status in "show sess xxx" - BUG/MAJOR: stream_interface: certain workloads could cause get stuck - BUILD: cli: fix build when SSL is enabled - MINOR: cli: report the fd state in "show sess xxx" - MINOR: cli: report an error message on missing argument to compression rate - MINOR: http: add some debugging functions to pretty-print msg state names - BUG/MAJOR: stream_interface: read0 not always handled since dev12 - DOC: documentation on http header capture is wrong - MINOR: http: allow the cookie capture size to be changed - DOC: http header capture has not been limited in size for a long time - DOC: update readme with build methods for BSD - BUILD: silence a warning on Solaris about usage of isdigit() - MINOR: stats: report HTTP compression stats per frontend and per backend - MINOR: log: add '%Tl' to log-format - MINOR: samples: update the url_param fetch to match parameters in the path 2012/09/10 : 1.5-dev12 - CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read - MEDIUM: ssl: add support for prefer-server-ciphers option - MINOR: IPv6 support for transparent proxy - MINOR: protocol: add SSL context to listeners if USE_OPENSSL is defined - MINOR: server: add SSL context to servers if USE_OPENSSL is defined - MEDIUM: connection: add a new handshake flag for SSL (CO_FL_SSL_WAIT_HS). - MEDIUM: ssl: add new files ssl_sock.[ch] to provide the SSL data layer - MEDIUM: config: add the 'ssl' keyword on 'bind' lines - MEDIUM: config: add support for the 'ssl' option on 'server' lines - MEDIUM: ssl: protect against client-initiated renegociation - BUILD: add optional support for SSL via the USE_OPENSSL flag - MEDIUM: ssl: add shared memory session cache implementation. - MEDIUM: ssl: replace OpenSSL's session cache with the shared cache - MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size. - MEDIUM: ssl: add support for SNI and wildcard certificates - DOC: Typos cleanup - DOC: fix name for "option independant-streams" - DOC: specify the default value for maxconn in the context of a proxy - BUG/MINOR: to_log erased with unique-id-format - LICENSE: add licence exception for OpenSSL - BUG/MAJOR: cookie prefix doesn't support cookie-less servers - BUILD: add an AIX 5.2 (and later) target. - MEDIUM: fd/si: move peeraddr from struct fdinfo to struct connection - MINOR: halog: use the more recent dual-mode fgets2 implementation - BUG/MEDIUM: ebtree: ebmb_insert() must not call cmp_bits on full-length matches - CLEANUP: halog: make clean should also remove .o files - OPTIM: halog: make use of memchr() on platforms which provide a fast one - OPTIM: halog: improve cold-cache behaviour when loading a file - BUG/MINOR: ACL implicit arguments must be created with unresolved flag - MINOR: replace acl_fetch_{path,url}* with smp_fetch_* - MEDIUM: pattern: add the "base" sample fetch method - OPTIM: i386: make use of kernel-mode-linux when available - BUG/MINOR: tarpit: fix condition to return the HTTP 500 message - BUG/MINOR: polling: some events were not set in various pollers - MINOR: http: add the urlp_val ACL match - BUG: stktable: tcp_src_to_stktable_key() must return NULL on invalid families - MINOR: stats/cli: add plans to support more stick-table actions - MEDIUM: stats/cli: add support for "set table key" to enter values - REORG/MEDIUM: fd: remove FD_STCLOSE from struct fdtab - REORG/MEDIUM: fd: remove checks for FD_STERROR in ev_sepoll - REORG/MEDIUM: fd: get rid of FD_STLISTEN - REORG/MINOR: connection: move declaration to its own include file - REORG/MINOR: checks: put a struct connection into the server - MINOR: connection: add flags to the connection struct - MAJOR: get rid of fdtab[].state and use connection->flags instead - MINOR: fd: add a new I/O handler to fdtab - MEDIUM: polling: prepare to call the iocb() function when defined. - MEDIUM: checks: make use of fdtab->iocb instead of cb[] - MEDIUM: protocols: use the generic I/O callback for accept callbacks - MINOR: connection: add a handler for fd-based connections - MAJOR: connection: replace direct I/O callbacks with the connection callback - MINOR: fd: make fdtab->owner a connection and not a stream_interface anymore - MEDIUM: connection: remove the FD_POLL_* flags only once - MEDIUM: connection: extract the send_proxy callback from proto_tcp - MAJOR: tcp: remove the specific I/O callbacks for TCP connection probes - CLEANUP: remove the now unused fdtab direct I/O callbacks - MAJOR: remove the stream interface and task management code from sock_* - MEDIUM: stream_interface: pass connection instead of fd in sock_ops - MEDIUM: stream_interface: centralize the SI_FL_ERR management - MAJOR: connection: add a new CO_FL_CONNECTED flag - MINOR: rearrange tcp_connect_probe() and fix wrong return codes - MAJOR: connection: call data layer handshakes from the handler - MEDIUM: fd: remove the EV_FD_COND_* primitives - MINOR: sock_raw: move calls to si_data_close upper - REORG: connection: replace si_data_close() with conn_data_close() - MEDIUM: sock_raw: introduce a read0 callback that is different from shutr - MAJOR: stream_int: use a common stream_int_shut*() functions regardless of the data layer - MAJOR: fd: replace all EV_FD_* macros with new fd_*_* inline calls - MEDIUM: fd: add fd_poll_{recv,send} for use when explicit polling is required - MEDIUM: connection: add definitions for dual polling mechanisms - MEDIUM: connection: make use of the new polling functions - MAJOR: make use of conn_{data|sock}_{poll|stop|want}* in connection handlers - MEDIUM: checks: don't use FD_WAIT_* anymore - MINOR: fd: get rid of FD_WAIT_* - MEDIUM: stream_interface: offer a generic function for connection updates - MEDIUM: stream-interface: offer a generic chk_rcv function for connections - MEDIUM: stream-interface: add a snd_buf() callback to sock_ops - MEDIUM: stream-interface: provide a generic stream_int_chk_snd_conn() function - MEDIUM: stream-interface: provide a generic si_conn_send_cb callback - MEDIUM: stream-interface: provide a generic stream_sock_read0() function - REORG/MAJOR: use "struct channel" instead of "struct buffer" - REORG/MAJOR: extract "struct buffer" from "struct channel" - MINOR: connection: provide conn_{data|sock}_{read0|shutw} functions - REORG: sock_raw: rename the files raw_sock* - MAJOR: raw_sock: extract raw_sock_to_buf() from raw_sock_read() - MAJOR: raw_sock: temporarily disable splicing - MINOR: stream-interface: add an rcv_buf callback to sock_ops - REORG: stream-interface: move sock_raw_read() to si_conn_recv_cb() - MAJOR: connection: split the send call into connection and stream interface - MAJOR: stream-interface: restore splicing mechanism - MAJOR: stream-interface: make conn_notify_si() more robust - MEDIUM: proxy-proto: don't use buffer flags in conn_si_send_proxy() - MAJOR: stream-interface: don't commit polling changes in every callback - MAJOR: stream-interface: fix splice not to call chk_snd by itself - MEDIUM: stream-interface: don't remove WAIT_DATA when a handshake is in progress - CLEANUP: connection: split sock_ops into data_ops, app_cp and si_ops - REORG: buffers: split buffers into chunk,buffer,channel - MAJOR: channel: remove the BF_OUT_EMPTY flag - REORG: buffer: move buffer_flush, b_adv and b_rew to buffer.h - MINOR: channel: rename bi_full to channel_full as it checks the whole channel - MINOR: buffer: provide a new buffer_full() function - MAJOR: channel: stop relying on BF_FULL to take action - MAJOR: channel: remove the BF_FULL flag - REORG: channel: move buffer_{replace,insert_line}* to buffer.{c,h} - CLEANUP: channel: usr CF_/CHN_ prefixes instead of BF_/BUF_ - CLEANUP: channel: use "channel" instead of "buffer" in function names - REORG: connection: move the target pointer from si to connection - MAJOR: connection: move the addr field from the stream_interface - MEDIUM: stream_interface: remove CAP_SPLTCP/CAP_SPLICE flags - MEDIUM: proto_tcp: remove any dependence on stream_interface - MINOR: tcp: replace tcp_src_to_stktable_key with addr_to_stktable_key - MEDIUM: connection: add an ->init function to data layer - MAJOR: session: introduce embryonic sessions - MAJOR: connection: make the PROXY decoder a handshake handler - CLEANUP: frontend: remove the old proxy protocol decoder - MAJOR: connection: rearrange the polling flags. - MEDIUM: connection: only call tcp_connect_probe when nothing was attempted yet - MEDIUM: connection: complete the polling cleanups - MEDIUM: connection: avoid calling handshakes when polling is required - MAJOR: stream_interface: continue to update data polling flags during handshakes - CLEANUP: fd: remove fdtab->flags - CLEANUP: fdtab: flatten the struct and merge the spec struct with the rest - CLEANUP: includes: fix includes for a number of users of fd.h - MINOR: ssl: disable TCP quick-ack by default on SSL listeners - MEDIUM: config: add a "ciphers" keyword to set SSL cipher suites - MEDIUM: config: add "nosslv3" and "notlsv1" on bind and server lines - BUG: ssl: mark the connection as waiting for an SSL connection during the handshake - BUILD: http: rename error_message http_error_message to fix conflicts on RHEL - BUILD: ssl: fix shctx build on RHEL with futex - BUILD: include sys/socket.h to fix build failure on FreeBSD - BUILD: fix build error without SSL (ssl_cert) - BUILD: ssl: use MAP_ANON instead of MAP_ANONYMOUS - BUG/MEDIUM: workaround an eglibc bug which truncates the pidfiles when nbproc > 1 - MEDIUM: config: support per-listener backlog and maxconn - MINOR: session: do not send an HTTP/500 error on SSL sockets - MEDIUM: config: implement maxsslconn in the global section - BUG: tcp: close socket fd upon connect error - MEDIUM: connection: improve error handling around the data layer - MINOR: config: make the tasks "nice" value configurable on "bind" lines. - BUILD: shut a gcc warning introduced by commit 269ab31 - MEDIUM: config: centralize handling of SSL config per bind line - BUILD: makefile: report USE_OPENSSL status in build options - BUILD: report openssl build settings in haproxy -vv - MEDIUM: ssl: add sample fetches for is_ssl, ssl_has_sni, ssl_sni_* - DOC: add a special acknowledgement for the stud project - DOC: add missing SSL options for servers and listeners - BUILD: automatically add -lcrypto for SSL - DOC: add some info about openssl build in the README 2012/06/04 : 1.5-dev11 - BUG/MEDIUM: option forwardfor if-none doesn't work with some configurations - BUG/MAJOR: trash must always be the size of a buffer - DOC: fix minor regex example issue and improve doc on stats - MINOR: stream_interface: add a pointer to the listener for TARG_TYPE_CLIENT - MEDIUM: protocol: add a pointer to struct sock_ops to the listener struct - MINOR: checks: add on-marked-up option - MINOR: balance uri: added 'whole' parameter to include query string in hash calculation - MEDIUM: stream_interface: remove the si->init - MINOR: buffers: add a rewind function - BUG/MAJOR: fix regression on content-based hashing and http-send-name-header - MAJOR: http: stop using msg->sol outside the parsers - CLEANUP: http: make it more obvious that msg->som is always null outside of chunks - MEDIUM: http: get rid of msg->som which is not used anymore - MEDIUM: http: msg->sov and msg->sol will never wrap - BUG/MAJOR: checks: don't call set_server_status_* when no LB algo is set - BUG/MINOR: stop connect timeout when connect succeeds - REORG: move the send-proxy code to tcp_connect_write() - REORG/MINOR: session: detect the TCP monitor checks at the protocol accept - MINOR: stream_interface: introduce a new "struct connection" type - REORG/MINOR: stream_interface: move si->fd to struct connection - REORG/MEDIUM: stream_interface: move applet->state and private to connection - MINOR: stream_interface: add a data channel close function - MEDIUM: stream_interface: call si_data_close() before releasing the si - MINOR: peers: use the socket layer operations from the peer instead of sock_raw - BUG/MINOR: checks: expire on timeout.check if smaller than timeout.connect - MINOR: add a new function call tracer for debugging purposes - BUG/MINOR: perform_http_redirect also needs to rewind the buffer - BUG/MAJOR: b_rew() must pass a signed offset to b_ptr() - BUG/MEDIUM: register peer sync handler in the proper order - BUG/MEDIUM: buffers: fix bi_putchr() to correctly advance the pointer - BUG/MINOR: fix option httplog validation with TCP frontends - BUG/MINOR: log: don't report logformat errors in backends - REORG/MINOR: use dedicated proxy flags for the cookie handling - BUG/MINOR: config: do not report twice the incompatibility between cookie and non-http - MINOR: http: add support for "httponly" and "secure" cookie attributes - BUG/MEDIUM: ensure that unresolved arguments are freed exactly once - BUG/MINOR: commit 196729ef used wrong condition resulting in freeing constants - MEDIUM: stats: add support for soft stop/soft start in the admin interface - MEDIUM: stats: add the ability to kill sessions from the admin interface - BUILD: add support for linux kernels >= 2.6.28 2012/05/14 : 1.5-dev10 - BUG/MINOR: stats admin: "Unexpected result" was displayed unconditionally - BUG/MAJOR: acl: http_auth_group() must not accept any user from the userlist - CLEANUP: auth: make the code build again with DEBUG_AUTH - BUG/MEDIUM: config: don't crash at config load time on invalid userlist names - REORG: use the name sock_raw instead of stream_sock - MINOR: stream_interface: add a client target : TARG_TYPE_CLIENT - BUG/MEDIUM: stream_interface: restore get_src/get_dst - CLEANUP: sock_raw: remove last references to stream_sock - CLEANUP: stream_interface: stop exporting socket layer functions - MINOR: stream_interface: add an init callback to sock_ops - MEDIUM: stream_interface: derive the socket operations from the target - MAJOR: fd: remove the need for the socket layer to recheck the connection - MINOR: session: call the socket layer init function when a session establishes - MEDIUM: session: add support for tunnel timeouts - MINOR: standard: add a new debug macro : fddebug() - CLEANUP: fd: remove unused cb->b pointers in the struct fdtab - OPTIM: proto_http: don't enable quick-ack on empty buffers - OPTIM/MAJOR: ev_sepoll: process spec events after polled events - OPTIM/MEDIUM: stream_interface: add a new SI_FL_NOHALF flag 2012/05/08 : 1.5-dev9 - MINOR: Add release callback to si_applet - CLEANUP: Fix some minor typos - MINOR: Add TO/FROM_SET flags to struct stream_interface - CLEANUP: Fix some minor whitespace issues - MINOR: stats admin: allow unordered parameters in POST requests - CLEANUP: fix typo in findserver() log message - MINOR: stats admin: use the backend id instead of its name in the form - MINOR: stats admin: reduce memcmp()/strcmp() calls on status codes - DOC: cleanup indentation, alignment, columns and chapters - DOC: fix some keywords arguments documentation - MINOR: cli: display the 4 IP addresses and ports on "show sess XXX" - BUG/MAJOR: log: possible segfault with logformat - MEDIUM: log: split of log_format generation - MEDIUM: log: New format-log flags: %Fi %Fp %Si %Sp %Ts %rt %H %pid - MEDIUM: log: Unique ID - MINOR: log: log-format: usable without httplog and tcplog - BUG/MEDIUM: balance source did not properly hash IPv6 addresses - MINOR: contrib/iprange: add a network IP range to mask converter - MEDIUM: session: implement the "use-server" directive - MEDIUM: log: add a new cookie flag 'U' to report situations where cookie is not used - MEDIUM: http: make extract_cookie_value() iterate over cookie values - MEDIUM: http: add cookie and scookie ACLs - CLEANUP: lb_first: add reference to a paper describing the original idea - MEDIUM: stream_sock: add a get_src and get_dst callback and remove SN_FRT_ADDR_SET - BUG/MINOR: acl: req_ssl_sni would randomly fail if a session ID is present - BUILD: http: make extract_cookie_value() return an int not size_t - BUILD: http: stop gcc-4.1.2 from complaining about possibly uninitialized values - CLEANUP: http: message parser must ignore HTTP_MSG_ERROR - MINOR: standard: add a memprintf() function to build formatted error messages - CLEANUP: remove a few warning about unchecked return values in debug code - MEDIUM: move message-related flags from transaction to message - DOC: add a diagram to explain how circular buffers work - MAJOR: buffer rework: replace ->send_max with ->o - MAJOR: buffer: replace buf->l with buf->{o+i} - MINOR: buffers: provide simple pointer normalization functions - MINOR: buffers: remove unused function buffer_contig_data() - MAJOR: buffers: replace buf->w with buf->p - buf->o - MAJOR: buffers: replace buf->r with buf->p + buf->i - MAJOR: http: move buffer->lr to http_msg->next - MAJOR: http: change msg->{som,col,sov,eoh} to be relative to buffer origin - CLEANUP: http: remove unused http_msg->col - MAJOR: http: turn http_msg->eol to a buffer-relative offset - MEDIUM: http: add a pointer to the buffer in http_msg - MAJOR: http: make http_msg->sol relative to buffer's origin - MEDIUM: http: http_send_name_header: remove references to msg and buffer - MEDIUM: http: remove buffer arg in a few header manipulation functions - MEDIUM: http: remove buffer arg in http_capture_bad_message - MEDIUM: http: remove buffer arg in http_msg_analyzer - MEDIUM: http: remove buffer arg in http_upgrade_v09_to_v10 - MEDIUM: http: remove buffer arg in http_buffer_heavy_realign - MEDIUM: http: remove buffer arg in chunk parsing functions - MINOR: http: remove useless wrapping checks in http_msg_analyzer - MEDIUM: buffers: fix unsafe use of buffer_ignore at some places - MEDIUM: buffers: add new pointer wrappers and get rid of almost all buffer_wrap_add calls - MEDIUM: buffers: implement b_adv() to advance a buffer's pointer - MEDIUM: buffers: rename a number of buffer management functions - MEDIUM: http: add a prefetch function for ACL pattern fetch - MEDIUM: http: make all ACL fetch function use acl_prefetch_http() - BUG/MINOR: http_auth: ACLs are volatile, not permanent - MEDIUM: http/acl: merge all request and response ACL fetches of headers and cookies - MEDIUM: http/acl: make acl_fetch_hdr_{ip,val} rely on acl_fetch_hdr() - MEDIUM: add a new typed argument list parsing framework - MAJOR: acl: make use of the new argument parsing framework - MAJOR: acl: store the ACL argument types in the ACL keyword declaration - MEDIUM: acl: acl_find_target() now resolves arguments based on their types - MAJOR: acl: make acl_find_targets also resolve proxy names at config time - MAJOR: acl: ensure that implicit table and proxies are valid - MEDIUM: acl: remove unused tests for missing args when args are mandatory - MEDIUM: pattern: replace type pattern_arg with type arg - MEDIUM: pattern: get rid of arg_i in all functions making use of arguments - MEDIUM: pattern: use the standard arg parser - MEDIUM: pattern: add an argument validation callback to pattern descriptors - MEDIUM: pattern: report the precise argument parsing error when known. - MEDIUM: acl: remove the ACL_TEST_F_NULL_MATCH flag - MINOR: pattern: add a new 'sample' type to store fetched data - MEDIUM: pattern: add new sample types to replace pattern types - MAJOR: acl: make use of the new sample struct and get rid of acl_test - MEDIUM: pattern/acl: get rid of temp_pattern in ACLs - MEDIUM: acl: get rid of the SET_RES flags - MEDIUM: get rid of SMP_F_READ_ONLY and SMP_F_MUST_FREE - MINOR: pattern: replace struct pattern with struct sample - MEDIUM: pattern: integrate pattern_data into sample and use sample everywhere - MEDIUM: pattern: retrieve the sample type in the sample, not in the keyword description - MEDIUM: acl/pattern: switch rdp_cookie functions stack up-down - MEDIUM: acl: replace acl_expr with args in acl fetch_* functions - MINOR: tcp: replace acl_fetch_rdp_cookie with smp_fetch_rdp_cookie - MEDIUM: acl/pattern: use the same direction scheme - MEDIUM: acl/pattern: start merging common sample fetch functions - MEDIUM: pattern: ensure that sample types always cast into other types. - MEDIUM: acl/pattern: factor out the src/dst address fetches - MEDIUM: acl: implement payload and payload_lv - CLEANUP: pattern: ensure that payload and payload_lv always stay in the buffer - MINOR: stick_table: centralize the handling of empty keys - MINOR: pattern: centralize handling of unstable data in pattern_process() - MEDIUM: pattern: use smp_fetch_rdp_cookie instead of the pattern specific version - MINOR: acl: set SMP_OPT_ITERATE on fetch functions - MINOR: acl: add a val_args field to keywords - MINOR: proto_tcp: validate arguments of payload and payload_lv ACLs - MEDIUM: http: merge acl and pattern header fetch functions - MEDIUM: http: merge ACL and pattern cookie fetches into a single one - MEDIUM: acl: report parsing errors to the caller - MINOR: arg: improve error reporting on invalid arguments - MINOR: acl: report errors encountered when loading patterns from files - MEDIUM: acl: extend the pattern parsers to report meaningful errors - REORG: use the name "sample" instead of "pattern" to designate extracted data - REORG: rename "pattern" files - MINOR: acl: add types to ACL patterns - MINOR: standard: add an IPv6 parsing function (str62net) - MEDIUM: acl: support IPv6 address matching - REORG: stream_interface: create a struct sock_ops to hold socket operations - REORG/MEDIUM: move protocol->{read,write} to sock_ops - REORG/MEDIUM: stream_interface: initialize socket ops from descriptors - REORG/MEDIUM: replace stream interface protocol functions by a proto pointer - REORG/MEDIUM: move the default accept function from sockstream to protocols.c - MEDIUM: proto_tcp: remove src6 and dst6 pattern fetch methods - BUG/MINOR: http: error snapshots are wrong if buffer wraps - BUG/MINOR: http: ensure that msg->err_pos is always relative to buf->p - MEDIUM: http: improve error capture reports - MINOR: acl: add the cook_val() match to match a cookie against an integer - BUG/MEDIUM: send_proxy: fix initialisation of send_proxy_ofs - MEDIUM: memory: add the ability to poison memory at run time - BUG/MEDIUM: log: ensure that unique_id is properly initialized - MINOR: cfgparse: use a common errmsg pointer for all parsers - MEDIUM: cfgparse: make backend_parse_balance() use memprintf to report errors - MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords - MINOR: http: replace http_message_realign() with buffer_slow_realign() 2012/03/26 : 1.5-dev8 - MINOR: patch for minor typo (ressources/resources) - MEDIUM: http: add support for sending the server's name in the outgoing request - DOC: mention that default checks are TCP connections - BUG/MINOR: fix options forwardfor if-none when an alternative header name is specified - CLEANUP: Make check_statuses, analyze_statuses and process_chk static - CLEANUP: Fix HCHK spelling errors - BUG/MINOR: fix typo in processing of http-send-name-header - MEDIUM: log: Use linked lists for loggers - BUILD: fix declaration inside a scope block - REORG: log: split send_log function - MINOR: config: Parse the string of the log-format config keyword - MINOR: add ultoa, ulltoa, ltoa, lltoa implementations - MINOR: Date and time fonctions that don't use snprintf - MEDIUM: log: make http_sess_log use log_format - DOC: log-format documentation - MEDIUM: log: use log_format for mode tcplog - MEDIUM: log-format: backend source address %Bi %Bp - BUG/MINOR: log-format: fix %o flag - BUG/MEDIUM: bad length in log_format and __send_log - MINOR: logformat %st is signed - BUILD/MINOR: fix the source URL in the spec file - DOC: acl is http_first_req, not http_req_first - BUG/MEDIUM: don't trim last spaces from headers consisting only of spaces - MINOR: acl: add new matches for header/path/url length - BUILD: halog: make halog build on solaris - BUG/MINOR: don't use a wrong port when connecting to a server with mapped ports - MINOR: remove the client/server side distinction in SI addresses - MINOR: halog: add support for matching queued requests - DOC: indicate that cookie "prefix" and "indirect" should not be mixed - OPTIM/MINOR: move struct sockaddr_storage to the tail of structs - OPTIM/MINOR: make it possible to change pipe size (tune.pipesize) - BUILD/MINOR: silent a build warning in src/pipe.c (fcntl) - OPTIM/MINOR: move the hdr_idx pools out of the proxy struct - MEDIUM: tune.http.maxhdr makes it possible to configure the maximum number of HTTP headers - BUG/MINOR: fix a segfault when parsing a config with undeclared peers - CLEANUP: rename possibly confusing struct field "tracked" - BUG/MEDIUM: checks: fix slowstart behaviour when server tracking is in use - MINOR: config: tolerate server "cookie" setting in non-HTTP mode - MEDIUM: buffers: add some new primitives and rework existing ones - BUG: buffers: don't return a negative value on buffer_total_space_res() - MINOR: buffers: make buffer_pointer() support negative pointers too - CLEANUP: kill buffer_replace() and use an inline instead - BUG: tcp: option nolinger does not work on backends - CLEANUP: ebtree: remove a few annoying signedness warnings - CLEANUP: ebtree: clarify licence and update to 6.0.6 - CLEANUP: ebtree: remove 4-year old harmless typo in duplicates insertion code - CLEANUP: ebtree: remove another typo, a wrong initialization in insertion code - BUG: ebtree: ebst_lookup() could return the wrong entry - OPTIM: stream_sock: reduce the amount of in-flight spliced data - OPTIM: stream_sock: save a failed recv syscall when splice returns EAGAIN - MINOR: acl: add support for TLS server name matching using SNI - BUG: http: re-enable TCP quick-ack upon incomplete HTTP requests - BUG: proto_tcp: don't try to bind to a foreign address if sin_family is unknown - MINOR: pattern: export the global temporary pattern - CLEANUP: patterns: get rid of pattern_data_setstring() - MEDIUM: acl: use temp_pattern to store fetched information in the "method" match - MINOR: acl: include pattern.h to make pattern migration more transparent - MEDIUM: pattern: change the pattern data integer from unsigned to signed - MEDIUM: acl: use temp_pattern to store any integer-type information - MEDIUM: acl: use temp_pattern to store any address-type information - CLEANUP: acl: integer part of acl_test is not used anymore - MEDIUM: acl: use temp_pattern to store any string-type information - CLEANUP: acl: remove last data fields from the acl_test struct - MEDIUM: http: replace get_ip_from_hdr2() with http_get_hdr() - MEDIUM: patterns: the hdr() pattern is now of type string - DOC: add minimal documentation on how ACLs work internally - DOC: add a coding-style file - OPTIM: halog: keep a fast path for the lines-count only - CLEANUP: silence a warning when building on sparc - BUG: http: tighten the list of allowed characters in a URI - MEDIUM: http: block non-ASCII characters in URIs by default - DOC: add some documentation from RFC3986 about URI format - BUG/MINOR: cli: correctly remove the whole table on "clear table" - BUG/MEDIUM: correctly disable servers tracking another disabled servers. - BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend - MINOR: halog: add some help on the command line - BUILD: fix build error on FreeBSD - BUG: fix double free in peers config error path - MEDIUM: improve config check return codes - BUILD: make it possible to look for pcre in the default system paths - MINOR: config: emit a warning when 'default_backend' masks servers - MINOR: backend: rework the LC definition to support other connection-based algos - MEDIUM: backend: add the 'first' balancing algorithm - BUG: fix httplog trailing LF - MEDIUM: increase chunk-size limit to 2GB-1 - BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions - BUG: http: disable TCP delayed ACKs when forwarding content-length data - BUG: checks: fix server maintenance exit sequence - BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on partial writes - DOC: enumerate valid status codes for "observe layer7" - MINOR: buffer: switch a number of buffer args to const - CLEANUP: silence signedness warning in acl.c - BUG: stream_sock: si->release was not called upon shutw() - MINOR: log: use "%ts" to log term status only and "%tsc" to log with cookie - BUG/CRITICAL: log: fix risk of crash in development snapshot - BUG/MAJOR: possible crash when using capture headers on TCP frontends - MINOR: config: disable header captures in TCP mode and complain 2011/09/10 : 1.5-dev7 - [BUG] fix binary stick-tables - [MINOR] http: *_dom matching header functions now also split on ":" - [BUG] checks: fix support of Mysqld >= 5.5 for mysql-check - [MINOR] acl: add srv_conn acl to count connections on a specific backend server - [MINOR] check: add redis check support - [DOC] small fixes to clearly distinguish between keyword and variables - [MINOR] halog: add support for termination code matching (-tcn/-TCN) - [DOC] Minor spelling fixes and grammatical enhancements - [CLEANUP] dumpstats: make symbols static where possible - [MINOR] Break out dumping table - [MINOR] Break out processing of clear table - [MINOR] Allow listing of stick table by key - [MINOR] Break out all stick table socat command parsing - [MINOR] More flexible clearing of stick table - [MINOR] Allow showing and clearing by key of ipv6 stick tables - [MINOR] Allow showing and clearing by key of integer stick tables - [MINOR] Allow showing and clearing by key of string stick tables - [CLEANUP] Remove assigned but unused variables - [CLEANUP] peers.h: fix declarations - [CLEANUP] session.c: Make functions static where possible - [MINOR] Add active connection list to server - [MINOR] Allow shutdown of sessions when a server becomes unavailable - [MINOR] Add down termination condition - [MINOR] Make appsess{,ion}_refresh static - [MINOR] Add rdp_cookie pattern fetch function - [CLEANUP] Remove unnecessary casts - [MINOR] Add non-stick server option - [MINOR] Consistently use error in tcp_parse_tcp_req() - [MINOR] Consistently free expr on error in cfg_parse_listen() - [MINOR] Free rdp_cookie_name on denint() - [MINOR] Free tcp rules on denint() - [MINOR] Free stick table pool on denint() - [MINOR] Free stick rules on denint() - [MEDIUM] Fix stick-table replication on soft-restart - [MEDIUM] Correct ipmask() logic - [MINOR] Correct type in table dump examples - [MINOR] Fix build error in stream_int_register_handler() - [MINOR] Use DPRINTF in assign_server() - [BUG] checks: http-check expect could fail a check on multi-packet responses - [DOC] fix minor typo in the "dispatch" doc - [BUG] proto_tcp: fix address binding on remote source - [MINOR] http: don't report the "haproxy" word on the monitoring response - [REORG] http: move HTTP error codes back to proto_http.h - [MINOR] http: make the "HTTP 200" status code configurable. - [MINOR] http: partially revert the chunking optimization for now - [MINOR] stream_sock: always clear BF_EXPECT_MORE upon complete transfer - [CLEANUP] stream_sock: remove unneeded FL_TCP and factor out test - [MEDIUM] http: add support for "http-no-delay" - [OPTIM] http: optimize chunking again in non-interactive mode - [OPTIM] stream_sock: avoid fast-forwarding of partial data - [OPTIM] stream_sock: don't use splice on too small payloads - [MINOR] config: make it possible to specify a cookie even without a server - [BUG] stats: support url-encoded forms - [MINOR] config: automatically compute a default fullconn value - [CLEANUP] config: remove some left-over printf debugging code from previous patch - [DOC] add missing entry or stick store-response - [MEDIUM] http: add support for 'cookie' and 'set-cookie' patterns - [BUG] halog: correctly handle truncated last line - [MINOR] halog: make SKIP_CHAR stop on field delimiters - [MINOR] halog: add support for HTTP log matching (-H) - [MINOR] halog: gain back performance before SKIP_CHAR fix - [OPTIM] halog: cache some common fields positions - [OPTIM] halog: check once for correct line format and reuse the pointer - [OPTIM] halog: remove many 'if' by using a function pointer for the filters - [OPTIM] halog: remove support for tab delimiters in input data - [BUG] session: risk of crash on out of memory (1.5-dev regression) - [MINOR] session: try to emit a 500 response on memory allocation errors - [OPTIM] stream_sock: reduce the default number of accepted connections at once - [BUG] stream_sock: disable listener when system resources are exhausted - [MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c - [BUG] stream_sock: ensure orphan listeners don't accept too many connections - [MINOR] listeners: add listen_full() to mark a listener full - [MINOR] listeners: add support for queueing resource limited listeners - [MEDIUM] listeners: put listeners in queue upon resource shortage - [MEDIUM] listeners: queue proxy-bound listeners at the proxy's - [MEDIUM] listeners: don't stop proxies when global maxconn is reached - [MEDIUM] listeners: don't change listeners states anymore in maintain_proxies - [CLEANUP] proxy: rename a few proxy states (PR_STIDLE and PR_STRUN) - [MINOR] stats: report a "WAITING" state for sockets waiting for resource - [MINOR] proxy: make session rate-limit more accurate - [MINOR] sessions: only wake waiting listeners up if rate limit is OK - [BUG] proxy: peers must only be stopped once, not upon every call to maintain_proxies - [CLEANUP] proxy: merge maintain_proxies() operation inside a single loop - [MINOR] task: new function task_schedule() to schedule a wake up - [MAJOR] proxy: finally get rid of maintain_proxies() - [BUG] proxy: stats frontend and peers were missing many initializers - [MEDIUM] listeners: add a global listener management task - [MINOR] proxy: make findproxy() return proxies from numeric IDs too - [DOC] fix typos, "#" is a sharp, not a dash - [MEDIUM] stats: add support for changing frontend's maxconn at runtime - [MEDIUM] checks: group health checks methods by values and save option bits - [MINOR] session-counters: add the ability to clear the counters - [BUG] check: http-check expect + regex would crash in defaults section - [MEDIUM] http: make x-forwarded-for addition conditional - [REORG] build: move syscall redefinition to specific places - [CLEANUP] update the year in the copyright banner - [BUG] possible crash in 'show table' on stats socket - [BUG] checks: use the correct destination port for sending checks - [BUG] backend: risk of picking a wrong port when mapping is used with crossed families - [MINOR] make use of set_host_port() and get_host_port() to get rid of family mismatches - [DOC] fixed a few "sensible" -> "sensitive" errors - [MINOR] make use of addr_to_str() and get_host_port() to replace many inet_ntop() - [BUG] http: trailing white spaces must also be trimmed after headers - [MINOR] stats: display "" instead of the frontend name when unknown - [MINOR] http: take a capture of too large requests and responses - [MINOR] http: take a capture of truncated responses - [MINOR] http: take a capture of bad content-lengths. - [DOC] add a few old and uncommitted docs - [CLEANUP] cfgparse: fix reported options for the "bind" keyword - [MINOR] halog: add -hs/-HS to filter by HTTP status code range - [MINOR] halog: support backslash-escaped quotes - [CLEANUP] remove dirty left-over of a debugging message - [MEDIUM] stats: disable complex socket reservation for stats socket - [CLEANUP] remove a useless test in manage_global_listener_queue() - [MEDIUM] stats: add the "set maxconn" setting to the command line interface - [MEDIUM] add support for global.maxconnrate to limit the per-process conn rate. - [MINOR] stats: report the current and max global connection rates - [MEDIUM] stats: add the ability to adjust the global maxconnrate - [BUG] peers: don't pre-allocate 65000 connections to each peer - [MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate - [BUG] peers: the peer frontend must not emit any log - [CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs - [BUG] peers: don't keep a peers section which has a NULL frontend - [BUG] peers: ensure the peers are resumed if they were paused - [MEDIUM] stats: add the ability to enable/disable/shutdown a frontend at runtime - [MEDIUM] session: make session_shutdown() an independant function - [MEDIUM] stats: offer the possibility to kill a session from the CLI - [CLEANUP] stats: centralize tests for backend/server inputs on the CLI - [MEDIUM] stats: offer the possibility to kill sessions by server - [MINOR] halog: do not consider byte 0x8A as end of line - [MINOR] frontend: ensure debug message length is always initialized - [OPTIM] halog: make fgets parse more bytes by blocks - [OPTIM] halog: add assembly version of the field lookup code - [MEDIUM] poll: add a measurement of idle vs work time - [CLEANUP] startup: report only the basename in the usage message - [MINOR] startup: add an option to change to a new directory - [OPTIM] task: don't scan the run queue if we know it's empty - [BUILD] stats: stdint is not present on solaris - [DOC] update the README file to reflect new naming rules for patches - [MINOR] stats: report the number of requests intercepted by the frontend - [DOC] update ROADMAP file 2011/04/08 : 1.5-dev6 - [BUG] stream_sock: use get_addr_len() instead of sizeof() on sockaddr_storage - [BUG] TCP source tracking was broken with IPv6 changes - [BUG] stick-tables did not work when converting IPv6 to IPv4 - [CRITICAL] fix risk of crash when dealing with space in response cookies 2011/03/29 : 1.5-dev5 - [BUG] standard: is_addr return value for IPv4 was inverted - [MINOR] update comment about IPv6 support for server - [MEDIUM] use getaddrinfo to resolve names if gethostbyname fail - [DOC] update IPv6 support for bind - [DOC] document IPv6 support for server - [DOC] fix a minor typo - [MEDIUM] IPv6 support for syslog - [DOC] document IPv6 support for syslog - [MEDIUM] IPv6 support for stick-tables - [DOC] document IPv6 support for stick-tables - [DOC] update ROADMAP file - [BUG] session: src_conn_cur was returning src_conn_cnt instead - [MINOR] frontend: add a make_proxy_line function - [MEDIUM] stream_sock: add support for sending the proxy protocol header line - [MEDIUM] server: add support for the "send-proxy" option - [DOC] update the spec on the proxy protocol - [BUILD] proto_tcp: fix build issue with CTTPROXY - [DOC] update ROADMAP file - [MEDIUM] config: rework the IPv4/IPv6 address parser to support host-only addresses - [MINOR] cfgparse: better report wrong listening addresses and make use of str2sa_range - [BUILD] add the USE_GETADDRINFO build option - [TESTS] provide a test case for various address formats - [BUG] session: conn_retries was not always initialized - [BUG] log: retrieve the target from the session, not the SI - [BUG] http: fix possible incorrect forwarded wrapping chunk size (take 2) - [MINOR] tools: add two macros MID_RANGE and MAX_RANGE - [BUG] http: fix content-length handling on 32-bit platforms - [OPTIM] buffers: uninline buffer_forward() - [BUG] stream_sock: fix handling for server side PROXY protocol - [MINOR] acl: add support for table_cnt and table_avl matches - [DOC] update ROADMAP file 2011/03/13 : 1.5-dev4 - [MINOR] cfgparse: Check whether the path given for the stats socket actually fits into the sockaddr_un structure to avoid truncation. - [MINOR] unix sockets : inherits the backlog size from the listener - [CLEANUP] unix sockets : move create_uxst_socket() in uxst_bind_listener() - [DOC] fix a minor typo - [DOC] fix ignore-persist documentation - [MINOR] add warnings on features not compatible with multi-process mode - [BUG] http: fix http-pretend-keepalive and httpclose/tunnel mode - [MINOR] stats: add support for several packets in stats admin - [BUG] stats: admin commands must check the proxy state - [BUG] stats: admin web interface must check the proxy state - [MINOR] http: add pattern extraction method to stick on query string parameter - [MEDIUM] add internal support for IPv6 server addresses - [MINOR] acl: add be_id/srv_id to match backend's and server's id - [MINOR] log: add support for passing the forwarded hostname - [MINOR] log: ability to override the syslog tag - [MINOR] checks: add PostgreSQL health check - [DOC] update ROADMAP file - [BUILD] pattern: use 'int' instead of 'int32_t' - [OPTIM] linux: add support for bypassing libc to force using vsyscalls - [BUG] debug: report the correct poller list in verbose mode - [BUG] capture: do not capture a cookie if there is no memory left - [BUG] appsession: fix possible double free in case of out of memory - [CRITICAL] cookies: mixing cookies in indirect mode and appsession can crash the process - [BUG] http: correctly update the header list when removing two consecutive headers - [BUILD] add the CPU=native and ARCH=32/64 build options - [BUILD] add -fno-strict-aliasing to fix warnings with gcc >= 4.4 - [CLEANUP] hash: move the avalanche hash code globally available - [MEDIUM] hash: add support for an 'avalanche' hash-type - [DOC] update roadmap file - [BUG] http: do not re-enable the PROXY analyser on keep-alive - [OPTIM] http: don't send each chunk in a separate packet - [DOC] fix minor typos reported recently in the peers section - [DOC] fix another typo in the doc - [MINOR] stats: report HTTP message state and buffer flags in error dumps - [BUG] http chunking: don't report a parsing error on connection errors - [BUG] stream_interface: truncate buffers when sending error messages - [MINOR] http: support wrapping messages in error captures - [MINOR] http: capture incorrectly chunked message bodies - [MINOR] stats: add global event ID and count - [BUG] http: analyser optimizations broke pipelining - [CLEANUP] frontend: only apply TCP-specific settings to TCP/TCP6 sockets - [BUG] http: fix incorrect error reporting during data transfers - [CRITICAL] session: correctly leave turn-around and queue states on abort - [BUG] session: release slot before processing pending connections - [MINOR] tcp: add support for dynamic MSS setting - [BUG] stick-table: correctly terminate string keys during lookups - [BUG] acl: fix handling of empty lines in pattern files - [BUG] stick-table: use the private buffer when padding strings - [BUG] ebtree: fix ebmb_lookup() with len smaller than the tree's keys - [OPTIM] ebtree: ebmb_lookup: reduce stack usage by moving the return code out of the loop - [OPTIM] ebtree: inline ebst_lookup_len and ebis_lookup_len - [REVERT] undo the stick-table string key lookup fixes - [MINOR] http: improve url_param pattern extraction to ignore empty values - [BUILD] frontend: shut a warning with TCP_MAXSEG - [BUG] http: update the header list's tail when removing the last header - [DOC] fix minor typo in the proxy protocol doc - [DOC] fix typos (http-request instead of http-check) - [BUG] http: use correct ACL pointer when evaluating authentication - [BUG] cfgparse: correctly count one socket per port in ranges - [BUG] startup: set the rlimits before binding ports, not after. - [BUG] acl: srv_id must return no match when the server is NULL - [MINOR] acl: add ability to check for internal response-only parameters - [MINOR] acl: srv_id is only valid in responses - [MINOR] config: warn if response-only conditions are used in "redirect" rules - [BUG] acl: fd leak when reading patterns from file - [DOC] fix minor typo in "usesrc" - [BUG] http: fix possible incorrect forwarded wrapping chunk size - [BUG] http: fix computation of message body length after forwarding has started - [BUG] http: balance url_param did not work with first parameters on POST - [TESTS] update the url_param regression test to test check_post too - [DOC] update ROADMAP - [DOC] internal: reflect the fact that SI_ST_ASS is transient - [BUG] config: don't crash on empty pattern files. - [MINOR] stream_interface: make use of an applet descriptor for IO handlers - [REORG] stream_interface: move the st0, st1 and private members to the applet - [REORG] stream_interface: split the struct members in 3 parts - [REORG] session: move client and server address to the stream interface - [REORG] tcp: make tcpv4_connect_server() take the target address from the SI - [MEDIUM] stream_interface: store the target pointer and type - [CLEANUP] stream_interface: remove the applet.handler pointer - [MEDIUM] log: take the logged server name from the stream interface - [CLEANUP] session: remove data_source from struct session - [CLEANUP] stats: make all dump functions only rely on the stream interface - [REORG] session: move the data_ctx struct to the stream interface's applet - [MINOR] proxy: add PR_O2_DISPATCH to detect dispatch mode - [MINOR] cfgparse: only keep one of dispatch, transparent, http_proxy - [MINOR] session: add a pointer to the new target into the session - [MEDIUM] session: remove s->prev_srv which is not needed anymore - [CLEANUP] stream_interface: use inline functions to manipulate targets - [MAJOR] session: remove the ->srv pointer from struct session - [MEDIUM] stats: split frontend and backend stats - [MEDIUM] http: always evaluate http-request rules before stats http-request - [REORG] http: move the http-request rules to proto_http - [BUG] http: stats were not incremented on http-request deny - [MINOR] checks: report it if checks fail due to socket creation error 2010/11/11 : 1.5-dev3 - [DOC] fix http-request documentation - [MEDIUM] enable/disable servers from the stats web interface - [MEDIUM] stats: add an admin level - [DOC] stats: document the "stats admin" statement - [MINOR] startup: print the proxy socket which caused an error - [CLEANUP] Remove unneeded chars allocation - [MINOR] config: detect options not supported due to compilation options - [MINOR] Add pattern's fetchs payload and payload_lv - [MINOR] frontend: improve accept-proxy header parsing - [MINOR] frontend: add tcpv6 support on accept-proxy bind - [MEDIUM] Enhance message errors management on binds - [MINOR] Manage unix socket source field on logs - [MINOR] Manage unix socket source field on session dump on sock stats - [MINOR] Support of unix listener sockets for debug and log event messages on frontend.c - [MINOR] Add some tests on sockets family for port remapping and mode transparent. - [MINOR] Manage socket type unix for some logs - [MINOR] Enhance controls of socket's family on acls and pattern fetch - [MINOR] Support listener's sockets unix on http logs. - [MEDIUM] Add supports of bind on unix sockets. - [BUG] stick table purge failure if size less than 255 - [BUG] stick table entries expire on counters updates/read or show table, even if there is no "expire" parameter - [MEDIUM] Implement tcp inspect response rules - [DOC] tcp-response content and inspect - [MINOR] new acls fetch req_ssl_hello_type and rep_ssl_hello_type - [DOC] acls rep_ssl_hello and req_ssl_hello - [MEDIUM] Create new protected pattern types CONSTSTRING and CONSTDATA to force memcpy if data from protected areas need to be manipulated. - [DOC] new type binary in stick-table - [DOC] stick store-response and new patterns payload and payload_lv - [MINOR] Manage all types (ip, integer, string, binary) on cli "show table" command - [MEDIUM] Create updates tree on stick table to manage sync. - [MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management - [MEDIUM] Manage peers section parsing and stick table registration on peers. - [MEDIUM] Manage soft stop on peers proxy - [DOC] add documentation for peers section - [MINOR] checks: add support for LDAPv3 health checks - [MINOR] add better support to "mysql-check" - [BUG] Restore info about available active/backup servers - [CONTRIB] Update haproxy.pl - [CONTRIB] Update Cacti Tempates - [CONTRIB] add templates for Cacti. - [BUG] http: don't consider commas as a header delimitor within quotes - [MINOR] support a global jobs counter - [DOC] add a summary about cookie incompatibilities between specs and browsers - [DOC] fix description of cookie "insert" and "indirect" modes - [MEDIUM] http: fix space handling in the request cookie parser - [MEDIUM] http: fix space handling in the response cookie parser - [DOC] fix typo in the queue() definition (backend, not frontend) - [BUG] deinit: unbind listeners before freeing them - [BUG] stream_interface: only call si->release when both dirs are closed - [MEDIUM] buffers: rework the functions to exchange between SI and buffers - [DOC] fix typo in the avg_queue() and be_conn() definition (backend, not frontend) - [MINOR] halog: add '-tc' to sort by termination codes - [MINOR] halog: skip non-traffic logs for -st and -tc - [BUG] stream_sock: cleanly disable the listener in case of resource shortage - [BUILD] stream_sock: previous fix lacked the #include, causing a warning. - [DOC] bind option is "defer-accept", not "defer_accept" - [DOC] missing index entry for http-check send-state - [DOC] tcp-request inspect-delay is for backends too - [BUG] ebtree: string_equal_bits() could return garbage on identical strings - [BUG] stream_sock: try to flush any extra pending request data after a POST - [BUILD] proto_http: eliminate some build warnings with gcc-2.95 - [MEDIUM] make it possible to combine http-pretend-keepalived with httpclose - [MEDIUM] tcp-request : don't wait for inspect-delay to expire when the buffer is full - [MEDIUM] checks: add support for HTTP contents lookup - [TESTS] add test-check-expect to test various http-check methods - [MINOR] global: add "tune.chksize" to change the default check buffer size - [MINOR] cookie: add options "maxidle" and "maxlife" - [MEDIUM] cookie: support client cookies with some contents appended to their value - [MINOR] http: make some room in the transaction flags to extend cookies - [MINOR] cookie: add the expired (E) and old (O) flags for request cookies - [MEDIUM] cookie: reassign set-cookie status flags to store more states - [MINOR] add encode/decode function for 30-bit integers from/to base64 - [MEDIUM] cookie: check for maxidle and maxlife for incoming dated cookies - [MEDIUM] cookie: set the date in the cookie if needed - [DOC] document the cookie maxidle and maxlife parameters - [BUG] checks: don't log backend down for all zero-weight servers - [MEDIUM] checks: set server state to one state from failure when leaving maintenance - [BUG] config: report correct keywords for "observe" - [MINOR] checks: ensure that we can inherit binary checks from the defaults section - [MINOR] acl: add the http_req_first match - [DOC] fix typos about bind-process syntax - [BUG] cookie: correctly unset default cookie parameters - [MINOR] cookie: add support for the "preserve" option - [BUG] ebtree: fix duplicate strings insertion - [CONTRIB] halog: report per-url counts, errors and times - [CONTRIB] halog: minor speed improvement in timer parser - [MINOR] buffers: add a new request analyser flag for PROXY mode - [MINOR] listener: add the "accept-proxy" option to the "bind" keyword - [MINOR] standard: add read_uint() to parse a delimited unsigned integer - [MINOR] standard: change arg type from const char* to char* - [MINOR] frontend: add a new analyser to parse a proxied connection - [MEDIUM] session: call the frontend_decode_proxy analyser on proxied connections - [DOC] add the proxy protocol's specifications - [DOC] document the 'accept-proxy' bind option - [MINOR] cfgparse: report support of for the 'bind' statements - [DOC] add references to unix socket handling - [MINOR] move MAXPATHLEN definition to compat.h - [MEDIUM] unix sockets: cleanup the error reporting path - [BUG] session: don't stop forwarding of data upon last packet - [CLEANUP] accept: replace some inappropriate Alert() calls with send_log() - [BUILD] peers: shut a printf format warning (key_size is a size_t) - [BUG] accept: don't close twice upon error - [OPTIM] session: don't recheck analysers when buffer flags have not changed - [OPTIM] stream_sock: don't clear FDs that are already cleared - [BUG] proto_tcp: potential bug on pattern fetch dst and dport 2010/08/28 : 1.5-dev2 - [MINOR] startup: release unused structs after forking - [MINOR] startup: don't wait for nothing when no old pid remains - [CLEANUP] reference product branch 1.5 - [MEDIUM] signals: add support for registering functions and tasks - [MEDIUM] signals: support redistribution of signal zero when stopping - [BUG] http: don't set auto_close if more data are expected 2010/08/25 : 1.5-dev1 - [BUG] stats: session rate limit gets garbaged in the stats - [DOC] mention 'option http-server-close' effect in Tq section - [DOC] summarize and highlight persistent connections behaviour - [DOC] add configuration samples - [BUG] http: dispatch and http_proxy modes were broken for a long time - [BUG] http: the transaction must be initialized even in TCP mode - [BUG] tcp: dropped connections must be counted as "denied" not "failed" - [BUG] consistent hash: balance on all servers, not only 2 ! - [CONTRIB] halog: report per-server status codes, errors and response times - [BUG] http: the transaction must be initialized even in TCP mode (part 2) - [BUG] client: always ensure to zero rep->analysers - [BUG] session: clear BF_READ_ATTACHED before next I/O - [BUG] http: automatically close response if req is aborted - [BUG] proxy: connection rate limiting was eating lots of CPU - [BUG] http: report correct flags in case of client aborts during body - [TESTS] refine non-regression tests and add 4 new tests - [BUG] debug: wrong pointer was used to report a status line - [BUG] debug: correctly report truncated messages - [DOC] document the "dispatch" keyword - [BUG] stick_table: fix possible memory leak in case of connection error - [CLEANUP] acl: use 'L6' instead of 'L4' in ACL flags relying on contents - [MINOR] accept: count the incoming connection earlier - [CLEANUP] tcp: move some non tcp-specific layer6 processing out of proto_tcp - [CLEANUP] client: move some ACLs away to their respective locations - [CLEANUP] rename client -> frontend - [MEDIUM] separate protocol-level accept() from the frontend's - [MINOR] proxy: add a list to hold future layer 4 rules - [MEDIUM] config: parse tcp layer4 rules (tcp-request accept/reject) - [MEDIUM] tcp: check for pure layer4 rules immediately after accept() - [OPTIM] frontend: tell the compiler that errors are unlikely to occur - [MEDIUM] frontend: check for LI_O_TCP_RULES in the listener - [MINOR] frontend: only check for monitor-net rules if LI_O_CHK_MONNET is set - [CLEANUP] buffer->cto is not used anymore - [MEDIUM] session: finish session establishment sequence in with I/O handlers - [MEDIUM] session: initialize server-side timeouts after connect() - [MEDIUM] backend: initialize the server stream_interface upon connect() - [MAJOR] frontend: don't initialize the server-side stream_int anymore - [MEDIUM] session: move the conn_retries attribute to the stream interface - [MEDIUM] session: don't assign conn_retries upon accept() anymore - [MINOR] frontend: rely on the frontend and not the backend for INDEPSTR - [MAJOR] frontend: reorder the session initialization upon accept - [MINOR] proxy: add an accept() callback for the application layer - [MAJOR] frontend: split accept() into frontend_accept() and session_accept() - [MEDIUM] stats: rely on the standard session_accept() function - [MINOR] buffer: refine the flags that may wake an analyser up. - [MINOR] stream_sock: don't dereference a non-existing frontend - [MINOR] session: differenciate between accepted connections and received connections - [MEDIUM] frontend: count the incoming connection earlier - [MINOR] frontend: count denied TCP requests separately - [CLEANUP] stick_table: add/clarify some comments - [BUILD] memory: add a few missing parenthesis to the pool management macros - [MINOR] stick_table: add support for variable-sized data - [CLEANUP] stick_table: rename some stksess struct members to avoid confusion - [CLEANUP] stick_table: move pattern to key functions to stick_table.c - [MEDIUM] stick_table: add room for extra data types - [MINOR] stick_table: add support for "conn_cum" data type. - [MEDIUM] stick_table: don't overwrite data when storing an entry - [MINOR] config: initialize stick tables after all the parsing - [MINOR] stick_table: provide functions to return stksess data from a type - [MEDIUM] stick_table: move the server ID to a generic data type - [MINOR] stick_table: enable it for frontends too - [MINOR] stick_table: export the stick_table_key - [MINOR] tcp: add per-source connection rate limiting - [MEDIUM] stick_table: separate storage and update of session entries - [MEDIUM] stick-tables: add a reference counter to each entry - [MINOR] session: add a pointer to the tracked counters for the source - [CLEANUP] proto_tcp: make the config parser a little bit more flexible - [BUG] config: report the correct proxy type in tcp-request errors - [MINOR] config: provide a function to quote args in a more friendly way - [BUG] stick_table: the fix for the memory leak caused a regression - [MEDIUM] backend: support servers on 0.0.0.0 - [BUG] stick-table: correctly refresh expiration timers - [MEDIUM] stream-interface: add a ->release callback - [MINOR] proxy: add a "parent" member to the structure - [MEDIUM] session: make it possible to call an I/O handler on both SI - [MINOR] tools: add a fast div64_32 function - [MINOR] freq_ctr: add new types and functions for periods different from 1s - [MINOR] errors: provide new status codes for config parsing functions - [BUG] http: denied requests must not be counted as denied resps in listeners - [MINOR] tools: add a get_std_op() function to parse operators - [MEDIUM] acl: make use of get_std_op() to parse intger ranges - [MAJOR] stream_sock: better wakeup conditions on read() - [BUG] session: analysers must be checked when SI state changes - [MINOR] http: reset analysers to listener's, not frontend's - [MEDIUM] session: support "tcp-request content" rules in backends - [BUILD] always match official tags when doing git-tar - [MAJOR] stream_interface: fix the wakeup conditions for embedded iohandlers - [MEDIUM] buffer: make buffer_feed* support writing non-contiguous chunks - [MINOR] tcp: src_count acl does not have a permanent result - [MAJOR] session: add track-counters to track counters related to the session - [MINOR] stick-table: provide a table lookup function - [MINOR] stick-table: use suffix "_cnt" for cumulated counts - [MEDIUM] session: move counter ACL fetches from proto_tcp - [MEDIUM] session: add concurrent connections counter - [MEDIUM] session: add data in and out volume counters - [MINOR] session: add the trk_conn_cnt ACL keyword to track connection counts - [MEDIUM] session-counters: automatically update tracked connection count - [MINOR] session: add the trk_conn_cur ACL keyword to track concurrent connection - [MINOR] session: add trk_kbytes_* ACL keywords to track data size - [MEDIUM] session: add a counter on the cumulated number of sessions - [MINOR] config: support a comma-separated list of store data types in stick-table - [MEDIUM] stick-tables: add support for arguments to data_types - [MEDIUM] stick-tables: add stored data argument type checking - [MEDIUM] session counters: add conn_rate and sess_rate counters - [MEDIUM] session counters: add bytes_in_rate and bytes_out_rate counters - [MINOR] stktable: add a stktable_update_key() function - [MINOR] session-counters: add a general purpose counter (gpc0) - [MEDIUM] session-counters: add HTTP req/err tracking - [MEDIUM] stats: add "show table []" to dump a stick-table - [MEDIUM] stats: add "clear table key " to clear table entries - [CLEANUP] stick-table: declare stktable_data_types as extern - [MEDIUM] stick-table: make use of generic types for stored data - [MINOR] stats: correctly report errors on "show table" and "clear table" - [MEDIUM] stats: add the ability to dump table entries matching criteria - [DOC] configuration: document all the new tracked counters - [DOC] stats: document "show table" and "clear table" - [MAJOR] session-counters: split FE and BE track counters - [MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules - [MEDIUM] session counters: automatically remove expired entries. - [MEDIUM] config: replace 'tcp-request ' with "tcp-request connection" - [MEDIUM] session-counters: make it possible to count connections from frontend - [MINOR] session-counters: use "track-sc{1,2}" instead of "track-{fe,be}-counters" - [MEDIUM] session-counters: correctly unbind the counters tracked by the backend - [CLEANUP] stats: use stksess_kill() to remove table entries - [DOC] update the references to session counters and to tcp-request connection - [DOC] cleanup: split a few long lines - [MEDIUM] http: forward client's close when abortonclose is set - [BUG] queue: don't dequeue proxy-global requests on disabled servers - [BUG] stats: global stats timeout may be specified before stats socket. - [BUG] conf: add tcp-request content rules to the correct list 2010/05/23 : 1.5-dev0 - exact copy of 1.4.6 2010/05/16 : 1.4.6 - [BUILD] ebtree: update to v6.0.1 to remove references to dprintf() - [CLEANUP] acl: make use of eb_is_empty() instead of open coding the tree's emptiness test - [MINOR] acl: add srv_is_up() to check that a specific server is up or not - [DOC] add a few precisions about the use of RDP cookies 2010/05/13 : 1.4.5 - [DOC] report minimum kernel version for tproxy in the Makefile - [MINOR] add the "ignore-persist" option to conditionally ignore persistence - [DOC] add the "ignore-persist" option to conditionally ignore persistence - [DOC] fix ignore-persist/force-persist documentation - [BUG] cttproxy: socket fd leakage in check_cttproxy_version - [DOC] doc/configuration.txt: fix typos - [MINOR] option http-pretend-keepalive is both for FEs and BEs - [MINOR] fix possible crash in debug mode with invalid responses - [MINOR] halog: add support for statisticts on status codes - [OPTIM] halog: use a faster zero test in fgets() - [OPTIM] halog: minor speedup by using unlikely() - [OPTIM] halog: speed up fgets2-64 by about 10% - [DOC] refresh the README file and merge the CONTRIB file into it - [MINOR] acl: support loading values from files - [MEDIUM] ebtree: upgrade to version 6.0 - [MINOR] acl trees: add flags and union members to store values in trees - [MEDIUM] acl: add ability to insert patterns in trees - [MEDIUM] acl: add tree-based lookups of exact strings - [MEDIUM] acl: add tree-based lookups of networks - [MINOR] acl: ignore empty lines and comments in pattern files - [MINOR] stick-tables: add support for "stick on hdr" 2010/04/07 : 1.4.4 - [BUG] appsession should match the whole cookie name - [CLEANUP] proxy: move PR_O_SSL3_CHK to options2 to release one flag - [MEDIUM] backend: move the transparent proxy address selection to backend - [MINOR] add very fast IP parsing functions - [MINOR] add new tproxy flags for dynamic source address binding - [MEDIUM] add ability to connect to a server from an IP found in a header - [BUILD] config: last patch breaks build without CONFIG_HAP_LINUX_TPROXY - [MINOR] http: make it possible to pretend keep-alive when doing close - [MINOR] config: report "default-server" instead of "(null)" in error messages 2010/03/30 : 1.4.3 - [CLEANUP] stats: remove printf format warning in stats_dump_full_sess_to_buffer() - [MEDIUM] session: better fix for connection to servers with closed input - [DOC] indicate in the doc how to bind to port ranges - [BUG] backend: L7 hashing must not be performed on incomplete requests - [TESTS] add a simple program to test connection resets - [MINOR] cli: "show errors" should display "backend " when backend was not used - [MINOR] config: emit warnings when HTTP-only options are used in TCP mode - [MINOR] config: allow "slowstart 0s" - [BUILD] 'make tags' did not consider files ending in '.c' - [MINOR] checks: add the ability to disable a server in the config 2010/03/17 : 1.4.2 - [CLEANUP] product branch update - [DOC] Some more documentation cleanups - [BUG] clf logs segfault when capturing a non existant header - [OPTIM] config: only allocate check buffer when checks are enabled - [MEDIUM] checks: support multi-packet health check responses - [CLEANUP] session: remove duplicate test - [BUG] http: don't wait for response data to leave buffer is client has left - [MINOR] proto_uxst: set accept_date upon accept() to the wall clock time - [MINOR] stats: don't send empty lines in "show errors" - [MINOR] stats: make the data dump function reusable for other purposes - [MINOR] stats socket: add show sess to dump details about a session - [BUG] stats: connection reset counters must be plain ascii, not HTML - [BUG] url_param hash may return a down server - [MINOR] force null-termination of hostname - [MEDIUM] connect to servers even when the input has already been closed - [BUG] don't merge anonymous ACLs ! - [BUG] config: fix endless loop when parsing "on-error" - [MINOR] http: don't mark a server as failed when it returns 501/505 - [OPTIM] checks: try to detect the end of response without polling again - [BUG] checks: don't report an error when recv() returns an error after data - [BUG] checks: don't abort when second poll returns an error - [MINOR] checks: make shutdown() silently fail - [BUG] http: fix truncated responses on chunk encoding when size divides buffer size - [BUG] init: unconditionally catch SIGPIPE - [BUG] checks: don't wait for a close to start parsing the response 2010/03/04 : 1.4.1 - [BUG] Clear-cookie path issue - [DOC] fix typo on stickiness rules - [BUILD] fix BSD and OSX makefiles for missing files - [BUILD] includes order breaks OpenBSD build - [BUILD] fix some build warnings on Solaris with is* macros - [BUG] logs: don't report "last data" when we have just closed after an error - [BUG] logs: don't report "proxy request" when server closes early - [BUILD] fix platform-dependant build issues related to crypt() - [STATS] count transfer aborts caused by client and by server - [STATS] frontend requests were not accounted for failed requests - [MINOR] report total number of processed connections when stopping a proxy - [DOC] be more clear about the limitation to one single monitor-net entry 2010/02/26 : 1.4.0 - [MINOR] stats: report maint state for tracking servers too - [DOC] fix summary to add pattern extraction - [DOC] Documentation cleanups - [BUG] cfgparse memory leak and missing free calls in deinit() - [BUG] pxid/puid/luid: don't shift IDs when some of them are forced - [EXAMPLES] add auth.cfg - [BUG] uri_auth: ST_SHLGNDS should be 0x00000008 not 0x0000008 - [BUG] uri_auth: do not attemp to convert uri_auth -> http-request more than once - [BUILD] auth: don't use unnamed unions - [BUG] config: report unresolvable host names as errors - [BUILD] fix build breakage with DEBUG_FULL - [DOC] fix a typo about timeout check and clarify the explanation. - [MEDIUM] http: don't use trash to realign large buffers - [STATS] report HTTP requests (total and rate) in frontends - [STATS] separate frontend and backend HTTP stats - [MEDIUM] http: revert to use a swap buffer for realignment - [MINOR] stats: report the request rate in frontends as cell titles - [MINOR] stats: mark areas with an underline when tooltips are available - [DOC] reorder some entries to maintain the alphabetical order - [DOC] cleanup of the keyword matrix 2010/02/02 : 1.4-rc1 - [MEDIUM] add a maintenance mode to servers - [MINOR] http-auth: last fix was wrong - [CONTRIB] add base64rev-gen.c that was used to generate the base64rev table. - [MINOR] Base64 decode - [MINOR] generic auth support with groups and encrypted passwords - [MINOR] add ACL_TEST_F_NULL_MATCH - [MINOR] http-request: allow/deny/auth support for frontend/backend/listen - [MINOR] acl: add http_auth and http_auth_group - [MAJOR] use the new auth framework for http stats - [DOC] add info about userlists, http-request and http_auth/http_auth_group acls - [STATS] make it possible to change a CLI connection timeout - [BUG] patterns: copy-paste typo in type conversion arguments - [MINOR] pattern: make the converter more flexible by supporting void* and int args - [MINOR] standard: str2mask: string to netmask converter - [MINOR] pattern: add support for argument parsers for converters - [MINOR] pattern: add the "ipmask()" converting function - [MINOR] config: off-by-one in "stick-table" after list of converters - [CLEANUP] acl, patterns: make use of my_strndup() instead of malloc+memcpy - [BUG] restore accidentely removed line in last patch ! - [MINOR] checks: make the HTTP check code add the CRLF itself - [MINOR] checks: add the server's status in the checks - [BUILD] halog: make without arch-specific optimizations - [BUG] halog: fix segfault in case of empty log in PCT mode (cherry picked from commit fe362fe4762151d209b9656639ee1651bc2b329d) - [MINOR] http: disable keep-alive when process is going down - [MINOR] acl: add build_acl_cond() to make it easier to add ACLs in config - [CLEANUP] config: use build_acl_cond() instead of parse_acl_cond() - [CLEANUP] config: use warnif_cond_requires_resp() to check for bad ACLs - [MINOR] prepare req_*/rsp_* to receive a condition - [CLEANUP] config: specify correct const char types to warnif_* functions - [MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords - [MEDIUM] http: make the request filter loop check for optional conditions - [MEDIUM] http: add support for conditional request filter execution - [DOC] add some build info about the AIX platform (cherry picked from commit e41914c77edbc40aebf827b37542d37d758e371e) - [MEDIUM] http: add support for conditional request header addition - [MEDIUM] http: add support for conditional response header rewriting - [DOC] add some missing ACLs about response header matching - [MEDIUM] http: add support for proxy authentication - [MINOR] http-auth: make the 'unless' keyword work as expected - [CLEANUP] config: use build_acl_cond() to simplify http-request ACL parsing - [MEDIUM] add support for anonymous ACLs - [MEDIUM] http: switch to tunnel mode after status 101 responses - [MEDIUM] http: stricter processing of the CONNECT method - [BUG] config: reset check request to avoid double free when switching to ssl/sql - [MINOR] config: fix too large ssl-hello-check message. - [BUG] fix error response in case of server error 2010/01/25 : 1.4-dev8 - [CLEANUP] Keep in sync "defaults" support between documentation and code - [MEDIUM] http: add support for Proxy-Connection header - [CRITICAL] buffers: buffer_insert_line2 must not change the ->w entry - [MINOR] http: remove a copy-paste typo in transaction cleaning - [BUG] http: trim any excess buffer data when recycling a connection 2010/01/25 : 1.4-dev7 - [BUG] appsession: possible memory leak in case of out of memory condition - [MINOR] config: don't accept 'appsession' in defaults section - [MINOR] Add function to parse a size in configuration - [MEDIUM] Add stick table (persistence) management functions and types - [MEDIUM] Add pattern fetch management types and functions - [MEDIUM] Add src dst and dport pattern fetches. - [MEDIUM] Add stick table configuration and init. - [MEDIUM] Add stick and store rules analysers. - [MINOR] add option "mysql-check" to use MySQL health checks - [BUG] health checks: fix requeued message - [OPTIM] remove SSP_O_VIA and SSP_O_STATUS - [BUG] checks: fix newline termination - [MINOR] acl: add fe_id/so_id to match frontend's and socket's id - [BUG] appsession's sessid must be reset at end of transaction - [BUILD] appsession did not build anymore under gcc-2.95 - [BUG] server redirection used an uninitialized string. - [MEDIUM] http: fix handling of message pointers - [MINOR] http: fix double slash prefix with server redirect - [MINOR] http redirect: add the ability to append a '/' to the URL - [BUG] stream_interface: fix retnclose and remove cond_close - [MINOR] http redirect: don't explicitly state keep-alive on 1.1 - [MINOR] http: move appsession 'sessid' from session to http_txn - [OPTIM] reorder http_txn to optimize cache lines placement - [MINOR] http: differentiate waiting for new request and waiting for a complete requst - [MINOR] http: add a separate "http-keep-alive" timeout - [MINOR] config: remove undocumented and buggy 'timeout appsession' - [DOC] fix various too large lines - [DOC] remove several trailing spaces - [DOC] add the doc about stickiness - [BUILD] remove a warning in standard.h on AIX - [BUG] checks: chars are unsigned on AIX, check was always true - [CLEANUP] stream_sock: MSG_NOSIGNAL is only for send(), not recv() - [BUG] check: we must not check for error before reading a response - [BUG] buffers: remove remains of wrong obsolete length check - [OPTIM] stream_sock: don't shutdown(write) when the socket is in error - [BUG] http: don't count req errors on client resets or t/o during keep-alive - [MEDIUM] http: don't switch to tunnel mode upon close - [DOC] add documentation about connection header processing - [MINOR] http: add http_remove_header2() to remove a header value. - [MINOR] tools: add a "word_match()" function to match words and ignore spaces - [MAJOR] http: rework request Connection header handling - [MAJOR] http: rework response Connection header handling - [MINOR] add the ability to force kernel socket buffer size. - [BUG] http_server_error() must not purge a previous pending response - [OPTIM] http: don't delay response if next request is incomplete - [MINOR] add the "force-persist" statement to force persistence on down servers - [MINOR] http: logs must report persistent connections to down servers - [BUG] buffer_replace2 must never change the ->w entry 2010/01/08 : 1.4-dev6 - [BUILD] warning in stream_interface.h - [BUILD] warning ultoa_r returns char * - [MINOR] hana: only report stats if it is enabled - [MINOR] stats: add "a link" & "a href" for sockets - [MINOR]: stats: add show-legends to report additional informations - [MEDIUM] default-server support - [BUG]: add 'observer', 'on-error', 'error-limit' to supported options list - [MINOR] stats: add href to tracked server - [BUG] stats: show UP/DOWN status also in tracking servers - [DOC] Restore ability to search a keyword at the beginning of a line - [BUG] stats: cookie should be reported under backend not under proxy - [BUG] cfgparser/stats: fix error message - [BUG] http: disable auto-closing during chunk analysis - [BUG] http: fix hopefully last closing issue on data forwarding - [DEBUG] add an http_silent_debug function to debug HTTP states - [MAJOR] http: fix again the forward analysers - [BUG] http_process_res_common() must not skip the forward analyser - [BUG] http: some possible missed close remain in the forward chain - [BUG] http: redirect needed to be updated after recent changes - [BUG] http: don't set no-linger on response in case of forced close - [MEDIUM] http: restore the original behaviour of option httpclose - [TESTS] add a file to test various connection modes - [BUG] http: check options before the connection header - [MAJOR] session: fix the order by which the analysers are run - [MEDIUM] session: also consider request analysers added during response - [MEDIUM] http: make safer use of the DONT_READ and AUTO_CLOSE flags - [BUG] http: memory leak with captures when using keep-alive - [BUG] http: fix for capture memory leak was incorrect - [MINOR] http redirect: use proper call to return last response - [MEDIUM] http: wait for some flush of the response buffer before a new request - [MEDIUM] session: limit the number of analyser loops 2010/01/03 : 1.4-dev5 - [MINOR] server tracking: don't care about the tracked server's mode - [MEDIUM] appsession: add "len", "prefix" and "mode" options - [MEDIUM] appsession: add the "request-learn" option - [BUG] Configuration parser bug when escaping characters - [MINOR] CSS & HTML fun - [MINOR] Collect & provide http response codes received from servers - [BUG] Fix silly typo: hspr_other -> hrsp_other - [MINOR] Add "a name" to stats page - [MINOR] add additional "a href"s to stats page - [MINOR] Collect & provide http response codes for frontends, fix backends - [DOC] some small spell fixes and unifications - [MEDIUM] Decrease server health based on http responses / events, version 3 - [BUG] format '%d' expects type 'int', but argument 5 has type 'long int' - [BUG] config: fix erroneous check on cookie domain names, again - [BUG] Healthchecks: get a proper error code if connection cannot be completed immediately - [DOC] trivial fix for man page - [MINOR] config: report all supported options for the "bind" keyword - [MINOR] tcp: add support for the defer_accept bind option - [MINOR] unix socket: report the socket path in case of bind error - [CONTRIB] halog: support searching by response time - [DOC] add a reminder about obsolete documents - [DOC] point to 1.4 doc, not 1.3 - [DOC] option tcp-smart-connect was missing from index - [MINOR] http: detect connection: close earlier - [CLEANUP] sepoll: clean up the fd_clr/fd_set functions - [OPTIM] move some rarely used fields out of fdtab - [MEDIUM] fd: merge fd_list into fdtab - [MAJOR] buffer: flag BF_DONT_READ to disable reads when not required - [MINOR] http: add new transaction flags for keep-alive and content-length - [MEDIUM] http request: parse connection, content-length and transfer-encoding - [MINOR] http request: update the TX_SRV_CONN_KA flag on rewrite - [MINOR] http request: simplify the test of no-data - [MEDIUM] http request: simplify POST length detection - [MEDIUM] http request: make use of pre-parsed transfer-encoding header - [MAJOR] http: create the analyser which waits for a response - [MINOR] http: pre-set the persistent flags in the transaction - [MEDIUM] http response: check body length and set transaction flags - [MINOR] http response: update the TX_CLI_CONN_KA flag on rewrite - [MINOR] http: remove the last call to stream_int_return - [IMPORT] import ebtree v5.0 into directory ebtree/ - [MEDIUM] build: switch ebtree users to use new ebtree version - [CLEANUP] ebtree: remove old unused files - [BUG] definitely fix regparm issues between haproxy core and ebtree - [CLEANUP] ebtree: cast to char * to get rid of gcc warning - [BUILD] missing #ifndef in ebmbtree.h - [BUILD] missing #ifndef in ebsttree.h - [MINOR] tools: add hex2i() function to convert hex char to int - [MINOR] http: create new MSG_BODY sub-states - [BUG] stream_sock: BUF_INFINITE_FORWARD broke splice on 64-bit platforms - [DOC] option is "defer-accept", not "defer_accept" - [MINOR] http: keep pointer to beginning of data - [BUG] x-original-to: name was not set in default instance - [MINOR] http: detect tunnel mode and set it in the session - [BUG] config: fix error message when config file is not found - [BUG] config: fix wrong handling of too large argument count - [BUG] config: disable 'option httplog' on TCP proxies - [BUG] config: fix erroneous check on cookie domain names - [BUG] config: cookie domain was ignored in defaults sections - [MINOR] config: support passing multiple "domain" statements to cookies - [MINOR] ebtree: add functions to lookup non-null terminated strings - [MINOR] config: don't report error on all subsequent files on failure - [BUG] second fix for the printf format warning - [BUG] check_post: limit analysis to the buffer length - [MEDIUM] http: process request body in a specific analyser - [MEDIUM] backend: remove HTTP POST parsing from get_server_ph_post() - [MAJOR] http: completely process the "connection" header - [MINOR] http: only consider chunk encoding with HTTP/1.1 - [MAJOR] buffers: automatically compute the maximum buffer length - [MINOR] http: move the http transaction init/cleanup code to proto_http - [MINOR] http: move 1xx handling earlier to eliminate a lot of ifs - [MINOR] http: introduce a new synchronisation state : HTTP_MSG_DONE - [MEDIUM] http: rework chunk-size parser - [MEDIUM] http: add a new transaction flags indicating if we know the transfer length - [MINOR] buffers: add buffer_ignore() to skip some bytes - [BUG] http: offsets are relative to the buffer, not to ->som - [MEDIUM] http: automatically re-aling request buffer - [BUG] http: body parsing must consider the start of message - [MINOR] new function stream_int_cond_close() - [MAJOR] http: implement body parser - [BUG] http: typos on several unlikely() around header insertion - [BUG] stream_sock: wrong max computation on recv - [MEDIUM] http: rework the buffer alignment logic - [BUG] buffers: wrong size calculation for displaced data - [MINOR] stream_sock: prepare for closing when all pending data are sent - [MEDIUM] http: add two more states for the closing period - [MEDIUM] http: properly handle "option forceclose" - [MINOR] stream_sock: add SI_FL_NOLINGER for faster close - [MEDIUM] http: make forceclose use SI_FL_NOLINGER - [MEDIUM] session: set SI_FL_NOLINGER when aborting on write timeouts - [MEDIUM] http: add some SI_FL_NOLINGER around server errors - [MINOR] config: option forceclose is valid in frontends too - [BUILD] halog: insufficient include path in makefile - [MEDIUM] http: make the analyser not rely on msg being initialized anymore - [MEDIUM] http: make the parsers able to wait for a buffer flush - [MAJOR] http: add support for option http-server-close - [BUG] http: ensure we abort data transfer on write error - [BUG] last fix was overzealous and disabled server-close - [BUG] http: fix erroneous trailers size computation - [MINOR] stream_sock: enable MSG_MORE when forwarding finite amount of data - [OPTIM] http: set MSG_MORE on response when a pipelined request is pending - [BUG] http: redirects were broken by chunk changes - [BUG] http: the request URI pointer is relative to the buffer - [OPTIM] http: don't immediately enable reading on request - [MINOR] http: move redirect messages to HTTP/1.1 with a content-length - [BUG] http: take care of errors, timeouts and aborts during the data phase - [MINOR] http: don't wait for sending requests to the server - [MINOR] http: make the conditional redirect support keep-alive - [BUG] http: fix cookie parser to support spaces and commas in values - [MINOR] config: some options were missing for "redirect" - [MINOR] redirect: add support for unconditional rules - [MINOR] config: centralize proxy struct initialization - [MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements - [MEDIUM] config: remove the limitation of 10 config files - [CLEANUP] http: remove a remaining impossible condition - [OPTIM] http: optimize a bit the construct of the forward loops 2009/10/12 : 1.4-dev4 - [DOC] add missing rate_lim and rate_max - [MAJOR] struct chunk rework - [MEDIUM] Health check reporting code rework + health logging, v3 - [BUG] check if rise/fall has an argument and it is > 0 - [MINOR] health checks logging unification - [MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 - [MINOR] Allow dots in show-node & add "white-space: nowrap" in th.pxname. - [DOC] Add information about http://haproxy.1wt.eu/contrib.html - [MINOR] Introduce include/types/counters.h - [CLEANUP] Move counters to dedicated structures - [MINOR] Add "clear counters" to clear statistics counters - [MEDIUM] Collect & provide separate statistics for sockets, v2 - [BUG] Fix NULL pointer dereference in stats_check_uri_auth(), v2 - [MINOR] acl: don't report valid acls as potential mistakes - [MINOR] Add cut_crlf(), ltrim(), rtrim() and alltrim() - [MINOR] Add chunk_htmlencode and chunk_asciiencode - [MINOR] Capture & display more data from health checks, v2 - [BUG] task.c: don't assing last_timer to node-less entries - [BUG] http stats: large outputs sometimes got some parts chopped off - [MINOR] backend: export some functions to recount servers - [MINOR] backend: uninline some LB functions - [MINOR] include time.h from freq_ctr.h as is uses "now". - [CLEANUP] backend: move LB algos to individual files - [MINOR] lb_map: reorder code in order to ease integration of new hash functions - [CLEANUP] proxy: move last lb-specific bits to their respective files - [MINOR] backend: separate declarations of LB algos from their lookup method - [MINOR] backend: reorganize the LB algorithm selection - [MEDIUM] backend: introduce the "static-rr" LB algorithm - [MINOR] report list of supported pollers with -vv - [DOC] log-health-checks is an option, not a directive - [MEDIUM] new option "independant-streams" to stop updating read timeout on writes - [BUG] stats: don't call buffer_shutw(), but ->shutw() instead - [MINOR] stats: strip CR and LF from the input command line - [BUG] don't refresh timeouts late after detected activity - [MINOR] stats_dump_errors_to_buffer: use buffer_feed_chunk() - [MINOR] stats_dump_sess_to_buffer: use buffer_feed_chunk() - [MINOR] stats: make stats_dump_raw_to_buffer() use buffer_feed_chunk - [MEDIUM] stats: don't use s->ana_state anymore - [MINOR] remove now obsolete ana_state from the session struct - [MEDIUM] stats: make HTTP stats use an I/O handler - [MEDIUM] stream_int: adjust WAIT_ROOM handling - [BUG] config: look for ID conflicts in all sockets, not only last ones. - [MINOR] config: reference file and line with any listener/proxy/server declaration - [MINOR] config: report places of duplicate names or IDs - [MINOR] config: add pointer to file name in block/redirect/use_backend/monitor rules - [MINOR] tools: add a new get_next_id() function - [MEDIUM] config: automatically find unused IDs for proxies, servers and listeners - [OPTIM] counters: move some max numbers to the counters struct - [BUG] counters: fix segfault on missing counters for a listener - [MEDIUM] backend: implement consistent hashing variation - [MINOR] acl: add fe_conn, be_conn, queue, avg_queue - [MINOR] stats: use 'clear counters all' to clear all values - [MEDIUM] add access restrictions to the stats socket - [MINOR] buffers: add buffer_feed2() and make buffer_feed() measure string length - [MINOR] proxy: provide function to retrieve backend/server pointers - [MINOR] add the "initial weight" to the server struct. - [MEDIUM] stats: add the "get weight" command to report a server's weight - [MEDIUM] stats: add the "set weight" command - [BUILD] add a 'make tags' target - [MINOR] stats: add support for numeric IDs in set weight/get weight - [MINOR] stats: use a dedicated state to output static data - [OPTIM] stats: check free space before trying to print 2009/09/24 : 1.4-dev3 - [BUILD] compilation of haproxy-1.4-dev2 on FreeBSD - [MEDIUM] Collect & show information about last health check, v3 - [MINOR] export the hostname variable so that all the code can access it - [MINOR] stats: add a new node-name setting - [MEDIUM] remove old experimental tcpsplice option - [BUILD] fix build for systems without SOL_TCP - [MEDIUM] move connection establishment from backend to the SI. - [MEDIUM] make the global stats socket part of a frontend - [MEDIUM] session: account per-listener connections - [MINOR] session: switch to established state if no connect function - [MEDIUM] make the unix stats sockets use the generic session handler - [CLEANUP] unix: remove uxst_process_session() - [CLEANUP] move remaining stats sockets code to dumpstats - [MINOR] move the initial task's nice value to the listener - [MINOR] cleanup set_session_backend by using pre-computed analysers - [MINOR] set s->srv_error according to the analysers - [MEDIUM] set rep->analysers from fe and be analysers - [MEDIUM] replace BUFSIZE with buf->size in computations - [MEDIUM] make it possible to change the buffer size in the configuration - [MEDIUM] report error on buffer writes larger than buffer size - [MEDIUM] stream_interface: add and use ->update function to resync - [CLEANUP] remove ifdef MSG_NOSIGNAL and define it instead - [MEDIUM] remove TCP_CORK and make use of MSG_MORE instead - [BUG] tarpit did not work anymore - [MINOR] acl: add support for hdr_ip to match IP addresses in headers - [MAJOR] buffers: fix misuse of the BF_SHUTW_NOW flag - [MINOR] buffers: provide more functions to handle buffer data - [MEDIUM] buffers: provide new buffer_feed*() function - [MINOR] buffers: add peekchar and peekline functions for stream interfaces - [MINOR] buffers: provide buffer_si_putchar() to send a char from a stream interface - [BUG] buffer_forward() would not correctly consider data already scheduled - [MINOR] buffers: add buffer_cut_tail() to cut only unsent data - [MEDIUM] stream_interface: make use of buffer_cut_tail() to report errors - [MAJOR] http: add support for HTTP 1xx informational responses - [MINOR] buffers: inline buffer_si_putchar() - [MAJOR] buffers: split BF_WRITE_ENA into BF_AUTO_CONNECT and BF_AUTO_CLOSE - [MAJOR] buffers: fix the BF_EMPTY flag's meaning - [BUG] stream_interface: SI_ST_CLO must have buffers SHUT - [MINOR] stream_sock: don't set SI_FL_WAIT_DATA if BF_SHUTW_NOW is set - [MEDIUM] add support for infinite forwarding - [BUILD] stream_interface: fix conflicting declaration - [BUG] buffers: buffer_forward() must not always clear BF_OUT_EMPTY - [BUG] variable buffer size ignored at initialization time - [MINOR] ensure that buffer_feed() and buffer_skip() set BF_*_PARTIAL - [BUG] fix buffer_skip() and buffer_si_getline() to correctly handle wrap-arounds - [MINOR] stream_interface: add SI_FL_DONT_WAKE flag - [MINOR] stream_interface: add iohandler callback - [MINOR] stream_interface: add functions to support running as internal/external tasks - [MEDIUM] session: call iohandler for embedded tasks (applets) - [MINOR] add a ->private member to the stream_interface - [MEDIUM] stats: prepare the connection for closing before dumping - [MEDIUM] stats: replace the stats socket analyser with an SI applet 2009/08/09 : 1.4-dev2 - [BUG] task: fix possible crash when some timeouts are not configured - [BUG] log: option tcplog would log to global if no logger was defined 2009/07/29 : 1.4-dev1 - [MINOR] acl: add support for matching of RDP cookies - [MEDIUM] add support for RDP cookie load-balancing - [MEDIUM] add support for RDP cookie persistence - [MINOR] add a new CLF log format - [MINOR] startup: don't imply -q with -D - [BUG] ensure that we correctly re-start old process in case of error - [MEDIUM] add support for binding to source port ranges during connect - [MINOR] config: track "no option"/"option" changes - [MINOR] config: support resetting options do default values - [MEDIUM] implement option tcp-smart-accept at the frontend - [MEDIUM] stream_sock: implement tcp-cork for use during shutdowns on Linux - [MEDIUM] implement tcp-smart-connect option at the backend - [MEDIUM] add support for TCP MSS adjustment for listeners - [MEDIUM] support setting a server weight to zero - [MINOR] make DEFAULT_MAXCONN user-configurable at build time - [MAJOR] session: don't clear buffer status flags anymore - [MAJOR] session: only check for timeouts when they have just occurred. - [MAJOR] session: simplify buffer error handling - [MEDIUM] config: split parser and checker in two functions - [MEDIUM] config: support loading multiple configuration files - [MEDIUM] stream_sock: don't close prematurely when nolinger is set - [MEDIUM] session: rework buffer analysis to permit permanent analysers - [MEDIUM] splice: set the capability on each stream_interface - [BUG] http: redirect rules were processed too early - [CLEANUP] remove unused DEBUG_PARSE_NO_SPEEDUP define - [MEDIUM] http: split request waiter from request processor - [MEDIUM] session: tell analysers what bit they were called for - [MAJOR] http: complete splitting of the remaining stages - [MINOR] report in the proxies the requirements for ACLs - [MINOR] http: rely on proxy->acl_requires to allocate hdr_idx - [MINOR] acl: add HTTP protocol detection (req_proto_http) - [MINOR] prepare callers of session_set_backend to handle errors - [BUG] default ACLs did not properly set the ->requires flag - [MEDIUM] allow a TCP frontend to switch to an HTTP backend - [MINOR] ensure we can jump from swiching rules to http without data - [MINOR] http: take http request timeout from the backend - [MINOR] allow TCP inspection rules to make use of HTTP ACLs - [BUILD] report commit date and not author's date as build date - [MINOR] acl: don't complain anymore when using L7 acls in TCP - [BUG] stream_sock: always shutdown(SHUT_WR) before closing - [BUG] stream_sock: don't stop reading when the poller reports an error - [BUG] config: tcp-request content only accepts "if" or "unless" - [BUG] task: fix possible timer drift after update - [MINOR] apply tcp-smart-connect option for the checks too - [MINOR] stats: better displaying in MSIE - [MINOR] config: improve error reporting in global section - [MINOR] config: improve error reporting in listen sections - [MINOR] config: the "capture" keyword is not allowed in backends - [MINOR] config: improve error reporting when checking configuration - [BUILD] fix a minor build warning on AIX - [BUILD] use "git cmd" instead of "git-cmd" - [CLEANUP] report 2009 not 2008 in the copyright banner. - [MINOR] print usage on the stats sockets upon invalid commands - [MINOR] acl: detect and report potential mistakes in ACLs - [BUILD] fix incorrect printf arg count with tcp_splice - [BUG] fix random pauses on last segment of a series - [BUILD] add support for build under Cygwin 2009/06/09 : 1.4-dev0 - exact copy of 1.3.18 2009/05/10 : 1.3.18 - [MEDIUM] add support for "balance hdr(name)" - [CLEANUP] give a little bit more information in error message - [MINOR] add X-Original-To: header - [BUG] x-original-to: fix missing initialization to default value - [BUILD] spec file: fix broken pipe during rpmbuild and add man file - [MINOR] improve reporting of misplaced acl/reqxxx rules - [MEDIUM] http: add options to ignore invalid header names - [MEDIUM] http: capture invalid requests/responses even if accepted - [BUILD] add format(printf) to printf-like functions - [MINOR] fix several printf formats and missing arguments - [BUG] stats: total and lbtot are unsigned - [MINOR] fix a few remaining printf-like formats on 64-bit platforms - [CLEANUP] remove unused make option from haproxy.spec - [BUILD] make it possible to pass alternative arch at build time - [MINOR] switch all stat counters to 64-bit - [MEDIUM] ensure we don't recursively call pool_gc2() - [CRITICAL] uninitialized response field can sometimes cause crashes - [BUG] fix wrong pointer arithmetics in HTTP message captures - [MINOR] rhel init script : support the reload operation - [MINOR] add basic signal handling functions - [BUILD] add signal.o to all makefiles - [MEDIUM] call signal_process_queue from run_poll_loop - [MEDIUM] pollers: don't wait if a signal is pending - [MEDIUM] convert all signals to asynchronous signals - [BUG] O(1) pollers should check their FD before closing it - [MINOR] don't close stdio fds twice - [MINOR] add options dontlog-normal and log-separate-errors - [DOC] minor fixes and rearrangements - [BUG] fix parser crash on unconditional tcp content rules - [DOC] rearrange the configuration manual and add a summary - [MINOR] standard: provide a new 'my_strndup' function - [MINOR] implement per-logger log level limitation - [MINOR] compute the max of sessions/s on fe/be/srv - [MINOR] stats: report max sessions/s and limit in CSV export - [MINOR] stats: report max sessions/s and limit in HTML stats - [MINOR] stats/html: use the arial font before helvetica 2009/03/29 : 1.3.17 - Update specfile to build for v2.6 kernel. - [BUG] reset the stream_interface connect timeout upon connect or error - [BUG] reject unix accepts when connection limit is reached - [MINOR] show sess: report number of calls to each task - [BUG] don't call epoll_ctl() on closed sockets - [BUG] stream_sock: disable I/O on fds reporting an error - [MINOR] sepoll: don't count two events on the same FD. - [MINOR] show sess: report a lot more information about sessions - [BUG] stream_sock: check for shut{r,w} before refreshing some timeouts - [BUG] don't set an expiration date directly from now_ms - [MINOR] implement ulltoh() to write HTML-formatted numbers - [MINOR] stats/html: group digits by 3 to clarify numbers - [BUILD] remove haproxy-small.spec - [BUILD] makefile: remove unused references to linux24eold and EPOLL_CTL_WORKAROUND 2009/03/22 : 1.3.16 - [BUILD] Fixed Makefile for linking pcre - [CONTRIB] selinux policy for haproxy - [MINOR] show errors: encode backslash as well as non-ascii characters - [MINOR] cfgparse: some cleanups in the consistency checks - [MINOR] cfgparse: set backends to "balance roundrobin" by default - [MINOR] tcp-inspect: permit the use of no-delay inspection - [MEDIUM] reverse internal proxy declaration order to match configuration - [CLEANUP] config: catch and report some possibly wrong rule ordering - [BUG] connect timeout is in the stream interface, not the buffer - [BUG] session: errors were not reported in termination flags in TCP mode - [MINOR] tcp_request: let the caller take care of errors and timeouts - [CLEANUP] http: remove some commented out obsolete code in process_response - [MINOR] update ebtree to version 4.1 - [MEDIUM] scheduler: get rid of the 4 trees thanks and use ebtree v4.1 - [BUG] sched: don't leave 3 lasts tasks unprocessed when niced tasks are present - [BUG] scheduler: fix improper handling of duplicates __task_queue() - [MINOR] sched: permit a task to stay up between calls - [MINOR] task: keep a task count and clean up task creators - [MINOR] stats: report number of tasks (active and running) - [BUG] server check intervals must not be null - [OPTIM] stream_sock: don't retry to read after a large read - [OPTIM] buffer: new BF_READ_DONTWAIT flag reduces EAGAIN rates - [MEDIUM] session: don't resync FSMs on non-interesting changes - [BUG] check for global.maxconn before doing accept() - [OPTIM] sepoll: do not re-check whole list upon accepts 2009/03/09 : 1.3.16-rc2 - [BUG] stream_sock: write timeout must be updated when forwarding ! 2009/03/09 : 1.3.16-rc1 - appsessions: cleanup DEBUG_HASH and initialize request_counter - [MINOR] acl: add new keyword "connslots" - [MINOR] cfgparse: fix off-by 2 in error message size - [BUILD] fix build with gcc 4.3 - [BUILD] fix MANDIR default location to match documentation - [TESTS] add a debug patch to help trigger the stats bug - [BUG] Flush buffers also where there are exactly 0 bytes left - [MINOR] Allow to specify a domain for a cookie - [BUG/CLEANUP] cookiedomain -> cookie_domain rename + free(p->cookie_domain) - [MEDIUM] Fix memory freeing at exit - [MEDIUM] Fix memory freeing at exit, part 2 - [BUG] Fix listen & more of 2 couples : - [DOC] remove buggy comment for use_backend - [CRITICAL] fix server state tracking: it was O(n!) instead of O(n) - [MEDIUM] add support for URI hash depth and length limits - [MINOR] permit renaming of x-forwarded-for header - [BUILD] fix Makefile.bsd and Makefile.osx for stream_interface - [BUILD] Haproxy won't compile if DEBUG_FULL is defined - [MEDIUM] upgrade to ebtree v4.0 - [DOC] update the README file with new build options - [MEDIUM] reduce risk of event starvation in ev_sepoll - [MEDIUM] detect streaming buffers and tag them as such - [MEDIUM] add support for conditional HTTP redirection - [BUILD] make install should depend on haproxy not "all" - [DEBUG] add a TRACE macro to facilitate runtime data extraction - [BUG] event pollers must not wait if a task exists in the run queue - [BUG] queue management: wake oldest request in queues - [BUG] log: reported queue position was offed-by-one - [BUG] fix the dequeuing logic to ensure that all requests get served - [DOC] documentation for the "retries" parameter was missing. - [MEDIUM] implement a monotonic internal clock - [MEDIUM] further improve monotonic clock by check forward jumps - [OPTIM] add branch prediction hints in list manipulations - [MAJOR] replace ultree with ebtree in wait-queues - [BUG] we could segfault during exit while freeing uri_auths - [BUG] wqueue: perform proper timeout comparisons with wrapping values - [MINOR] introduce now_ms, the current date in milliseconds - [BUG] disable buffer read timeout when reading stats - [MEDIUM] rework the wait queue mechanism - [BUILD] change declaration of base64tab to fix build with Intel C++ - [OPTIM] shrink wake_expired_tasks() by using task_wakeup() - [MAJOR] use an ebtree instead of a list for the run queue - [MEDIUM] introduce task->nice and boot access to statistics - [OPTIM] task_queue: assume most consecutive timers are equal - [BUILD] silent a warning in unlikely() with gcc 4.x - [MAJOR] convert all expiration timers from timeval to ticks - [BUG] use_backend would not correctly consider "unless" - [TESTS] added test-acl.cfg to test some ACL combinations - [MEDIUM] add support for configuration keyword registration - [MEDIUM] modularize the global "stats" keyword configuration parser - [MINOR] cfgparse: add support for warnings in external functions - [MEDIUM] modularize the "timeout" keyword configuration parser - [MAJOR] implement tcp request content inspection - [MINOR] acl: add a new parsing function: parse_dotted_ver - [MINOR] acl: add req_ssl_ver in TCP, to match an SSL version - [CLEANUP] remove unused include/types/client.h - [CLEANUP] remove many #include from C files - [CLEANUP] remove dependency on obsolete INTBITS macro - [DOC] document the new "tcp-request" keyword and associated ACLs - [MINOR] acl: add REQ_CONTENT to the list of default acls - [MEDIUM] acl: permit fetch() functions to set the result themselves - [MEDIUM] acl: get rid of dummy values in always_true/always_false - [MINOR] acl: add the "wait_end" acl verb - [MEDIUM] acl: enforce ACL type checking - [MEDIUM] acl: set types on all currently known ACL verbs - [MEDIUM] acl: when possible, report the name and requirements of ACLs in warnings - [CLEANUP] remove 65 useless NULL checks before free - [MEDIUM] memory: update pool_free2() to support NULL pointers - [MEDIUM] buffers: ensure buffer_shut* are properly called upon shutdowns - [MEDIUM] process_srv: rely on buffer flags for client shutdown - [MEDIUM] process_srv: don't rely at all on client state - [MEDIUM] process_cli: don't rely at all on server state - [BUG] fix segfault with url_param + check_post - [BUG] server timeout was not considered in some circumstances - [BUG] client timeout incorrectly rearmed while waiting for server - [MAJOR] kill CL_STINSPECT and CL_STHEADERS (step 1) - [MAJOR] get rid of SV_STANALYZE (step 2) - [MEDIUM] simplify and centralize request timeout cancellation and request forwarding - [MAJOR] completely separate HTTP and TCP states on the request path - [BUG] fix recently introduced loop when client closes early - [MAJOR] get rid of the SV_STHEADERS state - [MAJOR] better separation of response processing and server state - [MAJOR] clearly separate HTTP response processing from TCP server state - [MEDIUM] remove unused references to {CL|SV}_STSHUT* - [MINOR] term_trace: add better instrumentations to trace the code - [BUG] ev_sepoll: closed file descriptors could persist in the spec list - [BUG] process_response must not enable the read FD - [BUG] buffers: remove BF_MAY_CONNECT and fix forwarding issue - [BUG] process_response: do not touch srv_state - [BUG] maintain_proxies must not disable backends - [CLEANUP] get rid of BF_SHUT*_PENDING - [MEDIUM] buffers: add BF_EMPTY and BF_FULL to remove dependency on req/rep->l - [MAJOR] process_session: rely only on buffer flags - [MEDIUM] use buffer->wex instead of buffer->cex for connect timeout - [MEDIUM] centralize buffer timeout checks at the top of process_session - [MINOR] ensure the termination flags are set by process_xxx - [MEDIUM] session: move the analysis bit field to the buffer - [OPTIM] process_cli/process_srv: reduce the number of tests - [BUG] regparm is broken on gcc < 3 - [BUILD] fix warning in proto_tcp.c with gcc >= 4 - [MEDIUM] merge inspect_exp and txn->exp into request buffer - [BUG] process_cli/process_srv: don't call shutdown when already done - [BUG] process_request: HTTP body analysis must return zero if missing data - [TESTS] test-fsm: 22 regression tests for state machines - [BUG] Fix empty X-Forwarded-For header name when set in defaults section - [BUG] fix harmless but wrong fd insertion sequence - [MEDIUM] make it possible for analysers to follow the whole session - [MAJOR] rework of the server FSM - [OPTIM] remove useless fd_set(read) upon shutdown(write) - [MEDIUM] massive cleanup of process_srv() - [MEDIUM] second level of code cleanup for process_srv_data - [MEDIUM] third cleanup and optimization of process_srv_data() - [MEDIUM] process_srv_data: ensure that we always correctly re-arm timeouts - [MEDIUM] stream_sock_process_data moved to stream_sock.c - [MAJOR] make the client side use stream_sock_process_data() - [MEDIUM] split stream_sock_process_data - [OPTIM] stream_sock_read must check for null-reads more often - [MINOR] only call flow analysers when their read side is connected. - [MEDIUM] reintroduce BF_HIJACK with produce_content - [MINOR] re-arrange buffer flags and rename some of them - [MINOR] do not check for BF_SHUTR when computing write timeout - [OPTIM] ev_sepoll: detect newly created FDs and check them once - [OPTIM] reduce the number of calls to task_wakeup() - [OPTIM] force inlining of large functions with gcc >= 3 - [MEDIUM] indicate a reason for a task wakeup - [MINOR] change type of fdtab[]->owner to void* - [MAJOR] make stream sockets aware of the stream interface - [MEDIUM] stream interface: add the ->shutw method as well as in and out buffers - [MEDIUM] buffers: add BF_READ_ATTACHED and BF_ANA_TIMEOUT - [MEDIUM] process_session: make use of the new buffer flags - [CLEANUP] process_session: move debug outputs out of the critical loop - [MEDIUM] move QUEUE and TAR timers to stream interfaces - [OPTIM] add compiler hints in tick_is_expired() - [MINOR] add buffer_check_timeouts() to check what timeouts have fired. - [MEDIUM] use buffer_check_timeouts instead of stream_sock_check_timeouts() - [MINOR] add an expiration flag to the stream_sock_interface - [MAJOR] migrate the connection logic to stream interface - [MAJOR] add a connection error state to the stream_interface - [MEDIUM] add the SN_CURR_SESS flag to the session to track open sessions - [MEDIUM] continue layering cleanups. - [MEDIUM] stream_interface: added a DISconnected state between CON/EST and CLO - [MEDIUM] remove stream_sock_update_data() - [MINOR] maintain a global session list in order to ease debugging - [BUG] shutw must imply close during a connect - [MEDIUM] process shutw during connection attempt - [MEDIUM] make the stream interface control the SHUT{R,W} bits - [MAJOR] complete layer4/7 separation - [CLEANUP] move the session-related functions to session.c - [MINOR] call session->do_log() for logging - [MINOR] replace the ambiguous client_return function by stream_int_return - [MINOR] replace client_retnclose() with stream_int_retnclose() - [MINOR] replace srv_close_with_err() with http_server_error() - [MEDIUM] make the http server error function a pointer in the session - [CLEANUP] session.c: removed some migration left-overs in sess_establish() - [MINOR] stream_sock_data_finish() should not expose fd - [MEDIUM] extract TCP request processing from HTTP - [MEDIUM] extract the HTTP tarpit code from process_request(). - [MEDIUM] move the HTTP request body analyser out of process_request(). - [MEDIUM] rename process_request to http_process_request - [BUG] fix forgotten server session counter - [MINOR] declare process_session in session.h, not proto_http.h - [MEDIUM] first pass of lifting to proto_uxst.c:uxst_event_accept() - [MINOR] add an analyser code for UNIX stats request - [MINOR] pre-set analyser flags on the listener at registration time - [BUG] do not forward close from cons to prod with analysers - [MEDIUM] ensure that sock->shutw() also closes read for init states - [MINOR] add an analyser state in struct session - [MAJOR] make unix sockets work again with stats - [MEDIUM] remove cli_fd, srv_fd, cli_state and srv_state from the session - [MINOR] move the listener reference from fd to session - [MEDIUM] reference the current hijack function in the buffer itself - [MINOR] slightly rebalance stats_dump_{raw,http} - [MINOR] add a new back-reference type : struct bref - [MINOR] add back-references to sessions for later use by a dumper. - [MEDIUM] add support for "show sess" in unix stats socket - [BUG] do not release the connection slot during a retry - [BUG] dynamic connection throttling could return a max of zero conns - [BUG] do not try to pause backends during reload - [BUG] ensure that listeners from disabled proxies are correctly unbound. - [BUG] acl-related keywords are not allowed in defaults sections - [BUG] cookie capture is declared in the frontend but checked on the backend - [BUG] critical errors should be reported even in daemon mode - [MINOR] redirect: add support for the "drop-query" option - [MINOR] redirect: add support for "set-cookie" and "clear-cookie" - [MINOR] redirect: in prefix mode a "/" means not to change the URI - [BUG] do not dequeue requests on a dead server - [BUG] do not dequeue the backend's pending connections on a dead server - [MINOR] stats: indicate if a task is running in "show sess" - [BUG] check timeout must not be changed if timeout.check is not set - [BUG] "option transparent" is for backend, not frontend ! - [MINOR] transfer errors were not reported anymore in data phase - [MEDIUM] add a send limit to a buffer - [MEDIUM] don't report buffer timeout when there is I/O activity - [MEDIUM] indicate when we don't care about read timeout - [MINOR] add flags to indicate when a stream interface is waiting for space/data - [MEDIUM] enable inter-stream_interface wakeup calls - [MAJOR] implement autonomous inter-socket forwarding - [MINOR] add the splice_len member to the buffer struct in preparation of splice support - [MEDIUM] stream_sock: factor out the return path in case of no-writes - [MEDIUM] i/o: rework ->to_forward and ->send_max - [OPTIM] stream_sock: do not ask for polling on EAGAIN if we have read - [OPTIM] buffer: replace rlim by max_len - [OPTIM] stream_sock: factor out the buffer full handling out of the loop - [CLEANUP] replace a few occurrences of (flags & X) && !(flags & Y) - [CLEANUP] stream_sock: move the write-nothing condition out of the loop - [MEDIUM] split stream_sock_write() into callback and core functions - [MEDIUM] stream_sock_read: call ->chk_snd whenever there are data pending - [MINOR] stream_sock: fix a few wrong empty calculations - [MEDIUM] stream_sock: try to send pending data on chk_snd() - [MINOR] global.maxpipes: add the ability to reserve file descriptors for pipes - [MEDIUM] splice: add configuration options and set global.maxpipes - [MINOR] introduce structures required to support Linux kernel splicing - [MEDIUM] add definitions for Linux kernel splicing - [MAJOR] complete support for linux 2.6 kernel splicing - [BUG] reserve some pipes for backends with splice enabled - [MEDIUM] splice: add hints to support older buggy kernels - [MEDIUM] introduce pipe pools - [MEDIUM] splice: make use of pipe pools - [STATS] report pipe usage in the statistics - [OPTIM] make global.maxpipes default to global.maxconn/4 when not specified - [BUILD] fix snapshot date extraction with negative timezones - [MEDIUM] move global tuning options to the global structure - [MEDIUM] splice: add the global "nosplice" option - [BUILD] add USE_LINUX_SPLICE to enable LINUX_SPLICE on linux 2.6 - [BUG] we must not exit if protocol binding only returns a warning - [MINOR] add support for bind interface name - [BUG] inform the user when root is expected but not set - [MEDIUM] add support for source interface binding - [MEDIUM] add support for source interface binding at the server level - [MEDIUM] implement bind-process to limit service presence by process - [DOC] document maxpipes, nosplice, option splice-{auto,request,response} - [DOC] filled the logging section of the configuration manual - [DOC] document HTTP status codes - [DOC] document a few missing info about errorfile - [BUG] fix random memory corruption using "show sess" - [BUG] fix unix socket processing of interrupted output - [DOC] add diagrams of queuing and future ACL design - [BUILD] proto_http did not build on gcc-2.95 - [BUG] the "source" keyword must first clear optional settings - [BUG] global.tune.maxaccept must be limited even in mono-process mode - [MINOR] ensure that http_msg_analyzer updates pointer to invalid char - [MEDIUM] store a complete dump of request and response errors in proxies - [MEDIUM] implement error dump on unix socket with "show errors" - [DOC] document "show errors" - [MINOR] errors dump must use user-visible date, not internal date. - [MINOR] time: add __usec_to_1024th to convert usecs to 1024th of second - [MINOR] add curr_sec_ms and curr_sec_ms_scaled for current second. - [MEDIUM] measure and report session rate on frontend, backends and servers - [BUG] the "connslots" keyword was matched as "connlots" - [MINOR] acl: add 2 new verbs: fe_sess_rate and be_sess_rate - [MEDIUM] implement "rate-limit sessions" for the frontend - [BUG] interface binding: length must include the trailing zero - [BUG] typo in timeout error reporting : report *res and not *err - [OPTIM] maintain_proxies: only wake up when the frontend will be ready - [OPTIM] rate-limit: cleaner behaviour on low rates and reduce consumption - [BUG] switch server-side stream interface to close in case of abort - [CLEANUP] remove last references to term_trace - [OPTIM] freq_ctr: do not rotate the counters when reading - [BUG] disable any analysers for monitoring requests - [BUG] rate-limit in defaults section was ignored - [BUG] task: fix handling of duplicate keys - [OPTIM] task: don't unlink a task from a wait queue when waking it up - [OPTIM] displace tasks in the wait queue only if absolutely needed - [MEDIUM] minor update to the task api: let the scheduler queue itself - [BUG] event_accept() must always wake the task up, even in health mode - [CLEANUP] task: distinguish between clock ticks and timers - [OPTIM] task: reduce the number of calls to task_queue() - [OPTIM] do not re-check req buffer when only response has changed - [CLEANUP] don't enable kernel splicing when socket is closed - [CLEANUP] buffer_flush() was misleading, rename it as buffer_erase - [MINOR] buffers: implement buffer_flush() - [MEDIUM] rearrange forwarding condition to enable splice during analysis - [BUILD] build fixes for Solaris - [BUILD] proto_http did not build on gcc-2.95 (again) - [CONTRIB] halog: fast log parser for haproxy - [CONTRIB] halog: faster fgets() and add support for percentile reporting 2008/04/19 : 1.3.15 - [BUILD] Added support for 'make install' - [BUILD] Added 'install-man' make target for installing the man page - [BUILD] Added 'install-bin' make target - [BUILD] Added 'install-doc' make target - [BUILD] Removed "/" after '$(DESTDIR)' in install targets - [BUILD] Changed 'install' target to install the binaries first - [BUILD] Replace hardcoded 'LD = gcc' with 'LD = $(CC)' - [MEDIUM]: Inversion for options - [MEDIUM]: Count retries and redispatches also for servers, fix redistribute_pending, extend logs, %d->%u cleanup - [BUG]: Restore clearing t->logs.bytes - [MEDIUM]: rework checks handling - [DOC] Update a "contrib" file with a hint about a scheme used for formathing subjects - [MEDIUM] Implement "track [/]" - [MINOR] Implement persistent id for proxies and servers - [BUG] Don't increment server connections too much + fix retries - [MEDIUM]: Prevent redispatcher from selecting the same server, version #3 - [MAJOR] proto_uxst rework -> SNMP support - [BUG] appsession lookup in URL does not work - [BUG] transparent proxy address was ignored in backend - [BUG] hot reconfiguration failed because of a wrong error check - [DOC] big update to the configuration manual - [DOC] large update to the configuration manual - [DOC] document more options - [BUILD] major rework of the GNU Makefile - [STATS] add support for "show info" on the unix socket - [DOC] document options forwardfor to logasap - [MINOR] add support for the "backlog" parameter - [OPTIM] introduce global parameter "tune.maxaccept" - [MEDIUM] introduce "timeout http-request" in frontends - [MINOR] tarpit timeout is also allowed in backends - [BUG] increment server connections for each connect() - [MEDIUM] add a turn-around state of one second after a connection failure - [BUG] fix typo in redispatched connection - [DOC] document options nolinger to ssl-hello-chk - [DOC] added documentation for "option tcplog" to "use_backend" - [BUG] connect_server: server might not exist when sending error report - [MEDIUM] support fully transparent proxy on Linux (USE_LINUX_TPROXY) - [MEDIUM] add non-local bind to connect() on Linux - [MINOR] add transparent proxy support for balabit's Tproxy v4 - [BUG] use backend's source and not server's source with tproxy - [BUG] fix overlapping server flags - [MEDIUM] fix server health checks source address selection - [BUG] build failed on CONFIG_HAP_LINUX_TPROXY without CONFIG_HAP_CTTPROXY - [DOC] added "server", "source" and "stats" keywords - [DOC] all server parameters have been documented - [DOC] document all req* and rsp* keywords. - [DOC] added documentation about HTTP header manipulations - [BUG] log response byte count, not request - [BUILD] code did not build in full debug mode - [BUG] fix truncated responses with sepoll - [MINOR] use s->frt_addr as the server's address in transparent proxy - [MINOR] fix configuration hint about timeouts - [DOC] minor cleanup of the doc and notice to contributors - [MINOR] report correct section type for unknown keywords. - [BUILD] update MacOS Makefile to build on newer versions - [DOC] fix erroneous "useallbackups" option in the doc - [DOC] applied small fixes from early readers - [MINOR] add configuration support for "redir" server keyword - [MEDIUM] completely implement the server redirection method - [TESTS] add a test case for the server redirection mechanism - [DOC] add a configuration entry for "server ... redir " - [BUILD] backend.c and checks.c did not build without tproxy ! - Revert "[BUILD] backend.c and checks.c did not build without tproxy !" - [BUILD] backend.c and checks.c did not build without tproxy ! - [OPTIM] used unsigned ints for HTTP state and message offsets - [OPTIM] GCC4's builtin_expect() is suboptimal - [BUG] failed conns were sometimes incremented in the frontend! - [BUG] timeout.check was not pre-set to eternity - [TESTS] add test-pollers.cfg to easily report pollers in use - [BUG] do not apply timeout.connect in checks if unset - [BUILD] ensure that makefile understands USE_DLMALLOC=1 - [MINOR] silent gcc for a wrong warning - [CLEANUP] update .gitignore to ignore more temporary files - [CLEANUP] report dlmalloc's source path only if explictly specified - [BUG] str2sun could leak a small buffer in case of error during parsing - [BUG] option allbackups was not working anymore in roundrobin mode - [MAJOR] implementation of the "leastconn" load balancing algorithm - [BUILD] ensure that users don't build without setting the target anymore. - [DOC] document the leastconn LB algo - [MEDIUM] fix stats socket limitation to 16 kB - [DOC] fix unescaped space in httpchk example. - [BUG] fix double-decrement of server connections - [TESTS] add a test case for port mapping - [TESTS] add a benchmark for integer hashing - [TESTS] add new methods in ip-hash test file - [MAJOR] implement parameter hashing for POST requests 2007/12/06 : 1.3.14 - New option http_proxy (Alexandre Cassen) - add support for "maxqueue" to limit server queue overload (Elijah Epifanov) - Check for duplicated conflicting proxies (Krzysztof Oledzki) - stats: report server and backend cumulated downtime (Krzysztof Oledzki) - use backends only with use_backend directive (Krzysztof Oledzki) - Handle long lines properly (Krzysztof Oledzki) - Implement and use generic findproxy and relax duplicated proxy check (Krzysztof Oledzki) - continous statistics (Krzysztof Oledzki) - add support for logging via a UNIX socket (Robert Tsai) - fix error checking in strl2ic/strl2uic() - fix calls to localtime() - provide easier-to-use ultoa_* functions - provide easy-to-use limit_r and LIM2A* macros - add a simple test for the status page - move error codes to common/errors.h - silent warning about LIST_* being redefined on OpenBSD - add socket address length to the protocols - group PR_O_BALANCE_* bits into a checkable value - externalize the "balance" option parser to backend.c - introduce the "url_param" balance method - make default_backend work in TCP mode too - disable warning about localtime_r on Solaris - adjust error messages about conflicting proxies - avoid calling some layer7 functions if not needed - simplify error path in event_accept() - add an options field to the listeners - added a new state to listeners - unbind_listener() must use fd_delete() and not close() - add a generic unbind_listener() primitive - add a generic delete_listener() primitive - add a generic unbind_all_listeners() primitive - create proto_tcp and move initialization of proxy listeners - stats: report numerical process ID, proxy ID and server ID - relative_pid was not initialized - missing header names in raw stats output - fix missing parenthesis in check_response_for_cacheability - small optimization on session_process_counters() - merge ebtree version 3.0 - make ebtree headers multiple-include compatible - ebtree: include config.h for REGPRM* - differentiate between generic LB params and map-specific ones - add a weight divisor to the struct proxy - implement the Fast Weighted Round Robin (FWRR) algo - include filltab25.c to experiment on FWRR for dynamic weights - merge test-fwrr.cfg to validate dynamic weights - move the load balancing algorithm to be->lbprm.algo - change server check result to a bit field - implement "http-check disable-on-404" for graceful shutdown - secure the calling conditions of ->set_server_status_{up,down} - report disabled servers as "NOLB" when they are still UP - document the "http-check disable-on-404" option - http-check disable-on-404 is not limited to HTTP mode - add a test file for disable-on-404 - use distinct bits per load-balancing algorithm type - implement the slowstart parameter for servers - document the server's slowstart parameter - stats: report the server warm up status in a "throttle" column - fix 2 minor issues on AIX - add the "nbsrv" ACL verb - add the "fail" condition to monitor requests - remove a warning from gcc due to htons() in standard.c - fwrr: ensure that we never overflow in placements - store the build options to report with -vv - fix the status return of the init script (R.I. Pienaar) - stats: real time monitoring script for unix socket (Prizee) - document "nbsrv" and "monitor fail" - restrict the set of allowed characters for identifiers - implement a time parsing function - add support for time units in the configuration - add a bit of documentation about timers - introduce separation between contimeout, and tarpit + queue - introduce the "timeout" keyword - grouped all timeouts in one structure - slowstart is in ms, not seconds - slowstart: ensure we don't start with a null weight - report the number of times each server was selected - fix build on AIX due to recent log changes - fix build on Solaris due to recent log changes 2007/10/18 : 1.3.13 - replace the code under O'Reilly license (Arnaud Cornet) - add a small man page (Arnaud Cornet) - stats: report haproxy's version by default (Krzysztof Oledzki) - stats: count server retries and redispatches (Krzysztof Oledzki) - core: added easy support for Doug Lea's malloc (dlmalloc) - core: fade out memory usage when stopping proxies - core: moved the sockaddr pointer to the fdtab structure - core: add generic protocol support - core: implement client-side support for PF_UNIX sockets - stats: implement the CSV output - stats: add a link to the CSV export HTML page - stats: implement the statistics output on a unix socket - config: introduce the "stats" keyword in global section - build: centralize version and date into one file for each - tests: added a new hash algorithm 2007/10/18 : 1.3.12.3 - add the "nolinger" option to disable data lingering (Alexandre Cassen) - fix double-free during clean exit (Krzysztof Oledzki) - prevent the system from sending an RST when closing health-checks (Krzysztof Oledzki) - do not add a cache-control header when on non-cacheable responses (Krzysztof Oledzki) - spread health checks even more (Krzysztof Oledzki) - stats: scope "." must match the backend and not the frontend - fixed call to chroot() during startup - fix wrong timeout computation in event_accept() - remove condition for exit() under fork() failure 2007/09/20 : 1.3.12.2 - fix configuration sanity checks for TCP listeners - set the log socket receive window to zero bytes - pre-initialize timeouts to infinity, not zero - fix the SIGHUP message not to alert on server-less proxies - timeouts and retries could be ignored when switching backend - added a file to check that "retries" works. - O'Reilly has clarified its license 2007/09/05 : 1.3.12.1 - spec I/O: fix allocations of spec entries for an FD - ensure we never overflow in chunk_printf() - improve behaviour with large number of servers per proxy - add support for "stats refresh " - stats page: added links for 'refresh' and 'hide down' - fix backend's weight in the stats page. - the "stats" keyword is not allowed in a pure frontend. - provide a test configuration file for stats and checks 2007/06/17 : 1.3.12 - fix segfault at exit when using captures - bug: negation in ACL conds was not cleared between terms - errorfile: use a local file to feed error messages - acl: support '-i' to ignore case when matching - acl: smarter integer comparison with operators eq,lt,gt,le,ge - acl: support maching on 'path' component - acl: implement matching on header values - acl: distinguish between request and response headers - acl: permit to return any header when no name specified - acl: provide default ACLs - added the 'use_backend' keyword for full content-switching - acl: specify the direction during fetches - acl: provide the argument length for fetch functions - acl: provide a reference to the expr to fetch() - improve memory freeing upon exit - str2net() must not change the const char * - shut warnings 'is*' macros from ctype.h on solaris 2007/06/03 : 1.3.11.4 - do not re-arm read timeout in SHUTR state ! - optimize I/O by detecting system starvation - the epoll FD must not be shared between processes - limit the number of events returned by *poll* 2007/05/14 : 1.3.11.3 - pre-initialize timeouts with tv_eternity during parsing 2007/05/14 : 1.3.11.2 - fixed broken health-checks since switch to timeval 2007/05/14 : 1.3.11.1 - fixed ev_kqueue which was forgotten during the switch to timeval - allowed null timeouts for past events in select 2007/05/14 : 1.3.11 - fixed ev_sepoll again by rewriting the state machine - switched all timeouts to timevals instead of milliseconds - improved memory management using mempools v2. - several minor optimizations 2007/05/09 : 1.3.10.2 - fixed build on OpenBSD (missing types.h) 2007/05/09 : 1.3.10.1 - fixed sepoll transition matrix (two states were missing) 2007/05/08 : 1.3.10 - several fixes in ev_sepoll - fixed some expiration dates on some tasks - fixed a bug in connection establishment detection due to speculative I/O - fixed rare bug occuring on TCP with early close (reported by Andy Smith) - implemented URI hashing algorithm (Guillaume Dallaire) - implemented SMTP health checks (Peter van Dijk) - replaced the rbtree with ul2tree from old scheduler project - new framework for generic ACL support - added the 'acl' and 'block' keywords to the config language - added several ACL criteria and matches (IP, port, URI, ...) - cleaned up and better modularization for some time functions - fixed list macros - fixed useless memory allocation in str2net() - store the original destination address in the session 2007/04/15 : 1.3.9 - modularized the polling mechanisms and use function pointers instead of macros at many places - implemented support for FreeBSD's kqueue() polling mechanism - fixed a warning on OpenBSD : MIN/MAX redefined - change socket registration order at startup to accomodate kqueue. - several makefile cleanups to support old shells - fix build with limits.h once for all - ev_epoll: do not rely on fd_sets anymore, use changes stacks instead. - fdtab now holds the results of polling - implemented support for speculative I/O processing with epoll() - remove useless calls to shutdown(SHUT_RD), resulting in small speed boost - auto-registering of pollers at load time 2007/04/03 : 1.3.8.2 - rewriting either the status line or request line could crash the process due to a pointer which ought to be reset before parsing. - rewriting the status line in the response did not work, it caused a 502 Bad Gateway due to an erroneous state during parsing 2007/04/01 : 1.3.8.1 - fix reqadd when no option httpclose is used. - removed now unused fiprm and beprm from proxies - split logs into two versions : TCP and HTTP - added some docs about http headers storage and acls - added a VIM script for syntax color highlighting (Bruno Michel) 2007/03/25 : 1.3.8 - fixed several bugs which might have caused a crash with bad configs - several optimizations in header processing - many progresses towards transaction-based processing - option forwardfor may be used in frontends - completed HTTP response processing - some code refactoring between request and response processing - new HTTP header manipulation functions - optimizations on the recv() patch to reduce CPU usage under very high data rates. - more user-friendly help about the 'usesrc' keyword (CTTPROXY) - username/groupname support from Marcus Rueckert - added the "except" keyword to the "forwardfor" option (Bryan German) - support for health-checks on other addresses (Fabrice Dulaunoy) - makefile for MacOS 10.4 / Darwin (Dan Zinngrabe) - do not insert "Connection: close" in HTTP/1.0 messages 2007/01/26 : 1.3.7 - fix critical bug introduced with 1.3.6 : an empty request header may lead to a crash due to missing pointer assignment - hdr_idx might be left uninitialized in debug mode - fixed build on FreeBSD due to missing fd_set declaration 2007/01/22 : 1.3.6.1 - change in the header chaining broke cookies and authentication 2007/01/22 : 1.3.6 - stats now support the HEAD method too - extracted http request from the session - huge rework of the HTTP parser which is now a 28-state FSM. - linux-style likely/unlikely macros for optimization hints - do not create a server socket when there's no server - imported lots of docs 2007/01/07 : 1.3.5 - stats: swap color sets for active and backup servers - try to guess server check port when unset - added complete support and doc for TCP Splicing - replace the wait-queue linked list with an rbtree. - a few bugfixes and cleanups 2007/01/02 : 1.3.4 - support for cttproxy on the server side to present the client address to the server. - added support for SO_REUSEPORT on Linux (needs kernel patch) - new RFC2616-compliant HTTP request parser with header indexing - split proxies in frontends, rulesets and backends - implemented the 'req[i]setbe' to select a backend depending on the contents - added the 'default_backend' keyword to select a default BE. - new stats page featuring FEs and BEs + bytes in both dirs - improved log format to indicate the backend and the time in ms. - lots of cleanups 2006/10/15 : 1.3.3 - fix broken redispatch option in case the connection has already been marked "in progress" (ie: nearly always). - support regparm on x86 to speed up some often called functions - removed a few useless calls to gettimeofday() in log functions. - lots of 'const char*' cleanups - turn every FD_* into functions which are faster on recent CPUs 2006/09/03 : 1.3.2 - started the changes towards I/O completion callbacks. stream_sock* have replaced event_*. - added the new "reqtarpit" and "reqitarpit" protection features 2006/07/09 : 1.3.1 (1.2.15) - now, haproxy warns about missing timeout during startup to try to eliminate all those buggy configurations. - added "Content-Type: text/html" in responses wherever appropriate, as suggested by Cameron Simpson. - implemented "option ssl-hello-chk" to use SSLv3 CLIENT HELLO messages to test server's health - implemented "monitor-uri" so that haproxy can reply to a specific URI with an "HTTP/1.0 200 OK" response. This is useful to validate multiple proxies at once. 2006/06/29 : 1.3.0 - exploded the whole file into multiple .c and .h. No functionnal difference is expected at all. - fixed a bug by which neither stats nor error messages could be returned if 'clitimeout' was missing. 2006/05/21 : 1.2.14 - new HTML status report with the 'stats' keyword. - added the 'abortonclose' option to better resist traffic surges - implemented dynamic traffic regulation with the 'minconn' option - show request time on denied requests - definitely fixed hot reconf on OpenBSD by the use of SO_REUSEPORT - now a proxy instance is allowed to run without servers, which is useful to dedicate one instance to stats - added lots of error counters - a missing parenthesis preventd matching of cacheable cookies - a missing parenthesis in poll_loop() might have caused missed events. 2006/05/14 : 1.2.13.1 - an uninitialized field in the struct session could cause a crash when the session was freed. This has been encountered on Solaris only. - Solaris and OpenBSD no not support shutdown() on listening socket. Let's be nice to them by performing a soft stop if pause fails. 2006/05/13 : 1.2.13 - 'maxconn' server parameter to do per-server session limitation - queueing to support non-blocking session limitation - fixed removal of cookies for cookie-less servers such as backup servers - two separate wait queues for expirable and non-expirable tasks provide better performance with lots of sessions. - some code cleanups and performance improvements - made state dumps a bit more verbose - fixed missing checks for NULL srv in dispatch mode - load balancing on backup servers was not possible in source hash mode. - two session flags shared the same bit, but fortunately they were not compatible. 2006/04/15 : 1.2.12 Very few changes preparing for more important changes to support per-server session limitations and queueing : - ignore leading empty lines in HTTP requests as suggested by RFC2616. - added the 'weight' parameter to the servers, limited to 1..256. It applies to roundrobin and source hash. - the optional '-s' option could clobber '-st' and '-sf' if compiled in. 2006/03/30 : 1.2.11.1 - under some conditions, it might have been possible that when the last dead server became available, it would not have been used till another one would have changed state. Could not be reproduced at all, however seems possible from the code. 2006/03/25 : 1.2.11 - added the '-db' command-line option to disable backgrounding. - added the -sf/-st command-line arguments which are used to specify a list of pids to send a FINISH or TERMINATE signal upon startup. They will also be asked to release their port if a bind fails. - reworked the startup mechanism to allow the sending of a signal to a list of old pids if a socket cannot be bound, with a retry for a limited amount of time (1 second by default). - added the ability to enforce limits on memory usage. - added the 'source' load-balancing algorithm which uses the source IP(v4|v6) - re-architectured the server round-robin mechanism to ease integration of other algorithms. It now relies on the number of active and backup servers. - added a counter for the number of active and backup servers, and report these numbers upon SIGHUP or state change. 2006/03/23 : 1.2.10.1 - while fixing the backup server round-robin "feature", a new bug was introduced which could miss some backup servers. - the displayed proxy name was wrong when dumping upon SIGHUP. 2006/03/19 : 1.2.10 - assert.h is needed when DEBUG is defined. - ENORMOUS long standing bug affecting the epoll polling system : event_data is a union, not a structure ! - Make fd management more robust and easier to debug. Also some micro-optimisations. - Limit the number of consecutive accept() in multi-process mode. This produces a more evenly distributed load across the processes and slightly improves performance by reducing bottlenecks. - Make health-checks be more regular, and faster to retry after a timeout. - Fixed some messages to ease parsing of alerts. - provided a patch to enable epoll on RHEL3 kernels. - Separated OpenBSD build from the main Makefile into a new one. 2006/03/15 : 1.2.9 - haproxy could not be stopped after being paused, it had to be woken up first. This has been fixed. - the 'ulimit-n' parameter is now optional and by default computed from maxconn + the number of listeners + the number of health-checks. - it is now possible to specify a maximum number of connections at build time with the SYSTEM_MAXCONN define. The value set in the configuration file will then be limited to this value, and only the command-line '-n' option will be able to bypass it. It will prevent against accidental high memory usage on small systems. - RFC2616 expects that any HTTP agent accepts multi-line headers. Earlier versions did not detect a line beginning with a space as the continuation of previous header. It is now correct. - health checks sent to servers configured with identical intervals were sent in perfect synchronisation because the initial time was the same for all. This could induce high load peaks when fragile servers were hosting tens of instances for the same application. Now the load is spread evenly across the smallest interval amongst a listener. - a new 'forceclose' option was added to make the proxy close the outgoing channel to the server once it has sent all its headers and the server starts responding. This helps some servers which don't close upon the 'Connection: close' header. It implies 'option httpclose'. - there was a bug in the way the backup servers were handled. They were erroneously load-balanced while the doc said the opposite. Since load-balanced backup servers is one of the features some people have been asking for, the problem was fixed to reflect the documented behaviour and a new option 'allbackups' was introduced to provide the feature to those who need it. - a never ending connect() could lead to a fast select() loop if its timeout times the number of retransmits exceeded the server read or write timeout, because the later was used to compute select()'s timeout while the connection timeout was not reached. - now we initialize the libc's localtime structures very early so that even under OOM conditions, we can still send dated error messages without segfaulting. - the 'daemon' mode implies 'quiet' and disables 'verbose' because file descriptors are closed. 2006/01/29 : 1.2.8 - fixed a nasty bug affecting poll/epoll which could return unmodified data from the server to the client, and sometimes lead to memory corruption crashing the process. - added the new pause/play mechanism with SIGTTOU/SIGTTIN for hot-reconf. 2005/12/18 : 1.2.7.1 - the "retries" option was ignored because connect() could not return an error if the connection failed before the timeout. - TCP health-checks could not detect a connection refused in poll/epoll mode. 2005/11/13 : 1.2.7 - building with -DUSE_PCRE should include PCRE headers and not regex.h. At least on Solaris, this caused the libc's regex primitives to be used instead of PCRE, which caused trouble on group references. This is now fixed. - delayed the quiet mode during startup so that most of the startup alerts can be displayed even in quiet mode. - display an alert when a listener has no address, invalid or no port, or when there are no enabled listeners upon startup. - added "static-pcre" to the list of supported regex options in the Makefile. 2005/10/09 : 1.2.7rc (1.1.33rc) - second batch of socklen_t changes. - clean-ups from Cameron Simpson. - because tv_remain() does not know about eternity, using no timeout can make select() spin around a null time-out. Bug reported by Cameron Simpson. - client read timeout was not properly set to eternity initialized after an accept() if it was not set in the config. It remained undetected so long because eternity is 0 and newly allocated pages are zeroed by the system. - do not call get_original_dst() when not in transparent mode. - implemented a workaround for a bug in certain epoll() implementations on linux-2.4 kernels (epoll-lt <= 0.21). - implemented TCP keepalive with new options : tcpka, clitcpka, srvtcpka. 2005/08/07 : 1.2.6 - clean-up patch from Alexander Lazic fixes build on Debian 3.1 (socklen_t). 2005/07/06 : 1.2.6-pre5 (1.1.32) - added the number of active sessions (proxy/process) in the logs 2005/07/06 : 1.2.6-pre4 (1.1.32-pre4) - the time-out fix introduced in 1.1.25 caused a corner case where it was possible for a client to keep a connection maintained regardless of the timeout if the server closed the connection during the HEADER phase, while the client ignored the close request while doing nothing in the other direction. This has been fixed now by ensuring that read timeouts are re-armed when switching to any SHUTW state. 2005/07/05 : 1.2.6-pre3 (1.1.32-pre3) - enhanced error reporting in the logs. Now the proxy will precisely detect various error conditions related to the system and/or process limits, and generate LOG_EMERG logs indicating that a resource has been exhausted. - logs will contain two new characters for the error cause : 'R' indicates a resource exhausted, and 'I' indicates an internal error, though this one should never happen. - server connection timeouts can now be reported in the logs (sC), as well as connections refused because of maxconn limitations (PC). 2005/07/05 : 1.2.6-pre2 (1.1.32-pre2) - new global configuration keyword "ulimit-n" may be used to raise the FD limit to usable values. - a warning is now displayed on startup if the FD limit is lower than the configured maximum number of sockets. 2005/07/05 : 1.2.6-pre1 (1.1.32-pre1) - new configuration keyword "monitor-net" makes it possible to be monitored by external devices which connect to the proxy without being logged nor forwarded to any server. Particularly useful on generic TCPv4 relays. 2005/06/21 : 1.2.5.2 - fixed build on PPC where chars are unsigned by default 2005/05/02 : 1.2.5.1 - dirty hack to fix a bug introduced with epoll : if we close an FD and immediately reassign it to another session through a connect(), the Prev{Read,Write}Events are not updated, which causes trouble detecting changes, thus leading to many timeouts at high loads. 2005/04/30 : 1.2.5 (1.1.31) - changed the runtime argument to disable epoll() to '-de' - changed the runtime argument to disable poll() to '-dp' - added global options 'nopoll' and 'noepoll' to do the same at the configuration level. - added a 'linux24e' target to the Makefile for Linux 2.4 systems patched to support epoll(). - changed default FD_SETSIZE to 65536 on Solaris (default=1024) - conditionned signals redirection to #ifdef DEBUG_MEMORY 2005/04/26 : 1.2.5-pre4 - made epoll() support a compile-time option : ENABLE_EPOLL - provided a very little libc replacement for a possibly missing epoll() implementation which can be enabled by -DUSE_MY_EPOLL - implemented the poll() poller, which can be enabled with -DENABLE_POLL. The equivalent runtime argument becomes '-P'. A few tests show that it performs like select() with many fds, but slightly slower (certainly because of the higher amount of memory involved). - separated the 3 polling methods and the tasks scheduler into 4 distinct functions which makes the code a lot more modular. - moved some event tables to private static declarations inside the poller functions. - the poller functions can now initialize themselves, run, and cleanup. - changed the runtime argument to enable epoll() to '-E'. - removed buggy epoll_ctl() code in the client_retnclose() function. This function was never meant to remove anything. - fixed a typo which caused glibc to yell about a double free on exit. - removed error checking after epoll_ctl(DEL) because we can never know if the fd is still active or already closed. - added a few entries in the makefile 2005/04/25 : 1.2.5-pre3 - experimental epoll() support (use temporary '-e' argument) 2005/04/24 : 1.2.5-pre2 - implemented the HTTP 303 code for error redirection. This forces the browser to fetch the given URI with a GET request. The new keyword for this is 'errorloc303', and a new 'errorloc302' keyword has been created to make them easily distinguishable. - added more controls in the parser for valid use of '\x' sequence. - few fixes from Alex & Klaus 2005/02/17 : 1.2.5-pre1 - fixed a few errors in the documentation 2005/02/13 - do not pre-initialize unused file-descriptors before select() anymore. 2005/01/22 : 1.2.4 - merged Alexander Lazic's and Klaus Wagner's work on application cookie-based persistence. Since this is the first merge, this version is not intended for general use and reports are more than welcome. Some documentation is really needed though. 2005/01/22 : 1.2.3 (1.1.30) - add an architecture guide to the documentation - released without any changes 2004/12/26 : 1.2.3-pre1 (1.1.30-pre1) - increased default BUFSIZE to 16 kB to accept max headers of 8 kB which is compatible with Apache. This limit can be configured in the makefile now. Thanks to Eric Fehr for the checks. - added a per-server "source" option which now makes it possible to bind to a different source for each (potentially identical) server. - changed cookie-based server selection slightly to allow several servers to share a same cookie, thus making it possible to associate backup servers to live servers and ease soft-stop for maintenance periods. (Alexander Lazic) - added the cookie 'prefix' mode which makes it possible to use persistence with thin clients which support only one cookie. The server name is prefixed before the application cookie, and restore back. - fixed the order of servers within an instance to match documentation. Now the servers are *really* used in the order of their declaration. This is particularly important when multiple backup servers are in use. 2004/10/18 : 1.2.2 (1.1.29) - fixed a bug where a TCP connection would be logged twice if the 'logasap' option was enabled without the 'tcplog' option. - encode_string() would use hdr_encode_map instead of the map argument. 2004/08/10 : (1.1.29-pre2) - the logged request is now encoded with '#XX' for unprintable characters - new keywords 'capture request header' and 'capture response header' enable logging of arbitrary HTTP headers in requests and responses - removed "-DSOLARIS" after replacing the last inet_aton() with inet_pton() 2004/06/06 : 1.2.1 (1.1.28) - added the '-V' command line option to verbosely report errors even though the -q or 'quiet' options are specified. This is useful with '-c'. - added a Red Hat init script and a .spec from Simon Matter 2004/06/05 : - added the "logasap" option which produces a log without waiting for the data to be transferred from the server to the client. - added the "httpclose" option which removes any "connection:" header and adds "Connection: close" in both direction. - added the 'checkcache' option which blocks cacheable responses containing dangerous headers, such as 'set-cookie'. - added 'rspdeny' and 'rspideny' to block certain responses to avoid sensible information leak from servers. 2004/04/18 : - send an EMERG log when no server is available for a given proxy - added the '-c' command line option to syntactically check the configuration file without starting the service. 2003/11/09 : 1.2.0 - the same as 1.1.27 + IPv6 support on the client side 2003/10/27 : 1.1.27 - the configurable HTTP health check introduced in 1.1.23 revealed a shameful bug : the code still assumed that HTTP requests were the same size as the original ones (22 bytes), and failed if they were not. - added support for pidfiles. 2003/10/22 : 1.1.26 - the fix introduced in 1.1.25 for client timeouts while waiting for servers broke almost all compatibility with POST requests, because the proxy stopped to read anything from the client as soon as it got all of its headers. 2003/10/15 : 1.1.25 - added the 'tcplog' option, which provides enhanced, HTTP-like logs for generic TCP proxies, or lighter logs for HTTP proxies. - fixed a time-out condition wrongly reported as client time-out in data phase if the client timeout was lower than the connect timeout times the number of retries. 2003/09/21 : 1.1.24 - if a client sent a full request then shut its write connection down, then the request was aborted. This case was detected only when using haproxy both as health-check client and as a server. - if 'option httpchk' is used in a 'health' mode server, then responses will change from 'OK' to 'HTTP/1.0 200 OK'. - fixed a Linux-only bug in case of HTTP server health-checks, where a single server response followed by a close could be ignored, and the server seen as failed. 2003/09/19 : 1.1.23 - fixed a stupid bug introduced in 1.1.22 which caused second and subsequent 'default' sections to keep previous parameters, and not initialize logs correctly. - fixed a second stupid bug introduced in 1.1.22 which caused configurations relying on 'dispatch' mode to segfault at the first connection. - 'option httpchk' now supports method, HTTP version and a few headers. - now, 'option httpchk', 'cookie' and 'capture' can be specified in 'defaults' section 2003/09/10 : 1.1.22 - 'listen' now supports optionnal address:port-range lists - 'bind' introduced to add new listen addresses - fixed a bug which caused a session to be kept established on a server till it timed out if the client closed during the DATA phase. - the port part of each server address can now be empty to make the proxy connect to the server on the same port it was connected to, be an absolute unsigned number to reflect a single port (as in older versions), or an explicitly signed number (+N/-N) to indicate that this offset must be applied to the port the proxy was connected to, when connecting to the server. - the 'port' server option allows the user to specify a different health-check port than the service one. It is mandatory when only relative ports have been specified and check is required. By default, the checks are sent to the service port. - new 'defaults' section which is rather similar to 'listen' except that all values are only used as default values for future 'listen' sections, until a new 'defaults' resets them. At the moment, server options, regexes, cookie names and captures cannot be set in the 'defaults' section. 2003/05/06 : 1.1.21 - changed the debug output format so that it now includes the session unique ID followed by the instance name at the beginning of each line. - in debug mode, accept now shows the client's IP and port. - added one 3 small debugging scripts to search and pretty print debug output - changed the default health check request to "OPTIONS /" instead of "OPTIONS *" since not all servers implement the later one. - "option httpchk" now accepts an optional parameter allowing the user to specify and URI other than '/' during health-checks. 2003/04/21 : 1.1.20 - fixed two problems with time-outs, one where a server would be logged as timed out during transfer that take longer to complete than the fixed time-out, and one where clients were logged as timed-out during the data phase because they didn't have anything to send. This sometimes caused slow client connections to close too early while in fact there was no problem. The proper fix would be to have a per-fd time-out with conditions depending on the state of the HTTP FSM. 2003/04/16 : 1.1.19 - haproxy was NOT RFC compliant because it was case-sensitive on HTTP "Cookie:" and "Set-Cookie:" headers. This caused JVM 1.4 to fail on cookie persistence because it uses "cookie:". Two memcmp() have been replaced with strncasecmp(). 2003/04/02 : 1.1.18 - Haproxy can be compiled with PCRE regex instead of libc regex, by setting REGEX=pcre on the make command line. - HTTP health-checks now use "OPTIONS *" instead of "OPTIONS /". - when explicit source address binding is required, it is now also used for health-checks. - added 'reqpass' and 'reqipass' to allow certain headers but not the request itself. - factored several strings to reduce binary size by about 2 kB. - replaced setreuid() and setregid() with more standard setuid() and setgid(). - added 4 status flags to the log line indicating who ended the connection first, the sessions state, the validity of the cookie, and action taken on the set-cookie header. 2002/10/18 : 1.1.17 - add the notion of "backup" servers, which are used only when all other servers are down. - make Set-Cookie return "" instead of "(null)" when the server has no cookie assigned (useful for backup servers). - "log" now supports an optionnal level name (info, notice, err ...) above which nothing is sent. - replaced some strncmp() with memcmp() for better efficiency. - added "capture cookie" option which logs client and/or server cookies - cleaned up/down messages and dump servers states upon SIGHUP - added a redirection feature for errors : "errorloc " - now we won't insist on connecting to a dead server, even with a cookie, unless option "persist" is specified. - added HTTP/408 response for client request time-out and HTTP/50[234] for server reply time-out or errors. 2002/09/01 : 1.1.16 - implement HTTP health checks when option "httpchk" is specified. 2002/08/07 : 1.1.15 - replaced setpgid()/setpgrp() with setsid() for better portability, because setpgrp() doesn't have the same meaning under Solaris, Linux, and OpenBSD. 2002/07/20 : 1.1.14 - added "postonly" cookie mode 2002/07/15 : 1.1.13 - tv_diff used inverted parameters which led to negative times ! 2002/07/13 : 1.1.12 - fixed stats monitoring, and optimized some tv_* for most common cases. - replaced temporary 'newhdr' with 'trash' to reduce stack size - made HTTP errors more HTML-fiendly. - renamed strlcpy() to strlcpy2() because of a slightly difference between their behaviour (return value), to avoid confusion. - restricted HTTP messages to HTTP proxies only - added a 502 message when the connection has been refused by the server, to prevent clients from believing this is a zero-byte HTTP 0.9 reply. - changed 'Cache-control:' from 'no-cache="set-cookie"' to 'private' when inserting a cookie, because some caches (apache) don't understand it. - fixed processing of server headers when client is in SHUTR state 2002/07/04 : - automatically close fd's 0,1 and 2 when going daemon ; setpgrp() after setpgid() 2002/06/04 : 1.1.11 - fixed multi-cookie handling in client request to allow clean deletion in insert+indirect mode. Now, only the server cookie is deleted and not all the header. Should now be compliant to RFC2965. - added a "nocache" option to "cookie" to specify that we explicitly want to add a "cache-control" header when we add a cookie. It is also possible to add an "Expires: " to keep compatibility with old/broken caches. 2002/05/10 : 1.1.10 - if a cookie is used in insert+indirect mode, it's desirable that the the servers don't see it. It was not possible to remove it correctly with regexps, so now it's removed automatically. 2002/04/19 : 1.1.9 - don't use snprintf()'s return value as an end of message since it may be larger. This caused bus errors and segfaults in internal libc's getenv() during localtime() in send_log(). - removed dead insecure send_syslog() function and all references to it. - fixed warnings on Solaris due to buggy implementation of isXXXX(). 2002/04/18 : 1.1.8 - option "dontlognull" - fixed "double space" bug in config parser - fixed an uninitialized server field in case of dispatch with no existing server which could cause a segfault during logging. - the pid logged was always the father's, which was wrong for daemons. - fixed wrong level "LOG_INFO" for message "proxy started". 2002/04/13 : - http logging is now complete : - ip:port, date, proxy, server - req_time, conn_time, hdr_time, tot_time - status, size, request - source address 2002/04/12 : 1.1.7 - added option forwardfor - added reqirep, reqidel, reqiallow, reqideny, rspirep, rspidel - added "log global" in "listen" section. 2002/04/09 : - added a new "global" section : - logs - debug, quiet, daemon modes - uid, gid, chroot, nbproc, maxconn 2002/04/08 : 1.1.6 - regex are now chained and not limited anymore. - unavailable server now returns HTTP/502. - increased per-line args limit to 40 - added reqallow/reqdeny to block some request on matches - added HTTP 400/403 responses 2002/04/03 : 1.1.5 - connection logging displayed incorrect source address. - added proxy start/stop and server up/down log events. - replaced log message short buffers with larger trash. - enlarged buffer to 8 kB and replace buffer to 4 kB. 2002/03/25 : 1.1.4 - made rise/fall/interval time configurable 2002/03/22 : 1.1.3 - fixed a bug : cr_expire and cw_expire were inverted in CL_STSHUT[WR] which could lead to loops. 2002/03/21 : 1.1.2 - fixed a bug in buffer management where we could have a loop between event_read() and process_{cli|srv} if R==BUFSIZE-MAXREWRITE. => implemented an adjustable buffer limit. - fixed a bug : expiration of tasks in wait queue timeout is used again, and running tasks are skipped. - added some debug lines for accept events. - send warnings for servers up/down. 2002/03/12 : 1.1.1 - fixed a bug in total failure handling - fixed a bug in timestamp comparison within same second (tv_cmp_ms) 2002/03/10 : 1.1.0 - fixed a few timeout bugs - rearranged the task scheduler subsystem to improve performance, add new tasks, and make it easier to later port to librt ; - allow multiple accept() for one select() wake up ; - implemented internal load balancing with basic health-check ; - cookie insertion and header add/replace/delete, with better strings support. 2002/03/08 - reworked buffer handling to fix a few rewrite bugs, and improve overall performance. - implement the "purge" option to delete server cookies in direct mode. 2002/03/07 - fixed some error cases where the maxfd was not decreased. 2002/02/26 - now supports transparent proxying, at least on linux 2.4. 2002/02/12 - soft stop works again (fixed select timeout computation). - it seems that TCP proxies sometimes cannot timeout. - added a "quiet" mode. - enforce file descriptor limitation on socket() and accept(). 2001/12/30 : release of version 1.0.2 : fixed a bug in header processing 2001/12/19 : release of version 1.0.1 : no MSG_NOSIGNAL on solaris 2001/12/16 : release of version 1.0.0. 2001/12/16 : added syslog capability for each accepted connection. 2001/11/19 : corrected premature end of files and occasional SIGPIPE. 2001/10/31 : added health-check type servers (mode health) which replies OK then closes. 2001/10/30 : added the ability to support standard TCP proxies and HTTP proxies with or without cookies (use keyword http for this). 2001/09/01 : added client/server header replacing with regexps. eg: cliexp ^(Host:\ [^:]*).* Host:\ \1:80 srvexp ^Server:\ .* Server:\ Apache 2000/11/29 : first fully working release with complete FSMs and timeouts. 2000/11/28 : major rewrite 2000/11/26 : first write