PKG_NAME:=haproxy
PKG_VERSION:=1.5.1
-PKG_RELEASE:=21
+PKG_RELEASE:=25
PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
PKG_MD5SUM:=49640cf3ddd793a05fbd3394481a1ed4
--- /dev/null
+From 911780c5f0e20760164cb0f9b92318185651237c Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Thu, 10 Jul 2014 15:29:24 +0200
+Subject: [PATCH 22/25] DOC: minor fix on {sc,src}_kbytes_{in,out}
+
+These ones report total amount of bytes, not byte rates.
+This fix should be backported into 1.5 which has the same error.
+(cherry picked from commit a01b974d5f5a067d99f288dcb3e05b78fe780a76)
+---
+ doc/configuration.txt | 35 ++++++++++++++++-------------------
+ 1 file changed, 16 insertions(+), 19 deletions(-)
+
+diff --git a/doc/configuration.txt b/doc/configuration.txt
+index 8407500..b6d1b3b 100644
+--- a/doc/configuration.txt
++++ b/doc/configuration.txt
+@@ -10386,19 +10386,17 @@ sc_kbytes_in(<ctr>[,<table>]) : integer
+ sc0_kbytes_in([<table>]) : integer
+ sc1_kbytes_in([<table>]) : integer
+ sc2_kbytes_in([<table>]) : integer
+- Returns the amount of client-to-server data from the currently tracked
+- counters, measured in kilobytes over the period configured in the table. The
+- test is currently performed on 32-bit integers, which limits values to 4
+- terabytes. See also src_kbytes_in.
++ Returns the total amount of client-to-server data from the currently tracked
++ counters, measured in kilobytes. The test is currently performed on 32-bit
++ integers, which limits values to 4 terabytes. See also src_kbytes_in.
+
+ sc_kbytes_out(<ctr>[,<table>]) : integer
+ sc0_kbytes_out([<table>]) : integer
+ sc1_kbytes_out([<table>]) : integer
+ sc2_kbytes_out([<table>]) : integer
+- Returns the amount of server-to-client data from the currently tracked
+- counters, measured in kilobytes over the period configured in the table. The
+- test is currently performed on 32-bit integers, which limits values to 4
+- terabytes. See also src_kbytes_out.
++ Returns the total amount of server-to-client data from the currently tracked
++ counters, measured in kilobytes. The test is currently performed on 32-bit
++ integers, which limits values to 4 terabytes. See also src_kbytes_out.
+
+ sc_sess_cnt(<ctr>[,<table>]) : integer
+ sc0_sess_cnt([<table>]) : integer
+@@ -10562,19 +10560,18 @@ src_inc_gpc0([<table>]) : integer
+ tcp-request connection reject if abuse kill
+
+ src_kbytes_in([<table>]) : integer
+- Returns the amount of data received from the incoming connection's source
+- address in the current proxy's stick-table or in the designated stick-table,
+- measured in kilobytes over the period configured in the table. If the address
+- is not found, zero is returned. The test is currently performed on 32-bit
+- integers, which limits values to 4 terabytes. See also
+- sc/sc0/sc1/sc2_kbytes_in.
++ Returns the total amount of data received from the incoming connection's
++ source address in the current proxy's stick-table or in the designated
++ stick-table, measured in kilobytes. If the address is not found, zero is
++ returned. The test is currently performed on 32-bit integers, which limits
++ values to 4 terabytes. See also sc/sc0/sc1/sc2_kbytes_in.
+
+ src_kbytes_out([<table>]) : integer
+- Returns the amount of data sent to the incoming connection's source address
+- in the current proxy's stick-table or in the designated stick-table, measured
+- in kilobytes over the period configured in the table. If the address is not
+- found, zero is returned. The test is currently performed on 32-bit integers,
+- which limits values to 4 terabytes. See also sc/sc0/sc1/sc2_kbytes_out.
++ Returns the total amount of data sent to the incoming connection's source
++ address in the current proxy's stick-table or in the designated stick-table,
++ measured in kilobytes. If the address is not found, zero is returned. The
++ test is currently performed on 32-bit integers, which limits values to 4
++ terabytes. See also sc/sc0/sc1/sc2_kbytes_out.
+
+ src_port : integer
+ Returns an integer value corresponding to the TCP source port of the
+--
+1.8.5.5
+
--- /dev/null
+From 644d9ef5af4f8010412007374c345f7465c97391 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Thu, 10 Jul 2014 16:29:08 +0200
+Subject: [PATCH 23/25] DOC: fix alphabetical sort of converters
+
+For an unknown reason, these ones were not sorted.
+(cherry picked from commit ffcb2e4b42acd710121a57eb39651a373d904e5b)
+---
+ doc/configuration.txt | 32 ++++++++++++++++----------------
+ 1 file changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/doc/configuration.txt b/doc/configuration.txt
+index b6d1b3b..f8199b9 100644
+--- a/doc/configuration.txt
++++ b/doc/configuration.txt
+@@ -9887,28 +9887,12 @@ base64
+ transfer binary content in a way that can be reliably transferred (eg:
+ an SSL ID can be copied in a header).
+
+-lower
+- Convert a string sample to lower case. This can only be placed after a string
+- sample fetch function or after a transformation keyword returning a string
+- type. The result is of type string.
+-
+-upper
+- Convert a string sample to upper case. This can only be placed after a string
+- sample fetch function or after a transformation keyword returning a string
+- type. The result is of type string.
+-
+ hex
+ Converts a binary input sample to an hex string containing two hex digits per
+ input byte. It is used to log or transfer hex dumps of some binary input data
+ in a way that can be reliably transferred (eg: an SSL ID can be copied in a
+ header).
+
+-ipmask(<mask>)
+- Apply a mask to an IPv4 address, and use the result for lookups and storage.
+- This can be used to make all hosts within a certain mask to share the same
+- table entries and as such use the same server. The mask can be passed in
+- dotted form (eg: 255.255.255.0) or in CIDR form (eg: 24).
+-
+ http_date([<offset>])
+ Converts an integer supposed to contain a date since epoch to a string
+ representing this date in a format suitable for use in HTTP header fields. If
+@@ -9917,6 +9901,12 @@ http_date([<offset>])
+ emit Date header fields, Expires values in responses when combined with a
+ positive offset, or Last-Modified values when the offset is negative.
+
++ipmask(<mask>)
++ Apply a mask to an IPv4 address, and use the result for lookups and storage.
++ This can be used to make all hosts within a certain mask to share the same
++ table entries and as such use the same server. The mask can be passed in
++ dotted form (eg: 255.255.255.0) or in CIDR form (eg: 24).
++
+ language(<value>[,<default>])
+ Returns the value with the highest q-factor from a list as extracted from the
+ "accept-language" header using "req.fhdr". Values with no q-factor have a
+@@ -9944,6 +9934,11 @@ language(<value>[,<default>])
+ use_backend english if en
+ default_backend choose_your_language
+
++lower
++ Convert a string sample to lower case. This can only be placed after a string
++ sample fetch function or after a transformation keyword returning a string
++ type. The result is of type string.
++
+ map(<map_file>[,<default_value>])
+ map_<match_type>(<map_file>[,<default_value>])
+ map_<match_type>_<output_type>(<map_file>[,<default_value>])
+@@ -10001,6 +9996,11 @@ map_<match_type>_<output_type>(<map_file>[,<default_value>])
+ | `---------------------------- key
+ `------------------------------------ leading spaces ignored
+
++upper
++ Convert a string sample to upper case. This can only be placed after a string
++ sample fetch function or after a transformation keyword returning a string
++ type. The result is of type string.
++
+
+ 7.3.2. Fetching samples from internal states
+ --------------------------------------------
+--
+1.8.5.5
+
--- /dev/null
+From 5bebcd06287be9024f0fba25f350393f02e050c1 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Thu, 10 Jul 2014 19:06:10 +0200
+Subject: [PATCH 24/25] BUG/MAJOR: http: correctly rewind the request body
+ after start of forwarding
+
+Daniel Dubovik reported an interesting bug showing that the request body
+processing was still not 100% fixed. If a POST request contained short
+enough data to be forwarded at once before trying to establish the
+connection to the server, we had no way to correctly rewind the body.
+
+The first visible case is that balancing on a header does not always work
+on such POST requests since the header cannot be found. But there are even
+nastier implications which are that http-send-name-header would apply to
+the wrong location and possibly even affect part of the request's body
+due to an incorrect rewinding.
+
+There are two options to fix the problem :
+ - first one is to force the HTTP_MSG_F_WAIT_CONN flag on all hash-based
+ balancing algorithms and http-send-name-header, but there's always a
+ risk that any new algorithm forgets to set it ;
+
+ - the second option is to account for the amount of skipped data before
+ the connection establishes so that we always know the position of the
+ request's body relative to the buffer's origin.
+
+The second option is much more reliable and fits very well in the spirit
+of the past changes to fix forwarding. Indeed, at the moment we have
+msg->sov which points to the start of the body before headers are forwarded
+and which equals zero afterwards (so it still points to the start of the
+body before forwarding data). A minor change consists in always making it
+point to the start of the body even after data have been forwarded. It means
+that it can get a negative value (so we need to change its type to signed)..
+
+In order to avoid wrapping, we only do this as long as the other side of
+the buffer is not connected yet.
+
+Doing this definitely fixes the issues above for the requests. Since the
+response cannot be rewound we don't need to perform any change there.
+
+This bug was introduced/remained unfixed in 1.5-dev23 so the fix must be
+backported to 1.5.
+(cherry picked from commit bb2e669f9e73531ac9cc9277b40066b701eec918)
+---
+ doc/internals/body-parsing.txt | 20 +++++++++++++-------
+ include/types/proto_http.h | 11 ++++++-----
+ src/proto_http.c | 9 +++++++--
+ 3 files changed, 26 insertions(+), 14 deletions(-)
+
+diff --git a/doc/internals/body-parsing.txt b/doc/internals/body-parsing.txt
+index e9c8b4b..5baa549 100644
+--- a/doc/internals/body-parsing.txt
++++ b/doc/internals/body-parsing.txt
+@@ -67,12 +67,17 @@ msg.next : points to the next byte to inspect. This offset is automatically
+ automatically adjusted to the number of bytes already inspected.
+
+ msg.sov : start of value. First character of the header's value in the header
+- states, start of the body in the data states until headers are
+- forwarded. This offset is automatically adjusted when inserting or
+- removing some headers. In data states, it always constains the size
+- of the whole HTTP headers (including the trailing CRLF) that needs
+- to be forwarded before the first byte of body. Once the headers are
+- forwarded, this value drops to zero.
++ states, start of the body in the data states. Strictly positive
++ values indicate that headers were not forwarded yet (<buf.p> is
++ before the start of the body), and null or positive values are seen
++ after headers are forwarded (<buf.p> is at or past the start of the
++ body). The value stops changing when data start to leave the buffer
++ (in order to avoid integer overflows). So the maximum possible range
++ is -<buf.size> to +<buf.size>. This offset is automatically adjusted
++ when inserting or removing some headers. It is useful to rewind the
++ request buffer to the beginning of the body at any phase. The
++ response buffer does not really use it since it is immediately
++ forwarded to the client.
+
+ msg.sol : start of line. Points to the beginning of the current header line
+ while parsing headers. It is cleared to zero in the BODY state,
+@@ -97,7 +102,8 @@ msg.eol : end of line. Points to the CRLF or LF of the current header line
+ states nor by forwarding.
+
+ The beginning of the message headers can always be found this way even after
+-headers have been forwarded :
++headers or data have been forwarded, provided that everything is still present
++in the buffer :
+
+ headers = buf.p + msg->sov - msg->eoh - msg->eol
+
+diff --git a/include/types/proto_http.h b/include/types/proto_http.h
+index 12e1141..c53c7fd 100644
+--- a/include/types/proto_http.h
++++ b/include/types/proto_http.h
+@@ -329,7 +329,8 @@ enum {
+ * message or a response message.
+ *
+ * The values there are a little bit obscure, because their meaning can change
+- * during the parsing :
++ * during the parsing. Please read carefully doc/internal/body-parsing.txt if
++ * you need to manipulate them. Quick reminder :
+ *
+ * - eoh (End of Headers) : relative offset in the buffer of first byte that
+ * is not part of a completely processed header.
+@@ -344,9 +345,9 @@ enum {
+ * - sov (start of value) : Before HTTP_MSG_BODY, points to the value of
+ * the header being parsed. Starting from
+ * HTTP_MSG_BODY, will point to the start of the
+- * body (relative to buffer's origin), or to data
+- * following a chunk size. Thus <sov> bytes of
+- * headers will have to be sent only once.
++ * body (relative to buffer's origin). It can be
++ * negative when forwarding data. It stops growing
++ * once data start to leave the buffer.
+ *
+ * - next (parse pointer) : next relative byte to be parsed. Always points
+ * to a byte matching the current state.
+@@ -372,7 +373,7 @@ struct http_msg {
+ /* 6 bytes unused here */
+ struct channel *chn; /* pointer to the channel transporting the message */
+ unsigned int next; /* pointer to next byte to parse, relative to buf->p */
+- unsigned int sov; /* current header: start of value */
++ int sov; /* current header: start of value ; data: start of body */
+ unsigned int eoh; /* End Of Headers, relative to buffer */
+ unsigned int sol; /* start of current line during parsing otherwise zero */
+ unsigned int eol; /* end of line */
+diff --git a/src/proto_http.c b/src/proto_http.c
+index 4a862b0..94afed7 100644
+--- a/src/proto_http.c
++++ b/src/proto_http.c
+@@ -5315,7 +5315,7 @@ int http_request_forward_body(struct session *s, struct channel *req, int an_bit
+ * an "Expect: 100-continue" header.
+ */
+
+- if (msg->sov) {
++ if (msg->sov > 0) {
+ /* we have msg->sov which points to the first byte of message
+ * body, and req->buf.p still points to the beginning of the
+ * message. We forward the headers now, as we don't need them
+@@ -5429,6 +5429,8 @@ int http_request_forward_body(struct session *s, struct channel *req, int an_bit
+ * such as last chunk of data or trailers.
+ */
+ b_adv(req->buf, msg->next);
++ if (unlikely(!(s->rep->flags & CF_READ_ATTACHED)))
++ msg->sov -= msg->next;
+ msg->next = 0;
+
+ /* for keep-alive we don't want to forward closes on DONE */
+@@ -5479,6 +5481,9 @@ int http_request_forward_body(struct session *s, struct channel *req, int an_bit
+ missing_data:
+ /* we may have some pending data starting at req->buf->p */
+ b_adv(req->buf, msg->next);
++ if (unlikely(!(s->rep->flags & CF_READ_ATTACHED)))
++ msg->sov -= msg->next + MIN(msg->chunk_len, req->buf->i);
++
+ msg->next = 0;
+ msg->chunk_len -= channel_forward(req, msg->chunk_len);
+
+@@ -6493,7 +6498,7 @@ int http_response_forward_body(struct session *s, struct channel *res, int an_bi
+ /* in most states, we should abort in case of early close */
+ channel_auto_close(res);
+
+- if (msg->sov) {
++ if (msg->sov > 0) {
+ /* we have msg->sov which points to the first byte of message
+ * body, and res->buf.p still points to the beginning of the
+ * message. We forward the headers now, as we don't need them
+--
+1.8.5.5
+
--- /dev/null
+From 94fb38fbb77e664e4f41343257a26ae5bab40d1d Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Thu, 10 Jul 2014 20:24:25 +0200
+Subject: [PATCH 25/25] DOC: remove references to CPU=native in the README
+
+Certain compilers running in virtualized environments may produce code
+that the same processor cannot execute with -march=native, either because
+of hypervisor bugs reporting wrong CPU features, or because of compiler
+bugs forgetting to check CPU features. So better stop recommending this
+combination so that users don't get trapped anymore.
+(cherry picked from commit 817dad50b02d1a82d495dfea4eab9e3a91127391)
+---
+ README | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/README b/README
+index 0ef0179..e2b8570 100644
+--- a/README
++++ b/README
+@@ -53,8 +53,9 @@ one of the following choices to the CPU variable :
+ - i686 for intel PentiumPro, Pentium 2 and above, AMD Athlon
+ - i586 for intel Pentium, AMD K6, VIA C3.
+ - ultrasparc : Sun UltraSparc I/II/III/IV processor
+- - native : use the build machine's specific processor optimizations
+- - generic : any other processor or no specific optimization. (default)
++ - native : use the build machine's specific processor optimizations. Use with
++ extreme care, and never in virtualized environments (known to break).
++ - generic : any other processor or no CPU-specific optimization. (default)
+
+ Alternatively, you may just set the CPU_CFLAGS value to the optimal GCC options
+ for your platform.
+@@ -132,11 +133,11 @@ And I build it this way on OpenBSD or FreeBSD :
+
+ And on a classic Linux with SSL and ZLIB support (eg: Red Hat 5.x) :
+
+- $ make TARGET=linux26 CPU=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
++ $ make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
+
+ And on a recent Linux >= 2.6.28 with SSL and ZLIB support :
+
+- $ make TARGET=linux2628 CPU=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
++ $ make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
+
+ In order to build a 32-bit binary on an x86_64 Linux system with SSL support
+ without support for compression but when OpenSSL requires ZLIB anyway :
+--
+1.8.5.5
+
projects / feed / packages.git / commitdiff