ChangeLog : =========== 2022/12/09 : 1.8.31 - BUG/MINOR: tools: fix parsing "us" unit for timers - BUG/MEDIUM: sample: Fix adjusting size in field converter - BUG/MINOR: logs: Report the true number of retries if there was no connection - BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases - BUG/MEDIUM: peers: re-work connection to new process during reload. - BUG/MEDIUM: peers: re-work refcnt on table to protect against flush - BUG/MEDIUM: peers: initialize resync timer to get an initial full resync - BUG/MEDIUM: peers: register last acked value as origin receiving a resync req - BUG/MEDIUM: peers: stop considering ack messages teaching a full resync - BUG/MEDIUM: peers: reset starting point if peers appears longly disconnected - BUG/MEDIUM: peers: reset commitupdate value in new conns - BUG/MEDIUM: peers: re-work updates lookup during the sync on the fly - BUG/MEDIUM: peers: reset tables stage flags stages on new conns - BUG/MEDIUM: ebtree: Invalid read when looking for dup entry - BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' - BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter - BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future - BUG/MEDIUM: dns: reset file descriptor if send returns an error - BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE - BUG/MINOR: ssl: use atomic ops to update global shctx stats - BUG/MEDIUM: dns: send messages on closed/reused fd if fd was detected broken - BUG/MEDIUM: spoe: Register pre/post analyzers in start_analyze callback function - BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check - DOC: config: Add missing actions in "tcp-request session" documentation - BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI - BUG/MINOR: server/cli: Fix locking in function processing "set server" command - BUG/MEDIUM: sock: make sure to never miss early connection failures - BUG/MINOR: cli: fix server name output in "show fd" - DOC: stick-table: add missing documentation about gpt0 stored type - DOC: peers: fix the protocol tag name in the doc - BUG/MINOR: peers: fix data_type bit computation more than 32 data_types - BUG/MEDIUM: tcp-check: Do not dereference inexisting connection - BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning - BUG/MEDIUM: mworker: do not register an exit handler if exit is expected - BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs - BUG/MINOR: server: update last_change on maint->ready transitions too - BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long - BUG/MINOR: tools: Fix loop condition in dump_text() - BUG/MINOR: compat: make sure __WORDSIZE is always defined - BUG/MEDIUM: sock: really fix detection of early connection failures in for 2.3- - BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time - CLEANUP: Add missing include guard to signal.h - MINOR: action: Use a generic function to check validity of an action rule list - BUILD: add detection of missing important CFLAGS - BUG/MINOR: server: allow 'enable health' only if check configured - DOC: peers: fix doc "enable" statement on "peers" sections - BUG/MEDIUM: lua: fix wakeup condition from sleep() - BUG/MAJOR: lua: use task_wakeup() to properly run a task once - BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error - BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame - BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration - BUG/MINOR: cli: fix _getsocks with musl libc - BUG/MEDIUM: mworker: don't lose the stats socket on failed reload - BUG/MAJOR: spoe: properly detach all agents when releasing the applet - MINOR: sock: move the unused socket cleaning code into its own function - BUG/MEDIUM: mworker: close unused transferred FDs on load failure - BUG/MINOR: cli: shows correct mode in "show sess" - DOC: ssl: req_ssl_sni needs implicit TLS - BUG/MINOR: cache: do not display expired entries in "show cache" - SCRIPTS: announce-release: update the doc's URL - SCRIPTS: announce-release: add shortened links to pending issues - BUG/MINOR: cache: Disable cache if applet creation fails - DOC: remove my name from the config doc - SCRIPTS: announce-release: add URL of dev packages - BUG/MEDIUM: cli: make "show cli sockets" really yield - BUG/MINOR: map/cli: protect the backref list during "show map" errors - BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init - BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes). - DOC: peers: clarify when entry expiration date is renewed. - BUG/MINOR: server: do not enable DNS resolution on disabled proxies - BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible - BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent - BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers - BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found - BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle - BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode - BUG/MEDIUM: peers: Add connect and server timeut to peers proxy - BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK - BUG/MAJOR: stick-table: don't process store-response rules for applets - BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task - BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task - BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists - BUILD: listener: fix build warning on global_listener_rwlock without threads 2021/04/12 : 1.8.30 - MINOR: time: also provide a global, monotonic global_now_ms timer - BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable - BUG/MEDIUM: time: make sure to always initialize the global tick - MINOR: tools: make url2ipv4 return the exact number of bytes parsed - BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters - BUG/MINOR: tcp: fix silent-drop workaround for IPv6 - BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS - BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields 2021/03/19 : 1.8.29 - BUG/MINOR: sample: Memory leak of sample_expr structure in case of error - BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX - BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name - DOC: management: fix "show resolvers" alphabetical ordering - BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list - BUG/MINOR: xxhash: make sure armv6 uses memcpy() - CLEANUP: remove unused src/cfgparse-listen.c - BUG/MINOR: server: re-align state file fields number - BUG/MINOR: server: Fix server-state-file-name directive - CLEANUP: deinit: release global and per-proxy server-state variables on deinit - BUG/MEDIUM: config: don't pick unset values from last defaults section - BUG/MINOR: server: Don't call fopen() with server-state filepath set to NULL - CLEANUP: channel: fix comment in ci_putblk. - BUG/MINOR: server: Remove RMAINT from admin state when loading server state - BUG/MINOR: session: atomically increment the tracked sessions counter - BUG/MINOR: checks: properly handle wrapping time in __health_adjust() - BUG/MINOR: sample: Always consider zero size string samples as unsafe - BUG/MINOR: server: Init params before parsing a new server-state line - BUG/MINOR: server: Be sure to cut the last parsed field of a server-state line - BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop - BUG/MEDIUM: cli/shutdown sessions: make it thread-safe - BUG/MINOR: http-ana: Only consider dst address to process originalto option - BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule - BUG/MINOR: connection: Use the client's dst family for adressless servers - BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1 - BUG/MAJOR: spoe: Be sure to remove all references on a released spoe applet - BUG/MEDIUM: spoe: Explicitly wakeup SPOE stream if waiting for more data - DOC: spoe: Add a note about fragmentation support in HAProxy - BUG/MEDIUM: dns: Consider the fact that dns answers are case-insensitive - BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring() - BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode - BUG/MEDIUM: session: NULL dereference possible when accessing the listener - BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached - BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters - CLEANUP: tcp-rules: add missing actions in the tcp-request error message - BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error - BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames - MINOR: time: export the global_now variable - OPTIM: freq-ctr: don't take the date lock for most updates - BUG/MINOR: freq_ctr/threads: make use of the last updated global time 2021/01/13 : 1.8.28 - BUG/MINOR: config: copy extra cookie attributes from dfl proxy - BUG/MINOR: http-fetch: Extract cookie value even when no cookie name - BUG/MINOR: http-fetch: Fix calls w/o parentheses of the cookie sample fetches - MINOR: spoe: Don't close connection in sync mode on processing timeout - DOC: config: Move req.hdrs and req.hdrs_bin in L7 samples fetches section - BUG/MINOR: lua: lua-load doesn't check its parameters - BUG/MINOR: lua: Post init register function are not executed beyond the first one - BUG/MINOR: lua: Some lua init operation are processed unsafe - MINOR: actions: Export actions lookup functions - MINOR: actions: add a function returning a service pointer from its name - MINOR: cli: add a function to look up a CLI service description - BUG/MINOR: lua: warn when registering action, conv, sf, cli or applet multiple times - DOC/MINOR: Fix formatting in Management Guide - DOC: email change of the DeviceAtlas maintainer - BUG/MINOR: tools: make parse_time_err() more strict on the timer validity - BUG/MINOR: tools: Reject size format not starting by a digit - BUG/MEDIUM: lb-leastconn: Reposition a server using the right eweight - CLEANUP: lua: Remove declaration of an inexistant function - CLEANUP: stream: remove an obsolete debugging test - BUG/MEDIUM: mworker: fix again copy_argv() - BUILD: Makefile: have "make clean" destroy .o/.a/.s in contrib subdirs as well - CONTRIB: halog: fix build issue caused by %L printf format - CONTRIB: halog: mark the has_zero* functions unused - CONTRIB: halog: fix signed/unsigned build warnings on counts and timestamps - BUILD: plock: remove dead code that causes a warning in gcc 11 - BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h - MINOR: atomic: don't use ; to separate instruction on aarch64. - BUG/MINOR: cfgparse: Fail if the strdup() for `rule->be.name` for `use_backend` fails - SCRIPTS: improve announce-release to support different tag and versions - SCRIPTS: make announce release support preparing announces before tag exists - BUG/MINOR: srv: do not init address if backend is disabled - DOC: fix some spelling issues over multiple files - SCRIPTS: announce-release: fix typo in help message 2020/11/06 : 1.8.27 - BUG/MINOR: dns: ignore trailing dot - BUG/MEDIUM: mux-h2: Don't fail if nothing is parsed for a legacy chunk response - BUG/MEDIUM: map/lua: Return an error if a map is loaded during runtime - BUG/MINOR: lua: Check argument type to convert it to IPv4/IPv6 arg validation - BUG/MINOR: lua: Check argument type to convert it to IP mask in arg validation - BUG/MINOR: stats: use strncmp() instead of memcmp() on health states - BUG/MINOR: reload: do not fail when no socket is sent - BUG/MINOR: startup: haproxy -s cause 100% cpu - BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp() - BUG/MINOR: threads: work around a libgcc_s issue with chrooting - BUILD: thread: limit the libgcc_s workaround to glibc only - MINOR: Commit .gitattributes - CLEANUP: Update .gitignore - BUILD: threads: better workaround for late loading of libgcc_s - BUG/MEDIUM: pattern: Renew the pattern expression revision when it is pruned - BUG/MEDIUM: pattern: fix memory leak in regex pattern functions - BUG/MEDIUM: ssl: does not look for all SNIs before chosing a certificate - BUG/MINOR: ssl: verifyhost is case sensitive - BUG/MEDIUM: h2: report frame bits only for handled types - BUG/MINOR: config: Fix memory leak on config parse listen - BUG/MEDIUM: listeners: do not pause foreign listeners - DOC: agent-check: fix typo in "fail" word expected reply - REGTESTS: add a few load balancing tests - REGTEST: fix host part in balance-uri-path-only.vtc - REGTEST: make abns_socket.vtc require 1.8 - REGTEST: make map_regm_with_backref require 1.7 - DOC: ssl: crt-list negative filters are only a hint - MINOR: counters: fix a typo in comment - BUG/MINOR: stats: fix validity of the json schema - MINOR: hlua: Display debug messages on stderr only in debug mode - BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided - BUG/MEDIUM: lb: Always lock the server when calling server_{take,drop}_conn - BUG/MINOR: queue: properly report redistributed connections - BUG/MEDIUM: server: support changing the slowstart value from state-file - BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer possible - BUG/MINOR: extcheck: add missing checks on extchk_setenv() - BUG/MINOR: server: fix srv downtime calcul on starting - BUG/MINOR: server: fix down_time report for stats - BUG/MINOR: lua: initialize sample before using it - BUG/MINOR: cache: Inverted variables in http_calc_maxage function - BUG/MEDIUM: filters: Don't try to init filters for disabled proxies - BUG/MINOR: server: Set server without addr but with dns in RMAINT on startup - MINOR: server: Copy configuration file and line for server templates - BUG/MINOR: filters: Skip disabled proxies during startup only 2020/08/03 : 1.8.26 - BUILD: chunk: properly declare pool_head_trash as extern - BUILD: cache: avoid a build warning with some compilers/linkers - BUG/MINOR: ssl: default settings for ssl server options are not used - BUG/MINOR: tools: fix the i386 version of the div64_32 function - DOC: option logasap does not depend on mode - BUG/MINOR: check: Update server address and port to execute an external check - BUG/MINOR: checks: Respect the no-check-ssl option - BUG/MINOR: checks/server: use_ssl member must be signed - BUG/MINOR: checks: chained expect will not properly wait for enough data - BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream - BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream - BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam - BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam - BUG/MEDIUM: shctx: really check the lock's value while waiting - BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock - REGTEST: ssl: test the client certificate authentication - BUG/MINOR: sample: Set the correct type when a binary is converted to a string - BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur - BUG/MEDIUM: http_ana: make the detection of NTLM variants safer - BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered - BUG/MINOR: pollers: remove uneeded free in global init - BUILD: select: only declare existing local labels to appease clang - SCRIPTS: publish-release: pass -n to gzip to remove timestamp - BUG/MINOR: peers: fix internal/network key type mapping. - BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua action - BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del operations - BUG/MINOR: logs: prevent double line returns in some events. - BUG/MEDIUM: logs: fix trailing zeros on log message. - BUG/MINOR: proto-http: Fix detection of NTLM for the legacy HTTP version - BUG/MEDIUM: mworker: fix the copy of options in copy_argv() - BUG/MINOR: init: -x can have a parameter starting with a dash - BUG/MEDIUM: mworker: fix the reload with an -- option - BUG/MINOR: mworker: fix a memleak when execvp() failed - BUG/MEDIUM: pattern: fix thread safety of pattern matching - BUG/MINOR: ssl: fix ssl-{min,max}-ver with openssl < 1.1.0 - BUG/MINOR: tcp-rules: tcp-response must check the buffer's fullness - BUG/MEDIUM: ebtree: use a byte-per-byte memcmp() to compare memory blocks - BUG/MINOR: spoe: add missing key length check before checking key names - BUG/MINOR: systemd: Wait for network to be online - BUG/MINOR: spoe: correction of setting bits for analyzer - BUG/MEDIUM: fetch: Fix hdr_ip misparsing IPv4 addresses due to missing NUL - MINOR: cli: make "show sess" stop at the last known session - DOC: ssl: add "allow-0rtt" and "ciphersuites" in crt-list - BUG/MEDIUM: pattern: Add a trailing \0 to match strings only if possible - BUG/MINOR: proxy: fix dump_server_state()'s misuse of the trash - BUG/MINOR: proxy: always initialize the trash in show servers state - BUG/MINOR: http_act: don't check capture id in backend (2) - BUG/MINOR: sample: Free str.area in smp_check_const_bool - BUG/MINOR: sample: Free str.area in smp_check_const_meth - BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked - BUILD: ebtree: fix build on libmusl after recent introduction of eb_memcmp() - BUG/MINOR: cfgparse: don't increment linenum on incomplete lines - BUG/MEDIUM: mux-h2: Emit an error if the response chunk formatting is incomplete - BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed - BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields - SCRIPTS: announce-release: add the link to the wiki in the announce messages - SCRIPTS: git-show-backports: make -m most only show the left branch - SCRIPTS: git-show-backports: emit the shell command to backport a commit - DOC: Improve documentation on http-request set-src - BUG/MINOR: http: make url_decode() optionally convert '+' to SP - MINOR: checks: Add a way to send custom headers and payload during http chekcs - BUG/MINOR: checks: Compute the right HTTP request length for HTTP health checks - BUG/MINOR: checks: Remove a warning about http health checks - BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS() - BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}() - BUG/MINOR: pools: use %u not %d to report pool stats in "show pools" - MEDIUM: map: make the "clear map" operation yield - BUG/MEDIUM: server/checks: Init server check during config validity check - BUG/MEDIUM: checks: Always initialize checks before starting them - BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified - BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable 2020/04/02 : 1.8.25 - BUG/MINOR: namespace: avoid closing fd when socket failed in my_socketat - SCRIPTS: announce-release: use mutt -H instead of -i to include the draft - CONTRIB: debug: add the possibility to decode the value as certain types only - CONTRIB: debug: support reporting multiple values at once - CONTRIB: debug: also support reading values from stdin - BUG/MEDIUM: shctx: make sure to keep all blocks aligned - MINOR: compiler: move CPU capabilities definition from config.h and complete them - BUG/MEDIUM: ebtree: don't set attribute packed without unaligned access support - BUILD: fix recent build failure on unaligned archs - MINOR: compiler: add new alignment macros - BUILD: ebtree: improve architecture-specific alignment - BUG/MINOR: sample: fix the json converter's endian-sensitivity - BUG/MINOR: sample: Make sure to return stable IDs in the unique-id fetch - BUG/MAJOR: list: fix invalid element address calculation - DOC: fix incorrect indentation of http_auth_* - BUG/MAJOR: proxy_protocol: Properly validate TLV lengths - REGTEST: make the PROXY TLV validation depend on version 2.2 - BUG/MINOR: lua: Ignore the reserve to know if a channel is full or not - BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject action - BUG/MINOR: http-rules: Fix a typo in the reject action function - BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop action - BUG/MINOR: rules: Increment be_counters if backend is assigned for a silent-drop - DOC: fix typo about no-tls-tickets - DOC: improve description of no-tls-tickets - DOC: ssl: clarify security implications of TLS tickets - DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID - DOC: assorted typo fixes in the documentation - BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized - BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL - BUG/MINOR: stats: Fix color of draining servers on stats page - DOC: internals: Fix spelling errors in filters.txt - BUG/MEDIUM: http: unbreak redirects in legacy mode - MINOR: http-rules: Add a flag on redirect rules to know the rule direction - BUG/MINOR: http_ana: make sure redirect flags don't have overlapping bits - MINOR: http-rules: Handle the rule direction when a redirect is evaluated - BUG/MINOR: http-ana: Reset request analysers on error when waiting for response - BUG/CRITICAL: hpack: never index a header into the headroom after wrapping 2020/02/15 : 1.8.24 - DOC: clarify matching strings on binary fetches - BUG/MEDIUM: listener/thread: fix a race when pausing a listener - BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1 - BUG/MINOR: proxy: make soft_stop() also close FDs in LI_PAUSED state - BUG/MINOR: listener/threads: always use atomic ops to clear the FD events - BUG/MINOR: listener: also clear the error flag on a paused listener - BUG/MEDIUM: listener/threads: fix a remaining race in the listener's accept() - DOC: document the listener state transitions - BUG/MAJOR: dns: add minimalist error processing on the Rx path - BUG/MEDIUM: proto_udp/threads: recv() and send() must not be exclusive. - BUG/MEDIUM: kqueue: Make sure we report read events even when no data. - DOC: listeners: add a few missing transitions - BUILD/MINOR: ssl: shut up a build warning about format truncation - BUILD/MINOR: tools: shut up the format truncation warning in get_gmt_offset() - BUILD: do not disable -Wformat-truncation anymore - DOC: remove references to the outdated architecture.txt - BUG/MINOR: log: fix minor resource leaks on logformat error path - BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers - BUG/MINOR: listener: do not immediately resume on transient error - BUG/MINOR: server: make "agent-addr" work on default-server line - BUG/MINOR: listener: fix off-by-one in state name check - BUILD/MINOR: unix sockets: silence an absurd gcc warning about strncpy() - BUG/MINOR: sample: fix the closing bracket and LF in the debug converter - BUG/MINOR: sample: always check converters' arguments - BUG/MEDIUM: ssl: Don't set the max early data we can receive too early. - BUG/MEDIUM: session: do not report a failure when rejecting a session - BUG/MEDIUM: mworker: remain in mworker mode during reload - BUG/MAJOR: hashes: fix the signedness of the hash inputs - BUG/MEDIUM: cli: _getsocks must send the peers sockets - BUG/MINOR: stream: don't mistake match rules for store-request rules - BUG/MINOR: pattern: handle errors from fgets when trying to load patterns - BUG/MINOR: dns: Make dns_query_id_seed unsigned - BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules - BUG/MINOR: stick-table: Use MAX_SESS_STKCTR as the max track ID during parsing - BUG/MINOR: tcp-rules: Fix memory releases on error path during action parsing - MINOR: proxy/http-ana: Add support of extra attributes for the cookie directive - BUG/MINOR: http_act: don't check capture id in backend - BUG/MINOR: dns: allow srv record weight set to 0 - BUG/MEDIUM: pipe: fix a use-after-free in case of pipe creation error - BUG/MINOR: connection: fix ip6 dst_port copy in make_proxy_line_v2 - MINOR: acl: Warn when an ACL is named 'or' - SCRIPTS: announce-release: place the send command in the mail's header - SCRIPTS: announce-release: allow the user to force to overwrite old files - BUG/MINOR: unix: better catch situations where the unix socket path length is close to the limit - BUG/MINOR: dns: allow 63 char in hostname - BUG/MEDIUM: listener: only consider running threads when resuming listeners - BUG/MINOR: tcp: avoid closing fd when socket failed in tcp_bind_listener - BUG/MINOR: tcp: don't try to set defaultmss when value is negative - SCRIPTS: make announce-release executable again 2019/11/25 : 1.8.23 - MINOR: tcp: avoid confusion in time parsing init - BUG/MINOR: cli: don't call the kw->io_release if kw->parse failed - BUG/MINOR: config: Update cookie domain warn to RFC6265 - BUG/MEDIUM: stream: Be sure to support splicing at the mux level to enable it - BUG/MEDIUM: stream: Be sure to release allocated captures for TCP streams - BUG: dns: timeout resolve not applied for valid resolutions - BUG/MEDIUM: listeners: always pause a listener on out-of-resource condition - BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1 - BUILD/MINOR: ssl: fix compiler warning about useless statement - MINOR: ist: add ist_find_ctl() - BUG/MAJOR: h2: reject header values containing invalid chars - BUG/MAJOR: h2: make header field name filtering stronger - SCRIPTS: create-release: show the correct origin name in suggested commands - SCRIPTS: git-show-backports: add "-s" to proposed cherry-pick commands 2019/10/25 : 1.8.22 - BUILD/MINOR: stream: avoid a build warning with threads disabled - BUG/MINOR: haproxy: fix rule->file memory leak - MINOR: connection: add new function conn_is_back() - BUG/MEDIUM: ssl: Use the early_data API the right way. - BUG/MEDIUM: checks: make sure the warmup task takes the server lock - BUG/MINOR: logs/threads: properly split the log area upon startup - MINOR: doc: Document allow-0rtt on the server line. - BUG/MEDIUM: spoe: Be sure the sample is found before setting its context - DOC: fixed typo in management.txt - BUG/MINOR: mworker: disable SIGPROF on re-exec - BUG/MEDIUM: listener/threads: fix an AB/BA locking issue in delete_listener() - BUG/MEDIUM: proto-http: Always start the parsing if there is no outgoing data - BUG/MEDIUM: http: also reject messages where "chunked" is missing from transfer-enoding - BUG/MINOR: filters: Properly set the HTTP status code on analysis error - BUG/MINOR: acl: Fix memory leaks when an ACL expression is parsed - BUG/MEDIUM: check/threads: make external checks run exclusively on thread 1 - BUG/MEDIUM: namespace: close open namespaces during soft shutdown - BUG/MAJOR: mux_h2: Don't consume more payload than received for skipped frames - MINOR: tools: implement my_flsl() - BUG/MEDIUM: spoe: Use a different engine-id per process - DOC: Fix documentation about the cli command to get resolver stats - BUG/MEDIUM: namespace: fix fd leak in master-worker mode - BUG/MINOR: lua: Properly initialize the buffer's fields for string samples in hlua_lua2(smp|arg) - BUG/MEDIUM: cache: make sure not to cache requests with absolute-uri - DOC: clarify some points around http-send-name-header's behavior - MINOR: stats: mention in the help message support for "json" and "typed" - BUG/MINOR: ssl: free the sni_keytype nodes - BUG/MINOR: chunk: Fix tests on the chunk size in functions copying data - BUG/MINOR: WURFL: fix send_log() function arguments - BUG/MINOR: tcp: Don't alter counters returned by tcp info fetchers - BUG/MINOR: ssl: abort on sni allocation failure - BUG/MINOR: ssl: abort on sni_keytypes allocation failure - CLEANUP: ssl: make ssl_sock_load_cert*() return real error codes - CLEANUP: ssl: make ssl_sock_put_ckch_into_ctx handle errcode/warn - CLEANUP: ssl: make ssl_sock_load_dh_params handle errcode/warn - CLEANUP: bind: handle warning label on bind keywords parsing. - BUG/MEDIUM: ssl: 'tune.ssl.default-dh-param' value ignored with openssl > 1.1.1 - BUG/MINOR: mworker/ssl: close OpenSSL FDs on reload - BUILD: ssl: fix again a libressl build failure after the openssl FD leak fix - BUG/MINOR: mworker/ssl: close openssl FDs unconditionally - BUG/MINOR: ssl: Fix fd leak on error path when a TLS ticket keys file is parsed - BUG/MINOR: stick-table: Never exceed (MAX_SESS_STKCTR-1) when fetching a stkctr - BUG/MINOR: sample: Make the `field` converter compatible with `-m found` - BUG/MINOR: ssl: fix memcpy overlap without consequences. - BUG/MINOR: stick-table: fix an incorrect 32 to 64 bit key conversion - BUG/MEDIUM: pattern: make the pattern LRU cache thread-local and lockless 2019/08/16 : 1.8.21 - BUG/MINOR: http: Call stream_inc_be_http_req_ctr() only one time per request - BUG/MEDIUM: spoe: arg len encoded in previous frag frame but len changed - MINOR: spoe: Use the sample context to pass frag_ctx info during encoding - DOC: contrib/modsecurity: Typos and fix the reject example - BUG/MEDIUM: contrib/modsecurity: If host header is NULL, don't try to strdup it - MINOR: examples: Use right locale for the last changelog date in haproxy.spec - BUG/MAJOR: map/acl: real fix segfault during show map/acl on CLI - BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled - MINOR: config: Test validity of tune.maxaccept during the config parsing - CLEANUP: config: Don't alter listener->maxaccept when nbproc is set to 1 - MINOR: threads: Implement HA_ATOMIC_LOAD(). - BUG/MEDIUM: port_range: Make the ring buffer lock-free. - BUG/MINOR: http_fetch: Rely on the smp direction for "cookie()" and "hdr()" - BUG/MEDIUM: dns: make the port numbers unsigned - BUG/MEDIUM: spoe: Don't use the SPOE applet after releasing it - DOC: fix typos - BUG/MINOR: ssl_sock: Fix memory leak when disabling compression - BUILD: ssl: fix latest LibreSSL reg-test error - BUG/MAJOR: lb/threads: make sure the avoided server is not full on second pass - BUG/MEDIUM: http: fix "http-request reject" when not final - BUG/MINOR: deinit/threads: make hard-stop-after perform a clean exit - BUG/MEDIUM: connection: fix multiple handshake polling issues - BUG/MEDIUM: vars: make sure the scope is always valid when accessing vars - BUG/MEDIUM: vars: make the tcp/http unset-var() action support conditions - BUG/MEDIUM: mux-h2: make sure the connection timeout is always set - BUG/MINOR: http-rules: mention "deny_status" for "deny" in the error message - MINOR: doc: Remove -Ds option in man page - MINOR: doc: add master-worker in the man page - BUG/MEDIUM: compression: Set Vary: Accept-Encoding for compressed responses - BUG/MEDIUM: lb_fwlc: Don't test the server's lb_tree from outside the lock - BUILD: makefile: use :space: instead of digits to count commits - BUILD: makefile: do not rely on shell substitutions to determine git version - BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock - BUG/MEDIUM: da: cast the chunk to string. - MINOR: task: introduce work lists - BUG/MAJOR: listener: fix thread safety in resume_listener() - BUG/MEDIUM: tcp-check: unbreak multiple connect rules again - BUG/MEDIUM: http/htx: unbreak option http_proxy - BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream - BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff - BUG/MINOR: proxy: always lock stop_proxy() - BUILD: threads: add the definition of PROTO_LOCK - BUG/MEDIUM: lb-chash: Fix the realloc() when the number of nodes is increased - DOC: improve the wording in CONTRIBUTING about how to document a bug fix - BUG/MEDIUM: hlua: Check the calling direction in lua functions of the HTTP class - MINOR: hlua: Don't set request analyzers on response channel for lua actions - MINOR: hlua: Add a flag on the lua txn to know in which context it can be used - BUG/MINOR: hlua: Only execute functions of HTTP class if the txn is HTTP ready - BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue() - BUG/MINOR: lua: Set right direction and flags on new HTTP objects - BUG/MEDIUM: protocols: properly initialize the proto_lock in 1.8 - BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is increased - BUG/MINOR: stream-int: also update analysers timeouts on activity - BUG/MEDIUM: mux-h2: split the stream's and connection's window sizes - BUG/MEDIUM: fd: Always reset the polled_mask bits in fd_dodelete(). - BUG/MINOR: mux-h2: don't refrain from sending an RST_STREAM after another one - BUG/MINOR: mux-h2: use CANCEL, not STREAM_CLOSED in h2c_frt_handle_data() - BUG/MEDIUM: mux-h2: do not recheck a frame type after a state transition - BUG/MINOR: mux-h2: always send stream window update before connection's - BUG/MINOR: mux-h2: always reset rcvd_s when switching to a new frame - MINOR: build: Disable -Wstringop-overflow. - BUG/MINOR: ssl: fix 0-RTT for BoringSSL - MINOR: ssl: ssl_fc_has_early should work for BoringSSL - BUG/MEDIUM: lua: Fix test on the direction to set the channel exp timeout 2019/04/25 : 1.8.20 - BUG/MAJOR: listener: Make sure the listener exist before using it. - BUG/MINOR: listener: keep accept rate counters accurate under saturation - BUG/MEDIUM: logs: Only attempt to free startup_logs once. - BUG/MEDIUM: 51d: fix possible segfault on deinit_51degrees() - BUG/MINOR: ssl: fix warning about ssl-min/max-ver support - MEDIUM: threads: Use __ATOMIC_SEQ_CST when using the newer atomic API. - BUG/MEDIUM: threads/fd: do not forget to take into account epoll_fd/pipes - BUG/MAJOR: spoe: Fix initialization of thread-dependent fields - BUG/MAJOR: stats: Fix how huge POST data are read from the channel - BUG/MINOR: http/counters: fix missing increment of fe->srv_aborts - BUG/MEDIUM: ssl: ability to set TLS 1.3 ciphers using ssl-default-server-ciphersuites - DOC: The option httplog is no longer valid in a backend. - BUG/MAJOR: checks: segfault during tcpcheck_main - BUILD: makefile: work around an old bug in GNU make-3.80 - MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf() - BUILD: makefile: fix build of IPv6 header on aix51 - BUILD: makefile: add _LINUX_SOURCE_COMPAT to build on AIX-51 - BUILD: Makefile: disable shared cache on AIX 5.1 - BUG/MINOR: cli: correctly handle abns in 'show cli sockets' - MINOR: cli: start addresses by a prefix in 'show cli sockets' - BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on release. - BUILD: use inttypes.h instead of stdint.h - BUILD: connection: fix naming of ip_v field - BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity - BUG/MEDIUM: spoe: Queue message only if no SPOE applet is attached to the stream - BUG/MEDIUM: spoe: Return an error if nothing is encoded for fragmented messages - BUG/MINOR: threads: fix the process range of thread masks - MINOR: lists: Implement locked variations. - BUG/MEDIUM: lists: Properly handle the case we're removing the first elt. - BUG/MEDIUM: list: fix the rollback on addq in the locked liss - BUG/MEDIUM: list: fix LIST_POP_LOCKED's removal of the last pointer - BUG/MEDIUM: list: add missing store barriers when updating elements and head - MINOR: list: make the delete and pop operations idempotent - BUG/MEDIUM: list: correct fix for LIST_POP_LOCKED's removal of last element - BUG/MEDIUM: list: fix again LIST_ADDQ_LOCKED - BUG/MEDIUM: list: fix incorrect pointer unlocking in LIST_DEL_LOCKED() - MAJOR: listener: do not hold the listener lock in listener_accept() - BUG/MEDIUM: listener: use a self-locked list for the dequeue lists - BUG/MEDIUM: listener: make sure the listener never accepts too many conns - BUILD/MINOR: listener: Silent a few signedness warnings. - MINOR: skip get_gmtime where tm is unused - BUG/MAJOR: http_fetch: Get the channel depending on the keyword used - BUG/MEDIUM: maps: only try to parse the default value when it's present - BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR - BUG/MEDIUM: thread/http: Add missing locks in set-map and add-acl HTTP rules - BUG/MINOR: 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST() - BUG/MINOR: da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST() - BUG/MINOR: spoe: Don't systematically wakeup SPOE stream in the applet handler 2019/02/11 : 1.8.19 - DOC: ssl: Clarify when pre TLSv1.3 cipher can be used - DOC: ssl: Stop documenting ciphers example to use - BUG/MINOR: spoe: do not assume agent->rt is valid on exit - BUG/MINOR: lua: initialize the correct idle conn lists for the SSL sockets - BUG/MEDIUM: spoe: initialization depending on nbthread must be done last - BUG/MEDIUM: server: initialize the idle conns list after parsing the config - BUG/MAJOR: spoe: Don't try to get agent config during SPOP healthcheck - BUG/MAJOR: stream: avoid double free on unique_id - BUG/MINOR: config: Reinforce validity check when a process number is parsed 2019/02/06 : 1.8.18 - DOC: http-request cache-use / http-response cache-store expects cache name - BUG/MAJOR: cache: fix confusion between zero and uninitialized cache key - BUG/MEDIUM: ssl: Disable anti-replay protection and set max data with 0RTT. - DOC: Be a bit more explicit about allow-0rtt security implications. - BUG/MEDIUM: ssl: missing allocation failure checks loading tls key file - BUG/MINOR: backend: don't use url_param_name as a hint for BE_LB_ALGO_PH - BUG/MINOR: backend: balance uri specific options were lost across defaults - BUG/MINOR: backend: BE_LB_LKUP_CHTREE is a value, not a bit - BUG/MINOR: stick_table: Prevent conn_cur from underflowing - BUG/MINOR: server: don't always trust srv_check_health when loading a server state - BUG/MINOR: check: Wake the check task if the check is finished in wake_srv_chk() - BUG/MEDIUM: ssl: Fix handling of TLS 1.3 KeyUpdate messages - DOC: mention the effect of nf_conntrack_tcp_loose on src/dst - MINOR: h2: add a bit-based frame type representation - MINOR: h2: declare new sets of frame types - BUG/MINOR: mux-h2: CONTINUATION in closed state must always return GOAWAY - BUG/MINOR: mux-h2: headers-type frames in HREM are always a connection error - BUG/MINOR: mux-h2: make it possible to set the error code on an already closed stream - BUG/MINOR: hpack: return a compression error on invalid table size updates - DOC: nbthread is no longer experimental. - BUG/MINOR: spoe: corrected fragmentation string size - BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit - SCRIPTS: add the slack channel URL to the announce script - SCRIPTS: add the issue tracker URL to the announce script - BUG/MINOR: stream: don't close the front connection when facing a backend error - MINOR: xref: Add missing barriers. - BUG/MEDIUM: mux-h2: wake up flow-controlled streams on initial window update - BUG/MEDIUM: mux-h2: fix two half-closed to closed transitions - BUG/MEDIUM: mux-h2: make sure never to send GOAWAY on too old streams - BUG/MEDIUM: mux-h2: wait for the mux buffer to be empty before closing the connection - MINOR: stream-int: expand the flags to 32-bit - MINOR: stream-int: add a new flag to mention that we want the connection to be killed - MINOR: connstream: have a new flag CS_FL_KILL_CONN to kill a connection - BUG/MEDIUM: mux-h2: do not close the connection on aborted streams - BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free(). - BUG/MINOR: config: fix bind line thread mask validation - BUG/MAJOR: config: verify that targets of track-sc and stick rules are present - BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes - BUG/MINOR: config: make sure to count the error on incorrect track-sc/stick rules 2019/01/08 : 1.8.17 - BUG/MAJOR: stream-int: Update the stream expiration date in stream_int_notify() - MINOR: mux-h2: only increase the connection window with the first update - BUG/MEDIUM: mux-h2: mark that we have too many CS once we have more than the max - BUG/MEDIUM: server: Also copy "check-sni" for server templates. - MINOR: lb: allow redispatch when using consistent hash - MINOR: stream/cli: fix the location of the waiting flag in "show sess all" - MINOR: stream/cli: report more info about the HTTP messages on "show sess all" - BUG/MEDIUM: cli: make "show sess" really thread-safe - BUG/MINOR: lua: Return an error if a legacy HTTP applet doesn't send anything - BUG/MINOR: lua: bad args are returned for Lua actions - BUG/MEDIUM: lua: dead lock when Lua tasks are trigerred - BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used 2018/12/21 : 1.8.16 - BUG/MINOR: logs: leave startup-logs global and not per-thread - BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_response() - BUG/MEDIUM: dns: overflowed dns name start position causing invalid dns error 2018/12/13 : 1.8.15 - MINOR: threads: Make sure threads_sync_pipe is initialized before using it. - DOC: clarify force-private-cache is an option - BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2 - BUG/MINOR: backend: check that the mux installed properly - BUG/MEDIUM: buffers: Make sure we don't wrap in buffer_insert_line2/replace2. - MEDIUM: ssl: add support for ciphersuites option for TLSv1.3 - BUG/MEDIUM: Cur/CumSslConns counters not threadsafe. - BUG/MINOR: checks: queues null-deref - BUG/MEDIUM: mworker: segfault receiving SIGUSR1 followed by SIGTERM. - BUG/MEDIUM: stream: don't crash on out-of-memory - BUILD: ssl: fix null-deref warning in ssl_fc_cipherlist_str sample fetch - BUILD: ssl: fix another null-deref warning in ssl_sock_switchctx_cbk() - BUILD: stick-table: make sure not to fail on task_new() during initialization - BUILD: peers: check allocation error during peers_init_sync() - DOC: Fix a few typos - BUG/MEDIUM: threads: fix thread_release() at the end of the rendez-vous point - BUG/MEDIUM: threads: make sure threads_want_sync is marked volatile - BUILD: compiler: add a new statement "__unreachable()" - MINOR: lua: all functions calling lua_yieldk() may return - BUILD: lua: silence some compiler warnings about potential null derefs (#2) - BUILD: lua: silence some compiler warnings after WILL_LJMP - CLEANUP: stick-tables: Remove unneeded double (()) around conditional clause - BUILD: Makefile: add a "make opts" target to simply show the build options - BUILD: Makefile: speed up compiler options detection - BUILD: Makefile: silence an option conflict warning with clang - MINOR: server: Use memcpy() instead of strncpy(). - MINOR: cfgparse: Write 130 as 128 as 0x82 and 0x80. - MINOR: peers: use defines instead of enums to appease clang. - DOC: fix reference to map files in MAINTAINERS - BUILD: compiler: rename __unreachable() to my_unreachable() - BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF. - BUG/MEDIUM: h2: Close connection if no stream is left an GOAWAY was sent. - BUILD: Makefile: add the new ERR variable to force -Werror - BUG/MINOR: cache: Crashes with "total-max-size" > 2047(MB). - BUG/MINOR: cache: Wrong usage of shctx_init(). - BUG/MINOR: ssl: Wrong usage of shctx_init(). - DOC: cache: Missing information about "total-max-size" - BUG/MINOR: only mark connections private if NTLM is detected - BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic - BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer - BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe - BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn - BUG/MEDIUM: Make sure stksess is properly aligned. - BUG/MINOR: config: Copy default error messages when parsing of a backend starts - BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field - BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id - BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name - BUG/MINOR: cfgparse: Fix the call to post parser of the last sections parsed - BUG/MINOR: lb-map: fix unprotected update to server's score - BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR. - BUG/MINOR: hpack: fix off-by-one in header name encoding length calculation - BUG/MINOR: mux-h2: refrain from muxing during the preface - BUG/MINOR: mux-h2: advertise a larger connection window size - BUILD: compression: fix build error with DEFAULT_MAXZLIBMEM - BUILD: threads: fix minor build warnings when threads are disabled - MINOR: stats: report the number of active jobs and listeners in "show info" - MINOR: servers: Free [idle|safe|priv]_conns on exit. - DOC: clarify that check-sni needs an argument. - DOC: refer to check-sni in the documentation of sni - BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name - BUG: dns: Prevent out-of-bounds read in dns_read_name() - BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response() - BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response() - BUG: dns: Fix off-by-one write in dns_validate_dns_response() - DOC: Update configuration doc about the maximum number of stick counters. - DOC: restore note about "independant" typo - DOC: Fix typos in README and CONTRIBUTING - DOC: Fix typos in different subsections of the documentation - DOC: fix a few typos in the documentation 2018/09/20 : 1.8.14 - BUG/MEDIUM: servers: check the queues once enabling a server - BUG/MEDIUM: queue: prevent a backup server from draining the proxy's connections - MINOR: dns: fix wrong score computation in dns_get_ip_from_response - MINOR: dns: new DNS options to allow/prevent IP address duplication - BUG/MEDIUM: lua: possible CLOSE-WAIT state with '\n' headers - MINOR: threads: Introduce double-width CAS on x86_64 and arm. - BUG/MEDIUM: threads: fix the double CAS implementation for ARMv7 - MINOR: threads: add more consistency between certain variables in no-thread case - BUG/MEDIUM: threads: fix the no-thread case after the change to the sync point - MEDIUM: hathreads: implement a more flexible rendez-vous point - BUG/MEDIUM: cli: make "show fd" thread-safe - BUG/MINOR: ssl: empty connections reported as errors. - BUG/MEDIUM: ssl: fix missing error loading a keytype cert from a bundle. - BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable error. - BUG/MINOR: map: fix map_regm with backref - DOC: dns: explain set server ... fqdn requires resolver - DOC: ssl: Use consistent naming for TLS protocols - BUG/MEDIUM: lua: socket timeouts are not applied - BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates - BUG/MEDIUM: cli/threads: protect some server commands against concurrent operations - DOC: Fix spelling error in configuration doc - BUG/MEDIUM: unix: provide a ->drain() function - BUG/MINOR: lua: Bad HTTP client request duration. - BUG/MEDIUM: mux_pt: dereference the connection with care in mux_pt_wake() - BUG/MEDIUM: lua: reset lua transaction between http requests - BUG/MEDIUM: hlua: Make sure we drain the output buffer when done. - BUG/MAJOR: thread: lua: Wrong SSL context initialization. - BUG/MEDIUM: hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0. - BUG/MEDIUM: dns/server: fix incomatibility between SRV resolution and server state file - BUG/MEDIUM: ECC cert should work with TLS < v1.2 and openssl >= 1.1.1 - MINOR: thread: implement HA_ATOMIC_XADD() - BUG/MINOR: stream: use atomic increments for the request counter - BUG/MEDIUM: session: fix reporting of handshake processing time in the logs - BUG/MEDIUM: h2: fix risk of memory leak on malformated wrapped frames - BUG/MINOR: dns: check and link servers' resolvers right after config parsing - BUG/MINOR: http/threads: atomically increment the error snapshot ID - BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors - BUG/MAJOR: kqueue: Don't reset the changes number by accident. - BUG/MINOR: server: Crash when setting FQDN via CLI. - DOC: Fix typos in lua documentation - BUG/MEDIUM: patterns: fix possible double free when reloading a pattern list - BUG/MINOR: tools: fix set_net_port() / set_host_port() on IPv4 - BUG/MINOR: cli: make sure the "getsock" command is only called on connections - BUG/CRITICAL: hpack: fix improper sign check on the header index value 2018/07/30 : 1.8.13 - MINOR: systemd: consider exit status 143 as successful - BUG/MINOR: ssl: properly ref-count the tls_keys entries - MINOR: mux: add a "show_fd" function to dump debugging information for "show fd" - MINOR: h2: implement a basic "show_fd" function - BUG/MINOR: h2: remove accidental debug code introduced with show_fd function - MINOR: h2: keep a count of the number of conn_streams attached to the mux - MINOR: h2: add the mux and demux buffer lengths on "show fd" - BUG/MEDIUM: h2: don't accept new streams if conn_streams are still in excess - BUG/MEDIUM: h2: never leave pending data in the output buffer on close - BUG/MEDIUM: h2: make sure the last stream closes the connection after a timeout - BUG/MINOR: http: Set brackets for the unlikely macro at the right place - BUILD: Generate sha256 checksums in publish-release - MINOR: debug: Add check for CO_FL_WILL_UPDATE - MINOR: debug: Add checks for conn_stream flags - BUG/MEDIUM: threads: Fix the exit condition of the thread barrier - MINOR: h2: add the error code and the max/last stream IDs to "show fd" - BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer was reportedly full - BUG/MEDIUM: stats: don't ask for more data as long as we're responding - BUG/MINOR: servers: Don't make "server" in a frontend fatal. - BUG/MEDIUM: threads/sync: use sched_yield when available - BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection forever - BUG/MINOR: config: stick-table is not supported in defaults section - BUG/MINOR: threads: Handle nbthread == MAX_THREADS. - BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS - MINOR: threads: move "nbthread" parsing to hathreads.c - BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread number - MEDIUM: proxy_protocol: Convert IPs to v6 when protocols are mixed - SCRIPTS: git-show-backports: add missing quotes to "echo" 2018/06/27 : 1.8.12 - BUG/MAJOR: stick_table: Complete incomplete SEGV fix - MINOR: stick-tables: make stktable_release() do nothing on NULL 2018/06/26 : 1.8.11 - BUG/MAJOR: Stick-tables crash with segfault when the key is not in the stick-table - BUG/BUILD: threads: unbreak build without threads 2018/06/22 : 1.8.10 - BUG/MINOR: lua: Socket.send threw runtime error: 'close' needs 1 arguments. - BUG/MEDIUM: spoe: Flags are not encoded in network order - BUG/MEDIUM: contrib/mod_defender: Use network order to encode/decode flags - BUG/MEDIUM: contrib/modsecurity: Use network order to encode/decode flags - BUG/MINOR: ssl/lua: prevent lua from affecting automatic maxconn computation - BUG/MEDIUM: cache: don't cache when an Authorization header is present - BUG/MEDIUM: dns: Delay the attempt to run a DNS resolution on check failure. - BUG/BUILD: threads: unbreak build without threads - BUG/BUILD: fd: fix typo causing a warning when threads are disabled - BUG/MEDIUM: fd: Only check update_mask against all_threads_mask. - BUG/MEDIUM: servers: Add srv_addr default placeholder to the state file - BUG/MEDIUM: lua/socket: Length required read doesn't work - BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters - BUG/MEDIUM: spoe: Return an error when the wrong ACK is received in sync mode - MINOR: task/notification: Is notifications registered ? - BUG/MEDIUM: lua/socket: wrong scheduling for sockets - BUG/MAJOR: lua: Dead lock with sockets - BUG/MEDIUM: lua/socket: Notification error - BUG/MEDIUM: lua/socket: Sheduling error on write: may dead-lock - BUG/MEDIUM: lua/socket: Buffer error, may segfault - MAJOR: spoe: upgrade the SPOP version to 2.0 and remove the support for 1.0 - BUG/MINOR: contrib/spoa_example: Don't reset the status code during disconnect - BUG/MINOR: contrib/mod_defender: Don't reset the status code during disconnect - BUG/MINOR: contrib/modsecurity: Don't reset the status code during disconnect - BUG/MINOR: contrib/mod_defender: update pointer on the end of the frame - BUG/MINOR: contrib/modsecurity: update pointer on the end of the frame - DOC: SPOE.txt: fix a typo - DOC: contrib/modsecurity: few typo fixes - BUG/MINOR: unix: Make sure we can transfer abns sockets on seamless reload. - BUG/MEDIUM: threads: handle signal queue only in thread 0 - BUG/MINOR: don't ignore SIG{BUS,FPE,ILL,SEGV} during signal processing - BUG/MINOR: signals: ha_sigmask macro for multithreading - MINOR: lua: Increase debug information - BUG/MAJOR: map: fix a segfault when using http-request set-map - BUG/MINOR: lua: Segfaults with wrong usage of types. - BUG/MAJOR: ssl: Random crash with cipherlist capture - BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot - BUG/MEDIUM: fd: Don't modify the update_mask in fd_dodelete(). - BUG/MEDIUM: threads: Use the sync point to check active jobs and exit - MINOR: threads: Be sure to remove threads from all_threads_mask on exit 2018/05/18 : 1.8.9 - BUG/MINOR: pattern: Add a missing HA_SPIN_INIT() in pat_ref_newid() - BUG/MAJOR: channel: Fix crash when trying to read from a closed socket - BUG/MINOR: log: t_idle (%Ti) is not set for some requests - BUG/MEDIUM: lua: Fix segmentation fault if a Lua task exits - MINOR: h2: detect presence of CONNECT and/or content-length - BUG/MEDIUM: h2: implement missing support for chunked encoded uploads - BUG/MINOR: lua/threads: Make lua's tasks sticky to the current thread - BUG/MINOR: config: disable http-reuse on TCP proxies - BUG/MINOR: checks: Fix check->health computation for flapping servers - BUG/MEDIUM: threads: Fix the sync point for more than 32 threads - BUG/MINOR: lua: Put tasks to sleep when waiting for data - DOC/MINOR: clean up LUA documentation re: servers & array/table. - BUG/MINOR: map: correctly track reference to the last ref_elt being dumped - BUG/MEDIUM: task: Don't free a task that is about to be run. - BUG/MINOR: lua: schedule socket task upon lua connect() - BUG/MINOR: lua: ensure large proxy IDs can be represented - BUG/MEDIUM: http: don't always abort transfers on CF_SHUTR - BUG/MEDIUM: pollers: Use a global list for fd shared between threads. - BUG/MEDIUM: ssl: properly protect SSL cert generation - BUG/MINOR: spoe: Mistake in error message about SPOE configuration 2018/04/19 : 1.8.8 - BUG/MEDIUM: threads: Fix the max/min calculation because of name clashes - BUG/MEDIUM: connection: Make sure we have a mux before calling detach(). - BUG/MINOR: http: Return an error in proxy mode when url2sa fails - BUG/MEDIUM: kqueue: When adding new events, provide an output to get errors. - BUG/MINOR: cli: Guard against NULL messages when using CLI_ST_PRINT_FREE - MINOR: cli: Ensure the CLI always outputs an error when it should - DOC: lua: update the links to the config and Lua API - BUG/CRITICAL: h2: fix incorrect frame length check 2018/04/07 : 1.8.7 - BUG/MAJOR: cache: always initialize newly created objects - MINOR: servers: Support alphanumeric characters for the server templates names 2018/04/05 : 1.8.6 - BUG/MINOR: lua: the function returns anything - BUG/MINOR: lua funtion hlua_socket_settimeout don't check negative values - BUILD/MINOR: fix build when USE_THREAD is not defined - MINOR: cli/threads: make "show fd" report thread_sync_io_handler instead of "unknown" - MINOR: cli: make "show fd" report the mux and mux_ctx pointers when available - BUILD/MINOR: cli: fix a build warning introduced by last commit - BUG/MINOR: hpack: fix harmless use of uninitialized value in hpack_dht_insert - CLEANUP: h2: rename misleading h2c_stream_close() to h2s_close() - MINOR: h2: provide and use h2s_detach() and h2s_free() - BUG/MAJOR: h2: remove orphaned streams from the send list before closing - MINOR: h2: always call h2s_detach() in h2_detach() - MINOR: h2: fuse h2s_detach() and h2s_free() into h2s_destroy() - BUG/MEDIUM: h2/threads: never release the task outside of the task handler - BUG/MEDIUM: h2: don't consider pending data on detach if connection is in error - BUILD/MINOR: threads: always export thread_sync_io_handler() - BUG/MEDIUM: h2: always add a stream to the send or fctl list when blocked - BUG/MINOR: checks: check the conn_stream's readiness and not the connection - BUG/MINOR: email-alert: Set the mailer port during alert initialization - BUG/MINOR: cache: fix "show cache" output - BUG/MINOR: fd: Don't clear the update_mask in fd_insert. - BUG/MAJOR: cache: fix random crashes caused by incorrect delete() on non-first blocks - BUG/MINOR: spoe: Initialize variables used during conf parsing before any check - BUG/MINOR: spoe: Don't release the context buffer in .check_timeouts callbaclk 2018/03/23 : 1.8.5 - BUG/MINOR: threads: fix missing thread lock labels for 1.8 - BUG/MEDIUM: ssl: Don't always treat SSL_ERROR_SYSCALL as unrecovarable. - BUG/MEDIUM: ssl: Shutdown the connection for reading on SSL_ERROR_SYSCALL - BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st - BUG/MINOR: ssl/threads: Make management of the TLS ticket keys files thread-safe - BUG/MEDIUM: http: Switch the HTTP response in tunnel mode as earlier as possible - BUG/MEDIUM: ssl/sample: ssl_bc_* fetch keywords are broken. - DOC: lua: new prototype for function "register_action()" - DOC: cfgparse: Warn on option (tcp|http)log in backend - BUG/MINOR: debug/pools: properly handle out-of-memory when building with DEBUG_UAF - MINOR: debug/pools: make DEBUG_UAF also detect underflows - BUG/MINOR: h2: Set the target of dbuf_wait to h2c - MINOR: stats: display the number of threads in the statistics. - BUG/MEDIUM: h2: always consume any trailing data after end of output buffers - BUG/MEDIUM: buffer: Fix the wrapping case in bo_putblk - BUG/MEDIUM: buffer: Fix the wrapping case in bi_putblk - Revert "BUG/MINOR: send-proxy-v2: string size must include ('\0')" - MINOR: systemd: Add section for SystemD sandboxing to unit file - MINOR: systemd: Add SystemD's Protect*= options to the unit file - MINOR: systemd: Add SystemD's SystemCallFilter option to the unit file - MINOR/BUILD: fix Lua build on Mac OS X - BUILD/MINOR: fix Lua build on Mac OS X (again) - BUG/MINOR: session: Fix tcp-request session failure if handshake. - CLEANUP: .gitignore: Ignore binaries from the contrib directory - BUG/MINOR: unix: Don't mess up when removing the socket from the xfer_sock_list. - BUG/MEDIUM: h2: also arm the h2 timeout when sending - BUG/MINOR: cli: Fix a crash when passing a negative or too large value to "show fd" - CLEANUP: ssl: Remove a duplicated #include - CLEANUP: cli: Remove a leftover debug message - BUG/MINOR: cli: Fix a typo in the 'set rate-limit' usage - BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc - BUG/MINOR: force-persist and ignore-persist only apply to backends - BUG/MEDIUM: spoe: Remove idle applets from idle list when HAProxy is stopping - BUG/MEDIUM: threads/unix: Fix a deadlock when a listener is temporarily disabled - BUG/MAJOR: threads/queue: Fix thread-safety issues on the queues management - BUG/MINOR: dns: don't downgrade DNS accepted payload size automatically - BUG/MINOR: seemless reload: Fix crash when an interface is specified. - BUG/MINOR: cli: Fix a crash when sending a command with too many arguments - BUILD: ssl: Fix build with OpenSSL without NPN capability - BUG/MINOR: spoa-example: unexpected behavior for more than 127 args - BUG/MINOR: lua: return bad error messages - BUG/MEDIUM: tcp-check: single connect rule can't detect DOWN servers - BUG/MINOR: tcp-check: use the server's service port as a fallback - BUG/MEDIUM: threads/queue: wake up other threads upon dequeue - MINOR: log: stop emitting alerts when it's not possible to write on the socket - BUILD/BUG: enable -fno-strict-overflow by default - DOC: log: more than 2 log servers are allowed - DOC: don't suggest using http-server-close - BUG/MEDIUM: h2: properly account for DATA padding in flow control - BUG/MINOR: h2: ensure we can never send an RST_STREAM in response to an RST_STREAM - BUG/MINOR: listener: Don't decrease actconn twice when a new session is rejected 2018/02/08 : 1.8.4 - BUG/MEDIUM: h2: properly handle the END_STREAM flag on empty DATA frames - BUILD: ssl: silence a warning when building without NPN nor ALPN support - BUG/MEDIUM: ssl: cache doesn't release shctx blocks - BUG/MINOR: lua: Fix default value for pattern in Socket.receive - DOC: lua: Fix typos in comments of hlua_socket_receive - BUG/MEDIUM: lua: Fix IPv6 with separate port support for Socket.connect - BUG/MINOR: lua: Fix return value of Socket.settimeout - MINOR: dns: Handle SRV record weight correctly. - BUG/MEDIUM: mworker: execvp failure depending on argv[0] - MINOR: hathreads: add support for gcc < 4.7 - BUILD/MINOR: ancient gcc versions atomic fix - BUG/MEDIUM: stream: properly handle client aborts during redispatch - DOC: clarify the scope of ssl_fc_is_resumed - CONTRIB: debug: fix a few flags definitions - BUG/MINOR: poll: too large size allocation for FD events - BUG/MEDIUM: peers: fix expire date wasn't updated if entry is modified remotely. - MINOR: servers: Don't report duplicate dyncookies for disabled servers. - MINOR: global/threads: move cpu_map at the end of the global struct - MINOR: threads: add a MAX_THREADS define instead of LONGBITS - MINOR: global: add some global activity counters to help debugging - MINOR: threads/fd: Use a bitfield to know if there are FDs for a thread in the FD cache - BUG/MEDIUM: threads/polling: Use fd_cache_mask instead of fd_cache_num - BUG/MEDIUM: fd: maintain a per-thread update mask - MINOR: fd: add a bitmask to indicate that an FD is known by the poller - BUG/MEDIUM: epoll/threads: use one epoll_fd per thread - BUG/MEDIUM: kqueue/threads: use one kqueue_fd per thread - BUG/MEDIUM: threads/mworker: fix a race on startup - BUG/MINOR: mworker: only write to pidfile if it exists - MINOR: threads: Fix build when we're not compiling with threads. - BUG/MINOR: threads: always set an owner to the thread_sync pipe - BUG/MEDIUM: threads/server: Fix deadlock in srv_set_stopping/srv_set_admin_flag - BUG/MEDIUM: checks: Don't try to release undefined conn_stream when a check is freed - BUG/MINOR: kqueue/threads: Don't forget to close kqueue_fd[tid] on each thread - MINOR: threads: Use __decl_hathreads instead of #ifdef/#endif - BUILD: epoll/threads: Add test on MAX_THREADS to avoid warnings when complied without threads - BUILD: kqueue/threads: Add test on MAX_THREADS to avoid warnings when complied without threads - CLEANUP: sample: Fix comment encoding of sample.c - CLEANUP: sample: Fix outdated comment about sample casts functions - BUG/MINOR: sample: Fix output type of c_ipv62ip - CLEANUP: Fix typo in ARGT_MSK6 comment - BUG/MINOR: cli: use global.maxsock and not maxfd to list all FDs - BUG/MINOR: threads: Update labels array because of changes in lock_label enum - BUG/MINOR: epoll/threads: only call epoll_ctl(DEL) on polled FDs - BUG/MEDIUM: spoe: Always try to receive or send the frame to detect shutdowns - BUG/MEDIUM: spoe: Allow producer to read and to forward shutdown on request side - BUG/MINOR: time/threads: ensure the adjusted time is always correct - BUG/MEDIUM: standard: Fix memory leak in str2ip2() - MINOR: init: emit warning when -sf/-sd cannot parse argument - DOC: Describe routing impact of using interface keyword on bind lines - DOC: Mention -Ws in the list of available options - BUG/MINOR: config: don't emit a warning when global stats is incompletely configured 2017/12/30 : 1.8.3 - BUG/MEDIUM: h2: properly handle and report some stream errors - BUG/MEDIUM: h2: improve handling of frames received on closed streams - DOC/MINOR: configuration: typo, formatting fixes - BUG/MEDIUM: h2: ensure we always know the stream before sending a reset - BUG/MEDIUM: mworker: don't close stdio several time - MINOR: don't close stdio anymore - BUG/MEDIUM: http: don't automatically forward request close - BUG/MAJOR: hpack: don't return direct references to the dynamic headers table - MEDIUM: h2: prepare a graceful shutdown when the frontend is stopped 2017/12/23 : 1.8.2 - BUG/MINOR: action: Don't check http capture rules when no id is defined - BUG/MAJOR: hpack: don't pretend large headers fit in empty table - BUG/MINOR: ssl: support tune.ssl.cachesize 0 again - BUG/MEDIUM: mworker: also close peers sockets in the master - BUG/MEDIUM: ssl engines: Fix async engines fds were not considered to fix fd limit automatically. - BUG/MEDIUM: checks: a down server going to maint remains definitely stucked on down state. - BUG/MEDIUM: peers: set NOLINGER on the outgoing stream interface - BUG/MEDIUM: h2: fix handling of end of stream again - MINOR: mworker: Update messages referencing exit-on-failure - MINOR: mworker: Improve wording in `void mworker_wait()` - CONTRIB: halog: Add help text for -s switch in halog program - BUG/MEDIUM: email-alert: don't set server check status from a email-alert task - BUG/MEDIUM: threads/vars: Fix deadlock in register_name - MINOR: systemd: remove comment about HAPROXY_STATS_SOCKET - DOC: notifications: add precisions about thread usage - BUG/MEDIUM: lua/notification: memory leak - MINOR: conn_stream: add new flag CS_FL_RCV_MORE to indicate pending data - BUG/MEDIUM: stream-int: always set SI_FL_WAIT_ROOM on CS_FL_RCV_MORE - BUG/MEDIUM: h2: automatically set CS_FL_RCV_MORE when the output buffer is full - BUG/MEDIUM: h2: enable recv polling whenever demuxing is possible - BUG/MEDIUM: h2: work around a connection API limitation - BUG/MEDIUM: h2: debug incoming traffic in h2_wake() - MINOR: h2: store the demux padding length in the h2c struct - BUG/MEDIUM: h2: support uploading partial DATA frames - MINOR: h2: don't demand that a DATA frame is complete before processing it - BUG/MEDIUM: h2: don't switch the state to HREM before end of DATA frame - BUG/MEDIUM: h2: don't close after the first DATA frame on tunnelled responses - BUG/MEDIUM: http: don't disable lingering on requests with tunnelled responses - BUG/MEDIUM: h2: fix stream limit enforcement - BUG/MINOR: stream-int: don't try to receive again after receiving an EOS - BUG: MAJOR: lb_map: server map calculation broken - BUG: MINOR: http: don't check http-request capture id when len is provided - BUILD/MINOR: Makefile : enabling USE_CPU_AFFINITY - BUG/MEDIUM: mworker: Set FD_CLOEXEC flag on log fd - DOC/MINOR: intro: typo, wording, formatting fixes - MINOR: netscaler: respect syntax - MINOR: netscaler: remove the use of cip_magic only used once - MINOR: netscaler: rename cip_len to clarify its uage - BUG/MEDIUM: netscaler: use the appropriate IPv6 header size - BUG/MAJOR: netscaler: address truncated CIP header detection - CONTRIB: iprange: Fix compiler warning in iprange.c - CONTRIB: halog: Fix compiler warnings in halog.c - BUG/MINOR: h2: properly report a stream error on RST_STREAM - MINOR: mux: add flags to describe a mux's capabilities - MINOR: stream-int: set flag SI_FL_CLEAN_ABRT when mux supports clean aborts - BUG/MEDIUM: stream: don't consider abortonclose on muxes which close cleanly - MINOR: netscaler: check in one-shot if buffer is large enough for IP and TCP header - MEDIUM: netscaler: do not analyze original IP packet size - MEDIUM: netscaler: add support for standard NetScaler CIP protocol - BUG/MEDIUM: checks: a server passed in maint state was not forced down. - BUG/MEDIUM: lua: fix crash when using bogus mode in register_service() - MINOR: http: adjust the list of supposedly cacheable methods - MINOR: http: update the list of cacheable status codes as per RFC7231 - MINOR: http: start to compute the transaction's cacheability from the request - BUG/MINOR: http: do not ignore cache-control: public - BUG/MINOR: http: properly detect max-age=0 and s-maxage=0 in responses - BUG/MINOR: cache: do not force the TX_CACHEABLE flag before checking cacheability - MINOR: http: add a function to check request's cache-control header field - BUG/MEDIUM: cache: do not try to retrieve host-less requests from the cache - BUG/MEDIUM: cache: replace old object on store - BUG/MEDIUM: cache: respect the request cache-control header - BUG/MEDIUM: cache: don't cache the response on no-cache="set-cookie" - BUG/MAJOR: connection: refine the situations where we don't send shutw() - BUG/MEDIUM: checks: properly set servers to stopping state on 404 2017/12/03 : 1.8.1 - BUG/MEDIUM: kqueue: Don't bother closing the kqueue after fork. - DOC: cache: update sections and fix some typos - BUILD/MINOR: deviceatlas: enable thread support - BUG/MEDIUM: tcp-check: Don't lock the server in tcpcheck_main - BUG/MEDIUM: ssl: don't allocate shctx several time - BUG/MEDIUM: cache: bad computation of the remaining size - BUILD: checks: don't include server.h - BUG/MEDIUM: stream: fix session leak on applet-initiated connections - BUILD/MINOR: haproxy : FreeBSD/cpu affinity needs pthread_np header - BUG/MINOR: ssl: CO_FL_EARLY_DATA removal is managed by stream - BUG/MEDIUM: threads/peers: decrement, not increment jobs on quitting - BUG/MEDIUM: h2: don't report an error after parsing a 100-continue response - BUG/MEDIUM: peers: fix some track counter rules dont register entries for sync. - BUG/MAJOR: thread/peers: fix deadlock on peers sync. - BUILD/MINOR: haproxy: compiling config cpu parsing handling when needed - BUG/MINOR: mworker: fix validity check for the pipe FDs - BUG/MINOR: mworker: detach from tty when in daemon mode - MINOR: threads: Fix pthread_setaffinity_np on FreeBSD. - BUG/MAJOR: thread: Be sure to request a sync between threads only once at a time - BUILD: Fix LDFLAGS vs. LIBS re linking order in various makefiles - BUG/MEDIUM: checks: Be sure we have a mux if we created a cs. - BUG/MINOR: hpack: fix debugging output of pseudo header names - BUG/MINOR: hpack: must reject huffman literals padded with more than 7 bits - BUG/MINOR: hpack: reject invalid header index - BUG/MINOR: hpack: dynamic table size updates are only allowed before headers - BUG/MAJOR: h2: correctly check the request length when building an H1 request - BUG/MINOR: h2: immediately close if receiving GOAWAY after the last stream - BUG/MINOR: h2: try to abort closed streams as soon as possible - BUG/MINOR: h2: ":path" must not be empty - BUG/MINOR: h2: fix a typo causing PING/ACK to be responded to - BUG/MINOR: h2: the TE header if present may only contain trailers - BUG/MEDIUM: h2: enforce the per-connection stream limit - BUG/MINOR: h2: do not accept SETTINGS_ENABLE_PUSH other than 0 or 1 - BUG/MINOR: h2: reject incorrect stream dependencies on HEADERS frame - BUG/MINOR: h2: properly check PRIORITY frames - BUG/MINOR: h2: reject response pseudo-headers from requests - BUG/MEDIUM: h2: remove connection-specific headers from request - BUG/MEDIUM: h2: do not accept upper case letters in request header names - BUG/MINOR: h2: use the H2_F_DATA_* macros for DATA frames 2017/11/26 : 1.8.0 - BUG/MEDIUM: stream: don't automatically forward connect nor close - BUG/MAJOR: stream: ensure analysers are always called upon close - BUG/MINOR: stream-int: don't try to read again when CF_READ_DONTWAIT is set - MEDIUM: mworker: Add systemd `Type=notify` support - BUG/MEDIUM: cache: free callback to remove from tree - CLEANUP: cache: remove unused struct - MEDIUM: cache: enable the HTTP analysers - CLEANUP: cache: remove wrong comment - MINOR: threads/atomic: rename local variables in macros to avoid conflicts - MINOR: threads/plock: rename local variables in macros to avoid conflicts - MINOR: threads/atomic: implement pl_mb() in asm on x86 - MINOR: threads/atomic: implement pl_bts() on non-x86 - MINOR: threads/build: atomic: replace the few inlines with macros - BUILD: threads/plock: fix a build issue on Clang without optimization - BUILD: ebtree: don't redefine types u32/s32 in scope-aware trees - BUILD: compiler: add a new type modifier __maybe_unused - BUILD: h2: mark some inlined functions "unused" - BUILD: server: check->desc always exists - BUG/MEDIUM: h2: properly report connection errors in headers and data handlers - MEDIUM: h2: add a function to emit an HTTP/1 request from a headers list - MEDIUM: h2: change hpack_decode_headers() to only provide a list of headers - BUG/MEDIUM: h2: always reassemble the Cookie request header field - BUG/MINOR: systemd: ignore daemon mode - CONTRIB: spoa_example: allow to compile outside HAProxy. - CONTRIB: spoa_example: remove bref, wordlist, cond_wordlist - CONTRIB: spoa_example: remove last dependencies on type "sample" - CONTRIB: spoa_example: remove SPOE enums that are useless for clients - CLEANUP: cache: reorder includes - MEDIUM: shctx: use unsigned int for len and block_count - MEDIUM: cache: "show cache" on the cli - BUG/MEDIUM: cache: use key=0 as a condition for freeing - BUG/MEDIUM: cache: refcount forbids to free the objects - BUG/MEDIUM: cache fix cli_kws structure - BUG/MEDIUM: deinit: correctly deinitialize the proxy and global listener tasks - BUG/MINOR: ssl: Always start the handshake if we can't send early data. - MINOR: ssl: Don't disable early data handling if we could not write. - MINOR: pools: prepare functions to override malloc/free in pools - MINOR: pools: implement DEBUG_UAF to detect use after free - BUG/MEDIUM: threads/time: fix time drift correction - BUG/MEDIUM: threads/time: maintain a common time reference between all threads - MINOR: sample: Add "thread" sample fetch - BUG/MINOR: Use crt_base instead of ca_base when crt is parsed on a server line - BUG/MINOR: stream: fix tv_request calculation for applets - BUG/MAJOR: h2: always remove a stream from the send list before freeing it - BUG/MAJOR: threads/task: dequeue expired tasks under the WQ lock - MINOR: ssl: Handle reading early data after writing better. - MINOR: mux: Make sure every string is woken up after the handshake. - MEDIUM: cache: store sha1 for hashing the cache key - MINOR: http: implement the "http-request reject" rule - MINOR: h2: send RST_STREAM before GOAWAY on reject - MEDIUM: h2: don't gracefully close the connection anymore on Connection: close - MINOR: h2: make use of client-fin timeout after GOAWAY - MEDIUM: config: ensure that tune.bufsize is at least 16384 when using HTTP/2 - MINOR: ssl: Handle early data with BoringSSL - BUG/MEDIUM: stream: always release the stream-interface on abort - BUG/MEDIUM: cache: free ressources in chn_end_analyze - MINOR: cache: move the refcount decrease in the applet release - BUG/MINOR: listener: Allow multiple "process" options on "bind" lines - MINOR: config: Support a range to specify processes in "cpu-map" parameter - MINOR: config: Slightly change how parse_process_number works - MINOR: config: Export parse_process_number and use it wherever it's applicable - MINOR: standard: Add my_ffsl function to get the position of the bit set to one - MINOR: config: Add auto-increment feature for cpu-map - MINOR: config: Support partial ranges in cpu-map directive - MINOR:: config: Remove thread-map directive - MINOR: config: Add the threads support in cpu-map directive - MINOR: config: Add threads support for "process" option on "bind" lines - MEDIUM: listener: Bind listeners on a thread subset if specified - CLEANUP: debug: Use DPRINTF instead of fprintf into #ifdef DEBUG_FULL/#endif - CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning - MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" - CLEANUP: pools: rename all pool functions and pointers to remove this "2" - DOC: update the roadmap file with the latest changes merged in 1.8 - DOC: fix mangled version in peers protocol documentation - DOC: add initial peers protovol v2.0 documentation. - DOC: mention William as maintainer of the cache and master-worker - DOC: add Christopher and Emeric as maintainers of the threads - MINOR: cache: replace a fprint() by an abort() - MEDIUM: cache: max-age configuration keyword - DOC: explain HTTP2 timeout behavior - DOC: cache: configuration and management - MAJOR: mworker: exits the master on failure - BUG/MINOR: threads: don't drop "extern" on the lock in include files - MINOR: task: keep a pointer to the currently running task - MINOR: task: align the rq and wq locks - MINOR: fd: cache-align fdtab and fdcache locks - MINOR: buffers: cache-align buffer_wq_lock - CLEANUP: server: reorder some fields in struct server to save 40 bytes - CLEANUP: proxy: slightly reorder the struct proxy to reduce holes - CLEANUP: checks: remove 16 bytes of holes in struct check - CLEANUP: cache: more efficiently pack the struct cache - CLEANUP: fd: place the lock at the beginning of struct fdtab - CLEANUP: pools: align pools on a cache line - DOC: config: add a few bits about how to configure HTTP/2 - BUG/MAJOR: threads/queue: avoid recursive locking in pendconn_get_next_strm() - BUILD: Makefile: reorder object files by size 2017/11/19 : 1.8-rc4 - BUG/MEDIUM: cache: does not cache if no Content-Length - BUILD: thread/pipe: fix build without threads - BUG/MINOR: spoe: check buffer size before acquiring or releasing it - MINOR: debug/flags: Add missing flags - MINOR: threads: Use __decl_hathreads to declare locks - BUG/MINOR: buffers: Fix b_alloc_margin to be "fonctionnaly" thread-safe - BUG/MAJOR: ebtree/scope: fix insertion and removal of duplicates in scope-aware trees - BUG/MAJOR: ebtree/scope: fix lookup of next node in scope-aware trees - MINOR: ebtree/scope: add a function to find next node from a parent - MINOR: ebtree/scope: simplify the lookup functions by using eb32sc_next_with_parent() - BUG/MEDIUM: mworker: Fix re-exec when haproxy is started from PATH - BUG/MEDIUM: cache: use msg->sov to forward header - MINOR: cache: forward data with headers - MINOR: cache: disable cache if shctx_row_data_append fail - BUG/MINOR: threads: tid_bit must be a unsigned long - CLEANUP: tasks: Remove useless double test on rq_next - BUG/MEDIUM: standard: itao_str/idx and quote_str/idx must be thread-local - MINOR: tools: add a function to dump a scope-aware tree to a file - MINOR: tools: improve the DOT dump of the ebtree - MINOR: tools: emphasize the node being worked on in the tree dump - BUG/MAJOR: ebtree/scope: properly tag upper nodes during insertion - DOC: peers: Add a first version of peers protocol v2.1. - CONTRIB: Wireshark dissector for HAProxy Peer Protocol. - MINOR: mworker: display an accurate error when the reexec fail - BUG/MEDIUM: mworker: wait again for signals when execvp fail - BUG/MEDIUM: mworker: does not deinit anymore - BUG/MEDIUM: mworker: does not close inherited FD - MINOR: tests: add a python wrapper to test inherited fd - BUG/MINOR: Allocate the log buffers before the proxies startup - MINOR: tasks: Use a bitfield to track tasks activity per-thread - MAJOR: polling: Use active_tasks_mask instead of tasks_run_queue - MINOR: applets: Use a bitfield to track applets activity per-thread - MAJOR: polling: Use active_appels_mask instead of applets_active_queue - MEDIUM: applets: Don't process more than 200 active applets at once - MINOR: stream: Add thread-mask of tasks/FDs/applets in "show sess all" command - MINOR: SSL: Store the ASN1 representation of client sessions. - MINOR: ssl: Make sure we don't shutw the connection before the handshake. - BUG/MEDIUM: deviceatlas: ignore not valuable HTTP request data 2017/11/11 : 1.8-rc3 - BUILD: use MAXPATHLEN instead of NAME_MAX. - BUG/MAJOR: threads/checks: add 4 missing spin_unlock() in various functions - BUG/MAJOR: threads/server: missing unlock in CLI fqdn parser - BUG/MINOR: cli: do not perform an invalid action on "set server check-port" - BUG/MAJOR: threads/checks: wrong use of SPIN_LOCK instead of SPIN_UNLOCK - CLEANUP: checks: remove return statements in locked functions - BUG/MINOR: cli: add severity in "set server addr" parser - CLEANUP: server: get rid of return statements in the CLI parser - BUG/MAJOR: cli/streams: missing unlock on exit "show sess" - BUG/MAJOR: threads/dns: add missing unlock on allocation failure path - BUG/MAJOR: threads/lb: fix missing unlock on consistent hash LB - BUG/MAJOR: threads/lb: fix missing unlock on map-based hash LB - BUG/MEDIUM: threads/stick-tables: close a race condition on stktable_trash_expired() - BUG/MAJOR: h2: set the connection's task to NULL when no client timeout is set - BUG/MAJOR: thread/listeners: enable_listener must not call unbind_listener() - BUG/MEDIUM: threads: don't try to free build option message on exit - MINOR: applets: no need to check for runqueue's emptiness in appctx_res_wakeup() - MINOR: add master-worker in the warning about nbproc - MINOR: mworker: allow pidfile in mworker + foreground - MINOR: mworker: write parent pid in the pidfile - MINOR: mworker: do not store child pid anymore in the pidfile - MINOR: ebtree: implement the scope-aware functions for eb32 - MEDIUM: ebtree: specify the scope of every node inserted via eb32sc - MINOR: ebtree: update the eb32sc parent node's scope on delete - MEDIUM: ebtree: only consider the branches matching the scope in lookups - MINOR: ebtree: implement eb32sc_lookup_ge_or_first() - MAJOR: task: make use of the scope-aware ebtree functions - MINOR: task: simplify wake_expired_tasks() to avoid unlocking in the loop - MEDIUM: task: change the construction of the loop in process_runnable_tasks() - MINOR: threads: use faster locks for the spin locks - MINOR: tasks: only visit filled task slots after processing them - MEDIUM: tasks: implement a lockless scheduler for single-thread usage - BUG/MINOR: dns: Don't try to get the server lock if it's already held. - BUG/MINOR: dns: Don't lock the server lock in snr_check_ip_callback(). - DOC: Add note about encrypted password CPU usage - BUG/MINOR: h2: set the "HEADERS_SENT" flag on stream, not connection - BUG/MEDIUM: h2: properly send an RST_STREAM on mux stream error - BUG/MEDIUM: h2: properly send the GOAWAY frame in the mux - BUG/MEDIUM: h2: don't try (and fail) to send non-existing data in the mux - MEDIUM: h2: remove the H2_SS_RESET intermediate state - BUG/MEDIUM: h2: fix some wrong error codes on connections - BUILD: threads: Rename SPIN/RWLOCK macros using HA_ prefix - BUILD: enable USE_THREAD for Solaris build. - BUG/MEDIUM: h2: don't close the connection is there are data left - MINOR: h2: don't re-enable the connection's task when we're closing - BUG/MEDIUM: h2: properly set H2_SF_ES_SENT when sending the final frame - BUG/MINOR: h2: correctly check for H2_SF_ES_SENT before closing - MINOR: h2: add new stream flag H2_SF_OUTGOING_DATA - BUG/MINOR: h2: don't send GOAWAY on failed response - BUG/MEDIUM: splice/threads: pipe reuse list was not protected. - BUG/MINOR: comp: fix compilation warning compiling without compression. - BUG/MINOR: stream-int: don't set MSG_MORE on closed request path - BUG/MAJOR: threads/tasks: fix the scheduler again - BUG/MINOR; ssl: Don't assume we have a ssl_bind_conf because a SNI is matched. - MINOR: ssl: Handle session resumption with TLS 1.3 - MINOR: ssl: Spell 0x10101000L correctly. - MINOR: ssl: Handle sending early data to server. - BUILD: ssl: fix build of backend without ssl - BUILD: shctx: do not depend on openssl anymore - BUG/MINOR: h1: the HTTP/1 make status code parser check for digits - BUG/MEDIUM: h2: reject non-3-digit status codes - BUG/MEDIUM: stream-int: Don't loss write's notifs when a stream is woken up - BUG/MINOR: pattern: Rely on the sample type to copy it in pattern_exec_match - BUG/MEDIUM: h2: split the function to send RST_STREAM - BUG/MEDIUM: h1: ensure the chunk size parser can deal with full buffers - MINOR: tools: don't use unlikely() in hex2i() - BUG/MEDIUM: h2: support orphaned streams - BUG/MEDIUM: threads/cli: fix "show sess" locking on release - CLEANUP: mux: remove the unused "release()" function - MINOR: cli: make "show fd" report the fd's thread mask - BUG/MEDIUM: stream: don't ignore res.analyse_exp anymore - CLEANUP: global: introduce variable pid_bit to avoid shifts with relative_pid - MEDIUM: http: always reject the "PRI" method 2017/11/03 : 1.8-rc2 - BUG/MINOR: send-proxy-v2: fix dest_len in make_tlv call - BUG/MINOR: send-proxy-v2: string size must include ('\0') - MINOR: mux: Only define pipe functions on linux. - MINOR: cache: Remove useless test for nonzero. - MINOR: cache: Don't confuse act_return and act_parse_ret. - BUG/MEDIUM: h2: don't try to parse incomplete H1 responses - BUG/MEDIUM: checks/mux: always enable send-polling after connecting - BUG/MAJOR: fix deadlock on healthchecks. - BUG/MINOR: thread: fix a typo in the debug code - BUILD: shctx: allow to be built without openssl - BUG/MEDIUM: cache: don't try to resolve wrong filters - BUG/MAJOR: buffers: fix get_buffer_nc() for data at end of buffer - BUG/MINOR: freq: fix infinite loop on freq_ctr_period. - BUG/MINOR: stdarg.h inclusion - BUG/MINOR: dns: fix missing lock protection on server. - BUG/MINOR: lua: fix missing lock protection on server. - BUILD: enable USE_THREAD for OpenBSD build. - BUG/MAJOR: mux_pt: don't dereference a connstream after ->wake() - MINOR: thread: report multi-thread support in haproxy -vv 2017/10/31 : 1.8-rc1 - BUG/MEDIUM: server: Allocate tmptrash before using it. - CONTRIB: trace: add the possibility to place trace calls in the code - CONTRIB: trace: try to display the function's return value on exit - CONTRIB: trace: report the base name only for file names - BUILD: ssl: support OPENSSL_NO_ASYNC #define - MINOR: ssl: build with recent BoringSSL library - BUG/MINOR: ssl: OCSP_single_get0_status can return -1 - BUG/MINOR: cli: restore "set ssl tls-key" command - CLEANUP: cli: remove undocumented "set ssl tls-keys" command - IMPORT: sha1: import SHA1 functions - MINOR: sample: add the sha1 converter - MINOR: sample: add the hex2i converter - MINOR: stream-int: stop checking for useless connection flags in chk_snd_conn - MINOR: ssl: don't abort after sending 16kB - MINOR: connection: move the cleanup of flag CO_FL_WAIT_ROOM - MINOR: connection: add flag CO_FL_WILL_UPDATE to indicate when updates are granted - MEDIUM: connection: make use of CO_FL_WILL_UPDATE in conn_sock_shutw() - MINOR: raw_sock: make use of CO_FL_WILL_UPDATE - MINOR: ssl_sock: make use of CO_FL_WILL_UPDATE - BUG/MINOR: checks: Don't forget to release the connection on error case. - MINOR: buffer: add the buffer input manipulation functions - BUG/MEDIUM: prevent buffers being overwritten during build_logline() execution - MEDIUM: cfgparse: post section callback - MEDIUM: cfgparse: post parsing registration - MINOR: lua: add uuid to the Class Proxy - MINOR: hlua: Add regex class - MINOR: http: Mark the 425 code as "Too Early". - MEDIUM: ssl: convert CBS (BoringSSL api) usage to neutral code - MINOR: ssl: support Openssl 1.1.1 early callback for switchctx - MINOR: ssl: generated certificate is missing in switchctx early callback - MEDIUM: ssl: Handle early data with OpenSSL 1.1.1 - BUILD: Makefile: disable -Wunused-label - MINOR: ssl/proto_http: Add keywords to take care of early data. - BUG/MINOR: lua: const attribute of a string is overridden - MINOR: ssl: Don't abuse ssl_options. - MINOR: update proxy-protocol-v2 #define - MINOR: merge ssl_sock_get calls for log and ppv2 - MINOR: add ALPN information to send-proxy-v2 - MEDIUM: h1: ensure that 1xx, 204 and 304 don't have a payload body - CLEANUP: shctx: get ride of the shsess_packet{_hdr} structures - MEDIUM: lists: list_for_each_entry{_safe}_from functions - REORG: shctx: move lock functions and struct - MEDIUM: shctx: allow the use of multiple shctx - REORG: shctx: move ssl functions to ssl_sock.c - MEDIUM: shctx: separate ssl and shctx - MINOR: shctx: rename lock functions - MINOR: h1: store the status code in the H1 message - BUG/MINOR: spoe: Don't compare engine name and SPOE scope when both are NULL - BUG/MINOR: spoa: Update pointer on the end of the frame when a reply is encoded - MINOR: action: Add trk_idx inline function - MINOR: action: Use trk_idx instead of tcp/http_trk_idx - MINOR: action: Add a function pointer in act_rule struct to check its validity - MINOR: action: Add function to check rules using an action ACT_ACTION_TRK_* - MINOR: action: Add a functions to check http capture rules - MINOR: action: Factorize checks on rules calling check_ptr if defined - MINOR: acl: Pass the ACLs as an explicit parameter of build_acl_cond - MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages - MINOR: spoe: Check uniqness of SPOE engine names during config parsing - MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file - MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules - MINOR: spoe: Move message encoding in its own function - MINOR: spoe: Add a type to qualify the message list during encoding - MINOR: spoe: Add a generic function to encode a list of SPOE message - MEDIUM: spoe/rules: Process "send-spoe-group" action - BUG/MINOR: dns: Fix CLI keyword declaration - MAJOR: dns: Refactor the DNS code - BUG/MINOR: mailers: Fix a memory leak when email alerts are released - MEDIUM: mailers: Init alerts during conf parsing and refactor their processing - MINOR: mailers: Use pools to allocate email alerts and its tcpcheck_rules - MINOR: standard: Add memvprintf function - MINOR: log: Save alerts and warnings emitted during HAProxy startup - MINOR: cli: Add "show startup-logs" command - MINOR: startup: Extend the scope the MODE_STARTING flag - MINOR: threads: Prepare makefile to link with pthread - MINOR: threads: Add THREAD_LOCAL macro - MINOR: threads: Add atomic-ops and plock includes in import dir - MEDIUM: threads: Add hathreads header file - MINOR: threads: Add mechanism to register per-thread init/deinit functions - MINOR: threads: Add nbthread parameter - MEDIUM: threads: Adds a set of functions to handle sync-point - MAJOR: threads: Start threads to experiment multithreading - MINOR: threads: Define the sync-point inside run_poll_loop - MEDIUM: threads/buffers: Define and register per-thread init/deinit functions - MEDIUM: threads/chunks: Transform trash chunks in thread-local variables - MEDIUM: threads/time: Many global variables from time.h are now thread-local - MEDIUM: threads/logs: Make logs thread-safe - MEDIUM: threads/pool: Make pool thread-safe by locking all access to a pool - MAJOR: threads/fd: Make fd stuffs thread-safe - MINOR: threads/fd: Add a mask of threads allowed to process on each fd in fdtab array - MEDIUM: threads/fd: Initialize the process mask during the call to fd_insert - MINOR: threads/fd: Process cached events of FDs depending on the process mask - MINOR: threads/polling: pollers now handle FDs depending on the process mask - WIP: SQUASH WITH SYNC POINT - MAJOR: threads/task: handle multithread on task scheduler - MEDIUM: threads/signal: Add a lock to make signals thread-safe - MEDIUM: threads/listeners: Make listeners thread-safe - MEDIUM: threads/proxy: Add a lock per proxy and atomically update proxy vars - MEDIUM: threads/server: Make connection list (priv/idle/safe) thread-safe - MEDIUM: threads/server: Add a lock per server and atomically update server vars - MINOR: threads/server: Add a lock to deal with insert in updates_servers list - MEDIUM: threads/lb: Make LB algorithms (lb_*.c) thread-safe - MEDIUM: threads/stick-tables: handle multithreads on stick tables - MINOR: threads/sample: Change temp_smp into a thread local variable - MEDIUM: threads/http: Make http_capture_bad_message thread-safe - MINOR: threads/regex: Change Regex trash buffer into a thread local variable - MAJOR: threads/applet: Handle multithreading for applets - MAJOR: threads/peers: Make peers thread safe - MAJOR: threads/buffer: Make buffer wait queue thread safe - MEDIUM: threads/stream: Make streams list thread safe - MAJOR: threads/ssl: Make SSL part thread-safe - MEDIUM: threads/queue: Make queues thread-safe - MAJOR: threads/map: Make acls/maps thread safe - MEDIUM: threads/freq_ctr: Make the frequency counters thread-safe - MEDIUM: thread/vars: Make vars thread-safe - MEDIUM: threads/filters: Add init/deinit callback per thread - MINOR: threads/filters: Update trace filter to add _per_thread callbacks - MEDIUM: threads/compression: Make HTTP compression thread-safe - MEDIUM: threads/lua: Makes the jmpbuf and some other buffers local to the current thread. - MEDIUM: threads/lua: Add locks around the Lua execution parts. - MEDIUM: threads/lua: Ensure that the launched tasks runs on the same threads than me - MEDIUM: threads/lua: Cannot acces to the socket if we try to access from another thread. - MEDIUM: threads/xref: Convert xref function to a thread safe model - MEDIUM: threads/tasks: Add lock around notifications - MEDIUM: thread/spoe: Make the SPOE thread-safe - MEDIUM: thread/dns: Make DNS thread-safe - MINOR: threads: Add thread-map config parameter in the global section - MINOR: threads/checks: Add a lock to protect the pid list used by external checks - MINOR: threads/checks: Set the task process_mask when a check is executed - MINOR: threads/mailers: Add a lock to protect queues of email alerts - MEDIUM: threads/server: Use the server lock to protect health check and cli concurrency - MINOR: threads: Don't start when device a detection module is used - BUG/MEDIUM: threads: Run the poll loop on the main thread too - BUG/MINOR: threads: Add missing THREAD_LOCAL on static here and there - MAJOR: threads: Offically enable the threads support in HAProxy - BUG/MAJOR: threads/freq_ctr: fix lock on freq counters. - BUG/MAJOR: threads/time: Store the time deviation in an 64-bits integer - BUILD: stick-tables: silence an uninitialized variable warning - BUG/MINOR: dns: Fix SRV records with the new thread code. - MINOR: ssl: Remove the global allow-0rtt option. - CLEANUP: threads: replace the last few 1UL<detach() release the connection - MEDIUM: stream: do not forcefully close the client connection anymore - MEDIUM: checks: exclusively use cs_destroy() to release a connection - MEDIUM: connection: add a destroy callback - MINOR: session: release the listener with the session, not the stream - MEDIUM: session: make use of the connection's destroy callback - CONTRIB: hpack: implement a reverse huffman table generator for hpack - MINOR: hpack: implement the HPACK Huffman table decoder - MINOR: hpack: implement the header tables management - MINOR: hpack: implement the decoder - MEDIUM: hpack: implement basic hpack encoding - MINOR: h2: centralize all HTTP/2 protocol elements and constants - MINOR: h2: create a very minimalistic h2 mux - MINOR: h2: expose tune.h2.header-table-size to configure the table size - MINOR: h2: expose tune.h2.initial-window-size to configure the window size - MINOR: h2: expose tune.h2.max-concurrent-streams to limit the number of streams - MINOR: h2: create the h2c struct and allocate its pool - MINOR: h2: create the h2s struct and the associated pool - MINOR: h2: handle two extra stream states for errors - MINOR: h2: add a frame header descriptor for incoming frames - MEDIUM: h2: allocate and release the h2c context on connection init/end - MEDIUM: h2: implement basic recv/send/wake functions - MEDIUM: h2: dynamically allocate the demux buffer on Rx - MEDIUM: h2: implement the mux buffer allocator - MINOR: h2: add the connection and stream flags listing the causes for blocking - MINOR: h2: add function h2s_id() to report a stream's ID - MINOR: h2: small function to know when the mux is busy - MINOR: h2: new function h2c_error to mark an error on the connection - MINOR: h2: new function h2s_error() to mark an error on a stream - MINOR: h2: add h2_set_frame_size() to update the size in a binary frame - MINOR: h2: new function h2_peek_frame_hdr() to retrieve a new frame header - MINOR: h2: add a few functions to retrieve contents from a wrapping buffer - MINOR: h2: add stream lookup function based on the stream ID - MINOR: h2: create dummy idle and closed streams - MINOR: h2: add the function to create a new stream - MINOR: h2: update the {MUX,DEM}_{M,D}ALLOC flags on buffer availability - MEDIUM: h2: start to consider the H2_CF_{MUX,DEM}_* flags for polling - MINOR: h2: also terminate the connection on shutr - MEDIUM: h2: properly consider all conditions for end of connection - MEDIUM: h2: wake the connection up for send on pending streams - MEDIUM: h2: start to implement the frames processing loop - MINOR: h2: add a function to send a GOAWAY error frame - MINOR: h2: match the H2 connection preface on init - MEDIUM: h2: enable connection polling for send when a cs wants to emit - MEDIUM: h2: enable reading again on the connection if it was blocked on stream buffer full - MEDIUM: h2: process streams pending for sending - MINOR: h2: send a real SETTINGS frame based on the configuration - MEDIUM: h2: detect the presence of the first settings frame - MINOR: h2: create a stream parser for the demuxer - MINOR: h2: implement PING frames - MEDIUM: h2: decode SETTINGS frames and extract relevant settings - MINOR: h2: lookup the stream during demuxing - MEDIUM: h2: honor WINDOW_UPDATE frames - MINOR: h2: implement h2_send_rst_stream() to send RST_STREAM frames - MINOR: h2: handle CONTINUATION frames - MEDIUM: h2: partial implementation of h2_detach() - MEDIUM: h2: unblock a connection when its current stream detaches - MEDIUM: h2: basic processing of HEADERS frame - MEDIUM: h2: don't use trash to decode headers! - MEDIUM: h2: implement the response HEADERS frame to encode the H1 response - MEDIUM: h2: send the H1 response body as DATA frames - MEDIUM: h2: skip the response trailers if any - MEDIUM: h2: properly continue to parse header block when facing a 1xx response - MEDIUM: h2: send WINDOW_UPDATE frames for connection - MEDIUM: h2: handle request body in DATA frames - MINOR: h2: handle RST_STREAM frames - MEDIUM: h2: send DATA+ES or RST_STREAM on shutw/shutr - MINOR: h2: use a common function to signal some and all streams. - MEDIUM: h2: handle GOAWAY frames - MINOR: h2: centralize the check for the idle streams - MINOR: h2: centralize the check for the half-closed(remote) streams - MEDIUM: h2: silently ignore frames higher than last_id after GOAWAY - MINOR: h2: properly reject PUSH_PROMISE frames coming from the client - MEDIUM: h2: perform a graceful shutdown on "Connection: close" - MEDIUM: h2: send a GOAWAY frame when dealing with an empty response - MEDIUM: h2: apply a timeout to h2 connections - BUG/MEDIUM: h2: fix incorrect timeout handling on the connection - MEDIUM: shctx: forbid shctx to read more than expected - MEDIUM: cache: configuration parsing and initialization - MEDIUM: cache: store objects in cache - MEDIUM: cache: deliver objects from cache 2017/10/22 : 1.8-dev3 - REORG: ssl: move defines and methodVersions table upper - MEDIUM: ssl: ctx_set_version/ssl_set_version func for methodVersions table - MINOR: ssl: support ssl-min-ver and ssl-max-ver with crt-list - MEDIUM: ssl: disable SSLv3 per default for bind - BUG/MAJOR: ssl: fix segfault on connection close using async engines. - BUG/MAJOR: ssl: buffer overflow using offloaded ciphering on async engine - BUG/MINOR: ssl: do not call directly the conn_fd_handler from async_fd_handler - BUG/MINOR: haproxy/cli : fix for solaris/illumos distros for CMSG* macros - BUG/MEDIUM: build without openssl broken - BUG/MINOR: warning: need_resend may be used uninitialized - BUG/MEDIUM: misplaced exit and wrong exit code - BUG/MINOR: Makefile: fix compile error with USE_LUA=1 in ubuntu16.04 - BUILD: scripts: make publish-release support bare repositories - BUILD: scripts: add an automatic mode for publish-release - BUILD: scripts: add a "quiet" mode to publish-release - BUG/MAJOR: http: call manage_client_side_cookies() before erasing the buffer - BUG/MINOR: buffers: Fix bi/bo_contig_space to handle full buffers - CONTRIB: plug qdiscs: Plug queuing disciplines mini HOWTO. - BUG/MINOR: acls: Set the right refflag when patterns are loaded from a map - BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0 - BUG/MINOR: http/filters: Be sure to wait if a filter loops in HTTP_MSG_ENDING - BUG/MEDIUM: peers: Peers CLOSE_WAIT issue. - BUG/MAJOR: server: Segfault after parsing server state file. - BUG/MEDIUM: unix: never unlink a unix socket from the file system - scripts: create-release pass -n to tail - SCRIPTS: create-release: enforce GIT_COMMITTER_{NAME|EMAIL} validity - BUG/MEDIUM: fix segfault when no argument to -x option - MINOR: warning on multiple -x - MINOR: mworker: don't copy -x argument anymore in copy_argv() - BUG/MEDIUM: mworker: don't reuse PIDs passed to the master - BUG/MINOR: Wrong peer task expiration handling during synchronization processing. - BUG/MINOR: cfgparse: Check if tune.http.maxhdr is in the range 1..32767 - BUG/MINOR: log: pin the front connection when front ip/ports are logged - DOC: fix references to the section about the unix socket - BUG/MINOR: stream: flag TASK_WOKEN_RES not set if task in runqueue - MAJOR: task: task scheduler rework. - MINOR: task/stream: tasks related to a stream must be init by the caller. - MINOR: queue: Change pendconn_get_next_strm into private function - MINOR: backends: Change get_server_sh/get_server_uh into private function - MINOR: queue: Change pendconn_from_srv/pendconn_from_px into private functions - MEDIUM: stream: make stream_new() always set the target and analysers - MINOR: frontend: initialize HTTP layer after the debugging code - MINOR: connection: add a .get_alpn() method to xprt_ops - MINOR: ssl: add a get_alpn() method to ssl_sock - MINOR: frontend: retrieve the ALPN name when available - MINOR: frontend: report the connection's ALPN in the debug output - MINOR: stream: don't set backend's nor response analysers on SF_TUNNEL - MINOR: connection: send data before receiving - MAJOR: applet: applet scheduler rework. - BUG/MAJOR: frontend: don't dereference a null conn on outgoing connections - BUG/MAJOR: cli: fix custom io_release was crushed by NULL. - BUG/MAJOR: map: fix segfault during 'show map/acl' on cli. - BUG/MAJOR: compression: Be sure to release the compression state in all cases - MINOR: compression: Use a memory pool to allocate compression states - BUG/MAJOR: applet: fix a freeze if data is immedately forwarded. - DOC: fix references to the section about time format. - BUG/MEDIUM: map/acl: fix unwanted flags inheritance. - BUG/MAJOR: http: fix buffer overflow on loguri buffer. - MINOR: ssl: compare server certificate names to the SNI on outgoing connections - BUG/MINOR: stream: Don't forget to remove CF_WAKE_ONCE flag on response channel - BUG/MINOR: http: Don't reset the transaction if there are still data to send - BUG/MEDIUM: filters: Be sure to call flt_end_analyze for both channels - MINOR: peers: Add additional information to stick-table definition messages. - BUG/MINOR: http: properly handle all 1xx informational responses - OPTIM: ssl: don't consider a small ssl_read() as an indication of end of buffer - BUG/MINOR: peers: peer synchronization issue (with several peers sections). - CLEANUP: hdr_idx: make some function arguments const where possible - BUG/MINOR: Prevent a use-after-free on error scenario on option "-x". - BUG/MINOR: lua: In error case, the safe mode is not removed - BUG/MINOR: lua: executes the function destroying the Lua session in safe mode - BUG/MAJOR: lua/socket: resources not detroyed when the socket is aborted - BUG/MEDIUM: lua: bad memory access - BUG/MINOR: Lua: variable already initialized - DOC: update CONTRIBUTING regarding optional parts and message format - DOC: update the list of OpenSSL versions in the README - BUG/MINOR: http: Set the response error state in http_sync_res_state - MINOR: http: Reorder/rewrite checks in http_resync_states - MINOR: http: Switch requests/responses in TUNNEL mode only by checking txn flags - BUG/MEDIUM: http: Switch HTTP responses in TUNNEL mode when body length is undefined - MINOR: http: Rely on analyzers mask to end processing in forward_body functions - BUG/MINOR: http: Fix bug introduced in previous patch in http_resync_states - BUG/MINOR: contrib/modsecurity: BSD build fix - BUG/MINOR: contrib/mod_defender: build fix - BUG/MINOR: ssl: remove haproxy SSLv3 support when ssl lib have no SSLv3 - MINOR: ssl: remove an unecessary SSL_OP_NO_* dependancy - BUILD: ssl: fix compatibility with openssl without TLSEXT_signature_* - MINOR: tools: add a portable timegm() alternative - BUILD: lua: replace timegm() with my_timegm() to fix build on Solaris 10 - DOC: Updated 51Degrees git URL to point to a stable version. - BUG/MAJOR: http: Fix possible infinity loop in http_sync_(req|res)_state - MINOR: memory: remove macros - BUG/MINOR: lua: Fix Server.get_addr() port values - BUG/MINOR: lua: Correctly use INET6_ADDRSTRLEN in Server.get_addr() - MINOR: samples: Handle the type SMP_T_METH when we duplicate a sample in smp_dup - MINOR: samples: Handle the type SMP_T_METH in smp_is_safe and smp_is_rw - MINOR: samples: Don't allocate memory for SMP_T_METH sample when method is known - BUG/MINOR: lua: always detach the tcp/http tasks before freeing them - MINOR: task: always preinitialize the task's timeout in task_init() - CLEANUP: task: remove all initializations to TICK_ETERNITY after task_new() - BUG/MAJOR: lua: properly dequeue hlua_applet_wakeup() for new scheduler - MINOR: lua: Add proxy as member of proxy object. - DOC: lua: Proxy class doc update - MINOR: lua: Add lists of frontends and backends - BUG/MINOR: ssl: Fix check against SNI during server certificate verification - BUG/MINOR: ssl: make use of the name in SNI before verifyhost - MINOR: ssl: add a new error codes for wrong server certificates - BUG/MEDIUM: stream: don't retry SSL connections which fail the SNI name check - MINOR: ssl: add "no-ca-names" parameter for bind - BUG/MINOR: lua: Fix bitwise logic for hlua_server_check_* functions. - DOC: fix alphabetical order of "show commands" in management.txt - MINOR: listener: add a function to return a listener's state as a string - MINOR: cli: add a new "show fd" command - BUG/MEDIUM: ssl: Fix regression about certificates generation - MINOR: Add server port field to server state file. - MINOR: ssl: allow to start without certificate if strict-sni is set - MINOR: dns: Cache previous DNS answers. - MINOR: obj: Add a new type of object, OBJ_TYPE_SRVRQ. - Add a few functions to do unaligned access. - MINOR: dns: Handle SRV records. - MINOR: check: Fix checks when using SRV records. - MINOR: doc: Document SRV label usage. - BUILD/MINOR: cli: shut a minor gcc warning in "show fd" - BUILD: ssl: replace SSL_CTX_get0_privatekey for openssl < 1.0.2 - BUILD/MINOR: build without openssl still broken - BUG/MAJOR: stream: in stream_free(), close the front endpoint and not the origin - CLEANUP: raw_sock: Use a better name for the constructor than __ssl_sock_deinit() - MINOR: init: Fix CPU affinity setting on FreeBSD. - MINOR: dns: Update analysis of TRUNCATED response for SRV records - MINOR: dns: update record dname matching for SRV query types - MINOR: dns: update dns response buffer reading pointer due to SRV record - MINOR: dns: duplicate entries in resolution wait queue for SRV records - MINOR: dns: make debugging function dump_dns_config() compatible with SRV records - MINOR: dns: ability to use a SRV resolution for multiple backends - MINOR: dns: enable caching of responses for server set by a SRV record - MINOR: dns: new dns record type (RTYPE) for OPT - MINOR: dns: enabled edns0 extension and make accpeted payload size tunable - MINOR: dns: default "hold obsolete" timeout set to 0 - MINOR: chunks: add chunk_memcpy() and chunk_memcat() - MINOR: session: add a streams field to the session struct - MINOR: stream: link the stream to its session - MEDIUM: session: do not free a session until no stream references it - MINOR: ist: implement very simple indirect strings - TESTS: ist: add a test file for the functions - MINOR: http: export some of the HTTP parser macros - BUG/MINOR: Wrong type used as argument for spoe_decode_buffer(). - BUG/MINOR: dns: server set by SRV records stay in "no resolution" status - MINOR: dns: Maximum DNS udp payload set to 8192 - MINOR: dns: automatic reduction of DNS accpeted payload size - MINOR: dns: make SRV record processing more verbose - CLEANUP: dns: remove duplicated code in dns_resolve_recv() - CLEANUP: dns: remove duplicated code in dns_validate_dns_response() - BUG/MINOR: dns: wrong resolution interval lead to 100% CPU - BUG/MEDIUM: dns: fix accepted_payload_size parser to avoid integer overflow - BUG/MAJOR: lua: fix the impact of the scheduler changes again - BUG/MEDIUM: lua: HTTP services must take care of body-less status codes - MINOR: lua: properly process the contents of the content-length field - BUG/MEDIUM: stream: properly set the required HTTP analysers on use-service - OPTIM: lua: don't use expensive functions to parse headers in the HTTP applet - OPTIM: lua: don't add "Connection: close" on the response - REORG/MEDIUM: connection: introduce the notion of connection handle - BUG/MINOR: stream-int: don't check the CO_FL_CURR_WR_ENA flag - MEDIUM: connection: get rid of data->init() which was not for data - MEDIUM: stream: make stream_new() allocate its own task - CLEANUP: listener: remove the unused handler field - MEDIUM: session: add a pointer to a struct task in the session - MINOR: stream: provide a new stream creation function for connections - MEDIUM: connection: remove useless flag CO_FL_DATA_RD_SH - CLEANUP: connection: remove the unused conn_sock_shutw_pending() - MEDIUM: connection: remove useless flag CO_FL_DATA_WR_SH - DOC: add CLI info on privilege levels - DOC: Refer to Mozilla TLS info / config generator - MINOR: ssl: remove duplicate ssl_methods in struct bind_conf - BUG/MEDIUM: http: Fix a regression bug when a HTTP response is in TUNNEL mode - DOC: Add note about "* " prefix in CSV stats - CLEANUP: memory: Remove unused function pool_destroy - MINOR: listeners: Change listener_full and limit_listener into private functions - MINOR: listeners: Change enable_listener and disable_listener into private functions - MINOR: fd: Don't forget to reset fdtab[fd].update when a fd is added/removed - MINOR: fd: Set owner and iocb field before inserting a new fd in the fdtab - MINOR: backends: Make get_server_* functions explicitly static - MINOR: applet: Check applets_active_queue before processing applets queue - MINOR: chunks: Use dedicated function to init/deinit trash buffers - MEDIUM: chunks: Realloc trash buffers only after the config is parsed and checked - MINOR: logs: Use dedicated function to init/deinit log buffers - MINOR: logs: Realloc log buffers only after the config is parsed and checked - MINOR: buffers: Move swap_buffer into buffer.c and add deinit_buffer function - MINOR: stick-tables: Make static_table_key a struct variable instead of a pointer - MINOR: http: Use a trash chunk to store decoded string of the HTTP auth header - MINOR: fd: Add fd_active function - MINOR: fd: Use inlined functions to check fd state in fd_*_send/recv functions - MINOR: fd: Move (de)allocation of fdtab and fdinfo in (de)init_pollers - MINOR: freq_ctr: Return the new value after an update - MEDIUM: check: server states and weight propagation re-work - BUG/MEDIUM: epoll: ensure we always consider HUP and ERR - MINOR: fd: Add fd_update_events function - MINOR: polling: Use fd_update_events to update events seen for a fd - BUG/MINOR: server: Remove FQDN requirement for using init-addr and state file - Revert "BUG/MINOR: server: Remove FQDN requirement for using init-addr and state file" - MINOR: ssl: rework smp_fetch_ssl_fc_cl_str without internal ssl use - BUG/MEDIUM: http: Close streams for connections closed before a redirect - BUG/MINOR: Lua: The socket may be destroyed when we try to access. - MINOR: xref: Add a new xref system - MEDIUM: xref/lua: Use xref for referencing cosocket relation between stream and lua - MINOR: tasks: Move Lua notification from Lua to tasks - MINOR: net_helper: Inline functions meant to be inlined. - MINOR: cli: add socket commands and config to prepend informational messages with severity - MINOR: add severity information to cli feedback messages - BUILD: Makefile: add a function to detect support by the compiler of certain options - BUILD: Makefile: shut certain gcc/clang stupid warnings - BUILD: Makefile: improve detection of support for compiler warnings - MINOR: peers: don't reference the incoming listener on outgoing connections - MINOR: frontend: don't retrieve ALPN on the critical path - MINOR: protocols: always pass a "port" argument to the listener creation - MINOR: protocols: register the ->add function and stop calling them directly - MINOR: unix: remove the now unused proto_uxst.h file - MINOR: listeners: new function create_listeners - MINOR: listeners: make listeners count consistent with reality - MEDIUM: session: take care of incrementing/decrementing jobs - MINOR: listener: new function listener_release - MINOR: session: small cleanup of conn_complete_session() - MEDIUM: session: factor out duplicated code for conn_complete_session - MEDIUM: session: count the frontend's connections at a single place - BUG/MEDIUM: compression: Fix check on txn in smp_fetch_res_comp_algo - BUG/MINOR: compression: Check response headers before http-response rules eval - BUG/MINOR: spoe: Don't rely on SPOE ctx in debug message when its creation failed - BUG/MINOR: dns: Fix check on nameserver in snr_resolution_cb - MINOR: ssl: Remove useless checks on bind_conf or bind_conf->is_ssl - BUG/MINOR: contrib/mod_defender: close the va_list argp before return - BUG/MINOR: contrib/modsecurity: close the va_list ap before return - MINOR: tools: make my_htonll() more efficient on x86_64 - MINOR: buffer: add b_del() to delete a number of characters - MINOR: buffer: add b_end() and b_to_end() - MINOR: net_helper: add functions to read from vectors - MINOR: net_helper: add write functions - MINOR: net_helper: add 64-bit read/write functions - MINOR: connection: adjust CO_FL_NOTIFY_DATA after removal of flags - MINOR: ist: add a macro to ease const array initialization - BUG/MEDIUM: server: unwanted behavior leaving maintenance mode on tracked stopping server - BUG/MEDIUM: server: unwanted behavior leaving maintenance mode on tracked stopping server (take2) - BUG/MINOR: log: fixing small memory leak in error code path. - BUG/MINOR: contrib/halog: fixing small memory leak - BUG/MEDIUM: tcp/http: set-dst-port action broken - CLEANUUP: checks: don't set conn->handle.fd to -1 - BUG/MEDIUM: tcp-check: properly indicate polling state before performing I/O - BUG/MINOR: tcp-check: don't quit with pending data in the send buffer - BUG/MEDIUM: tcp-check: don't call tcpcheck_main() from the I/O handlers! - BUG/MINOR: unix: properly check for octal digits in the "mode" argument - MINOR: checks: make chk_report_conn_err() take a check, not a connection - CLEANUP: checks: remove misleading comments and statuses for external process - CLEANUP: checks: don't report report the fork() error twice - CLEANUP: checks: do not allocate a connection for process checks - TESTS: checks: add a simple test config for external checks - BUG/MINOR: tcp-check: don't initialize then break a connection starting with a comment - TESTS: checks: add a simple test config for tcp-checks - MINOR: tcp-check: make tcpcheck_main() take a check, not a connection - MINOR: checks: don't create then kill a dummy connection before tcp-checks - MEDIUM: checks: make tcpcheck_main() indicate if it recycled a connection - MEDIUM: checks: do not allocate a permanent connection anymore - BUG/MEDIUM: cli: fix "show fd" crash when dumping closed FDs - BUG/MEDIUM: http: Return an error when url_dec sample converter failed - BUG/MAJOR: stream-int: don't re-arm recv if send fails - BUILD/MINOR: 51d: fix warning when building with 51Degrees release version 3.2.12.12 - DOC: 51d: add 51Degrees git URL that points to release version 3.2.12.12 - DOC: 51d: Updated git URL and instructions for getting Hash Trie data files. - MINOR: compiler: restore the likely() wrapper for gcc 5.x - MINOR: session: remove the list of streams from struct session - DOC: fix some typos - MINOR: server: add the srv_queue() sample fetch method - MINOR: payload: add new sample fetch functions to process distcc protocol - MAJOR: servers: propagate server status changes asynchronously. - BUG/MEDIUM: ssl: fix OCSP expiry calculation - BUG/MINOR: stream-int: don't set MSG_MORE on SHUTW_NOW without AUTO_CLOSE - MINOR: server: Handle weight increase in consistent hash. - MINOR: checks: Add a new keyword to specify a SNI when doing SSL checks. - BUG/MINOR: tools: fix my_htonll() on x86_64 - BUG/MINOR: stats: Clear a bit more counters with in cli_parse_clear_counters(). - BUG/MAJOR: lua: scheduled task is freezing. - MINOR: buffer: add bo_del() to delete a number of characters from output - MINOR: buffer: add a function to match against string patterns - MINOR: buffer: add two functions to inject data into buffers - MINOR: buffer: add buffer_space_wraps() - REORG: channel: finally rename the last bi_* / bo_* functions - MINOR: buffer: add bo_getblk() and bo_getblk_nc() - MINOR: channel: make use of bo_getblk{,_nc} for their channel equivalents - MINOR: channel: make the channel be a const in all {ci,co}_get* functions - MINOR: ist: add ist0() to add a trailing zero to a string. - BUG/MEDIUM: log: check result details truncated. - MINOR: buffer: make bo_getblk_nc() not return 2 for a full buffer - REORG: http: move some very http1-specific parts to h1.{c,h} - REORG: http: move the HTTP/1 chunk parser to h1.{c,h} - REORG: http: move the HTTP/1 header block parser to h1.c - MEDIUM: http: make the chunk size parser only depend on the buffer - MEDIUM: http: make the chunk crlf parser only depend on the buffer - MINOR: h1: add struct h1m for basic HTTP/1 messages - MINOR: http: add very simple header management based on double strings - MEDIUM: h1: reimplement the http/1 response parser for the gateway - REORG: connection: rename CO_FL_DATA_* -> CO_FL_XPRT_* - MEDIUM: connection: make conn_sock_shutw() aware of lingering - MINOR: connection: ensure conn_ctrl_close() also resets the fd - MINOR: connection: add conn_stop_tracking() to disable tracking - MINOR: tcp: use conn_full_close() instead of conn_force_close() - MINOR: unix: use conn_full_close() instead of conn_force_close() - MINOR: checks: use conn_full_close() instead of conn_force_close() - MINOR: session: use conn_full_close() instead of conn_force_close() - MINOR: stream: use conn_full_close() instead of conn_force_close() - MINOR: stream: use conn_full_close() instead of conn_force_close() - MINOR: backend: use conn_full_close() instead of conn_force_close() - MINOR: stream-int: use conn_full_close() instead of conn_force_close() - MINOR: connection: remove conn_force_close() - BUG/MINOR: ssl: ocsp response with 'revoked' status is correct 2017/06/02 : 1.8-dev2 - CLEANUP: server: moving netinet/tcp.h inclusion - DOC: changed "block"(deprecated) examples to http-request deny - DOC: add few comments to examples. - DOC: update sample code for PROXY protocol - DOC: mention lighttpd 1.4.46 implements PROXY - MINOR server: Restrict dynamic cookie check to the same proxy. - DOC: stick-table is available in frontend sections - BUG/MINOR: server : no transparent proxy for DragonflyBSD - BUILD/MINOR: stats: remove unexpected argument to stats_dump_json_header() - BUILD/MINOR: tools: fix build warning in debug_hexdump() - BUG/MINOR: dns: Wrong address family used when creating IPv6 sockets. - BUG/MINOR: config: missing goto out after parsing an incorrect ACL character - BUG/MINOR: arg: don't try to add an argument on failed memory allocation - MEDIUM: server: Inherit CLI weight changes and agent-check weight responses - BUG/MEDIUM: arg: ensure that we properly unlink unresolved arguments on error - BUG/MEDIUM: acl: don't free unresolved args in prune_acl_expr() - BUG/MEDIUM: servers: unbreak server weight propagation - MINOR: lua: ensure the memory allocator is used all the time - MINOR: cli: Add a command to send listening sockets. - MINOR: global: Add an option to get the old listening sockets. - MINOR: tcp: When binding socket, attempt to reuse one from the old proc. - MINOR: doc: document the -x flag - MINOR: proxy: Don't close FDs if not our proxy. - MINOR: socket transfer: Set a timeout on the socket. - MINOR: systemd wrapper: add support for passing the -x option. - BUG/MINOR: server: Fix a wrong error message during 'usesrc' keyword parsing. - BUG/MAJOR: Broken parsing for valid keywords provided after 'source' setting. - CLEANUP: logs: typo: simgle => single - BUG/MEDIUM: acl: proprely release unused args in prune_acl_expr() - MEDIUM: config: don't check config validity when there are fatal errors - BUG/MAJOR: Use -fwrapv. - BUG/MINOR: server: don't use "proxy" when px is really meant. - BUG/MEDIUM: http: Drop the connection establishment when a redirect is performed - BUG/MINOR: server: missing default server 'resolvers' setting duplication. - MINOR: server: Extract the code responsible of copying default-server settings. - MINOR: server: Extract the code which finalizes server initializations after 'server' lines parsing. - MINOR: server: Add 'server-template' new keyword supported in backend sections. - MINOR: server: Add server_template_init() function to initialize servers from a templates. - DOC: Add documentation for new "server-template" keyword. - DOC: add layer 4 links/cross reference to "block" keyword. - DOC: errloc/errorloc302/errorloc303 missing status codes. - BUG/MEDIUM: lua: memory leak - CLEANUP: lua: remove test - BUG/MINOR: hash-balance-factor isn't effective in certain circumstances - BUG/MINOR: change header-declared function to static inline - REORG: spoe: move spoe_encode_varint / spoe_decode_varint from spoe to common - MINOR: Add binary encoding request header sample fetch - MINOR: proto-http: Add sample fetch wich returns all HTTP headers - MINOR: Add ModSecurity wrapper as contrib - BUG/MINOR: ssl: fix warnings about methods for opensslv1.1. - DOC: update RFC references - CONTRIB: tcploop: add action "X" to execute a command - MINOR: server: cli: Add server FQDNs to server-state file and stats socket. - BUG/MINOR: contrib/mod_security: fix build on FreeBSD - BUG/MINOR: checks: don't send proxy protocol with agent checks - MINOR: ssl: add prefer-client-ciphers - MEDIUM: ssl: revert ssl/tls version settings relative to default-server. - MEDIUM: ssl: ssl_methods implementation is reworked and factored for min/max tlsxx - MEDIUM: ssl: calculate the real min/max TLS version and find holes - MINOR: ssl: support TLSv1.3 for bind and server - MINOR: ssl: show methods supported by openssl - MEDIUM: ssl: add ssl-min-ver and ssl-max-ver parameters for bind and server - MEDIUM: ssl: ssl-min-ver and ssl-max-ver compatibility. - CLEANUP: retire obsoleted USE_GETSOCKNAME build option - BUG/MAJOR: dns: Broken kqueue events handling (BSD systems). - MINOR: sample: Add b64dec sample converter - BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return anything - MINOR: cli: add ACCESS_LVL_MASK to store the access level - MINOR: cli: add 'expose-fd listeners' to pass listeners FDs - MEDIUM: proxy: zombify proxies only when the expose-fd socket is bound - MEDIUM: ssl: add basic support for OpenSSL crypto engine - MAJOR: ssl: add openssl async mode support - MEDIUM: ssl: handle multiple async engines - MINOR: boringssl: basic support for OCSP Stapling - MEDIUM: mworker: replace systemd mode by master worker mode - MEDIUM: mworker: handle reload and signals - MEDIUM: mworker: wait mode on reload failure - MEDIUM: mworker: try to guess the next stats socket to use with -x - MEDIUM: mworker: exit-on-failure option - MEDIUM: mworker: workers exit when the master leaves - DOC: add documentation for the master-worker mode - MEDIUM: systemd: Type=forking in unit file - MAJOR: systemd-wrapper: get rid of the wrapper - MINOR: log: Add logurilen tunable. - CLEANUP: server.c: missing prototype of srv_free_dns_resolution - MINOR: dns: smallest DNS fqdn size - MINOR: dns: functions to manage memory for a DNS resolution structure - MINOR: dns: parse_server() now uses srv_alloc_dns_resolution() - REORG: dns: dns_option structure, storage of hostname_dn - MINOR: dns: new snr_check_ip_callback function - MAJOR: dns: save a copy of the DNS response in struct resolution - MINOR: dns: implement a LRU cache for DNS resolutions - MINOR: dns: make 'ancount' field to match the number of saved records - MINOR: dns: introduce roundrobin into the internal cache (WIP) - MAJOR/REORG: dns: DNS resolution task and requester queues - BUILD: ssl: fix build with OPENSSL_NO_ENGINE - MINOR: Add Mod Defender integration as contrib - CLEANUP: str2mask return code comment: non-zero -> zero. - MINOR: tools: make debug_hexdump() use a const char for the string - MINOR: tools: make debug_hexdump() take a string prefix - CLEANUP: connection: remove unused CO_FL_WAIT_DATA 2017/04/03 : 1.8-dev1 - BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos - BUG/MINOR: stats: make field_str() return an empty string on NULL - DOC: Spelling fixes - BUG/MEDIUM: http: Fix tunnel mode when the CONNECT method is used - BUG/MINOR: http: Keep the same behavior between 1.6 and 1.7 for tunneled txn - BUG/MINOR: filters: Protect args in macros HAS_DATA_FILTERS and IS_DATA_FILTER - BUG/MINOR: filters: Invert evaluation order of HTTP_XFER_BODY and XFER_DATA analyzers - BUG/MINOR: http: Call XFER_DATA analyzer when HTTP txn is switched in tunnel mode - BUG/MAJOR: stream: fix session abort on resource shortage - OPTIM: stream-int: don't disable polling anymore on DONT_READ - BUG/MINOR: cli: allow the backslash to be escaped on the CLI - BUG/MEDIUM: cli: fix "show stat resolvers" and "show tls-keys" - DOC: Fix map table's format - DOC: Added 51Degrees conv and fetch functions to documentation. - BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect - DOC: mention that req_tot is for both frontends and backends - BUG/MEDIUM: variables: some variable name can hide another ones - MINOR: lua: Allow argument for actions - BUILD: rearrange target files by build time - CLEANUP: hlua: just indent functions - MINOR: lua: give HAProxy variable access to the applets - BUG/MINOR: stats: fix be/sessions/max output in html stats - MINOR: proxy: Add fe_name/be_name fetchers next to existing fe_id/be_id - DOC: lua: Documentation about some entry missing - DOC: lua: Add documentation about variable manipulation from applet - MINOR: Do not forward the header "Expect: 100-continue" when the option http-buffer-request is set - DOC: Add undocumented argument of the trace filter - DOC: Fix some typo in SPOE documentation - MINOR: cli: Remove useless call to bi_putchk - BUG/MINOR: cli: be sure to always warn the cli applet when input buffer is full - MINOR: applet: Count number of (active) applets - MINOR: task: Rename run_queue and run_queue_cur counters - BUG/MEDIUM: stream: Save unprocessed events for a stream - BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled - BUILD/MEDIUM: Fixing the build using LibreSSL - BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2) - SCRIPTS: git-show-backports: fix a harmless typo - SCRIPTS: git-show-backports: add -H to use the hash of the commit message - BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW - CLEANUP: applet/lua: create a dedicated ->fcn entry in hlua_cli context - CLEANUP: applet/table: add an "action" entry in ->table context - CLEANUP: applet: remove the now unused appctx->private field - DOC: lua: documentation about time parser functions - DOC: lua: improve links - DOC: lua: section declared twice - MEDIUM: cli: 'show cli sockets' list the CLI sockets - BUG/MINOR: cli: "show cli sockets" wouldn't list all processes - BUG/MINOR: cli: "show cli sockets" would always report process 64 - CLEANUP: lua: rename one of the lua appctx union - BUG/MINOR: lua/cli: bad error message - MEDIUM: lua: use memory pool for hlua struct in applets - MINOR: lua/signals: Remove Lua part from signals. - DOC: cli: show cli sockets - MINOR: cli: automatically enable a CLI I/O handler when there's no parser - CLEANUP: memory: remove the now unused cli_parse_show_pools() function - CLEANUP: applet: group all CLI contexts together - CLEANUP: stats: move a misplaced stats context initialization - MINOR: cli: add two general purpose pointers and integers in the CLI struct - MINOR: appctx/cli: remove the cli_socket entry from the appctx union - MINOR: appctx/cli: remove the env entry from the appctx union - MINOR: appctx/cli: remove the "be" entry from the appctx union - MINOR: appctx/cli: remove the "dns" entry from the appctx union - MINOR: appctx/cli: remove the "server_state" entry from the appctx union - MINOR: appctx/cli: remove the "tlskeys" entry from the appctx union - CONTRIB: tcploop: add limits.h to fix build issue with some compilers - MINOR/DOC: lua: just precise one thing - DOC: fix small typo in fe_id (backend instead of frontend) - BUG/MINOR: Fix the sending function in Lua's cosocket - BUG/MINOR: lua: memory leak executing tasks - BUG/MINOR: lua: bad return code - BUG/MINOR: lua: memleak when Lua/cli fails - MEDIUM: lua: remove Lua struct from session, and allocate it with memory pools - CLEANUP: haproxy: statify unexported functions - MINOR: haproxy: add a registration for build options - CLEANUP: wurfl: use the build options list to report it - CLEANUP: 51d: use the build options list to report it - CLEANUP: da: use the build options list to report it - CLEANUP: namespaces: use the build options list to report it - CLEANUP: tcp: use the build options list to report transparent modes - CLEANUP: lua: use the build options list to report it - CLEANUP: regex: use the build options list to report the regex type - CLEANUP: ssl: use the build options list to report the SSL details - CLEANUP: compression: use the build options list to report the algos - CLEANUP: auth: use the build options list to report its support - MINOR: haproxy: add a registration for post-check functions - CLEANUP: checks: make use of the post-init registration to start checks - CLEANUP: filters: use the function registration to initialize all proxies - CLEANUP: wurfl: make use of the late init registration - CLEANUP: 51d: make use of the late init registration - CLEANUP: da: make use of the late init registration code - MINOR: haproxy: add a registration for post-deinit functions - CLEANUP: wurfl: register the deinit function via the dedicated list - CLEANUP: 51d: register the deinitialization function - CLEANUP: da: register the deinitialization function - CLEANUP: wurfl: move global settings out of the global section - CLEANUP: 51d: move global settings out of the global section - CLEANUP: da: move global settings out of the global section - MINOR: cfgparse: add two new functions to check arguments count - MINOR: cfgparse: move parsing of "ca-base" and "crt-base" to ssl_sock - MEDIUM: cfgparse: move all tune.ssl.* keywords to ssl_sock - MEDIUM: cfgparse: move maxsslconn parsing to ssl_sock - MINOR: cfgparse: move parsing of ssl-default-{bind,server}-ciphers to ssl_sock - MEDIUM: cfgparse: move ssl-dh-param-file parsing to ssl_sock - MEDIUM: compression: move the zlib-specific stuff from global.h to compression.c - BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake - BUG/MEDIUM: ssl: avoid double free when releasing bind_confs - BUG/MINOR: stats: fix be/sessions/current out in typed stats - MINOR: tcp-rules: check that the listener exists before updating its counters - MEDIUM: spoe: don't create a dummy listener for outgoing connections - MINOR: listener: move the transport layer pointer to the bind_conf - MEDIUM: move listener->frontend to bind_conf->frontend - MEDIUM: ssl: remote the proxy argument from most functions - MINOR: connection: add a new prepare_bind_conf() entry to xprt_ops - MEDIUM: ssl_sock: implement ssl_sock_prepare_bind_conf() - MINOR: connection: add a new destroy_bind_conf() entry to xprt_ops - MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf() - MINOR: server: move the use_ssl field out of the ifdef USE_OPENSSL - MINOR: connection: add a minimal transport layer registration system - CLEANUP: connection: remove all direct references to raw_sock and ssl_sock - CLEANUP: connection: unexport raw_sock and ssl_sock - MINOR: connection: add new prepare_srv()/destroy_srv() entries to xprt_ops - MINOR: ssl_sock: implement and use prepare_srv()/destroy_srv() - CLEANUP: ssl: move tlskeys_finalize_config() to a post_check callback - CLEANUP: ssl: move most ssl-specific global settings to ssl_sock.c - BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled - BUG/MEDIUM: ssl: for a handshake when server-side SNI changes - BUG/MINOR: systemd: potential zombie processes - DOC: Add timings events schemas - BUILD: lua: build failed on FreeBSD. - MINOR: samples: add xx-hash functions - MEDIUM: regex: pcre2 support - BUG/MINOR: option prefer-last-server must be ignored in some case - MINOR: stats: Support "select all" for backend actions - BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches sc*_get_gpt0 - BUG/MAJOR: channel: Fix the definition order of channel analyzers - BUG/MINOR: http: report real parser state in error captures - BUILD: scripts: automatically update the branch in version.h when releasing - MINOR: tools: add a generic hexdump function for debugging - BUG/MAJOR: http: fix risk of getting invalid reports of bad requests - MINOR: http: custom status reason. - MINOR: connection: add sample fetch "fc_rcvd_proxy" - BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options - BUG/MINOR: tools: fix off-by-one in port size check - BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family - MEDIUM: server: split the address and the port into two different fields - MINOR: tools: make str2sa_range() return the port in a separate argument - MINOR: server: take the destination port from the port field, not the addr - MEDIUM: server: disable protocol validations when the server doesn't resolve - BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0 - BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage - BUG/MINOR: ssl: assert on SSL_set_shutdown with BoringSSL - MINOR: Use "500 Internal Server Error" for 500 error/status code message. - MINOR: proto_http.c 502 error txt typo. - DOC: add deprecation notice to "block" - MINOR: compression: fix -vv output without zlib/slz - BUG/MINOR: Reset errno variable before calling strtol(3) - MINOR: ssl: don't show prefer-server-ciphers output - OPTIM/MINOR: config: Optimize fullconn automatic computation loading configuration - BUG/MINOR: stream: Fix how backend-specific analyzers are set on a stream - MAJOR: ssl: bind configuration per certificat - MINOR: ssl: add curve suite for ECDHE negotiation - MINOR: checks: Add agent-addr config directive - MINOR: cli: Add possiblity to change agent config via CLI/socket - MINOR: doc: Add docs for agent-addr configuration variable - MINOR: doc: Add docs for agent-addr and agent-send CLI commands - BUILD: ssl: fix to build (again) with boringssl - BUILD: ssl: fix build on OpenSSL 1.0.0 - BUILD: ssl: silence a warning reported for ERR_remove_state() - BUILD: ssl: eliminate warning with OpenSSL 1.1.0 regarding RAND_pseudo_bytes() - BUILD: ssl: kill a build warning introduced by BoringSSL compatibility - BUG/MEDIUM: tcp: don't poll for write when connect() succeeds - BUG/MINOR: unix: fix connect's polling in case no data are scheduled - MINOR: server: extend the flags to 32 bits - BUG/MINOR: lua: Map.end are not reliable because "end" is a reserved keyword - MINOR: dns: give ability to dns_init_resolvers() to close a socket when requested - BUG/MAJOR: dns: restart sockets after fork() - MINOR: chunks: implement a simple dynamic allocator for trash buffers - BUG/MEDIUM: http: prevent redirect from overwriting a buffer - BUG/MEDIUM: filters: Do not truncate HTTP response when body length is undefined - BUG/MEDIUM: http: Prevent replace-header from overwriting a buffer - BUG/MINOR: http: Return an error when a replace-header rule failed on the response - BUG/MINOR: sendmail: The return of vsnprintf is not cleanly tested - BUG/MAJOR: ssl: fix a regression in ssl_sock_shutw() - BUG/MAJOR: lua segmentation fault when the request is like 'GET ?arg=val HTTP/1.1' - BUG/MEDIUM: config: reject anything but "if" or "unless" after a use-backend rule - MINOR: http: don't close when redirect location doesn't start with "/" - MEDIUM: boringssl: support native multi-cert selection without bundling - BUG/MEDIUM: ssl: fix verify/ca-file per certificate - BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING - MINOR: ssl: removes SSL_CTX_set_ssl_version call and cleanup CTX creation. - BUILD: ssl: fix build with -DOPENSSL_NO_DH - MEDIUM: ssl: add new sample-fetch which captures the cipherlist - MEDIUM: ssl: remove ssl-options from crt-list - BUG/MEDIUM: ssl: in bind line, ssl-options after 'crt' are ignored. - BUG/MINOR: ssl: fix cipherlist captures with sustainable SSL calls - MINOR: ssl: improved cipherlist captures - BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters - BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section - MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents - MINOR: spoe: Add support for pipelining/async capabilities in the SPOA example - MINOR: spoe: Remove SPOE details from the appctx structure - MINOR: spoe: Add status code in error variable instead of hardcoded value - MINOR: spoe: Send a log message when an error occurred during event processing - MINOR: spoe: Check the scope of sample fetches used in SPOE messages - MEDIUM: spoe: Be sure to wakeup the good entity waiting for a buffer - MINOR: spoe: Use the min of all known max_frame_size to encode messages - MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames - MINOR: spoe: Add support for fragmentation capability in the SPOA example - MAJOR: spoe: refactor the filter to clean up the code - MINOR: spoe: Handle NOTIFY frames cancellation using ABORT bit in ACK frames - REORG: spoe: Move struct and enum definitions in dedicated header file - REORG: spoe: Move low-level encoding/decoding functions in dedicated header file - MINOR: spoe: Improve implementation of the payload fragmentation - MINOR: spoe: Add support of negation for options in SPOE configuration file - MINOR: spoe: Add "pipelining" and "async" options in spoe-agent section - MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing - MINOR: spoe: Add "send-frag-payload" option in spoe-agent section - MINOR: spoe: Add "max-frame-size" statement in spoe-agent section - DOC: spoe: Update SPOE documentation to reflect recent changes - MINOR: config: warn when some HTTP rules are used in a TCP proxy - BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file - BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup - BUG/MINOR: Fix "get map " CLI command - MINOR: Add nbsrv sample converter - CLEANUP: Replace repeated code to count usable servers with be_usable_srv() - MINOR: Add hostname sample fetch - CLEANUP: Remove comment that's no longer valid - MEDIUM: http_error_message: txn->status / http_get_status_idx. - MINOR: http-request tarpit deny_status. - CLEANUP: http: make http_server_error() not set the status anymore - MEDIUM: stats: Add JSON output option to show (info|stat) - MEDIUM: stats: Add show json schema - BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer - MINOR: server: Add dynamic session cookies. - MINOR: cli: Let configure the dynamic cookies from the cli. - BUG/MINOR: checks: attempt clean shutw for SSL check - CONTRIB: tcploop: make it build on FreeBSD - CONTRIB: tcploop: fix time format to silence build warnings - CONTRIB: tcploop: report action 'K' (kill) in usage message - CONTRIB: tcploop: fix connect's address length - CONTRIB: tcploop: use the trash instead of NULL for recv() - BUG/MEDIUM: listener: do not try to rebind another process' socket - BUG/MEDIUM server: Fix crash when dynamic is defined, but not key is provided. - CLEANUP: config: Typo in comment. - BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze - TESTS: add a test configuration to stress handshake combinations - BUG/MAJOR: stream-int: do not depend on connection flags to detect connection - BUG/MEDIUM: connection: ensure to always report the end of handshakes - MEDIUM: connection: don't test for CO_FL_WAKE_DATA - CLEANUP: connection: completely remove CO_FL_WAKE_DATA - BUG: payload: fix payload not retrieving arbitrary lengths - BUILD: ssl: simplify SSL_CTX_set_ecdh_auto compatibility - BUILD: ssl: fix OPENSSL_NO_SSL_TRACE for boringssl and libressl - BUG/MAJOR: http: fix typo in http_apply_redirect_rule - MINOR: doc: 2.4. Examples should be 2.5. Examples - BUG/MEDIUM: stream: fix client-fin/server-fin handling - MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller - BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available - OPTIM: poll: enable support for POLLRDHUP - MINOR: kqueue: exclusively rely on the kqueue returned status - MEDIUM: kqueue: take care of EV_EOF to improve polling status accuracy - MEDIUM: kqueue: only set FD_POLL_IN when there are pending data - DOC/MINOR: Fix typos in proxy protocol doc - DOC: Protocol doc: add checksum, TLV type ranges - DOC: Protocol doc: add SSL TLVs, rename CHECKSUM - DOC: Protocol doc: add noop TLV - MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time - MINOR: dns: improve DNS response parsing to use as many available records as possible - BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity(). - MINOR: server: irrelevant error message with 'default-server' config file keyword. - MINOR: server: Make 'default-server' support 'backup' keyword. - MINOR: server: Make 'default-server' support 'check-send-proxy' keyword. - CLEANUP: server: code alignement. - MINOR: server: Make 'default-server' support 'non-stick' keyword. - MINOR: server: Make 'default-server' support 'send-proxy' and 'send-proxy-v2 keywords. - MINOR: server: Make 'default-server' support 'check-ssl' keyword. - MINOR: server: Make 'default-server' support 'force-sslv3' and 'force-tlsv1[0-2]' keywords. - CLEANUP: server: code alignement. - MINOR: server: Make 'default-server' support 'no-ssl*' and 'no-tlsv*' keywords. - MINOR: server: Make 'default-server' support 'ssl' keyword. - MINOR: server: Make 'default-server' support 'send-proxy-v2-ssl*' keywords. - CLEANUP: server: code alignement. - MINOR: server: Make 'default-server' support 'verify' keyword. - MINOR: server: Make 'default-server' support 'verifyhost' setting. - MINOR: server: Make 'default-server' support 'check' keyword. - MINOR: server: Make 'default-server' support 'track' setting. - MINOR: server: Make 'default-server' support 'ca-file', 'crl-file' and 'crt' settings. - MINOR: server: Make 'default-server' support 'redir' keyword. - MINOR: server: Make 'default-server' support 'observe' keyword. - MINOR: server: Make 'default-server' support 'cookie' keyword. - MINOR: server: Make 'default-server' support 'ciphers' keyword. - MINOR: server: Make 'default-server' support 'tcp-ut' keyword. - MINOR: server: Make 'default-server' support 'namespace' keyword. - MINOR: server: Make 'default-server' support 'source' keyword. - MINOR: server: Make 'default-server' support 'sni' keyword. - MINOR: server: Make 'default-server' support 'addr' keyword. - MINOR: server: Make 'default-server' support 'disabled' keyword. - MINOR: server: Add 'no-agent-check' server keyword. - DOC: server: Add docs for "server" and "default-server" new "no-*" and other settings. - MINOR: doc: fix use-server example (imap vs mail) - BUG/MEDIUM: tcp: don't require privileges to bind to device - BUILD: make the release script use shortlog for the final changelog - BUILD: scripts: fix typo in announce-release error message - CLEANUP: time: curr_sec_ms doesn't need to be exported - BUG/MEDIUM: server: Wrong server default CRT filenames initialization. - BUG/MEDIUM: peers: fix buffer overflow control in intdecode. - BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers - BUG/MINOR: http: Fix conditions to clean up a txn and to handle the next request - CLEANUP: http: Remove channel_congested function - CLEANUP: buffers: Remove buffer_bounce_realign function - CLEANUP: buffers: Remove buffer_contig_area and buffer_work_area functions - MINOR: http: remove useless check on HTTP_MSGF_XFER_LEN for the request - MINOR: http: Add debug messages when HTTP body analyzers are called - BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled - BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze - DOC: fix parenthesis and add missing "Example" tags - DOC: update the contributing file - DOC: log-format/tcplog/httplog update - MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections 2016/11/25 : 1.8-dev0 2016/11/25 : 1.7.0 - SCRIPTS: make publish-release also copy the new SPOE doc - BUILD: http: include types/sample.h in proto_http.h - BUILD: debug/flags: remove test for SF_COMP_READY - CONTRIB: debug/flags: add check for SF_ERR_CHK_PORT - MINOR: lua: add function which return true if the channel is full. - MINOR: lua: add ip addresses and network manipulation function - CONTRIB: tcploop: scriptable TCP I/O for debugging purposes - CONTRIB: tcploop: implement fork() - CONTRIB: tcploop: implement logging when called with -v - CONTRIB: tcploop: update the usage output - CONTRIB: tcploop: support sending plain strings - CONTRIB: tcploop: don't report failed send() or recv() - CONTRIB: tcploop: add basic loops via a jump instruction - BUG/MEDIUM: channel: bad unlikely macro - CLEANUP: lua: move comment - CLEANUP: lua: control executed twice - BUG/MEDIUM: ssl: Store certificate filename in a variable - BUG/MINOR: ssl: Print correct filename when error occurs reading OCSP - CLEANUP: ssl: Remove goto after return dead code - CLEANUP: ssl: Fix bind keywords name in comments - DOC: ssl: Use correct wording for ca-sign-pass - CLEANUP: lua: avoid directly calling getsockname/getpeername() - BUG/MINOR: stick-table: handle out-of-memory condition gracefully - MINOR: cli: add private pointer and release function - MEDIUM: lua: Add cli handler for Lua - BUG/MEDIUM: connection: check the control layer before stopping polling - DEBUG: connection: mark the closed FDs with a value that is easier to detect - BUG/MEDIUM: stick-table: fix regression caused by recent fix for out-of-memory - BUG/MINOR: cli: properly decrement ref count on tables during failed dumps - BUG/MEDIUM: lua: In some case, the return of sample-fetche is ignored - MINOR: filters: Add check_timeouts callback to handle timers expiration on streams - MINOR: spoe: Add 'timeout processing' option to limit time to process an event - MINOR: spoe: Remove useless 'timeout ack' option - MINOR: spoe: Add 'option continue-on-error' statement in spoe-agent section - MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements - MINOR: spoe: Add "option set-on-error" statement - MINOR: stats: correct documentation of process ID for typed output - BUILD: contrib: fix ip6range build on Centos 7 - BUILD: fix build on Solaris 10/11 - BUG/MINOR: cli: fix pointer size when reporting data/transport layer name - BUG/MINOR: cli: dequeue from the proxy when changing a maxconn - BUG/MINOR: cli: wake up the CLI's task after a timeout update - MINOR: connection: add a few functions to report the data and xprt layers' names - MINOR: connection: add names for transport and data layers - REORG: cli: split dumpstats.c in src/cli.c and src/stats.c - REORG: cli: split dumpstats.h in stats.h and cli.h - REORG: cli: move ssl CLI functions to ssl_sock.c - REORG: cli: move map and acl code to map.c - REORG: cli: move show stat resolvers to dns.c - MINOR: cli: create new function cli_has_level() to validate permissions - MINOR: server: create new function cli_find_server() to find a server - MINOR: proxy: create new function cli_find_frontend() to find a frontend - REORG: cli: move 'set server' to server.c - REORG: cli: move 'show pools' to memory.c - REORG: cli: move 'show servers' to proxy.c - REORG: cli: move 'show sess' to stream.c - REORG: cli: move 'show backend' to proxy.c - REORG: cli: move get/set weight to server.c - REORG: cli: move "show stat" to stats.c - REORG: cli: move "show info" to stats.c - REORG: cli: move dump_text(), dump_text_line(), and dump_binary() to standard.c - REORG: cli: move table dump/clear/set to stick_table.c - REORG: cli: move "show errors" out of cli.c - REORG: cli: make "show env" also use the generic keyword registration - REORG: cli: move "set timeout" to its own handler - REORG: cli: move "clear counters" to stats.c - REORG: cli: move "set maxconn global" to its own handler - REORG: cli: move "set maxconn server" to server.c - REORG: cli: move "set maxconn frontend" to proxy.c - REORG: cli: move "shutdown sessions server" to stream.c - REORG: cli: move "shutdown session" to stream.c - REORG: cli: move "shutdown frontend" to proxy.c - REORG: cli: move "{enable|disable} frontend" to proxy.c - REORG: cli: move "{enable|disable} server" to server.c - REORG: cli: move "{enable|disable} health" to server.c - REORG: cli: move "{enable|disable} agent" to server.c - REORG: cli: move the "set rate-limit" functions to their own parser - CLEANUP: cli: rename STAT_CLI_* to CLI_ST_* - CLEANUP: cli: simplify the request parser a little bit - CLEANUP: cli: remove assignments to st0 and st2 in keyword parsers - BUILD: server: remove a build warning introduced by latest series - BUG/MINOR: log-format: uncatched memory allocation functions - CLEANUP: log-format: useless file and line in json converter - CLEANUP/MINOR: log-format: unexport functions parse_logformat_var_args() and parse_logformat_var() - CLEANUP: log-format: fix return code of the function parse_logformat_var() - CLEANUP: log-format: fix return code of function parse_logformat_var_args() - CLEANUP: log-format: remove unused arguments - MEDIUM: log-format: strict parsing and enable fail - MEDIUM: log-format/conf: take into account the parse_logformat_string() return code - BUILD: ssl: make the SSL layer build again with openssl 0.9.8 - BUILD: vars: remove a build warning on vars.c - MINOR: lua: add utility function for check boolean argument - MINOR: lua: Add tokenize function. - BUG/MINOR: conf: calloc untested - MINOR: http/conf: store the use_backend configuration file and line for logs - MEDIUM: log-format: Use standard HAProxy log system to report errors - CLEANUP: sample: report "converter" instead of "conv method" in error messages - BUG: spoe: Fix parsing of SPOE actions in ACK frames - MINOR: cli: make "show stat" support a proxy name - MINOR: cli: make "show errors" support a proxy name - MINOR: cli: make "show errors" capable of dumping only request or response - BUG/MINOR: freq-ctr: make swrate_add() support larger values - CLEANUP: counters: move from 3 types to 2 types - CLEANUP: cfgparse: cascade the warnif_misplaced_* rules - REORG: tcp-rules: move tcp rules processing to their own file - REORG: stkctr: move all the stick counters processing to stick-tables.c - DOC: update the roadmap file with the latest changes 2016/11/09 : 1.7-dev6 - DOC: fix the entry for hash-balance-factor config option - DOC: Fix typo in description of `-st` parameter in man page - CLEANUP: cfgparse: Very minor spelling correction - MINOR: examples: Update haproxy.spec URLs to haproxy.org - BUG/MEDIUM: peers: on shutdown, wake up the appctx, not the stream - BUG/MEDIUM: peers: fix use after free in peer_session_create() - MINOR: peers: make peer_session_forceshutdown() use the appctx and not the stream - MINOR: peers: remove the pointer to the stream - BUG/MEDIUM: systemd-wrapper: return correct exit codes - DOC: stats: provide state details for show servers state - MEDIUM: tools: make str2ip2() preserve existing ports - CLEANUP: tools: make ipcpy() preserve the original port - OPTIM: http: move all http character classs tables into a single one - OPTIM: http: improve parsing performance of long header lines - OPTIM: http: improve parsing performance of long URIs - OPTIM: http: optimize lookup of comma and quote in header values - BUG/MEDIUM: srv-state: properly restore the DRAIN state - BUG/MINOR: srv-state: allow to have both CMAINT and FDRAIN flags - MINOR: server: do not emit warnings/logs/alerts on server state changes at boot - BUG/MEDIUM: servers: properly propagate the maintenance states during startup - MEDIUM: wurfl: add Scientiamobile WURFL device detection module - DOC: move the device detection modules documentation to their own files - CLEANUP: wurfl: reduce exposure in the rest of the code - MEDIUM: ssl: Add support for OpenSSL 1.1.0 - MINOR: stream: make option contstats usable again - MEDIUM: tools: make str2sa_range() return the FQDN even when not resolving - MINOR: init: move apply_server_state in haproxy.c before MODE_CHECK - MAJOR: server: postpone address resolution - MINOR: new srv_admin flag: SRV_ADMF_RMAINT - MINOR: server: indicate in the logs when RMAINT is cleared - MINOR: stats: indicate it when a server is down due to resolution - MINOR: server: make srv_set_admin_state() capable of telling why this happens - MINOR: dns: implement extra 'hold' timers. - MAJOR: dns: runtime resolution can change server admin state - MEDIUM: cli: leave the RMAINT state when setting an IP address on the CLI - MEDIUM: server: add a new init-addr server line setting - MEDIUM: server: make use of init-addr - MINOR: server: implement init-addr none - MEDIUM: server: make libc resolution failure non-fatal - MINOR: server: add support for explicit numeric address in init-addr - DOC: add some documentation for the "init-addr" server keyword - MINOR: init: add -dr to ignore server address resolution failures - MEDIUM: server: do not restrict anymore usage of IP address from the state file - BUG: vars: Fix 'set-var' converter because of a typo - CLEANUP: remove last references to 'ruleset' section - MEDIUM: filters: Add attch/detach and stream_set_backend callbacks - MINOR: filters: Update filters documentation accordingly to recent changes - MINOR: filters: Call stream_set_backend callbacks before updating backend stats - MINOR: filters: Remove backend filters attached to a stream only for HTTP streams - MINOR: flt_trace: Add hexdump option to dump forwarded data - MINOR: cfgparse: Add functions to backup and restore registered sections - MINOR: cfgparse: Parse scope lines and save the last one parsed - REORG: sample: move code to release a sample expression in sample.c - MINOR: vars: Allow '.' in variable names - MINOR: vars: Add vars_set_by_name_ifexist function - MEDIUM: vars: Add a per-process scope for variables - MINOR: vars: Add 'unset-var' action/converter - MAJOR: spoe: Add an experimental Stream Processing Offload Engine - MINOR: spoe: add random ip-reputation service as SPOA example - MINOR: spoe/checks: Add support for SPOP health checks - DOC: update ROADMAP file 2016/10/25 : 1.7-dev5 - MINOR: cfgparse: few memory leaks fixes. - MEDIUM: log: Decompose %Tq in %Th %Ti %TR - CLEANUP: logs: remove unused log format field definitions - BUILD/MAJOR:updated 51d Trie implementation to incorperate latest update to 51Degrees.c - BUG/MAJOR: stream: properly mark the server address as unset on connect retry - CLEANUP: proto_http: Removing useless variable assignation - CLEANUP: dumpstats: Removing useless variables allocation - CLEANUP: dns: Removing usless variable & assignation - BUG/MINOR: payload: fix SSLv2 version parser - MINOR: cli: allow the semi-colon to be escaped on the CLI - MINOR: cli: change a server health check port through the stats socket - BUG/MINOR: Fix OSX compilation errors - MAJOR: check: find out which port to use for health check at run time - MINOR: server: introduction of 3 new server flags - MINOR: new update_server_addr_port() function to change both server's ADDR and service PORT - MINOR: cli: ability to change a server's port - CLEANUP/MINOR dns: comment do not follow up code update - MINOR: chunk: new strncat function - MINOR: dns: wrong DNS_MAX_UDP_MESSAGE value - MINOR: dns: new MAX values - MINOR: dns: new macro to compute DNS header size - MINOR: dns: new DNS structures to store received packets - MEDIUM: dns: new DNS response parser - MINOR: dns: query type change when last record is a CNAME - MINOR: dns: proper domain name validation when receiving DNS response - MINOR: dns: comments in types/dns.h about structures endianness - BUG/MINOR: displayed PCRE version is running release - MINOR: show Built with PCRE version - MINOR: show Running on zlib version - MEDIUM: make SO_REUSEPORT configurable - MINOR: enable IP_BIND_ADDRESS_NO_PORT on backend connections - BUG/MEDIUM: http/compression: Fix how chunked data are copied during the HTTP body parsing - BUG/MINOR: stats: report the correct conn_time in backend's html output - BUG/MEDIUM: dns: don't randomly crash on out-of-memory - MINOR: Add fe_req_rate sample fetch - MEDIUM: peers: Fix a peer stick-tables synchronization issue. - MEDIUM: cli: register CLI keywords with cli_register_kw() - BUILD: Make use of accept4() on OpenBSD. - MINOR: tcp: make set-src/set-src-port and set-dst/set-dst-port commutative - DOC: fix missed entry for "set-{src,dst}{,-port}" - BUG/MINOR: vars: use sess and not s->sess in action_store() - BUG/MINOR: vars: make smp_fetch_var() more robust against misuses - BUG/MINOR: vars: smp_fetch_var() doesn't depend on HTTP but on the session - MINOR: stats: output dcon - CLEANUP: tcp rules: mention everywhere that tcp-conn rules are L4 - MINOR: counters: add new fields for denied_sess - MEDIUM: tcp: add registration and processing of TCP L5 rules - MINOR: stats: emit dses - DOC: document tcp-request session - MINOR: ssl: add debug traces - BUILD/CLEANUP: ssl: Check BIO_reset() return code - BUG/MINOR: ssl: Check malloc return code - BUG/MINOR: ssl: prevent multiple entries for the same certificate - BUG/MINOR: systemd: make the wrapper return a non-null status code on error - BUG/MINOR: systemd: always restore signals before execve() - BUG/MINOR: systemd: check return value of calloc() - MINOR: systemd: report it when execve() fails - BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed - MINOR: proxy: add 'served' field to proxy, equal to total of all servers' - MINOR: backend: add hash-balance-factor option for hash-type consistent - MINOR: server: compute a "cumulative weight" to allow chash balancing to hit its target - MEDIUM: server: Implement bounded-load hash algorithm - SCRIPTS: make git-show-backports also dump a "git show" command - MINOR: build: Allow linking to device-atlas library file - MINOR: stats: Escape equals sign on socket dump 2016/08/14 : 1.7-dev4 - MINOR: add list_append_word function - MEDIUM: init: use list_append_word in haproxy.c - MEDIUM: init: allow directory as argument of -f - CLEANUP: config: detect double registration of a config section - MINOR: log: add the %Td log-format specifier - MEDIUM: filters: Move HTTP headers filtering in its own callback - MINOR: filters: Simplify calls to analyzers using 2 new macros - MEDIUM: filters: Add pre and post analyzer callbacks - DOC: filters: Update the filters documentation accordingly to recent changes - BUG/MEDIUM: init: don't use environment locale - SCRIPTS: teach git-show-backports how to report upstream commits - SCRIPTS: make git-show-backports capable of limiting its history - BUG/MAJOR: fix listening IP address storage for frontends - BUG/MINOR: fix listening IP address storage for frontends (cont) - DOC: Fix typo so fetch is properly parsed by Cyril's converter - BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes - BUG/MEDIUM: stick-tables: fix breakage in table converters - MINOR: stick-table: change all stick-table converters' inputs to SMP_T_ANY - BUG/MEDIUM: dns: unbreak DNS resolver after header fix - BUILD: fix build on Solaris 11 - BUG/MEDIUM: config: fix multiple declaration of section parsers - BUG/MEDIUM: stats: show servers state may show an servers from another backend - BUG/MEDIUM: fix risk of segfault with "show tls-keys" - MEDIUM: dumpstats: 'show tls-keys' is now able to show secrets - DOC: update doc about tls-tickets-keys dump - MEDIUM: tcp: add 'set-src' to 'tcp-request connection' - MINOR: set the CO_FL_ADDR_FROM_SET flags with 'set-src' - MEDIUM: tcp/http: add 'set-src-port' action - MEDIUM: tcp/http: new set-dst/set-dst-port actions - BUG/MEDIUM: sticktables: segfault in some configuration error cases - BUILD/MEDIUM: rebuild everything when an include file is changed - BUILD/MEDIUM: force a full rebuild if some build options change - BUG/MEDIUM: lua: converters doesn't work - BUG/MINOR: http: add-header: header name copied twice - BUG/MEDIUM: http: add-header: buffer overwritten - BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params() - MINOR: stream: export the function 'smp_create_src_stkctr' - BUG/MEDIUM: dumpstats: undefined behavior in stats_tlskeys_list() - MEDIUM: dumpstats: make stats_tlskeys_list() yield-aware during tls-keys dump - BUG/MINOR: http: url32+src should use the big endian version of url32 - BUG/MINOR: http: url32+src should check cli_conn before using it - DOC: http: add documentation for url32 and url32+src - BUG/MINOR: fix http-response set-log-level parsing error - MINOR: systemd: Use variable for config and pidfile paths - MINOR: systemd: Perform sanity check on config before reload - MEDIUM: ssl: support SNI filters with multicerts - MINOR: ssl: crt-list parsing factor - BUILD: ssl: fix typo causing a build failure in the multicert patch - MINOR: listener: add the "accept-netscaler-cip" option to the "bind" keyword - MINOR: tcp: add "tcp-request connection expect-netscaler-cip layer4" - BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual limits - BUG/MINOR: init: ensure that FD limit is raised to the max allowed - BUG/MEDIUM: external-checks: close all FDs right after the fork() - BUG/MAJOR: external-checks: use asynchronous signal delivery - BUG/MINOR: external-checks: do not unblock undesired signals - CLEANUP: external-check: don't block/unblock SIGCHLD when manipulating the list - BUG/MEDIUM: filters: Fix data filtering when data are modified - BUG/MINOR: filters: Fix HTTP parsing when a filter loops on data forwarding - BUG/MINOR: srv-state: fix incorrect output of state file - BUG/MINOR: ssl: close ssl key file on error - BUG/MINOR: http: fix misleading error message for response captures - BUG/BUILD: don't automatically run "make" on "make install" - DOC: add missing doc for http-request deny [deny_status ] - CLEANUP: dumpstats: u64 field is an unsigned type. - BUG/MEDIUM: http: unbreak uri/header/url_param hashing - BUG/MINOR: Rework slightly commit 9962f8fc to clean code and avoid mistakes - MINOR: new function my_realloc2 = realloc + free upon failure - CLEANUP: fixed some usages of realloc leading to memory leak - Revert "BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()" - CLEANUP: connection: using internal struct to hold source and dest port. - DOC: spelling fixes - BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params() - BUG/MEDIUM: dns: fix alignment issues in the DNS response parser - BUG/MINOR: Fix endiness issue in DNS header creation code - BUG/MEDIUM: lua: the function txn_done() from sample fetches can crash - BUG/MEDIUM: lua: the function txn_done() from action wrapper can crash - MEDIUM: http: implement http-response track-sc* directive - BUG/MINOR: peers: Fix peers data decoding issue - BUG/MINOR: peers: don't count track-sc multiple times on errors - MINOR: standard: add function "escape_string" - BUG/MEDIUM: log: use function "escape_string" instead of "escape_chunk" - MINOR: tcp: Return TCP statistics like RTT and RTT variance - DOC: lua: remove old functions - BUG/MEDIUM: lua: somme HTTP manipulation functions are called without valid requests - DOC: fix json converter example and error message - BUG/MEDIUM: stream-int: completely detach connection on connect error - DOC: minor typo fixes to improve HTML parsing by haproxy-dconv - BUILD: make proto_tcp.c compatible with musl library - BUG/MAJOR: compression: initialize avail_in/next_in even during flush - BUG/MEDIUM: samples: make smp_dup() always duplicate the sample - MINOR: sample: implement smp_is_safe() and smp_make_safe() - MINOR: sample: provide smp_is_rw() and smp_make_rw() - BUG/MAJOR: server: the "sni" directive could randomly cause trouble - BUG/MEDIUM: stick-tables: do not fail on string keys with no allocated size - BUG/MEDIUM: stick-table: properly convert binary samples to keys - MINOR: sample: use smp_make_rw() in upper/lower converters - MINOR: tcp: add dst_is_local and src_is_local - BUG/MINOR: peers: some updates are pushed twice after a resync. - BUILD: protocol: fix some build errors on OpenBSD - BUILD: log: iovec requires to include sys/uio.h on OpenBSD - BUILD: tcp: do not include netinet/ip.h for IP_TTL - BUILD: connection: fix build breakage on openbsd due to missing in_systm.h - BUILD: checks: remove the last strcat and eliminate a warning on OpenBSD - BUILD: tcp: define SOL_TCP when only IPPROTO_TCP exists - BUILD: compression: remove a warning when no compression lib is used - BUILD: poll: remove unused hap_fd_isset() which causes a warning with clang - MINOR: tcp: add further tcp info fetchers - BUG/MINOR: peers: empty chunks after a resync. - BUG/MAJOR: stick-counters: possible crash when using sc_trackers with wrong table - MINOR: standard.c: ipcmp() function to compare 2 IP addresses stored in 2 struct sockaddr_storage - MINOR: standard.c: ipcpy() function to copy an IP address from a struct sockaddr_storage into an other one - MAJOR: listen section: don't use first bind port anymore when no server ports are provided 2016/05/10 : 1.7-dev3 - MINOR: sample: Moves ARGS underlying type from 32 to 64 bits. - BUG/MINOR: log: Don't use strftime() which can clobber timezone if chrooted - BUILD: namespaces: fix a potential build warning in namespaces.c - MINOR: da: Using ARG12 macro for the sample fetch and the convertor. - DOC: add encoding to json converter example - BUG/MINOR: conf: "listener id" expects integer, but its not checked - DOC: Clarify tunes.vars.xxx-max-size settings - CLEANUP: chunk: adding NULL check to chunk_dup allocation. - CLEANUP: connection: fix double negation on memcmp() - BUG/MEDIUM: peers: fix incorrect age in frequency counters - BUG/MEDIUM: Fix RFC5077 resumption when more than TLS_TICKETS_NO are present - BUG/MAJOR: Fix crash in http_get_fhdr with exactly MAX_HDR_HISTORY headers - BUG/MINOR: lua: can't load external libraries - BUG/MINOR: prevent the dump of uninitialized vars - CLEANUP: map: it seems that the map were planed to be chained - MINOR: lua: move class registration facilities - MINOR: lua: remove some useless checks - CLEANUP: lua: Remove two same functions - MINOR: lua: refactor the Lua object registration - MINOR: lua: precise message when a critical error is catched - MINOR: lua: post initialization - MINOR: lua: Add internal function which strip spaces - MINOR: lua: convert field to lua type - DOC: "addr" parameter applies to both health and agent checks - DOC: timeout client: pointers to timeout http-request - DOC: typo on stick-store response - DOC: stick-table: amend paragraph blaming the loss of table upon reload - DOC: typo: ACL subdir match - DOC: typo: maxconn paragraph is wrong due to a wrong buffer size - DOC: regsub: parser limitation about the inability to use closing square brackets - DOC: typo: req.uri is now replaced by capture.req.uri - DOC: name set-gpt0 mismatch with the expected keyword - MINOR: http: sample fetch which returns unique-id - MINOR: dumpstats: extract stats fields enum and names - MINOR: dumpstats: split stats_dump_info_to_buffer() in two parts - MINOR: dumpstats: split stats_dump_fe_stats() in two parts - MINOR: dumpstats: split stats_dump_li_stats() in two parts - MINOR: dumpstats: split stats_dump_sv_stats() in two parts - MINOR: dumpstats: split stats_dump_be_stats() in two parts - MINOR: lua: dump general info - MINOR: lua: add class proxy - MINOR: lua: add class server - MINOR: lua: add class listener - BUG/MEDIUM: stick-tables: some sample-fetch doesn't work in the connection state. - MEDIUM: proxy: use dynamic allocation for error dumps - CLEANUP: remove unneeded casts - CLEANUP: uniformize last argument of malloc/calloc - DOC: fix "needed" typo - BUG/MINOR: dumpstats: fix write to global chunk - BUG/MINOR: dns: inapropriate way out after a resolution timeout - BUG/MINOR: dns: trigger a DNS query type change on resolution timeout - CLEANUP: proto_http: few corrections for gcc warnings. - BUG/MINOR: DNS: resolution structure change - BUG/MINOR : allow to log cookie for tarpit and denied request - BUG/MEDIUM: ssl: rewind the BIO when reading certificates - OPTIM/MINOR: session: abort if possible before connecting to the backend - DOC: http: rename the unique-id sample and add the documentation - BUG/MEDIUM: trace.c: rdtsc() is defined in two files - BUG/MEDIUM: channel: fix miscalculation of available buffer space (2nd try) - BUG/MINOR: server: risk of over reading the pref_net array. - BUG/MINOR: cfgparse: couple of small memory leaks. - BUG/MEDIUM: sample: initialize the pointer before parse_binary call. - DOC: fix discrepancy in the example for http-request redirect - MINOR: acl: Add predefined METH_DELETE, METH_PUT - CLEANUP: .gitignore cleanup - DOC: Clarify IPv4 address / mask notation rules - CLEANUP: fix inconsistency between fd->iocb, proto->accept and accept() - BUG/MEDIUM: fix maxaccept computation on per-process listeners - BUG/MINOR: listener: stop unbound listeners on startup - BUG/MINOR: fix maxaccept computation according to the frontend process range - TESTS: add blocksig.c to run tests with all signals blocked - MEDIUM: unblock signals on startup. - MINOR: filters: Print the list of existing filters during HA startup - MINOR: filters: Typo in an error message - MINOR: filters: Filters must define the callbacks struct during config parsing - DOC: filters: Add filters documentation - BUG/MEDIUM: channel: don't allow to overwrite the reserve until connected - BUG/MEDIUM: channel: incorrect polling condition may delay event delivery - BUG/MEDIUM: channel: fix miscalculation of available buffer space (3rd try) - BUG/MEDIUM: log: fix risk of segfault when logging HTTP fields in TCP mode - MINOR: Add ability for agent-check to set server maxconn - CLEANUP: Use server_parse_maxconn_change_request for maxconn CLI updates - MINOR: filters: add opaque data - BUG/MEDIUM: lua: protects the upper boundary of the argument list for converters/fetches. - MINOR: lua: migrate the argument mask to 64 bits type. - BUG/MINOR: dumpstats: Fix the "Total bytes saved" counter in backends stats - BUG/MINOR: log: fix a typo that would cause %HP to log - BUG/MEDIUM: http: fix incorrect reporting of server errors - MINOR: channel: add new function channel_congested() - BUG/MEDIUM: http: fix risk of CPU spikes with pipelined requests from dead client - BUG/MAJOR: channel: fix miscalculation of available buffer space (4th try) - BUG/MEDIUM: stream: ensure the SI_FL_DONT_WAKE flag is properly cleared - BUG/MEDIUM: channel: fix inconsistent handling of 4GB-1 transfers - BUG/MEDIUM: stats: show servers state may show an empty or incomplete result - BUG/MEDIUM: stats: show backend may show an empty or incomplete result - MINOR: stats: fix typo in help messages - MINOR: stats: show stat resolvers missing in the help message - BUG/MINOR: dns: fix DNS header definition - BUG/MEDIUM: dns: fix alignment issue when building DNS queries - CLEANUP: don't ignore scripts in .gitignore - BUILD: add a few release and backport scripts in scripts/ 2016/03/14 : 1.7-dev2 - DOC: lua: fix lua API - DOC: mailers: typo in 'hostname' description - DOC: compression: missing mention of libslz for compression algorithm - BUILD/MINOR: regex: missing header - BUG/MINOR: stream: bad return code - DOC: lua: fix somme errors and add implicit types - MINOR: lua: add set/get priv for applets - BUG/MINOR: http: fix several off-by-one errors in the url_param parser - BUG/MINOR: http: Be sure to process all the data received from a server - MINOR: filters/http: Use a wrapper function instead of stream_int_retnclose - BUG/MINOR: chunk: make chunk_dup() always check and set dst->size - DOC: ssl: fixed some formatting errors in crt tag - MINOR: chunks: ensure that chunk_strcpy() adds a trailing zero - MINOR: chunks: add chunk_strcat() and chunk_newstr() - MINOR: chunk: make chunk_initstr() take a const string - MEDIUM: tools: add csv_enc_append() to preserve the original chunk - MINOR: tools: make csv_enc_append() always start at the first byte of the chunk - MINOR: lru: new function to delete least recently used keys - DOC: add Ben Shillito as the maintainer of 51d - BUG/MINOR: 51d: Ensures a unique domain for each configuration - BUG/MINOR: 51d: Aligns Pattern cache implementation with HAProxy best practices. - BUG/MINOR: 51d: Releases workset back to pool. - BUG/MINOR: 51d: Aligned const pointers to changes in 51Degrees. - CLEANUP: 51d: Aligned if statements with HAProxy best practices and removed casts from malloc. - MINOR: rename master process name in -Ds (systemd mode) - DOC: fix a few spelling mistakes - DOC: fix "workaround" spelling - BUG/MINOR: examples: Fixing haproxy.spec to remove references to .cfg files - MINOR: fix the return type for dns_response_get_query_id() function - MINOR: server state: missing LF (\n) on error message printed when parsing server state file - BUG/MEDIUM: dns: no DNS resolution happens if no ports provided to the nameserver - BUG/MAJOR: servers state: server port is erased when dns resolution is enabled on a server - BUG/MEDIUM: servers state: server port is used uninitialized - BUG/MEDIUM: config: Adding validation to stick-table expire value. - BUG/MEDIUM: sample: http_date() doesn't provide the right day of the week - BUG/MEDIUM: channel: fix miscalculation of available buffer space. - MEDIUM: pools: add a new flag to avoid rounding pool size up - BUG/MEDIUM: buffers: do not round up buffer size during allocation - BUG/MINOR: stream: don't force retries if the server is DOWN - BUG/MINOR: counters: make the sc-inc-gpc0 and sc-set-gpt0 touch the table - MINOR: unix: don't mention free ports on EAGAIN - BUG/CLEANUP: CLI: report the proper field states in "show sess" - MINOR: stats: send content-length with the redirect to allow keep-alive - BUG: stream_interface: Reuse connection even if the output channel is empty - DOC: remove old tunnel mode assumptions - BUG/MAJOR: http-reuse: fix risk of orphaned connections - BUG/MEDIUM: http-reuse: do not share private connections across backends - BUG/MINOR: ssl: Be sure to use unique serial for regenerated certificates - BUG/MINOR: stats: fix missing comma in stats on agent drain - MAJOR: filters: Add filters support - MINOR: filters: Do not reset stream analyzers if the client is gone - REORG: filters: Prepare creation of the HTTP compression filter - MAJOR: filters/http: Rewrite the HTTP compression as a filter - MEDIUM: filters: Use macros to call filters callbacks to speed-up processing - MEDIUM: filters: remove http_start_chunk, http_last_chunk and http_chunk_end - MEDIUM: filters: Replace filter_http_headers callback by an analyzer - MEDIUM: filters/http: Move body parsing of HTTP messages in dedicated functions - MINOR: filters: Add stream_filters structure to hide filters info - MAJOR: filters: Require explicit registration to filter HTTP body and TCP data - MINOR: filters: Remove unused or useless stuff and do small optimizations - MEDIUM: filters: Optimize the HTTP compression for chunk encoded response - MINOR: filters/http: Slightly update the parsing of chunks - MINOR: filters/http: Forward remaining data when a channel has no "data" filters - MINOR: filters: Add an filter example - MINOR: filters: Extract proxy stuff from the struct filter - MINOR: map: Add regex matching replacement - BUG/MINOR: lua: unsafe initialization - DOC: lua: fix somme errors - MINOR: lua: file dedicated to unsafe functions - MINOR: lua: add "now" time function - MINOR: standard: add RFC HTTP date parser - MINOR: lua: Add date functions - MINOR: lua: move common function - MINOR: lua: merge function - MINOR: lua: Add concat class - MINOR: standard: add function "escape_chunk" - MEDIUM: log: add a new log format flag "E" - DOC: add server name at rate-limit sessions example - BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation - BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation - DOC: LUA: fix some typos and syntax errors - MINOR: cli: add a new "show env" command - MEDIUM: config: allow to manipulate environment variables in the global section - MEDIUM: cfgparse: reject incorrect 'timeout retry' keyword spelling in resolvers - MINOR: mailers: increase default timeout to 10 seconds - MINOR: mailers: use for all line endings - BUG/MAJOR: lua: segfault using Concat object - DOC: lua: copyrights - MINOR: common: mask conversion - MEDIUM: dns: extract options - MEDIUM: dns: add a "resolve-net" option which allow to prefer an ip in a network - MINOR: mailers: make it possible to configure the connection timeout - BUG/MAJOR: lua: applets can't sleep. - BUG/MINOR: server: some prototypes are renamed - BUG/MINOR: lua: Useless copy - BUG/MEDIUM: stats: stats bind-process doesn't propagate the process mask correctly - BUG/MINOR: server: fix the format of the warning on address change - CLEANUP: server: add "const" to some message strings - MINOR: server: generalize the "updater" source - BUG/MEDIUM: chunks: always reject negative-length chunks - BUG/MINOR: systemd: ensure we don't miss signals - BUG/MINOR: systemd: report the correct signal in debug message output - BUG/MINOR: systemd: propagate the correct signal to haproxy - MINOR: systemd: ensure a reload doesn't mask a stop - BUG/MEDIUM: cfgparse: wrong argument offset after parsing server "sni" keyword - CLEANUP: stats: Avoid computation with uninitialized bits. - CLEANUP: pattern: Ignore unknown samples in pat_match_ip(). - CLEANUP: map: Avoid memory leak in out-of-memory condition. - BUG/MINOR: tcpcheck: fix incorrect list usage resulting in failure to load certain configs - BUG/MAJOR: samples: check smp->strm before using it - MINOR: sample: add a new helper to initialize the owner of a sample - MINOR: sample: always set a new sample's owner before evaluating it - BUG/MAJOR: vars: always retrieve the stream and session from the sample - CLEANUP: payload: remove useless and confusing nullity checks for channel buffer - BUG/MINOR: ssl: fix usage of the various sample fetch functions - MINOR: stats: create fields types suitable for all CSV output data - MINOR: stats: add all the "show info" fields in a table - MEDIUM: stats: fill all the show info elements prior to displaying them - MINOR: stats: add a function to emit fields into a chunk - MINOR: stats: add stats_dump_info_fields() to dump one field per line - MEDIUM: stats: make use of stats_dump_info_fields() for "show info" - MINOR: stats: add a declaration of all stats fields - MINOR: stats: don't hard-code the CSV fields list anymore - MINOR: stats: create stats fields storage and CSV dump function - MEDIUM: stats: convert stats_dump_fe_stats() to use stats_dump_fields_csv() - MEDIUM: stats: make stats_dump_fe_stats() use stats fields for HTML dump - MEDIUM: stats: convert stats_dump_li_stats() to use stats_dump_fields_csv() - MEDIUM: stats: make stats_dump_li_stats() use stats fields for HTML dump - MEDIUM: stats: convert stats_dump_be_stats() to use stats_dump_fields_csv() - MEDIUM: stats: make stats_dump_be_stats() use stats fields for HTML dump - MEDIUM: stats: convert stats_dump_sv_stats() to use stats_dump_fields_csv() - MEDIUM: stats: make stats_dump_sv_stats() use the stats field for HTML - MEDIUM: stats: move the server state coloring logic to the server dump function - MINOR: stats: do not use srv->admin & STATS_ADMF_MAINT in HTML dumps - MINOR: stats: do not check srv->state for SRV_ST_STOPPED in HTML dumps - MINOR: stats: make CSV report server check status only when enabled - MINOR: stats: only report backend's down time if it has servers - MINOR: stats: prepend '*' in front of the check status when in progress - MINOR: stats: make HTML stats dump rely on the table for the check status - MINOR: stats: add agent_status, agent_code, agent_duration to output - MINOR: stats: add check_desc and agent_desc to the output fields - MINOR: stats: add check and agent's health values in the output - MEDIUM: stats: make the HTML server state dump use the CSV states - MEDIUM: stats: only report observe errors when observe is set - MEDIUM: stats: expose the same flags for CLI and HTTP accesses - MEDIUM: stats: report server's address in the CSV output - MEDIUM: stats: report the cookie value in the server & backend CSV dumps - MEDIUM: stats: compute the color code only in the HTML form - MEDIUM: stats: report the listeners' address in the CSV output - MEDIUM: stats: make it possible to report the WAITING state for listeners - REORG: stats: dump the frontend's HTML stats via a generic function - REORG: stats: dump the socket stats via the generic function - REORG: stats: dump the server stats via the generic function - REORG: stats: dump the backend stats via the generic function - MEDIUM: stats: add a new "mode" column to report the proxy mode - MINOR: stats: report the load balancing algorithm in CSV output - MINOR: stats: add 3 fields to report the frontend-specific connection stats - MINOR: stats: report number of intercepted requests for frontend and backends - MINOR: stats: introduce stats_dump_one_line() to dump one stats line - CLEANUP: stats: make stats_dump_fields_html() not rely on proxy anymore - MINOR: stats: add ST_SHOWADMIN to pass the admin info in the regular flags - MINOR: stats: make stats_dump_fields_html() not use &trash by default - MINOR: stats: add functions to emit typed fields into a chunk - MEDIUM: stats: support "show info typed" on the CLI - MEDIUM: stats: implement a typed output format for stats - DOC: document the "show info typed" and "show stat typed" output formats - MINOR: cfgparse: warn when uid parameter is not a number - MINOR: cfgparse: warn when gid parameter is not a number - BUG/MINOR: standard: Avoid free of non-allocated pointer - BUG/MINOR: pattern: Avoid memory leak on out-of-memory condition - CLEANUP: http: fix a build warning introduced by a recent fix - BUG/MINOR: log: GMT offset not updated when entering/leaving DST 2015/12/20 : 1.7-dev1 - DOC: specify that stats socket doc (section 9.2) is in management - BUILD: install only relevant and existing documentation - CLEANUP: don't ignore debian/ directory if present - BUG/MINOR: dns: parsing error of some DNS response - BUG/MEDIUM: namespaces: don't fail if no namespace is used - BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is disabled - MEDIUM: dns: Don't use the ANY query type - BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL < 1.0.0 - DOC: fix a typo for a "deviceatlas" keyword - FIX: small typo in an example using the "Referer" header - MINOR: cli: ability to set per-server maxconn - DEBUG/MINOR: memory: add a build option to disable memory pools sharing - DEBUG/MEDIUM: memory: optionally protect free data in pools - DEBUG/MEDIUM: memory: add optional control pool memory operations - MEDIUM: memory: add accounting for failed allocations - BUG/MEDIUM: config: count memory limits on 64 bits, not 32 - BUG/MAJOR: dns: first DNS response packet not matching queried hostname may lead to a loop - BUG/MINOR: dns: unable to parse CNAMEs response - BUG/MINOR: examples/haproxy.init: missing brace in quiet_check() - DOC: deviceatlas: more example use cases. - MINOR: config: allow IPv6 bracketed literals - BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin. - BUILD: add Haiku as supported target. - BUG/MAJOR: http: don't requeue an idle connection that is already queued - DOC: typo on capture.res.hdr and capture.req.hdr - BUG/MINOR: dns: check for duplicate nameserver id in a resolvers section was missing - CLEANUP: use direction names in place of numeric values - BUG/MEDIUM: lua: sample fetches based on response doesn't work - MINOR: check: add agent-send server parameter - BUG/MINOR: http rule: http capture 'id' rule points to a non existing id - BUG/MINOR: server: check return value of fgets() in apply_server_state() - BUG/MINOR: acl: don't use record layer in req_ssl_ver - BUILD: freebsd: double declaration - BUG/MEDIUM: lua: clean output buffer - BUILD: check for libressl to be able to build against it - DOC: lua-api/index.rst small example fixes, spelling correction. - DOC: lua: architecture and first steps - DOC: relation between timeout http-request and option http-buffer-request - BUILD: Make deviceatlas require PCRE - BUG: http: do not abort keep-alive connections on server timeout - BUG/MEDIUM: http: switch the request channel to no-delay once done. - BUG/MINOR: lua: don't force-sslv3 LUA's SSL socket - BUILD/MINOR: http: proto_http.h needs sample.h - BUG/MEDIUM: http: don't enable auto-close on the response side - BUG/MEDIUM: stream: fix half-closed timeout handling - CLEANUP: compression: don't allocate DEFAULT_MAXZLIBMEM without USE_ZLIB - BUG/MEDIUM: cli: changing compression rate-limiting must require admin level - BUG/MEDIUM: sample: urlp can't match an empty value - BUILD: dumpstats: silencing warning for printf format specifier / time_t - CLEANUP: proxy: calloc call inverted arguments - MINOR: da: silent logging by default and displaying DeviceAtlas support if built. - BUG/MEDIUM: da: stop DeviceAtlas processing in the convertor if there is no input. - DOC: Edited 51Degrees section of README/ - BUG/MEDIUM: checks: email-alert not working when declared in defaults - BUG/MINOR: checks: email-alert causes a segfault when an unknown mailers section is configured - BUG/MINOR: checks: typo in an email-alert error message - BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and last rule is a CONNECT with no port - BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and first rule(s) is (are) COMMENT - BUG/MEDIUM: http: fix http-reuse when frontend and backend differ - DOC: prefer using http-request/response over reqXXX/rspXXX directives - CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro. - MINOR: ssl: Added cert_key_and_chain struct - MEDIUM: ssl: Added support for creating SSL_CTX with multiple certs - MINOR: ssl: Added multi cert support for crt-list config keyword - MEDIUM: ssl: Added multi cert support for loading crt directories - MEDIUM: ssl: Added support for Multi-Cert OCSP Stapling - BUILD: ssl: set SSL_SOCK_NUM_KEYTYPES with openssl < 1.0.2 - MINOR: config: make tune.recv_enough configurable - BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced - DOC: ssl: Adding docs for Multi-Cert bundling - BUG/MEDIUM: peers: table entries learned from a remote are pushed to others after a random delay. - BUG/MEDIUM: peers: old stick table updates could be repushed. - MINOR: lua: service/applet can have access to the HTTP headers when a POST is received - REORG/MINOR: lua: convert boolean "int" to bitfield - BUG/MEDIUM: lua: Lua applets must not fetch samples using http_txn - BUG/MINOR: lua: Lua applets must not use http_txn - BUG/MEDIUM: lua: Forbid HTTP applets from being called from tcp rulesets - BUG/MAJOR: lua: Do not force the HTTP analysers in use-services - CLEANUP: lua: bad error messages - CONTRIB: initiate a debugging suite to make debugging easier 2015/10/13 : 1.7-dev0 - exact copy of 1.6.0 2015/10/13 : 1.6.0 - BUG/MINOR: Handle interactive mode in cli handler - DOC: global section missing parameters - DOC: backend section missing parameters - DOC: stats paramaters available in frontend - MINOR: lru: do not allocate useless memory in lru64_lookup - BUG/MINOR: http: Add OPTIONS in supported http methods (found by find_http_meth) - BUG/MINOR: ssl: fix management of the cache where forged certificates are stored - MINOR: ssl: Release Servers SSL context when HAProxy is shut down - MINOR: ssl: Read the file used to generate certificates in any order - MINOR: ssl: Add support for EC for the CA used to sign generated certificates - MINOR: ssl: Add callbacks to set DH/ECDH params for generated certificates - BUG/MEDIUM: logs: fix time zone offset format in RFC5424 - BUILD: Fix the build on OSX (htonll/ntohll) - BUILD: enable build on Linux/s390x - BUG/MEDIUM: lua: direction test failed - MINOR: lua: fix a spelling error in some error messages - CLEANUP: cli: ensure we can never double-free error messages - BUG/MEDIUM: lua: force server-close mode on Lua services - MEDIUM: init: support more command line arguments after pid list - MEDIUM: init: support a list of files on the command line - MINOR: debug: enable memory poisonning to use byte 0 - BUILD: ssl: fix build error introduced by recent commit - BUG/MINOR: config: make the stats socket pass the correct proxy to the parsers - MEDIUM: server: implement TCP_USER_TIMEOUT on the server - DOC: mention the "namespace" options for bind and server lines - DOC: add the "management" documentation - DOC: move the stats socket documentation from config to management - MINOR: examples: update haproxy.spec to mention new docs - DOC: mention management.txt in README - DOC: remove haproxy-{en,fr}.txt - BUILD: properly report when USE_ZLIB and USE_SLZ are used together - MINOR: init: report use of libslz instead of "no compression" - CLEANUP: examples: remove some obsolete and confusing files - CLEANUP: examples: remove obsolete configuration file samples - CLEANUP: examples: fix the example file content-sw-sample.cfg - CLEANUP: examples: update sample file option-http_proxy.cfg - CLEANUP: examples: update sample file ssl.cfg - CLEANUP: tests: move a test file from examples/ to tests/ - CLEANUP: examples: shut up warnings in transparent proxy example - CLEANUP: tests: removed completely obsolete test files - DOC: update ROADMAP to remove what was done in 1.6 - BUG/MEDIUM: pattern: fixup use_after_free in the pat_ref_delete_by_id 2015/10/06 : 1.6-dev7 - MINOR: cli: Dump all resolvers stats if no resolver section is given - BUG: config: external-check command validation is checking for incorrect arguments. - DOC: documentation format cleanups - DOC: lua: few typos. - BUG/MEDIUM: str2ip: make getaddrinfo() consider local address selection policy - BUG/MEDIUM: logs: segfault writing to log from Lua - DOC: fix lua use-service example - MINOR: payload: add support for tls session ticket ext - MINOR: lua: remove the run flag - MEDIUM: lua: change the timeout execution - MINOR: lua: rename the tune.lua.applet-timeout - DOC: lua: update Lua doc - DOC: lua: update doc according with the last Lua changes - MINOR: http/tcp: fill the avalaible actions - DOC: reorder misplaced res.ssl_hello_type in the doc - BUG/MINOR: tcp: make silent-drop always force a TCP reset - CLEANUP: tcp: silent-drop: only drain the connection when quick-ack is disabled - BUILD: tcp: use IPPROTO_IP when SOL_IP is not available - BUILD: server: fix build warnings introduced by load-server-state - BUG/MEDIUM: server: fix misuse of format string in load-server-state's warnings 2015/09/28 : 1.6-dev6 - BUG/MAJOR: can't enable a server through the stat socket - MINOR: server: Macro definition for server-state - MINOR: cli: new stats socket command: show servers state - DOC: stats socket command: show servers state - MINOR: config: new global directive server-state-base - DOC: global directive server-state-base - MINOR: config: new global section directive: server-state-file - DOC: new global directive: server-state-file - MINOR: config: new backend directives: load-server-state-from-file and server-state-file-name - DOC: load-server-state-from-file - MINOR: init: server state loaded from file - MINOR: server: startup slowstart task when using seamless reload of HAProxy - MINOR: cli: new stats socket command: show backend - DOC: servers state seamless reload example - BUG: dns: can't connect UDP socket on FreeBSD - MINOR: cfgparse: New function cfg_unregister_sections() - MINOR: chunk: New function free_trash_buffers() - BUG/MEDIUM: main: Freeing a bunch of static pointers - MINOR: proto_http: Externalisation of previously internal functions - MINOR: global: Few new struct fields for da module - MAJOR: da: Update of the DeviceAtlas API module - DOC: DeviceAtlas new keywords - DOC: README: DeviceAtlas sample configuration updates - MEDIUM: log: replace sendto() with sendmsg() in __send_log() - MEDIUM: log: use a separate buffer for the header and for the message - MEDIUM: logs: remove the hostname, tag and pid part from the logheader - MEDIUM: logs: add support for RFC5424 header format per logger - MEDIUM: logs: add a new RFC5424 log-format for the structured-data - DOC: mention support for the RFC5424 syslog message format - MEDIUM: logs: have global.log_send_hostname not contain the trailing space - MEDIUM: logs: pass the trailing "\n" as an iovec - BUG/MEDIUM: peers: some table updates are randomly not pushed. - BUG/MEDIUM: peers: same table updates re-pushed after a re-connect - BUG/MINOR: fct peer_prepare_ackmsg should not use trash. - MINOR: http: made CHECK_HTTP_MESSAGE_FIRST accessible to other functions - MINOR: global: Added new fields for 51Degrees device detection - DOC: Added more explanation for 51Degrees V3.2 - BUILD: Changed 51Degrees option to support V3.2 - MAJOR: 51d: Upgraded to support 51Degrees V3.2 and new features - MINOR: 51d: Improved string handling for LRU cache - DOC: add references to rise/fall for the fastinter explanation - MINOR: support cpu-map feature through the compile option USE_CPU_AFFINITY on FreeBSD - BUG/MAJOR: lua: potential unexpected aborts() - BUG/MINOR: lua: breaks the log message if his size exceed one buffer - MINOR: action: add private configuration - MINOR: action: add reference to the original keywork matched for the called parser. - MINOR: lua: change actions registration - MEDIUM: proto_http: smp_prefetch_http initialize txn - MINOR: channel: rename function chn_sess to chn_strm - CLEANUP: lua: align defines - MINOR: http: export http_get_path() function - MINOR: http: export the get_reason() function - MINOR: http: export function http_msg_analyzer() - MINOR: http: split initialization - MINOR: lua: reset pointer after use - MINOR: lua: identify userdata objects - MEDIUM: lua: use the function lua_rawset in place of lua_settable - BUG/MAJOR: lua: segfault after the channel data is modified by some Lua action. - CLEANUP: lua: use calloc in place of malloc - BUG/MEDIUM: lua: longjmp function must be unregistered - BUG/MEDIUM: lua: forces a garbage collection - BUG/MEDIUM: lua: wakeup task on bad conditions - MINOR: standard: avoid DNS resolution from the function str2sa_range() - MINOR: lua: extend socket address to support non-IP families - MINOR: lua/applet: the cosocket applet should use appctx_wakeup in place of task_wakeup - BUG/MEDIUM: lua: socket destroy before reading pending data - MEDIUM: lua: change the GC policy - OPTIM/MEDIUM: lua: executes the garbage collector only when using cosocket - BUG/MEDIUM: lua: don't reset undesired flags in hlua_ctx_resume - MINOR: applet: add init function - MINOR: applet: add an execution timeout - MINOR: stream/applet: add use-service action - MINOR: lua: add AppletTCP class and service - MINOR: lua: add AppletHTTP class and service - DOC: lua: some documentation update - DOC: add the documentation about internal circular lists - DOC: add a CONTRIBUTING file - DOC: add a MAINTAINERS file - BUG/MAJOR: peers: fix a crash when stopping peers on unbound processes - DOC: update coding-style to reference checkpatch.pl - BUG/MEDIUM: stick-tables: fix double-decrement of tracked entries - BUG/MINOR: args: add name for ARGT_VAR - DOC: add more entries to MAINTAINERS - DOC: add more entries to MAINTAINERS - CLEANUP: stream-int: remove obsolete function si_applet_call() - BUG/MAJOR: cli: do not dereference strm_li()->proto->name - BUG/MEDIUM: http: do not dereference strm_li(stream) - BUG/MEDIUM: proxy: do not dereference strm_li(stream) - BUG/MEDIUM: stream: do not dereference strm_li(stream) - MINOR: stream-int: use si_release_endpoint() to close idle conns - BUG/MEDIUM: payload: make req.payload and payload_lv aware of dynamic buffers - BUG/MEDIUM: acl: always accept match "found" - MINOR: applet: rename applet_runq to applet_active_queue - BUG/MAJOR: applet: use a separate run queue to maintain list integrity - MEDIUM: stream-int: split stream_int_update_conn() into si- and conn-specific parts - MINOR: stream-int: implement a new stream_int_update() function - MEDIUM: stream-int: factor out the stream update functions - MEDIUM: stream-int: call stream_int_update() from si_update() - MINOR: stream-int: export stream_int_update_* - MINOR: stream-int: move the applet_pause call out of the stream updates - MEDIUM: stream-int: clean up the conditions to enable reading in si_conn_wake_cb - MINOR: stream-int: implement the stream_int_notify() function - MEDIUM: stream-int: use the same stream notification function for applets and conns - MEDIUM: stream-int: completely remove stream_int_update_embedded() - MINOR: stream-int: rename si_applet_done() to si_applet_wake_cb() - BUG/MEDIUM: applet: fix reporting of broken write situation - BUG/MINOR: stats: do not call cli_release_handler 3 times - BUG/MEDIUM: cli: properly handle closed output - MINOR: cli: do not call the release handler on internal error. - BUG/MEDIUM: stream-int: avoid double-call to applet->release - DEBUG: add p_malloc() to return a poisonned memory area - CLEANUP: lua: remove unneeded memset(0) after calloc() - MINOR: lua: use the proper applet wakeup mechanism - BUG/MEDIUM: lua: better fix for the protocol check - BUG/MEDIUM: lua: properly set the target on the connection - MEDIUM: actions: pass a new "flags" argument to custom actions - MEDIUM: actions: add new flag ACT_FLAG_FINAL to notify about last call - MEDIUM: http: pass ACT_FLAG_FINAL to custom actions - MEDIUM: lua: only allow actions to yield if not in a final call - DOC: clarify how to make use of abstract sockets in socat - CLEANUP: config: make the errorloc/errorfile messages less confusing - MEDIUM: action: add a new flag ACT_FLAG_FIRST - BUG/MINOR: config: check that tune.bufsize is always positive - MEDIUM: config: set tune.maxrewrite to 1024 by default - DOC: add David Carlier as maintainer of da.c - DOC: fix some broken unexpected unicode chars in the Lua doc. - BUG/MEDIUM: proxy: ignore stopped peers - BUG/MEDIUM: proxy: do not wake stopped proxies' tasks during soft_stop() - MEDIUM: init: completely deallocate unused peers - BUG/MEDIUM: tcp: fix inverted condition to call custom actions - DOC: remove outdated actions lists on tcp-request/response - MEDIUM: tcp: add new tcp action "silent-drop" - DOC: add URLs to optional libraries in the README 2015/09/14 : 1.6-dev5 - MINOR: dns: dns_resolution structure update: time_t to unsigned int - BUG/MEDIUM: dns: DNS resolution doesn't start - BUG/MAJOR: dns: dns client resolution infinite loop - MINOR: dns: coding style update - MINOR: dns: new bitmasks to use against DNS flags - MINOR: dns: dns_nameserver structure update: new counter for truncated response - MINOR: dns: New DNS response analysis code: DNS_RESP_TRUNCATED - MEDIUM: dns: handling of truncated response - MINOR: DNS client query type failover management - MINOR: dns: no expected DNS record type found - MINOR: dns: new flag to report that no IP can be found in a DNS response packet - BUG/MINOR: DNS request retry counter used for retry only - DOC: DNS documentation updated - MEDIUM: actions: remove ACTION_STOP - BUG/MEDIUM: lua: outgoing connection was broken since 1.6-dev2 (bis) - BUG/MINOR: lua: last log character truncated. - CLEANUP: typo: bad indent - CLEANUP: actions: missplaced includes - MINOR: build: missing header - CLEANUP: lua: Merge log functions - BUG/MAJOR: http: don't manipulate the server connection if it's killed - BUG/MINOR: http: remove stupid HTTP_METH_NONE entry - BUG/MAJOR: http: don't call http_send_name_header() after an error - MEDIUM: tools: make str2sa_range() optionally return the FQDN - BUG/MINOR: tools: make str2sa_range() report unresolvable addresses - BUG/MEDIUM: dns: use the correct server hostname when resolving 2015/08/30 : 1.6-dev4 - MINOR: log: Add log-format variable %HQ, to log HTTP query strings - DOC: typo in 'redirect', 302 code meaning - DOC: typos in tcp-check expect examples - DOC: resolve-prefer default value and default-server update - MINOR: DNS counters: increment valid counter - BUG/MEDIUM: DNS resolution response parsing broken - MINOR: server: add new SRV_ADMF_CMAINT flag - MINOR: server SRV_ADMF_CMAINT flag doesn't imply SRV_ADMF_FMAINT - BUG/MEDIUM: dns: wrong first time DNS resolution - BUG/MEDIUM: lua: Lua tasks fail to start. - BUILD: add USE_LUA to BUILD_OPTIONS when it's used - DOC/MINOR: fix OpenBSD versions where haproxy works - MINOR: 51d: unable to start haproxy without "51degrees-data-file" - BUG/MEDIUM: peers: fix wrong message id on stick table updates acknowledgement. - BUG/MAJOR: peers: fix current table pointer not re-initialized on session release. - BUILD: ssl: Allow building against libssl without SSLv3. - DOC: clarify some points about SSL and the proxy protocol - DOC: mention support for RFC 5077 TLS Ticket extension in starter guide - BUG/MEDIUM: mailer: DATA part must be terminated with . - DOC: match several lua configuration option names to those implemented in code - MINOR cfgparse: Correct the mailer warning text to show the right names to the user - BUG/MINOR: ssl: TLS Ticket Key rotation broken via socket command - MINOR: stream: initialize the current_rule field to NULL on stream init - BUG/MEDIUM: lua: timeout error with converters, wrapper and actions. - CLEANUP: proto_http: remove useless initialisation - CLEANUP: http/tcp actions: remove the scope member - BUG/MINOR: proto_tcp: custom action continue is ignored - MINOR: proto_tcp: add session in the action prototype - MINOR: vars: reduce the code size of some wrappers - MINOR: Move http method enum from proto_http to sample - MINOR: sample: Add ipv6 to ipv4 and sint to ipv6 casts - MINOR: sample/proto_tcp: export "smp_fetch_src" - MEDIUM: cli: rely on the map's output type instead of the sample type - BUG/MEDIUM: stream: The stream doen't inherit SC from the session - BUG/MEDIUM: vars: segfault during the configuration parsing - BUG/MEDIUM: stick-tables: refcount error after copying SC for the session to the stream - BUG/MEDIUM: lua: bad error processing - MINOR: samples: rename a struct from sample_storage to sample_data - MINOR: samples: rename some struct member from "smp" to "data" - MEDIUM: samples: Use the "struct sample_data" in the "struct sample" - MINOR: samples: extract the anonymous union and create the union sample_value - MINOR: samples: rename union from "data" to "u" - MEDIUM: 51degrees: Adapt the 51Degrees library - MINOR: samples: data assignation simplification - MEDIUM: pattern/map: Maps can returns various types - MINOR: map: The map can return IPv4 and IPv6 - MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs - MINOR: actions: Remove the data opaque pointer - MINOR: lua: use the hlua_rule type in place of opaque type - MINOR: vars: use the vars types as argument in place of opaque type - MINOR: proto_http: use an "expr" type in place of generic opaque type. - MINOR: proto_http: replace generic opaque types by real used types for the actions on thr request line - MINOR: proto_http: replace generic opaque types by real used types in "http_capture" - MINOR: proto_http: replace generic opaque types by real used types in "http_capture" by id - MEDIUM: track-sc: Move the track-sc configuration storage in the union - MEDIUM: capture: Move the capture configuration storage in the union - MINOR: actions: add "from" information - MINOR: actions: remove the mark indicating the last entry in enum - MINOR: actions: Declare all the embedded actions in the same header file - MINOR: actions: change actions names - MEDIUM: actions: Add standard return code for the action API - MEDIUM: actions: Merge (http|tcp)-(request|reponse) keywords structs - MINOR: proto_tcp: proto_tcp.h is now useles - MINOR: actions: mutualise the action keyword lookup - MEDIUM: actions: Normalize the return code of the configuration parsers - MINOR: actions: Remove wrappers - MAJOR: stick-tables: use sample types in place of dedicated types - MEDIUM: stick-tables: use the sample type names - MAJOR: stick-tables: remove key storage from the key struct - MEDIUM: stick-tables: Add GPT0 in the stick tables - MINOR: stick-tables: Add GPT0 access - MINOR: stick-tables: Add GPC0 actions - BUG/MEDIUM: lua: the lua fucntion Channel:close() causes a segfault - DOC: ssl: missing LF - MINOR: lua: add core.done() function - DOC: fix function name - BUG/MINOR: lua: in some case a sample may remain undefined - DOC: fix "http_action_set_req_line()" comments - MINOR: http: Action for manipulating the returned status code. - MEDIUM: lua: turns txn:close into txn:done - BUG/MEDIUM: lua: cannot process more Lua hooks after a "done()" function call - BUILD: link with libdl if needed for Lua support - CLEANUP: backend: factor out objt_server() in connect_server() - MEDIUM: backend: don't call si_alloc_conn() when we reuse a valid connection - MEDIUM: stream-int: simplify si_alloc_conn() - MINOR: stream-int: add new function si_detach_endpoint() - MINOR: server: add a list of private idle connections - MINOR: connection: add a new list member in the connection struct - MEDIUM: stream-int: queue idle connections at the server - MINOR: stream-int: make si_idle_conn() only accept valid connections - MINOR: server: add a list of already used idle connections - MINOR: connection: add a new flag CO_FL_PRIVATE - MINOR: config: add new setting "http-reuse" - MAJOR: backend: initial work towards connection reuse - MAJOR: backend: improve the connection reuse mechanism - MEDIUM: backend: implement "http-reuse safe" - MINOR: server: add a list of safe, already reused idle connections - MEDIUM: backend: add the "http-reuse aggressive" strategy - DOC: document the new http-reuse directive - DOC: internals: document next steps for HTTP connection reuse - DOC: mention that %ms is left-padded with zeroes. - MINOR: init: indicate to check 'bind' lines when no listeners were found. - MAJOR: http: remove references to appsession - CLEANUP: config: remove appsession initialization - CLEANUP: appsession: remove appsession.c and sessionhash.c - CLEANUP: tests: remove sessionhash_test.c and test-cookie-appsess.cfg - CLEANUP: proxy: remove last references to appsession - CLEANUP: appsession: remove the last include files - DOC: remove documentation about appsession - CLEANUP: .gitignore: ignore more test files - CLEANUP: .gitignore: finally ignore everything but what is known. - MEDIUM: config: emit a warning on a frontend without listener - DOC: add doc/internals/entities-v2.txt - DOC: add doc/linux-syn-cookies.txt - DOC: add design thoughts on HTTP/2 - DOC: add some thoughts on connection sharing for HTTP/2 - DOC: add design thoughts on dynamic buffer allocation - BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 creates a missing entry - DOC: add new file intro.txt - MAJOR: tproxy: remove support for cttproxy - BUG/MEDIUM: lua: outgoing connection was broken since 1.6-dev2 - DOC: lua: replace txn:close with txn:done in lua-api - DOC: intro: minor updates and fixes - DOC: intro: fix too long line. - DOC: fix example of http-request using ssl_fc_session_id - BUG/MEDIUM: lua: txn:done() still causes a segfault in TCP mode - CLEANUP: lua: fix some indent issues - BUG/MEDIUM: lua: fix a segfault in txn:done() if called twice - DOC: lua: mention than txn:close was renamed txn:done. 2015/07/22 : 1.6-dev3 - CLEANUP: sample: generalize sample_fetch_string() as sample_fetch_as_type() - MEDIUM: http: Add new 'set-src' option to http-request - DOC usesrc root privileges requirments - BUG/MINOR: dns: wrong time unit for some DNS default parameters - MINOR: proxy: bit field for proxy_find_best_match diff status - MINOR: server: new server flag: SRV_F_FORCED_ID - MINOR: server: server_find functions: id, name, best_match - DOC: dns: fix chapters syntax - BUILD/MINOR: tools: rename popcount to my_popcountl - BUILD: add netbsd TARGET - MEDIUM: 51Degrees code refactoring and cleanup - MEDIUM: 51d: add LRU-based cache on User-Agent string detection - DOC: add notes about the "51degrees-cache-size" parameter - BUG/MEDIUM: 51d: possible incorrect operations on smp->data.str.str - BUG/MAJOR: connection: fix TLV offset calculation for proxy protocol v2 parsing - MINOR: Add sample fetch to detect Supported Elliptic Curves Extension - BUG/MINOR: payload: Add volatile flag to smp_fetch_req_ssl_ec_ext - BUG/MINOR: lua: type error in the arguments wrapper - CLEANUP: vars: remove unused struct - BUG/MINOR: http/sample: gmtime/localtime can fail - MINOR: standard: add 64 bits conversion functions - MAJOR: sample: converts uint and sint in 64 bits signed integer - MAJOR: arg: converts uint and sint in sint - MEDIUM: sample: switch to saturated arithmetic - MINOR: vars: returns variable content - MEDIUM: vars/sample: operators can use variables as parameter - BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id - BUILD/MINOR: lua: fix a harmless build warning - BUILD/MINOR: stats: fix build warning due to condition always true - BUG/MAJOR: lru: fix unconditional call to free due to unexpected semi-colon - BUG/MEDIUM: logs: fix improper systematic use of quotes with a few tags - BUILD/MINOR: lua: ensure that hlua_ctx_destroy is properly defined - BUG/MEDIUM: lru: fix possible memory leak when ->free() is used - MINOR: vars: make the accounting not depend on the stream - MEDIUM: vars: move the session variables to the session, not the stream - BUG/MEDIUM: vars: do not freeze the connection when the expression cannot be fetched - BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data - BUG/MAJOR: tcp: tcp rulesets were still broken - MINOR: stats: improve compression stats reporting - MINOR: ssl: make self-generated certs also work with raw IPv6 addresses - CLEANUP: ssl: make ssl_sock_generated_cert_serial() take a const - CLEANUP: ssl: make ssl_sock_generate_certificate() use ssl_sock_generated_cert_serial() - BUG/MINOR: log: missing some ARGC_* entries in fmt_directives() - MINOR: args: add new context for servers - MINOR: stream: maintain consistence between channel_forward and HTTP forward - MINOR: ssl: provide ia function to set the SNI extension on a connection - MEDIUM: ssl: add sni support on the server lines - CLEANUP: stream: remove a useless call to si_detach() - CLEANUP: stream-int: fix a few outdated comments about stream_int_register_handler() - CLEANUP: stream-int: remove stream_int_unregister_handler() and si_detach() - MINOR: stream-int: only use si_release_endpoint() to release a connection - MINOR: standard: provide htonll() and ntohll() - CLEANUP/MINOR: dns: dns_str_to_dn_label() only needs a const char - BUG/MAJOR: dns: fix the length of the string to be copied 2015/06/17 : 1.6-dev2 - BUG/MINOR: ssl: Display correct filename in error message - MEDIUM: logs: Add HTTP request-line log format directives - BUG/MEDIUM: check: tcpcheck regression introduced by e16c1b3f - BUG/MINOR: check: fix tcpcheck error message - MINOR: use an int instead of calling tcpcheck_get_step_id - MINOR: tcpcheck_rule structure update - MINOR: include comment in tcpcheck error log - DOC: tcpcheck comment documentation - MEDIUM: server: add support for changing a server's address - MEDIUM: server: change server ip address from stats socket - MEDIUM: protocol: add minimalist UDP protocol client - MEDIUM: dns: implement a DNS resolver - MAJOR: server: add DNS-based server name resolution - DOC: server name resolution + proto DNS - MINOR: dns: add DNS statistics - MEDIUM: http: configurable http result codes for http-request deny - BUILD: Compile clean when debug options defined - MINOR: lru: Add the possibility to free data when an item is removed - MINOR: lru: Add lru64_lookup function - MEDIUM: ssl: Add options to forge SSL certificates - MINOR: ssl: Export functions to manipulate generated certificates - MEDIUM: config: add DeviceAtlas global keywords - MEDIUM: global: add the DeviceAtlas required elements to struct global - MEDIUM: sample: add the da-csv converter - MEDIUM: init: DeviceAtlas initialization - BUILD: Makefile: add options to build with DeviceAtlas - DOC: README: explain how to build with DeviceAtlas - BUG/MEDIUM: http: fix the url_param fetch - BUG/MEDIUM: init: segfault if global._51d_property_names is not initialized - MAJOR: peers: peers protocol version 2.0 - MINOR: peers: avoid re-scheduling of pending stick-table's updates still not pushed. - MEDIUM: peers: re-schedule stick-table's entry for sync when data is modified. - MEDIUM: peers: support of any stick-table data-types for sync - BUG/MAJOR: sample: regression on sample cast to stick table types. - CLEANUP: deinit: remove codes for cleaning p->block_rules - DOC: Fix L4TOUT typo in documentation - DOC: set-log-level in Logging section preamble - BUG/MEDIUM: compat: fix segfault on FreeBSD - MEDIUM: check: include server address and port in the send-state header - MEDIUM: backend: Allow redispatch on retry intervals - MINOR: Add TLS ticket keys reference and use it in the listener struct - MEDIUM: Add support for updating TLS ticket keys via socket - DOC: Document new socket commands "show tls-keys" and "set ssl tls-key" - MINOR: Add sample fetch which identifies if the SSL session has been resumed - DOC: Update doc about weight, act and bck fields in the statistics - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten - MINOR: ssl: add a destructor to free allocated SSL ressources - MEDIUM: ssl: add the possibility to use a global DH parameters file - MEDIUM: ssl: replace standards DH groups with custom ones - MEDIUM: stats: Add enum srv_stats_state - MEDIUM: stats: Separate server state and colour in stats - MEDIUM: stats: Only report drain state in stats if server has SRV_ADMF_DRAIN set - MEDIUM: stats: Differentiate between DRAIN and DRAIN (agent) - MEDIUM: Lower priority of email alerts for log-health-checks messages - MEDIUM: Send email alerts when servers are marked as UP or enter the drain state - MEDIUM: Document when email-alerts are sent - BUG/MEDIUM: lua: bad argument number in analyser and in error message - MEDIUM: lua: automatically converts strings in proxy, tables, server and ip - BUG/MINOR: utf8: remove compilator warning - MEDIUM: map: uses HAProxy facilities to store default value - BUG/MINOR: lua: error in detection of mandatory arguments - BUG/MINOR: lua: set current proxy as default value if it is possible - BUG/MEDIUM: http: the action set-{method|path|query|uri} doesn't run. - BUG/MEDIUM: lua: undetected infinite loop - BUG/MAJOR: http: don't read past buffer's end in http_replace_value - BUG/MEDIUM: http: the function "(req|res)-replace-value" doesn't respect the HTTP syntax - MEDIUM/CLEANUP: http: rewrite and lighten http_transform_header() prototype - BUILD: lua: it miss the '-ldl' directive - MEDIUM: http: allows 'R' and 'S' in the protocol alphabet - MINOR: http: split the function http_action_set_req_line() in two parts - MINOR: http: split http_transform_header() function in two parts. - MINOR: http: export function inet_set_tos() - MINOR: lua: txn: add function set_(loglevel|tos|mark) - MINOR: lua: create and register HTTP class - DOC: lua: fix some typos - MINOR: lua: add log functions - BUG/MINOR: lua: Fix SSL initialisation - DOC: lua: some fixes - MINOR: lua: (req|res)_get_headers return more than one header value - MINOR: lua: map system integration in Lua - BUG/MEDIUM: http: functions set-{path,query,method,uri} breaks the HTTP parser - MINOR: sample: add url_dec converter - MEDIUM: sample: fill the struct sample with the session, proxy and stream pointers - MEDIUM: sample change the prototype of sample-fetches and converters functions - MINOR: sample: fill the struct sample with the options. - MEDIUM: sample: change the prototype of sample-fetches functions - MINOR: http: split the url_param in two parts - CLEANUP: http: bad indentation - MINOR: http: add body_param fetch - MEDIUM: http: url-encoded parsing function can run throught wrapped buffer - DOC: http: req.body_param documentation - MINOR: proxy: custom capture declaration - MINOR: capture: add two "capture" converters - MEDIUM: capture: Allow capture with slot identifier - MINOR: http: add array of generic pointers in http_res_rules - MEDIUM: capture: adds http-response capture - MINOR: common: escape CSV strings - MEDIUM: stats: escape some strings in the CSV dump - MINOR: tcp: add custom actions that can continue tcp-(request|response) processing - MINOR: lua: Lua tcp action are not final action - DOC: lua: schematics about lua socket organization - BUG/MINOR: debug: display (null) in place of "meth" - DOC: mention the "lua action" in documentation - MINOR: standard: add function that converts signed int to a string - BUG/MINOR: sample: wrong conversion of signed values - MEDIUM: sample: Add type any - MINOR: debug: add a special converter which display its input sample content. - MINOR: tcp: increase the opaque data array - MINOR: tcp/http/conf: extends the keyword registration options - MINOR: build: fix build dependency - MEDIUM: vars: adds support of variables - MINOR: vars: adds get and set functions - MINOR: lua: Variable access - MINOR: samples: add samples which returns constants - BUG/MINOR: vars/compil: fix some warnings - BUILD: add 51degrees options to makefile. - MINOR: global: add several 51Degrees members to global - MINOR: config: add 51Degrees config parsing. - MINOR: init: add 51Degrees initialisation code - MEDIUM: sample: add fiftyone_degrees converter. - MEDIUM: deinit: add cleanup for 51Degrees to deinit - MEDIUM: sample: add trie support to 51Degrees - DOC: add 51Degrees notes to configuration.txt. - DOC: add build indications for 51Degrees to README. - MEDIUM: cfgparse: introduce weak and strong quoting - BUG/MEDIUM: cfgparse: incorrect memmove in quotes management - MINOR: cfgparse: remove line size limitation - MEDIUM: cfgparse: expand environment variables - BUG/MINOR: cfgparse: fix typo in 'option httplog' error message - BUG/MEDIUM: cfgparse: segfault when userlist is misused - CLEANUP: cfgparse: remove reference to 'ruleset' section - MEDIUM: cfgparse: check section maximum number of arguments - MEDIUM: cfgparse: max arguments check in the global section - MEDIUM: cfgparse: check max arguments in the proxies sections - CLEANUP: stream-int: remove a redundant clearing of the linger_risk flag - MINOR: connection: make conn_sock_shutw() actually perform the shutdown() call - MINOR: stream-int: use conn_sock_shutw() to shutdown a connection - MINOR: connection: perform the call to xprt->shutw() in conn_data_shutw() - MEDIUM: stream-int: replace xprt->shutw calls with conn_data_shutw() - MINOR: checks: use conn_data_shutw_hard() instead of call via xprt - MINOR: connection: implement conn_sock_send() - MEDIUM: stream-int: make conn_si_send_proxy() use conn_sock_send() - MEDIUM: connection: make conn_drain() perform more controls - REORG: connection: move conn_drain() to connection.c and rename it - CLEANUP: stream-int: remove inclusion of fd.h that is not used anymore - MEDIUM: channel: don't always set CF_WAKE_WRITE on bi_put* - CLEANUP: lua: don't use si_ic/si_oc on known stream-ints - BUG/MEDIUM: peers: correctly configure the client timeout - MINOR: peers: centralize configuration of the peers frontend - MINOR: proxy: store the default target into the frontend's configuration - MEDIUM: stats: use frontend_accept() as the accept function - MEDIUM: peers: use frontend_accept() instead of peer_accept() - CLEANUP: listeners: remove unused timeout - MEDIUM: listener: store the default target per listener - BUILD: fix automatic inclusion of libdl. - MEDIUM: lua: implement a simple memory allocator - MEDIUM: compression: postpone buffer adjustments after compression - MEDIUM: compression: don't send leading zeroes with chunk size - BUG/MINOR: compression: consider the expansion factor in init - MINOR: http: check the algo name "identity" instead of the function pointer - CLEANUP: compression: statify all algo-specific functions - MEDIUM: compression: add a distinction between UA- and config- algorithms - MEDIUM: compression: add new "raw-deflate" compression algorithm - MEDIUM: compression: split deflate_flush() into flush and finish - CLEANUP: compression: remove unused reset functions - MAJOR: compression: integrate support for libslz - BUG/MEDIUM: http: hdr_cnt would not count any header when called without name - BUG/MAJOR: http: null-terminate the http actions keywords list - CLEANUP: lua: remove the unused hlua_sleep memory pool - BUG/MAJOR: lua: use correct object size when initializing a new converter - CLEANUP: lua: remove hard-coded sizeof() in object creations and mallocs - CLEANUP: lua: fix confusing local variable naming in hlua_txn_new() - CLEANUP: hlua: stop using variable name "s" alternately for hlua_txn and hlua_smp - CLEANUP: lua: get rid of the last "*ht" for struct hlua_txn. - CLEANUP: lua: rename last occurrences of "*s" to "*htxn" for hlua_txn - CLEANUP: lua: rename variable "sc" for struct hlua_smp - CLEANUP: lua: get rid of the last two "*hs" for hlua_smp - REORG/MAJOR: session: rename the "session" entity to "stream" - REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* - MINOR: session: start to reintroduce struct session - MEDIUM: stream: allocate the session when a stream is created - MEDIUM: stream: move the listener's pointer to the session - MEDIUM: stream: move the frontend's pointer to the session - MINOR: session: add a pointer to the session's origin - MEDIUM: session: use the pointer to the origin instead of s->si[0].end - CLEANUP: sample: remove useless tests in fetch functions for l4 != NULL - MEDIUM: http: move header captures from http_txn to struct stream - MINOR: http: create a dedicated pool for http_txn - MAJOR: http: move http_txn out of struct stream - MAJOR: sample: don't pass l7 anymore to sample fetch functions - CLEANUP: lua: remove unused hlua_smp->l7 and hlua_txn->l7 - MEDIUM: http: remove the now useless http_txn from {req/res} rules - CLEANUP: lua: don't pass http_txn anymore to hlua_request_act_wrapper() - MAJOR: sample: pass a pointer to the session to each sample fetch function - MINOR: stream: provide a few helpers to retrieve frontend, listener and origin - CLEANUP: stream: don't set ->target to the incoming connection anymore - MINOR: stream: move session initialization before the stream's - MINOR: session: store the session's accept date - MINOR: session: don't rely on s->logs.logwait in embryonic sessions - MINOR: session: implement session_free() and use it everywhere - MINOR: session: add stick counters to the struct session - REORG: stktable: move the stkctr_* functions from stream to sticktable - MEDIUM: streams: support looking up stkctr in the session - MEDIUM: session: update the session's stick counters upon session_free() - MEDIUM: proto_tcp: track the session's counters in the connection ruleset - MAJOR: tcp: make tcp_exec_req_rules() only rely on the session - MEDIUM: stream: don't call stream_store_counters() in kill_mini_session() nor session_accept() - MEDIUM: stream: move all the session-specific stuff of stream_accept() earlier - MAJOR: stream: don't initialize the stream anymore in stream_accept - MEDIUM: session: remove the task pointer from the session - REORG: session: move the session parts out of stream.c - MINOR: stream-int: make appctx_new() take the applet in argument - MEDIUM: peers: move the appctx initialization earlier - MINOR: session: introduce session_new() - MINOR: session: make use of session_new() when creating a new session - MINOR: peers: make use of session_new() when creating a new session - MEDIUM: peers: initialize the task before the stream - MINOR: session: set the CO_FL_CONNECTED flag on the connection once ready - CLEANUP: stream.c: do not re-attach the connection to the stream - MEDIUM: stream: isolate connection-specific initialization code - MEDIUM: stream: also accept appctx as origin in stream_accept_session() - MEDIUM: peers: make use of stream_accept_session() - MEDIUM: frontend: make ->accept only return +/-1 - MEDIUM: stream: return the stream upon accept() - MEDIUM: frontend: move some stream initialisation to stream_new() - MEDIUM: frontend: move the fd-specific settings to session_accept_fd() - MEDIUM: frontend: don't restrict frontend_accept() to connections anymore - MEDIUM: frontend: move some remaining stream settings to stream_new() - CLEANUP: frontend: remove one useless local variable - MEDIUM: stream: don't rely on the session's listener anymore in stream_new() - MEDIUM: lua: make use of stream_new() to create an outgoing connection - MINOR: lua: minor cleanup in hlua_socket_new() - MINOR: lua: no need for setting timeouts / conn_retries in hlua_socket_new() - MINOR: peers: no need for setting timeouts / conn_retries in peer_session_create() - CLEANUP: stream-int: swap stream-int and appctx declarations - CLEANUP: namespaces: fix protection against multiple inclusions - MINOR: session: maintain the session count stats in the session, not the stream - MEDIUM: session: adjust the connection flags before stream_new() - MINOR: stream: pass the pointer to the origin explicitly to stream_new() - CLEANUP: poll: move the conditions for waiting out of the poll functions - BUG/MEDIUM: listener: don't report an error when resuming unbound listeners - BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only - BUG/MAJOR: tcp/http: fix current_rule assignment when restarting over a ruleset - BUG/MEDIUM: stream-int: always reset si->ops when si->end is nullified - DOC: update the entities diagrams - BUG/MEDIUM: http: properly retrieve the front connection - MINOR: applet: add a new "owner" pointer in the appctx - MEDIUM: applet: make the applet not depend on a stream interface anymore - REORG: applet: move the applet definitions out of stream_interface - CLEANUP: applet: rename struct si_applet to applet - REORG: stream-int: create si_applet_ops dedicated to applets - MEDIUM: applet: add basic support for an applet run queue - MEDIUM: applet: implement a run queue for active appctx - MEDIUM: stream-int: add a new function si_applet_done() - MAJOR: applet: now call si_applet_done() instead of si_update() in I/O handlers - MAJOR: stream: use a regular ->update for all stream interfaces - MEDIUM: dumpstats: don't unregister the applet anymore - MEDIUM: applet: centralize the call to si_applet_done() in the I/O handler - MAJOR: stream: do not allocate request buffers anymore when the left side is an applet - MINOR: stream-int: add two flags to indicate an applet's wishes regarding I/O - MEDIUM: applet: make the applets only use si_applet_{cant|want|stop}_{get|put} - MEDIUM: stream-int: pause the appctx if the task is woken up - BUG/MAJOR: tcp: only call registered actions when they're registered - BUG/MEDIUM: peers: fix applet scheduling - BUG/MEDIUM: peers: recent applet changes broke peers updates scheduling - MINOR: tools: provide an rdtsc() function for time comparisons - IMPORT: lru: import simple ebtree-based LRU functions - IMPORT: hash: import xxhash-r39 - MEDIUM: pattern: add a revision to all pattern expressions - MAJOR: pattern: add LRU-based cache on pattern matching - BUG/MEDIUM: http: remove content-length from chunked messages - DOC: http: update the comments about the rules for determining transfer-length - BUG/MEDIUM: http: do not restrict parsing of transfer-encoding to HTTP/1.1 - BUG/MEDIUM: http: incorrect transfer-coding in the request is a bad request - BUG/MEDIUM: http: remove content-length form responses with bad transfer-encoding - MEDIUM: http: restrict the HTTP version token to 1 digit as per RFC7230 - MEDIUM: http: disable support for HTTP/0.9 by default - MEDIUM: http: add option-ignore-probes to get rid of the floods of 408 - BUG/MINOR: config: clear proxy->table.peers.p for disabled proxies - MEDIUM: init: don't stop proxies in parent process when exiting - MINOR: stick-table: don't attach to peers in stopped state - MEDIUM: config: initialize stick-tables after peers, not before - MEDIUM: peers: add the ability to disable a peers section - MINOR: peers: store the pointer to the signal handler - MEDIUM: peers: unregister peers that were never started - MEDIUM: config: propagate the table's process list to the peers sections - MEDIUM: init: stop any peers section not bound to the correct process - MEDIUM: config: validate that peers sections are bound to exactly one process - MAJOR: peers: allow peers section to be used with nbproc > 1 - DOC: relax the peers restriction to single-process - DOC: document option http-ignore-probes - DOC: fix the comments about the meaning of msg->sol in HTTP - BUG/MEDIUM: http: wait for the exact amount of body bytes in wait_for_request_body - BUG/MAJOR: http: prevent risk of reading past end with balance url_param - MEDIUM: stream: move HTTP request body analyser before process_common - MEDIUM: http: add a new option http-buffer-request - MEDIUM: http: provide 3 fetches for the body - DOC: update the doc on the proxy protocol - BUILD: pattern: fix build warnings introduced in the LRU cache - BUG/MEDIUM: stats: properly initialize the scope before dumping stats - CLEANUP: config: fix misleading information in error message. - MINOR: config: report the number of processes using a peers section in the error case - BUG/MEDIUM: config: properly compute the default number of processes for a proxy - MEDIUM: http: add new "capture" action for http-request - BUG/MEDIUM: http: fix the http-request capture parser - BUG/MEDIUM: http: don't forward client shutdown without NOLINGER except for tunnels - BUILD/MINOR: ssl: fix build failure introduced by recent patch - BUG/MAJOR: check: fix breakage of inverted tcp-check rules - CLEANUP: checks: fix double usage of cur / current_step in tcp-checks - BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end - CLEANUP: checks: simplify the loop processing of tcp-checks - BUG/MAJOR: checks: always check for end of list before proceeding - BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct - BUG/MAJOR: checks: break infinite loops when tcp-checks starts with comment - MEDIUM: http: make url_param iterate over multiple occurrences - BUG/MEDIUM: peers: apply a random reconnection timeout - MEDIUM: config: reject invalid config with name duplicates - MEDIUM: config: reject conflicts in table names - CLEANUP: proxy: make the proxy lookup functions more user-friendly - MINOR: proxy: simply ignore duplicates in proxy name lookups - MINOR: config: don't open-code proxy name lookups - MEDIUM: config: clarify the conflicting modes detection for backend rules - CLEANUP: proxy: remove now unused function findproxy_mode() - MEDIUM: stick-table: remove the now duplicate find_stktable() function - MAJOR: config: remove the deprecated reqsetbe / reqisetbe actions - MINOR: proxy: add a new function proxy_find_by_id() - MINOR: proxy: add a flag to memorize that the proxy's ID was forced - MEDIUM: proxy: add a new proxy_find_best_match() function - CLEANUP: http: explicitly reference request in http_apply_redirect_rules() - MINOR: http: prepare support for parsing redirect actions on responses - MEDIUM: http: implement http-response redirect rules - MEDIUM: http: no need to close the request on redirect if data was parsed - BUG/MEDIUM: http: fix body processing for the stats applet - BUG/MINOR: da: fix log-level comparison to emove annoying warning - CLEANUP: global: remove one ifdef USE_DEVICEATLAS - CLEANUP: da: move the converter registration to da.c - CLEANUP: da: register the config keywords in da.c - CLEANUP: adjust the envelope name in da.h to reflect the file name - CLEANUP: da: remove ifdef USE_DEVICEATLAS from da.c - BUILD: make 51D easier to build by defaulting to 51DEGREES_SRC - BUILD: fix build warning when not using 51degrees - BUILD: make DeviceAtlas easier to build by defaulting to DEVICEATLAS_SRC - BUILD: ssl: fix recent build breakage on older SSL libs 2015/03/11 : 1.6-dev1 - CLEANUP: extract temporary $CFG to eliminate duplication - CLEANUP: extract temporary $BIN to eliminate duplication - CLEANUP: extract temporary $PIDFILE to eliminate duplication - CLEANUP: extract temporary $LOCKFILE to eliminate duplication - CLEANUP: extract quiet_check() to avoid duplication - BUG/MINOR: don't start haproxy on reload - DOC: Address issue where documentation is excluded due to a gitignore rule. - BUG/MEDIUM: systemd: set KillMode to 'mixed' - BUILD: fix "make install" to support spaces in the install dirs - BUG/MINOR: config: http-request replace-header arg typo - BUG: config: error in http-response replace-header number of arguments - DOC: missing track-sc* in http-request rules - BUILD: lua: missing ifdef related to SSL when enabling LUA - BUG/MEDIUM: regex: fix pcre_study error handling - MEDIUM: regex: Use pcre_study always when PCRE is used, regardless of JIT - BUG/MINOR: Fix search for -p argument in systemd wrapper. - MEDIUM: Improve signal handling in systemd wrapper. - DOC: fix typo in Unix Socket commands - BUG/MEDIUM: checks: external checks can't change server status to UP - BUG/MEDIUM: checks: segfault with external checks in a backend section - BUG/MINOR: checks: external checks shouldn't wait for timeout to return the result - BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm - BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported - BUG/MINOR: config: don't propagate process binding for dynamic use_backend - BUG/MINOR: log: fix request flags when keep-alive is enabled - BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks - MINOR: checks: allow external checks in backend sections - MEDIUM: checks: provide environment variables to the external checks - MINOR: checks: update dynamic environment variables in external checks - DOC: checks: environment variables used by "external-check command" - BUG/MEDIUM: backend: correctly detect the domain when use_domain_only is used - MINOR: ssl: load certificates in alphabetical order - BUG/MINOR: checks: prevent http keep-alive with http-check expect - MINOR: lua: typo in an error message - MINOR: report the Lua version in -vv - MINOR: lua: add a compilation error message when compiled with an incompatible version - BUG/MEDIUM: lua: segfault when calling haproxy sample fetches from lua - BUILD: try to automatically detect the Lua library name - BUILD/CLEANUP: systemd: avoid a warning due to mixed code and declaration - BUG/MEDIUM: backend: Update hash to use unsigned int throughout - BUG/MEDIUM: connection: fix memory corruption when building a proxy v2 header - MEDIUM: connection: add new bit in Proxy Protocol V2 - BUG/MINOR: ssl: rejects OCSP response without nextupdate. - BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses. - BUG/MINOR: ssl: Fix OCSP resp update fails with the same certificate configured twice. - BUG/MINOR: ssl: Fix external function in order not to return a pointer on an internal trash buffer. - MINOR: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER formatted certs - MINOR: ssl: add statement to force some ssl options in global. - BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates - BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM. - BUG/MINOR: samples: fix unnecessary memcopy converting binary to string. - MINOR: samples: adds the bytes converter. - MINOR: samples: adds the field converter. - MINOR: samples: add the word converter. - BUG/MINOR: server: move the directive #endif to the end of file - BUG/MAJOR: buffer: check the space left is enough or not when input data in a buffer is wrapped - DOC: fix a few typos - CLEANUP: epoll: epoll_events should be allocated according to global.tune.maxpollevents - BUG/MINOR: http: fix typo: "401 Unauthorized" => "407 Unauthorized" - BUG/MINOR: parse: refer curproxy instead of proxy - BUG/MINOR: parse: check the validity of size string in a more strict way - BUILD: add new target 'make uninstall' to support uninstalling haproxy from OS - DOC: expand the docs for the provided stats. - BUG/MEDIUM: unix: do not unlink() abstract namespace sockets upon failure. - MEDIUM: ssl: Certificate Transparency support - MEDIUM: stats: proxied stats admin forms fix - MEDIUM: http: Compress HTTP responses with status codes 201,202,203 in addition to 200 - BUG/MEDIUM: connection: sanitize PPv2 header length before parsing address information - MAJOR: namespace: add Linux network namespace support - MINOR: systemd: Check configuration before start - BUILD: ssl: handle boringssl in openssl version detection - BUILD: ssl: disable OCSP when using boringssl - BUILD: ssl: don't call get_rfc2409_prime when using boringssl - MINOR: ssl: don't use boringssl's cipher_list - BUILD: ssl: use OPENSSL_NO_OCSP to detect OCSP support - MINOR: stats: fix minor typo in HTML page - MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper - MEDIUM: Add support for configurable TLS ticket keys - DOC: Document the new tls-ticket-keys bind keyword - DOC: clearly state that the "show sess" output format is not fixed - MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer() - DOC: httplog does not support 'no' - BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange - MINOR: ssl: use SSL_get_ciphers() instead of directly accessing the cipher list. - BUG/MEDIUM: Consistently use 'check' in process_chk - MEDIUM: Add external check - BUG/MEDIUM: Do not set agent health to zero if server is disabled in config - MEDIUM/BUG: Only explicitly report "DOWN (agent)" if the agent health is zero - MEDIUM: Remove connect_chk - MEDIUM: Refactor init_check and move to checks.c - MEDIUM: Add free_check() helper - MEDIUM: Move proto and addr fields struct check - MEDIUM: Attach tcpcheck_rules to check - MEDIUM: Add parsing of mailers section - MEDIUM: Allow configuration of email alerts - MEDIUM: Support sending email alerts - DOC: Document email alerts - MINOR: Remove trailing '.' from email alert messages - MEDIUM: Allow suppression of email alerts by log level - BUG/MEDIUM: Do not consider an agent check as failed on L7 error - MINOR: deinit: fix memory leak - MINOR: http: export the function 'smp_fetch_base32' - BUG/MEDIUM: http: tarpit timeout is reset - MINOR: sample: add "json" converter - BUG/MEDIUM: pattern: don't load more than once a pattern list. - MINOR: map/acl/dumpstats: remove the "Done." message - BUG/MAJOR: ns: HAProxy segfault if the cli_conn is not from a network connection - BUG/MINOR: pattern: error message missing - BUG/MEDIUM: pattern: some entries are not deleted with case insensitive match - BUG/MINOR: ARG6 and ARG7 don't fit in a 32 bits word - MAJOR: poll: only rely on wake_expired_tasks() to compute the wait delay - MEDIUM: task: call session analyzers if the task is woken by a message. - MEDIUM: protocol: automatically pick the proto associated to the connection. - MEDIUM: channel: wake up any request analyzer on response activity - MINOR: converters: add a "void *private" argument to converters - MINOR: converters: give the session pointer as converter argument - MINOR: sample: add private argument to the struct sample_fetch - MINOR: global: export function and permits to not resolve DNS names - MINOR: sample: add function for browsing samples. - MINOR: global: export many symbols. - MINOR: includes: fix a lot of missing or useless includes - MEDIUM: tcp: add register keyword system. - MEDIUM: buffer: make bo_putblk/bo_putstr/bo_putchk return the number of bytes copied. - MEDIUM: http: change the code returned by the response processing rule functions - MEDIUM: http/tcp: permit to resume http and tcp custom actions - MINOR: channel: functions to get data from a buffer without copy - MEDIUM: lua: lua integration in the build and init system. - MINOR: lua: add ease functions - MINOR: lua: add runtime execution context - MEDIUM: lua: "com" signals - MINOR: lua: add the configuration directive "lua-load" - MINOR: lua: core: create "core" class and object - MINOR: lua: post initialisation bindings - MEDIUM: lua: add coroutine as tasks. - MINOR: lua: add sample and args type converters - MINOR: lua: txn: create class TXN associated with the transaction. - MINOR: lua: add shared context in the lua stack - MINOR: lua: txn: import existing sample-fetches in the class TXN - MINOR: lua: txn: add lua function in TXN that returns an array of http headers - MINOR: lua: register and execute sample-fetches in LUA - MINOR: lua: register and execute converters in LUA - MINOR: lua: add bindings for tcp and http actions - MINOR: lua: core: add sleep functions - MEDIUM: lua: socket: add "socket" class for TCP I/O - MINOR: lua: core: pattern and acl manipulation - MINOR: lua: channel: add "channel" class - MINOR: lua: txn: object "txn" provides two objects "channel" - MINOR: lua: core: can set the nice of the current task - MINOR: lua: core: can yield an execution stack - MINOR: lua: txn: add binding for closing the client connection. - MEDIUM: lua: Lua initialisation "on demand" - BUG/MAJOR: lua: send function fails and return bad bytes - MINOR: remove unused declaration. - MINOR: lua: remove some #define - MINOR: lua: use bitfield and macro in place of integer and enum - MINOR: lua: set skeleton for Lua execution expiration - MEDIUM: lua: each yielding function returns a wake up time. - MINOR: lua: adds "forced yield" flag - MEDIUM: lua: interrupt the Lua execution for running other process - MEDIUM: lua: change the sleep function core - BUG/MEDIUM: lua: the execution timeout is ignored in yield case - DOC: lua: Lua configuration documentation - MINOR: lua: add the struct session in the lua channel struct - BUG/MINOR: lua: set buffer if it is nnot avalaible. - BUG/MEDIUM: lua: reset flags before resuming execution - BUG/MEDIUM: lua: fix infinite loop about channel - BUG/MEDIUM: lua: the Lua process is not waked up after sending data on requests side - BUG/MEDIUM: lua: many errors when we try to send data with the channel API - MEDIUM: lua: use the Lua-5.3 version of the library - BUG/MAJOR: lua: some function are not yieldable, the forced yield causes errors - BUG/MEDIUM: lua: can't handle the response bytes - BUG/MEDIUM: lua: segfault with buffer_replace2 - BUG/MINOR: lua: check buffers before initializing socket - BUG/MINOR: log: segfault if there are no proxy reference - BUG/MEDIUM: lua: sockets don't have buffer to write data - BUG/MEDIUM: lua: cannot connect socket - BUG/MINOR: lua: sockets receive behavior doesn't follows the specs - BUG/BUILD: lua: The strict Lua 5.3 version check is not done. - BUG/MEDIUM: buffer: one byte miss in buffer free space check - MEDIUM: lua: make the functions hlua_gethlua() and hlua_sethlua() faster - MINOR: replace the Core object by a simple model. - MEDIUM: lua: change the objects configuration - MEDIUM: lua: create a namespace for the fetches - MINOR: converters: add function to browse converters - MINOR: lua: wrapper for converters - MINOR: lua: replace function (req|get)_channel by a variable - MINOR: lua: fetches and converters can return an empty string in place of nil - DOC: lua api - BUG/MEDIUM: sample: fix random number upper-bound - BUG/MINOR: stats:Fix incorrect printf type. - BUG/MAJOR: session: revert all the crappy client-side timeout changes - BUG/MINOR: logs: properly initialize and count log sockets - BUG/MEDIUM: http: fetch "base" is not compatible with set-header - BUG/MINOR: counters: do not untrack counters before logging - BUG/MAJOR: sample: correctly reinitialize sample fetch context before calling sample_process() - MINOR: stick-table: make stktable_fetch_key() indicate why it failed - BUG/MEDIUM: counters: fix track-sc* to wait on unstable contents - BUILD: remove TODO from the spec file and add README - MINOR: log: make MAX_SYSLOG_LEN overridable at build time - MEDIUM: log: support a user-configurable max log line length - DOC: provide an example of how to use ssl_c_sha1 - BUILD: checks: external checker needs signal.h - BUILD: checks: kill a minor warning on Solaris in external checks - BUILD: http: fix isdigit & isspace warnings on Solaris - BUG/MINOR: listener: set the listener's fd to -1 after deletion - BUG/MEDIUM: unix: failed abstract socket binding is retryable - MEDIUM: listener: implement a per-protocol pause() function - MEDIUM: listener: support rebinding during resume() - BUG/MEDIUM: unix: completely unbind abstract sockets during a pause() - DOC: explicitly mention the limits of abstract namespace sockets - DOC: minor fix on {sc,src}_kbytes_{in,out} - DOC: fix alphabetical sort of converters - MEDIUM: stick-table: implement lookup from a sample fetch - MEDIUM: stick-table: add new converters to fetch table data - MINOR: samples: add two converters for the date format - BUG/MAJOR: http: correctly rewind the request body after start of forwarding - DOC: remove references to CPU=native in the README - DOC: mention that "compression offload" is ignored in defaults section - DOC: mention that Squid correctly responds 400 to PPv2 header - BUILD: fix dependencies between config and compat.h - MINOR: session: export the function 'smp_fetch_sc_stkctr' - MEDIUM: stick-table: make it easier to register extra data types - BUG/MINOR: http: base32+src should use the big endian version of base32 - MINOR: sample: allow IP address to cast to binary - MINOR: sample: add new converters to hash input - MINOR: sample: allow integers to cast to binary - BUILD: report commit ID in git versions as well - CLEANUP: session: move the stick counters declarations to stick_table.h - MEDIUM: http: add the track-sc* actions to http-request rules - BUG/MEDIUM: connection: fix proxy v2 header again! - BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc* - OPTIM/MINOR: proxy: reduce struct proxy by 48 bytes on 64-bit archs - MINOR: log: add a new field "%lc" to implement a per-frontend log counter - BUG/MEDIUM: http: fix inverted condition in pat_match_meth() - BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs - BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg() - BUG/MEDIUM: acl: correctly compute the output type when a converter is used - CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix - BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer - MEDIUM: http: enable header manipulation for 101 responses - BUG/MEDIUM: config: propagate frontend to backend process binding again. - MEDIUM: config: properly propagate process binding between proxies - MEDIUM: config: make the frontends automatically bind to the listeners' processes - MEDIUM: config: compute the exact bind-process before listener's maxaccept - MEDIUM: config: only warn if stats are attached to multi-process bind directives - MEDIUM: config: report it when tcp-request rules are misplaced - DOC: indicate in the doc that track-sc* can wait if data are missing - MINOR: config: detect the case where a tcp-request content rule has no inspect-delay - MEDIUM: systemd-wrapper: support multiple executable versions and names - BUG/MEDIUM: remove debugging code from systemd-wrapper - BUG/MEDIUM: http: adjust close mode when switching to backend - BUG/MINOR: config: don't propagate process binding on fatal errors. - BUG/MEDIUM: check: rule-less tcp-check must detect connect failures - BUG/MINOR: tcp-check: report the correct failed step in the status - DOC: indicate that weight zero is reported as DRAIN - BUG/MEDIUM: config: avoid skipping disabled proxies - BUG/MINOR: config: do not accept more track-sc than configured - BUG/MEDIUM: backend: fix URI hash when a query string is present - BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR - BUG/MAJOR: cli: explicitly call cli_release_handler() upon error - BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol - BUILD/MINOR: ssl: de-constify "ciphers" to avoid a warning on openssl-0.9.8 - BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets - BUG/BUILD: revert accidental change in the makefile from latest SSL fix - BUG/MEDIUM: ssl: force a full GC in case of memory shortage - MEDIUM: ssl: add support for smaller SSL records - MINOR: session: release a few other pools when stopping - MINOR: task: release the task pool when stopping - BUG/MINOR: config: don't inherit the default balance algorithm in frontends - BUG/MAJOR: frontend: initialize capture pointers earlier - BUG/MINOR: stats: correctly set the request/response analysers - MAJOR: polling: centralize calls to I/O callbacks - DOC: fix typo in the body parser documentation for msg.sov - BUG/MINOR: peers: the buffer size is global.tune.bufsize, not trash.size - MINOR: sample: add a few basic internal fetches (nbproc, proc, stopping) - DEBUG: pools: apply poisonning on every allocated pool - BUG/MAJOR: sessions: unlink session from list on out of memory - BUG/MEDIUM: patterns: previous fix was incomplete - BUG/MEDIUM: payload: ensure that a request channel is available - BUG/MINOR: tcp-check: don't condition data polling on check type - BUG/MEDIUM: tcp-check: don't rely on random memory contents - BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect - BUG/MINOR: config: fix typo in condition when propagating process binding - BUG/MEDIUM: config: do not propagate processes between stopped processes - BUG/MAJOR: stream-int: properly check the memory allocation return - BUG/MEDIUM: memory: fix freeing logic in pool_gc2() - BUG/MAJOR: namespaces: conn->target is not necessarily a server - BUG/MEDIUM: compression: correctly report zlib_mem - CLEANUP: lists: remove dead code - CLEANUP: memory: remove dead code - CLEANUP: memory: replace macros pool_alloc2/pool_free2 with functions - MINOR: memory: cut pool allocator in 3 layers - MEDIUM: memory: improve pool_refill_alloc() to pass a refill count - MINOR: stream-int: retrieve session pointer from stream-int - MINOR: buffer: reset a buffer in b_reset() and not channel_init() - MEDIUM: buffer: use b_alloc() to allocate and initialize a buffer - MINOR: buffer: move buffer initialization after channel initialization - MINOR: buffer: only use b_free to release buffers - MEDIUM: buffer: always assign a dummy empty buffer to channels - MEDIUM: buffer: add a new buf_wanted dummy buffer to report failed allocations - MEDIUM: channel: do not report full when buf_empty is present on a channel - MINOR: session: group buffer allocations together - MINOR: buffer: implement b_alloc_fast() - MEDIUM: buffer: implement b_alloc_margin() - MEDIUM: session: implement a basic atomic buffer allocator - MAJOR: session: implement a wait-queue for sessions who need a buffer - MAJOR: session: only allocate buffers when needed - MINOR: stats: report a "waiting" flags for sessions - MAJOR: session: only wake up as many sessions as available buffers permit - MINOR: config: implement global setting tune.buffers.reserve - MINOR: config: implement global setting tune.buffers.limit - MEDIUM: channel: implement a zero-copy buffer transfer - MEDIUM: stream-int: support splicing from applets - OPTIM: stream-int: try to send pending spliced data - CLEANUP: session: remove session_from_task() - DOC: add missing entry for log-format and clarify the text - MINOR: logs: add a new per-proxy "log-tag" directive - BUG/MEDIUM: http: fix header removal when previous header ends with pure LF - MINOR: config: extend the default max hostname length to 64 and beyond - BUG/MEDIUM: channel: fix possible integer overflow on reserved size computation - BUG/MINOR: channel: compare to_forward with buf->i, not buf->size - MINOR: channel: add channel_in_transit() - MEDIUM: channel: make buffer_reserved() use channel_in_transit() - MEDIUM: channel: make bi_avail() use channel_in_transit() - BUG/MEDIUM: channel: don't schedule data in transit for leaving until connected - CLEANUP: channel: rename channel_reserved -> channel_is_rewritable - MINOR: channel: rename channel_full() to !channel_may_recv() - MINOR: channel: rename buffer_reserved() to channel_reserved() - MINOR: channel: rename buffer_max_len() to channel_recv_limit() - MINOR: channel: rename bi_avail() to channel_recv_max() - MINOR: channel: rename bi_erase() to channel_truncate() - BUG/MAJOR: log: don't try to emit a log if no logger is set - MINOR: tools: add new round_2dig() function to round integers - MINOR: global: always export some SSL-specific metrics - MINOR: global: report information about the cost of SSL connections - MAJOR: init: automatically set maxconn and/or maxsslconn when possible - MINOR: http: add a new fetch "query" to extract the request's query string - MINOR: hash: add new function hash_crc32 - MINOR: samples: provide a "crc32" converter - MEDIUM: backend: add the crc32 hash algorithm for load balancing - BUG/MINOR: args: add missing entry for ARGT_MAP in arg_type_names - BUG/MEDIUM: http: make http-request set-header compute the string before removal - MEDIUM: args: use #define to specify the number of bits used by arg types and counts - MEDIUM: args: increase arg type to 5 bits and limit arg count to 5 - MINOR: args: add type-specific flags for each arg in a list - MINOR: args: implement a new arg type for regex : ARGT_REG - MEDIUM: regex: add support for passing regex flags to regex_exec_match() - MEDIUM: samples: add a regsub converter to perform regex-based transformations - BUG/MINOR: sample: fix case sensitivity for the regsub converter - MEDIUM: http: implement http-request set-{method,path,query,uri} - DOC: fix missing closing brackend on regsub - MEDIUM: samples: provide basic arithmetic and bitwise operators - MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set - BUG/MINOR: http: fix incorrect header value offset in replace-hdr/replace-value - BUG/MINOR: http: abort request processing on filter failure - MEDIUM: tcp: implement tcp-ut bind option to set TCP_USER_TIMEOUT - MINOR: ssl/server: add the "no-ssl-reuse" server option - BUG/MAJOR: peers: initialize s->buffer_wait when creating the session - MINOR: http: add a new function to iterate over each header line - MINOR: http: add the new sample fetches req.hdr_names and res.hdr_names - MEDIUM: task: always ensure that the run queue is consistent - BUILD: Makefile: add -Wdeclaration-after-statement - BUILD/CLEANUP: ssl: avoid a warning due to mixed code and declaration - BUILD/CLEANUP: config: silent 3 warnings about mixed declarations with code - MEDIUM: protocol: use a family array to index the protocol handlers - BUILD: lua: cleanup many mixed occurrences declarations & code - BUG/MEDIUM: task: fix recently introduced scheduler skew - BUG/MINOR: lua: report the correct function name in an error message - BUG/MAJOR: http: fix stats regression consecutive to HTTP_RULE_RES_YIELD - Revert "BUG/MEDIUM: lua: can't handle the response bytes" - MINOR: lua: convert IP addresses to type string - CLEANUP: lua: use the same function names in C and Lua - REORG/MAJOR: move session's req and resp channels back into the session - CLEANUP: remove now unused channel pool - REORG/MEDIUM: stream-int: introduce si_ic/si_oc to access channels - MEDIUM: stream-int: add a flag indicating which side the SI is on - MAJOR: stream-int: only rely on SI_FL_ISBACK to find the requested channel - MEDIUM: stream-interface: remove now unused pointers to channels - MEDIUM: stream-int: make si_sess() use the stream int's side - MEDIUM: stream-int: use si_task() to retrieve the task from the stream int - MEDIUM: stream-int: remove any reference to the owner - CLEANUP: stream-int: add si_ib/si_ob to dereference the buffers - CLEANUP: stream-int: add si_opposite() to find the other stream interface - REORG/MEDIUM: channel: only use chn_prod / chn_cons to find stream-interfaces - MEDIUM: channel: add a new flag "CF_ISRESP" for the response channel - MAJOR: channel: only rely on the new CF_ISRESP flag to find the SI - MEDIUM: channel: remove now unused ->prod and ->cons pointers - CLEANUP: session: simplify references to chn_{prod,cons}(&s->{req,res}) - CLEANUP: session: use local variables to access channels / stream ints - CLEANUP: session: don't needlessly pass a pointer to the stream-int - CLEANUP: session: don't use si_{ic,oc} when we know the session. - CLEANUP: stream-int: limit usage of si_ic/si_oc - CLEANUP: lua: limit usage of si_ic/si_oc - MINOR: channel: add chn_sess() helper to retrieve session from channel - MEDIUM: session: simplify receive buffer allocator to only use the channel - MEDIUM: lua: use CF_ISRESP to detect the channel's side - CLEANUP: lua: remove the session pointer from hlua_channel - CLEANUP: lua: hlua_channel_new() doesn't need the pointer to the session anymore - MEDIUM: lua: remove struct hlua_channel - MEDIUM: lua: remove hlua_sample_fetch 2014/06/19 : 1.6-dev0 - exact copy of 1.5.0 2014/06/19 : 1.5.0 - MEDIUM: ssl: ignored file names ending as '.issuer' or '.ocsp'. - MEDIUM: ssl: basic OCSP stapling support. - MINOR: ssl/cli: Fix unapropriate comment in code on 'set ssl ocsp-response' - MEDIUM: ssl: add 300s supported time skew on OCSP response update. - MINOR: checks: mysql-check: Add support for v4.1+ authentication - MEDIUM: ssl: Add the option to use standardized DH parameters >= 1024 bits - MEDIUM: ssl: fix detection of ephemeral diffie-hellman key exchange by using the cipher description. - MEDIUM: http: add actions "replace-header" and "replace-values" in http-req/resp - MEDIUM: Break out check establishment into connect_chk() - MEDIUM: Add port_to_str helper - BUG/MEDIUM: fix ignored values for half-closed timeouts (client-fin and server-fin) in defaults section. - BUG/MEDIUM: Fix unhandled connections problem with systemd daemon mode and SO_REUSEPORT. - MINOR: regex: fix a little configuration memory leak. - MINOR: regex: Create JIT compatible function that return match strings - MEDIUM: regex: replace all standard regex function by own functions - MEDIUM: regex: Remove null terminated strings. - MINOR: regex: Use native PCRE API. - MINOR: missing regex.h include - DOC: Add Exim as Proxy Protocol implementer. - BUILD: don't use type "uint" which is not portable - BUILD: stats: workaround stupid and bogus -Werror=format-security behaviour - BUG/MEDIUM: http: clear CF_READ_NOEXP when preparing a new transaction - CLEANUP: http: don't clear CF_READ_NOEXP twice - DOC: fix proxy protocol v2 decoder example - DOC: fix remaining occurrences of "pattern extraction" - MINOR: log: allow the HTTP status code to be logged even in TCP frontends - MINOR: logs: don't limit HTTP header captures to HTTP frontends - MINOR: sample: improve sample_fetch_string() to report partial contents - MINOR: capture: extend the captures to support non-header keys - MINOR: tcp: prepare support for the "capture" action - MEDIUM: tcp: add a new tcp-request capture directive - MEDIUM: session: allow shorter retry delay if timeout connect is small - MEDIUM: session: don't apply the retry delay when redispatching - MEDIUM: session: redispatch earlier when possible - MINOR: config: warn when tcp-check rules are used without option tcp-check - BUG/MINOR: connection: make proxy protocol v1 support the UNKNOWN protocol - DOC: proxy protocol example parser was still wrong - DOC: minor updates to the proxy protocol doc - CLEANUP: connection: merge proxy proto v2 header and address block - MEDIUM: connection: add support for proxy protocol v2 in accept-proxy - MINOR: tools: add new functions to quote-encode strings - DOC: clarify the CSV format - MEDIUM: stats: report the last check and last agent's output on the CSV status - MINOR: freq_ctr: introduce a new averaging method - MEDIUM: session: maintain per-backend and per-server time statistics - MEDIUM: stats: report per-backend and per-server time stats in HTML and CSV outputs - BUG/MINOR: http: fix typos in previous patch - DOC: remove the ultra-obsolete TODO file - DOC: update roadmap - DOC: minor updates to the README - DOC: mention the maxconn limitations with the select poller - DOC: commit a few old design thoughts files 2014/05/28 : 1.5-dev26 - BUG/MEDIUM: polling: fix possible CPU hogging of worker processes after receiving SIGUSR1. - BUG/MINOR: stats: fix a typo on a closing tag for a server tracking another one - OPTIM: stats: avoid the calculation of a useless link on tracking servers in maintenance - MINOR: fix a few memory usage errors - CONTRIB: halog: Filter input lines by date and time through timestamp - MINOR: ssl: SSL_CTX_set_options() and SSL_CTX_set_mode() take a long, not an int - BUG/MEDIUM: regex: fix risk of buffer overrun in exp_replace() - MINOR: acl: set "str" as default match for strings - DOC: Add some precisions about acl default matching method - MEDIUM: acl: strenghten the option parser to report invalid options - BUG/MEDIUM: config: a stats-less config crashes in 1.5-dev25 - BUG/MINOR: checks: tcp-check must not stop on '\0' for binary checks - MINOR: stats: improve alignment of color codes to save one line of header - MINOR: checks: simplify and improve reporting of state changes when using log-health-checks - MINOR: server: remove the SRV_DRAIN flag which can always be deduced - MINOR: server: use functions to detect state changes and to update them - MINOR: server: create srv_was_usable() from srv_is_usable() and use a pointer - BUG/MINOR: stats: do not report "100%" in the thottle column when server is draining - BUG/MAJOR: config: don't free valid regex memory - BUG/MEDIUM: session: don't clear CF_READ_NOEXP if analysers are not called - BUG/MINOR: stats: tracking servers may incorrectly report an inherited DRAIN status - MEDIUM: proxy: make timeout parser a bit stricter - REORG/MEDIUM: server: split server state and flags in two different variables - REORG/MEDIUM: server: move the maintenance bits out of the server state - MAJOR: server: use states instead of flags to store the server state - REORG: checks: put the functions in the appropriate files ! - MEDIUM: server: properly support and propagate the maintenance status - MEDIUM: server: allow multi-level server tracking - CLEANUP: checks: rename the server_status_printf function - MEDIUM: checks: simplify server up/down/nolb transitions - MAJOR: checks: move health checks changes to set_server_check_status() - MINOR: server: make the status reporting function support a reason - MINOR: checks: simplify health check reporting functions - MINOR: server: implement srv_set_stopped() - MINOR: server: implement srv_set_running() - MINOR: server: implement srv_set_stopping() - MEDIUM: checks: simplify failure notification using srv_set_stopped() - MEDIUM: checks: simplify success notification using srv_set_running() - MEDIUM: checks: simplify stopping mode notification using srv_set_stopping() - MEDIUM: stats: report a server's own state instead of the tracked one's - MINOR: server: make use of srv_is_usable() instead of checking eweight - MAJOR: checks: add support for a new "drain" administrative mode - MINOR: stats: use the admin flags for soft enable/disable/stop/start on the web page - MEDIUM: stats: introduce new actions to simplify admin status management - MINOR: cli: introduce a new "set server" command - MINOR: stats: report a distinct output for DOWN caused by agent - MINOR: checks: support specific check reporting for the agent - MINOR: checks: support a neutral check result - BUG/MINOR: cli: "agent" was missing from the "enable"/"disable" help message - MEDIUM: cli: add support for enabling/disabling health checks. - MEDIUM: stats: report down caused by agent prior to reporting up - MAJOR: agent: rework the response processing and support additional actions - MINOR: stats: improve the stats web page to support more actions - CONTRIB: halog: avoid calling time/localtime/mktime for each line - DOC: document the workarouds for Google Chrome's bogus pre-connect - MINOR: stats: report SSL key computations per second - MINOR: stats: add counters for SSL cache lookups and misses 2014/05/10 : 1.5-dev25 - MEDIUM: connection: Implement and extented PROXY Protocol V2 - MINOR: ssl: clean unused ACLs declarations - MINOR: ssl: adds fetchs and ACLs for ssl back connection. - MINOR: ssl: merge client's and frontend's certificate functions. - MINOR: ssl: adds ssl_f_sha1 fetch to return frontend's certificate fingerprint - MINOR: ssl: adds sample converter base64 for binary type. - MINOR: ssl: convert to binary ssl_fc_unique_id and ssl_bc_unique_id. - BUG/MAJOR: ssl: Fallback to private session cache if current lock mode is not supported. - MAJOR: ssl: Change default locks on ssl session cache. - BUG/MINOR: chunk: Fix function chunk_strcmp and chunk_strcasecmp match a substring. - MINOR: ssl: add global statement tune.ssl.force-private-cache. - MINOR: ssl: remove fallback to SSL session private cache if lock init fails. - BUG/MEDIUM: patterns: last fix was still not enough - MINOR: http: export the smp_fetch_cookie function - MINOR: http: generic pointer to rule argument - BUG/MEDIUM: pattern: a typo breaks automatic acl/map numbering - BUG/MAJOR: patterns: -i and -n are ignored for inlined patterns - BUG/MINOR: proxy: unsafe initialization of HTTP transaction when switching from TCP frontend - BUG/MINOR: http: log 407 in case of proxy auth - MINOR: http: rely on the message body parser to send 100-continue - MEDIUM: http: move reqadd after execution of http_request redirect - MEDIUM: http: jump to dedicated labels after http-request processing - BUG/MINOR: http: block rules forgot to increment the denied_req counter - BUG/MINOR: http: block rules forgot to increment the session's request counter - MEDIUM: http: move Connection header processing earlier - MEDIUM: http: remove even more of the spaghetti in the request path - MINOR: http: silently support the "block" action for http-request - CLEANUP: proxy: rename "block_cond" to "block_rules" - MEDIUM: http: emulate "block" rules using "http-request" rules - MINOR: http: remove the now unused loop over "block" rules - MEDIUM: http: factorize the "auth" action of http-request and stats - MEDIUM: http: make http-request rules processing return a verdict instead of a rule - MINOR: config: add minimum support for emitting warnings only once - MEDIUM: config: inform the user about the deprecatedness of "block" rules - MEDIUM: config: inform the user that "reqsetbe" is deprecated - MEDIUM: config: inform the user only once that "redispatch" is deprecated - MEDIUM: config: warn that '{cli,con,srv}timeout' are deprecated - BUG/MINOR: auth: fix wrong return type in pat_match_auth() - BUILD: config: remove a warning with clang - BUG/MAJOR: http: connection setup may stall on balance url_param - BUG/MEDIUM: http/session: disable client-side expiration only after body - BUG/MEDIUM: http: correctly report request body timeouts - BUG/MEDIUM: http: disable server-side expiration until client has sent the body - MEDIUM: listener: make the accept function more robust against pauses - BUILD: syscalls: remove improper inline statement in front of syscalls - BUILD: ssl: SSL_CTX_set_msg_callback() needs openssl >= 0.9.7 - BUG/MAJOR: session: recover the correct connection pointer in half-initialized sessions - DOC: add some explanation on the shared cache build options in the readme. - MEDIUM: proxy: only adjust the backend's bind-process when already set - MEDIUM: config: limit nbproc to the machine's word size - MEDIUM: config: check the bind-process settings according to nbproc - MEDIUM: listener: parse the new "process" bind keyword - MEDIUM: listener: inherit the process mask from the proxy - MAJOR: listener: only start listeners bound to the same processes - MINOR: config: only report a warning when stats sockets are bound to more than 1 process - CLEANUP: config: set the maxaccept value for peers listeners earlier - BUG/MINOR: backend: only match IPv4 addresses with RDP cookies - BUG/MINOR: checks: correctly configure the address family and protocol - MINOR: tools: split is_addr() and is_inet_addr() - MINOR: protocols: use is_inet_addr() when only INET addresses are desired - MEDIUM: unix: add preliminary support for connecting to servers over UNIX sockets - MEDIUM: checks: only complain about the missing port when the check uses TCP - MEDIUM: unix: implement support for Linux abstract namespace sockets - DOC: map_beg was missing from the table of map_* converters - DOC: ebtree: indicate that prefix insertion/lookup may be used with strings - MEDIUM: pattern: use ebtree's longest match to index/lookup string beginning - BUILD: remove the obsolete BSD and OSX makefiles - MEDIUM: unix: avoid a double connect probe when no data are sent - DOC: stop referencing the slow git repository in the README - BUILD: only build the systemd wrapper on Linux 2.6 and above - DOC: update roadmap with completed tasks - MEDIUM: session: implement half-closed timeouts (client-fin and server-fin) 2014/04/26 : 1.5-dev24 - MINOR: pattern: find element in a reference - MEDIUM: http: ACL and MAP updates through http-(request|response) rules - MEDIUM: ssl: explicitly log failed handshakes after a heartbeat - DOC: Full section dedicated to the converters - MEDIUM: http: register http-request and http-response keywords - BUG/MINOR: compression: correctly report incoming byte count - BUG/MINOR: http: don't report server aborts as client aborts - BUG/MEDIUM: channel: bi_putblk() must not wrap before the end of buffer - CLEANUP: buffers: remove unused function buffer_contig_space_with_res() - MEDIUM: stats: reimplement HTTP keep-alive on the stats page - BUG/MAJOR: http: fix timeouts during data forwarding - BUG/MEDIUM: http: 100-continue responses must process the next part immediately - MEDIUM: http: move skipping of 100-continue earlier - BUILD: stats: let gcc know that last_fwd cannot be used uninitialized... - CLEANUP: general: get rid of all old occurrences of "session *t" - CLEANUP: http: remove the useless "if (1)" inherited from version 1.4 - BUG/MEDIUM: stats: mismatch between behaviour and doc about front/back - MEDIUM: http: enable analysers to have keep-alive on stats - REORG: http: move HTTP Connection response header parsing earlier - MINOR: stats: always emit HTTP/1.1 in responses - MINOR: http: add capture.req.ver and capture.res.ver - MINOR: checks: add a new global max-spread-checks directive - BUG/MAJOR: http: fix the 'next' pointer when performing a redirect - MINOR: http: implement the max-keep-alive-queue setting - DOC: fix alphabetic order of tcp-check - MINOR: connection: add a new error code for SSL with heartbeat - MEDIUM: ssl: implement a workaround for the OpenSSL heartbleed attack - BUG/MEDIUM: Revert "MEDIUM: ssl: Add standardized DH parameters >= 1024 bits" - BUILD: http: remove a warning on strndup - BUILD: ssl: avoid a warning about conn not used with OpenSSL < 1.0.1 - BUG/MINOR: ssl: really block OpenSSL's response to heartbleed attack - MINOR: ssl: finally catch the heartbeats missing the padding 2014/04/23 : 1.5-dev23 - BUG/MINOR: reject malformed HTTP/0.9 requests - MINOR: systemd wrapper: re-execute on SIGUSR2 - MINOR: systemd wrapper: improve logging - MINOR: systemd wrapper: propagate exit status - BUG/MINOR: tcpcheck connect wrong behavior - MEDIUM: proxy: support use_backend with dynamic names - MINOR: stats: Enhancement to stats page to provide information of last session time. - BUG/MEDIUM: peers: fix key consistency for integer stick tables - DOC: fix a typo on http-server-close and encapsulate options with double-quotes - DOC: fix fetching samples syntax - MINOR: ssl: add ssl_fc_unique_id to fetch TLS Unique ID - MEDIUM: ssl: Use ALPN support as it will be available in OpenSSL 1.0.2 - DOC: fix typo - CLEANUP: code style: use tabs to indent codes instead of spaces - DOC: fix a few config typos. - BUG/MINOR: raw_sock: also consider ENOTCONN in addition to EAGAIN for recv() - DOC: lowercase format string in unique-id - MINOR: set IP_FREEBIND on IPv6 sockets in transparent mode - BUG/MINOR: acl: req_ssl_sni fails with SSLv3 record version - BUG/MINOR: build: add missing objects in osx and bsd Makefiles - BUG/MINOR: build: handle whitespaces in wc -l output - BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO - MEDIUM: ssl: Add standardized DH parameters >= 1024 bits - BUG/MEDIUM: map: The map parser includes blank lines. - BUG/MINOR: log: The log of quotted capture header has been terminated by 2 quotes. - MINOR: standard: add function "encode_chunk" - BUG/MINOR: http: fix encoding of samples used in http headers - MINOR: sample: add hex converter - MEDIUM: sample: change the behavior of the bin2str cast - MAJOR: auth: Change the internal authentication system. - MEDIUM: acl/pattern: standardisation "of pat_parse_int()" and "pat_parse_dotted_ver()" - MEDIUM: pattern: The pattern parser no more uses and just takes one string. - MEDIUM: pattern: Change the prototype of the function pattern_register(). - CONTRIB: ip6range: add a network IPv6 range to mask converter - MINOR: pattern: separe list element from the data part. - MEDIUM: pattern: add indexation function. - MEDIUM: pattern: The parse functions just return "struct pattern" without memory allocation - MINOR: pattern: Rename "pat_idx_elt" to "pattern_tree" - MINOR: sample: dont call the sample cast function "c_none" - MINOR: standard: Add function for converting cidr to network mask. - MEDIUM: sample: Remove types SMP_T_CSTR and SMP_T_CBIN, replace it by SMP_F_CONST flags - MEDIUM: sample/http_proto: Add new type called method - MINOR: dumpstats: Group map inline help - MEDIUM: pattern: The function pattern_exec_match() returns "struct pattern" if the patten match. - MINOR: dumpstats: change map inline sentences - MINOR: dumpstats: change the "get map" display management - MINOR: map/dumpstats: The cli cmd "get map ..." display the "int" format. - MEDIUM: pattern: The match function browse itself the list or the tree. - MEDIUM: pattern: Index IPv6 addresses in a tree. - MEDIUM: pattern: add delete functions - MEDIUM: pattern: add prune function - MEDIUM: pattern: add sample lookup function. - MEDIUM: pattern/dumpstats: The function pattern_lookup() is no longer used - MINOR: map/pattern: The sample parser is stored in the pattern - MAJOR: pattern/map: Extends the map edition system in the patterns - MEDIUM: pattern: merge same pattern - MEDIUM: pattern: The expected type is stored in the pattern head, and conversion is executed once. - MINOR: pattern: Each pattern is identified by unique id. - MINOR: pattern/acl: Each pattern of each acl can be load with specified id - MINOR: pattern: The function "pattern_register()" is no longer used. - MINOR: pattern: Merge function pattern_add() with pat_ref_push(). - MINOR: pattern: store configuration reference for each acl or map pattern. - MINOR: pattern: Each pattern expression element store the reference struct. - MINOR: dumpstats: display the reference for th key/pattern and value. - MEDIUM: pattern: delete() function uses the pat_ref_elt to find the element to be removed - MEDIUM: pattern_find_smp: functions find_smp uses the pat_ref_elt to find the element to be removed - MEDIUM: dumpstats/pattern: display and use each pointer of each pattern dumped - MINOR: pattern/map/acl: Centralization of the file parsers - MINOR: pattern: Check if the file reference is not used with acl and map - MINOR: acl/pattern: Acl "-M" option force to load file as map file with two columns - MEDIUM: dumpstats: Display error message during add of values. - MINOR: pattern: The function pat_ref_set() have now atomic behavior - MINOR: regex: The pointer regstr in the struc regex is no longer used. - MINOR: cli: Block the usage of the command "acl add" in many cases. - MINOR: doc: Update the documentation about the map and acl - MINOR: pattern: index duplicates - MINOR: configuration: File and line propagation - MINOR: dumpstat/conf: display all the configuration lines that using pattern reference - MINOR: standard: Disable ip resolution during the runtime - MINOR: pattern: Remove the flag "PAT_F_FROM_FILE". - MINOR: pattern: forbid dns resolutions - DOC: document "get map" / "get acl" on the CLI - MEDIUM: acl: Change the acl register struct - BUG/MEDIUM: acl: boolean only matches were broken by recent changes - DOC: pattern: pattern organisation schematics - MINOR: pattern/cli: Update used terms in documentation and cli - MINOR: cli: remove information about acl or map owner. - MINOR: session: don't always assume there's a listener - MINOR: pattern: Add function to prune and reload pattern list. - MINOR: standard: Add ipv6 support in the function url2sa(). - MEDIUM: config: Dynamic sections. - BUG/MEDIUM: stick-table: fix IPv4-to-IPv6 conversion in src_* fetches - MINOR: http: Add the "language" converter to for use with accept-language - BUG/MINOR: log: Don't dump empty unique-id - BUG/MAJOR: session: fix a possible crash with src_tracked - DOC: Update "language" documentation - MINOR: http: add the function "del-header" to the directives http-request and http-response - DOC: add some information on capture.(req|res).hdr - MINOR: http: capture.req.method and capture.req.uri - MINOR: http: optimize capture.req.method and capture.req.uri - MINOR: session: clean up the connection free code - BUG/MEDIUM: checks: immediately report a connection success - MEDIUM: connection: don't use real send() flags in snd_buf() - OPTIM: ssl: implement dynamic record size adjustment - MINOR: stats: report exact last session time in backend too - BUG/MEDIUM: stats: the "lastsess" field must appear last in the CSV. - BUG/MAJOR: check: fix memory leak in "tcp-check connect" over SSL - BUG/MINOR: channel: initialize xfer_small/xfer_large on new buffers - MINOR: channel: add the date of last read in the channel - MEDIUM: stream-int: automatically disable CF_STREAMER flags after idle - MINOR: ssl: add DEFAULT_SSL_MAX_RECORD to set the record size at build time - MINOR: config: make the stream interface idle timer user-configurable - MINOR: config: add global directives to set default SSL ciphers - MINOR: sample: add a rand() sample fetch to return a sample. - BUG/MEDIUM: config: immediately abort if peers section has no name - BUG/MINOR: ssl: fix syntax in config error message - BUG/MEDIUM: ssl: always send a full buffer after EAGAIN - BUG/MINOR: config: server on-marked-* statement is ignored in default-server - BUG/MEDIUM: backend: prefer-last-server breaks redispatch - BUG/MEDIUM: http: continue to emit 503 on keep-alive to different server - MEDIUM: acl: fix pattern type for payload / payload_lv - BUG/MINOR: config: fix a crash on startup when a disabled backend references a peer - BUG/MEDIUM: compression: fix the output type of the compressor name - BUG/MEDIUM: http: don't start to forward request data before the connect - MINOR: http: release compression context only in http_end_txn() - MINOR: protect ebimtree/ebistree against multiple inclusions - MEDIUM: proxy: create a tree to store proxies by name - MEDIUM: proxy: make findproxy() use trees to look up proxies - MEDIUM: proxy: make get_backend_server() use findproxy() to lookup proxies - MEDIUM: stick-table: lookup table names using trees. - MEDIUM: config: faster lookup for duplicated proxy name - CLEANUP: acl: remove obsolete test in parse_acl_expr() - MINOR: sample: move smp_to_type to sample.c - MEDIUM: compression: consider the "q=" attribute in Accept-Encoding - REORG: cfgparse: move server keyword parsing to server.c - BUILD: adjust makefile for AIX 5.1 - BUG/MEDIUM: pattern: fix wrong definition of the pat_prune_fcts array - CLEANUP: pattern: move array definitions to proto/ and not types/ - BUG/MAJOR: counters: check for null-deref when looking up an alternate table - BUILD: ssl: previous patch failed - BUILD/MEDIUM: standard: get rid of the last strcpy() - BUILD/MEDIUM: standard: get rid of sprintf() - BUILD/MEDIUM: cfgparse: get rid of sprintf() - BUILD/MEDIUM: checks: get rid of sprintf() - BUILD/MEDIUM: http: remove calls to sprintf() - BUG/MEDIUM: systemd-wrapper: fix locating of haproxy binary - BUILD/MINOR: ssl: remove one call to sprintf() - MEDIUM: http: don't reject anymore message bodies not containing the url param - MEDIUM: http: wait for the first chunk or message body length in http_process_body - CLEANUP: http: rename http_process_request_body() - CLEANUP: http: prepare dedicated processing for chunked encoded message bodies - MINOR: http: make msg->eol carry the last CRLF length - MAJOR: http: do not use msg->sol while processing messages or forwarding data - MEDIUM: http: http_parse_chunk_crlf() must not advance the buffer pointer - MAJOR: http: don't update msg->sov anymore while processing the body - MINOR: http: add a small helper to compute the amount of body bytes present - MEDIUM: http: add a small helper to compute how far to rewind to find headers - MINOR: http: add a small helper to compute how far to rewind to find URI - MEDIUM: http: small helpers to compute how far to rewind to find BODY and DATA - MAJOR: http: reset msg->sov after headers are forwarded - MEDIUM: http: forward headers again while waiting for connection to complete - BUG/MINOR: http: deinitialize compression after a parsing error - BUG/MINOR: http: deinitialize compression after a compression error - MEDIUM: http: headers must be forwarded even if data was already inspected - MAJOR: http: re-enable compression on chunked encoding - MAJOR: http/compression: fix chunked-encoded response processing - MEDIUM: http: cleanup: centralize a little bit HTTP compression end - MEDIUM: http: start to centralize the forwarding code - MINOR: http: further cleanups of response forwarding function - MEDIUM: http: only allocate the temporary compression buffer when needed - MAJOR: http: centralize data forwarding in the request path - CLEANUP: http: document the response forwarding states - CLEANUP: http: remove all calls to http_silent_debug() - DOC: internal: add some reminders about HTTP parsing and pointer states - BUG/MAJOR: http: fix bug in parse_qvalue() when selecting compression algo - BUG/MINOR: stats: last session was not always set - DOC: add pointer to the Cyril's HTML doc in the README - MEDIUM: config: relax use_backend check to make the condition optional - MEDIUM: config: report misplaced http-request rules - MEDIUM: config: report misplaced use-server rules - DOC: update roadmap with what was done. 2014/02/03 : 1.5-dev22 - MEDIUM: tcp-check new feature: connect - MEDIUM: ssl: Set verify 'required' as global default for servers side. - MINOR: ssl: handshake optim for long certificate chains. - BUG/MINOR: pattern: pattern comparison executed twice - BUG/MEDIUM: map: segmentation fault with the stats's socket command "set map ..." - BUG/MEDIUM: pattern: Segfault in binary parser - MINOR: pattern: move functions for grouping pat_match_* and pat_parse_* and add documentation. - MINOR: standard: The parse_binary() returns the length consumed and his documentation is updated - BUG/MINOR: payload: the patterns of the acl "req.ssl_ver" are no parsed with the good function. - BUG/MEDIUM: pattern: "pat_parse_dotted_ver()" set bad expect_type. - BUG/MINOR: sample: The c_str2int converter does not fail if the entry is not an integer - BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests - MINOR: doc: Bad cli function name. - MINOR: http: smp_fetch_capture_header_* fetch captured headers - BUILD: last release inadvertently prepended a "+" in front of the date - BUG/MEDIUM: stream-int: fix the keep-alive idle connection handler - BUG/MEDIUM: backend: do not re-initialize the connection's context upon reuse - BUG: Revert "OPTIM/MEDIUM: epoll: fuse active events into polled ones during polling changes" - BUG/MINOR: checks: successful check completion must not re-enable MAINT servers - MINOR: http: try to stick to same server after status 401/407 - BUG/MINOR: http: always disable compression on HTTP/1.0 - OPTIM: poll: restore polling after a poll/stop/want sequence - OPTIM: http: don't stop polling for read on the client side after a request - BUG/MEDIUM: checks: unchecked servers could not be enabled anymore - BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling - BUG/MINOR: channel: CHN_INFINITE_FORWARD must be unsigned - BUG/MINOR: stream-int: do not clear the owner upon unregister - MEDIUM: stats: add support for HTTP keep-alive on the stats page - BUG/MEDIUM: stats: fix HTTP/1.0 breakage introduced in previous patch - Revert "MEDIUM: stats: add support for HTTP keep-alive on the stats page" - MAJOR: channel: add a new flag CF_WAKE_WRITE to notify the task of writes - OPTIM: session: set the READ_DONTWAIT flag when connecting - BUG/MINOR: http: don't clear the SI_FL_DONT_WAKE flag between requests - MINOR: session: factor out the connect time measurement - MEDIUM: session: prepare to support earlier transitions to the established state - MEDIUM: stream-int: make si_connect() return an established state when possible - MINOR: checks: use an inline function for health_adjust() - OPTIM: session: put unlikely() around the freewheeling code - MEDIUM: config: report a warning when multiple servers have the same name - BUG: Revert "OPTIM: poll: restore polling after a poll/stop/want sequence" - BUILD/MINOR: listener: remove a glibc warning on accept4() - BUG/MAJOR: connection: fix mismatch between rcv_buf's API and usage - BUILD: listener: fix recent accept4() again - BUG/MAJOR: ssl: fix breakage caused by recent fix abf08d9 - BUG/MEDIUM: polling: ensure we update FD status when there's no more activity - MEDIUM: listener: fix polling management in the accept loop - MINOR: protocol: improve the proto->drain() API - MINOR: connection: add a new conn_drain() function - MEDIUM: tcp: report in tcp_drain() that lingering is already disabled on close - MEDIUM: connection: update callers of ctrl->drain() to use conn_drain() - MINOR: connection: add more error codes to report connection errors - MEDIUM: tcp: report connection error at the connection level - MEDIUM: checks: make use of chk_report_conn_err() for connection errors - BUG/MEDIUM: unique_id: HTTP request counter is not stable - DOC: fix misleading information about SIGQUIT - BUG/MAJOR: fix freezes during compression - BUG/MEDIUM: stream-interface: don't wake the task up before end of transfer - BUILD: fix VERDATE exclusion regex - CLEANUP: polling: rename "spec_e" to "state" - DOC: add a diagram showing polling state transitions - REORG: polling: rename "spec_e" to "state" and "spec_p" to "cache" - REORG: polling: rename "fd_spec" to "fd_cache" - REORG: polling: rename the cache allocation functions - REORG: polling: rename "fd_process_spec_events()" to "fd_process_cached_events()" - MAJOR: polling: rework the whole polling system - MAJOR: connection: remove the CO_FL_WAIT_{RD,WR} flags - MEDIUM: connection: remove conn_{data,sock}_poll_{recv,send} - MEDIUM: connection: add check for readiness in I/O handlers - MEDIUM: stream-interface: the polling flags must always be updated in chk_snd_conn - MINOR: stream-interface: no need to call fd_stop_both() on error - MEDIUM: connection: no need to recheck FD state - CLEANUP: connection: use conn_ctrl_ready() instead of checking the flag - CLEANUP: connection: use conn_xprt_ready() instead of checking the flag - CLEANUP: connection: fix comments in connection.h to reflect new behaviour. - OPTIM: raw-sock: don't speculate after a short read if polling is enabled - MEDIUM: polling: centralize polled events processing - MINOR: polling: create function fd_compute_new_polled_status() - MINOR: cli: add more information to the "show info" output - MEDIUM: listener: add support for limiting the session rate in addition to the connection rate - MEDIUM: listener: apply a limit on the session rate submitted to SSL - REORG: stats: move the stats socket states to dumpstats.c - MINOR: cli: add the new "show pools" command - BUG/MEDIUM: counters: flush content counters after each request - BUG/MEDIUM: counters: fix stick-table entry leak when using track-sc2 in connection - MINOR: tools: add very basic support for composite pointers - MEDIUM: counters: stop relying on session flags at all - BUG/MINOR: cli: fix missing break in command line parser - BUG/MINOR: config: correctly report when log-format headers require HTTP mode - MAJOR: http: update connection mode configuration - MEDIUM: http: make keep-alive + httpclose be passive mode - MAJOR: http: switch to keep-alive mode by default - BUG/MEDIUM: http: fix regression caused by recent switch to keep-alive by default - BUG/MEDIUM: listener: improve detection of non-working accept4() - BUILD: listener: add fcntl.h and unistd.h - BUG/MINOR: raw_sock: correctly set the MSG_MORE flag 2013/12/17 : 1.5-dev21 - MINOR: stats: don't use a monospace font to report numbers - MINOR: session: remove debugging code - BUG/MAJOR: patterns: fix double free caused by loading strings from files - MEDIUM: http: make option http_proxy automatically rewrite the URL - BUG/MEDIUM: http: cook_cnt() forgets to set its output type - BUG/MINOR: stats: correctly report throttle rate of low weight servers - BUG/MEDIUM: checks: servers must not start in slowstart mode - BUG/MINOR: acl: parser must also stop at comma on ACL-only keywords - MEDIUM: stream-int: implement a very simplistic idle connection manager - DOC: update the ROADMAP file 2013/12/16 : 1.5-dev20 - DOC: add missing options to the manpage - DOC: add manpage references to all system calls - DOC: update manpage reference to haproxy-en.txt - DOC: remove -s and -l options from the manpage - DOC: missing information for the "description" keyword - DOC: missing http-send-name-header keyword in keyword table - MINOR: tools: function my_memmem() to lookup binary contents - MEDIUM: checks: add send/expect tcp based check - MEDIUM: backend: Enhance hash-type directive with an algorithm options - MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. - DOC: Documentation for hashing function, with test results. - BUG/MEDIUM: ssl: potential memory leak using verifyhost - BUILD: ssl: compilation issue with openssl v0.9.6. - BUG/MINOR: ssl: potential memory leaks using ssl_c_key_alg or ssl_c_sig_alg. - MINOR: ssl: optimization of verifyhost on wildcard certificates. - BUG/MINOR: ssl: verifyhost does not match empty strings on wildcard. - MINOR: ssl: Add statement 'verifyhost' to "server" statements - CLEANUP: session: remove event_accept() which was not used anymore - BUG/MINOR: deinit: free fdinfo while doing cleanup - DOC: minor typo fix in documentation - BUG/MEDIUM: server: set the macro for server's max weight SRV_UWGHT_MAX to SRV_UWGHT_RANGE - BUG/MINOR: use the same check condition for server as other algorithms - DOC: fix typo in comments - BUG/MINOR: deinit: free server map which is allocated in init_server_map() - CLEANUP: stream_interface: cleanup loop information in si_conn_send_loop() - MINOR: buffer: align the last output line of buffer_dump() - MINOR: buffer: align the last output line if there are less than 8 characters left - DOC: stick-table: modify the description - OPTIM: stream_interface: return directly if the connection flag CO_FL_ERROR has been set - CLEANUP: code style: use tabs to indent codes - DOC: checkcache: block responses with cacheable cookies - BUG/MINOR: check_config_validity: check the returned value of stktable_init() - MEDIUM: haproxy-systemd-wrapper: Use haproxy in same directory - MEDIUM: systemd-wrapper: Kill child processes when interrupted - LOW: systemd-wrapper: Write debug information to stdout - BUG/MINOR: http: fix "set-tos" not working in certain configurations - MEDIUM: http: add IPv6 support for "set-tos" - DOC: ssl: update build instructions to use new SSL_* variables - BUILD/MINOR: systemd: fix compiler warning about unused result - url32+src - like base32+src but whole url including parameters - BUG/MINOR: fix forcing fastinter in "on-error" - CLEANUP: Make parameters of srv_downtime and srv_getinter const - CLEANUP: Remove unused 'last_slowstart_change' field from struct peer - MEDIUM: Split up struct server's check element - MEDIUM: Move result element to struct check - MEDIUM: Paramatise functions over the check of a server - MEDIUM: cfgparse: Factor out check initialisation - MEDIUM: Add state to struct check - MEDIUM: Move health element to struct check - MEDIUM: Add helper for task creation for checks - MEDIUM: Add helper function for failed checks - MEDIUM: Log agent fail, stopped or down as info - MEDIUM: Remove option lb-agent-chk - MEDIUM: checks: Add supplementary agent checks - MEDIUM: Do not mark a server as down if the agent is unavailable - MEDIUM: Set rise and fall of agent checks to 1 - MEDIUM: Add enable and disable agent unix socket commands - MEDIUM: Add DRAIN state and report it on the stats page - BUILD/MINOR: missing header file - CLEANUP: regex: Create regex_comp function that compiles regex using compilation options - CLEANUP: The function "regex_exec" needs the string length but in many case they expect null terminated char. - MINOR: http: some exported functions were not in the header file - MINOR: http: change url_decode to return the size of the decoded string. - BUILD/MINOR: missing header file - BUG/MEDIUM: sample: The function v4tov6 cannot support input and output overlap - BUG/MINOR: arg: fix error reporting for add-header/set-header sample fetch arguments - MINOR: sample: export the generic sample conversion parser - MINOR: sample: export sample_casts - MEDIUM: acl: use the fetch syntax 'fetch(args),conv(),conv()' into the ACL keyword - MINOR: stick-table: use smp_expr_output_type() to retrieve the output type of a "struct sample_expr" - MINOR: sample: provide the original sample_conv descriptor struct to the argument checker function. - MINOR: tools: Add a function to convert buffer to an ipv6 address - MINOR: acl: export acl arrays - MINOR: acl: Extract the pattern parsing and indexation from the "acl_read_patterns_from_file()" function - MINOR: acl: Extract the pattern matching function - MINOR: sample: Define new struct sample_storage - MEDIUM: acl: associate "struct sample_storage" to each "struct acl_pattern" - REORG: acl/pattern: extract pattern matching from the acl file and create pattern.c - MEDIUM: pattern: create pattern expression - MEDIUM: pattern: rename "acl" prefix to "pat" - MEDIUM: sample: let the cast functions set their output type - MINOR: sample: add a private field to the struct sample_conv - MINOR: map: Define map types - MEDIUM: sample: add the "map" converter - MEDIUM: http: The redirect strings follows the log format rules. - BUG/MINOR: acl: acl parser does not recognize empty converter list - BUG/MINOR: map: The map list was declared in the map.h file - MINOR: map: Cleanup the initialisation of map descriptors. - MEDIUM: map: merge identical maps - BUG/MEDIUM: pattern: Pattern node has type of "struct pat_idx_elt" in place of "struct eb_node" - BUG/MEDIUM: map: Bad map file parser - CLEANUP/MINOR: standard: use the system define INET6_ADDRSTRLEN in place of MAX_IP6_LEN - BUG/MEDIUM: sample: conversion from str to ipv6 may read data past end - MINOR: map: export map_get_reference() function - MINOR: pattern: Each pattern sets the expected input type - MEDIUM: acl: Last patch change the output type - MEDIUM: pattern: Extract the index process from the pat_parse_*() functions - MINOR: standard: The function parse_binary() can use preallocated buffer - MINOR: regex: Change the struct containing regex - MINOR: regex: Copy the original regex expression into string. - MINOR: pattern: add support for compiling patterns for lookups - MINOR: pattern: make the pattern matching function return a pointer to the matched element - MINOR: map: export parse output sample functions - MINOR: pattern: add function to lookup a specific entry in pattern list - MINOR: pattern/map: Each pattern must free the associated sample - MEDIUM: dumpstat: make the CLI parser understand the backslash as an escape char - MEDIUM: map: dynamic manipulation of maps - BUG/MEDIUM: unique_id: junk in log on empty unique_id - BUG/MINOR: log: junk at the end of syslog packet - MINOR: Makefile: provide cscope rule - DOC: compression: chunk are not compressed anymore - MEDIUM: session: disable lingering on the server when the client aborts - BUG/MEDIUM: prevent gcc from moving empty keywords lists into BSS - DOC: remove the comment saying that SSL certs are not checked on the server side - BUG: counters: third counter was not stored if others unset - BUG/MAJOR: http: don't emit the send-name-header when no server is available - BUG/MEDIUM: http: "option checkcache" fails with the no-cache header - BUG/MAJOR: http: sample prefetch code was not properly migrated - BUG/MEDIUM: splicing: fix abnormal CPU usage with splicing - BUG/MINOR: stream_interface: don't call chk_snd() on polled events - OPTIM: splicing: use splice() for the last block when relevant - MEDIUM: sample: handle comma-delimited converter list - MINOR: sample: fix sample_process handling of unstable data - CLEANUP: acl: move the 3 remaining sample fetches to samples.c - MINOR: sample: add a new "date" fetch to return the current date - MINOR: samples: add the http_date([]) sample converter. - DOC: minor improvements to the part on the stats socket. - MEDIUM: sample: systematically pass the keyword pointer to the keyword - MINOR: payload: split smp_fetch_rdp_cookie() - MINOR: counters: factor out smp_fetch_sc*_tracked - MINOR: counters: provide a generic function to retrieve a stkctr for sc* and src. - MEDIUM: counters: factor out smp_fetch_sc*_get_gpc0 - MEDIUM: counters: factor out smp_fetch_sc*_gpc0_rate - MEDIUM: counters: factor out smp_fetch_sc*_inc_gpc0 - MEDIUM: counters: factor out smp_fetch_sc*_clr_gpc0 - MEDIUM: counters: factor out smp_fetch_sc*_conn_cnt - MEDIUM: counters: factor out smp_fetch_sc*_conn_rate - MEDIUM: counters: factor out smp_fetch_sc*_conn_cur - MEDIUM: counters: factor out smp_fetch_sc*_sess_cnt - MEDIUM: counters: factor out smp_fetch_sc*_sess_rate - MEDIUM: counters: factor out smp_fetch_sc*_http_req_cnt - MEDIUM: counters: factor out smp_fetch_sc*_http_req_rate - MEDIUM: counters: factor out smp_fetch_sc*_http_err_cnt - MEDIUM: counters: factor out smp_fetch_sc*_http_err_rate - MEDIUM: counters: factor out smp_fetch_sc*_kbytes_in - MEDIUM: counters: factor out smp_fetch_sc*_bytes_in_rate - MEDIUM: counters: factor out smp_fetch_sc*_kbytes_out - MEDIUM: counters: factor out smp_fetch_sc*_bytes_out_rate - MEDIUM: counters: factor out smp_fetch_sc*_trackers - MINOR: session: make the number of stick counter entries more configurable - MEDIUM: counters: support passing the counter number as a fetch argument - MEDIUM: counters: support looking up a key in an alternate table - MEDIUM: cli: adjust the method for feeding frequency counters in tables - MINOR: cli: make it possible to enter multiple values at once with "set table" - MINOR: payload: allow the payload sample fetches to retrieve arbitrary lengths - BUG/MINOR: cli: "clear table" must not kill entries that don't match condition - MINOR: ssl: use MAXPATHLEN instead of PATH_MAX - MINOR: config: warn when a server with no specific port uses rdp-cookie - BUG/MEDIUM: unique_id: HTTP request counter must be unique! - DOC: add a mention about the limited chunk size - BUG/MEDIUM: fix broken send_proxy on FreeBSD - MEDIUM: stick-tables: flush old entries upon soft-stop - MINOR: tcp: add new "close" action for tcp-response - MINOR: payload: provide the "res.len" fetch method - BUILD: add SSL_INC/SSL_LIB variables to force the path to openssl - MINOR: http: compute response time before processing headers - BUG/MINOR: acl: fix improper string size assignment in proxy argument - BUG/MEDIUM: http: accept full buffers on smp_prefetch_http - BUG/MINOR: acl: implicit arguments of ACL keywords were not properly resolved - BUG/MEDIUM: session: risk of crash on out of memory conditions - BUG/MINOR: peers: set the accept date in outgoing connections - BUG/MEDIUM: tcp: do not skip tracking rules on second pass - BUG/MEDIUM: acl: do not evaluate next terms after a miss - MINOR: acl: add a warning when an ACL keyword is used without any value - MINOR: tcp: don't use tick_add_ifset() when timeout is known to be set - BUG/MINOR: acl: remove patterns from the tree before freeing them - MEDIUM: backend: add support for the wt6 hash - OPTIM/MEDIUM: epoll: fuse active events into polled ones during polling changes - OPTIM/MINOR: mark the source address as already known on accept() - BUG/MINOR: stats: don't count tarpitted connections twice - CLEANUP: http: homogenize processing of denied req counter - CLEANUP: http: merge error handling for req* and http-request * - BUG/MEDIUM: http: fix possible parser crash when parsing erroneous "http-request redirect" rules - BUG/MINOR: http: fix build warning introduced with url32/url32_src - BUG/MEDIUM: checks: fix slow start regression after fix attempt - BUG/MAJOR: server: weight calculation fails for map-based algorithms - MINOR: stats: report correct throttling percentage for servers in slowstart - OPTIM: connection: fold the error handling with handshake handling - MINOR: peers: accept to learn strings of different lengths - BUG/MAJOR: fix haproxy crash when using server tracking instead of checks - BUG/MAJOR: check: fix haproxy crash during soft-stop/soft-start - BUG/MINOR: stats: do not report "via" on tracking servers in maintenance - BUG/MINOR: connection: fix typo in error message report - BUG/MINOR: backend: fix target address retrieval in transparent mode - BUG/MINOR: config: report the correct track-sc number in tcp-rules - BUG/MINOR: log: fix log-format parsing errors - DOC: add some information about how to apply converters to samples - MINOR: acl/pattern: use types different from int to clarify who does what. - MINOR: pattern: import acl_find_match_name() into pattern.h - MEDIUM: stick-tables: support automatic conversion from ipv4<->ipv6 - MEDIUM: log-format: relax parsing of '%' followed by unsupported characters - BUG/MINOR: http: usual deinit stuff in last commit - BUILD: log: silent a warning about isblank() with latest patches - BUG/MEDIUM: checks: fix health check regression causing them to depend on declaration order - BUG/MEDIUM: checks: fix a long-standing issue with reporting connection errors - BUG/MINOR: checks: don't consider errno and use conn->err_code - BUG/MEDIUM: checks: also update the DRAIN state from the web interface - MINOR: stats: remove some confusion between the DRAIN state and NOLB - BUG/MINOR: tcp: check that no error is pending during a connect probe - BUG/MINOR: connection: check EINTR when sending a PROXY header - MEDIUM: connection: set the socket shutdown flags on socket errors - BUG/MEDIUM: acl: fix regression introduced by latest converters support - MINOR: connection: clear errno prior to checking for errors - BUG/MINOR: checks: do not trust errno in write event before any syscall - MEDIUM: checks: centralize error reporting - OPTIM: checks: don't poll on recv when using plain TCP connects - OPTIM: checks: avoid setting SO_LINGER twice - MINOR: tools: add a generic binary hex string parser - BUG/MEDIUM: checks: tcp-check: do not poll when there's nothing to send - BUG/MEDIUM: check: tcp-check might miss some outgoing data when socket buffers are full - BUG/MEDIUM: args: fix double free on error path in argument expression parser - BUG/MINOR: acl: fix sample expression error reporting - BUG/MINOR: checks: tcp-check actions are enums, not flags - MEDIUM: checks: make tcp-check perform multiple send() at once - BUG/MEDIUM: stick: completely remove the unused flag from the store entries - OPTIM: ebtree: pack the struct eb_node to avoid holes on 64-bit - BUG/MEDIUM: stick-tables: complete the latest fix about store-responses - CLEANUP: stream_interface: remove unused field err_loc - MEDIUM: stats: don't use conn->xprt_st anymore - MINOR: session: add a simple function to retrieve a session from a task - MEDIUM: stats: don't use conn->xprt_ctx anymore - MEDIUM: peers: don't rely on conn->xprt_ctx anymore - MINOR: http: prevent smp_fetch_url_{ip,port} from using si->conn - MINOR: connection: make it easier to emit proxy protocol for unknown addresses - MEDIUM: stats: prepare the HTTP stats I/O handler to support more states - MAJOR: stats: move the HTTP stats handling to its applet - MEDIUM: stats: move request argument processing to the final step - MEDIUM: session: detect applets from the session by using s->target - MAJOR: session: check for a connection to an applet in sess_prepare_conn_req() - MAJOR: session: pass applet return traffic through the response analysers - MEDIUM: stream-int: split the shutr/shutw functions between applet and conn - MINOR: stream-int: make the shutr/shutw functions void - MINOR: obj: provide a safe and an unsafe access to pointed objects - MINOR: connection: add a field to store an object type - MINOR: connection: always initialize conn->objt_type to OBJ_TYPE_CONN - MEDIUM: stream interface: move the peers' ptr into the applet context - MINOR: stream-interface: move the applet context to its own struct - MINOR: obj: introduce a new type appctx - MINOR: stream-int: rename ->applet to ->appctx - MINOR: stream-int: split si_prepare_embedded into si_prepare_none and si_prepare_applet - MINOR: stream-int: add a new pointer to the end point - MEDIUM: stream-interface: set the pointer to the applet into the applet context - MAJOR: stream interface: remove the ->release function pointer - MEDIUM: stream-int: make ->end point to the connection or the appctx - CLEANUP: stream-int: remove obsolete si_ctrl function - MAJOR: stream-int: stop using si->conn and use si->end instead - MEDIUM: stream-int: do not allocate a connection in parallel to applets - MEDIUM: session: attach incoming connection to target on embryonic sessions - MINOR: connection: add conn_init() to (re)initialize a connection - MINOR: checks: call conn_init() to properly initialize the connection. - MINOR: peers: make use of conn_init() to initialize the connection - MINOR: session: use conn_init() to initialize the connections - MINOR: http: use conn_init() to reinitialize the server connection - MEDIUM: connection: replace conn_prepare with conn_assign - MINOR: get rid of si_takeover_conn() - MINOR: connection: add conn_new() / conn_free() - MAJOR: connection: add two new flags to indicate readiness of control/transport - MINOR: stream-interface: introduce si_reset() and si_set_state() - MINOR: connection: reintroduce conn_prepare to set the protocol and transport - MINOR: connection: replace conn_assign with conn_attach - MEDIUM: stream-interface: introduce si_attach_conn to replace si_prepare_conn - MAJOR: stream interface: dynamically allocate the outgoing connection - MEDIUM: connection: move the send_proxy offset to the connection - MINOR: connection: check for send_proxy during the connect(), not the SI - MEDIUM: connection: merge the send_proxy and local_send_proxy calls - MEDIUM: stream-int: replace occurrences of si->appctx with si_appctx() - MEDIUM: stream-int: return the allocated appctx in stream_int_register_handler() - MAJOR: stream-interface: dynamically allocate the applet context - MEDIUM: session: automatically register the applet designated by the target - MEDIUM: stats: delay appctx initialization - CLEANUP: peers: use less confusing state/status code names - MEDIUM: peers: delay appctx initialization - MINOR: stats: provide some appctx information in "show sess all" - DIET/MINOR: obj: pack the obj_type enum to 8 bits - DIET/MINOR: connection: rearrange a few fields to save 8 bytes in the struct - DIET/MINOR: listener: rearrange a few fields in struct listener to save 16 bytes - DIET/MINOR: proxy: rearrange a few fields in struct proxy to save 16 bytes - DIET/MINOR: session: reduce the struct session size by 8 bytes - DIET/MINOR: stream-int: rearrange a few fields in struct stream_interface to save 8 bytes - DIET/MINOR: http: reduce the size of struct http_txn by 8 bytes - MINOR: http: switch the http state to an enum - MINOR: http: use an enum for the auth method in http_auth_data - DIET/MINOR: task: reduce struct task size by 8 bytes - MINOR: stream_interface: add reporting of ressouce allocation errors - MINOR: session: report lack of resources using the new stream-interface's error code - BUILD: simplify the date and version retrieval in the makefile - BUILD: prepare the makefile to skip format lines in SUBVERS and VERDATE - BUILD: use format tags in VERDATE and SUBVERS files - BUG/MEDIUM: channel: bo_getline() must wait for \n until buffer is full - CLEANUP: check: server port is unsigned - BUG/MEDIUM: checks: agent doesn't get the response if server does not closes - MINOR: tools: buf2ip6 must not modify output on failure - MINOR: pattern: do not assign SMP_TYPES by default to patterns - MINOR: sample: make sample_parse_expr() use memprintf() to report parse errors - MINOR: arg: improve wording on error reporting - BUG/MEDIUM: sample: simplify and fix the argument parsing - MEDIUM: acl: fix the argument parser to let the lower layer report detailed errors - MEDIUM: acl: fix the initialization order of the ACL expression - CLEANUP: acl: remove useless blind copy-paste from sample converters - TESTS: add regression tests for ACL and sample expression parsers - BUILD: time: adapt the type of TV_ETERNITY to the local system - MINOR: chunks: allocate the trash chunks before parsing the config - BUILD: definitely silence some stupid GCC warnings - MINOR: chunks: always initialize the output chunk in get_trash_chunk() - MINOR: checks: improve handling of the servers tracking chain - REORG: checks: retrieve the check-specific defines from server.h to checks.h - MINOR: checks: use an enum instead of flags to report a check result - MINOR: checks: rename the state flags - MINOR: checks: replace state DISABLED with CONFIGURED and ENABLED - MINOR: checks: use check->state instead of srv->state & SRV_CHECKED - MINOR: checks: fix agent check interval computation - MINOR: checks: add a PAUSED state for the checks - MINOR: checks: create the agent tasks even when no check is configured - MINOR: checks: add a flag to indicate what check is an agent - MEDIUM: checks: enable agent checks even if health checks are disabled - BUG/MEDIUM: checks: ensure we can enable a server after boot - BUG/MEDIUM: checks: tracking servers must not inherit the MAINT flag - BUG/MAJOR: session: repair tcp-request connection rules - BUILD: fix SUBVERS extraction in the Makefile - BUILD: pattern: silence a warning about uninitialized value - BUILD: log: fix build warning on Solaris - BUILD: dumpstats: fix build error on Solaris - DOC: move option pgsql-check to the correct place - DOC: move option tcp-check to the proper place - MINOR: connection: add simple functions to report connection readiness - MEDIUM: connection: centralize handling of nolinger in fd management - OPTIM: http: set CF_READ_DONTWAIT on response message - OPTIM: http: do not re-enable reading on client side while closing the server side - MINOR: config: add option http-keep-alive - MEDIUM: connection: inform si_alloc_conn() whether existing conn is OK or not - MAJOR: stream-int: handle the connection reuse in si_connect() - MAJOR: http: add the keep-alive transition on the server side - MAJOR: backend: enable connection reuse - MINOR: http: add option prefer-last-server - MEDIUM: http: do not report connection errors for second and further requests 2013/06/17 : 1.5-dev19 - MINOR: stats: remove the autofocus on the scope input field - BUG/MEDIUM: Fix crt-list file parsing error: filtered name was ignored. - BUG/MEDIUM: ssl: EDH ciphers are not usable if no DH parameters present in pem file. - BUG/MEDIUM: shctx: makes the code independent on SSL runtime version. - MEDIUM: ssl: improve crt-list format to support negation - BUG: ssl: fix crt-list for clients not supporting SNI - MINOR: stats: show soft-stopped servers in different color - BUG/MINOR: config: "source" does not work in defaults section - BUG: regex: fix pcre compile error when using JIT - MINOR: ssl: add pattern fetch 'ssl_c_sha1' - BUG: ssl: send payload gets corrupted if tune.ssl.maxrecord is used - MINOR: show PCRE version and JIT status in -vv - BUG/MINOR: jit: don't rely on USE flag to detect support - DOC: readme: add suggestion to link against static openssl - DOC: examples: provide simplified ssl configuration - REORG: tproxy: prepare the transparent proxy defines for accepting other OSes - MINOR: tproxy: add support for FreeBSD - MINOR: tproxy: add support for OpenBSD - DOC: examples: provide an example of transparent proxy configuration for FreeBSD 8 - CLEANUP: fix minor typo in error message. - CLEANUP: fix missing include in proto/listener.h - CLEANUP: protect checks.h from multiple inclusions - MINOR: compression: acl "res.comp" and fetch "res.comp_algo" - BUG/MINOR: http: add-header/set-header did not accept the ACL condition - BUILD: mention in the Makefile that USE_PCRE_JIT is for libpcre >= 8.32 - BUG/MEDIUM: splicing is broken since 1.5-dev12 - BUG/MAJOR: acl: add implicit arguments to the resolve list - BUG/MINOR: tcp: fix error reporting for TCP rules - CLEANUP: peers: remove a bit of spaghetti to prepare for the next bugfix - MINOR: stick-table: allow to allocate an entry without filling it - BUG/MAJOR: peers: fix an overflow when syncing strings larger than 16 bytes - MINOR: session: only call http_send_name_header() when changing the server - MINOR: tcp: report the erroneous word in tcp-request track* - BUG/MAJOR: backend: consistent hash can loop forever in certain circumstances - BUG/MEDIUM: log: fix regression on log-format handling - MEDIUM: log: report file name, line number, and directive name with log-format errors - BUG/MINOR: cli: "clear table" did not work anymore without a key - BUG/MINOR: cli: "clear table xx data.xx" does not work anymore - BUG/MAJOR: http: compression still has defects on chunked responses - BUG/MINOR: stats: fix confirmation links on the stats interface - BUG/MINOR: stats: the status bar does not appear anymore after a change - BUG/MEDIUM: stats: allocate the stats frontend also on "stats bind-process" - BUG/MEDIUM: stats: fix a regression when dealing with POST requests - BUG/MINOR: fix unterminated ACL array in compression - BUILD: last fix broke non-linux platforms - MINOR: init: indicate the SSL runtime version on -vv. - BUG/MEDIUM: compression: the deflate algorithm must use global settings as well - BUILD: stdbool is not portable (again) - DOC: readme: add a small reminder about restrictions to respect in the code - MINOR: ebtree: add new eb_next_dup/eb_prev_dup() functions to visit duplicates - BUG/MINOR: acl: fix a double free during exit when using PCRE_JIT - DOC: fix wrong copy-paste in the rspdel example - MINOR: counters: make it easier to extend the amount of tracked counters - MEDIUM: counters: add support for tracking a third counter - MEDIUM: counters: add a new "gpc0_rate" counter in stick-tables - BUG/MAJOR: http: always ensure response buffer has some room for a response - MINOR: counters: add fetch/acl sc*_tracked to indicate whether a counter is tracked - MINOR: defaults: allow REQURI_LEN and CAPTURE_LEN to be redefined - MINOR: log: add a new flag 'L' for locally processed requests - MINOR: http: add full-length header fetch methods - MEDIUM: protocol: implement a "drain" function in protocol layers - MEDIUM: http: add a new "http-response" ruleset - MEDIUM: http: add the "set-nice" action to http-request and http-response - MEDIUM: log: add a log level override value in struct session - MEDIUM: http: add support for action "set-log-level" in http-request/http-response - MEDIUM: http: add support for "set-tos" in http-request/http-response - MEDIUM: http: add the "set-mark" action on http-request/http-response rules - MEDIUM: tcp: add "tcp-request connection expect-proxy layer4" - MEDIUM: acl: automatically detect the type of certain fetches - MEDIUM: acl: remove a lot of useless ACLs that are equivalent to their fetches - MEDIUM: acl: remove 15 additional useless ACLs that are equivalent to their fetches - DOC: major reorg of ACL + sample fetch - CLEANUP: http: remove the bogus urlp_ip ACL match - MINOR: acl: add the new "env()" fetch method to retrieve an environment variable - BUG/MINOR: acl: correctly consider boolean fetches when doing casts - BUG/CRITICAL: fix a possible crash when using negative header occurrences - DOC: update ROADMAP file - MEDIUM: counters: use sc0/sc1/sc2 instead of sc1/sc2/sc3 - MEDIUM: stats: add proxy name filtering on the statistic page 2013/04/03 : 1.5-dev18 - DOCS: Add explanation of intermediate certs to crt paramater - DOC: typo and minor fixes in compression paragraph - MINOR: config: http-request configuration error message misses new keywords - DOC: minor typo fix in documentation - BUG/MEDIUM: ssl: ECDHE ciphers not usable without named curve configured. - MEDIUM: ssl: add bind-option "strict-sni" - MEDIUM: ssl: add mapping from SNI to cert file using "crt-list" - MEDIUM: regex: Use PCRE JIT in acl - DOC: simplify bind option "interface" explanation - DOC: tfo: bump required kernel to linux-3.7 - BUILD: add explicit support for TFO with USE_TFO - MEDIUM: New cli option -Ds for systemd compatibility - MEDIUM: add haproxy-systemd-wrapper - MEDIUM: add systemd service - BUG/MEDIUM: systemd-wrapper: don't leak zombie processes - BUG/MEDIUM: remove supplementary groups when changing gid - BUG/MEDIUM: config: fix parser crash with bad bind or server address - BUG/MINOR: Correct logic in cut_crlf() - CLEANUP: checks: Make desc argument to set_server_check_status const - CLEANUP: dumpstats: Make cli_release_handler() static - MEDIUM: server: Break out set weight processing code - MEDIUM: server: Allow relative weights greater than 100% - MEDIUM: server: Tighten up parsing of weight string - MEDIUM: checks: Add agent health check - BUG/MEDIUM: ssl: openssl 0.9.8 doesn't open /dev/random before chroot - BUG/MINOR: time: frequency counters are not totally accurate - BUG/MINOR: http: don't process abortonclose when request was sent - BUG/MEDIUM: stream_interface: don't close outgoing connections on shutw() - BUG/MEDIUM: checks: ignore late resets after valid responses - DOC: fix bogus recommendation on usage of gpc0 counter - BUG/MINOR: http-compression: lookup Cache-Control in the response, not the request - MINOR: signal: don't block SIGPROF by default - OPTIM: epoll: make use of EPOLLRDHUP - OPTIM: splice: detect shutdowns and avoid splice() == 0 - OPTIM: splice: assume by default that splice is working correctly - BUG/MINOR: log: temporary fix for lost SSL info in some situations - BUG/MEDIUM: peers: only the last peers section was used by tables - BUG/MEDIUM: config: verbosely reject peers sections with multiple local peers - BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait() - BUG/MINOR: config: fix improper check for failed memory alloc in ACL parser - BUG/MINOR: config: free peer's address when exiting upon parsing error - BUG/MINOR: config: check the proper variable when parsing log minlvl - BUG/MEDIUM: checks: ensure the health_status is always within bounds - BUG/MINOR: cli: show sess should always validate s->listener - BUG/MINOR: log: improper NULL return check on utoa_pad() - CLEANUP: http: remove a useless null check - CLEANUP: tcp/unix: remove useless NULL check in {tcp,unix}_bind_listener() - BUG/MEDIUM: signal: signal handler does not properly check for signal bounds - BUG/MEDIUM: tools: off-by-one in quote_arg() - BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage - BUG/MINOR: unix: remove the 'level' field from the ux struct - CLEANUP: http: don't try to deinitialize http compression if it fails before init - CLEANUP: config: slowstart is never negative - CLEANUP: config: maxcompcpuusage is never negative - BUG/MEDIUM: log: emit '-' for empty fields again - BUG/MEDIUM: checks: fix a race condition between checks and observe layer7 - BUILD: fix a warning emitted by isblank() on non-c99 compilers - BUILD: improve the makefile's support for libpcre - MEDIUM: halog: add support for counting per source address (-ic) - MEDIUM: tools: make str2sa_range support all address syntaxes - MEDIUM: config: make use of str2sa_range() instead of str2sa() - MEDIUM: config: use str2sa_range() to parse server addresses - MEDIUM: config: use str2sa_range() to parse peers addresses - MINOR: tests: add a config file to ease address parsing tests. - MINOR: ssl: add a global tunable for the max SSL/TLS record size - BUG/MINOR: syscall: fix NR_accept4 system call on sparc/linux - BUILD/MINOR: syscall: add definition of NR_accept4 for ARM - MINOR: config: report missing peers section name - BUG/MEDIUM: tools: fix bad character handling in str2sa_range() - BUG/MEDIUM: stats: never apply "unix-bind prefix" to the global stats socket - MINOR: tools: prepare str2sa_range() to return an error message - BUG/MEDIUM: checks: don't call connect() on unsupported address families - MINOR: tools: prepare str2sa_range() to accept a prefix - MEDIUM: tools: make str2sa_range() parse unix addresses too - MEDIUM: config: make str2listener() use str2sa_range() to parse unix addresses - MEDIUM: config: use a single str2sa_range() call to parse bind addresses - MEDIUM: config: use str2sa_range() to parse log addresses - CLEANUP: tools: remove str2sun() which is not used anymore. - MEDIUM: config: add complete support for str2sa_range() in dispatch - MEDIUM: config: add complete support for str2sa_range() in server addr - MEDIUM: config: add complete support for str2sa_range() in 'server' - MEDIUM: config: add complete support for str2sa_range() in 'peer' - MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc' - CLEANUP: minor cleanup in str2sa_range() and str2ip() - CLEANUP: config: do not use multiple errmsg at once - MEDIUM: tools: support specifying explicit address families in str2sa_range() - MAJOR: listener: support inheriting a listening fd from the parent - MAJOR: tools: support environment variables in addresses - BUG/MEDIUM: http: add-header should not emit "-" for empty fields - BUG/MEDIUM: config: ACL compatibility check on "redirect" was wrong - BUG/MEDIUM: http: fix another issue caused by http-send-name-header - DOC: mention the new HTTP 307 and 308 redirect statues - MEDIUM: poll: do not use FD_* macros anymore - BUG/MAJOR: ev_select: disable the select() poller if maxsock > FD_SETSIZE - BUG/MINOR: acl: ssl_fc_{alg,use}_keysize must parse integers, not strings - BUG/MINOR: acl: ssl_c_used, ssl_fc{,_has_crt,_has_sni} take no pattern - BUILD: fix usual isdigit() warning on solaris - BUG/MEDIUM: tools: vsnprintf() is not always reliable on Solaris - OPTIM: buffer: remove one jump in buffer_count() - OPTIM: http: improve branching in chunk size parser - OPTIM: http: optimize the response forward state machine - BUILD: enable poll() by default in the makefile - BUILD: add explicit support for Mac OS/X - BUG/MAJOR: http: use a static storage for sample fetch context - BUG/MEDIUM: ssl: improve error processing and reporting in ssl_sock_load_cert_list_file() - BUG/MAJOR: http: fix regression introduced by commit a890d072 - BUG/MAJOR: http: fix regression introduced by commit d655ffe - BUG/CRITICAL: using HTTP information in tcp-request content may crash the process - MEDIUM: acl: remove flag ACL_MAY_LOOKUP which is improperly used - MEDIUM: samples: use new flags to describe compatibility between fetches and their usages - MINOR: log: indicate it when some unreliable sample fetches are logged - MEDIUM: samples: move payload-based fetches and ACLs to their own file - MINOR: backend: rename sample fetch functions and declare the sample keywords - MINOR: frontend: rename sample fetch functions and declare the sample keywords - MINOR: listener: rename sample fetch functions and declare the sample keywords - MEDIUM: http: unify acl and sample fetch functions - MINOR: session: rename sample fetch functions and declare the sample keywords - MAJOR: acl: make all ACLs reference the fetch function via a sample. - MAJOR: acl: remove the arg_mask from the ACL definition and use the sample fetch's - MAJOR: acl: remove fetch argument validation from the ACL struct - MINOR: http: add new direction-explicit sample fetches for headers and cookies - MINOR: payload: add new direction-explicit sample fetches - CLEANUP: acl: remove ACL hooks which were never used - MEDIUM: proxy: remove acl_requires and just keep a flag "http_needed" - MINOR: sample: provide a function to report the name of a sample check point - MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires - CLEANUP: acl: remove unused references to ACL_USE_* - MINOR: http: replace acl_parse_ver with acl_parse_str - MEDIUM: acl: move the ->parse, ->match and ->smp fields to acl_expr - MAJOR: acl: add option -m to change the pattern matching method - MINOR: acl: remove the use_count in acl keywords - MEDIUM: acl: have a pointer to the keyword name in acl_expr - MEDIUM: acl: support using sample fetches directly in ACLs - MEDIUM: http: remove val_usr() to validate user_lists - MAJOR: sample: maintain a per-proxy list of the fetch args to resolve - MINOR: ssl: add support for the "alpn" bind keyword - MINOR: http: status code 303 is HTTP/1.1 only - MEDIUM: http: implement redirect 307 and 308 - MINOR: http: status 301 should not be marked non-cacheable 2012/12/28 : 1.5-dev17 - MINOR: ssl: Setting global tune.ssl.cachesize value to 0 disables SSL session cache. - BUG/MEDIUM: stats: fix stats page regression introduced by commit 20b0de5 - BUG/MINOR: stats: last fix was still wrong - BUG/MINOR: stats: http-request rules still don't cope with stats - BUG/MINOR: http: http-request add-header emits a corrupted header - BUG/MEDIUM: stats: disable request analyser when processing POST or HEAD - BUG/MINOR: log: make log-format, unique-id-format and add-header more independant - BUILD: log: unused variable svid - CLEANUP: http: rename the misleading http_check_access_rule - MINOR: http: move redirect rule processing to its own function - REORG: config: move the http redirect rule parser to proto_http.c - MEDIUM: http: add support for "http-request redirect" rules - MEDIUM: http: add support for "http-request tarpit" rule 2012/12/24 : 1.5-dev16 - BUG/MEDIUM: ssl: Prevent ssl error from affecting other connections. - BUG/MINOR: ssl: error is not reported if it occurs simultaneously with peer close detection. - MINOR: ssl: add fetch and acl "ssl_c_used" to check if current SSL session uses a client certificate. - MINOR: contrib: make the iprange tool grep for addresses - CLEANUP: polling: gcc doesn't always optimize constants away - OPTIM: poll: optimize fd management functions for low register count CPUs - CLEANUP: poll: remove a useless double-check on fdtab[fd].owner - OPTIM: epoll: use a temp variable for intermediary flag computations - OPTIM: epoll: current fd does not count as a new one - BUG/MINOR: poll: the I/O handler was called twice for polled I/Os - MINOR: http: make resp_ver and status ACLs check for the presence of a response - BUG/MEDIUM: stream-interface: fix possible stalls during transfers - BUG/MINOR: stream_interface: don't return when the fd is already set - BUG/MEDIUM: connection: always update connection flags prior to computing polling - CLEANUP: buffer: use buffer_empty() instead of buffer_len()==0 - BUG/MAJOR: stream_interface: fix occasional data transfer freezes - BUG/MEDIUM: stream_interface: fix another case where the reader might not be woken up - BUG/MINOR: http: don't abort client connection on premature responses - BUILD: no need to clean up when making git-tar - MINOR: log: add a tag for amount of bytes uploaded from client to server - BUG/MEDIUM: log: fix possible segfault during config parsing - MEDIUM: log: change a few log tokens to make them easier to remember - BUG/MINOR: log: add_to_logformat_list() used the wrong constants - MEDIUM: log-format: make the format parser more robust and more extensible - MINOR: sample: support cast from bool to string - MINOR: samples: add a function to fetch and convert any sample to a string - MINOR: log: add lf_text_len - MEDIUM: log: add the ability to include samples in logs - REORG: stats: massive code reorg and cleanup - REORG: stats: move the HTTP header injection to proto_http - REORG: stats: functions are now HTTP/CLI agnostic - BUG/MINOR: log: fix regression introduced by commit 8a3f52 - MINOR: chunks: centralize the trash chunk allocation - MEDIUM: stats: use hover boxes instead of title to report details - MEDIUM: stats: use multi-line tips to display detailed counters - MINOR: tools: simplify the use of the int to ascii macros - MINOR: stats: replace STAT_FMT_CSV with STAT_FMT_HTML - MINOR: http: prepare to support more http-request actions - MINOR: log: make parse_logformat_string() take a const char * - MEDIUM: http: add http-request 'add-header' and 'set-header' to build headers 2012/12/12 : 1.5-dev15 - DOC: add a few precisions on compression - BUG/MEDIUM: ssl: Fix handshake failure on session resumption with client cert. - BUG/MINOR: ssl: One free session in cache remains unused. - BUG/MEDIUM: ssl: first outgoing connection would fail with {ca,crt}-ignore-err - MEDIUM: ssl: manage shared cache by blocks for huge sessions. - MINOR: acl: add fetch for server session rate - BUG/MINOR: compression: Content-Type is case insensitive - MINOR: compression: disable on multipart or status != 200 - BUG/MINOR: http: don't report client aborts as server errors - MINOR: stats: compute the ratio of compressed response based on 2xx responses - MINOR: http: factor out the content-type checks - BUG/MAJOR: stats: correctly check for a possible divide error when showing compression ratios - BUILD: ssl: OpenSSL 0.9.6 has no renegociation - BUG/MINOR: http: disable compression when message has no body - MINOR: compression: make the stats a bit more robust - BUG/MEDIUM: comp: DEFAULT_MAXZLIBMEM was expressed in bytes and not megabytes - MINOR: connection: don't remove failed handshake flags - MEDIUM: connection: add an error code in connections - MEDIUM: connection: add minimal error reporting in logs for incomplete connections - MEDIUM: connection: add error reporting for the PROXY protocol header - MEDIUM: connection: add error reporting for the SSL - DOC: document the connection error format in logs - BUG/MINOR: http: don't log a 503 on client errors while waiting for requests - BUILD: stdbool is not portable - BUILD: ssl: NAME_MAX is not portable, use MAXPATHLEN instead - BUG/MAJOR: raw_sock: must check error code on hangup - BUG/MAJOR: polling: do not set speculative events on ERR nor HUP - BUG/MEDIUM: session: fix FD leak when transport layer logging is enabled - MINOR: stats: add a few more information on session dump - BUG/MINOR: tcp: set the ADDR_TO_SET flag on outgoing connections - CLEANUP: connection: remove unused server/proxy/task/si_applet declarations - BUG/MEDIUM: tcp: process could theorically crash on lack of source ports - MINOR: cfgparse: mention "interface" in the list of allowed "source" options - MEDIUM: connection: introduce "struct conn_src" for servers and proxies - CLEANUP: proto_tcp: use the same code to bind servers and backends - CLEANUP: backend: use the same tproxy address selection code for servers and backends - BUG/MEDIUM: stick-tables: conversions to strings were broken in dev13 - MEDIUM: proto_tcp: add support for tracking L7 information - MEDIUM: counters: add sc1_trackers/sc2_trackers - MINOR: http: add the "base32" pattern fetch function - MINOR: http: add the "base32+src" fetch method. - CLEANUP: session: use an array for the stick counters - BUG/MINOR: proto_tcp: fix parsing of "table" in track-sc1/2 - BUG/MINOR: proto_tcp: bidirectional fetches not supported anymore in track-sc1/2 - BUG/MAJOR: connection: always recompute polling status upon I/O - BUG/MINOR: connection: remove a few synchronous calls to polling updates - MINOR: config: improve error checking on TCP stick-table tracking - DOC: add some clarifications to the readme 2012/11/26 : 1.5-dev14 - DOC: fix minor typos - BUG/MEDIUM: compression: does not forward trailers - MINOR: buffer_dump with ASCII - BUG/MEDIUM: checks: mark the check as stopped after a connect error - BUG/MEDIUM: checks: ensure we completely disable polling upon success - BUG/MINOR: checks: don't mark the FD as closed before transport close - MEDIUM: checks: avoid accumulating TIME_WAITs during checks - MINOR: cli: report the msg state in full text in "show sess $PTR" - CLEANUP: checks: rename some server check flags - MAJOR: checks: rework completely bogus state machine - BUG/MINOR: checks: slightly clean the state machine up - MEDIUM: checks: avoid waking the application up for pure TCP checks - MEDIUM: checks: close the socket as soon as we have a response - BUG/MAJOR: checks: close FD on all timeouts - MINOR: checks: fix recv polling after connect() - MEDIUM: connection: provide a common conn_full_close() function - BUG/MEDIUM: checks: prevent TIME_WAITs from appearing also on timeouts - BUG/MAJOR: peers: the listener's maxaccept was not set and caused loops - MINOR: listeners: make the accept loop more robust when maxaccept==0 - BUG/MEDIUM: acl: correctly resolve all args, not just the first one - BUG/MEDIUM: acl: make prue_acl_expr() correctly free ACL expressions upon exit - BUG/MINOR: stats: fix inversion of the report of a check in progress - MEDIUM: tcp: add explicit support for delayed ACK in connect() - BUG/MEDIUM: connection: always disable polling upon error - MINOR: connection: abort earlier when errors are detected - BUG/MEDIUM: checks: report handshake failures - BUG/MEDIUM: connection: local_send_proxy must wait for connection to establish - MINOR: tcp: add support for the "v6only" bind option - MINOR: stats: also report the computed compression savings in html stats - MINOR: stats: report the total number of compressed responses per front/back - MINOR: tcp: add support for the "v4v6" bind option - DOC: stats: document the comp_rsp stats column - BUILD: buffer: fix another isprint() warning on solaris - MINOR: cli: add support for the "show sess all" command - BUG/MAJOR: cli: show sess may randomly corrupt the back-ref list - MINOR: cli: improve output format for show sess $ptr 2012/11/22 : 1.5-dev13 - BUILD: fix build issue without USE_OPENSSL - BUILD: fix compilation error with DEBUG_FULL - DOC: ssl: remove prefer-server-ciphers documentation - DOC: ssl: surround keywords with quotes - DOC: fix minor typo on http-send-name-header - BUG/MEDIUM: acls using IPv6 subnets patterns incorrectly match IPs - BUG/MAJOR: fix a segfault on option http_proxy and url_ip acl - MEDIUM: http: accept IPv6 values with (s)hdr_ip acl - BUILD: report zlib support in haproxy -vv - DOC: compression: add some details and clean up the formatting - DOC: Change is_ssl acl to ssl_fc acl in example - DOC: make it clear what the HTTP request size is - MINOR: ssl: try to load Diffie-Hellman parameters from cert file - DOC: ssl: update 'crt' statement on 'bind' about Diffie-Hellman parameters loading - MINOR: ssl: add elliptic curve Diffie-Hellman support for ssl key generation - DOC: ssl: add 'ecdhe' statement on 'bind' - MEDIUM: ssl: add client certificate authentication support - DOC: ssl: add 'verify', 'cafile' and 'crlfile' statements on 'bind' - MINOR: ssl: add fetch and ACL 'client_crt' to test a client cert is present - DOC: ssl: add fetch and ACL 'client_cert' - MINOR: ssl: add ignore verify errors options - DOC: ssl: add 'ca-ignore-err' and 'crt-ignore-err' statements on 'bind' - MINOR: ssl: add fetch and ACL 'ssl_verify_result' - DOC: ssl: add fetch and ACL 'ssl_verify_result' - MINOR: ssl: add fetches and ACLs to return verify errors - DOC: ssl: add fetches and ACLs 'ssl_verify_crterr', 'ssl_verify_caerr', and 'ssl_verify_crterr_depth' - MINOR: ssl: disable shared memory and locks on session cache if nbproc == 1 - MINOR: ssl: add build param USE_PRIVATE_CACHE to build cache without shared memory - MINOR: ssl : add statements 'notlsv11' and 'notlsv12' and rename 'notlsv1' to 'notlsv10'. - DOC: ssl : add statements 'notlsv11' and 'notlsv12' and rename 'notlsv1' to 'notlsv10'. - MEDIUM: config: authorize frontend and listen without bind. - MINOR: ssl: add statement 'no-tls-tickets' on bind to disable stateless session resumption - DOC: ssl: add 'no-tls-tickets' statement documentation. - BUG/MINOR: ssl: Fix CRL check was not enabled when crlfile was specified. - BUG/MINOR: build: Fix compilation issue on openssl 0.9.6 due to missing CRL feature. - BUG/MINOR: conf: Fix 'maxsslconn' statement error if built without OPENSSL. - BUG/MINOR: build: Fix failure with USE_OPENSSL=1 and USE_FUTEX=1 on archs i486 and i686. - MINOR: ssl: remove prefer-server-ciphers statement and set it as the default on ssl listeners. - BUG/MEDIUM: ssl: subsequent handshakes fail after server configuration changes - MINOR: ssl: add 'crt-base' and 'ca-base' global statements. - MEDIUM: conf: rename 'nosslv3' and 'notlsvXX' statements 'no-sslv3' and 'no-tlsvXX'. - MEDIUM: conf: rename 'cafile' and 'crlfile' statements 'ca-file' and 'crl-file' - MINOR: ssl: use bit fields to store ssl options instead of one int each - MINOR: ssl: add 'force-sslv3' and 'force-tlsvXX' statements on bind. - MINOR: ssl: add 'force-sslv3' and 'force-tlsvXX' statements on server - MINOR: ssl: add defines LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS. - BUG/MINOR: ssl: Fix issue on server statements 'no-tls*' and 'no-sslv3' - MINOR: ssl: move ssl context init for servers from cfgparse.c to ssl_sock.c - MEDIUM: ssl: reject ssl server keywords in default-server statement - MINOR: ssl: add statement 'no-tls-tickets' on server side. - MINOR: ssl: add statements 'verify', 'ca-file' and 'crl-file' on servers. - DOC: Fix rename of options cafile and crlfile to ca-file and crl-file. - MINOR: sample: manage binary to string type convertion in stick-table and samples. - MINOR: acl: add parse and match primitives to use binary type on ACLs - MINOR: sample: export 'sample_get_trash_chunk(void)' - MINOR: conf: rename all ssl modules fetches using prefix 'ssl_fc' and 'ssl_c' - MINOR: ssl: add pattern and ACLs fetches 'ssl_fc_protocol', 'ssl_fc_cipher', 'ssl_fc_use_keysize' and 'ssl_fc_alg_keysize' - MINOR: ssl: add pattern fetch 'ssl_fc_session_id' - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_version' and 'ssl_f_version' - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_s_dn', 'ssl_c_i_dn', 'ssl_f_s_dn' and 'ssl_c_i_dn' - MINOR: ssl: add pattern and ACLs 'ssl_c_sig_alg' and 'ssl_f_sig_alg' - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_key_alg' and 'ssl_f_key_alg' - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_notbefore', 'ssl_c_notafter', 'ssl_f_notbefore' and 'ssl_f_notafter' - MINOR: ssl: add 'crt' statement on server. - MINOR: ssl: checks the consistency of a private key with the corresponding certificate - BUG/MEDIUM: ssl: review polling on reneg. - BUG/MEDIUM: ssl: Fix some reneg cases not correctly handled. - BUG/MEDIUM: ssl: Fix sometimes reneg fails if requested by server. - MINOR: build: allow packagers to specify the ssl cache size - MINOR: conf: add warning if ssl is not enabled and a certificate is present on bind. - MINOR: ssl: Add tune.ssl.lifetime statement in global. - MINOR: compression: Enable compression for IE6 w/SP2, IE7 and IE8 - BUG: http: revert broken optimisation from 82fe75c1a79dac933391501b9d293bce34513755 - DOC: duplicate ssl_sni section - MEDIUM: HTTP compression (zlib library support) - CLEANUP: use struct comp_ctx instead of union - BUILD: remove dependency to zlib.h - MINOR: compression: memlevel and windowsize - MEDIUM: use pool for zlib - MINOR: compression: try init in cfgparse.c - MINOR: compression: init before deleting headers - MEDIUM: compression: limit RAM usage - MINOR: compression: tune.comp.maxlevel - MINOR: compression: maximum compression rate limit - MINOR: log-format: check number of arguments in cfgparse.c - BUG/MEDIUM: compression: no Content-Type header but type in configuration - BUG/MINOR: compression: deinit zlib only when required - MEDIUM: compression: don't compress when no data - MEDIUM: compression: use pool for comp_ctx - MINOR: compression: rate limit in 'show info' - MINOR: compression: report zlib memory usage - BUG/MINOR: compression: dynamic level increase - DOC: compression: unsupported cases. - MINOR: compression: CPU usage limit - MEDIUM: http: add "redirect scheme" to ease HTTP to HTTPS redirection - BUG/MAJOR: ssl: missing tests in ACL fetch functions - MINOR: config: add a function to indent error messages - REORG: split "protocols" files into protocol and listener - MEDIUM: config: replace ssl_conf by bind_conf - CLEANUP: listener: remove unused conf->file and conf->line - MEDIUM: listener: add a minimal framework to register "bind" keyword options - MEDIUM: config: move the "bind" TCP parameters to proto_tcp - MEDIUM: move bind SSL parsing to ssl_sock - MINOR: config: improve error reporting for "bind" lines - MEDIUM: config: move the common "bind" settings to listener.c - MEDIUM: config: move all unix-specific bind keywords to proto_uxst.c - MEDIUM: config: enumerate full list of registered "bind" keywords upon error - MINOR: listener: add a scope field in the bind keyword lists - MINOR: config: pass the file and line to config keyword parsers - MINOR: stats: fill the file and line numbers in the stats frontend - MINOR: config: set the bind_conf entry on listeners created from a "listen" line. - MAJOR: listeners: use dual-linked lists to chain listeners with frontends - REORG: listener: move unix perms from the listener to the bind_conf - BUG: backend: balance hdr was broken since 1.5-dev11 - MINOR: standard: make memprintf() support a NULL destination - MINOR: config: make str2listener() use memprintf() to report errors. - MEDIUM: stats: remove the stats_sock struct from the global struct - MINOR: ssl: set the listeners' data layer to ssl during parsing - MEDIUM: stats: make use of the standard "bind" parsers to parse global socket - DOC: move bind options to their own section - DOC: stats: refer to "bind" section for "stats socket" settings - DOC: fix index to reference bind and server options - BUG: http: do not print garbage on invalid requests in debug mode - BUG/MINOR: config: check the proper pointer to report unknown protocol - CLEANUP: connection: offer conn_prepare() to set up a connection - CLEANUP: config: fix typo inteface => interface - BUG: stats: fix regression introduced by commit 4348fad1 - MINOR: cli: allow to set frontend maxconn to zero - BUG/MAJOR: http: chunk parser was broken with buffer changes - MEDIUM: monitor: simplify handling of monitor-net and mode health - MINOR: connection: add a pointer to the connection owner - MEDIUM: connection: make use of the owner instead of container_of - BUG/MINOR: ssl: report the L4 connection as established when possible - BUG/MEDIUM: proxy: must not try to stop disabled proxies upon reload - BUG/MINOR: config: use a copy of the file name in proxy configurations - BUG/MEDIUM: listener: don't pause protocols that do not support it - MEDIUM: proxy: add the global frontend to the list of normal proxies - BUG/MINOR: epoll: correctly disable FD polling in fd_rem() - MINOR: signal: really ignore signals configured with no handler - MINOR: buffers: add a few functions to write chars, strings and blocks - MINOR: raw_sock: always report asynchronous connection errors - MEDIUM: raw_sock: improve connection error reporting - REORG: connection: rename the data layer the "transport layer" - REORG: connection: rename app_cb "data" - MINOR: connection: provide a generic data layer wakeup callback - MINOR: connection: split conn_prepare() in two functions - MINOR: connection: add an init callback to the data_cb struct - MEDIUM: session: use a specific data_cb for embryonic sessions - MEDIUM: connection: use a generic data-layer init() callback - MEDIUM: connection: reorganize connection flags - MEDIUM: connection: only call the data->wake callback on activity - MEDIUM: connection: make it possible for data->wake to return an error - MEDIUM: session: register a data->wake callback to process errors - MEDIUM: connection: don't call the data->init callback upon error - MEDIUM: connection: it's not the data layer's role to validate the connection - MEDIUM: connection: automatically disable polling on error - REORG: connection: move the PROXY protocol management to connection.c - MEDIUM: connection: add a new local send-proxy transport callback - MAJOR: checks: make use of the connection layer to send checks - REORG: server: move the check-specific parts into a check subsection - MEDIUM: checks: use real buffers to store requests and responses - MEDIUM: check: add the ctrl and transport layers in the server check structure - MAJOR: checks: completely use the connection transport layer - MEDIUM: checks: add the "check-ssl" server option - MEDIUM: checks: enable the PROXY protocol with health checks - CLEANUP: checks: remove minor warnings for assigned but not used variables - MEDIUM: tcp: enable TCP Fast Open on systems which support it - BUG: connection: fix regression from commit 9e272bf9 - CLEANUP: cttproxy: remove a warning on undeclared close() - BUG/MAJOR: ensure that hdr_idx is always reserved when L7 fetches are used - MEDIUM: listener: add support for linux's accept4() syscall - MINOR: halog: sort output by cookie code - BUG/MINOR: halog: -ad/-ac report the correct number of output lines - BUG/MINOR: halog: fix help message for -ut/-uto - MINOR: halog: add a parameter to limit output line count - BUILD: accept4: move the socketcall declaration outside of accept4() - MINOR: server: add minimal infrastructure to parse keywords - MINOR: standard: make indent_msg() support empty messages - MEDIUM: server: check for registered keywords when parsing unknown keywords - MEDIUM: server: move parsing of keyword "id" to server.c - BUG/MEDIUM: config: check-send-proxy was ignored if SSL was not builtin - MEDIUM: ssl: move "server" keyword SSL options parsing to ssl_sock.c - MEDIUM: log: suffix the frontend's name with '~' when using SSL - MEDIUM: connection: always unset the transport layer upon close - BUG/MINOR: session: fix some leftover from debug code - BUG/MEDIUM: session: enable the conn_session_update() callback - MEDIUM: connection: add a flag to hold the transport layer - MEDIUM: log: add a new LW_XPRT flag to pin the transport layer - MINOR: log: make lf_text use a const char * - MEDIUM: log: report SSL ciphers and version in logs using logformat %sslc/%sslv - REORG: http: rename msg->buf to msg->chn since it's a channel - CLEANUP: http: use 'chn' to name channel variables, not 'buf' - CLEANUP: channel: use 'chn' instead of 'buf' as local variable names - CLEANUP: tcp: use 'chn' instead of 'buf' or 'b' for channel pointer names - CLEANUP: stream_interface: use 'chn' instead of 'b' to name channel pointers - CLEANUP: acl: use 'chn' instead of 'b' to name channel pointers - MAJOR: channel: replace the struct buffer with a pointer to a buffer - OPTIM: channel: reorganize struct members to improve cache efficiency - CLEANUP: session: remove term_trace which is not used anymore - OPTIM: session: reorder struct session fields - OPTIM: connection: pack the struct target - DOC: document relations between internal entities - MINOR: ssl: add 'ssl_npn' sample/acl to extract TLS/NPN information - BUILD: ssl: fix shctx build on older compilers - MEDIUM: ssl: add support for the "npn" bind keyword - BUG: ssl: fix ssl_sni ACLs to correctly process regular expressions - MINOR: chunk: provide string compare functions - MINOR: sample: accept fetch keywords without parenthesis - MEDIUM: sample: pass an empty list instead of a null for fetch args - MINOR: ssl: improve socket behaviour upon handshake abort. - BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel mode - MEDIUM: listener: provide a fallback for accept4() when not supported - BUG/MAJOR: connection: risk of crash on certain tricky close scenario - MEDIUM: cli: allow the stats socket to be bound to a specific set of processes - OPTIM: channel: inline channel_forward's fast path - OPTIM: http: inline http_parse_chunk_size() and http_skip_chunk_crlf() - OPTIM: tools: inline hex2i() - CLEANUP: http: rename HTTP_MSG_DATA_CRLF state - MINOR: compression: automatically disable compression for older browsers - MINOR: compression: optimize memLevel to improve byte rate - BUG/MINOR: http: compression should consider all Accept-Encoding header values - BUILD: fix coexistence of openssl and zlib - MINOR: ssl: add pattern and ACLs fetches 'ssl_c_serial' and 'ssl_f_serial' - BUG/MEDIUM: command-line option -D must have precedence over "debug" - MINOR: tools: add a clear_addr() function to unset an address - BUG/MEDIUM: tcp: transparent bind to the source only when address is set - CLEANUP: remove trashlen - MAJOR: session: detach the connections from the stream interfaces - DOC: update document describing relations between internal entities - BUILD: make it possible to specify ZLIB path - MINOR: compression: add an offload option to remove the Accept-Encoding header - BUG: compression: disable auto-close and enable MSG_MORE during transfer - CLEANUP: completely remove trashlen - MINOR: chunk: add a function to reset a chunk - CLEANUP: replace chunk_printf() with chunk_appendf() - MEDIUM: make the trash be a chunk instead of a char * - MEDIUM: remove remains of BUFSIZE in HTTP auth and sample conversions - MEDIUM: stick-table: allocate the table key of size buffer size - BUG/MINOR: stream_interface: don't loop over ->snd_buf() - BUG/MINOR: session: ensure that we don't retry connection if some data were sent - OPTIM: session: don't process the whole session when only timers need a refresh - BUG/MINOR: session: mark the handshake as complete earlier - MAJOR: connection: remove the CO_FL_CURR_*_POL flag - BUG/MAJOR: always clear the CO_FL_WAIT_* flags after updating polling flags - MAJOR: sepoll: make the poller totally event-driven - OPTIM: stream_interface: disable reading when CF_READ_DONTWAIT is set - BUILD: compression: remove a build warning - MEDIUM: fd: don't unset fdtab[].updated upon delete - REORG: fd: move the speculative I/O management from ev_sepoll - REORG: fd: move the fd state management from ev_sepoll - REORG: fd: centralize the processing of speculative events - BUG: raw_sock: also consider ENOTCONN in addition to EAGAIN - BUILD: stream_interface: remove si_fd() and its references - BUILD: compression: enable build in BSD and OSX Makefiles - MAJOR: ev_select: make the poller support speculative events - MAJOR: ev_poll: make the poller support speculative events - MAJOR: ev_kqueue: make the poller support speculative events - MAJOR: polling: replace epoll with sepoll and remove sepoll - MAJOR: polling: remove unused callbacks from the poller struct - MEDIUM: http: refrain from sending "Connection: close" when Upgrade is present - CLEANUP: channel: remove any reference of the hijackers - CLEANUP: stream_interface: remove the external task type target - MAJOR: connection: replace struct target with a pointer to an enum - BUG: connection: fix typo in previous commit - BUG: polling: don't skip polled events in the spec list - MINOR: splice: disable it when the system returns EBADF - MINOR: build: allow packagers to specify the default maxzlibmem - BUG: halog: fix broken output limitation - BUG: proxy: fix server name lookup in get_backend_server() - BUG: compression: do not always increment the round counter on allocation failure - BUG/MEDIUM: compression: release the zlib pools between keep-alive requests - MINOR: global: don't prevent nbproc from being redefined - MINOR: config: support process ranges for "bind-process" - MEDIUM: global: add support for CPU binding on Linux ("cpu-map") - MINOR: ssl: rename and document the tune.ssl.cachesize option - DOC: update the PROXY protocol spec to support v2 - MINOR: standard: add a simple popcount function - MEDIUM: adjust the maxaccept per listener depending on the number of processes - BUG: compression: properly disable compression when content-type does not match - MINOR: cli: report connection status in "show sess xxx" - BUG/MAJOR: stream_interface: certain workloads could cause get stuck - BUILD: cli: fix build when SSL is enabled - MINOR: cli: report the fd state in "show sess xxx" - MINOR: cli: report an error message on missing argument to compression rate - MINOR: http: add some debugging functions to pretty-print msg state names - BUG/MAJOR: stream_interface: read0 not always handled since dev12 - DOC: documentation on http header capture is wrong - MINOR: http: allow the cookie capture size to be changed - DOC: http header capture has not been limited in size for a long time - DOC: update readme with build methods for BSD - BUILD: silence a warning on Solaris about usage of isdigit() - MINOR: stats: report HTTP compression stats per frontend and per backend - MINOR: log: add '%Tl' to log-format - MINOR: samples: update the url_param fetch to match parameters in the path 2012/09/10 : 1.5-dev12 - CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read - MEDIUM: ssl: add support for prefer-server-ciphers option - MINOR: IPv6 support for transparent proxy - MINOR: protocol: add SSL context to listeners if USE_OPENSSL is defined - MINOR: server: add SSL context to servers if USE_OPENSSL is defined - MEDIUM: connection: add a new handshake flag for SSL (CO_FL_SSL_WAIT_HS). - MEDIUM: ssl: add new files ssl_sock.[ch] to provide the SSL data layer - MEDIUM: config: add the 'ssl' keyword on 'bind' lines - MEDIUM: config: add support for the 'ssl' option on 'server' lines - MEDIUM: ssl: protect against client-initiated renegociation - BUILD: add optional support for SSL via the USE_OPENSSL flag - MEDIUM: ssl: add shared memory session cache implementation. - MEDIUM: ssl: replace OpenSSL's session cache with the shared cache - MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size. - MEDIUM: ssl: add support for SNI and wildcard certificates - DOC: Typos cleanup - DOC: fix name for "option independant-streams" - DOC: specify the default value for maxconn in the context of a proxy - BUG/MINOR: to_log erased with unique-id-format - LICENSE: add licence exception for OpenSSL - BUG/MAJOR: cookie prefix doesn't support cookie-less servers - BUILD: add an AIX 5.2 (and later) target. - MEDIUM: fd/si: move peeraddr from struct fdinfo to struct connection - MINOR: halog: use the more recent dual-mode fgets2 implementation - BUG/MEDIUM: ebtree: ebmb_insert() must not call cmp_bits on full-length matches - CLEANUP: halog: make clean should also remove .o files - OPTIM: halog: make use of memchr() on platforms which provide a fast one - OPTIM: halog: improve cold-cache behaviour when loading a file - BUG/MINOR: ACL implicit arguments must be created with unresolved flag - MINOR: replace acl_fetch_{path,url}* with smp_fetch_* - MEDIUM: pattern: add the "base" sample fetch method - OPTIM: i386: make use of kernel-mode-linux when available - BUG/MINOR: tarpit: fix condition to return the HTTP 500 message - BUG/MINOR: polling: some events were not set in various pollers - MINOR: http: add the urlp_val ACL match - BUG: stktable: tcp_src_to_stktable_key() must return NULL on invalid families - MINOR: stats/cli: add plans to support more stick-table actions - MEDIUM: stats/cli: add support for "set table key" to enter values - REORG/MEDIUM: fd: remove FD_STCLOSE from struct fdtab - REORG/MEDIUM: fd: remove checks for FD_STERROR in ev_sepoll - REORG/MEDIUM: fd: get rid of FD_STLISTEN - REORG/MINOR: connection: move declaration to its own include file - REORG/MINOR: checks: put a struct connection into the server - MINOR: connection: add flags to the connection struct - MAJOR: get rid of fdtab[].state and use connection->flags instead - MINOR: fd: add a new I/O handler to fdtab - MEDIUM: polling: prepare to call the iocb() function when defined. - MEDIUM: checks: make use of fdtab->iocb instead of cb[] - MEDIUM: protocols: use the generic I/O callback for accept callbacks - MINOR: connection: add a handler for fd-based connections - MAJOR: connection: replace direct I/O callbacks with the connection callback - MINOR: fd: make fdtab->owner a connection and not a stream_interface anymore - MEDIUM: connection: remove the FD_POLL_* flags only once - MEDIUM: connection: extract the send_proxy callback from proto_tcp - MAJOR: tcp: remove the specific I/O callbacks for TCP connection probes - CLEANUP: remove the now unused fdtab direct I/O callbacks - MAJOR: remove the stream interface and task management code from sock_* - MEDIUM: stream_interface: pass connection instead of fd in sock_ops - MEDIUM: stream_interface: centralize the SI_FL_ERR management - MAJOR: connection: add a new CO_FL_CONNECTED flag - MINOR: rearrange tcp_connect_probe() and fix wrong return codes - MAJOR: connection: call data layer handshakes from the handler - MEDIUM: fd: remove the EV_FD_COND_* primitives - MINOR: sock_raw: move calls to si_data_close upper - REORG: connection: replace si_data_close() with conn_data_close() - MEDIUM: sock_raw: introduce a read0 callback that is different from shutr - MAJOR: stream_int: use a common stream_int_shut*() functions regardless of the data layer - MAJOR: fd: replace all EV_FD_* macros with new fd_*_* inline calls - MEDIUM: fd: add fd_poll_{recv,send} for use when explicit polling is required - MEDIUM: connection: add definitions for dual polling mechanisms - MEDIUM: connection: make use of the new polling functions - MAJOR: make use of conn_{data|sock}_{poll|stop|want}* in connection handlers - MEDIUM: checks: don't use FD_WAIT_* anymore - MINOR: fd: get rid of FD_WAIT_* - MEDIUM: stream_interface: offer a generic function for connection updates - MEDIUM: stream-interface: offer a generic chk_rcv function for connections - MEDIUM: stream-interface: add a snd_buf() callback to sock_ops - MEDIUM: stream-interface: provide a generic stream_int_chk_snd_conn() function - MEDIUM: stream-interface: provide a generic si_conn_send_cb callback - MEDIUM: stream-interface: provide a generic stream_sock_read0() function - REORG/MAJOR: use "struct channel" instead of "struct buffer" - REORG/MAJOR: extract "struct buffer" from "struct channel" - MINOR: connection: provide conn_{data|sock}_{read0|shutw} functions - REORG: sock_raw: rename the files raw_sock* - MAJOR: raw_sock: extract raw_sock_to_buf() from raw_sock_read() - MAJOR: raw_sock: temporarily disable splicing - MINOR: stream-interface: add an rcv_buf callback to sock_ops - REORG: stream-interface: move sock_raw_read() to si_conn_recv_cb() - MAJOR: connection: split the send call into connection and stream interface - MAJOR: stream-interface: restore splicing mechanism - MAJOR: stream-interface: make conn_notify_si() more robust - MEDIUM: proxy-proto: don't use buffer flags in conn_si_send_proxy() - MAJOR: stream-interface: don't commit polling changes in every callback - MAJOR: stream-interface: fix splice not to call chk_snd by itself - MEDIUM: stream-interface: don't remove WAIT_DATA when a handshake is in progress - CLEANUP: connection: split sock_ops into data_ops, app_cp and si_ops - REORG: buffers: split buffers into chunk,buffer,channel - MAJOR: channel: remove the BF_OUT_EMPTY flag - REORG: buffer: move buffer_flush, b_adv and b_rew to buffer.h - MINOR: channel: rename bi_full to channel_full as it checks the whole channel - MINOR: buffer: provide a new buffer_full() function - MAJOR: channel: stop relying on BF_FULL to take action - MAJOR: channel: remove the BF_FULL flag - REORG: channel: move buffer_{replace,insert_line}* to buffer.{c,h} - CLEANUP: channel: usr CF_/CHN_ prefixes instead of BF_/BUF_ - CLEANUP: channel: use "channel" instead of "buffer" in function names - REORG: connection: move the target pointer from si to connection - MAJOR: connection: move the addr field from the stream_interface - MEDIUM: stream_interface: remove CAP_SPLTCP/CAP_SPLICE flags - MEDIUM: proto_tcp: remove any dependence on stream_interface - MINOR: tcp: replace tcp_src_to_stktable_key with addr_to_stktable_key - MEDIUM: connection: add an ->init function to data layer - MAJOR: session: introduce embryonic sessions - MAJOR: connection: make the PROXY decoder a handshake handler - CLEANUP: frontend: remove the old proxy protocol decoder - MAJOR: connection: rearrange the polling flags. - MEDIUM: connection: only call tcp_connect_probe when nothing was attempted yet - MEDIUM: connection: complete the polling cleanups - MEDIUM: connection: avoid calling handshakes when polling is required - MAJOR: stream_interface: continue to update data polling flags during handshakes - CLEANUP: fd: remove fdtab->flags - CLEANUP: fdtab: flatten the struct and merge the spec struct with the rest - CLEANUP: includes: fix includes for a number of users of fd.h - MINOR: ssl: disable TCP quick-ack by default on SSL listeners - MEDIUM: config: add a "ciphers" keyword to set SSL cipher suites - MEDIUM: config: add "nosslv3" and "notlsv1" on bind and server lines - BUG: ssl: mark the connection as waiting for an SSL connection during the handshake - BUILD: http: rename error_message http_error_message to fix conflicts on RHEL - BUILD: ssl: fix shctx build on RHEL with futex - BUILD: include sys/socket.h to fix build failure on FreeBSD - BUILD: fix build error without SSL (ssl_cert) - BUILD: ssl: use MAP_ANON instead of MAP_ANONYMOUS - BUG/MEDIUM: workaround an eglibc bug which truncates the pidfiles when nbproc > 1 - MEDIUM: config: support per-listener backlog and maxconn - MINOR: session: do not send an HTTP/500 error on SSL sockets - MEDIUM: config: implement maxsslconn in the global section - BUG: tcp: close socket fd upon connect error - MEDIUM: connection: improve error handling around the data layer - MINOR: config: make the tasks "nice" value configurable on "bind" lines. - BUILD: shut a gcc warning introduced by commit 269ab31 - MEDIUM: config: centralize handling of SSL config per bind line - BUILD: makefile: report USE_OPENSSL status in build options - BUILD: report openssl build settings in haproxy -vv - MEDIUM: ssl: add sample fetches for is_ssl, ssl_has_sni, ssl_sni_* - DOC: add a special acknowledgement for the stud project - DOC: add missing SSL options for servers and listeners - BUILD: automatically add -lcrypto for SSL - DOC: add some info about openssl build in the README 2012/06/04 : 1.5-dev11 - BUG/MEDIUM: option forwardfor if-none doesn't work with some configurations - BUG/MAJOR: trash must always be the size of a buffer - DOC: fix minor regex example issue and improve doc on stats - MINOR: stream_interface: add a pointer to the listener for TARG_TYPE_CLIENT - MEDIUM: protocol: add a pointer to struct sock_ops to the listener struct - MINOR: checks: add on-marked-up option - MINOR: balance uri: added 'whole' parameter to include query string in hash calculation - MEDIUM: stream_interface: remove the si->init - MINOR: buffers: add a rewind function - BUG/MAJOR: fix regression on content-based hashing and http-send-name-header - MAJOR: http: stop using msg->sol outside the parsers - CLEANUP: http: make it more obvious that msg->som is always null outside of chunks - MEDIUM: http: get rid of msg->som which is not used anymore - MEDIUM: http: msg->sov and msg->sol will never wrap - BUG/MAJOR: checks: don't call set_server_status_* when no LB algo is set - BUG/MINOR: stop connect timeout when connect succeeds - REORG: move the send-proxy code to tcp_connect_write() - REORG/MINOR: session: detect the TCP monitor checks at the protocol accept - MINOR: stream_interface: introduce a new "struct connection" type - REORG/MINOR: stream_interface: move si->fd to struct connection - REORG/MEDIUM: stream_interface: move applet->state and private to connection - MINOR: stream_interface: add a data channel close function - MEDIUM: stream_interface: call si_data_close() before releasing the si - MINOR: peers: use the socket layer operations from the peer instead of sock_raw - BUG/MINOR: checks: expire on timeout.check if smaller than timeout.connect - MINOR: add a new function call tracer for debugging purposes - BUG/MINOR: perform_http_redirect also needs to rewind the buffer - BUG/MAJOR: b_rew() must pass a signed offset to b_ptr() - BUG/MEDIUM: register peer sync handler in the proper order - BUG/MEDIUM: buffers: fix bi_putchr() to correctly advance the pointer - BUG/MINOR: fix option httplog validation with TCP frontends - BUG/MINOR: log: don't report logformat errors in backends - REORG/MINOR: use dedicated proxy flags for the cookie handling - BUG/MINOR: config: do not report twice the incompatibility between cookie and non-http - MINOR: http: add support for "httponly" and "secure" cookie attributes - BUG/MEDIUM: ensure that unresolved arguments are freed exactly once - BUG/MINOR: commit 196729ef used wrong condition resulting in freeing constants - MEDIUM: stats: add support for soft stop/soft start in the admin interface - MEDIUM: stats: add the ability to kill sessions from the admin interface - BUILD: add support for linux kernels >= 2.6.28 2012/05/14 : 1.5-dev10 - BUG/MINOR: stats admin: "Unexpected result" was displayed unconditionally - BUG/MAJOR: acl: http_auth_group() must not accept any user from the userlist - CLEANUP: auth: make the code build again with DEBUG_AUTH - BUG/MEDIUM: config: don't crash at config load time on invalid userlist names - REORG: use the name sock_raw instead of stream_sock - MINOR: stream_interface: add a client target : TARG_TYPE_CLIENT - BUG/MEDIUM: stream_interface: restore get_src/get_dst - CLEANUP: sock_raw: remove last references to stream_sock - CLEANUP: stream_interface: stop exporting socket layer functions - MINOR: stream_interface: add an init callback to sock_ops - MEDIUM: stream_interface: derive the socket operations from the target - MAJOR: fd: remove the need for the socket layer to recheck the connection - MINOR: session: call the socket layer init function when a session establishes - MEDIUM: session: add support for tunnel timeouts - MINOR: standard: add a new debug macro : fddebug() - CLEANUP: fd: remove unused cb->b pointers in the struct fdtab - OPTIM: proto_http: don't enable quick-ack on empty buffers - OPTIM/MAJOR: ev_sepoll: process spec events after polled events - OPTIM/MEDIUM: stream_interface: add a new SI_FL_NOHALF flag 2012/05/08 : 1.5-dev9 - MINOR: Add release callback to si_applet - CLEANUP: Fix some minor typos - MINOR: Add TO/FROM_SET flags to struct stream_interface - CLEANUP: Fix some minor whitespace issues - MINOR: stats admin: allow unordered parameters in POST requests - CLEANUP: fix typo in findserver() log message - MINOR: stats admin: use the backend id instead of its name in the form - MINOR: stats admin: reduce memcmp()/strcmp() calls on status codes - DOC: cleanup indentation, alignment, columns and chapters - DOC: fix some keywords arguments documentation - MINOR: cli: display the 4 IP addresses and ports on "show sess XXX" - BUG/MAJOR: log: possible segfault with logformat - MEDIUM: log: split of log_format generation - MEDIUM: log: New format-log flags: %Fi %Fp %Si %Sp %Ts %rt %H %pid - MEDIUM: log: Unique ID - MINOR: log: log-format: usable without httplog and tcplog - BUG/MEDIUM: balance source did not properly hash IPv6 addresses - MINOR: contrib/iprange: add a network IP range to mask converter - MEDIUM: session: implement the "use-server" directive - MEDIUM: log: add a new cookie flag 'U' to report situations where cookie is not used - MEDIUM: http: make extract_cookie_value() iterate over cookie values - MEDIUM: http: add cookie and scookie ACLs - CLEANUP: lb_first: add reference to a paper describing the original idea - MEDIUM: stream_sock: add a get_src and get_dst callback and remove SN_FRT_ADDR_SET - BUG/MINOR: acl: req_ssl_sni would randomly fail if a session ID is present - BUILD: http: make extract_cookie_value() return an int not size_t - BUILD: http: stop gcc-4.1.2 from complaining about possibly uninitialized values - CLEANUP: http: message parser must ignore HTTP_MSG_ERROR - MINOR: standard: add a memprintf() function to build formatted error messages - CLEANUP: remove a few warning about unchecked return values in debug code - MEDIUM: move message-related flags from transaction to message - DOC: add a diagram to explain how circular buffers work - MAJOR: buffer rework: replace ->send_max with ->o - MAJOR: buffer: replace buf->l with buf->{o+i} - MINOR: buffers: provide simple pointer normalization functions - MINOR: buffers: remove unused function buffer_contig_data() - MAJOR: buffers: replace buf->w with buf->p - buf->o - MAJOR: buffers: replace buf->r with buf->p + buf->i - MAJOR: http: move buffer->lr to http_msg->next - MAJOR: http: change msg->{som,col,sov,eoh} to be relative to buffer origin - CLEANUP: http: remove unused http_msg->col - MAJOR: http: turn http_msg->eol to a buffer-relative offset - MEDIUM: http: add a pointer to the buffer in http_msg - MAJOR: http: make http_msg->sol relative to buffer's origin - MEDIUM: http: http_send_name_header: remove references to msg and buffer - MEDIUM: http: remove buffer arg in a few header manipulation functions - MEDIUM: http: remove buffer arg in http_capture_bad_message - MEDIUM: http: remove buffer arg in http_msg_analyzer - MEDIUM: http: remove buffer arg in http_upgrade_v09_to_v10 - MEDIUM: http: remove buffer arg in http_buffer_heavy_realign - MEDIUM: http: remove buffer arg in chunk parsing functions - MINOR: http: remove useless wrapping checks in http_msg_analyzer - MEDIUM: buffers: fix unsafe use of buffer_ignore at some places - MEDIUM: buffers: add new pointer wrappers and get rid of almost all buffer_wrap_add calls - MEDIUM: buffers: implement b_adv() to advance a buffer's pointer - MEDIUM: buffers: rename a number of buffer management functions - MEDIUM: http: add a prefetch function for ACL pattern fetch - MEDIUM: http: make all ACL fetch function use acl_prefetch_http() - BUG/MINOR: http_auth: ACLs are volatile, not permanent - MEDIUM: http/acl: merge all request and response ACL fetches of headers and cookies - MEDIUM: http/acl: make acl_fetch_hdr_{ip,val} rely on acl_fetch_hdr() - MEDIUM: add a new typed argument list parsing framework - MAJOR: acl: make use of the new argument parsing framework - MAJOR: acl: store the ACL argument types in the ACL keyword declaration - MEDIUM: acl: acl_find_target() now resolves arguments based on their types - MAJOR: acl: make acl_find_targets also resolve proxy names at config time - MAJOR: acl: ensure that implicit table and proxies are valid - MEDIUM: acl: remove unused tests for missing args when args are mandatory - MEDIUM: pattern: replace type pattern_arg with type arg - MEDIUM: pattern: get rid of arg_i in all functions making use of arguments - MEDIUM: pattern: use the standard arg parser - MEDIUM: pattern: add an argument validation callback to pattern descriptors - MEDIUM: pattern: report the precise argument parsing error when known. - MEDIUM: acl: remove the ACL_TEST_F_NULL_MATCH flag - MINOR: pattern: add a new 'sample' type to store fetched data - MEDIUM: pattern: add new sample types to replace pattern types - MAJOR: acl: make use of the new sample struct and get rid of acl_test - MEDIUM: pattern/acl: get rid of temp_pattern in ACLs - MEDIUM: acl: get rid of the SET_RES flags - MEDIUM: get rid of SMP_F_READ_ONLY and SMP_F_MUST_FREE - MINOR: pattern: replace struct pattern with struct sample - MEDIUM: pattern: integrate pattern_data into sample and use sample everywhere - MEDIUM: pattern: retrieve the sample type in the sample, not in the keyword description - MEDIUM: acl/pattern: switch rdp_cookie functions stack up-down - MEDIUM: acl: replace acl_expr with args in acl fetch_* functions - MINOR: tcp: replace acl_fetch_rdp_cookie with smp_fetch_rdp_cookie - MEDIUM: acl/pattern: use the same direction scheme - MEDIUM: acl/pattern: start merging common sample fetch functions - MEDIUM: pattern: ensure that sample types always cast into other types. - MEDIUM: acl/pattern: factor out the src/dst address fetches - MEDIUM: acl: implement payload and payload_lv - CLEANUP: pattern: ensure that payload and payload_lv always stay in the buffer - MINOR: stick_table: centralize the handling of empty keys - MINOR: pattern: centralize handling of unstable data in pattern_process() - MEDIUM: pattern: use smp_fetch_rdp_cookie instead of the pattern specific version - MINOR: acl: set SMP_OPT_ITERATE on fetch functions - MINOR: acl: add a val_args field to keywords - MINOR: proto_tcp: validate arguments of payload and payload_lv ACLs - MEDIUM: http: merge acl and pattern header fetch functions - MEDIUM: http: merge ACL and pattern cookie fetches into a single one - MEDIUM: acl: report parsing errors to the caller - MINOR: arg: improve error reporting on invalid arguments - MINOR: acl: report errors encountered when loading patterns from files - MEDIUM: acl: extend the pattern parsers to report meaningful errors - REORG: use the name "sample" instead of "pattern" to designate extracted data - REORG: rename "pattern" files - MINOR: acl: add types to ACL patterns - MINOR: standard: add an IPv6 parsing function (str62net) - MEDIUM: acl: support IPv6 address matching - REORG: stream_interface: create a struct sock_ops to hold socket operations - REORG/MEDIUM: move protocol->{read,write} to sock_ops - REORG/MEDIUM: stream_interface: initialize socket ops from descriptors - REORG/MEDIUM: replace stream interface protocol functions by a proto pointer - REORG/MEDIUM: move the default accept function from sockstream to protocols.c - MEDIUM: proto_tcp: remove src6 and dst6 pattern fetch methods - BUG/MINOR: http: error snapshots are wrong if buffer wraps - BUG/MINOR: http: ensure that msg->err_pos is always relative to buf->p - MEDIUM: http: improve error capture reports - MINOR: acl: add the cook_val() match to match a cookie against an integer - BUG/MEDIUM: send_proxy: fix initialisation of send_proxy_ofs - MEDIUM: memory: add the ability to poison memory at run time - BUG/MEDIUM: log: ensure that unique_id is properly initialized - MINOR: cfgparse: use a common errmsg pointer for all parsers - MEDIUM: cfgparse: make backend_parse_balance() use memprintf to report errors - MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords - MINOR: http: replace http_message_realign() with buffer_slow_realign() 2012/03/26 : 1.5-dev8 - MINOR: patch for minor typo (ressources/resources) - MEDIUM: http: add support for sending the server's name in the outgoing request - DOC: mention that default checks are TCP connections - BUG/MINOR: fix options forwardfor if-none when an alternative header name is specified - CLEANUP: Make check_statuses, analyze_statuses and process_chk static - CLEANUP: Fix HCHK spelling errors - BUG/MINOR: fix typo in processing of http-send-name-header - MEDIUM: log: Use linked lists for loggers - BUILD: fix declaration inside a scope block - REORG: log: split send_log function - MINOR: config: Parse the string of the log-format config keyword - MINOR: add ultoa, ulltoa, ltoa, lltoa implementations - MINOR: Date and time fonctions that don't use snprintf - MEDIUM: log: make http_sess_log use log_format - DOC: log-format documentation - MEDIUM: log: use log_format for mode tcplog - MEDIUM: log-format: backend source address %Bi %Bp - BUG/MINOR: log-format: fix %o flag - BUG/MEDIUM: bad length in log_format and __send_log - MINOR: logformat %st is signed - BUILD/MINOR: fix the source URL in the spec file - DOC: acl is http_first_req, not http_req_first - BUG/MEDIUM: don't trim last spaces from headers consisting only of spaces - MINOR: acl: add new matches for header/path/url length - BUILD: halog: make halog build on solaris - BUG/MINOR: don't use a wrong port when connecting to a server with mapped ports - MINOR: remove the client/server side distinction in SI addresses - MINOR: halog: add support for matching queued requests - DOC: indicate that cookie "prefix" and "indirect" should not be mixed - OPTIM/MINOR: move struct sockaddr_storage to the tail of structs - OPTIM/MINOR: make it possible to change pipe size (tune.pipesize) - BUILD/MINOR: silent a build warning in src/pipe.c (fcntl) - OPTIM/MINOR: move the hdr_idx pools out of the proxy struct - MEDIUM: tune.http.maxhdr makes it possible to configure the maximum number of HTTP headers - BUG/MINOR: fix a segfault when parsing a config with undeclared peers - CLEANUP: rename possibly confusing struct field "tracked" - BUG/MEDIUM: checks: fix slowstart behaviour when server tracking is in use - MINOR: config: tolerate server "cookie" setting in non-HTTP mode - MEDIUM: buffers: add some new primitives and rework existing ones - BUG: buffers: don't return a negative value on buffer_total_space_res() - MINOR: buffers: make buffer_pointer() support negative pointers too - CLEANUP: kill buffer_replace() and use an inline instead - BUG: tcp: option nolinger does not work on backends - CLEANUP: ebtree: remove a few annoying signedness warnings - CLEANUP: ebtree: clarify licence and update to 6.0.6 - CLEANUP: ebtree: remove 4-year old harmless typo in duplicates insertion code - CLEANUP: ebtree: remove another typo, a wrong initialization in insertion code - BUG: ebtree: ebst_lookup() could return the wrong entry - OPTIM: stream_sock: reduce the amount of in-flight spliced data - OPTIM: stream_sock: save a failed recv syscall when splice returns EAGAIN - MINOR: acl: add support for TLS server name matching using SNI - BUG: http: re-enable TCP quick-ack upon incomplete HTTP requests - BUG: proto_tcp: don't try to bind to a foreign address if sin_family is unknown - MINOR: pattern: export the global temporary pattern - CLEANUP: patterns: get rid of pattern_data_setstring() - MEDIUM: acl: use temp_pattern to store fetched information in the "method" match - MINOR: acl: include pattern.h to make pattern migration more transparent - MEDIUM: pattern: change the pattern data integer from unsigned to signed - MEDIUM: acl: use temp_pattern to store any integer-type information - MEDIUM: acl: use temp_pattern to store any address-type information - CLEANUP: acl: integer part of acl_test is not used anymore - MEDIUM: acl: use temp_pattern to store any string-type information - CLEANUP: acl: remove last data fields from the acl_test struct - MEDIUM: http: replace get_ip_from_hdr2() with http_get_hdr() - MEDIUM: patterns: the hdr() pattern is now of type string - DOC: add minimal documentation on how ACLs work internally - DOC: add a coding-style file - OPTIM: halog: keep a fast path for the lines-count only - CLEANUP: silence a warning when building on sparc - BUG: http: tighten the list of allowed characters in a URI - MEDIUM: http: block non-ASCII characters in URIs by default - DOC: add some documentation from RFC3986 about URI format - BUG/MINOR: cli: correctly remove the whole table on "clear table" - BUG/MEDIUM: correctly disable servers tracking another disabled servers. - BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend - MINOR: halog: add some help on the command line - BUILD: fix build error on FreeBSD - BUG: fix double free in peers config error path - MEDIUM: improve config check return codes - BUILD: make it possible to look for pcre in the default system paths - MINOR: config: emit a warning when 'default_backend' masks servers - MINOR: backend: rework the LC definition to support other connection-based algos - MEDIUM: backend: add the 'first' balancing algorithm - BUG: fix httplog trailing LF - MEDIUM: increase chunk-size limit to 2GB-1 - BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions - BUG: http: disable TCP delayed ACKs when forwarding content-length data - BUG: checks: fix server maintenance exit sequence - BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on partial writes - DOC: enumerate valid status codes for "observe layer7" - MINOR: buffer: switch a number of buffer args to const - CLEANUP: silence signedness warning in acl.c - BUG: stream_sock: si->release was not called upon shutw() - MINOR: log: use "%ts" to log term status only and "%tsc" to log with cookie - BUG/CRITICAL: log: fix risk of crash in development snapshot - BUG/MAJOR: possible crash when using capture headers on TCP frontends - MINOR: config: disable header captures in TCP mode and complain 2011/09/10 : 1.5-dev7 - [BUG] fix binary stick-tables - [MINOR] http: *_dom matching header functions now also split on ":" - [BUG] checks: fix support of Mysqld >= 5.5 for mysql-check - [MINOR] acl: add srv_conn acl to count connections on a specific backend server - [MINOR] check: add redis check support - [DOC] small fixes to clearly distinguish between keyword and variables - [MINOR] halog: add support for termination code matching (-tcn/-TCN) - [DOC] Minor spelling fixes and grammatical enhancements - [CLEANUP] dumpstats: make symbols static where possible - [MINOR] Break out dumping table - [MINOR] Break out processing of clear table - [MINOR] Allow listing of stick table by key - [MINOR] Break out all stick table socat command parsing - [MINOR] More flexible clearing of stick table - [MINOR] Allow showing and clearing by key of ipv6 stick tables - [MINOR] Allow showing and clearing by key of integer stick tables - [MINOR] Allow showing and clearing by key of string stick tables - [CLEANUP] Remove assigned but unused variables - [CLEANUP] peers.h: fix declarations - [CLEANUP] session.c: Make functions static where possible - [MINOR] Add active connection list to server - [MINOR] Allow shutdown of sessions when a server becomes unavailable - [MINOR] Add down termination condition - [MINOR] Make appsess{,ion}_refresh static - [MINOR] Add rdp_cookie pattern fetch function - [CLEANUP] Remove unnecessary casts - [MINOR] Add non-stick server option - [MINOR] Consistently use error in tcp_parse_tcp_req() - [MINOR] Consistently free expr on error in cfg_parse_listen() - [MINOR] Free rdp_cookie_name on denint() - [MINOR] Free tcp rules on denint() - [MINOR] Free stick table pool on denint() - [MINOR] Free stick rules on denint() - [MEDIUM] Fix stick-table replication on soft-restart - [MEDIUM] Correct ipmask() logic - [MINOR] Correct type in table dump examples - [MINOR] Fix build error in stream_int_register_handler() - [MINOR] Use DPRINTF in assign_server() - [BUG] checks: http-check expect could fail a check on multi-packet responses - [DOC] fix minor typo in the "dispatch" doc - [BUG] proto_tcp: fix address binding on remote source - [MINOR] http: don't report the "haproxy" word on the monitoring response - [REORG] http: move HTTP error codes back to proto_http.h - [MINOR] http: make the "HTTP 200" status code configurable. - [MINOR] http: partially revert the chunking optimization for now - [MINOR] stream_sock: always clear BF_EXPECT_MORE upon complete transfer - [CLEANUP] stream_sock: remove unneeded FL_TCP and factor out test - [MEDIUM] http: add support for "http-no-delay" - [OPTIM] http: optimize chunking again in non-interactive mode - [OPTIM] stream_sock: avoid fast-forwarding of partial data - [OPTIM] stream_sock: don't use splice on too small payloads - [MINOR] config: make it possible to specify a cookie even without a server - [BUG] stats: support url-encoded forms - [MINOR] config: automatically compute a default fullconn value - [CLEANUP] config: remove some left-over printf debugging code from previous patch - [DOC] add missing entry or stick store-response - [MEDIUM] http: add support for 'cookie' and 'set-cookie' patterns - [BUG] halog: correctly handle truncated last line - [MINOR] halog: make SKIP_CHAR stop on field delimiters - [MINOR] halog: add support for HTTP log matching (-H) - [MINOR] halog: gain back performance before SKIP_CHAR fix - [OPTIM] halog: cache some common fields positions - [OPTIM] halog: check once for correct line format and reuse the pointer - [OPTIM] halog: remove many 'if' by using a function pointer for the filters - [OPTIM] halog: remove support for tab delimiters in input data - [BUG] session: risk of crash on out of memory (1.5-dev regression) - [MINOR] session: try to emit a 500 response on memory allocation errors - [OPTIM] stream_sock: reduce the default number of accepted connections at once - [BUG] stream_sock: disable listener when system resources are exhausted - [MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c - [BUG] stream_sock: ensure orphan listeners don't accept too many connections - [MINOR] listeners: add listen_full() to mark a listener full - [MINOR] listeners: add support for queueing resource limited listeners - [MEDIUM] listeners: put listeners in queue upon resource shortage - [MEDIUM] listeners: queue proxy-bound listeners at the proxy's - [MEDIUM] listeners: don't stop proxies when global maxconn is reached - [MEDIUM] listeners: don't change listeners states anymore in maintain_proxies - [CLEANUP] proxy: rename a few proxy states (PR_STIDLE and PR_STRUN) - [MINOR] stats: report a "WAITING" state for sockets waiting for resource - [MINOR] proxy: make session rate-limit more accurate - [MINOR] sessions: only wake waiting listeners up if rate limit is OK - [BUG] proxy: peers must only be stopped once, not upon every call to maintain_proxies - [CLEANUP] proxy: merge maintain_proxies() operation inside a single loop - [MINOR] task: new function task_schedule() to schedule a wake up - [MAJOR] proxy: finally get rid of maintain_proxies() - [BUG] proxy: stats frontend and peers were missing many initializers - [MEDIUM] listeners: add a global listener management task - [MINOR] proxy: make findproxy() return proxies from numeric IDs too - [DOC] fix typos, "#" is a sharp, not a dash - [MEDIUM] stats: add support for changing frontend's maxconn at runtime - [MEDIUM] checks: group health checks methods by values and save option bits - [MINOR] session-counters: add the ability to clear the counters - [BUG] check: http-check expect + regex would crash in defaults section - [MEDIUM] http: make x-forwarded-for addition conditional - [REORG] build: move syscall redefinition to specific places - [CLEANUP] update the year in the copyright banner - [BUG] possible crash in 'show table' on stats socket - [BUG] checks: use the correct destination port for sending checks - [BUG] backend: risk of picking a wrong port when mapping is used with crossed families - [MINOR] make use of set_host_port() and get_host_port() to get rid of family mismatches - [DOC] fixed a few "sensible" -> "sensitive" errors - [MINOR] make use of addr_to_str() and get_host_port() to replace many inet_ntop() - [BUG] http: trailing white spaces must also be trimmed after headers - [MINOR] stats: display "" instead of the frontend name when unknown - [MINOR] http: take a capture of too large requests and responses - [MINOR] http: take a capture of truncated responses - [MINOR] http: take a capture of bad content-lengths. - [DOC] add a few old and uncommitted docs - [CLEANUP] cfgparse: fix reported options for the "bind" keyword - [MINOR] halog: add -hs/-HS to filter by HTTP status code range - [MINOR] halog: support backslash-escaped quotes - [CLEANUP] remove dirty left-over of a debugging message - [MEDIUM] stats: disable complex socket reservation for stats socket - [CLEANUP] remove a useless test in manage_global_listener_queue() - [MEDIUM] stats: add the "set maxconn" setting to the command line interface - [MEDIUM] add support for global.maxconnrate to limit the per-process conn rate. - [MINOR] stats: report the current and max global connection rates - [MEDIUM] stats: add the ability to adjust the global maxconnrate - [BUG] peers: don't pre-allocate 65000 connections to each peer - [MEDIUM] don't limit peers nor stats socket to maxconn nor maxconnrate - [BUG] peers: the peer frontend must not emit any log - [CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs - [BUG] peers: don't keep a peers section which has a NULL frontend - [BUG] peers: ensure the peers are resumed if they were paused - [MEDIUM] stats: add the ability to enable/disable/shutdown a frontend at runtime - [MEDIUM] session: make session_shutdown() an independant function - [MEDIUM] stats: offer the possibility to kill a session from the CLI - [CLEANUP] stats: centralize tests for backend/server inputs on the CLI - [MEDIUM] stats: offer the possibility to kill sessions by server - [MINOR] halog: do not consider byte 0x8A as end of line - [MINOR] frontend: ensure debug message length is always initialized - [OPTIM] halog: make fgets parse more bytes by blocks - [OPTIM] halog: add assembly version of the field lookup code - [MEDIUM] poll: add a measurement of idle vs work time - [CLEANUP] startup: report only the basename in the usage message - [MINOR] startup: add an option to change to a new directory - [OPTIM] task: don't scan the run queue if we know it's empty - [BUILD] stats: stdint is not present on solaris - [DOC] update the README file to reflect new naming rules for patches - [MINOR] stats: report the number of requests intercepted by the frontend - [DOC] update ROADMAP file 2011/04/08 : 1.5-dev6 - [BUG] stream_sock: use get_addr_len() instead of sizeof() on sockaddr_storage - [BUG] TCP source tracking was broken with IPv6 changes - [BUG] stick-tables did not work when converting IPv6 to IPv4 - [CRITICAL] fix risk of crash when dealing with space in response cookies 2011/03/29 : 1.5-dev5 - [BUG] standard: is_addr return value for IPv4 was inverted - [MINOR] update comment about IPv6 support for server - [MEDIUM] use getaddrinfo to resolve names if gethostbyname fail - [DOC] update IPv6 support for bind - [DOC] document IPv6 support for server - [DOC] fix a minor typo - [MEDIUM] IPv6 support for syslog - [DOC] document IPv6 support for syslog - [MEDIUM] IPv6 support for stick-tables - [DOC] document IPv6 support for stick-tables - [DOC] update ROADMAP file - [BUG] session: src_conn_cur was returning src_conn_cnt instead - [MINOR] frontend: add a make_proxy_line function - [MEDIUM] stream_sock: add support for sending the proxy protocol header line - [MEDIUM] server: add support for the "send-proxy" option - [DOC] update the spec on the proxy protocol - [BUILD] proto_tcp: fix build issue with CTTPROXY - [DOC] update ROADMAP file - [MEDIUM] config: rework the IPv4/IPv6 address parser to support host-only addresses - [MINOR] cfgparse: better report wrong listening addresses and make use of str2sa_range - [BUILD] add the USE_GETADDRINFO build option - [TESTS] provide a test case for various address formats - [BUG] session: conn_retries was not always initialized - [BUG] log: retrieve the target from the session, not the SI - [BUG] http: fix possible incorrect forwarded wrapping chunk size (take 2) - [MINOR] tools: add two macros MID_RANGE and MAX_RANGE - [BUG] http: fix content-length handling on 32-bit platforms - [OPTIM] buffers: uninline buffer_forward() - [BUG] stream_sock: fix handling for server side PROXY protocol - [MINOR] acl: add support for table_cnt and table_avl matches - [DOC] update ROADMAP file 2011/03/13 : 1.5-dev4 - [MINOR] cfgparse: Check whether the path given for the stats socket actually fits into the sockaddr_un structure to avoid truncation. - [MINOR] unix sockets : inherits the backlog size from the listener - [CLEANUP] unix sockets : move create_uxst_socket() in uxst_bind_listener() - [DOC] fix a minor typo - [DOC] fix ignore-persist documentation - [MINOR] add warnings on features not compatible with multi-process mode - [BUG] http: fix http-pretend-keepalive and httpclose/tunnel mode - [MINOR] stats: add support for several packets in stats admin - [BUG] stats: admin commands must check the proxy state - [BUG] stats: admin web interface must check the proxy state - [MINOR] http: add pattern extraction method to stick on query string parameter - [MEDIUM] add internal support for IPv6 server addresses - [MINOR] acl: add be_id/srv_id to match backend's and server's id - [MINOR] log: add support for passing the forwarded hostname - [MINOR] log: ability to override the syslog tag - [MINOR] checks: add PostgreSQL health check - [DOC] update ROADMAP file - [BUILD] pattern: use 'int' instead of 'int32_t' - [OPTIM] linux: add support for bypassing libc to force using vsyscalls - [BUG] debug: report the correct poller list in verbose mode - [BUG] capture: do not capture a cookie if there is no memory left - [BUG] appsession: fix possible double free in case of out of memory - [CRITICAL] cookies: mixing cookies in indirect mode and appsession can crash the process - [BUG] http: correctly update the header list when removing two consecutive headers - [BUILD] add the CPU=native and ARCH=32/64 build options - [BUILD] add -fno-strict-aliasing to fix warnings with gcc >= 4.4 - [CLEANUP] hash: move the avalanche hash code globally available - [MEDIUM] hash: add support for an 'avalanche' hash-type - [DOC] update roadmap file - [BUG] http: do not re-enable the PROXY analyser on keep-alive - [OPTIM] http: don't send each chunk in a separate packet - [DOC] fix minor typos reported recently in the peers section - [DOC] fix another typo in the doc - [MINOR] stats: report HTTP message state and buffer flags in error dumps - [BUG] http chunking: don't report a parsing error on connection errors - [BUG] stream_interface: truncate buffers when sending error messages - [MINOR] http: support wrapping messages in error captures - [MINOR] http: capture incorrectly chunked message bodies - [MINOR] stats: add global event ID and count - [BUG] http: analyser optimizations broke pipelining - [CLEANUP] frontend: only apply TCP-specific settings to TCP/TCP6 sockets - [BUG] http: fix incorrect error reporting during data transfers - [CRITICAL] session: correctly leave turn-around and queue states on abort - [BUG] session: release slot before processing pending connections - [MINOR] tcp: add support for dynamic MSS setting - [BUG] stick-table: correctly terminate string keys during lookups - [BUG] acl: fix handling of empty lines in pattern files - [BUG] stick-table: use the private buffer when padding strings - [BUG] ebtree: fix ebmb_lookup() with len smaller than the tree's keys - [OPTIM] ebtree: ebmb_lookup: reduce stack usage by moving the return code out of the loop - [OPTIM] ebtree: inline ebst_lookup_len and ebis_lookup_len - [REVERT] undo the stick-table string key lookup fixes - [MINOR] http: improve url_param pattern extraction to ignore empty values - [BUILD] frontend: shut a warning with TCP_MAXSEG - [BUG] http: update the header list's tail when removing the last header - [DOC] fix minor typo in the proxy protocol doc - [DOC] fix typos (http-request instead of http-check) - [BUG] http: use correct ACL pointer when evaluating authentication - [BUG] cfgparse: correctly count one socket per port in ranges - [BUG] startup: set the rlimits before binding ports, not after. - [BUG] acl: srv_id must return no match when the server is NULL - [MINOR] acl: add ability to check for internal response-only parameters - [MINOR] acl: srv_id is only valid in responses - [MINOR] config: warn if response-only conditions are used in "redirect" rules - [BUG] acl: fd leak when reading patterns from file - [DOC] fix minor typo in "usesrc" - [BUG] http: fix possible incorrect forwarded wrapping chunk size - [BUG] http: fix computation of message body length after forwarding has started - [BUG] http: balance url_param did not work with first parameters on POST - [TESTS] update the url_param regression test to test check_post too - [DOC] update ROADMAP - [DOC] internal: reflect the fact that SI_ST_ASS is transient - [BUG] config: don't crash on empty pattern files. - [MINOR] stream_interface: make use of an applet descriptor for IO handlers - [REORG] stream_interface: move the st0, st1 and private members to the applet - [REORG] stream_interface: split the struct members in 3 parts - [REORG] session: move client and server address to the stream interface - [REORG] tcp: make tcpv4_connect_server() take the target address from the SI - [MEDIUM] stream_interface: store the target pointer and type - [CLEANUP] stream_interface: remove the applet.handler pointer - [MEDIUM] log: take the logged server name from the stream interface - [CLEANUP] session: remove data_source from struct session - [CLEANUP] stats: make all dump functions only rely on the stream interface - [REORG] session: move the data_ctx struct to the stream interface's applet - [MINOR] proxy: add PR_O2_DISPATCH to detect dispatch mode - [MINOR] cfgparse: only keep one of dispatch, transparent, http_proxy - [MINOR] session: add a pointer to the new target into the session - [MEDIUM] session: remove s->prev_srv which is not needed anymore - [CLEANUP] stream_interface: use inline functions to manipulate targets - [MAJOR] session: remove the ->srv pointer from struct session - [MEDIUM] stats: split frontend and backend stats - [MEDIUM] http: always evaluate http-request rules before stats http-request - [REORG] http: move the http-request rules to proto_http - [BUG] http: stats were not incremented on http-request deny - [MINOR] checks: report it if checks fail due to socket creation error 2010/11/11 : 1.5-dev3 - [DOC] fix http-request documentation - [MEDIUM] enable/disable servers from the stats web interface - [MEDIUM] stats: add an admin level - [DOC] stats: document the "stats admin" statement - [MINOR] startup: print the proxy socket which caused an error - [CLEANUP] Remove unneeded chars allocation - [MINOR] config: detect options not supported due to compilation options - [MINOR] Add pattern's fetchs payload and payload_lv - [MINOR] frontend: improve accept-proxy header parsing - [MINOR] frontend: add tcpv6 support on accept-proxy bind - [MEDIUM] Enhance message errors management on binds - [MINOR] Manage unix socket source field on logs - [MINOR] Manage unix socket source field on session dump on sock stats - [MINOR] Support of unix listener sockets for debug and log event messages on frontend.c - [MINOR] Add some tests on sockets family for port remapping and mode transparent. - [MINOR] Manage socket type unix for some logs - [MINOR] Enhance controls of socket's family on acls and pattern fetch - [MINOR] Support listener's sockets unix on http logs. - [MEDIUM] Add supports of bind on unix sockets. - [BUG] stick table purge failure if size less than 255 - [BUG] stick table entries expire on counters updates/read or show table, even if there is no "expire" parameter - [MEDIUM] Implement tcp inspect response rules - [DOC] tcp-response content and inspect - [MINOR] new acls fetch req_ssl_hello_type and rep_ssl_hello_type - [DOC] acls rep_ssl_hello and req_ssl_hello - [MEDIUM] Create new protected pattern types CONSTSTRING and CONSTDATA to force memcpy if data from protected areas need to be manipulated. - [DOC] new type binary in stick-table - [DOC] stick store-response and new patterns payload and payload_lv - [MINOR] Manage all types (ip, integer, string, binary) on cli "show table" command - [MEDIUM] Create updates tree on stick table to manage sync. - [MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management - [MEDIUM] Manage peers section parsing and stick table registration on peers. - [MEDIUM] Manage soft stop on peers proxy - [DOC] add documentation for peers section - [MINOR] checks: add support for LDAPv3 health checks - [MINOR] add better support to "mysql-check" - [BUG] Restore info about available active/backup servers - [CONTRIB] Update haproxy.pl - [CONTRIB] Update Cacti Tempates - [CONTRIB] add templates for Cacti. - [BUG] http: don't consider commas as a header delimitor within quotes - [MINOR] support a global jobs counter - [DOC] add a summary about cookie incompatibilities between specs and browsers - [DOC] fix description of cookie "insert" and "indirect" modes - [MEDIUM] http: fix space handling in the request cookie parser - [MEDIUM] http: fix space handling in the response cookie parser - [DOC] fix typo in the queue() definition (backend, not frontend) - [BUG] deinit: unbind listeners before freeing them - [BUG] stream_interface: only call si->release when both dirs are closed - [MEDIUM] buffers: rework the functions to exchange between SI and buffers - [DOC] fix typo in the avg_queue() and be_conn() definition (backend, not frontend) - [MINOR] halog: add '-tc' to sort by termination codes - [MINOR] halog: skip non-traffic logs for -st and -tc - [BUG] stream_sock: cleanly disable the listener in case of resource shortage - [BUILD] stream_sock: previous fix lacked the #include, causing a warning. - [DOC] bind option is "defer-accept", not "defer_accept" - [DOC] missing index entry for http-check send-state - [DOC] tcp-request inspect-delay is for backends too - [BUG] ebtree: string_equal_bits() could return garbage on identical strings - [BUG] stream_sock: try to flush any extra pending request data after a POST - [BUILD] proto_http: eliminate some build warnings with gcc-2.95 - [MEDIUM] make it possible to combine http-pretend-keepalived with httpclose - [MEDIUM] tcp-request : don't wait for inspect-delay to expire when the buffer is full - [MEDIUM] checks: add support for HTTP contents lookup - [TESTS] add test-check-expect to test various http-check methods - [MINOR] global: add "tune.chksize" to change the default check buffer size - [MINOR] cookie: add options "maxidle" and "maxlife" - [MEDIUM] cookie: support client cookies with some contents appended to their value - [MINOR] http: make some room in the transaction flags to extend cookies - [MINOR] cookie: add the expired (E) and old (O) flags for request cookies - [MEDIUM] cookie: reassign set-cookie status flags to store more states - [MINOR] add encode/decode function for 30-bit integers from/to base64 - [MEDIUM] cookie: check for maxidle and maxlife for incoming dated cookies - [MEDIUM] cookie: set the date in the cookie if needed - [DOC] document the cookie maxidle and maxlife parameters - [BUG] checks: don't log backend down for all zero-weight servers - [MEDIUM] checks: set server state to one state from failure when leaving maintenance - [BUG] config: report correct keywords for "observe" - [MINOR] checks: ensure that we can inherit binary checks from the defaults section - [MINOR] acl: add the http_req_first match - [DOC] fix typos about bind-process syntax - [BUG] cookie: correctly unset default cookie parameters - [MINOR] cookie: add support for the "preserve" option - [BUG] ebtree: fix duplicate strings insertion - [CONTRIB] halog: report per-url counts, errors and times - [CONTRIB] halog: minor speed improvement in timer parser - [MINOR] buffers: add a new request analyser flag for PROXY mode - [MINOR] listener: add the "accept-proxy" option to the "bind" keyword - [MINOR] standard: add read_uint() to parse a delimited unsigned integer - [MINOR] standard: change arg type from const char* to char* - [MINOR] frontend: add a new analyser to parse a proxied connection - [MEDIUM] session: call the frontend_decode_proxy analyser on proxied connections - [DOC] add the proxy protocol's specifications - [DOC] document the 'accept-proxy' bind option - [MINOR] cfgparse: report support of for the 'bind' statements - [DOC] add references to unix socket handling - [MINOR] move MAXPATHLEN definition to compat.h - [MEDIUM] unix sockets: cleanup the error reporting path - [BUG] session: don't stop forwarding of data upon last packet - [CLEANUP] accept: replace some inappropriate Alert() calls with send_log() - [BUILD] peers: shut a printf format warning (key_size is a size_t) - [BUG] accept: don't close twice upon error - [OPTIM] session: don't recheck analysers when buffer flags have not changed - [OPTIM] stream_sock: don't clear FDs that are already cleared - [BUG] proto_tcp: potential bug on pattern fetch dst and dport 2010/08/28 : 1.5-dev2 - [MINOR] startup: release unused structs after forking - [MINOR] startup: don't wait for nothing when no old pid remains - [CLEANUP] reference product branch 1.5 - [MEDIUM] signals: add support for registering functions and tasks - [MEDIUM] signals: support redistribution of signal zero when stopping - [BUG] http: don't set auto_close if more data are expected 2010/08/25 : 1.5-dev1 - [BUG] stats: session rate limit gets garbaged in the stats - [DOC] mention 'option http-server-close' effect in Tq section - [DOC] summarize and highlight persistent connections behaviour - [DOC] add configuration samples - [BUG] http: dispatch and http_proxy modes were broken for a long time - [BUG] http: the transaction must be initialized even in TCP mode - [BUG] tcp: dropped connections must be counted as "denied" not "failed" - [BUG] consistent hash: balance on all servers, not only 2 ! - [CONTRIB] halog: report per-server status codes, errors and response times - [BUG] http: the transaction must be initialized even in TCP mode (part 2) - [BUG] client: always ensure to zero rep->analysers - [BUG] session: clear BF_READ_ATTACHED before next I/O - [BUG] http: automatically close response if req is aborted - [BUG] proxy: connection rate limiting was eating lots of CPU - [BUG] http: report correct flags in case of client aborts during body - [TESTS] refine non-regression tests and add 4 new tests - [BUG] debug: wrong pointer was used to report a status line - [BUG] debug: correctly report truncated messages - [DOC] document the "dispatch" keyword - [BUG] stick_table: fix possible memory leak in case of connection error - [CLEANUP] acl: use 'L6' instead of 'L4' in ACL flags relying on contents - [MINOR] accept: count the incoming connection earlier - [CLEANUP] tcp: move some non tcp-specific layer6 processing out of proto_tcp - [CLEANUP] client: move some ACLs away to their respective locations - [CLEANUP] rename client -> frontend - [MEDIUM] separate protocol-level accept() from the frontend's - [MINOR] proxy: add a list to hold future layer 4 rules - [MEDIUM] config: parse tcp layer4 rules (tcp-request accept/reject) - [MEDIUM] tcp: check for pure layer4 rules immediately after accept() - [OPTIM] frontend: tell the compiler that errors are unlikely to occur - [MEDIUM] frontend: check for LI_O_TCP_RULES in the listener - [MINOR] frontend: only check for monitor-net rules if LI_O_CHK_MONNET is set - [CLEANUP] buffer->cto is not used anymore - [MEDIUM] session: finish session establishment sequence in with I/O handlers - [MEDIUM] session: initialize server-side timeouts after connect() - [MEDIUM] backend: initialize the server stream_interface upon connect() - [MAJOR] frontend: don't initialize the server-side stream_int anymore - [MEDIUM] session: move the conn_retries attribute to the stream interface - [MEDIUM] session: don't assign conn_retries upon accept() anymore - [MINOR] frontend: rely on the frontend and not the backend for INDEPSTR - [MAJOR] frontend: reorder the session initialization upon accept - [MINOR] proxy: add an accept() callback for the application layer - [MAJOR] frontend: split accept() into frontend_accept() and session_accept() - [MEDIUM] stats: rely on the standard session_accept() function - [MINOR] buffer: refine the flags that may wake an analyser up. - [MINOR] stream_sock: don't dereference a non-existing frontend - [MINOR] session: differenciate between accepted connections and received connections - [MEDIUM] frontend: count the incoming connection earlier - [MINOR] frontend: count denied TCP requests separately - [CLEANUP] stick_table: add/clarify some comments - [BUILD] memory: add a few missing parenthesis to the pool management macros - [MINOR] stick_table: add support for variable-sized data - [CLEANUP] stick_table: rename some stksess struct members to avoid confusion - [CLEANUP] stick_table: move pattern to key functions to stick_table.c - [MEDIUM] stick_table: add room for extra data types - [MINOR] stick_table: add support for "conn_cum" data type. - [MEDIUM] stick_table: don't overwrite data when storing an entry - [MINOR] config: initialize stick tables after all the parsing - [MINOR] stick_table: provide functions to return stksess data from a type - [MEDIUM] stick_table: move the server ID to a generic data type - [MINOR] stick_table: enable it for frontends too - [MINOR] stick_table: export the stick_table_key - [MINOR] tcp: add per-source connection rate limiting - [MEDIUM] stick_table: separate storage and update of session entries - [MEDIUM] stick-tables: add a reference counter to each entry - [MINOR] session: add a pointer to the tracked counters for the source - [CLEANUP] proto_tcp: make the config parser a little bit more flexible - [BUG] config: report the correct proxy type in tcp-request errors - [MINOR] config: provide a function to quote args in a more friendly way - [BUG] stick_table: the fix for the memory leak caused a regression - [MEDIUM] backend: support servers on 0.0.0.0 - [BUG] stick-table: correctly refresh expiration timers - [MEDIUM] stream-interface: add a ->release callback - [MINOR] proxy: add a "parent" member to the structure - [MEDIUM] session: make it possible to call an I/O handler on both SI - [MINOR] tools: add a fast div64_32 function - [MINOR] freq_ctr: add new types and functions for periods different from 1s - [MINOR] errors: provide new status codes for config parsing functions - [BUG] http: denied requests must not be counted as denied resps in listeners - [MINOR] tools: add a get_std_op() function to parse operators - [MEDIUM] acl: make use of get_std_op() to parse intger ranges - [MAJOR] stream_sock: better wakeup conditions on read() - [BUG] session: analysers must be checked when SI state changes - [MINOR] http: reset analysers to listener's, not frontend's - [MEDIUM] session: support "tcp-request content" rules in backends - [BUILD] always match official tags when doing git-tar - [MAJOR] stream_interface: fix the wakeup conditions for embedded iohandlers - [MEDIUM] buffer: make buffer_feed* support writing non-contiguous chunks - [MINOR] tcp: src_count acl does not have a permanent result - [MAJOR] session: add track-counters to track counters related to the session - [MINOR] stick-table: provide a table lookup function - [MINOR] stick-table: use suffix "_cnt" for cumulated counts - [MEDIUM] session: move counter ACL fetches from proto_tcp - [MEDIUM] session: add concurrent connections counter - [MEDIUM] session: add data in and out volume counters - [MINOR] session: add the trk_conn_cnt ACL keyword to track connection counts - [MEDIUM] session-counters: automatically update tracked connection count - [MINOR] session: add the trk_conn_cur ACL keyword to track concurrent connection - [MINOR] session: add trk_kbytes_* ACL keywords to track data size - [MEDIUM] session: add a counter on the cumulated number of sessions - [MINOR] config: support a comma-separated list of store data types in stick-table - [MEDIUM] stick-tables: add support for arguments to data_types - [MEDIUM] stick-tables: add stored data argument type checking - [MEDIUM] session counters: add conn_rate and sess_rate counters - [MEDIUM] session counters: add bytes_in_rate and bytes_out_rate counters - [MINOR] stktable: add a stktable_update_key() function - [MINOR] session-counters: add a general purpose counter (gpc0) - [MEDIUM] session-counters: add HTTP req/err tracking - [MEDIUM] stats: add "show table []" to dump a stick-table - [MEDIUM] stats: add "clear table key " to clear table entries - [CLEANUP] stick-table: declare stktable_data_types as extern - [MEDIUM] stick-table: make use of generic types for stored data - [MINOR] stats: correctly report errors on "show table" and "clear table" - [MEDIUM] stats: add the ability to dump table entries matching criteria - [DOC] configuration: document all the new tracked counters - [DOC] stats: document "show table" and "clear table" - [MAJOR] session-counters: split FE and BE track counters - [MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules - [MEDIUM] session counters: automatically remove expired entries. - [MEDIUM] config: replace 'tcp-request ' with "tcp-request connection" - [MEDIUM] session-counters: make it possible to count connections from frontend - [MINOR] session-counters: use "track-sc{1,2}" instead of "track-{fe,be}-counters" - [MEDIUM] session-counters: correctly unbind the counters tracked by the backend - [CLEANUP] stats: use stksess_kill() to remove table entries - [DOC] update the references to session counters and to tcp-request connection - [DOC] cleanup: split a few long lines - [MEDIUM] http: forward client's close when abortonclose is set - [BUG] queue: don't dequeue proxy-global requests on disabled servers - [BUG] stats: global stats timeout may be specified before stats socket. - [BUG] conf: add tcp-request content rules to the correct list 2010/05/23 : 1.5-dev0 - exact copy of 1.4.6 2010/05/16 : 1.4.6 - [BUILD] ebtree: update to v6.0.1 to remove references to dprintf() - [CLEANUP] acl: make use of eb_is_empty() instead of open coding the tree's emptiness test - [MINOR] acl: add srv_is_up() to check that a specific server is up or not - [DOC] add a few precisions about the use of RDP cookies 2010/05/13 : 1.4.5 - [DOC] report minimum kernel version for tproxy in the Makefile - [MINOR] add the "ignore-persist" option to conditionally ignore persistence - [DOC] add the "ignore-persist" option to conditionally ignore persistence - [DOC] fix ignore-persist/force-persist documentation - [BUG] cttproxy: socket fd leakage in check_cttproxy_version - [DOC] doc/configuration.txt: fix typos - [MINOR] option http-pretend-keepalive is both for FEs and BEs - [MINOR] fix possible crash in debug mode with invalid responses - [MINOR] halog: add support for statisticts on status codes - [OPTIM] halog: use a faster zero test in fgets() - [OPTIM] halog: minor speedup by using unlikely() - [OPTIM] halog: speed up fgets2-64 by about 10% - [DOC] refresh the README file and merge the CONTRIB file into it - [MINOR] acl: support loading values from files - [MEDIUM] ebtree: upgrade to version 6.0 - [MINOR] acl trees: add flags and union members to store values in trees - [MEDIUM] acl: add ability to insert patterns in trees - [MEDIUM] acl: add tree-based lookups of exact strings - [MEDIUM] acl: add tree-based lookups of networks - [MINOR] acl: ignore empty lines and comments in pattern files - [MINOR] stick-tables: add support for "stick on hdr" 2010/04/07 : 1.4.4 - [BUG] appsession should match the whole cookie name - [CLEANUP] proxy: move PR_O_SSL3_CHK to options2 to release one flag - [MEDIUM] backend: move the transparent proxy address selection to backend - [MINOR] add very fast IP parsing functions - [MINOR] add new tproxy flags for dynamic source address binding - [MEDIUM] add ability to connect to a server from an IP found in a header - [BUILD] config: last patch breaks build without CONFIG_HAP_LINUX_TPROXY - [MINOR] http: make it possible to pretend keep-alive when doing close - [MINOR] config: report "default-server" instead of "(null)" in error messages 2010/03/30 : 1.4.3 - [CLEANUP] stats: remove printf format warning in stats_dump_full_sess_to_buffer() - [MEDIUM] session: better fix for connection to servers with closed input - [DOC] indicate in the doc how to bind to port ranges - [BUG] backend: L7 hashing must not be performed on incomplete requests - [TESTS] add a simple program to test connection resets - [MINOR] cli: "show errors" should display "backend " when backend was not used - [MINOR] config: emit warnings when HTTP-only options are used in TCP mode - [MINOR] config: allow "slowstart 0s" - [BUILD] 'make tags' did not consider files ending in '.c' - [MINOR] checks: add the ability to disable a server in the config 2010/03/17 : 1.4.2 - [CLEANUP] product branch update - [DOC] Some more documentation cleanups - [BUG] clf logs segfault when capturing a non existant header - [OPTIM] config: only allocate check buffer when checks are enabled - [MEDIUM] checks: support multi-packet health check responses - [CLEANUP] session: remove duplicate test - [BUG] http: don't wait for response data to leave buffer is client has left - [MINOR] proto_uxst: set accept_date upon accept() to the wall clock time - [MINOR] stats: don't send empty lines in "show errors" - [MINOR] stats: make the data dump function reusable for other purposes - [MINOR] stats socket: add show sess to dump details about a session - [BUG] stats: connection reset counters must be plain ascii, not HTML - [BUG] url_param hash may return a down server - [MINOR] force null-termination of hostname - [MEDIUM] connect to servers even when the input has already been closed - [BUG] don't merge anonymous ACLs ! - [BUG] config: fix endless loop when parsing "on-error" - [MINOR] http: don't mark a server as failed when it returns 501/505 - [OPTIM] checks: try to detect the end of response without polling again - [BUG] checks: don't report an error when recv() returns an error after data - [BUG] checks: don't abort when second poll returns an error - [MINOR] checks: make shutdown() silently fail - [BUG] http: fix truncated responses on chunk encoding when size divides buffer size - [BUG] init: unconditionally catch SIGPIPE - [BUG] checks: don't wait for a close to start parsing the response 2010/03/04 : 1.4.1 - [BUG] Clear-cookie path issue - [DOC] fix typo on stickiness rules - [BUILD] fix BSD and OSX makefiles for missing files - [BUILD] includes order breaks OpenBSD build - [BUILD] fix some build warnings on Solaris with is* macros - [BUG] logs: don't report "last data" when we have just closed after an error - [BUG] logs: don't report "proxy request" when server closes early - [BUILD] fix platform-dependant build issues related to crypt() - [STATS] count transfer aborts caused by client and by server - [STATS] frontend requests were not accounted for failed requests - [MINOR] report total number of processed connections when stopping a proxy - [DOC] be more clear about the limitation to one single monitor-net entry 2010/02/26 : 1.4.0 - [MINOR] stats: report maint state for tracking servers too - [DOC] fix summary to add pattern extraction - [DOC] Documentation cleanups - [BUG] cfgparse memory leak and missing free calls in deinit() - [BUG] pxid/puid/luid: don't shift IDs when some of them are forced - [EXAMPLES] add auth.cfg - [BUG] uri_auth: ST_SHLGNDS should be 0x00000008 not 0x0000008 - [BUG] uri_auth: do not attemp to convert uri_auth -> http-request more than once - [BUILD] auth: don't use unnamed unions - [BUG] config: report unresolvable host names as errors - [BUILD] fix build breakage with DEBUG_FULL - [DOC] fix a typo about timeout check and clarify the explanation. - [MEDIUM] http: don't use trash to realign large buffers - [STATS] report HTTP requests (total and rate) in frontends - [STATS] separate frontend and backend HTTP stats - [MEDIUM] http: revert to use a swap buffer for realignment - [MINOR] stats: report the request rate in frontends as cell titles - [MINOR] stats: mark areas with an underline when tooltips are available - [DOC] reorder some entries to maintain the alphabetical order - [DOC] cleanup of the keyword matrix 2010/02/02 : 1.4-rc1 - [MEDIUM] add a maintenance mode to servers - [MINOR] http-auth: last fix was wrong - [CONTRIB] add base64rev-gen.c that was used to generate the base64rev table. - [MINOR] Base64 decode - [MINOR] generic auth support with groups and encrypted passwords - [MINOR] add ACL_TEST_F_NULL_MATCH - [MINOR] http-request: allow/deny/auth support for frontend/backend/listen - [MINOR] acl: add http_auth and http_auth_group - [MAJOR] use the new auth framework for http stats - [DOC] add info about userlists, http-request and http_auth/http_auth_group acls - [STATS] make it possible to change a CLI connection timeout - [BUG] patterns: copy-paste typo in type conversion arguments - [MINOR] pattern: make the converter more flexible by supporting void* and int args - [MINOR] standard: str2mask: string to netmask converter - [MINOR] pattern: add support for argument parsers for converters - [MINOR] pattern: add the "ipmask()" converting function - [MINOR] config: off-by-one in "stick-table" after list of converters - [CLEANUP] acl, patterns: make use of my_strndup() instead of malloc+memcpy - [BUG] restore accidentely removed line in last patch ! - [MINOR] checks: make the HTTP check code add the CRLF itself - [MINOR] checks: add the server's status in the checks - [BUILD] halog: make without arch-specific optimizations - [BUG] halog: fix segfault in case of empty log in PCT mode (cherry picked from commit fe362fe4762151d209b9656639ee1651bc2b329d) - [MINOR] http: disable keep-alive when process is going down - [MINOR] acl: add build_acl_cond() to make it easier to add ACLs in config - [CLEANUP] config: use build_acl_cond() instead of parse_acl_cond() - [CLEANUP] config: use warnif_cond_requires_resp() to check for bad ACLs - [MINOR] prepare req_*/rsp_* to receive a condition - [CLEANUP] config: specify correct const char types to warnif_* functions - [MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords - [MEDIUM] http: make the request filter loop check for optional conditions - [MEDIUM] http: add support for conditional request filter execution - [DOC] add some build info about the AIX platform (cherry picked from commit e41914c77edbc40aebf827b37542d37d758e371e) - [MEDIUM] http: add support for conditional request header addition - [MEDIUM] http: add support for conditional response header rewriting - [DOC] add some missing ACLs about response header matching - [MEDIUM] http: add support for proxy authentication - [MINOR] http-auth: make the 'unless' keyword work as expected - [CLEANUP] config: use build_acl_cond() to simplify http-request ACL parsing - [MEDIUM] add support for anonymous ACLs - [MEDIUM] http: switch to tunnel mode after status 101 responses - [MEDIUM] http: stricter processing of the CONNECT method - [BUG] config: reset check request to avoid double free when switching to ssl/sql - [MINOR] config: fix too large ssl-hello-check message. - [BUG] fix error response in case of server error 2010/01/25 : 1.4-dev8 - [CLEANUP] Keep in sync "defaults" support between documentation and code - [MEDIUM] http: add support for Proxy-Connection header - [CRITICAL] buffers: buffer_insert_line2 must not change the ->w entry - [MINOR] http: remove a copy-paste typo in transaction cleaning - [BUG] http: trim any excess buffer data when recycling a connection 2010/01/25 : 1.4-dev7 - [BUG] appsession: possible memory leak in case of out of memory condition - [MINOR] config: don't accept 'appsession' in defaults section - [MINOR] Add function to parse a size in configuration - [MEDIUM] Add stick table (persistence) management functions and types - [MEDIUM] Add pattern fetch management types and functions - [MEDIUM] Add src dst and dport pattern fetches. - [MEDIUM] Add stick table configuration and init. - [MEDIUM] Add stick and store rules analysers. - [MINOR] add option "mysql-check" to use MySQL health checks - [BUG] health checks: fix requeued message - [OPTIM] remove SSP_O_VIA and SSP_O_STATUS - [BUG] checks: fix newline termination - [MINOR] acl: add fe_id/so_id to match frontend's and socket's id - [BUG] appsession's sessid must be reset at end of transaction - [BUILD] appsession did not build anymore under gcc-2.95 - [BUG] server redirection used an uninitialized string. - [MEDIUM] http: fix handling of message pointers - [MINOR] http: fix double slash prefix with server redirect - [MINOR] http redirect: add the ability to append a '/' to the URL - [BUG] stream_interface: fix retnclose and remove cond_close - [MINOR] http redirect: don't explicitly state keep-alive on 1.1 - [MINOR] http: move appsession 'sessid' from session to http_txn - [OPTIM] reorder http_txn to optimize cache lines placement - [MINOR] http: differentiate waiting for new request and waiting for a complete requst - [MINOR] http: add a separate "http-keep-alive" timeout - [MINOR] config: remove undocumented and buggy 'timeout appsession' - [DOC] fix various too large lines - [DOC] remove several trailing spaces - [DOC] add the doc about stickiness - [BUILD] remove a warning in standard.h on AIX - [BUG] checks: chars are unsigned on AIX, check was always true - [CLEANUP] stream_sock: MSG_NOSIGNAL is only for send(), not recv() - [BUG] check: we must not check for error before reading a response - [BUG] buffers: remove remains of wrong obsolete length check - [OPTIM] stream_sock: don't shutdown(write) when the socket is in error - [BUG] http: don't count req errors on client resets or t/o during keep-alive - [MEDIUM] http: don't switch to tunnel mode upon close - [DOC] add documentation about connection header processing - [MINOR] http: add http_remove_header2() to remove a header value. - [MINOR] tools: add a "word_match()" function to match words and ignore spaces - [MAJOR] http: rework request Connection header handling - [MAJOR] http: rework response Connection header handling - [MINOR] add the ability to force kernel socket buffer size. - [BUG] http_server_error() must not purge a previous pending response - [OPTIM] http: don't delay response if next request is incomplete - [MINOR] add the "force-persist" statement to force persistence on down servers - [MINOR] http: logs must report persistent connections to down servers - [BUG] buffer_replace2 must never change the ->w entry 2010/01/08 : 1.4-dev6 - [BUILD] warning in stream_interface.h - [BUILD] warning ultoa_r returns char * - [MINOR] hana: only report stats if it is enabled - [MINOR] stats: add "a link" & "a href" for sockets - [MINOR]: stats: add show-legends to report additional informations - [MEDIUM] default-server support - [BUG]: add 'observer', 'on-error', 'error-limit' to supported options list - [MINOR] stats: add href to tracked server - [BUG] stats: show UP/DOWN status also in tracking servers - [DOC] Restore ability to search a keyword at the beginning of a line - [BUG] stats: cookie should be reported under backend not under proxy - [BUG] cfgparser/stats: fix error message - [BUG] http: disable auto-closing during chunk analysis - [BUG] http: fix hopefully last closing issue on data forwarding - [DEBUG] add an http_silent_debug function to debug HTTP states - [MAJOR] http: fix again the forward analysers - [BUG] http_process_res_common() must not skip the forward analyser - [BUG] http: some possible missed close remain in the forward chain - [BUG] http: redirect needed to be updated after recent changes - [BUG] http: don't set no-linger on response in case of forced close - [MEDIUM] http: restore the original behaviour of option httpclose - [TESTS] add a file to test various connection modes - [BUG] http: check options before the connection header - [MAJOR] session: fix the order by which the analysers are run - [MEDIUM] session: also consider request analysers added during response - [MEDIUM] http: make safer use of the DONT_READ and AUTO_CLOSE flags - [BUG] http: memory leak with captures when using keep-alive - [BUG] http: fix for capture memory leak was incorrect - [MINOR] http redirect: use proper call to return last response - [MEDIUM] http: wait for some flush of the response buffer before a new request - [MEDIUM] session: limit the number of analyser loops 2010/01/03 : 1.4-dev5 - [MINOR] server tracking: don't care about the tracked server's mode - [MEDIUM] appsession: add "len", "prefix" and "mode" options - [MEDIUM] appsession: add the "request-learn" option - [BUG] Configuration parser bug when escaping characters - [MINOR] CSS & HTML fun - [MINOR] Collect & provide http response codes received from servers - [BUG] Fix silly typo: hspr_other -> hrsp_other - [MINOR] Add "a name" to stats page - [MINOR] add additional "a href"s to stats page - [MINOR] Collect & provide http response codes for frontends, fix backends - [DOC] some small spell fixes and unifications - [MEDIUM] Decrease server health based on http responses / events, version 3 - [BUG] format '%d' expects type 'int', but argument 5 has type 'long int' - [BUG] config: fix erroneous check on cookie domain names, again - [BUG] Healthchecks: get a proper error code if connection cannot be completed immediately - [DOC] trivial fix for man page - [MINOR] config: report all supported options for the "bind" keyword - [MINOR] tcp: add support for the defer_accept bind option - [MINOR] unix socket: report the socket path in case of bind error - [CONTRIB] halog: support searching by response time - [DOC] add a reminder about obsolete documents - [DOC] point to 1.4 doc, not 1.3 - [DOC] option tcp-smart-connect was missing from index - [MINOR] http: detect connection: close earlier - [CLEANUP] sepoll: clean up the fd_clr/fd_set functions - [OPTIM] move some rarely used fields out of fdtab - [MEDIUM] fd: merge fd_list into fdtab - [MAJOR] buffer: flag BF_DONT_READ to disable reads when not required - [MINOR] http: add new transaction flags for keep-alive and content-length - [MEDIUM] http request: parse connection, content-length and transfer-encoding - [MINOR] http request: update the TX_SRV_CONN_KA flag on rewrite - [MINOR] http request: simplify the test of no-data - [MEDIUM] http request: simplify POST length detection - [MEDIUM] http request: make use of pre-parsed transfer-encoding header - [MAJOR] http: create the analyser which waits for a response - [MINOR] http: pre-set the persistent flags in the transaction - [MEDIUM] http response: check body length and set transaction flags - [MINOR] http response: update the TX_CLI_CONN_KA flag on rewrite - [MINOR] http: remove the last call to stream_int_return - [IMPORT] import ebtree v5.0 into directory ebtree/ - [MEDIUM] build: switch ebtree users to use new ebtree version - [CLEANUP] ebtree: remove old unused files - [BUG] definitely fix regparm issues between haproxy core and ebtree - [CLEANUP] ebtree: cast to char * to get rid of gcc warning - [BUILD] missing #ifndef in ebmbtree.h - [BUILD] missing #ifndef in ebsttree.h - [MINOR] tools: add hex2i() function to convert hex char to int - [MINOR] http: create new MSG_BODY sub-states - [BUG] stream_sock: BUF_INFINITE_FORWARD broke splice on 64-bit platforms - [DOC] option is "defer-accept", not "defer_accept" - [MINOR] http: keep pointer to beginning of data - [BUG] x-original-to: name was not set in default instance - [MINOR] http: detect tunnel mode and set it in the session - [BUG] config: fix error message when config file is not found - [BUG] config: fix wrong handling of too large argument count - [BUG] config: disable 'option httplog' on TCP proxies - [BUG] config: fix erroneous check on cookie domain names - [BUG] config: cookie domain was ignored in defaults sections - [MINOR] config: support passing multiple "domain" statements to cookies - [MINOR] ebtree: add functions to lookup non-null terminated strings - [MINOR] config: don't report error on all subsequent files on failure - [BUG] second fix for the printf format warning - [BUG] check_post: limit analysis to the buffer length - [MEDIUM] http: process request body in a specific analyser - [MEDIUM] backend: remove HTTP POST parsing from get_server_ph_post() - [MAJOR] http: completely process the "connection" header - [MINOR] http: only consider chunk encoding with HTTP/1.1 - [MAJOR] buffers: automatically compute the maximum buffer length - [MINOR] http: move the http transaction init/cleanup code to proto_http - [MINOR] http: move 1xx handling earlier to eliminate a lot of ifs - [MINOR] http: introduce a new synchronisation state : HTTP_MSG_DONE - [MEDIUM] http: rework chunk-size parser - [MEDIUM] http: add a new transaction flags indicating if we know the transfer length - [MINOR] buffers: add buffer_ignore() to skip some bytes - [BUG] http: offsets are relative to the buffer, not to ->som - [MEDIUM] http: automatically re-aling request buffer - [BUG] http: body parsing must consider the start of message - [MINOR] new function stream_int_cond_close() - [MAJOR] http: implement body parser - [BUG] http: typos on several unlikely() around header insertion - [BUG] stream_sock: wrong max computation on recv - [MEDIUM] http: rework the buffer alignment logic - [BUG] buffers: wrong size calculation for displaced data - [MINOR] stream_sock: prepare for closing when all pending data are sent - [MEDIUM] http: add two more states for the closing period - [MEDIUM] http: properly handle "option forceclose" - [MINOR] stream_sock: add SI_FL_NOLINGER for faster close - [MEDIUM] http: make forceclose use SI_FL_NOLINGER - [MEDIUM] session: set SI_FL_NOLINGER when aborting on write timeouts - [MEDIUM] http: add some SI_FL_NOLINGER around server errors - [MINOR] config: option forceclose is valid in frontends too - [BUILD] halog: insufficient include path in makefile - [MEDIUM] http: make the analyser not rely on msg being initialized anymore - [MEDIUM] http: make the parsers able to wait for a buffer flush - [MAJOR] http: add support for option http-server-close - [BUG] http: ensure we abort data transfer on write error - [BUG] last fix was overzealous and disabled server-close - [BUG] http: fix erroneous trailers size computation - [MINOR] stream_sock: enable MSG_MORE when forwarding finite amount of data - [OPTIM] http: set MSG_MORE on response when a pipelined request is pending - [BUG] http: redirects were broken by chunk changes - [BUG] http: the request URI pointer is relative to the buffer - [OPTIM] http: don't immediately enable reading on request - [MINOR] http: move redirect messages to HTTP/1.1 with a content-length - [BUG] http: take care of errors, timeouts and aborts during the data phase - [MINOR] http: don't wait for sending requests to the server - [MINOR] http: make the conditional redirect support keep-alive - [BUG] http: fix cookie parser to support spaces and commas in values - [MINOR] config: some options were missing for "redirect" - [MINOR] redirect: add support for unconditional rules - [MINOR] config: centralize proxy struct initialization - [MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements - [MEDIUM] config: remove the limitation of 10 config files - [CLEANUP] http: remove a remaining impossible condition - [OPTIM] http: optimize a bit the construct of the forward loops 2009/10/12 : 1.4-dev4 - [DOC] add missing rate_lim and rate_max - [MAJOR] struct chunk rework - [MEDIUM] Health check reporting code rework + health logging, v3 - [BUG] check if rise/fall has an argument and it is > 0 - [MINOR] health checks logging unification - [MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 - [MINOR] Allow dots in show-node & add "white-space: nowrap" in th.pxname. - [DOC] Add information about http://haproxy.1wt.eu/contrib.html - [MINOR] Introduce include/types/counters.h - [CLEANUP] Move counters to dedicated structures - [MINOR] Add "clear counters" to clear statistics counters - [MEDIUM] Collect & provide separate statistics for sockets, v2 - [BUG] Fix NULL pointer dereference in stats_check_uri_auth(), v2 - [MINOR] acl: don't report valid acls as potential mistakes - [MINOR] Add cut_crlf(), ltrim(), rtrim() and alltrim() - [MINOR] Add chunk_htmlencode and chunk_asciiencode - [MINOR] Capture & display more data from health checks, v2 - [BUG] task.c: don't assing last_timer to node-less entries - [BUG] http stats: large outputs sometimes got some parts chopped off - [MINOR] backend: export some functions to recount servers - [MINOR] backend: uninline some LB functions - [MINOR] include time.h from freq_ctr.h as is uses "now". - [CLEANUP] backend: move LB algos to individual files - [MINOR] lb_map: reorder code in order to ease integration of new hash functions - [CLEANUP] proxy: move last lb-specific bits to their respective files - [MINOR] backend: separate declarations of LB algos from their lookup method - [MINOR] backend: reorganize the LB algorithm selection - [MEDIUM] backend: introduce the "static-rr" LB algorithm - [MINOR] report list of supported pollers with -vv - [DOC] log-health-checks is an option, not a directive - [MEDIUM] new option "independant-streams" to stop updating read timeout on writes - [BUG] stats: don't call buffer_shutw(), but ->shutw() instead - [MINOR] stats: strip CR and LF from the input command line - [BUG] don't refresh timeouts late after detected activity - [MINOR] stats_dump_errors_to_buffer: use buffer_feed_chunk() - [MINOR] stats_dump_sess_to_buffer: use buffer_feed_chunk() - [MINOR] stats: make stats_dump_raw_to_buffer() use buffer_feed_chunk - [MEDIUM] stats: don't use s->ana_state anymore - [MINOR] remove now obsolete ana_state from the session struct - [MEDIUM] stats: make HTTP stats use an I/O handler - [MEDIUM] stream_int: adjust WAIT_ROOM handling - [BUG] config: look for ID conflicts in all sockets, not only last ones. - [MINOR] config: reference file and line with any listener/proxy/server declaration - [MINOR] config: report places of duplicate names or IDs - [MINOR] config: add pointer to file name in block/redirect/use_backend/monitor rules - [MINOR] tools: add a new get_next_id() function - [MEDIUM] config: automatically find unused IDs for proxies, servers and listeners - [OPTIM] counters: move some max numbers to the counters struct - [BUG] counters: fix segfault on missing counters for a listener - [MEDIUM] backend: implement consistent hashing variation - [MINOR] acl: add fe_conn, be_conn, queue, avg_queue - [MINOR] stats: use 'clear counters all' to clear all values - [MEDIUM] add access restrictions to the stats socket - [MINOR] buffers: add buffer_feed2() and make buffer_feed() measure string length - [MINOR] proxy: provide function to retrieve backend/server pointers - [MINOR] add the "initial weight" to the server struct. - [MEDIUM] stats: add the "get weight" command to report a server's weight - [MEDIUM] stats: add the "set weight" command - [BUILD] add a 'make tags' target - [MINOR] stats: add support for numeric IDs in set weight/get weight - [MINOR] stats: use a dedicated state to output static data - [OPTIM] stats: check free space before trying to print 2009/09/24 : 1.4-dev3 - [BUILD] compilation of haproxy-1.4-dev2 on FreeBSD - [MEDIUM] Collect & show information about last health check, v3 - [MINOR] export the hostname variable so that all the code can access it - [MINOR] stats: add a new node-name setting - [MEDIUM] remove old experimental tcpsplice option - [BUILD] fix build for systems without SOL_TCP - [MEDIUM] move connection establishment from backend to the SI. - [MEDIUM] make the global stats socket part of a frontend - [MEDIUM] session: account per-listener connections - [MINOR] session: switch to established state if no connect function - [MEDIUM] make the unix stats sockets use the generic session handler - [CLEANUP] unix: remove uxst_process_session() - [CLEANUP] move remaining stats sockets code to dumpstats - [MINOR] move the initial task's nice value to the listener - [MINOR] cleanup set_session_backend by using pre-computed analysers - [MINOR] set s->srv_error according to the analysers - [MEDIUM] set rep->analysers from fe and be analysers - [MEDIUM] replace BUFSIZE with buf->size in computations - [MEDIUM] make it possible to change the buffer size in the configuration - [MEDIUM] report error on buffer writes larger than buffer size - [MEDIUM] stream_interface: add and use ->update function to resync - [CLEANUP] remove ifdef MSG_NOSIGNAL and define it instead - [MEDIUM] remove TCP_CORK and make use of MSG_MORE instead - [BUG] tarpit did not work anymore - [MINOR] acl: add support for hdr_ip to match IP addresses in headers - [MAJOR] buffers: fix misuse of the BF_SHUTW_NOW flag - [MINOR] buffers: provide more functions to handle buffer data - [MEDIUM] buffers: provide new buffer_feed*() function - [MINOR] buffers: add peekchar and peekline functions for stream interfaces - [MINOR] buffers: provide buffer_si_putchar() to send a char from a stream interface - [BUG] buffer_forward() would not correctly consider data already scheduled - [MINOR] buffers: add buffer_cut_tail() to cut only unsent data - [MEDIUM] stream_interface: make use of buffer_cut_tail() to report errors - [MAJOR] http: add support for HTTP 1xx informational responses - [MINOR] buffers: inline buffer_si_putchar() - [MAJOR] buffers: split BF_WRITE_ENA into BF_AUTO_CONNECT and BF_AUTO_CLOSE - [MAJOR] buffers: fix the BF_EMPTY flag's meaning - [BUG] stream_interface: SI_ST_CLO must have buffers SHUT - [MINOR] stream_sock: don't set SI_FL_WAIT_DATA if BF_SHUTW_NOW is set - [MEDIUM] add support for infinite forwarding - [BUILD] stream_interface: fix conflicting declaration - [BUG] buffers: buffer_forward() must not always clear BF_OUT_EMPTY - [BUG] variable buffer size ignored at initialization time - [MINOR] ensure that buffer_feed() and buffer_skip() set BF_*_PARTIAL - [BUG] fix buffer_skip() and buffer_si_getline() to correctly handle wrap-arounds - [MINOR] stream_interface: add SI_FL_DONT_WAKE flag - [MINOR] stream_interface: add iohandler callback - [MINOR] stream_interface: add functions to support running as internal/external tasks - [MEDIUM] session: call iohandler for embedded tasks (applets) - [MINOR] add a ->private member to the stream_interface - [MEDIUM] stats: prepare the connection for closing before dumping - [MEDIUM] stats: replace the stats socket analyser with an SI applet 2009/08/09 : 1.4-dev2 - [BUG] task: fix possible crash when some timeouts are not configured - [BUG] log: option tcplog would log to global if no logger was defined 2009/07/29 : 1.4-dev1 - [MINOR] acl: add support for matching of RDP cookies - [MEDIUM] add support for RDP cookie load-balancing - [MEDIUM] add support for RDP cookie persistence - [MINOR] add a new CLF log format - [MINOR] startup: don't imply -q with -D - [BUG] ensure that we correctly re-start old process in case of error - [MEDIUM] add support for binding to source port ranges during connect - [MINOR] config: track "no option"/"option" changes - [MINOR] config: support resetting options do default values - [MEDIUM] implement option tcp-smart-accept at the frontend - [MEDIUM] stream_sock: implement tcp-cork for use during shutdowns on Linux - [MEDIUM] implement tcp-smart-connect option at the backend - [MEDIUM] add support for TCP MSS adjustment for listeners - [MEDIUM] support setting a server weight to zero - [MINOR] make DEFAULT_MAXCONN user-configurable at build time - [MAJOR] session: don't clear buffer status flags anymore - [MAJOR] session: only check for timeouts when they have just occurred. - [MAJOR] session: simplify buffer error handling - [MEDIUM] config: split parser and checker in two functions - [MEDIUM] config: support loading multiple configuration files - [MEDIUM] stream_sock: don't close prematurely when nolinger is set - [MEDIUM] session: rework buffer analysis to permit permanent analysers - [MEDIUM] splice: set the capability on each stream_interface - [BUG] http: redirect rules were processed too early - [CLEANUP] remove unused DEBUG_PARSE_NO_SPEEDUP define - [MEDIUM] http: split request waiter from request processor - [MEDIUM] session: tell analysers what bit they were called for - [MAJOR] http: complete splitting of the remaining stages - [MINOR] report in the proxies the requirements for ACLs - [MINOR] http: rely on proxy->acl_requires to allocate hdr_idx - [MINOR] acl: add HTTP protocol detection (req_proto_http) - [MINOR] prepare callers of session_set_backend to handle errors - [BUG] default ACLs did not properly set the ->requires flag - [MEDIUM] allow a TCP frontend to switch to an HTTP backend - [MINOR] ensure we can jump from swiching rules to http without data - [MINOR] http: take http request timeout from the backend - [MINOR] allow TCP inspection rules to make use of HTTP ACLs - [BUILD] report commit date and not author's date as build date - [MINOR] acl: don't complain anymore when using L7 acls in TCP - [BUG] stream_sock: always shutdown(SHUT_WR) before closing - [BUG] stream_sock: don't stop reading when the poller reports an error - [BUG] config: tcp-request content only accepts "if" or "unless" - [BUG] task: fix possible timer drift after update - [MINOR] apply tcp-smart-connect option for the checks too - [MINOR] stats: better displaying in MSIE - [MINOR] config: improve error reporting in global section - [MINOR] config: improve error reporting in listen sections - [MINOR] config: the "capture" keyword is not allowed in backends - [MINOR] config: improve error reporting when checking configuration - [BUILD] fix a minor build warning on AIX - [BUILD] use "git cmd" instead of "git-cmd" - [CLEANUP] report 2009 not 2008 in the copyright banner. - [MINOR] print usage on the stats sockets upon invalid commands - [MINOR] acl: detect and report potential mistakes in ACLs - [BUILD] fix incorrect printf arg count with tcp_splice - [BUG] fix random pauses on last segment of a series - [BUILD] add support for build under Cygwin 2009/06/09 : 1.4-dev0 - exact copy of 1.3.18 2009/05/10 : 1.3.18 - [MEDIUM] add support for "balance hdr(name)" - [CLEANUP] give a little bit more information in error message - [MINOR] add X-Original-To: header - [BUG] x-original-to: fix missing initialization to default value - [BUILD] spec file: fix broken pipe during rpmbuild and add man file - [MINOR] improve reporting of misplaced acl/reqxxx rules - [MEDIUM] http: add options to ignore invalid header names - [MEDIUM] http: capture invalid requests/responses even if accepted - [BUILD] add format(printf) to printf-like functions - [MINOR] fix several printf formats and missing arguments - [BUG] stats: total and lbtot are unsigned - [MINOR] fix a few remaining printf-like formats on 64-bit platforms - [CLEANUP] remove unused make option from haproxy.spec - [BUILD] make it possible to pass alternative arch at build time - [MINOR] switch all stat counters to 64-bit - [MEDIUM] ensure we don't recursively call pool_gc2() - [CRITICAL] uninitialized response field can sometimes cause crashes - [BUG] fix wrong pointer arithmetics in HTTP message captures - [MINOR] rhel init script : support the reload operation - [MINOR] add basic signal handling functions - [BUILD] add signal.o to all makefiles - [MEDIUM] call signal_process_queue from run_poll_loop - [MEDIUM] pollers: don't wait if a signal is pending - [MEDIUM] convert all signals to asynchronous signals - [BUG] O(1) pollers should check their FD before closing it - [MINOR] don't close stdio fds twice - [MINOR] add options dontlog-normal and log-separate-errors - [DOC] minor fixes and rearrangements - [BUG] fix parser crash on unconditional tcp content rules - [DOC] rearrange the configuration manual and add a summary - [MINOR] standard: provide a new 'my_strndup' function - [MINOR] implement per-logger log level limitation - [MINOR] compute the max of sessions/s on fe/be/srv - [MINOR] stats: report max sessions/s and limit in CSV export - [MINOR] stats: report max sessions/s and limit in HTML stats - [MINOR] stats/html: use the arial font before helvetica 2009/03/29 : 1.3.17 - Update specfile to build for v2.6 kernel. - [BUG] reset the stream_interface connect timeout upon connect or error - [BUG] reject unix accepts when connection limit is reached - [MINOR] show sess: report number of calls to each task - [BUG] don't call epoll_ctl() on closed sockets - [BUG] stream_sock: disable I/O on fds reporting an error - [MINOR] sepoll: don't count two events on the same FD. - [MINOR] show sess: report a lot more information about sessions - [BUG] stream_sock: check for shut{r,w} before refreshing some timeouts - [BUG] don't set an expiration date directly from now_ms - [MINOR] implement ulltoh() to write HTML-formatted numbers - [MINOR] stats/html: group digits by 3 to clarify numbers - [BUILD] remove haproxy-small.spec - [BUILD] makefile: remove unused references to linux24eold and EPOLL_CTL_WORKAROUND 2009/03/22 : 1.3.16 - [BUILD] Fixed Makefile for linking pcre - [CONTRIB] selinux policy for haproxy - [MINOR] show errors: encode backslash as well as non-ascii characters - [MINOR] cfgparse: some cleanups in the consistency checks - [MINOR] cfgparse: set backends to "balance roundrobin" by default - [MINOR] tcp-inspect: permit the use of no-delay inspection - [MEDIUM] reverse internal proxy declaration order to match configuration - [CLEANUP] config: catch and report some possibly wrong rule ordering - [BUG] connect timeout is in the stream interface, not the buffer - [BUG] session: errors were not reported in termination flags in TCP mode - [MINOR] tcp_request: let the caller take care of errors and timeouts - [CLEANUP] http: remove some commented out obsolete code in process_response - [MINOR] update ebtree to version 4.1 - [MEDIUM] scheduler: get rid of the 4 trees thanks and use ebtree v4.1 - [BUG] sched: don't leave 3 lasts tasks unprocessed when niced tasks are present - [BUG] scheduler: fix improper handling of duplicates __task_queue() - [MINOR] sched: permit a task to stay up between calls - [MINOR] task: keep a task count and clean up task creators - [MINOR] stats: report number of tasks (active and running) - [BUG] server check intervals must not be null - [OPTIM] stream_sock: don't retry to read after a large read - [OPTIM] buffer: new BF_READ_DONTWAIT flag reduces EAGAIN rates - [MEDIUM] session: don't resync FSMs on non-interesting changes - [BUG] check for global.maxconn before doing accept() - [OPTIM] sepoll: do not re-check whole list upon accepts 2009/03/09 : 1.3.16-rc2 - [BUG] stream_sock: write timeout must be updated when forwarding ! 2009/03/09 : 1.3.16-rc1 - appsessions: cleanup DEBUG_HASH and initialize request_counter - [MINOR] acl: add new keyword "connslots" - [MINOR] cfgparse: fix off-by 2 in error message size - [BUILD] fix build with gcc 4.3 - [BUILD] fix MANDIR default location to match documentation - [TESTS] add a debug patch to help trigger the stats bug - [BUG] Flush buffers also where there are exactly 0 bytes left - [MINOR] Allow to specify a domain for a cookie - [BUG/CLEANUP] cookiedomain -> cookie_domain rename + free(p->cookie_domain) - [MEDIUM] Fix memory freeing at exit - [MEDIUM] Fix memory freeing at exit, part 2 - [BUG] Fix listen & more of 2 couples : - [DOC] remove buggy comment for use_backend - [CRITICAL] fix server state tracking: it was O(n!) instead of O(n) - [MEDIUM] add support for URI hash depth and length limits - [MINOR] permit renaming of x-forwarded-for header - [BUILD] fix Makefile.bsd and Makefile.osx for stream_interface - [BUILD] Haproxy won't compile if DEBUG_FULL is defined - [MEDIUM] upgrade to ebtree v4.0 - [DOC] update the README file with new build options - [MEDIUM] reduce risk of event starvation in ev_sepoll - [MEDIUM] detect streaming buffers and tag them as such - [MEDIUM] add support for conditional HTTP redirection - [BUILD] make install should depend on haproxy not "all" - [DEBUG] add a TRACE macro to facilitate runtime data extraction - [BUG] event pollers must not wait if a task exists in the run queue - [BUG] queue management: wake oldest request in queues - [BUG] log: reported queue position was offed-by-one - [BUG] fix the dequeuing logic to ensure that all requests get served - [DOC] documentation for the "retries" parameter was missing. - [MEDIUM] implement a monotonic internal clock - [MEDIUM] further improve monotonic clock by check forward jumps - [OPTIM] add branch prediction hints in list manipulations - [MAJOR] replace ultree with ebtree in wait-queues - [BUG] we could segfault during exit while freeing uri_auths - [BUG] wqueue: perform proper timeout comparisons with wrapping values - [MINOR] introduce now_ms, the current date in milliseconds - [BUG] disable buffer read timeout when reading stats - [MEDIUM] rework the wait queue mechanism - [BUILD] change declaration of base64tab to fix build with Intel C++ - [OPTIM] shrink wake_expired_tasks() by using task_wakeup() - [MAJOR] use an ebtree instead of a list for the run queue - [MEDIUM] introduce task->nice and boot access to statistics - [OPTIM] task_queue: assume most consecutive timers are equal - [BUILD] silent a warning in unlikely() with gcc 4.x - [MAJOR] convert all expiration timers from timeval to ticks - [BUG] use_backend would not correctly consider "unless" - [TESTS] added test-acl.cfg to test some ACL combinations - [MEDIUM] add support for configuration keyword registration - [MEDIUM] modularize the global "stats" keyword configuration parser - [MINOR] cfgparse: add support for warnings in external functions - [MEDIUM] modularize the "timeout" keyword configuration parser - [MAJOR] implement tcp request content inspection - [MINOR] acl: add a new parsing function: parse_dotted_ver - [MINOR] acl: add req_ssl_ver in TCP, to match an SSL version - [CLEANUP] remove unused include/types/client.h - [CLEANUP] remove many #include from C files - [CLEANUP] remove dependency on obsolete INTBITS macro - [DOC] document the new "tcp-request" keyword and associated ACLs - [MINOR] acl: add REQ_CONTENT to the list of default acls - [MEDIUM] acl: permit fetch() functions to set the result themselves - [MEDIUM] acl: get rid of dummy values in always_true/always_false - [MINOR] acl: add the "wait_end" acl verb - [MEDIUM] acl: enforce ACL type checking - [MEDIUM] acl: set types on all currently known ACL verbs - [MEDIUM] acl: when possible, report the name and requirements of ACLs in warnings - [CLEANUP] remove 65 useless NULL checks before free - [MEDIUM] memory: update pool_free2() to support NULL pointers - [MEDIUM] buffers: ensure buffer_shut* are properly called upon shutdowns - [MEDIUM] process_srv: rely on buffer flags for client shutdown - [MEDIUM] process_srv: don't rely at all on client state - [MEDIUM] process_cli: don't rely at all on server state - [BUG] fix segfault with url_param + check_post - [BUG] server timeout was not considered in some circumstances - [BUG] client timeout incorrectly rearmed while waiting for server - [MAJOR] kill CL_STINSPECT and CL_STHEADERS (step 1) - [MAJOR] get rid of SV_STANALYZE (step 2) - [MEDIUM] simplify and centralize request timeout cancellation and request forwarding - [MAJOR] completely separate HTTP and TCP states on the request path - [BUG] fix recently introduced loop when client closes early - [MAJOR] get rid of the SV_STHEADERS state - [MAJOR] better separation of response processing and server state - [MAJOR] clearly separate HTTP response processing from TCP server state - [MEDIUM] remove unused references to {CL|SV}_STSHUT* - [MINOR] term_trace: add better instrumentations to trace the code - [BUG] ev_sepoll: closed file descriptors could persist in the spec list - [BUG] process_response must not enable the read FD - [BUG] buffers: remove BF_MAY_CONNECT and fix forwarding issue - [BUG] process_response: do not touch srv_state - [BUG] maintain_proxies must not disable backends - [CLEANUP] get rid of BF_SHUT*_PENDING - [MEDIUM] buffers: add BF_EMPTY and BF_FULL to remove dependency on req/rep->l - [MAJOR] process_session: rely only on buffer flags - [MEDIUM] use buffer->wex instead of buffer->cex for connect timeout - [MEDIUM] centralize buffer timeout checks at the top of process_session - [MINOR] ensure the termination flags are set by process_xxx - [MEDIUM] session: move the analysis bit field to the buffer - [OPTIM] process_cli/process_srv: reduce the number of tests - [BUG] regparm is broken on gcc < 3 - [BUILD] fix warning in proto_tcp.c with gcc >= 4 - [MEDIUM] merge inspect_exp and txn->exp into request buffer - [BUG] process_cli/process_srv: don't call shutdown when already done - [BUG] process_request: HTTP body analysis must return zero if missing data - [TESTS] test-fsm: 22 regression tests for state machines - [BUG] Fix empty X-Forwarded-For header name when set in defaults section - [BUG] fix harmless but wrong fd insertion sequence - [MEDIUM] make it possible for analysers to follow the whole session - [MAJOR] rework of the server FSM - [OPTIM] remove useless fd_set(read) upon shutdown(write) - [MEDIUM] massive cleanup of process_srv() - [MEDIUM] second level of code cleanup for process_srv_data - [MEDIUM] third cleanup and optimization of process_srv_data() - [MEDIUM] process_srv_data: ensure that we always correctly re-arm timeouts - [MEDIUM] stream_sock_process_data moved to stream_sock.c - [MAJOR] make the client side use stream_sock_process_data() - [MEDIUM] split stream_sock_process_data - [OPTIM] stream_sock_read must check for null-reads more often - [MINOR] only call flow analysers when their read side is connected. - [MEDIUM] reintroduce BF_HIJACK with produce_content - [MINOR] re-arrange buffer flags and rename some of them - [MINOR] do not check for BF_SHUTR when computing write timeout - [OPTIM] ev_sepoll: detect newly created FDs and check them once - [OPTIM] reduce the number of calls to task_wakeup() - [OPTIM] force inlining of large functions with gcc >= 3 - [MEDIUM] indicate a reason for a task wakeup - [MINOR] change type of fdtab[]->owner to void* - [MAJOR] make stream sockets aware of the stream interface - [MEDIUM] stream interface: add the ->shutw method as well as in and out buffers - [MEDIUM] buffers: add BF_READ_ATTACHED and BF_ANA_TIMEOUT - [MEDIUM] process_session: make use of the new buffer flags - [CLEANUP] process_session: move debug outputs out of the critical loop - [MEDIUM] move QUEUE and TAR timers to stream interfaces - [OPTIM] add compiler hints in tick_is_expired() - [MINOR] add buffer_check_timeouts() to check what timeouts have fired. - [MEDIUM] use buffer_check_timeouts instead of stream_sock_check_timeouts() - [MINOR] add an expiration flag to the stream_sock_interface - [MAJOR] migrate the connection logic to stream interface - [MAJOR] add a connection error state to the stream_interface - [MEDIUM] add the SN_CURR_SESS flag to the session to track open sessions - [MEDIUM] continue layering cleanups. - [MEDIUM] stream_interface: added a DISconnected state between CON/EST and CLO - [MEDIUM] remove stream_sock_update_data() - [MINOR] maintain a global session list in order to ease debugging - [BUG] shutw must imply close during a connect - [MEDIUM] process shutw during connection attempt - [MEDIUM] make the stream interface control the SHUT{R,W} bits - [MAJOR] complete layer4/7 separation - [CLEANUP] move the session-related functions to session.c - [MINOR] call session->do_log() for logging - [MINOR] replace the ambiguous client_return function by stream_int_return - [MINOR] replace client_retnclose() with stream_int_retnclose() - [MINOR] replace srv_close_with_err() with http_server_error() - [MEDIUM] make the http server error function a pointer in the session - [CLEANUP] session.c: removed some migration left-overs in sess_establish() - [MINOR] stream_sock_data_finish() should not expose fd - [MEDIUM] extract TCP request processing from HTTP - [MEDIUM] extract the HTTP tarpit code from process_request(). - [MEDIUM] move the HTTP request body analyser out of process_request(). - [MEDIUM] rename process_request to http_process_request - [BUG] fix forgotten server session counter - [MINOR] declare process_session in session.h, not proto_http.h - [MEDIUM] first pass of lifting to proto_uxst.c:uxst_event_accept() - [MINOR] add an analyser code for UNIX stats request - [MINOR] pre-set analyser flags on the listener at registration time - [BUG] do not forward close from cons to prod with analysers - [MEDIUM] ensure that sock->shutw() also closes read for init states - [MINOR] add an analyser state in struct session - [MAJOR] make unix sockets work again with stats - [MEDIUM] remove cli_fd, srv_fd, cli_state and srv_state from the session - [MINOR] move the listener reference from fd to session - [MEDIUM] reference the current hijack function in the buffer itself - [MINOR] slightly rebalance stats_dump_{raw,http} - [MINOR] add a new back-reference type : struct bref - [MINOR] add back-references to sessions for later use by a dumper. - [MEDIUM] add support for "show sess" in unix stats socket - [BUG] do not release the connection slot during a retry - [BUG] dynamic connection throttling could return a max of zero conns - [BUG] do not try to pause backends during reload - [BUG] ensure that listeners from disabled proxies are correctly unbound. - [BUG] acl-related keywords are not allowed in defaults sections - [BUG] cookie capture is declared in the frontend but checked on the backend - [BUG] critical errors should be reported even in daemon mode - [MINOR] redirect: add support for the "drop-query" option - [MINOR] redirect: add support for "set-cookie" and "clear-cookie" - [MINOR] redirect: in prefix mode a "/" means not to change the URI - [BUG] do not dequeue requests on a dead server - [BUG] do not dequeue the backend's pending connections on a dead server - [MINOR] stats: indicate if a task is running in "show sess" - [BUG] check timeout must not be changed if timeout.check is not set - [BUG] "option transparent" is for backend, not frontend ! - [MINOR] transfer errors were not reported anymore in data phase - [MEDIUM] add a send limit to a buffer - [MEDIUM] don't report buffer timeout when there is I/O activity - [MEDIUM] indicate when we don't care about read timeout - [MINOR] add flags to indicate when a stream interface is waiting for space/data - [MEDIUM] enable inter-stream_interface wakeup calls - [MAJOR] implement autonomous inter-socket forwarding - [MINOR] add the splice_len member to the buffer struct in preparation of splice support - [MEDIUM] stream_sock: factor out the return path in case of no-writes - [MEDIUM] i/o: rework ->to_forward and ->send_max - [OPTIM] stream_sock: do not ask for polling on EAGAIN if we have read - [OPTIM] buffer: replace rlim by max_len - [OPTIM] stream_sock: factor out the buffer full handling out of the loop - [CLEANUP] replace a few occurrences of (flags & X) && !(flags & Y) - [CLEANUP] stream_sock: move the write-nothing condition out of the loop - [MEDIUM] split stream_sock_write() into callback and core functions - [MEDIUM] stream_sock_read: call ->chk_snd whenever there are data pending - [MINOR] stream_sock: fix a few wrong empty calculations - [MEDIUM] stream_sock: try to send pending data on chk_snd() - [MINOR] global.maxpipes: add the ability to reserve file descriptors for pipes - [MEDIUM] splice: add configuration options and set global.maxpipes - [MINOR] introduce structures required to support Linux kernel splicing - [MEDIUM] add definitions for Linux kernel splicing - [MAJOR] complete support for linux 2.6 kernel splicing - [BUG] reserve some pipes for backends with splice enabled - [MEDIUM] splice: add hints to support older buggy kernels - [MEDIUM] introduce pipe pools - [MEDIUM] splice: make use of pipe pools - [STATS] report pipe usage in the statistics - [OPTIM] make global.maxpipes default to global.maxconn/4 when not specified - [BUILD] fix snapshot date extraction with negative timezones - [MEDIUM] move global tuning options to the global structure - [MEDIUM] splice: add the global "nosplice" option - [BUILD] add USE_LINUX_SPLICE to enable LINUX_SPLICE on linux 2.6 - [BUG] we must not exit if protocol binding only returns a warning - [MINOR] add support for bind interface name - [BUG] inform the user when root is expected but not set - [MEDIUM] add support for source interface binding - [MEDIUM] add support for source interface binding at the server level - [MEDIUM] implement bind-process to limit service presence by process - [DOC] document maxpipes, nosplice, option splice-{auto,request,response} - [DOC] filled the logging section of the configuration manual - [DOC] document HTTP status codes - [DOC] document a few missing info about errorfile - [BUG] fix random memory corruption using "show sess" - [BUG] fix unix socket processing of interrupted output - [DOC] add diagrams of queuing and future ACL design - [BUILD] proto_http did not build on gcc-2.95 - [BUG] the "source" keyword must first clear optional settings - [BUG] global.tune.maxaccept must be limited even in mono-process mode - [MINOR] ensure that http_msg_analyzer updates pointer to invalid char - [MEDIUM] store a complete dump of request and response errors in proxies - [MEDIUM] implement error dump on unix socket with "show errors" - [DOC] document "show errors" - [MINOR] errors dump must use user-visible date, not internal date. - [MINOR] time: add __usec_to_1024th to convert usecs to 1024th of second - [MINOR] add curr_sec_ms and curr_sec_ms_scaled for current second. - [MEDIUM] measure and report session rate on frontend, backends and servers - [BUG] the "connslots" keyword was matched as "connlots" - [MINOR] acl: add 2 new verbs: fe_sess_rate and be_sess_rate - [MEDIUM] implement "rate-limit sessions" for the frontend - [BUG] interface binding: length must include the trailing zero - [BUG] typo in timeout error reporting : report *res and not *err - [OPTIM] maintain_proxies: only wake up when the frontend will be ready - [OPTIM] rate-limit: cleaner behaviour on low rates and reduce consumption - [BUG] switch server-side stream interface to close in case of abort - [CLEANUP] remove last references to term_trace - [OPTIM] freq_ctr: do not rotate the counters when reading - [BUG] disable any analysers for monitoring requests - [BUG] rate-limit in defaults section was ignored - [BUG] task: fix handling of duplicate keys - [OPTIM] task: don't unlink a task from a wait queue when waking it up - [OPTIM] displace tasks in the wait queue only if absolutely needed - [MEDIUM] minor update to the task api: let the scheduler queue itself - [BUG] event_accept() must always wake the task up, even in health mode - [CLEANUP] task: distinguish between clock ticks and timers - [OPTIM] task: reduce the number of calls to task_queue() - [OPTIM] do not re-check req buffer when only response has changed - [CLEANUP] don't enable kernel splicing when socket is closed - [CLEANUP] buffer_flush() was misleading, rename it as buffer_erase - [MINOR] buffers: implement buffer_flush() - [MEDIUM] rearrange forwarding condition to enable splice during analysis - [BUILD] build fixes for Solaris - [BUILD] proto_http did not build on gcc-2.95 (again) - [CONTRIB] halog: fast log parser for haproxy - [CONTRIB] halog: faster fgets() and add support for percentile reporting 2008/04/19 : 1.3.15 - [BUILD] Added support for 'make install' - [BUILD] Added 'install-man' make target for installing the man page - [BUILD] Added 'install-bin' make target - [BUILD] Added 'install-doc' make target - [BUILD] Removed "/" after '$(DESTDIR)' in install targets - [BUILD] Changed 'install' target to install the binaries first - [BUILD] Replace hardcoded 'LD = gcc' with 'LD = $(CC)' - [MEDIUM]: Inversion for options - [MEDIUM]: Count retries and redispatches also for servers, fix redistribute_pending, extend logs, %d->%u cleanup - [BUG]: Restore clearing t->logs.bytes - [MEDIUM]: rework checks handling - [DOC] Update a "contrib" file with a hint about a scheme used for formathing subjects - [MEDIUM] Implement "track [/]" - [MINOR] Implement persistent id for proxies and servers - [BUG] Don't increment server connections too much + fix retries - [MEDIUM]: Prevent redispatcher from selecting the same server, version #3 - [MAJOR] proto_uxst rework -> SNMP support - [BUG] appsession lookup in URL does not work - [BUG] transparent proxy address was ignored in backend - [BUG] hot reconfiguration failed because of a wrong error check - [DOC] big update to the configuration manual - [DOC] large update to the configuration manual - [DOC] document more options - [BUILD] major rework of the GNU Makefile - [STATS] add support for "show info" on the unix socket - [DOC] document options forwardfor to logasap - [MINOR] add support for the "backlog" parameter - [OPTIM] introduce global parameter "tune.maxaccept" - [MEDIUM] introduce "timeout http-request" in frontends - [MINOR] tarpit timeout is also allowed in backends - [BUG] increment server connections for each connect() - [MEDIUM] add a turn-around state of one second after a connection failure - [BUG] fix typo in redispatched connection - [DOC] document options nolinger to ssl-hello-chk - [DOC] added documentation for "option tcplog" to "use_backend" - [BUG] connect_server: server might not exist when sending error report - [MEDIUM] support fully transparent proxy on Linux (USE_LINUX_TPROXY) - [MEDIUM] add non-local bind to connect() on Linux - [MINOR] add transparent proxy support for balabit's Tproxy v4 - [BUG] use backend's source and not server's source with tproxy - [BUG] fix overlapping server flags - [MEDIUM] fix server health checks source address selection - [BUG] build failed on CONFIG_HAP_LINUX_TPROXY without CONFIG_HAP_CTTPROXY - [DOC] added "server", "source" and "stats" keywords - [DOC] all server parameters have been documented - [DOC] document all req* and rsp* keywords. - [DOC] added documentation about HTTP header manipulations - [BUG] log response byte count, not request - [BUILD] code did not build in full debug mode - [BUG] fix truncated responses with sepoll - [MINOR] use s->frt_addr as the server's address in transparent proxy - [MINOR] fix configuration hint about timeouts - [DOC] minor cleanup of the doc and notice to contributors - [MINOR] report correct section type for unknown keywords. - [BUILD] update MacOS Makefile to build on newer versions - [DOC] fix erroneous "useallbackups" option in the doc - [DOC] applied small fixes from early readers - [MINOR] add configuration support for "redir" server keyword - [MEDIUM] completely implement the server redirection method - [TESTS] add a test case for the server redirection mechanism - [DOC] add a configuration entry for "server ... redir " - [BUILD] backend.c and checks.c did not build without tproxy ! - Revert "[BUILD] backend.c and checks.c did not build without tproxy !" - [BUILD] backend.c and checks.c did not build without tproxy ! - [OPTIM] used unsigned ints for HTTP state and message offsets - [OPTIM] GCC4's builtin_expect() is suboptimal - [BUG] failed conns were sometimes incremented in the frontend! - [BUG] timeout.check was not pre-set to eternity - [TESTS] add test-pollers.cfg to easily report pollers in use - [BUG] do not apply timeout.connect in checks if unset - [BUILD] ensure that makefile understands USE_DLMALLOC=1 - [MINOR] silent gcc for a wrong warning - [CLEANUP] update .gitignore to ignore more temporary files - [CLEANUP] report dlmalloc's source path only if explictly specified - [BUG] str2sun could leak a small buffer in case of error during parsing - [BUG] option allbackups was not working anymore in roundrobin mode - [MAJOR] implementation of the "leastconn" load balancing algorithm - [BUILD] ensure that users don't build without setting the target anymore. - [DOC] document the leastconn LB algo - [MEDIUM] fix stats socket limitation to 16 kB - [DOC] fix unescaped space in httpchk example. - [BUG] fix double-decrement of server connections - [TESTS] add a test case for port mapping - [TESTS] add a benchmark for integer hashing - [TESTS] add new methods in ip-hash test file - [MAJOR] implement parameter hashing for POST requests 2007/12/06 : 1.3.14 - New option http_proxy (Alexandre Cassen) - add support for "maxqueue" to limit server queue overload (Elijah Epifanov) - Check for duplicated conflicting proxies (Krzysztof Oledzki) - stats: report server and backend cumulated downtime (Krzysztof Oledzki) - use backends only with use_backend directive (Krzysztof Oledzki) - Handle long lines properly (Krzysztof Oledzki) - Implement and use generic findproxy and relax duplicated proxy check (Krzysztof Oledzki) - continous statistics (Krzysztof Oledzki) - add support for logging via a UNIX socket (Robert Tsai) - fix error checking in strl2ic/strl2uic() - fix calls to localtime() - provide easier-to-use ultoa_* functions - provide easy-to-use limit_r and LIM2A* macros - add a simple test for the status page - move error codes to common/errors.h - silent warning about LIST_* being redefined on OpenBSD - add socket address length to the protocols - group PR_O_BALANCE_* bits into a checkable value - externalize the "balance" option parser to backend.c - introduce the "url_param" balance method - make default_backend work in TCP mode too - disable warning about localtime_r on Solaris - adjust error messages about conflicting proxies - avoid calling some layer7 functions if not needed - simplify error path in event_accept() - add an options field to the listeners - added a new state to listeners - unbind_listener() must use fd_delete() and not close() - add a generic unbind_listener() primitive - add a generic delete_listener() primitive - add a generic unbind_all_listeners() primitive - create proto_tcp and move initialization of proxy listeners - stats: report numerical process ID, proxy ID and server ID - relative_pid was not initialized - missing header names in raw stats output - fix missing parenthesis in check_response_for_cacheability - small optimization on session_process_counters() - merge ebtree version 3.0 - make ebtree headers multiple-include compatible - ebtree: include config.h for REGPRM* - differentiate between generic LB params and map-specific ones - add a weight divisor to the struct proxy - implement the Fast Weighted Round Robin (FWRR) algo - include filltab25.c to experiment on FWRR for dynamic weights - merge test-fwrr.cfg to validate dynamic weights - move the load balancing algorithm to be->lbprm.algo - change server check result to a bit field - implement "http-check disable-on-404" for graceful shutdown - secure the calling conditions of ->set_server_status_{up,down} - report disabled servers as "NOLB" when they are still UP - document the "http-check disable-on-404" option - http-check disable-on-404 is not limited to HTTP mode - add a test file for disable-on-404 - use distinct bits per load-balancing algorithm type - implement the slowstart parameter for servers - document the server's slowstart parameter - stats: report the server warm up status in a "throttle" column - fix 2 minor issues on AIX - add the "nbsrv" ACL verb - add the "fail" condition to monitor requests - remove a warning from gcc due to htons() in standard.c - fwrr: ensure that we never overflow in placements - store the build options to report with -vv - fix the status return of the init script (R.I. Pienaar) - stats: real time monitoring script for unix socket (Prizee) - document "nbsrv" and "monitor fail" - restrict the set of allowed characters for identifiers - implement a time parsing function - add support for time units in the configuration - add a bit of documentation about timers - introduce separation between contimeout, and tarpit + queue - introduce the "timeout" keyword - grouped all timeouts in one structure - slowstart is in ms, not seconds - slowstart: ensure we don't start with a null weight - report the number of times each server was selected - fix build on AIX due to recent log changes - fix build on Solaris due to recent log changes 2007/10/18 : 1.3.13 - replace the code under O'Reilly license (Arnaud Cornet) - add a small man page (Arnaud Cornet) - stats: report haproxy's version by default (Krzysztof Oledzki) - stats: count server retries and redispatches (Krzysztof Oledzki) - core: added easy support for Doug Lea's malloc (dlmalloc) - core: fade out memory usage when stopping proxies - core: moved the sockaddr pointer to the fdtab structure - core: add generic protocol support - core: implement client-side support for PF_UNIX sockets - stats: implement the CSV output - stats: add a link to the CSV export HTML page - stats: implement the statistics output on a unix socket - config: introduce the "stats" keyword in global section - build: centralize version and date into one file for each - tests: added a new hash algorithm 2007/10/18 : 1.3.12.3 - add the "nolinger" option to disable data lingering (Alexandre Cassen) - fix double-free during clean exit (Krzysztof Oledzki) - prevent the system from sending an RST when closing health-checks (Krzysztof Oledzki) - do not add a cache-control header when on non-cacheable responses (Krzysztof Oledzki) - spread health checks even more (Krzysztof Oledzki) - stats: scope "." must match the backend and not the frontend - fixed call to chroot() during startup - fix wrong timeout computation in event_accept() - remove condition for exit() under fork() failure 2007/09/20 : 1.3.12.2 - fix configuration sanity checks for TCP listeners - set the log socket receive window to zero bytes - pre-initialize timeouts to infinity, not zero - fix the SIGHUP message not to alert on server-less proxies - timeouts and retries could be ignored when switching backend - added a file to check that "retries" works. - O'Reilly has clarified its license 2007/09/05 : 1.3.12.1 - spec I/O: fix allocations of spec entries for an FD - ensure we never overflow in chunk_printf() - improve behaviour with large number of servers per proxy - add support for "stats refresh " - stats page: added links for 'refresh' and 'hide down' - fix backend's weight in the stats page. - the "stats" keyword is not allowed in a pure frontend. - provide a test configuration file for stats and checks 2007/06/17 : 1.3.12 - fix segfault at exit when using captures - bug: negation in ACL conds was not cleared between terms - errorfile: use a local file to feed error messages - acl: support '-i' to ignore case when matching - acl: smarter integer comparison with operators eq,lt,gt,le,ge - acl: support maching on 'path' component - acl: implement matching on header values - acl: distinguish between request and response headers - acl: permit to return any header when no name specified - acl: provide default ACLs - added the 'use_backend' keyword for full content-switching - acl: specify the direction during fetches - acl: provide the argument length for fetch functions - acl: provide a reference to the expr to fetch() - improve memory freeing upon exit - str2net() must not change the const char * - shut warnings 'is*' macros from ctype.h on solaris 2007/06/03 : 1.3.11.4 - do not re-arm read timeout in SHUTR state ! - optimize I/O by detecting system starvation - the epoll FD must not be shared between processes - limit the number of events returned by *poll* 2007/05/14 : 1.3.11.3 - pre-initialize timeouts with tv_eternity during parsing 2007/05/14 : 1.3.11.2 - fixed broken health-checks since switch to timeval 2007/05/14 : 1.3.11.1 - fixed ev_kqueue which was forgotten during the switch to timeval - allowed null timeouts for past events in select 2007/05/14 : 1.3.11 - fixed ev_sepoll again by rewriting the state machine - switched all timeouts to timevals instead of milliseconds - improved memory management using mempools v2. - several minor optimizations 2007/05/09 : 1.3.10.2 - fixed build on OpenBSD (missing types.h) 2007/05/09 : 1.3.10.1 - fixed sepoll transition matrix (two states were missing) 2007/05/08 : 1.3.10 - several fixes in ev_sepoll - fixed some expiration dates on some tasks - fixed a bug in connection establishment detection due to speculative I/O - fixed rare bug occuring on TCP with early close (reported by Andy Smith) - implemented URI hashing algorithm (Guillaume Dallaire) - implemented SMTP health checks (Peter van Dijk) - replaced the rbtree with ul2tree from old scheduler project - new framework for generic ACL support - added the 'acl' and 'block' keywords to the config language - added several ACL criteria and matches (IP, port, URI, ...) - cleaned up and better modularization for some time functions - fixed list macros - fixed useless memory allocation in str2net() - store the original destination address in the session 2007/04/15 : 1.3.9 - modularized the polling mechanisms and use function pointers instead of macros at many places - implemented support for FreeBSD's kqueue() polling mechanism - fixed a warning on OpenBSD : MIN/MAX redefined - change socket registration order at startup to accomodate kqueue. - several makefile cleanups to support old shells - fix build with limits.h once for all - ev_epoll: do not rely on fd_sets anymore, use changes stacks instead. - fdtab now holds the results of polling - implemented support for speculative I/O processing with epoll() - remove useless calls to shutdown(SHUT_RD), resulting in small speed boost - auto-registering of pollers at load time 2007/04/03 : 1.3.8.2 - rewriting either the status line or request line could crash the process due to a pointer which ought to be reset before parsing. - rewriting the status line in the response did not work, it caused a 502 Bad Gateway due to an erroneous state during parsing 2007/04/01 : 1.3.8.1 - fix reqadd when no option httpclose is used. - removed now unused fiprm and beprm from proxies - split logs into two versions : TCP and HTTP - added some docs about http headers storage and acls - added a VIM script for syntax color highlighting (Bruno Michel) 2007/03/25 : 1.3.8 - fixed several bugs which might have caused a crash with bad configs - several optimizations in header processing - many progresses towards transaction-based processing - option forwardfor may be used in frontends - completed HTTP response processing - some code refactoring between request and response processing - new HTTP header manipulation functions - optimizations on the recv() patch to reduce CPU usage under very high data rates. - more user-friendly help about the 'usesrc' keyword (CTTPROXY) - username/groupname support from Marcus Rueckert - added the "except" keyword to the "forwardfor" option (Bryan German) - support for health-checks on other addresses (Fabrice Dulaunoy) - makefile for MacOS 10.4 / Darwin (Dan Zinngrabe) - do not insert "Connection: close" in HTTP/1.0 messages 2007/01/26 : 1.3.7 - fix critical bug introduced with 1.3.6 : an empty request header may lead to a crash due to missing pointer assignment - hdr_idx might be left uninitialized in debug mode - fixed build on FreeBSD due to missing fd_set declaration 2007/01/22 : 1.3.6.1 - change in the header chaining broke cookies and authentication 2007/01/22 : 1.3.6 - stats now support the HEAD method too - extracted http request from the session - huge rework of the HTTP parser which is now a 28-state FSM. - linux-style likely/unlikely macros for optimization hints - do not create a server socket when there's no server - imported lots of docs 2007/01/07 : 1.3.5 - stats: swap color sets for active and backup servers - try to guess server check port when unset - added complete support and doc for TCP Splicing - replace the wait-queue linked list with an rbtree. - a few bugfixes and cleanups 2007/01/02 : 1.3.4 - support for cttproxy on the server side to present the client address to the server. - added support for SO_REUSEPORT on Linux (needs kernel patch) - new RFC2616-compliant HTTP request parser with header indexing - split proxies in frontends, rulesets and backends - implemented the 'req[i]setbe' to select a backend depending on the contents - added the 'default_backend' keyword to select a default BE. - new stats page featuring FEs and BEs + bytes in both dirs - improved log format to indicate the backend and the time in ms. - lots of cleanups 2006/10/15 : 1.3.3 - fix broken redispatch option in case the connection has already been marked "in progress" (ie: nearly always). - support regparm on x86 to speed up some often called functions - removed a few useless calls to gettimeofday() in log functions. - lots of 'const char*' cleanups - turn every FD_* into functions which are faster on recent CPUs 2006/09/03 : 1.3.2 - started the changes towards I/O completion callbacks. stream_sock* have replaced event_*. - added the new "reqtarpit" and "reqitarpit" protection features 2006/07/09 : 1.3.1 (1.2.15) - now, haproxy warns about missing timeout during startup to try to eliminate all those buggy configurations. - added "Content-Type: text/html" in responses wherever appropriate, as suggested by Cameron Simpson. - implemented "option ssl-hello-chk" to use SSLv3 CLIENT HELLO messages to test server's health - implemented "monitor-uri" so that haproxy can reply to a specific URI with an "HTTP/1.0 200 OK" response. This is useful to validate multiple proxies at once. 2006/06/29 : 1.3.0 - exploded the whole file into multiple .c and .h. No functionnal difference is expected at all. - fixed a bug by which neither stats nor error messages could be returned if 'clitimeout' was missing. 2006/05/21 : 1.2.14 - new HTML status report with the 'stats' keyword. - added the 'abortonclose' option to better resist traffic surges - implemented dynamic traffic regulation with the 'minconn' option - show request time on denied requests - definitely fixed hot reconf on OpenBSD by the use of SO_REUSEPORT - now a proxy instance is allowed to run without servers, which is useful to dedicate one instance to stats - added lots of error counters - a missing parenthesis preventd matching of cacheable cookies - a missing parenthesis in poll_loop() might have caused missed events. 2006/05/14 : 1.2.13.1 - an uninitialized field in the struct session could cause a crash when the session was freed. This has been encountered on Solaris only. - Solaris and OpenBSD no not support shutdown() on listening socket. Let's be nice to them by performing a soft stop if pause fails. 2006/05/13 : 1.2.13 - 'maxconn' server parameter to do per-server session limitation - queueing to support non-blocking session limitation - fixed removal of cookies for cookie-less servers such as backup servers - two separate wait queues for expirable and non-expirable tasks provide better performance with lots of sessions. - some code cleanups and performance improvements - made state dumps a bit more verbose - fixed missing checks for NULL srv in dispatch mode - load balancing on backup servers was not possible in source hash mode. - two session flags shared the same bit, but fortunately they were not compatible. 2006/04/15 : 1.2.12 Very few changes preparing for more important changes to support per-server session limitations and queueing : - ignore leading empty lines in HTTP requests as suggested by RFC2616. - added the 'weight' parameter to the servers, limited to 1..256. It applies to roundrobin and source hash. - the optional '-s' option could clobber '-st' and '-sf' if compiled in. 2006/03/30 : 1.2.11.1 - under some conditions, it might have been possible that when the last dead server became available, it would not have been used till another one would have changed state. Could not be reproduced at all, however seems possible from the code. 2006/03/25 : 1.2.11 - added the '-db' command-line option to disable backgrounding. - added the -sf/-st command-line arguments which are used to specify a list of pids to send a FINISH or TERMINATE signal upon startup. They will also be asked to release their port if a bind fails. - reworked the startup mechanism to allow the sending of a signal to a list of old pids if a socket cannot be bound, with a retry for a limited amount of time (1 second by default). - added the ability to enforce limits on memory usage. - added the 'source' load-balancing algorithm which uses the source IP(v4|v6) - re-architectured the server round-robin mechanism to ease integration of other algorithms. It now relies on the number of active and backup servers. - added a counter for the number of active and backup servers, and report these numbers upon SIGHUP or state change. 2006/03/23 : 1.2.10.1 - while fixing the backup server round-robin "feature", a new bug was introduced which could miss some backup servers. - the displayed proxy name was wrong when dumping upon SIGHUP. 2006/03/19 : 1.2.10 - assert.h is needed when DEBUG is defined. - ENORMOUS long standing bug affecting the epoll polling system : event_data is a union, not a structure ! - Make fd management more robust and easier to debug. Also some micro-optimisations. - Limit the number of consecutive accept() in multi-process mode. This produces a more evenly distributed load across the processes and slightly improves performance by reducing bottlenecks. - Make health-checks be more regular, and faster to retry after a timeout. - Fixed some messages to ease parsing of alerts. - provided a patch to enable epoll on RHEL3 kernels. - Separated OpenBSD build from the main Makefile into a new one. 2006/03/15 : 1.2.9 - haproxy could not be stopped after being paused, it had to be woken up first. This has been fixed. - the 'ulimit-n' parameter is now optional and by default computed from maxconn + the number of listeners + the number of health-checks. - it is now possible to specify a maximum number of connections at build time with the SYSTEM_MAXCONN define. The value set in the configuration file will then be limited to this value, and only the command-line '-n' option will be able to bypass it. It will prevent against accidental high memory usage on small systems. - RFC2616 expects that any HTTP agent accepts multi-line headers. Earlier versions did not detect a line beginning with a space as the continuation of previous header. It is now correct. - health checks sent to servers configured with identical intervals were sent in perfect synchronisation because the initial time was the same for all. This could induce high load peaks when fragile servers were hosting tens of instances for the same application. Now the load is spread evenly across the smallest interval amongst a listener. - a new 'forceclose' option was added to make the proxy close the outgoing channel to the server once it has sent all its headers and the server starts responding. This helps some servers which don't close upon the 'Connection: close' header. It implies 'option httpclose'. - there was a bug in the way the backup servers were handled. They were erroneously load-balanced while the doc said the opposite. Since load-balanced backup servers is one of the features some people have been asking for, the problem was fixed to reflect the documented behaviour and a new option 'allbackups' was introduced to provide the feature to those who need it. - a never ending connect() could lead to a fast select() loop if its timeout times the number of retransmits exceeded the server read or write timeout, because the later was used to compute select()'s timeout while the connection timeout was not reached. - now we initialize the libc's localtime structures very early so that even under OOM conditions, we can still send dated error messages without segfaulting. - the 'daemon' mode implies 'quiet' and disables 'verbose' because file descriptors are closed. 2006/01/29 : 1.2.8 - fixed a nasty bug affecting poll/epoll which could return unmodified data from the server to the client, and sometimes lead to memory corruption crashing the process. - added the new pause/play mechanism with SIGTTOU/SIGTTIN for hot-reconf. 2005/12/18 : 1.2.7.1 - the "retries" option was ignored because connect() could not return an error if the connection failed before the timeout. - TCP health-checks could not detect a connection refused in poll/epoll mode. 2005/11/13 : 1.2.7 - building with -DUSE_PCRE should include PCRE headers and not regex.h. At least on Solaris, this caused the libc's regex primitives to be used instead of PCRE, which caused trouble on group references. This is now fixed. - delayed the quiet mode during startup so that most of the startup alerts can be displayed even in quiet mode. - display an alert when a listener has no address, invalid or no port, or when there are no enabled listeners upon startup. - added "static-pcre" to the list of supported regex options in the Makefile. 2005/10/09 : 1.2.7rc (1.1.33rc) - second batch of socklen_t changes. - clean-ups from Cameron Simpson. - because tv_remain() does not know about eternity, using no timeout can make select() spin around a null time-out. Bug reported by Cameron Simpson. - client read timeout was not properly set to eternity initialized after an accept() if it was not set in the config. It remained undetected so long because eternity is 0 and newly allocated pages are zeroed by the system. - do not call get_original_dst() when not in transparent mode. - implemented a workaround for a bug in certain epoll() implementations on linux-2.4 kernels (epoll-lt <= 0.21). - implemented TCP keepalive with new options : tcpka, clitcpka, srvtcpka. 2005/08/07 : 1.2.6 - clean-up patch from Alexander Lazic fixes build on Debian 3.1 (socklen_t). 2005/07/06 : 1.2.6-pre5 (1.1.32) - added the number of active sessions (proxy/process) in the logs 2005/07/06 : 1.2.6-pre4 (1.1.32-pre4) - the time-out fix introduced in 1.1.25 caused a corner case where it was possible for a client to keep a connection maintained regardless of the timeout if the server closed the connection during the HEADER phase, while the client ignored the close request while doing nothing in the other direction. This has been fixed now by ensuring that read timeouts are re-armed when switching to any SHUTW state. 2005/07/05 : 1.2.6-pre3 (1.1.32-pre3) - enhanced error reporting in the logs. Now the proxy will precisely detect various error conditions related to the system and/or process limits, and generate LOG_EMERG logs indicating that a resource has been exhausted. - logs will contain two new characters for the error cause : 'R' indicates a resource exhausted, and 'I' indicates an internal error, though this one should never happen. - server connection timeouts can now be reported in the logs (sC), as well as connections refused because of maxconn limitations (PC). 2005/07/05 : 1.2.6-pre2 (1.1.32-pre2) - new global configuration keyword "ulimit-n" may be used to raise the FD limit to usable values. - a warning is now displayed on startup if the FD limit is lower than the configured maximum number of sockets. 2005/07/05 : 1.2.6-pre1 (1.1.32-pre1) - new configuration keyword "monitor-net" makes it possible to be monitored by external devices which connect to the proxy without being logged nor forwarded to any server. Particularly useful on generic TCPv4 relays. 2005/06/21 : 1.2.5.2 - fixed build on PPC where chars are unsigned by default 2005/05/02 : 1.2.5.1 - dirty hack to fix a bug introduced with epoll : if we close an FD and immediately reassign it to another session through a connect(), the Prev{Read,Write}Events are not updated, which causes trouble detecting changes, thus leading to many timeouts at high loads. 2005/04/30 : 1.2.5 (1.1.31) - changed the runtime argument to disable epoll() to '-de' - changed the runtime argument to disable poll() to '-dp' - added global options 'nopoll' and 'noepoll' to do the same at the configuration level. - added a 'linux24e' target to the Makefile for Linux 2.4 systems patched to support epoll(). - changed default FD_SETSIZE to 65536 on Solaris (default=1024) - conditionned signals redirection to #ifdef DEBUG_MEMORY 2005/04/26 : 1.2.5-pre4 - made epoll() support a compile-time option : ENABLE_EPOLL - provided a very little libc replacement for a possibly missing epoll() implementation which can be enabled by -DUSE_MY_EPOLL - implemented the poll() poller, which can be enabled with -DENABLE_POLL. The equivalent runtime argument becomes '-P'. A few tests show that it performs like select() with many fds, but slightly slower (certainly because of the higher amount of memory involved). - separated the 3 polling methods and the tasks scheduler into 4 distinct functions which makes the code a lot more modular. - moved some event tables to private static declarations inside the poller functions. - the poller functions can now initialize themselves, run, and cleanup. - changed the runtime argument to enable epoll() to '-E'. - removed buggy epoll_ctl() code in the client_retnclose() function. This function was never meant to remove anything. - fixed a typo which caused glibc to yell about a double free on exit. - removed error checking after epoll_ctl(DEL) because we can never know if the fd is still active or already closed. - added a few entries in the makefile 2005/04/25 : 1.2.5-pre3 - experimental epoll() support (use temporary '-e' argument) 2005/04/24 : 1.2.5-pre2 - implemented the HTTP 303 code for error redirection. This forces the browser to fetch the given URI with a GET request. The new keyword for this is 'errorloc303', and a new 'errorloc302' keyword has been created to make them easily distinguishable. - added more controls in the parser for valid use of '\x' sequence. - few fixes from Alex & Klaus 2005/02/17 : 1.2.5-pre1 - fixed a few errors in the documentation 2005/02/13 - do not pre-initialize unused file-descriptors before select() anymore. 2005/01/22 : 1.2.4 - merged Alexander Lazic's and Klaus Wagner's work on application cookie-based persistence. Since this is the first merge, this version is not intended for general use and reports are more than welcome. Some documentation is really needed though. 2005/01/22 : 1.2.3 (1.1.30) - add an architecture guide to the documentation - released without any changes 2004/12/26 : 1.2.3-pre1 (1.1.30-pre1) - increased default BUFSIZE to 16 kB to accept max headers of 8 kB which is compatible with Apache. This limit can be configured in the makefile now. Thanks to Eric Fehr for the checks. - added a per-server "source" option which now makes it possible to bind to a different source for each (potentially identical) server. - changed cookie-based server selection slightly to allow several servers to share a same cookie, thus making it possible to associate backup servers to live servers and ease soft-stop for maintenance periods. (Alexander Lazic) - added the cookie 'prefix' mode which makes it possible to use persistence with thin clients which support only one cookie. The server name is prefixed before the application cookie, and restore back. - fixed the order of servers within an instance to match documentation. Now the servers are *really* used in the order of their declaration. This is particularly important when multiple backup servers are in use. 2004/10/18 : 1.2.2 (1.1.29) - fixed a bug where a TCP connection would be logged twice if the 'logasap' option was enabled without the 'tcplog' option. - encode_string() would use hdr_encode_map instead of the map argument. 2004/08/10 : (1.1.29-pre2) - the logged request is now encoded with '#XX' for unprintable characters - new keywords 'capture request header' and 'capture response header' enable logging of arbitrary HTTP headers in requests and responses - removed "-DSOLARIS" after replacing the last inet_aton() with inet_pton() 2004/06/06 : 1.2.1 (1.1.28) - added the '-V' command line option to verbosely report errors even though the -q or 'quiet' options are specified. This is useful with '-c'. - added a Red Hat init script and a .spec from Simon Matter 2004/06/05 : - added the "logasap" option which produces a log without waiting for the data to be transferred from the server to the client. - added the "httpclose" option which removes any "connection:" header and adds "Connection: close" in both direction. - added the 'checkcache' option which blocks cacheable responses containing dangerous headers, such as 'set-cookie'. - added 'rspdeny' and 'rspideny' to block certain responses to avoid sensible information leak from servers. 2004/04/18 : - send an EMERG log when no server is available for a given proxy - added the '-c' command line option to syntactically check the configuration file without starting the service. 2003/11/09 : 1.2.0 - the same as 1.1.27 + IPv6 support on the client side 2003/10/27 : 1.1.27 - the configurable HTTP health check introduced in 1.1.23 revealed a shameful bug : the code still assumed that HTTP requests were the same size as the original ones (22 bytes), and failed if they were not. - added support for pidfiles. 2003/10/22 : 1.1.26 - the fix introduced in 1.1.25 for client timeouts while waiting for servers broke almost all compatibility with POST requests, because the proxy stopped to read anything from the client as soon as it got all of its headers. 2003/10/15 : 1.1.25 - added the 'tcplog' option, which provides enhanced, HTTP-like logs for generic TCP proxies, or lighter logs for HTTP proxies. - fixed a time-out condition wrongly reported as client time-out in data phase if the client timeout was lower than the connect timeout times the number of retries. 2003/09/21 : 1.1.24 - if a client sent a full request then shut its write connection down, then the request was aborted. This case was detected only when using haproxy both as health-check client and as a server. - if 'option httpchk' is used in a 'health' mode server, then responses will change from 'OK' to 'HTTP/1.0 200 OK'. - fixed a Linux-only bug in case of HTTP server health-checks, where a single server response followed by a close could be ignored, and the server seen as failed. 2003/09/19 : 1.1.23 - fixed a stupid bug introduced in 1.1.22 which caused second and subsequent 'default' sections to keep previous parameters, and not initialize logs correctly. - fixed a second stupid bug introduced in 1.1.22 which caused configurations relying on 'dispatch' mode to segfault at the first connection. - 'option httpchk' now supports method, HTTP version and a few headers. - now, 'option httpchk', 'cookie' and 'capture' can be specified in 'defaults' section 2003/09/10 : 1.1.22 - 'listen' now supports optionnal address:port-range lists - 'bind' introduced to add new listen addresses - fixed a bug which caused a session to be kept established on a server till it timed out if the client closed during the DATA phase. - the port part of each server address can now be empty to make the proxy connect to the server on the same port it was connected to, be an absolute unsigned number to reflect a single port (as in older versions), or an explicitly signed number (+N/-N) to indicate that this offset must be applied to the port the proxy was connected to, when connecting to the server. - the 'port' server option allows the user to specify a different health-check port than the service one. It is mandatory when only relative ports have been specified and check is required. By default, the checks are sent to the service port. - new 'defaults' section which is rather similar to 'listen' except that all values are only used as default values for future 'listen' sections, until a new 'defaults' resets them. At the moment, server options, regexes, cookie names and captures cannot be set in the 'defaults' section. 2003/05/06 : 1.1.21 - changed the debug output format so that it now includes the session unique ID followed by the instance name at the beginning of each line. - in debug mode, accept now shows the client's IP and port. - added one 3 small debugging scripts to search and pretty print debug output - changed the default health check request to "OPTIONS /" instead of "OPTIONS *" since not all servers implement the later one. - "option httpchk" now accepts an optional parameter allowing the user to specify and URI other than '/' during health-checks. 2003/04/21 : 1.1.20 - fixed two problems with time-outs, one where a server would be logged as timed out during transfer that take longer to complete than the fixed time-out, and one where clients were logged as timed-out during the data phase because they didn't have anything to send. This sometimes caused slow client connections to close too early while in fact there was no problem. The proper fix would be to have a per-fd time-out with conditions depending on the state of the HTTP FSM. 2003/04/16 : 1.1.19 - haproxy was NOT RFC compliant because it was case-sensitive on HTTP "Cookie:" and "Set-Cookie:" headers. This caused JVM 1.4 to fail on cookie persistence because it uses "cookie:". Two memcmp() have been replaced with strncasecmp(). 2003/04/02 : 1.1.18 - Haproxy can be compiled with PCRE regex instead of libc regex, by setting REGEX=pcre on the make command line. - HTTP health-checks now use "OPTIONS *" instead of "OPTIONS /". - when explicit source address binding is required, it is now also used for health-checks. - added 'reqpass' and 'reqipass' to allow certain headers but not the request itself. - factored several strings to reduce binary size by about 2 kB. - replaced setreuid() and setregid() with more standard setuid() and setgid(). - added 4 status flags to the log line indicating who ended the connection first, the sessions state, the validity of the cookie, and action taken on the set-cookie header. 2002/10/18 : 1.1.17 - add the notion of "backup" servers, which are used only when all other servers are down. - make Set-Cookie return "" instead of "(null)" when the server has no cookie assigned (useful for backup servers). - "log" now supports an optionnal level name (info, notice, err ...) above which nothing is sent. - replaced some strncmp() with memcmp() for better efficiency. - added "capture cookie" option which logs client and/or server cookies - cleaned up/down messages and dump servers states upon SIGHUP - added a redirection feature for errors : "errorloc " - now we won't insist on connecting to a dead server, even with a cookie, unless option "persist" is specified. - added HTTP/408 response for client request time-out and HTTP/50[234] for server reply time-out or errors. 2002/09/01 : 1.1.16 - implement HTTP health checks when option "httpchk" is specified. 2002/08/07 : 1.1.15 - replaced setpgid()/setpgrp() with setsid() for better portability, because setpgrp() doesn't have the same meaning under Solaris, Linux, and OpenBSD. 2002/07/20 : 1.1.14 - added "postonly" cookie mode 2002/07/15 : 1.1.13 - tv_diff used inverted parameters which led to negative times ! 2002/07/13 : 1.1.12 - fixed stats monitoring, and optimized some tv_* for most common cases. - replaced temporary 'newhdr' with 'trash' to reduce stack size - made HTTP errors more HTML-fiendly. - renamed strlcpy() to strlcpy2() because of a slightly difference between their behaviour (return value), to avoid confusion. - restricted HTTP messages to HTTP proxies only - added a 502 message when the connection has been refused by the server, to prevent clients from believing this is a zero-byte HTTP 0.9 reply. - changed 'Cache-control:' from 'no-cache="set-cookie"' to 'private' when inserting a cookie, because some caches (apache) don't understand it. - fixed processing of server headers when client is in SHUTR state 2002/07/04 : - automatically close fd's 0,1 and 2 when going daemon ; setpgrp() after setpgid() 2002/06/04 : 1.1.11 - fixed multi-cookie handling in client request to allow clean deletion in insert+indirect mode. Now, only the server cookie is deleted and not all the header. Should now be compliant to RFC2965. - added a "nocache" option to "cookie" to specify that we explicitly want to add a "cache-control" header when we add a cookie. It is also possible to add an "Expires: " to keep compatibility with old/broken caches. 2002/05/10 : 1.1.10 - if a cookie is used in insert+indirect mode, it's desirable that the the servers don't see it. It was not possible to remove it correctly with regexps, so now it's removed automatically. 2002/04/19 : 1.1.9 - don't use snprintf()'s return value as an end of message since it may be larger. This caused bus errors and segfaults in internal libc's getenv() during localtime() in send_log(). - removed dead insecure send_syslog() function and all references to it. - fixed warnings on Solaris due to buggy implementation of isXXXX(). 2002/04/18 : 1.1.8 - option "dontlognull" - fixed "double space" bug in config parser - fixed an uninitialized server field in case of dispatch with no existing server which could cause a segfault during logging. - the pid logged was always the father's, which was wrong for daemons. - fixed wrong level "LOG_INFO" for message "proxy started". 2002/04/13 : - http logging is now complete : - ip:port, date, proxy, server - req_time, conn_time, hdr_time, tot_time - status, size, request - source address 2002/04/12 : 1.1.7 - added option forwardfor - added reqirep, reqidel, reqiallow, reqideny, rspirep, rspidel - added "log global" in "listen" section. 2002/04/09 : - added a new "global" section : - logs - debug, quiet, daemon modes - uid, gid, chroot, nbproc, maxconn 2002/04/08 : 1.1.6 - regex are now chained and not limited anymore. - unavailable server now returns HTTP/502. - increased per-line args limit to 40 - added reqallow/reqdeny to block some request on matches - added HTTP 400/403 responses 2002/04/03 : 1.1.5 - connection logging displayed incorrect source address. - added proxy start/stop and server up/down log events. - replaced log message short buffers with larger trash. - enlarged buffer to 8 kB and replace buffer to 4 kB. 2002/03/25 : 1.1.4 - made rise/fall/interval time configurable 2002/03/22 : 1.1.3 - fixed a bug : cr_expire and cw_expire were inverted in CL_STSHUT[WR] which could lead to loops. 2002/03/21 : 1.1.2 - fixed a bug in buffer management where we could have a loop between event_read() and process_{cli|srv} if R==BUFSIZE-MAXREWRITE. => implemented an adjustable buffer limit. - fixed a bug : expiration of tasks in wait queue timeout is used again, and running tasks are skipped. - added some debug lines for accept events. - send warnings for servers up/down. 2002/03/12 : 1.1.1 - fixed a bug in total failure handling - fixed a bug in timestamp comparison within same second (tv_cmp_ms) 2002/03/10 : 1.1.0 - fixed a few timeout bugs - rearranged the task scheduler subsystem to improve performance, add new tasks, and make it easier to later port to librt ; - allow multiple accept() for one select() wake up ; - implemented internal load balancing with basic health-check ; - cookie insertion and header add/replace/delete, with better strings support. 2002/03/08 - reworked buffer handling to fix a few rewrite bugs, and improve overall performance. - implement the "purge" option to delete server cookies in direct mode. 2002/03/07 - fixed some error cases where the maxfd was not decreased. 2002/02/26 - now supports transparent proxying, at least on linux 2.4. 2002/02/12 - soft stop works again (fixed select timeout computation). - it seems that TCP proxies sometimes cannot timeout. - added a "quiet" mode. - enforce file descriptor limitation on socket() and accept(). 2001/12/30 : release of version 1.0.2 : fixed a bug in header processing 2001/12/19 : release of version 1.0.1 : no MSG_NOSIGNAL on solaris 2001/12/16 : release of version 1.0.0. 2001/12/16 : added syslog capability for each accepted connection. 2001/11/19 : corrected premature end of files and occasional SIGPIPE. 2001/10/31 : added health-check type servers (mode health) which replies OK then closes. 2001/10/30 : added the ability to support standard TCP proxies and HTTP proxies with or without cookies (use keyword http for this). 2001/09/01 : added client/server header replacing with regexps. eg: cliexp ^(Host:\ [^:]*).* Host:\ \1:80 srvexp ^Server:\ .* Server:\ Apache 2000/11/29 : first fully working release with complete FSMs and timeouts. 2000/11/28 : major rewrite 2000/11/26 : first write I am well aware of the popular opinion that such subjects are too abstruse to be understood by practical mechanics¡ªan assumption that is founded mainly in the fact that the subject of heat and motion are not generally studied, and have been too recently demonstrated in a scientific way to command confidence and attention; but the subject is really no more difficult to understand in an elementary sense than that of the relation between movement and force illustrated in the "mechanical powers" of school-books, which no apprentice ever did or ever will understand, except by first studying the principles of force and motion, independent of mechanical agents, such as screws, levers, wedges, and so on. A new design should be based upon one of two suppositions¡ªeither that existing mechanism is imperfect in its construction, or that it lacks functions which a new design may supply; and if those who spend their time in making plans for novel machinery would stop to consider this from the beginning, it would save no little of the time wasted in what may be called scheming without a purpose. A man, coming silently from some concealment, in a dory, undetected in their busy absorption, held something menacingly businesslike and sending sun glints from its blue steel. Its hollow nose covered both at the range he had. ¡°Well, Sky Patrol¡ªand Ground Crew,¡± he hailed them. ¡°We are going to see some excitement at last!¡± "You're right, Si," shouted the Lieutenant and Shorty. "Hip, hip, hooray for the Army o' the Cumberland and old Pap Thomas!" "Glad ain't no name for it," said Levi. "Did you say you'd got the boys in there? Here, you men, bring me two or three of those cracker-boxes." "The very same company," gasped the woman. And the other asked: "And the raid'll be made ter-morrer?" "My¡ª" But before they had time to answer, something burst from between the stalls and ran down the darkling slope, brandishing a knife. It was Mexico Bill, running amok, as he had sometimes run before, but on less crowded occasions. The women sent up an ear-splitting yell, and made a fresh onslaught on the hedge. Someone grabbed the half-breed from behind, but his knife flashed, and the next moment he was free, dashing through the gorse towards his victims. Such a discovery could not long remain a secret;¡ªthe tale reached the ears of young De Boteler, and, already prepossessed in his favour, it was but a natural consequence that Calverley should rise from being first an assistant, to be the steward, the page, and, at length, the esquire to the heir to the barony of Sudley. But the progress of his fortunes did but add to the malevolence of the detractor and the tale-bearer; theft, sacrilege, and even murder were hinted at as probable causes for a youth, who evidently did not belong to the vulgar, being thus a friendless outcast. But the most charitable surmise was, that he was the offspring of the unhallowed love of some dame or damsel who had reared him in privacy, and had destined him for the church; and that either upon the death of his protectress, or through some fault, he had been expelled from his home. Calverley had a distant authoritative manner towards his equals and inferiors, which, despite every effort, checked inquisitiveness; and all the information he ever gave was, that he was the son of a respectable artizan of the city of London, whom his father's death had left friendless. Whether this statement was correct or not, could never be discovered. Calverley was never known to allude to aught that happened in the years previous to his becoming an inmate of the castle: what little he had said was merely in reply to direct questions. It would seem, then, that he stood alone in the world, and such a situation is by no means enviable; and although duplicity, selfishness and tyranny, formed the principal traits in his character; and though independently of tyranny and selfishness, his mind instinctively shrunk from any contact, save that of necessity, with those beneath him, yet had he gazed upon the growing beauty of Margaret till a love pure and deep¡ªa love in which was concentrated all the slumbering affections, had risen and expanded in his breast, until it had, as it were, become a part of his being. HoMEAÒ»¼¶ÈÕ±¾l00Ãâ·Ñ¿´ ENTER NUMBET 0018laijianshen.com.cn
hwzsgs.com.cn
www.fmvh.com.cn
www.ccgq432.com.cn
xjqg.com.cn
btwx747.com.cn
shuazibu.com.cn
www.peinvest.net.cn
robocon.net.cn
www.jian-cai.com.cn
长篇失控的淫乱小说 欧美美女游戏节目 使尽操成人网 大鸡巴爱丝袜 成人电影免播放器的 一级色图欧美 人体艺术大胆下体图 女人下体凹凸 欧美骚逼25 少妇穴穴20p 老女人l 日本少妇做爱图片25p 女学生性交口交肛交 就爱操逼录音 胖女同 诱惑写真那个网站好 丰腴熟女乱伦 哪里能看到苍井空网络硬盘 女教师乱淫动态图片 熟妇掰逼图 性爱之人兽交 中国最火簧片 WWW.A1J3.COM WWW.HZGRYY.COM WWW.JPTUBES.COM WWW.XZYWHY.COM WWW.LYJJBJ.COM WWW.U2CHE.COM WWW.CCC195.COM WWW.ZISHG.COM WWW.VB04.COM WWW.88SCSC.COM WWW.CQGGZY.COM WWW.YNKQN.COM WWW.HAOTE.COM WWW.FXE9.COM WWW.DDD91.COM WWW.ZQTYQC.COM WWW.YUEJLWO.COM WWW.007CB.COM WWW.XMCGHH.COM WWW.AV977.COM WWW.6789DA.COM WWW.QULA7.COM WWW.HHH738.COM WWW.QB5200.COM WWW.0755MSX.NET WWW.BKHCG.COM WWW.REN999.COM WWW.AV577.COM WWW.BX857.COM WWW.QUXUNW.COM WWW.V2D5.COM WWW.500173.COM WWW.771588.COM WWW.MAV7676.COM WWW.6655.COM WWW.YOKOO.COM WWW.G8GW.COM WWW.CCC294.COM WWW.868RRC.COM WWW.XIQUREN.COM WWW.XAZHKJ.COM HEZE.DZWWW.COM WWW.UB73.COM WWW.8220365.COM WWW.AVTT2014.COM WWW.33TVTV.COM WWW.SHHEZWZ.COM WWW.IFP7.COM WWW.SZZBAF.COM WWW.1122NJ.COM WWW.ENET.COM.CN WWW.WWW.91DIZHI.SPACE WWW.13YM.COM WWW.BBB528.COM WWW.Y5QD.COM WWW.CCC903.COM WWW.OUOULU.COM WWW.YESHEMAO.NET WWW.JLZDYY.COM WWW.612SE.COM WWW.SHTJZK.COM WWW.CHUNMEN.COM WWW.A0663.COM WWW.019GEGE.COM WWW.CZJXDQ.COM WWW.GAO540.COM WWW.JLMMBB.COM WWW.HGDVD.COM WWW.9LALA.COM WWW.CC354.COM WWW.97WEN.CN WWW.OUYUJX.COM WWW.DAJIE.COM AWWW.777ZYZ.COM WWW.CCC700.COM WWW.612621.COM WWW.NI3456.COM 另类变态图片调教 放尿系列 糖糖幼幼免费网站 艹幼处在线 在线免费观看视频偷拍 窝久久草 999热这里只9999p9有精品视频 AV搞视频 王宪三级片 亚洲成人A片毛片 熟女乱伦20p上一篇下一篇 成人激情午夜网 色七七影视 插插日本骚女人 妈妈人妻受孕 第四色先锋视频 国产美女自慰视频在线观看 青楼社区的最新网址是 色欲影视2p x小色哥 色色肉肉伦乱图 少女和少男做爱黄色网站 黑崎礼子在线 美国二级伦理宅宅网 橹射 露外阴的伦理电影 裸体学生妹 童话村av 亚洲欧美幼齿无码 超碰在线大片 迷奸漂亮女邻居 小泽玛利亚与人妖图片 淑女爆菊网 古典武侠妹妹和朋友 后入90后少妇18p 超碰sm免费公开成人视频 da炮机av无码 你懂的AV资源网 制服丝袜最新在线视频 大棒插穴乱伦小说 狼国48Q 男女操B图 wwwAV4455com 天上人间宝宝福利吧 寂寞人妻居家自拍色图 性爱综合AV 草群裙社区在线视频 6080三级片mp4 成人哥哥干哥哥 街夜色亚洲视屏 白白发布 2016AV撸撸射在线视频 强奸幼女开苞小说 谢文的人体艺术 泷泽萝拉AV在线wwwlulukan1com 噜噜噜偷拍自拍 295cccom 搜索www妈妈与儿子乱伦大杂烩 性奴骚奶子 美淫小 屁眼调教 看岛国大片 偷拍亚洲美女性爱视频 偷偷摸狠狠干 狼友基地在线 高中处女开苞落红伦理聚合免插件在线 wwwfff2345 caopporn超碰 2017天天撸 搞搞电影网成人视频 国产自拍国产久久自拍视频 欧洲成人AV片 diao青青草 爱爱综合x0 狠狠舔干 曰本理伦图片 hentaixxx少女 淫淫网淫妻交换 人曾交长片 后门插逼逼动态 骗朋友出来轮奸她操死她 手机美利坚中文字幕 在线Av东方伊甸园 韩国r在线网站 男女野战图片 西瓜操 dilidili艳母 欧美成人在线免费视频 熟女乱亚洲影院 wwwpp398comVR 皇色精彩视频久草在线 小姐被黑人轮流干 天天更新在线视频 影音先锋ye321最新地址 人体艺术日本 国产女神自慰在线 淫妻交换性爱技巧校园春色hhxxoo1com 91驾校在线视频 影音先锋网站亚洲 不需下载在线观看操逼短片 猛男干娘女图片 找老熟妇做爱 543cccn 偷拍偷拍少妇25p 真人上传黄色视频免费在线观看 岛国片公媳乱伦 亚州黄色小说 成人电影偷拍无码 成人啪啪啪看骚妇的小逼插的水汪汪高潮连连视频 wwwtomitaocom 淫色直播的有哪些 人兽性爱欧美三级片 男人第四色网 久久在线经典视频 wwwaa847com下载 1111kf李宗瑞 ww26xecom 赞助商影片分类偷拍视频230自拍视频240国产视频19日韩视频 东京热MV 撸一撸亚洲色图 最新的黄色网站 775jj 百性阁mecom sss911 日本性感女护士舔男孩大鸡巴全部视频大全免费观看 影音先锋看激情电影 亚洲天堂av在线直播 www567net最新网站 各种国产AV有什么免费网址 wwwddd20com 爆乳国产 亚洲另类一国产aⅴ在线视频 特菲娜样子 爱的色放图 女人逼逼 91超在线观看视频播放 玩幼女b黄色电影淫放 哦哦叉叉 www1111avcowang 快播里面能看黄色图片不 少妇性爱电影 黑白中文母22p bb啪啪网站视频 超碰成人公开视频超碰免费131spcom 成人看片自慰免费视频在线观看视频 迅雷色色强暴小说 欧美性爱色域网 日韩av手机在线 色色人阁www63cocom av久久在线观看 欧美图片偷拍图片区手机在线播放 5080午夜电影 亚洲av无码久久在线 wwwseqing爆 公交车上干美女 人妻熟女激情自拍 俺去也插插插插 seri123一样的网站 淫女偷拍 免费三级金梅瓶 河南工业大学钟月双 美女屁股wwwpp0022com 影音先锋主播自慰 4hu46 强奸幼女妹妹小说 女人阴道穴片 av美女天堂下载 淫色人妻哥哥操 亚洲啊T天堂 狠狠爱在线牛人视频 紧急通知小姨子 田野色在线视频 xia12345magnet 天天色播 av毛片成人在线观看网站 激情啊嗯啊嗯啊啊啊嗯嗯啊 欧美大香蕉毛片 天天啪啪 色站成人美眉红楼 露脸良家人妻熟女 BNSPS298 www123chaopengcom 校园春色处女女大学生 淫荡母乳人妻 99pp黄色网站 男女上床私照 淫色网极品美穴 有木有AV软件 古墓丽影h版免费观看 黄色网址导行 办公室女秘书伦理片 日本超级AV在线视频 在哪里可以免费观看无码黄片 www1122vgcm 成人色漫 在线手机播放器 我爱操操电影免费ti789com 三给片区电影在线观看 wwgaosecom 麻生希第一部快播 meinvz1ynet 幼幼被破处 搜索美女三级黄片口活 撸一撸日日爱狠狠爱 男女大尺度啪啪图片 万达影院 97超碰色视频在线观看 宜春院首页怡红院 jlzz4欧美 www58hhhhcom 夜夜干夜夜5岁到13岁 1024jd在线看免费视频 人气女优小说 亚渊成人影院 日本激情点的床上男女 欧洲黄绝 欧美人与兽肏屄电影 淫乱派对资源 www2333ca 叼嗨视频直播真人版 免播放器成人熟女乱伦电影 成人A片小说 色色撸手机在线观看 美女哈鞭视频 上黑丝美女 无码噜噜噜AV在线观看 插日本美女粉嫩小嫩穴 免费视性爱频在线观看网站1 日本2017最新H动漫 丝袜日本美女小说 美国最新黄网址大全 蝌蚪窝久久视频 日本女模做爱视频下载 狗鸡巴插骚穴小说 香港a片毛片hciyycom 413121神马电影 jjady3infoa121html 国产视频妈妈在儿子面前自慰 黄鳝门影音先锋 表姐穴穴湿润 偷拍人妻影音 叫做sh什么的电影 草了同事老婆 超碰视频A片在线视频wwwvb111com 偷拍自拍撸撸她 lunliwang 狗干MM porn老女人 达恩电影网你懂的网站 欧美高跟骚女 男尼所巨炮无遮图mman189com 爆操情人 qq公众号色色的 青青草是华人绿色18 阿女AV 新惰色站 PU510COM 插日本少妇20p 国产谢妹妹影院wwwqqqq95com 在线访问升级中 东方在线校园春色 日韩插插插 phoenixmarie小男人 狼友a∨在线视频xw970com 亚洲高清可乐操第一站 制度丝袜国产手机在线 天堂妹2017 夜夜撸在线视频暗暗撸在线视频加多撸在线视频天天撸在线视频 私拍性爱视频 美女激情超碰 bu444com 迅雷色色种子 健身房女教练av 26UUU天天曰久久射MP4 亚洲涩图AV WWW210BECOM A极超碰 sunpornecom avttktv caov2 女同爱爱mp4 亚洲无码超碰在线播放视频2017年版中文字幕中文字幕中文字幕人妻淫乱 人人日动漫 哥哥色哥哥射哥哥干哥哥撸 男女操免费视频 想屄图 奇米影视777撸 nipingdebi 日本极品大胆私阴艺术 美女激情裸聊自拍 欧美色尼玛肛交图库 苍井空插穴图片hha6 taiwansexvideo 日本av美女裸体 色18美女游客 熟女bb被操 爱爱在线成人视频 美国长吊爆肏嫩逼 人体美鲍视频 淫乱性交图片论坛 抽插片 丝袜美女撸 真是嫩啊 肉穴被插 日本美女人体图 做爱的黄色诗 孕妇 torrent百度云 黄色网站2016自拍视频 偷拍色老大导航400色导航 嫩屄人体艺术摄影 调教骚穴 正在播放和朝鲜老妈操 岳母的肉洞 88ri88ri图片88i88 大鸡巴插狗b 操骚熟娘们 成人在线走光 嫂子 阴唇 色bt导航 少妇群交色无码 操老汉影视 操衅淫荡 成人虐待系列网站 美女裸体艺术图片15p 成人综合论坛2014 幼女做爱av 幼女激情做爱 zumeiav oumeidngfu 色妺妹快播电影 三级完整影 亚洲90后色图 迷奸小妹影音先锋 日本女性裸体色图 sha人妻civou 车模打炮17p奔雷 美女淫乱合成图片 美女人体 东北操逼电影 楚留香色网 现在有什么说新的中国美少女组合 影视先锋看动漫 山村乱伦小说远山的呼唤 日本美女美鲍人体图片 无毛幼女潮吹 车上草妈 美女被干黄色无遮挡图片 吸吮龟头 艳色荡母有声小说 百人体图片下载 WWW_X8S2_COM 美女搞鸡激情 淫女影音先锋 日本母乳喂养宠物视频 性欲强的母子淫乱 110139 白白色趁人视频 亚洲五月色人阁 日本人妖性交网 和张妈做爱 吉吉影音av激情电影 后进式猛擦美女p 日本大胆妹妹做爱 苍井空电影种子 下载 振动器黄色网站 thisav新网 女孩放尿 女人被狠操动态图 嫩白的嫂嫂 高中美女做爱图 先锋影音 伦理 影音先锋美女躶体乱伦小说 xex8cc 黑人学生内射美女老师 女优嫩逼图 工藤美纱qvod在线 WWW_979AV_COM 苍井空の玩具rmvb 日本美女性交图淫香淫色 强奸援交女艳照门 舔她的嫩心 强奸乱伦3d大奶网 色顶综合论坛 屄屄的粉红肉 ujizz姘撹夫鎴 帼鑱h仭 欧美老头做爱 丝袜熟女gif 曹查理 三级 狠狠射狠狠操色妈妈色姐姐 日本女人被干 人体外排人体艺术黄色片 寂寞少妇被插的一浪一浪 色站图片看不了 美女在酒店内射 奇米网下载av的 av爆乳公车ed2k 曰本全捰人体写真百度图片搜索 免费涩情小说 伴娘满足摄影师 同时为伴郎和摄影师服务 口交showtime 肏妈啦 田韩a片 kaobi动作片 日本成人强奸乱伦电影 刘晓庆的屄 人兽坏弟弟 成人图片成人视频 日韩户外大胆人体艺术 内涵鸡巴 人体美女阴 小穴穴进进出出图片 舔范冰冰玉足 菊色宫嘻嘻色儿女 妈妈的嫩穴洞 大胭人体艺术 百性阁撸撸侠 bbbbb666 妈妈和哥哥性交 黑石塔地图 周淑仪 wherewereyou 昵称网 臀肥骚穴图片 搜查宫先锋影音 快播毛屄屄 大鸡巴轮奸淫荡女儿 小说区淫妻交换小说史 操姐姐的小屄 西西热艺术 女主播在主播室被肏 激情明星合成论坛哥哥妹妹 欧美最大乳房人体艺术 如何操逼才舒服 性爱小说网视频 熟女骚屄姿势视频 91快播电影国外处女 台北聚色网 偷拍自拍论坛 u性爱网站 马六人体美鲍 张雨欣人体 我和2个女同事做爱 老鸡巴同志小说 熟女的角色扮演性爱快播 WWWKANDIUCOM 男男无忌 少妇偷情亚洲色图 武汉17中操操视频 在线看大奶人妻 老荡妇高跟丝袜足交 爱北京熟女 美女美学穴p WWW51MM520COM 男强奸女做 双飞小骚逼 张柏芝婐照吃鸡绝版 WWWUU11COM 我和表姐偷情 公媳乱伦影音先锋电影 泰国妹舔好 五月天四情 赵世熙年龄 欧美老太女郎丰满人体艺术 淫色影香 e416355f00025f2c 父女两性插入乱轮 新女体洗澡 WWW69OOOCOM 蒲天杯钢琴大赛 成人电泓网 金正恩操逼 性爱色站 乱论中文影院幼女 苍井空qvod电影在线 亚洲无毛穴 女明星的外阴 欧洲伦理小说 qvod亚洲东京热 omeichengrenwang 爆操舅母 黄色我的老师 动漫美女穿黑丝袜能看见洞 俄罗斯学院色色撸撸 黑人肛交亚裔女 性生活duppid1duppid1 不愿意露脸14p sjp成人动漫电影 林雨欣小雄性事全集mp3 色女图区亚洲色图操逼 香港龙虎豹五月 欧美性爱淫色 肥乳肥逼 瑟瑟性交图片 美同十次啦 裸身美女dongtai 无水印超大胆图片 骚妇性艺术 亚洲欧美卡通动漫偷拍自拍 爱玩老爸大鸡巴 女性bt图片搜索 爆操少妇骚贱逼 岳母的红裤头乱伦小说 在线观看色色影院无需播放器 淫妻交换色小说 美女小穴19p 一个样先锋影院 骚逼图欧美 男人社区 男人尻屄鸡巴拔不出来照片 熟妇操p百性阁 狠狠操幼女 张筱雨私穴 日本十次啦 长谷川凉子 我爱看片台湾永久app 亚洲成人女子偷拍图片 操老网友自拍 欧美日韩熟女变态 WWWSESEOCOM 五月成人小妹妹被射电影网 去哪里找李宗瑞视频 插逼微视频 好色小姑 丰满熟女迷恋 韩子萱抠逼 最大胆美女阴道艺术图片展 成人性爱电影母狗 大鸡吧干小姑娘 依依淫色网 黑寡妇黄色小说 幼幼潮吹 深圳龙岗鸡婆电召 快射电影 白色天使电影 下载 欧美激情校园春色www34qfcom 中文无码字幕qovd搜查官 老奶奶射精 花瓣床上美熟 中年夫妻作爱射精动态图片 小说乡村留守女人滥情 欧洲女亚洲夫妻炮 小女孩阴部视频自慰视频 av妈咪 t偷拍小电影 百合真人在线视频 天天影视jiatingluanlun 狼人专业维修 欧美男女性抽插动图片 亚洲性l大爷视频av 德国熟女大妈 东北乱交 水野朝阳丝袜凉鞋诱惑先锋影音 东莞小姐全集magnet 理伦乱伦网站 军哥哥操我 巨乳人妻催眠 xxxmobimediaweibocn WWW916RRRCOMCN wwwtr6688net 日本色倩女星波多野结衣 奇奇热奇奇色妻子撸 涩涩淫淫 91porm自拍我爱我妻 wwwhbmaocom av专卖店微信 欲表姐一家 撸色阁 丁香五月香 强暴小说成人动漫 撸撸啪啪啪撸nanrenfulicom 韩国女主播青草超碰 巨乳美女自拍自慰 操逼哥哥操小妹妹 无敌先锋mp4 wwwsaozivipsom 强奸乱干 影院先锋h卡通 先锋资源武藤クレア 大香蕉yinminwang 中国一线女星性交图 动漫另类亚洲色图 口交技巧mmissno1com 中国激情大片免费 最新巨乳波霸pppp38com 妹妹援妓git 日本大胸熟女妈妈在线视频 WWW123hp下载 乱伦美少妇 18岁人妻少妇口爆吞精 掰穴写真 亚洲色图丝袜美腿丝袜美腿偷拍自拍 激情网站五月色 青青草AV在线视频观免www388crwcom 幼幼av无需下免费看 骚熟丝足微博 www88qvqv 妖女内射17p wwwkkyuxguin 淫荡丝袜老熟女 超骚97超碰在线视频 一路路向西2在线完整版 内衣妹妹扣逼 腌也撸日日撸 人与兽的性事黄色网站 ggbb日本一级黄色操逼 亚洲色图幼y 长谷真理香bt资源 欧美女人与狗ZXXX 国模私拍gogo人体艺术 香港妹超碰 免费空姐撸管视频网站 操新疆女孩 东热在线视频女子大生 sesxxxxx 亚洲男人第四色婷婷 黄页网站成年人香港赌场黄色电影 妖怪黄色小说 av在线人妖和美女 武侠古典在线理论三级欧美激情 男屁眼被曰小说 淫斗罗 超碰人妻人人碰5533tcom 先锋影音官方下载 色色男奇米ckplayer 进逼眼图片图片大全 欧美av夜夜干夜夜 梦到舔小女孩的逼 日本肉肉美女阴毛左山 WWW_ADY9_NET 全祼大胆下体图片 嘻嘻女大人体艺术 sejiejie导航 韩国女厕所偷拍影音先锋 免费有声小说网站 猎国 有声小说 樱井莉亚电影美愚 樱井莉亚search酒吧 樱井莉亚松岛 小泽玛利亚btdiz 求无毒h网 求可以看的h网 在线观看的h网 手机快播能看的h网 可以看图片的h网 h网视频 www黄色小说com 开心五月激 东京热系列图片 五月 酒色网电影小说 下载看黄片 黄色小说在线观看 婷婷五月色桃色激情 爱川美里菜 织田真子 双叶美佳 性感内裤 一起做爱 ass69 哥哥色高清 蝴蝶谷影视 喜爱色社区 性乐汇综合 一本道AV 一道色导航 重武器女孩 女色无罪成人 台灣佬娛樂網 我爱我色成人 酒色鬼伦理资源 90后av(荐) 买春堂G谁有E谁有E 910668快播电影 xxxymovies 熟女乱伦网qvod电影 哥也爱 色一把 深爱基情网 天天基金每日净值表 无码支付在线播放 午夜AV在线观看 超碰在线关晓彤0 滨崎里绪女同全集 无需播放器的av无码电影 水梅公开超碰在线 外国色污视频 500性福利看片 聊斋艳谭17影院 资源网丝袜 亚州视频二区在线视频 我爱五月色 暴风影音怎么下载A片 日本地铁av电影 青草2018CK在线观看 日韩高清无码午夜 magnet 蒂亚AV资源 午夜男日B视频 snis623 在线播放 放课后无码观看 皇家Lu23 男人天堂2018亚洲男人天堂大香蕉 22 6ppav 邪恶天堂第99 狂欢a片 WWW6666SQCOM 三kkkk xhatmer 18 F2DZY 男人天堂在线福利2019 亚洲日韩 国产自拍 在线视频 情侣自拍内射 迅雷下载黄色视频 magnet 强奸舒不舒服 秋霞电影社长夫人 全球热门视频 magnet 强奸之夜视屏 性交内涵视频 秀玲叔嫂 在线福利视频广州富姐 榆次炮友 御姐成人纵欲视频 日本视频在校妾 玉桃园毛片 日韩主播高清福利 日本人妻资源下载地址 SNIS-430 大香蕉澳门皇冠国产自拍成人 韩国成年在线视频 性爱自拍直播视频 外国福利在线 快狐成年app 鸡鸡插嫩屄的影院 宅男影院xo 人人色人人干 五月婷婷心爱 四级剧情美国 magnet 华裔张丽精选11 magnet 滨崎真绪 西瓜影音 色大姐五月天丁香 苹果手机a片 怎么查询最新得AV番号 亚洲色综合伊人色 7080wcom手机伦理 米卡本子 www wf96 com 曰本性交派对 国产性高潮自拍 mp4 saobo下载 一本道手机在线秒播福利 免费成人激情视频 www4hu998cam 狼友 国庆 福利 提示:点开黑屏或白屏缓冲五秒 [红包] 福利免费视频 [红包] ht 张伯芝自拍在线视频 村上丽奈三级视频 京香在线视频p 葡京夜夜夜 77yy伦理 猛干黑丝袜老师 在线观看 日本一级大黄毛片 美足福利小视频在线影院 少妇美女主播应狼友要求半夜路边勾引 欧美色一色大香蕉GV 日本做爱无码动画 mp4 高树零磁力链接 巨屌性交 九九爱爱视频6re 微拍福利247 软妹在线福利 国产 同事 校园 在线 李宗瑞奇奥网33 一本道大香蕉伊人线av 95福利视频 日本色一情 依依亚洲图片去哪里 国超福利视频免费 百度云黄片 《鬼父》全集在线观看无码 爽歪歪色视频 姿势强化操视频 最新艺术片快播 5侧所性视频 阿V小视频 超碰国产思瑞 德田重男和儿媳妇嘴对嘴喝酒 淫妻自拍艳照 我的世界中国版宣传片 av免费在线手机 与和尚交缠的色却之夜 在线 av川村真矢在线影片 怎样免费看欧美性爱视频真人秀 美艳娇妻肖云韵 免费福利成人 77色女 何殷纯个人信息 ganmimi 大哥综合站 最新地址 韩国车模番号 wwwxiai09cm 牛牛碰人人础免费视频 av手机日韩在线 午夜av影院免费播放版 丘咲エミリ nnuu66日本系列 免费任你日 日本处女-视频@Here 偶偶福利私密视频 18x同学伪娘到厕所里射精动漫 操碰福利视频 star534 ftp 亚洲日韩激情在线 二本道AVDVD 在线av日韩经典 亚洲图片京东热av 剥皮人魔BT迅雷 91男人天堂91福利社 水中 五月丁香 水岛津实蓝衣地铁快播 影院在线协和 色老板在线影院观看2017 成人视频5 yingshi 399 空姐GIF av色中 免费av电影微网站在线观看 亚须希磁力 下载 动感小站福利小视频 菲菲影院 厨房塞蔬菜番号 大黄片福利 东方在线aav视频 充气娃娃A片在线观看 番号鹌 初美沙希初裸写真在线 大胸美女和黑人爱爱 日本专区无码视频3166 rbd的系列人妻在线播放 48号缚师 神马电影69小情侣 2369小电影 苍井空毛片免费 myloved视频 男欢女爱视频录像 大肚人妻孕交视频 nannuzuoaihuangsedaqquan 亚洲女同视频 k视频手机在线 无码乱操 66BAB视频在线 d群交 番号 推荐 富姐血柠檬宾馆调教视频 亚州黄色无码视频 真实迷奸大学校花一线天嫩逼 www609ee 大香蕉伊人视频免费整 欧美高清h 日本高清aaDVD 色久久久久 第四色网男人香蕉 谷露影院在线国产 caoporen公开视频在线播放 91情侣理任在线 九州av–男人的天堂! 丁香五月天小说网 伊人成人电影色大哥 WWW,A片 AV小视频在线播放 青草a免费线观 日韩高清无码在线视频 ftxx00 sayaka fukuhara 4480青苹果影院免费4460 西田麻衣高清无码视频 长沙丝足调教 xingchashipin 国产老熟女大尺度自拍 偷拍自拍在线看100p www37ibcon 福利电影tcn 欧美高跟鞋射视频在线 馒头B紧身裤视频热舞 深夜福利无码小电影 sao360 日本av视频欧美性爱视频 下载 成人久久午夜电影 草莓论坛 se cop在线视频 成人影片不需下载gav 星野遥电影手机在线观看 丁香婷婷五月天小说 破初系列在线观看网站 悠悠资源色 日b视频过程狠狠色哥网站 26uuu最新亚洲欧美在线 南日p无码午夜影院 东方影库av无码在线播放 换妻一族电影 幼女AV 媚药女同按摩师在线观看 zzjiyou 韩妞在酒吧被黑鬼下药 泷泽萝拉在线播放教师 69堂在线看草莓 美丽坚共和国 草b大片免费的 森下真衣 视频在线观看 草莓视频在线看绝斯斯 日本69式视频有码 ADy无码 你懂的直播免费 日本无码丝袜 佐々木爱美 磁力 口交内射视频 校园 都市 欧美 自拍 磁力网 武侠古典之萧历 letvclient://msiteAction?actionType=9&amp;pid=&amp;vid=21286812&amp;cid=30&amp;zid=0&amp;ver av毛片在线观看直播 白洁 高杰 欧美性爱大白屁股娘们性爱视频 免費高清視頻一色佬 影音先锋阿姨不约 最新av电影在线 有声性说 涩66 日本吹潮在线观看 含羞草大人影院 黑鹰坠落h版5060 青娱乐色琪琪 色色鸟亚洲 极速在线 欧美 亚洲 偷拍 王梦溪 迅雷下载 和99re一网的网站 操空姐 avzon kjfuli福利视频 经典 小鲜肉苏州94 香椎 jav anal hd ady手机 5533992c0m 日本重口网站在线 小视屏福利网站 性爱动漫福利 小老弟视频精品 国产自拍 小妹自拍自慰视频网站 学生妹被艹视频 先锋eeuss 小清新影院性高清视频 校园另类自拍欧美 邪恶里番肉番 馨雨女神调教视频 筱慧视频在线网址 泄欲哥导航网址 中国清纯大学生默默 www84gncom 女耻物 明光大尺度歌舞团 2018在线看的视频你懂得 免费无毒福利 狠狠的艹免费视频 国产网红福利 欧洲老妈A片 www,俄罗斯,幼色 老外影院黄色 bl插插电影 微熟女在线播放 兴奋生中出巨乳交配 橘优花 www8733cc 插菊花综合网人妻 4k 在线福利影院 莉莉影院俄罗斯少妇露脸 午夜群交视频 千百噜噜噜影片 美女强奸啪啪啪视频 任性操 做爱视频教师 日本美女重口味啪啪啪做爱视频 想要零用钱妹妹 素股 日本强奸乱伦在线观看网站 淫乱视频操屄 欧美 日本 国产 导航 激情黄片超爽 1小沢在线播放 哥去射偷拍自拍在线观看 最新97视频网站 94套图吧 阿,我要被你操,被我舔 深圳同居换夫 日本在线高清m949dtv 少妇爱爱 大香焦网视频免费视频,i xp123亚洲影院 熟女 博彩 wwwmvm888co 福利宅男影院免费视频福利在线看 黄片影院。 uuu778 mp4 综合网人 亚洲无码中文字幕成人动漫 大箱焦成人网 &gt;&gt;宅*男*影*院&lt;&lt; 西瓜影音 王思懿金瓶在线看片 在哪里可以看h动漫短视频 印度av视频网 drp无码影院 国语自拍对白在线 操逼比赛 苍井空无码av种子磁力链接迅雷 操逼故事在线视屏 韩国成人主播 双飞 不用下载安装就能看的吃男人鸡巴视频 北京熟女取精2女上位 变态调教性奴视频 avop-360 欧美三级伦理大尺度 马牛叉电影 搜人体苍井空50分钟无码 男人装 明日花 大香蕉AV在线播放 丝袜av排行榜前10名 无码黄电影在线 影音先锋AV有码丝袜美腿 2018最好的塔巴夫影视 苍老师在线55集 亚洲制服无码欧美 大贯杏里AV百度云 怡春院偷拍首页综合网 www 702qq cnm 被窝午夜手机自拍福利视频 Thailand年轻的制服高中女孩淫乱生活传闻风波 玩弄淫穴 无套爆操 爆精内射 附高清 vv影厍 操逼小视频在哪下载 tayelu免费视频 播播影院女性向 操后妈6o分钟 成人在线动漫 黄色a片在线免费观看 我妻如妓 秘社mm视频 纯洁 亚洲 国产网友自拍偷拍视频 连袜裤javlibrary 万色吧影视 1啊无套清晰 日本日日夜夜bb 黑木一香 magnet i日本人69种视频 日本aⅴ视频天堂肮脏医生 熟女大阴户视频 爱区 看片岛 vr捆绑美女 92午夜免费200部 深夜做爱视频在线观看 国产成人福利 magnet 澳门色片 av女捜査官yingyuan jb影院下载入口 日本漫画之工fanmu angelbaby19部 在线播放 变态搞基网站 先锋熟女少妇 vip7116韩国电影 黄色电影院六度电影老女人 欧美同性视频vibes 欧美在线天堂视频一本道 伦理 大片 高跟丝袜女视频 后插资源 波多野结衣末剪版在线观看 苍井空 在线播放 8p 肏女人 日本姊妹同 福利fl218 久久爱免费福利在线 男女性爱傻拍拍视频高清 伊人大香蕉在线视频网 综合色爱视频 肉色丝袜爱福利在线观看 偷拍自拍第八十五 美女真播母乳真播 西瓜影音 曰本无码在线 345bkcom 手机亚洲mm88cc 一本道dpp 美国理论午夜十二点 后入式xoxo免费影院 日本av女优视屏 黑裤袜系列在线 斑斑马电影街 欧美图区 国内自拍 强奸乱伦 我爱你AV52 亚洲av剧情 立花琉莉在线网站 Caoporn网站 午夜福利757在线视1000 ssni048在线 男人的肉棒插进了女人的小穴里不用给钱的视频 琪琪在线狠狠射 九哥小浪窑网 2018天天干夜夜啪天天射天天日影院久久99 麻美由真 bt字幕 日日久久天天 k卫生间男女ⅹⅹoo视频 CD性爱视频 天天操天天玩 调教堕落中日韩美女 激情戏新视觉 尻屄怎么读 边玉洁年轻时的照片 老外干十岁女孩磁力链接 黑丝少妇影音先锋 a片一线看 宅樱三级片 欧美女孩w18 捆绑女奴 很黄很色的动画片在线观看 wwwqiuxia66路cam ipz483百度网盘很黄很色的动画片在线观看 丝雅电影网伦理片在线看 美国巨乳波霸护士 美国邪恶毛片 色色琪电影 少妇操视频在线观看 美国十次大公鸡 毛片观看福利影院合集 美女被xxoo奶摸 伦理片eeuss2θ12手机板 噜噜色噜噜吧琪琪网 人妻凌辱参观日百度云 气质美女经理酒醉被上司带宾馆各种玩操自拍流出 极品巨乳美女高潮视频 精品成人A片电 染上春色在线播放 激情视频无码丁香五月 激情影琓 自由 黃色片干姐姐3131 麻美由真 恶父 白妇少洁的小说 福利视频午夜小说自拍 卡在墙洞男孩汉化版百度云 百姓阁不夜城最新地址 日本少妇Her a,ji ,huang,pian 秋弄韩 百合润美 magnet 欧洲av成人在线 蛋壳姬 岛国种子搬运工官网 吻逼抠逼视频 任你操视频这里只精品 无码专区 大xj香蕉49 精品国产自在线拍400部 黑人巨大战原纱央莉mp4 欧美熟妇系列1032 女主女王sm视频免费专区 横山美雪视频在线观看 六间房黄带 国产av自拍在线 www@pziyuan@com 口活最好的番号排名 哪个网站能看小泽玛利亚的视频 下载 得弟日001 二奶夺位 下载 www3133dcon 日本′电影强暴女搜查迅雷哥 亚州高清无吗不卡视屏 狼好色日韩高清视频 高清国产牛牛碰视频 凹凸视频分类在线a一 一级毛扁L 高老庄成人在线 看片 酒店偷拍 日本AV群交游戏 男的精喷如泉的一部av 手机看片秒拍修复 bbb977改成什么了 男人天堂噜 AV日产 1电影天堂EEUSS 萝莉小电影种子 ftp MSWD-10023 ftp snis911下载 射大嫂在线播放 浅香结菜 国美女主播福利视频 韩国vip主播无码 国产主播自拍磁力链接bt种子下载 国产在线短篇 拿男女做实验的电影 国内酒店女生骚逼视频 国外无码ay免费视频 江疏影 口 交 视频 欧美Av色中色拉风影院 自拍porn87高清日本mp4 国产农村夫妻啪 国内自拍网盘 色B心 自拍偷拍激情国产 97高清影院 亚 无码性视频 动态做爱LOⅤE 长筒靴做爱 magnet 美国成人午夜片 铃原爱蜜莉视频在线播放 欧美激mp4 日韩自拍在线高清视频 yyyfuli 最美肛交无码下载 下载 视频一AAVV、com 操同事的小女友爱剪辑 wohejiaoshimamadeseqinggushi 77mp4 sixt 偷拍视频毛片日本 国内自拍女厕小便 珑泽萝拉无码av下载 杨幂 醉酒 1024你懂的 污漫韩国漫画57 艾迪av无码 亚洲第一成人福利网 shkd-744在线 豹纹内裤影院 黑人熟妇视频在线观看 爱爱无码视屏 黄色视屏免费看在线 卧室五六式老太太每个人的阴道毛视频 花蜜性爱小说 heniaoxiaoshuo 外国美女性感穴图 骚屄性交还录像基地 插动漫美女动态 97sese图片区 我让老婆找大鸡巴把她日到高潮 草裙裸体艺术照片 我和门口的阿姨做爱小说 日本女人与男人性交图片 男子艺术图片 偷拍自拍激情小说迅雷下载 老人与小孩大性交 快来干我小说 人体艺术下阴 孕妇母乳先锋 欧美色图一巨乳 中国山西忻州岢岚美女脱了衣服内裤大奶屁股露出来上床b的图片 口述6p 看真人操屄视频 日本女老师写真 男人日女人下面的视频 酒色网婷婷五月天 良家肥臀 俄罗斯色妞 成人大尺度gif 极品美女影音做爱 姐弟性交大赛无码 口交动大鸡吧 熟色201412 91热色色色 亚洲获奖a片 好想看看美女的写穴视频 舒淇人艺术 美女无衣自拍图片 刘嘉玲大胆人体写真图 gege揉搓 欧美金发熟妇图 超级mv性交大战电影 青沼知朝番号 欧洲色图色福利 继母阴道淫荡风骚 撸死你资源站兽交 250ppcum 成年美女图 女女调教电影 9797滛滛网 妹妹操哥哥日 营野沙莉亚 操淫屄网 婶婶的小屄 abcdduppid1 44tttt 恋古成人图片论坛 成人激悁大?6?4 操逼张慧敏逼照 强奸乱伦飞 夫妻性爱录音 操逼操电影网 性爱动态图片15p 美国玩中国女人的图片 WWW_5555K_COM 免费论理片 色幼女性交导航 色播五月天亚洲图片资料 321操逼网 人体裸体艺术美 乡村色妹性交视频网 曰本性爱第一页 丰满少妇给我足交 外国投拍美女上厕所视频 性爱图片做爱电视 影音先锋母亲性交 中出し 东めぐみ 147美女人体艺术波 女子逼毛 umei 丝足 � 日本美女性交欧美色图偷偷橹 日本黄色成人很黄的 亚洲图片小说网 幼幼百度云种子 WWW_YULE_COM 姐妹色 人与兽黄片视频一级片 超碰caoporn成人 那个软件能看白片 va999资源网 动漫黄图小说 中国人体莎莉 女人淫秽乱伦 俄罗斯明星人体艺术 谁有熟女网站 射极品空姐超碰 日韩柔体性爱影片 wwwre999com 李宗瑞不雅视频文件影音先锋 欧美 亚洲 娜 WWW_4HU50_COM 色小说乱伦故事 chengrendianyingxengai 百度美穴 WWW_168_INFO 春暖花开影视性吧 泰岚性感 xiao77论坛新年 极美印象苍井空奇色 天使妹妹淫荡网 婷婷五月色中阁 师姐淫屄 qiangjiancaobiwang 海岛人淫乱 日本人t体yishu 大牛村群 美女艺术照 欧美骚妇和狗交配 色人谷美国发布站 农场性爱在线视频 内射美女小嫩逼 欧美入逼色图 赤裸天使讨论区 欧美大但pp图片 97sese 97ai 97gan 美女人一人体图片 明星漏逼逼 偷拍自拍区操老肥熟 偷情人妻骚母狗淫语对白说要被狠狠的操 情趣连体 超级诱惑 tube24韩国 亚洲淫淫碰 肛交567视频在线成人 女同学肛交小穴肛门草 美女色图qvod 肥奶大逼 俺去乱了 西西大胆人体艺术黑木耳 经典av片名字 成人图片 鲍鱼 快播怎么看无码电影 欧美淫秽影片 傅 贞怡 人体艺术 色 中 色亚洲色图人与狗 花开半夏演员表 中国净水器供应商 重庆赵红霞真实照片 辛亥革命电影 温州第十二中学 淫香淫色天天色 黑人和韩国女人做爱 激情少妇乱伦 3d玉铺团 偷情老婆小说 办公室操我 骨感小骚货视频 哇嘎影视四色 苍井空和黑人拍的av是9那部 俄罗斯裸体体图 我想操比找美女 欧美性爱人与猪 美女裸体漏阴图片 插入小妈小穴 西西处女人体艺体欣赏 色图五六月天 免费先锋成人网 处女搞屄 当母音屯 qiangjianluanlunying1 免费黄色图片网站 逼邪恶漫画 新乱伦影音先锋 凉拌木耳女生每次最多吃多少 狠狠地mv撸五月天 女子身体艳照 电视剧激情图 国产妇女做爱视频 搡大白逼 性交乱伦p 嫩逼的女郎做爱图片 26eeee 色444电影 三级片一thunderftp WWW_888XXHH_COM 牛牛视频播放器护士 治阳瘘早泄的中药泡酒 熟女人妻裸体 长谷川惠美全裸图片 夫妻性爱偷拍照片 美轮美做求歌名 WWW_678BS_COM 日逼的事情 骚狼操淫妇电影 日本av女优馒头逼图片 北条麻妃快播影片 2014最新乱伦强奸电影 幼香幼色论坛 女人与大黄狗做爱 淫乱的少妇 欧美黄色片午夜剧场a片 大色窝色狼网夜夜激情 看淫荡老婆群交兽交 国产熟女在线视频 欧美母猪和人性交 偷拍自拍武士色 小妹屄图 色站导航欧美色图 爱爱射欧美图片 美妖操逼 巴士超短摩擦色网 女人与公狗高清rm yazhouxingaitaiwanlao 在线自拍亚洲欧美 山斗香港三级 欧美日韩偷拍 高树玛利亚bt 抽插熟女撸 WWW38XTCOM 大黑油葫芦交配 伦理熟女人妻 色桥人体艺术抓美网抓拍美女美丽 最逼的中国演员 伦乱透屄故事 中学屄吧 野外大胆裸照 国外天体海滩视频 日韩影片北原多香子 那晚小姨子把我狂吸 人体彩绘图片大全图 美女裸体劈腿照片大阴唇 女人掰逼图百度 直走丈夫买烟妻子被李书记蹂躏 亚洲陈丽佳人体艺术 美女草比视频 屄的写真 聚色冈样 日本66人体艺术摄影 亚洲美女白虎色图 WWWOTALUMODECOM 性花宫黄色成人激情 亚洲最大成人操穴电影网 宬人电影在线播 春满四合院视频 韩国美少女主播荷恩 操白百何的骚逼 欧洲色图激情网 va看逼 强奸滛乱 曰日撸小说 波多野结衣作品那一部好看 成人片撸一撸 淫淫巨乳合网 heiguigan 色妹妹a 性感女妺妹 5x在线视频 xxoo青涩综合网 俺去也影音先锋 乱伦奸幼性交小说阅读 6699色图 一夲道京东热全部电影 女人被强奸时的反映 迢碰av 极品美女骚屄 俄罗斯乱伦抢 成人性爱图片网址 永旺cgv影院 裸图b美女 撸撸成人动漫云播放器 戴文青木写真 日本人妻斩先锋影音 看女人色图bbb 女优希崎杰西卡黑色丝袜人体艺术 老妇少男忘年乱小说 鸡巴尻小屄 uu小孩逼11p yy6029新视觉影院官 爱人体静雨 ok5858com tangfangdadan人体艺术 近亲相奸お母さんと爱欲性交 少女性奴母狗血泪斑斑调教 幼女小嫩逼10p 岳母乱伦淫荡肉戏故事 媳妇叫公公摸奶 ppp36官方网站 嫩馒头鲍色图 WWWHDCCBKRCOM cccc80 内射小妹妹图片15p 美女大学教师视频 狗茎欧美女人 WWW55HHCOM 男人阴茎实图高清 5月激情乱伦 新福利影院宅男 老妇的肉逼 强奸乱伦少女破处 学生性爱视频 欧美少女做爱美图 藏姬阁第一福利老司机 欧美电影家庭手机 三邦美女视频在线观看 se鲍鱼 福利嫂超碰 厕所阴唇 邯郸性趣天堂 色尼姑免费原官方网站gya1024cn 被催眠的校花小柔 av导航全球 老熟妇好爽 日本近亲乱伦中文字幕mp4 色播五月天永久网站 扒开屄操 swww99aaww 黄视频体验区 自拍偷拍性爱视频www16efcom 欧美男人与狗兽交 飞华两性试衣间 爸爸女儿乱伦妈妈儿子做爱 亚洲男同性恋做爱图片 视频裸聊女同骚逼 群交谷城 日本女优恋足视频 JJ射精正面图片 乱仑吃屄 亚洲熟女图片wwwgzyunhecom 成人色片电视频 成人电影哥哥碰 最新人妻av在线网站 伦理微电影magnet 巨乳爆乳大奶子插肉穴小说 和巨人美女做爱 123gbgb男人看的地址 强奸乱伦校园都市激情 快来干我老婆 性交短篇小说 AVMO欧美 s级女优网友自拍 手指插花核小说 成人做爱乱伦人体艺术 绿母漫画真人版 青青3p 色欲母子性爱小说 家庭伦理小说网址 奇米影视手机版百度 夜撸va 成人小说快播电影 美女干逼人体艺术 meinvluotitu 日本三线片线观看 逼里逼里香哥哥 jizzjizz丝足 爱爱激情五月 香港三级片系列激凸男女1高清在线观看四虎影库 欧美搞B片 哎到花心了啊 美女大胆露穴 谭晶h文 野花撸进不去怎么办 那里可以免费观看三级做爱视频 操台湾妹子综合网站 动漫人物h小说合集 另类女同群交小说 爱爱扣插舔 大奶妹官网 为什么收不到韩国女主播青草的视频 淫妻乱伦龙腾小说 播播影院色播五月先锋资源 苍井空潦草av片 久久鲁免费观看到底 三级片三级片的坏的视频播放 巨乳女教师magnet 美女黑木茸百度图片 老女人的淫 风俗娘湿 亚洲少妇xxoo 搜色电影影音先锋 插妹妹日妹妹dj520netwww78p78info 光棍电影网限制 用力插妈妈的骚逼啊啊 日本捆绑性爱 四虎影库A片 免费网男人草女人 在找黄片人与兽 可免费观看激情全过程的APP 纯妹妹极品穴穴享用整晚 侏儒a片 风流少妇人体艺术图片 快播日本乱伦 天浴电影黄色 风骚日本老师下载 柚子塞屄色图 sm妻子捆绑兽交小说 乱伦小说意淫强奸校园春色古典武侠淫妻交换 我的女朋友是40岁的人妻 www84ytom 日本春药按摩 女人玉门高清大图百度 AV电景色网 免费在线欧美AVwwwc5508com 微博btdownloadbaiducom 公公大鸡巴太大了视频 少妇五月天综合网 巨乳丝袜制服中文剧情字幕 谁知道手机能看的片 人性交配色色 快播欧洲成人套图网 保定色尼姑色和尚 西欧拳交 haosex a片99kk511cnarrseseappsitewww90abc95w4cn 亚洲级欲 日本妈妈v淫 少女b图片亚洲色图 xiongmeideseqingyouse 自拍偷拍彭娜 亚洲色图暮色吧 成人一级黄片网站 elluxurycom 爱碰网官网 操丝袜姐姐小说系列 性交姿势wwwcnkangcomwww7788xsnet sss电脑版 苍井空和男佳也那部 裸体模特在雪中 被大吊干是什么感觉 大嫂激情图片 菲菲肉穴 变态另类6eeeeecom 色斗鱼wwwsedouyucom AV网站www520vodcomwwwxx557com 肏了小骚屄 xf77piay 说几个看幼幼片的网站 哥哥干网友骚货 苍井空超过激交大乱 淫淫网刘晓庆裸图 苍井空的私处照 酒色五月丁香 仓井空老师剧照 教师无码潮吹 张柏芝的桃源洞真嫩 kk99se访问升级 偷怕自拍撸 矢吹春奈 强奸处女口述 5566影音先锋干大姑 强奸伦理小说视频 国产自拍剧情在线 求推荐可以看高清色图的网站 998av 成人动漫阿凡达 寂寞妈妈免费视频 奇米影视色资源 堀井美月av 欧美人人免费视频在线观看 美国a片啪啪 WWV111WeCOm 小穴潮吹什虐阴么 五色房间播播影院 wwwqingjunlu3tv Aa片影院播放器 男人的av影库 一级片视频 小妹子论坛资源分享 色图片图片区 跟女朋友啪啪直播贴吧 第九月激情网yuyongniancom 美女馒头缝 H幼幼萝莉图片 成人无毒网站 阴布图片大全 空姐被黑人插 高跟美女 黄色电影姐姐妹妹是拉拉 亚洲免费快播网站 黄色电影A片毛片 51cC0m 欧美双插电影 欧美男女av影片 4438五月天 朋友淫荡的妈妈我可以操你妈妈吗 色玖玖AVcom 双性黄色人电影 老外的大肉捧系列小说 免费的黄网站网 老妇成人图片大全 黄色图片观看 995cc 人体美女床上诱惑 36d色图百度 透逼自拍 无码有码在线 丝袜15p 欧美激情狐狸精 成人电影AAA990 天天啪久久wwwgeerlscom 哈尔滨色 全程露脸52岁视频拍摄 wwwqyuletvagmailcom 激情校园春色老师 亚洲色图韩国明星潜规则p 捆绑强奸娇喘视频 西门庆导航网址 青青草针对华在线视 久久热时间停止器视频 淫荡熟妇16P 亚洲视频在线成人 搜索wwwweibocomu5405295901 好了av第色 爰看AV电影 啪啪啪萝莉被操 亚洲露b人体艺术 东京热一本道金8天国 久久热我爱看a片 自拍偷拍网址wwwhhhh15com 微拍福利wwwmiwpscom 免费看天天A片美女图片免费 狠狠爱十狠狠干十狠狠撸日 青青草手机在线vip免费 桐岛惠理香 美女红色曰逼图片单曲 放个国产韩国日本美国欧州男舔逼逼女舔大鸡巴把鸡巴扎入逼里猛抽猛扎放个最黄 ckplayer在线亚洲 肉文ed2k WWW460TVCoM 9911影院 在线电影选项院 日妹妹干妹妹影院百度 wwwbb698com wwwnv81com新网址 青之驱魔师cosplay 大爷操作影院388sesecom 幼女ayi 操嫩人 人妖操人妖电影 大鸡巴干性感美女 操妹妹插妹妹AV 东北夫妻4P艳照 国产精品偷拍自拍明星系列在线 在线播放国产偷拍 姑坏姑集百万潮流 抽插淫荡少妇小清15p 和公公尻穴 一本道av在线三级 母狗奴隶 黄色网站草莓影院 裸体姿势艺术诱惑 操久久 幼女动漫下载迅雷下载 成人电影之手机偷拍 嫩穴妻 al7788 鸡巴视频国产在线 yc15电影com 阿v对白 妈妈的丝袜20P 毛片基地SM另类 xxxx欧美制服 swwwpu730comhtmindexhtm 大吊性交 大尺度激情性爱美女 图片专区欧美色图 强奸骚货女朋友 影音先锋咪咪色 熟女人妻校园春色淫色人妻 www48xycom 皇色王朝2356 辣文娇妻系列小说 激情婷婷第五月婷婷强奸乱伦 泡幼女网 就爱就爱娱乐网 5577k 亚洲色网偷拍图片 播乐子超在线 10万部爽片等你欣赏 看美女裸体视烦 武则天H版 性色影视 天天拍拍国美在线视频 www48kcon 碗君西西人体大胆 搜索去色色吧 淫荡阿姨在线 87bbb最新网 妻子与大学生黑子 怡红院首页一百度 黄色乱伦电影av 香港性禁片 ae517magnet 青青草的快播 狠狠操骚b 射你阴b 女孩发骚自慰 搜索www4444com 19sei最新地地址 AV在线国语对白52kukucomwwwaa0ecom 欧美人人妻激情小说与视 5XX 女人自慰囗交动物乱伦 性感美人妻电影 久草在线站街女 色色色色色干干妹妹 www路360ppcom 99pp黄色网站 国产AV偷拍视频 40岁少妇露脸久久草热在线 小衣与狗 91pro内部地址 男女性交猛抽动 调教男啊啊啊 空姐被强奸的日本AV电影 国产自拍操逼试视频 给表姐调教成性奴 哥哥色欧美激情 大香焦爱爱网 wwgaosecom 先锋影音av资源 亲脱摸扣操 av色色com 少妇性爱故事论坛 姐弟乱伦网站 AVPP6SCOM 久草在线妹妹干 114张悠雨魅惑图片色色看看色色看看主 男女性爱三级毛片 开心酒色吧 网友自拍偷拍国产在线第一页 酒店调教性奴母狗亚洲图片 Av电视在线看 Sm小说虐丁妈妈 黄色视觉黄色小说 swwwbu370comhtmindexhtm 在线娇喘 亚州强爆乱伦视频 wwwjjj2345co 像淫荡游戏这种动画有哪些 日本午夜户外直播 杏吧有你大香蕉 pcn中文网 日本女人色中色35wwwwcom 色系大片观看方法 超碰巨乳视频在线 成人套图49p 鸡巴25p WWW884aacon下载 伦理片小向美奈子 HAOXAVCOMmagnet www57bbee 大香蕉久草免费的成人视频 大乳乳乱伦 撸醒睡熟儿子乱伦视频在线 尤18TV 伦理片琪琪第8页 黄色真人网址下载 成人动漫父女乱伦 美女丝袜激情图 色婷婷伦理网站 修真抽插穴 火影忍者谢哥博客 豆豆色穴成人网 狠狠干妹妹图片 最骚美女最骚美女最骚美女最骚美女最骚美女最骚美女 WWW92ddcccom 沈阳母子 手机看av片成人电影 高清av在线无码 牛牛碰电影 姐姐高潮出水10p 淫哥哥下载 神马性爱交易 av天天堂在线观看日本 群交乱伦姐姐 冲田杏梨人体777e丫图 水仙二嫂视频福利在线 国产原创自拍996 ee655con 同性恋舔我小穴 超碰图片wwwxmxh188com 黄图的网站是什么 三妹影院 青青草制服性爱片 天海翼 亚洲 图片 色五小姐在线视频 仓井空全集百度影音 WWW_RP_INFO 人体艺术巨乳巨炮 我爱亚洲人体爱人体 劲爆乱伦故事 一女二男性爱图 日本美写真视频 处女中出 偷拍自拍美女操逼在线播放 欧美极品嫩穴 fc2日本成人视频最新 卫校女同学自慰图 台湾美腿模特视频全集 三浦惠里子作品封面 母子淫乱日逼一神爱爱小说网 藏獒吃伟哥强奸女人 草裙社区蜜祧成人快播 人体狠狠鲁 最美女屄图 狠狠挺近花心射 撸波波明星美图 一窃开一脏器 少妇裸体性交写真图片 哥哥去在线图片欧美 性爱派对图片 什么样的女人逼最紧 性吧春暖花开性爱自拍 日本漂亮女人三级照片 邻家小妹的大奶子 色妹妹来也青草影视 色迷淫色 9115视频在线资源sss 经典あ级制あ丝袜另类专区巨あ波霸清纯あ美 黄色1级piang 女优性交免费电影 77sssee 人妻少妇被 人体艺术 筱 美女裸照操逼照 为什么我喜欢让情人操我 夫妻性交真像视频 最大胆美女人体艺术 欧美色图种子百度网盘 a片强奸系列快播片 高树玛丽亚 ed2k 强奸作爱图片 site 免费在线观看日本人av 黑丝肉丝双飞乐 色史中色 超性感丝袜美女内衣视频 se情wangzhan 日本鬼子抢奸中国妇女 大香蕉狠很撸 oumejiqing 虐足酷刑 少女拳交视频 和少妇 仓井空magnet 汤加丽美女 孕妇系列 乱伦 肥女胖女3p 色图 色百合电影导航 苍井空无码先锋下载 苍井空裸体无码写真 日本少妇11p图片 日本妹妹性爱射精图 操逼视频先操逼在玩逼 少年与老太太性爱日本说中文 媚药先锋 性门照 快播肏淫妇 好看图片小说 制服 日本 幼幼 高清 丝袜肛门视频 最新尿尿偷拍 公公插媳妇逼 看80后操bthunderftp thisav新网 性交组图 成人色短小说 口述母子伦理感觉 操肿了少妇小穴 aikojiaocom 一 级黄色图片 骚妹妹爱爱图网 reitiyshu人体艺术rtys日本美女大胆人体艺术激情人体艺术 下一章激情内射视频 大鸡吧小臭臭操操操小穴 强奸苍井空 毕夏漏点 肏胖骚屄 巨乳护士 绣 亚洲大肚男激情自拍 欧美大黑棍pk亚洲美女 快播 h片段 老人头人体艺术图片 撸撸ase 操了大姨姐的骚穴 711c人体大胆 父女叉屄 老外女与动物 韩国女主播阿狸快播 做爱网子 白皙亚裔女大战老外 套图超市有声小说 35p激情熟女 淫叫骚妇 中年家庭妇女色相 汤加丽人体艺术专辑 mhaodizhi4ifno 意淫miki 苍井空百度网盘种子 美女双穴被奸 写真视频快播 自拍偷拍 露脸 夫妻 少妇艺术祼体照片 丰满裸体大奶 无码av社区网 女人正面裸体艺术 十九女孩庄媛 网友自拍偷拍天天 阿门阿前 可爱多儿童摄影 我比想象中爱你 南京江宁房产 家具风水 漫步者1000tc 想着胜利前进 东南亚女孩艺术人体 苍井空人体全集 siwameijiao中文字幕 熟女淫乱色图 五月天激情鲁大妈色播 www520色偷偷撸 波霸彭丹露奶图 金发美女小嫩屄 美人阁第四色 熟女合成48p 原千惠透明装 女儿操父亲大鸡巴小说 暴力操女 剧情新片换妻影音先锋播放 先锋影院 av 不撸 女阴部无遮挡 爆操宾馆大龄女 聊斋乱伦性事 妈妈被老外狂干 操大黑逼逼 撸撸小说母狗 金梅瓶电视剧5集在线wwwqitetecom 贵女淫乱 WWWEYHJCOMM 7788sesewang 缔D杏那 黄昏操逼在线播放 都市激情撸情 avbbcom 瑟瑟色综合 日本妹妹综合 十八岁女孩人体艺术 www79vvvcom 日本美女下体艺术摄影图 我和少女做爱视频 成人电影一级a片 大黄瓜vs小菊花 黄色录像电影片段 老富婆操比性爱 幼女性交站 yazhouav亚洲av 美女美穴图片30p 熟女精品写真 成年dianin 茂如森林的阴毛图 夫妻性爱自拍16p 青岛小护士视频 明星不于明加的不雅照 影院上映最新电影 摔跤吧爸爸吉吉影院 岳母女婿生子 太阳的后裔苏格影院 阿姨吸我鸡巴舔我屁股吃我大便 天海翼作品被截图 丰满人妖的性爱 淫乱图片草裙网 女乱15p 杉田瞳i~淫若妻妊妇 插插综合图看黄色一级图片 纸做的爱的小贺图片 照片自拍小说图片电影 透视旗袍人体艺术图片 五月天色姐妹 我和处女小护士操逼 撸图屋聚色阁 罗体美妞图 快播亚洲色图自拍偷拍 淫荡女老师教室淫穴被大鸡巴插 熟女人妻阿姨在线电影 姐夫和小姨子激情视频 红衣美女舞劈腿 成人电影av天堂网 杀戮都市吧国产各种门 解放的潘多拉 禽兽父亲绑起自己女儿猛操 欧毛毛女三级黄色片图 尻嫩屄图 日本幼女美鲍 乳大黑女人 香港掰穴 阴毛多的大胆人体 美女行爱视频 男吊写真 国产农村野台子脱衣舞 美女fs2you 疯狂肏屄视频 WWW098HHCOM 操屄小说视频 西西88人体艺术 我看午夜人体艺术 日本美少女大胆人体艺术图片 2014最新偷拍自拍 撸撸b图 女人体艺术专题博客 好看的亚洲伦理无插件 撸炮动漫 大香蕉在线观看少妇www22oxoxcom yy6029淫影院 有没有哥哥妹妹乱伦的小说 轻吻也飘然在线福利 cos先锋影音 mcc色区催眠 街射ed2k 农村大胸阿姨做爱 爱搞逼图片 5x社区一样的网站 春暖花开操逼吧 日本男女裸体性交照片 姐姐帮哥哥推精油 黄图m226wwcomnxgxcom 与淫荡女医生做爱 美屄magnet 天天鲁大香蕉网 白丝护士爱爱 足交久久帆布鞋 2233d最新2233d地址 色无极亚洲dddd88com751vvcom 美国九九九色成人网成人网站 亚洲幼女口交电影 青青草www99kk496cn 色图人妻斩 三级黄图片欣赏 wwwjizzluolicom 恐怖十八禁ftp 偷拍女士推油 南美熟妇视频 郭碧婷一级片 东京热哥哥妹妹 肏妹玩肏我呀 淫淫hhhh 720lu自拍www820qqcc 97色色强奸电子书 生孩子视频色色 两只角头上插着叶子 kangavhaole001com 欧美母子乱伦影视先锋资源 美女与动物乱伦 骚妇狠狠操插 欧美色图凌辱 wwwva6nt8wcn 姐姐精品播放器 日本成人黄色六级片 成人动漫淫乱乱伦强奸 吉吉影音乱伦小说 干亚洲女孩 东南亚老母猪15p 久久欧美视频aa0ecom 日本邪恶电影在线观看网 wwwseqingwangzcom av天堂松岛枫 欧美图片偷拍图片区勃起 骚逼逼撸 50岁女快播电影 久草热这里只有精品网 货车司机轮奸 影音先锋色谔谔 性趣阁论坛地址一 陈人日韩短片在线免费观看 伦理片伦理聚合网站 色人谷色小姐 毛毛生活片 偷拍自拍亚洲女同 亚欧淫色 jipinseyinyuan 操美女NB 内射轮奸男女小说 一楼一凤影音 老狼网最新网站 求最新簧片软件 欧美胖妞性爱电影 美国x级片女优 亚洲小说另类人妖 5252avavw我爱好色 亚洲色图偷拍自拍wwwssyy555com 亚图片综合网 大爷操影院院18k 男人插美女护士私处视频 林志玲假期去基地色图 13岁少女阴帝的图片 黄色录像同性恋口交 亚洲小说图片偷拍电影下载区 日本无毛少女逼图片 被黑人轮奸好爽 小美女的毛真多东方av 性侵人妻小说 操60老太逼对白 日本空姐艺术丝袜图片 95后大鸡巴 星戒有声小说 亮剑有声小说 有声小说小仙儿 寻春色 春色括号 春色龙 樱井莉亚跳舞 小泽玛利亚女王 小泽玛利亚msn 小泽玛利亚现今 小泽玛利亚luozhao 跪求一个h网 www.唯品网 www酷狗音乐mp3 www传奇时间 se开心五月天 开心五月天最新地址 东京热真实 看黄片怎么找 空调看黄片 织田真子 五月激情网 人兽综合 色男色女 视频下载 四房播播 我爱手淫 av幼稚园 插妹妹高清 大M成人网 骚女窝影片 色狐狸小说 四门成人网 我色淫我乐 黄网二十一区 妈妈儿子乱伦 色导航百度骚 色色3A丝袜 第四色在线电影 淫荡小妹激情网 在线视频返回顶部 撸一撸 俺去也 天天看 777米奇 色论坛 急先锋 瑟瑟爱 白虎活络膏 色妊阁影音先锋 弟必撸 弟弟干 蝴蝶谷成人 色色南 热のAV 澳门葡京城AV 大尺度视频试看5分钟 自拍直播网av 在线亚洲中文呦呦 www路avav008路com 吉泽明步女教师在线DVD 3d人妖ladybayshd 阴模人人看人草 波多野结衣丈夫去世 wwwaaak7 超级草碰碰人人 噜噜色噜噜巴噜噜网 莉莉影院正在播 女大学生 武汉情侣自拍 ed2k 韩国孕交av 五月丁香深爱基地 av美国绿色导航 伊凡综合成人 成人猫咪993ii 做出综合网 4438人成 2018秋霞理论电网在线视频 超碰无码97国产人妻手机在线 红怡影院 adyhh 日本哺乳av在钱视频 手机AV迅雷 激情四射啪啪的视频网站 欧美群交一级毛片 亚洲毛片av手机看片 青青草93观看视频视频播放 邪恶少漫画acg邪恶帝 情人添逼逼视频让我高、潮 小媳妇寂寞在家自慰水真多 强奸之夜视屏 茄子自拍在线视频 人妻操逼免费视频 青青草影院兔看 秋霞高清无码在放 青青草视频网站 迅雷下载 秋霞电影手机版八妻子影院 情趣黑丝高跟美骚妇装看病勾引药店医师 病床上激烈ML爆操 无套暴力抽插爆精内射 强奸强奸 樱木あゆ美 吉吉影音 日本三级2017大尺度 日本三级强奸 日本三级无码动画下载 日本女优深田奈奈人体 日本三p视频在线 日本性爱啪啪视频 日韩先锋伦理人妻 羽田桃子 白丝视频 hd porn 深喉电影在线 青春草原视频免费观看 无需播放器视频国产 asiafox电击 在线 一本道东京热大香蕉aⅴ 埃及艳后 av版影音先锋 Cccc74 大香蕉X影院 VOSS-069 16974视频观看 手机国产AV 阿v影音在线观看 微拍福利Av 色播153 色噜噜插 人妻3pmp4 free 波多野结衣video 我要看小日本儿看三级片小日本人太三级片。 白浆40p 全裸美女秀磁力链接 亚洲爱液视频在线 千花集林志玲 马匹窝在线视频 曼丁哥视频可以播放 女主播啪啪种子 下载 纹舞兰在线 吽哆啪啪 色午夜福利影院 本庄优花在线观看手机 直播毛片无码啪啪 91视频青青草影院 小俊资源网 色爱天天插 成人电影迅雷下载 91久了re9热在线观看 lu559 亚洲日韩无码av影音先锋 斯卡拉琪琪 欧美 啄木鸟 在线 日本很黄很慌bb很色的视频 内地伦理片无码视频 日本黄页大全视频 找个小姐日着玩视频 395UaGG 二线女明星不雅视频 欧美磁性链接 2018每日在线女优AV视频 92后女性食奶视频 色色色av激情视频欧美 夜夜插gif wwweee184 超级大奶头黄片 av, com 蝌蚪窝米奇网 色嘛嘛 现在的小视频网址 变态人妖性交视频 京香julia艺术照 潜入女捜査官手机在线 东方成人lu片 wwwe8817comwww7caopcom 1269av在线视频 在线AV色色 男人天堂2018天堂网西瓜影音 伊人成年小说综合网 97夏同学旧网 欧洲色b 无码AV网站大全 日本伦理无码高清mp4迅雷下载 A片毛片基地 一边看书一边自慰番号 鲁鸡把播放器 sebi97 av番号 mp4 58看片 97色色酒吧电影院 亚洲日韩激情在线 龚玥菲新潘金莲斑马影视 色东方 MIDE–500 亚洲欧美av在线观看 av天5 中文字幕人妻出轨av番号 87国产一区 牛bai 聊斋仙桃影视 xo影院在线观看免费观看 丁香花婷婷 色妞abs130 红怡院成人 强奸美女的视频app 宅男视频3p3 天堂岛av大全 吉泽明步986先锋 SSNI-413 ed2k 秋霞170 大奶av音像先锋 大片播放器 X 影片名:网红美女演绎学生看到老师穿着高跟丝袜很性感就尾随跟到家里和老 福利社男人把鸡插入美女尿道视频 疯狂缠绵桃色视频 丁香视频资源站 大波妹 yinyin福利自拍 大香蕉兽交人在线视频 大沢萌夜总会 大奶少妇喂 手淫69视频 情侣偷拍自拍在线 微拍福利99 大胆西西人体44rt ,net 一个护士的性爱录音 国产亚洲精品自拍偷拍野战视频 亚洲图片 自拍 俄罗斯t极度另类 流浪汉强x番号 欧美妻片 漫画区成人福利 超碰在线视频自拍偷拍国产 成人av所有网址 动力电影 西瓜影音 SNIS-300 800AV亚洲 丁香五月在线观看线 日本一本道av京东热高清 欧洲美女视频 足控磁力 mp4 ckplayer菠萝影院 欧美性爱bb视频 a免费高清不卡视频 youbb线视频 ses涩涩影院 XOXO在线 bibibi视频女主播 鸡巴插入欧美美女的b舒服 日本护士x x x o o o 露出视频福利 小黄瓜免费的福利视频 韩国伦理片s歩兵 毛多水多的女优 bt美国福利影吧 52我爱干免费看 四库影视 免费视频 成人影片不需下载gav 破初系列在线观看网站 三级黄线下载 白丝网站你懂的 自拍秦先生 男用j插女b 武汉第七中学门国产自拍在线 蒂亚 中文字幕在线观看 久热 中文字幕母亲和孩子 恋夜女主播福利合集 周末同床 ddy2499 江疏影不良视频magnet 威尼斯人大屁股做爱无码视频 迅雷资源链接 在线看成人小视频 在线看片网站国产 一个女人有男朋友为了生活和老板上床电影 社区性爱视频 最新欧美Av在线 欧美曰本一本道免费视频在线观看 日韩人妻免费高清视频 中国一级A片、/ 欧美无码av先锋影音 美人蒲 电影强奸乱伦 蚂蚁窝一个释放蝌蚪 密桃影 任你操任你曰爽爽 无码在线高速 av俘虏 五月丁678 任你躁视频搬运工 精品 鸭子澳门网址 日本最长69式在线 我妻如妓我如奴四哥 红豆导航精品在线 xx676 日本avv喷潮 九卅影城tv777 日本黄色影院 日本我不卡av 性污秽小视频 新忍尿大会。part2 性自虐视频网站 性感女神级美女主播诱惑要被迷死了 性感学生妹小视频 现在哪里还有小视频网站 泄欲哥网 小苹果性交影院 柳州莫菁 福利 温碧霞b cup 操逼直播视频直播 艹逼色中色 少妇掰B自慰21p ady伦理影音先锋 厕奴调教番号 京香junlia作品动态图 操白嫩女友露脸图 欧美日一本道 - 百度 - 百度 - 百度 - 百度 百度天堂acg silk024在线观西瓜看 美乳少妇动态视频 谷露琪琪五月丁香 freex彩漫 爱爱呻吟视频在线 办公室女神小雅漫画在线阅读 男人吸奶视频在线 91影院色激情 一级厕所偷拍视频 网红美女磁力链接 黑大屁股男女性交视频 日本女优中文字幕 午夜激情XXOO 电影院里摸她屄 美女视频做爱 t亚洲黄片 人人摸人人搞人人操 大机巴搞影院 仔仔网福利视频在线观看 女主丰满 国产 风骚中年妇女 台湾野外伦理 甘榴影院 国产福利直播在线手机视频 人妖做爱a片在线看 天堂鲁丝袜 jav在线播放无需下载播放器 亚洲午马天堂 亚洲新一木道, av网址色福利大全 成人网站来一波 四叶AV影院 男人同性视频在线观看 - 百度 老司机电影天堂看懂的 美殴色图 无码a试看 闪一下成人视频网站 华裔女与黑人群交 国产重口味自拍 波多野结衣3d无码作品番号及封面 国产丝袜高跟恋足调教视频 北京妞性爱视频 播放器大全女女女女女 国产视频母子做爱 被抄的影院 国内自拍在线吧 草逼 不堪凌辱的小林 波多野结衣被内射的 百度云 国产小青蛙搭讪 西瓜。 XXⅩ日本学生观看播放 湿妹伦理片 一本道素人三级 松下沙荣子BF-557 设为首页加入收藏图片区88 看米奇资源站 一本道最新色视频 少妇骚逼天天日 777影院 色老影院 水岛津实 媚药发狂种子 www875bbcon jjkkrrrr 冲田杏梨小时工 东方超碰进入 兔费在线直播欧美性爱电影 国产一本道久在道在线播放 淫妻的变化 色和尚色琪琪在线 1024手机基地看电影旧版恐怖片 人人澡操碰碰中文字 haodiaose37qao视频 协和影院影音先锋 暴风福利在线播放 real睿宝内部V8视频种子 PPPD-642 骑马乳交插乳抽插 JULIA 最后是厉害的 超碰人妻福利视频在线观看 本庄优花磁力 播播撸 t人体写真APP s:∥aui:a26067:C0m 暴风影音在线视频秋霞 sm 亚洲 欧美 少妇 浴室迷情苍井空视频大全 嗯嗯 宝贝在线观看视频 美女裸体无阴毛艺术 日本老黄片电影阿香 爱看福利群 动画无码种子 magnet 鸡吧操屄视频 午夜十二点福利导航 日本老女人丝祙 色色屋影院 动漫操操操人人操hhenhen 日本性交视濒 国产av 丝袜美腿 久久reav在线观看 亚洲阿v天堂2017手机avtt 4438x4最新视频网 四房播人肉 樱花族论坛在线视频 甘婷婷种子磁力搜索 97资源 magnet 日本加嘞比性交视频 3手机激情在线成人影院 类似仙桃福利视频的网站 198黄色网站 女教师监禁奴隶免费 rio在线手机视频免费视频 黄片啊啊嗯激烈 O福利导航 qiuxia手机影院同性恋 午夜欧美成人影dvd片 噜噜吧老司机免费影院 第九影院福利 在线观看 莉哥不雅视频1分钟完整版 奇优影院 WebCache 视频区在线av 欧美爱爱a∨视频 国外在线nobotv 国产熟女超碰在线视频 哺乳期的淫荡少妇 本田莉子视频 国产性虑自拍 国模抠B自拍 藏经阁色 亚洲无码性爱视频在线 让老公插自己小姊妹 japanesevoices 1819 福利gif magnet 2泰國超正女學生自拍影片流出 无毛伦理 欧美萝莉自慰视频 av视频 日本av 福利电影青春草 caoporn 国产自拍 偷拍自拍自拍视频嫖妓 48号缚师绑美女 高跟爆乳在线 天堂网_avmp4 国产自拍 小辣椒 苍井空在线教师2015 免费无码伦理片havtv 小草草大黄瓜在线观看 勇者传说ol加速器 伦伦影院手机在线看 看黄色视频, 谷露邪恶影院体验区 国产自拍HD高清 97影院霞秋在线 我的班主任是个超级大色鬼里番 青娱乐吧· 肏多毛的老女人 一本道av 免费频 内裤飞走了百度云 重生fast girls btav 七色成人在线 成人先锋爱爱视频 97paoa 毛片儿激情淫乱视频 超爽福利的秒拍视频 222kkk 乐色视频国产自拍 久草视频前田由美中出 河台性游戏 丁香色区大香蕉视频 欧美tv快来射电影 CD性爱视频 成人小视频日本 韩国舔屄 5017神级无码番号推荐 大桥未久快播视频在线 俄罗斯波神在线播放 人本黄片在线观看 玫瑰花大眼睛模特裸体视频 美国老太大阴部性成熟 舌恋丝 乱伦视频在线免费看 毛色性一级片 毛片试看3o秒的视频 裸体影城 美女仓井啪啪无翼乌 美女操操 撸撸炮撸一炮在线影院 极品魔鬼身材女神被满身毛 清纯唯美五月香蕉 青青草视频苍井空 精品幼女在线视频 寂寞丝妇 经典伦理片abc 人与畜生配交电影 强奸乱伦图片 激情视频体验版女自慰 朴妮麦福利视频优酷网 会员 28:37 大神夜店搭讪极品外围女带回高级寓所阳台一直干到莎发720P高清无 金瓶梅在线第五季 精品一级国产黄片 伦理片明末 一级韩国毛片性一交图片 真实强奸ed2k 下载 800av播放器 美乳女神思瑞 我要涩涩 李美淑左爱 99精品任你干 日本黄色视频裸照 午夜影院视费x看1000 深喉吞精在线 超碰人人很很操图片 性51免费视频在线观看 被窝网理论在线福利视频 午夜图库三级 Lingleizhuanqv 亚洲欧洲日美有码无码有声小说 宝宝新福利影院 91爱丝小仙女酒店前台 我要打飞 机com2019 waifu哔咔官网 57av08 sigua 888com 欧州av与亚州av 亚洲图日韩专区 好声音 好好的日免费视频 下载 黄色影院福利区免费无需下载在线试看。 黑人来中国跟美妞说鸡巴超级大骚货主动约炮鸡巴大也是很好的一件事啊- 黄色彩大美女的逼逼 户外女主播勾引外卖小哥打野炮 欧美图片综合自拍19p 黄片毛片淫乱篇快速影院 日本高清无码视频自拍 大香蕉在线导航视频 插少妇綾合网 wwwady51 日本井川由依影视 汤姆影院AVt0n 大香蕉狼狼日伊人 伦理电影网无码 a片毛片香港澳门 色妞老秃驴 欧美 日韩 巨乳人妻 精品国产自在线拍fennencaonu 一本道久在线名模 翔田千里 艳情 在线播放 捆绑调教 拳交番号大全 国产啪啪啪视频网友自拍 58影视网在线 神码伦理在线 加勒比系列丝袜中出 男女做爱视频黄片 mp4 单身男福利剧场 夫面前侵犯柚木 seyutv 么什网战看成人免费 99thz桃色论坛 百威快播成人电网 日本AV群交游戏 成年人免费黄色网站 kedouzipaiwang sesihu 大香蕉伊人综合网色屋 先锋影在线看片 caopo国产成人 99thz在线论坛 澳门三级操碰在线视频 id034一之濑桃 猛男操美女视频 91国产乱伦剧情006-“儿子我受不了”母子乱伦之卡拉OK內射骚屄妈妈高清无水印版 欧美幼老色与狗色 五感图片在线 桃隐福利社区官方论坛入口 91福利站在线 3d口球视频 国模蒂蒂在线 韩国美女自慰视频在线看 久久 国产制服丝袜福利视频 韩国午夜爱阴 韩国美女vip视频合集在线观看 国产自拍无极制 国产自拍啪啪啪在线 国产自拍、欧美 男女鸡鸡插阴道里面的视频 男女交配视频真人 爱爱午夜老司机福利影院 日本黄片视频软件 美女,主播真心漂亮椅子上紫薇逼逼无毛 u15 番号 丝袜长腿秘书性爱 国产自拍视频同事 日本爱爱成人视频网站 肥熟大妞 丝袜黑色脚交图片福利 一日本老太视频播放 川相美月 无码 9191手机国产在线播放 qiangjianshaonushipin 五十路无码合集thunder 马凡舒裸体视频迅雷下载下载 Caoii∪1024 porn三级 magnet 国产自拍yi 自拍5xsq 里番douluo123 青草草社区 网友自拍 国庆 厕所视频 黄片A片视频 日本激情性短视频观看 - 百度 做素股 yezubuluo18,com 珑泽萝拉无码av下载 玉色天堂 快手AV网址 加勒比 东京热 Japanese av在线 色中色址导航 aa2424凤凰影院 wwwxx男人天堂 爱paipai 在线成人AV magnet 日韩无码茌线 成人综合娱乐在线视频 mav磁力链接 爱人体福利导航 欧美 色 图 中国人的最爱苍井空520 欧美高中情侣 视频 黄色艳舞视频 成人视频黄色网站 大香蕉高清在线播放 欧美畜生伦理 Japanese av jav hd 国产精品大香蕉在线视频 乡本佳人视频 菅野松雪磁力种子下载 日本女优视频 ed2k 玛格丽特公主的艳照 乱伦骚逼12p 那里能看苍井空的 打屁股2小游戏3kk 拍和日本人做爱的电影 偷挶? 大白逼黄片 吃林心如身体 人体艺体大写真 hd色妹妹影院第三页 人体艺术网站有那几个 色战 黑丝袜电影院 日本美女全祼体图片免费 鬼地狱ⅱ长泽雪野 胖子大阴唇也很胖 操美女妹妹小说 淫妻女友系列小说 黄朝激情 撸撸色色屄 户外掰开美女人体艺术 肛交合集观看 御姐很哀伤无码照片 逍遥仙境论坛最新地址 丝交p 我操邻居小媳妇 明日香捆绑 撸女热 能看的欧美图片 闫凤娇大尺度艺术 波多野结衣14影音先锋 自拍在线网 伊沢淳子先锋影音