include $(TOPDIR)/rules.mk
PKG_NAME:=haproxy
-PKG_VERSION:=1.5.1
-PKG_RELEASE:=25
+PKG_VERSION:=1.5.2
+PKG_RELEASE:=02
PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
-PKG_MD5SUM:=49640cf3ddd793a05fbd3394481a1ed4
+PKG_MD5SUM:=e854fed32ea751d6db7f366cb910225a
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
PKG_LICENSE:=GPL-2.0
+++ /dev/null
-From c1fbbd4a3dd480b4eebbd8b32ca6cdf08791477a Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Tue, 24 Jun 2014 17:27:02 +0200
-Subject: [PATCH] BUG/MEDIUM: http: fetch "base" is not compatible with
- set-header
-
-The sample fetch function "base" makes use of the trash which is also
-used by set-header/add-header etc... everything which builds a formated
-line. So we end up with some junk in the header if base is in use. Let's
-fix this as all other fetches by using a trash chunk instead.
-
-This bug was reported by Baptiste Assmann, and also affects 1.5.
-(cherry picked from commit 3caf2afabe89fb0ef0886cd1d8ea99ef21ec3491)
----
- src/proto_http.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/proto_http.c b/src/proto_http.c
-index 231d49a..5321f7d 100644
---- a/src/proto_http.c
-+++ b/src/proto_http.c
-@@ -10247,6 +10247,7 @@ smp_fetch_base(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
- struct http_txn *txn = l7;
- char *ptr, *end, *beg;
- struct hdr_ctx ctx;
-+ struct chunk *temp;
-
- CHECK_HTTP_MESSAGE_FIRST();
-
-@@ -10255,9 +10256,10 @@ smp_fetch_base(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
- return smp_fetch_path(px, l4, l7, opt, args, smp, kw);
-
- /* OK we have the header value in ctx.line+ctx.val for ctx.vlen bytes */
-- memcpy(trash.str, ctx.line + ctx.val, ctx.vlen);
-+ temp = get_trash_chunk();
-+ memcpy(temp->str, ctx.line + ctx.val, ctx.vlen);
- smp->type = SMP_T_STR;
-- smp->data.str.str = trash.str;
-+ smp->data.str.str = temp->str;
- smp->data.str.len = ctx.vlen;
-
- /* now retrieve the path */
---
-1.8.5.5
-
--- /dev/null
+From a124eb6d7838eff2c52cc9bf027594c11e87fae9 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Sat, 12 Jul 2014 17:31:07 +0200
+Subject: [PATCH 1/2] DOC: mention that Squid correctly responds 400 to PPv2
+ header
+
+Amos reported that Squid builds 3.5.0.0_20140624 and 3.5.0.0_20140630
+were confirmed to respond correctly here and that any version will do
+the same.
+(cherry picked from commit 9e1382002aa1ba12dcc637870befd077ff887aad)
+---
+ doc/proxy-protocol.txt | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/doc/proxy-protocol.txt b/doc/proxy-protocol.txt
+index a2dbcea..a3925a4 100644
+--- a/doc/proxy-protocol.txt
++++ b/doc/proxy-protocol.txt
+@@ -692,6 +692,7 @@ presented, even with minimal implementations :
+ - thttpd 2.20c : 400 Bad Request + abort => pass/optimal
+ - mini-httpd-1.19 : 400 Bad Request + abort => pass/optimal
+ - haproxy 1.4.21 : 400 Bad Request + abort => pass/optimal
++ - Squid 3 : 400 Bad Request + abort => pass/optimal
+ - SSL :
+ - stud 0.3.47 : connection abort => pass/optimal
+ - stunnel 4.45 : connection abort => pass/optimal
+--
+1.8.5.5
+
+++ /dev/null
-From 4910098653e356f814924663b4ddf71c971a71d6 Mon Sep 17 00:00:00 2001
-From: Emeric Brun <ebrun@haproxy.com>
-Date: Tue, 24 Jun 2014 18:26:41 +0200
-Subject: [PATCH 2/6] BUG/MINOR: ssl: Fix external function in order not to
- return a pointer on an internal trash buffer.
-
-'ssl_sock_get_common_name' applied to a connection was also renamed
-'ssl_sock_get_remote_common_name'. Currently, this function is only used
-with protocol PROXYv2 to retrieve the client certificate's common name.
-A further usage could be to retrieve the server certificate's common name
-on an outgoing connection.
-(cherry picked from commit 0abf836ecb32767fa1f9ad598f3e236e073491bd)
----
- include/proto/ssl_sock.h | 2 +-
- src/connection.c | 5 ++---
- src/ssl_sock.c | 23 +++++++++++------------
- 3 files changed, 14 insertions(+), 16 deletions(-)
-
-diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h
-index 0902fde..3e111cd 100644
---- a/include/proto/ssl_sock.h
-+++ b/include/proto/ssl_sock.h
-@@ -52,7 +52,7 @@ const char *ssl_sock_get_cipher_name(struct connection *conn);
- const char *ssl_sock_get_proto_version(struct connection *conn);
- char *ssl_sock_get_version(struct connection *conn);
- int ssl_sock_get_cert_used(struct connection *conn);
--char *ssl_sock_get_common_name(struct connection *conn);
-+int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *out);
- unsigned int ssl_sock_get_verify_result(struct connection *conn);
- #ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
- int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err);
-diff --git a/src/connection.c b/src/connection.c
-index 0b154d8..20a911b 100644
---- a/src/connection.c
-+++ b/src/connection.c
-@@ -682,9 +682,8 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
- tlv->verify = htonl(ssl_sock_get_verify_result(remote));
- }
- if (srv->pp_opts & SRV_PP_V2_SSL_CN) {
-- value = ssl_sock_get_common_name(remote);
-- if (value) {
-- tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, strlen(value), value);
-+ if (ssl_sock_get_remote_common_name(remote, &trash) > 0) {
-+ tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, trash.len, trash.str);
- ssl_tlv_len += tlv_len;
- }
- }
-diff --git a/src/ssl_sock.c b/src/ssl_sock.c
-index 328b978..375225d 100644
---- a/src/ssl_sock.c
-+++ b/src/ssl_sock.c
-@@ -2654,21 +2654,25 @@ char *ssl_sock_get_version(struct connection *conn)
- return (char *)SSL_get_version(conn->xprt_ctx);
- }
-
--/* returns common name, NULL terminated, from client certificate, or NULL if none */
--char *ssl_sock_get_common_name(struct connection *conn)
-+/* Extract peer certificate's common name into the chunk dest
-+ * Returns
-+ * the len of the extracted common name
-+ * or 0 if no CN found in DN
-+ * or -1 on error case (i.e. no peer certificate)
-+ */
-+int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *dest)
- {
- X509 *crt = NULL;
- X509_NAME *name;
-- struct chunk *cn_trash;
- const char find_cn[] = "CN";
- const struct chunk find_cn_chunk = {
- .str = (char *)&find_cn,
- .len = sizeof(find_cn)-1
- };
-- char *result = NULL;
-+ int result = -1;
-
- if (!ssl_sock_is_ssl(conn))
-- return NULL;
-+ goto out;
-
- /* SSL_get_peer_certificate, it increase X509 * ref count */
- crt = SSL_get_peer_certificate(conn->xprt_ctx);
-@@ -2679,13 +2683,8 @@ char *ssl_sock_get_common_name(struct connection *conn)
- if (!name)
- goto out;
-
-- cn_trash = get_trash_chunk();
-- if (ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, cn_trash) <= 0)
-- goto out;
-- cn_trash->str[cn_trash->len] = '\0';
-- result = cn_trash->str;
--
-- out:
-+ result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
-+out:
- if (crt)
- X509_free(crt);
-
---
-1.8.5.5
-
--- /dev/null
+From de9789b37466c37547d8c5d52d96a9d4466eb431 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Cyril=20Bont=C3=A9?= <cyril.bonte@free.fr>
+Date: Sat, 12 Jul 2014 18:22:42 +0200
+Subject: [PATCH 2/2] DOC: fix typo in Unix Socket commands
+
+Konstantin Romanenko reported a typo in the HTML documentation. The typo is
+already present in the raw text version : the "shutdown sessions" command
+should be "shutdown sessions server".
+(cherry picked from commit e63a1eb290a1c407453dbcaa16535c85a1904f9e)
+---
+ doc/configuration.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/doc/configuration.txt b/doc/configuration.txt
+index ca21f7d..2d71555 100644
+--- a/doc/configuration.txt
++++ b/doc/configuration.txt
+@@ -13869,7 +13869,7 @@ shutdown session <id>
+ endless transfer is ongoing. Such terminated sessions are reported with a 'K'
+ flag in the logs.
+
+-shutdown sessions <backend>/<server>
++shutdown sessions server <backend>/<server>
+ Immediately terminate all the sessions attached to the specified server. This
+ can be used to terminate long-running sessions after a server is put into
+ maintenance mode, for instance. Such terminated sessions are reported with a
+--
+1.8.5.5
+
+++ /dev/null
-From c177ea7187bc1918a1900c1b0e3fc67c559987a2 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Wed, 25 Jun 2014 15:36:04 +0200
-Subject: [PATCH 3/6] BUG/MINOR: counters: do not untrack counters before
- logging
-
-Baptiste Assmann reported a corner case in the releasing of stick-counters:
-we release content-aware counters before logging. In the past it was not a
-problem, but since now we can log them it, it prevents one from logging
-their value. Simply switching the log production and the release of the
-counter fixes the issue.
-
-This should be backported into 1.5.
-(cherry picked from commit d713bcc326da5d1ac80adab666d7710f3e37650c)
----
- src/proto_http.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/proto_http.c b/src/proto_http.c
-index 5321f7d..d566bcc 100644
---- a/src/proto_http.c
-+++ b/src/proto_http.c
-@@ -4808,7 +4808,6 @@ void http_end_txn_clean_session(struct session *s)
-
- s->logs.t_close = tv_ms_elapsed(&s->logs.tv_accept, &now);
- session_process_counters(s);
-- session_stop_content_counters(s);
-
- if (s->txn.status) {
- int n;
-@@ -4842,6 +4841,8 @@ void http_end_txn_clean_session(struct session *s)
- s->do_log(s);
- }
-
-+ /* stop tracking content-based counters */
-+ session_stop_content_counters(s);
- session_update_time_stats(s);
-
- s->logs.accept_date = date; /* user-visible date for logging */
---
-1.8.5.5
-
+++ /dev/null
-From a4ba9dbfc688576ffb7e0a3ce43ac0b420211bf6 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Wed, 25 Jun 2014 16:56:41 +0200
-Subject: [PATCH 4/6] BUG/MAJOR: sample: correctly reinitialize sample fetch
- context before calling sample_process()
-
-We used to only clear flags when reusing the static sample before calling
-sample_process(), but that's not enough because there's a context in samples
-that can be used by some fetch functions such as auth, headers and cookies,
-and not reinitializing it risks that a pointer of a different type is used
-in the wrong context.
-
-An example configuration which triggers the case consists in mixing hdr()
-and http_auth_group() which both make use of contexts :
-
- http-request add-header foo2 %[hdr(host)],%[http_auth_group(foo)]
-
-The solution is simple, initialize all the sample and not just the flags.
-This fix must be backported into 1.5 since it was introduced in 1.5-dev19.
-(cherry picked from commit 6c616e0b96106dd33d183afbda31e72799e967c3)
----
- src/proto_http.c | 3 +++
- src/sample.c | 5 +++--
- 2 files changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/src/proto_http.c b/src/proto_http.c
-index d566bcc..01fe62d 100644
---- a/src/proto_http.c
-+++ b/src/proto_http.c
-@@ -9748,6 +9748,9 @@ smp_prefetch_http(struct proxy *px, struct session *s, void *l7, unsigned int op
- return 1;
- }
-
-+/* Note: these functinos *do* modify the sample. Even in case of success, at
-+ * least the type and uint value are modified.
-+ */
- #define CHECK_HTTP_MESSAGE_FIRST() \
- do { int r = smp_prefetch_http(px, l4, l7, opt, args, smp, 1); if (r <= 0) return r; } while (0)
-
-diff --git a/src/sample.c b/src/sample.c
-index 9f22ef9..3a0f3fb 100644
---- a/src/sample.c
-+++ b/src/sample.c
-@@ -905,7 +905,7 @@ struct sample *sample_process(struct proxy *px, struct session *l4, void *l7,
-
- if (p == NULL) {
- p = &temp_smp;
-- p->flags = 0;
-+ memset(p, 0, sizeof(*p));
- }
-
- if (!expr->fetch->process(px, l4, l7, opt, expr->arg_p, p, expr->fetch->kw))
-@@ -1160,7 +1160,8 @@ struct sample *sample_fetch_string(struct proxy *px, struct session *l4, void *l
- {
- struct sample *smp = &temp_smp;
-
-- smp->flags = 0;
-+ memset(smp, 0, sizeof(*smp));
-+
- if (!sample_process(px, l4, l7, opt, expr, smp)) {
- if ((smp->flags & SMP_F_MAY_CHANGE) && !(opt & SMP_OPT_FINAL))
- return smp;
---
-1.8.5.5
-
+++ /dev/null
-From d008394057c4fe46ca6eb775c66cc0ff986a5495 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Wed, 25 Jun 2014 16:20:53 +0200
-Subject: [PATCH 5/6] MINOR: stick-table: make stktable_fetch_key() indicate
- why it failed
-
-stktable_fetch_key() does not indicate whether it returns NULL because
-the input sample was not found or because it's unstable. It causes trouble
-with track-sc* rules. Just like with sample_fetch_string(), we want it to
-be able to give more information to the caller about what it found. Thus,
-now we use the pointer to a sample passed by the caller, and fill it with
-the information we have about the sample. That way, even if we return NULL,
-the caller has the ability to check whether a sample was found and if it is
-still changing or not.
-(cherry picked from commit b5975defba61e7ef37ae771614166d0970ede04e)
----
- include/proto/stick_table.h | 2 +-
- src/proto_tcp.c | 4 ++--
- src/session.c | 4 ++--
- src/stick_table.c | 12 +++++++-----
- 4 files changed, 12 insertions(+), 10 deletions(-)
-
-diff --git a/include/proto/stick_table.h b/include/proto/stick_table.h
-index 0c26fbe..57ca223 100644
---- a/include/proto/stick_table.h
-+++ b/include/proto/stick_table.h
-@@ -48,7 +48,7 @@ struct stksess *stktable_lookup_key(struct stktable *t, struct stktable_key *key
- struct stksess *stktable_update_key(struct stktable *table, struct stktable_key *key);
- struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px,
- struct session *l4, void *l7, unsigned int opt,
-- struct sample_expr *expr);
-+ struct sample_expr *expr, struct sample *smp);
- int stktable_compatible_sample(struct sample_expr *expr, unsigned long table_type);
- int stktable_get_data_type(char *name);
- struct proxy *find_stktable(const char *name);
-diff --git a/src/proto_tcp.c b/src/proto_tcp.c
-index 65c4fda..1aac0d9 100644
---- a/src/proto_tcp.c
-+++ b/src/proto_tcp.c
-@@ -1027,7 +1027,7 @@ int tcp_inspect_request(struct session *s, struct channel *req, int an_bit)
- continue;
-
- t = rule->act_prm.trk_ctr.table.t;
-- key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr);
-+ key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr, NULL);
-
- if (key && (ts = stktable_get_entry(t, key))) {
- session_track_stkctr(&s->stkctr[tcp_trk_idx(rule->action)], t, ts);
-@@ -1228,7 +1228,7 @@ int tcp_exec_req_rules(struct session *s)
- continue;
-
- t = rule->act_prm.trk_ctr.table.t;
-- key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr);
-+ key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr, NULL);
-
- if (key && (ts = stktable_get_entry(t, key)))
- session_track_stkctr(&s->stkctr[tcp_trk_idx(rule->action)], t, ts);
-diff --git a/src/session.c b/src/session.c
-index e26f5ad..df85170 100644
---- a/src/session.c
-+++ b/src/session.c
-@@ -1458,7 +1458,7 @@ static int process_sticking_rules(struct session *s, struct channel *req, int an
- if (ret) {
- struct stktable_key *key;
-
-- key = stktable_fetch_key(rule->table.t, px, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->expr);
-+ key = stktable_fetch_key(rule->table.t, px, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->expr, NULL);
- if (!key)
- continue;
-
-@@ -1561,7 +1561,7 @@ static int process_store_rules(struct session *s, struct channel *rep, int an_bi
- if (ret) {
- struct stktable_key *key;
-
-- key = stktable_fetch_key(rule->table.t, px, s, &s->txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL, rule->expr);
-+ key = stktable_fetch_key(rule->table.t, px, s, &s->txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL, rule->expr, NULL);
- if (!key)
- continue;
-
-diff --git a/src/stick_table.c b/src/stick_table.c
-index c6463ec..a708d3c 100644
---- a/src/stick_table.c
-+++ b/src/stick_table.c
-@@ -601,15 +601,17 @@ static sample_to_key_fct sample_to_key[SMP_TYPES][STKTABLE_TYPES] = {
- * Process a fetch + format conversion as defined by the sample expression <expr>
- * on request or response considering the <opt> parameter. Returns either NULL if
- * no key could be extracted, or a pointer to the converted result stored in
-- * static_table_key in format <table_type>.
-+ * static_table_key in format <table_type>. If <smp> is not NULL, it will be reset
-+ * and its flags will be initialized so that the caller gets a copy of the input
-+ * sample, and knows why it was not accepted (eg: SMP_F_MAY_CHANGE is present).
- */
- struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px, struct session *l4, void *l7,
-- unsigned int opt,
-- struct sample_expr *expr)
-+ unsigned int opt, struct sample_expr *expr, struct sample *smp)
- {
-- struct sample *smp;
-+ if (smp)
-+ memset(smp, 0, sizeof(*smp));
-
-- smp = sample_process(px, l4, l7, opt, expr, NULL);
-+ smp = sample_process(px, l4, l7, opt, expr, smp);
- if (!smp)
- return NULL;
-
---
-1.8.5.5
-
+++ /dev/null
-From 86bd33a9f842caf1788b61d1f99e95f8ad866660 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Wed, 25 Jun 2014 17:01:56 +0200
-Subject: [PATCH 6/6] BUG/MEDIUM: counters: fix track-sc* to wait on unstable
- contents
-
-I've been facing multiple configurations which involved track-sc* rules
-in tcp-request content without the "if ..." to force it to wait for the
-contents, resulting in random behaviour with contents sometimes retrieved
-and sometimes not.
-
-Reading the doc doesn't make it clear either that the tracking will be
-performed only if data are already there and that waiting on an ACL is
-the only way to avoid this.
-
-Since this behaviour is not natural and we now have the ability to fix
-it, this patch ensures that if input data are still moving, instead of
-silently dropping them, we naturally wait for them to stabilize up to
-the inspect-delay. This way it's not needed anymore to implement an
-ACL-based condition to force to wait for data, eventhough the behaviour
-is not changed for when an ACL is present.
-
-The most obvious usage will be when track-sc is followed by any HTTP
-sample expression, there's no need anymore for adding "if HTTP".
-
-It's probably worth backporting this to 1.5 to avoid further configuration
-issues. Note that it requires previous patch.
-(cherry picked from commit 1b71eb581ec1637879f725421efb95ad69f0ea4f)
----
- src/proto_tcp.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/src/proto_tcp.c b/src/proto_tcp.c
-index 1aac0d9..e9dbc9c 100644
---- a/src/proto_tcp.c
-+++ b/src/proto_tcp.c
-@@ -1022,12 +1022,16 @@ int tcp_inspect_request(struct session *s, struct channel *req, int an_bit)
- * applies.
- */
- struct stktable_key *key;
-+ struct sample smp;
-
- if (stkctr_entry(&s->stkctr[tcp_trk_idx(rule->action)]))
- continue;
-
- t = rule->act_prm.trk_ctr.table.t;
-- key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr, NULL);
-+ key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ | partial, rule->act_prm.trk_ctr.expr, &smp);
-+
-+ if (smp.flags & SMP_F_MAY_CHANGE)
-+ goto missing_data;
-
- if (key && (ts = stktable_get_entry(t, key))) {
- session_track_stkctr(&s->stkctr[tcp_trk_idx(rule->action)], t, ts);
---
-1.8.5.5
-
+++ /dev/null
-From e726fd6571f684d0e92b8d97de8ca7a68d30f708 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Thu, 26 Jun 2014 08:20:38 +0200
-Subject: [PATCH 7/9] BUILD: remove TODO from the spec file and add README
-
-This used to cause a build failure since 1.5.0, as reported by
-Timothy Shelton. The proxy protocol doc was also added.
-(cherry picked from commit ca3094d0b1531ce62fc1970aa7396a01330bb5c1)
----
- examples/haproxy.spec | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/examples/haproxy.spec b/examples/haproxy.spec
-index 4ee3aa5..2fdb1a7 100644
---- a/examples/haproxy.spec
-+++ b/examples/haproxy.spec
-@@ -67,7 +67,7 @@ fi
-
- %files
- %defattr(-,root,root)
--%doc CHANGELOG TODO examples/*.cfg doc/haproxy-en.txt doc/haproxy-fr.txt doc/architecture.txt doc/configuration.txt
-+%doc CHANGELOG README examples/*.cfg doc/haproxy-en.txt doc/haproxy-fr.txt doc/architecture.txt doc/configuration.txt doc/proxy-protocol.txt
- %doc %{_mandir}/man1/%{name}.1*
-
- %attr(0755,root,root) %{_sbindir}/%{name}
---
-1.8.5.5
-
+++ /dev/null
-From b4cbc1e2227754ff384da1437e7d3448f91571b2 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Fri, 27 Jun 2014 18:08:49 +0200
-Subject: [PATCH 8/9] MINOR: log: make MAX_SYSLOG_LEN overridable at build time
-
-This value was set in log.h without any #ifndef around, so when one
-wanted to change it, a patch was needed. Let's move it to defaults.h
-with the usual #ifndef so that it's easier to change it.
-(cherry picked from commit 4e957907aa117c07214ab84ba2a58f2fc1666931)
----
- include/common/defaults.h | 4 ++++
- include/types/log.h | 1 -
- 2 files changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/include/common/defaults.h b/include/common/defaults.h
-index c53db08..0075509 100644
---- a/include/common/defaults.h
-+++ b/include/common/defaults.h
-@@ -48,6 +48,10 @@
- #define CAPTURE_LEN 64
- #endif
-
-+#ifndef MAX_SYSLOG_LEN
-+#define MAX_SYSLOG_LEN 1024
-+#endif
-+
- // maximum line size when parsing config
- #ifndef LINESIZE
- #define LINESIZE 2048
-diff --git a/include/types/log.h b/include/types/log.h
-index 8ee8d7c..b3288bd 100644
---- a/include/types/log.h
-+++ b/include/types/log.h
-@@ -28,7 +28,6 @@
- #include <common/config.h>
- #include <common/mini-clist.h>
-
--#define MAX_SYSLOG_LEN 1024
- #define NB_LOG_FACILITIES 24
- #define NB_LOG_LEVELS 8
- #define SYSLOG_PORT 514
---
-1.8.5.5
-
+++ /dev/null
-From dc2695cc531bd7fc98f09df5f6e1e57290ab1a14 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Fri, 27 Jun 2014 18:10:07 +0200
-Subject: [PATCH 9/9] MEDIUM: log: support a user-configurable max log line
- length
-
-With all the goodies supported by logformat, people find that the limit
-of 1024 chars for log lines is too short. Some servers do not support
-larger lines and can simply drop them, so changing the default value is
-not always the best choice.
-
-This patch takes a different approach. Log line length is specified per
-log server on the "log" line, with a value between 80 and 65535. That
-way it's possibly to satisfy all needs, even with some fat local servers
-and small remote ones.
-(cherry picked from commit 18324f574f349d510622ff45635de899437a3a11)
----
- doc/configuration.txt | 28 ++++++++++++++++--
- include/proto/log.h | 1 +
- include/types/global.h | 1 +
- include/types/log.h | 1 +
- src/cfgparse.c | 80 ++++++++++++++++++++++++++++++++++++++++----------
- src/log.c | 36 ++++++++++++++++-------
- 6 files changed, 118 insertions(+), 29 deletions(-)
-
-diff --git a/doc/configuration.txt b/doc/configuration.txt
-index 080d8fc..e53bb21 100644
---- a/doc/configuration.txt
-+++ b/doc/configuration.txt
-@@ -559,7 +559,7 @@ group <group name>
- Similar to "gid" but uses the GID of group name <group name> from /etc/group.
- See also "gid" and "user".
-
--log <address> <facility> [max level [min level]]
-+log <address> [len <length>] <facility> [max level [min level]]
- Adds a global syslog server. Up to two global servers can be defined. They
- will receive logs for startups and exits, as well as all logs from proxies
- configured with "log global".
-@@ -584,6 +584,18 @@ log <address> <facility> [max level [min level]]
- optionally enclosing them with braces ('{}'), similarly to what is done
- in Bourne shell.
-
-+ <length> is an optional maximum line length. Log lines larger than this value
-+ will be truncated before being sent. The reason is that syslog
-+ servers act differently on log line length. All servers support the
-+ default value of 1024, but some servers simply drop larger lines
-+ while others do log them. If a server supports long lines, it may
-+ make sense to set this value here in order to avoid truncating long
-+ lines. Similarly, if a server drops long lines, it is preferable to
-+ truncate them before sending them. Accepted values are 80 to 65535
-+ inclusive. The default value of 1024 is generally fine for all
-+ standard usages. Some specific cases of long captures or
-+ JSON-formated logs may require larger values.
-+
- <facility> must be one of the 24 standard syslog facilities :
-
- kern user mail daemon auth syslog lpr news
-@@ -3349,7 +3361,7 @@ ignore-persist { if | unless } <condition>
-
-
- log global
--log <address> <facility> [<level> [<minlevel>]]
-+log <address> [len <length>] <facility> [<level> [<minlevel>]]
- no log
- Enable per-instance logging of events and traffic.
- May be used in sections : defaults | frontend | listen | backend
-@@ -3389,6 +3401,18 @@ no log
- sign ('$') and optionally enclosing them with braces ('{}'),
- similarly to what is done in Bourne shell.
-
-+ <length> is an optional maximum line length. Log lines larger than this
-+ value will be truncated before being sent. The reason is that
-+ syslog servers act differently on log line length. All servers
-+ support the default value of 1024, but some servers simply drop
-+ larger lines while others do log them. If a server supports long
-+ lines, it may make sense to set this value here in order to avoid
-+ truncating long lines. Similarly, if a server drops long lines,
-+ it is preferable to truncate them before sending them. Accepted
-+ values are 80 to 65535 inclusive. The default value of 1024 is
-+ generally fine for all standard usages. Some specific cases of
-+ long captures or JSON-formated logs may require larger values.
-+
- <facility> must be one of the 24 standard syslog facilities :
-
- kern user mail daemon auth syslog lpr news
-diff --git a/include/proto/log.h b/include/proto/log.h
-index e3c1a75..54c51d1 100644
---- a/include/proto/log.h
-+++ b/include/proto/log.h
-@@ -39,6 +39,7 @@ extern char *log_format;
- extern char default_tcp_log_format[];
- extern char default_http_log_format[];
- extern char clf_http_log_format[];
-+extern char *logline;
-
-
- int build_logline(struct session *s, char *dst, size_t maxsize, struct list *list_format);
-diff --git a/include/types/global.h b/include/types/global.h
-index 23e3f3d..77df1dd 100644
---- a/include/types/global.h
-+++ b/include/types/global.h
-@@ -110,6 +110,7 @@ struct global {
- int last_checks;
- int spread_checks;
- int max_spread_checks;
-+ int max_syslog_len;
- char *chroot;
- char *pidfile;
- char *node, *desc; /* node name & description */
-diff --git a/include/types/log.h b/include/types/log.h
-index b3288bd..c7e47ea 100644
---- a/include/types/log.h
-+++ b/include/types/log.h
-@@ -152,6 +152,7 @@ struct logsrv {
- int facility;
- int level;
- int minlvl;
-+ int maxlen;
- };
-
- #endif /* _TYPES_LOG_H */
-diff --git a/src/cfgparse.c b/src/cfgparse.c
-index 762978a..e6e65b4 100644
---- a/src/cfgparse.c
-+++ b/src/cfgparse.c
-@@ -1254,6 +1254,8 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
- struct sockaddr_storage *sk;
- int port1, port2;
- struct logsrv *logsrv;
-+ int arg = 0;
-+ int len = 0;
-
- if (*(args[1]) == 0 || *(args[2]) == 0) {
- Alert("parsing [%s:%d] : '%s' expects <address> and <facility> as arguments.\n", file, linenum, args[0]);
-@@ -1263,28 +1265,50 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
-
- logsrv = calloc(1, sizeof(struct logsrv));
-
-- logsrv->facility = get_log_facility(args[2]);
-+ /* just after the address, a length may be specified */
-+ if (strcmp(args[arg+2], "len") == 0) {
-+ len = atoi(args[arg+3]);
-+ if (len < 80 || len > 65535) {
-+ Alert("parsing [%s:%d] : invalid log length '%s', must be between 80 and 65535.\n",
-+ file, linenum, args[arg+3]);
-+ err_code |= ERR_ALERT | ERR_FATAL;
-+ goto out;
-+ }
-+ logsrv->maxlen = len;
-+
-+ /* skip these two args */
-+ arg += 2;
-+ }
-+ else
-+ logsrv->maxlen = MAX_SYSLOG_LEN;
-+
-+ if (logsrv->maxlen > global.max_syslog_len) {
-+ global.max_syslog_len = logsrv->maxlen;
-+ logline = realloc(logline, global.max_syslog_len + 1);
-+ }
-+
-+ logsrv->facility = get_log_facility(args[arg+2]);
- if (logsrv->facility < 0) {
-- Alert("parsing [%s:%d] : unknown log facility '%s'\n", file, linenum, args[2]);
-+ Alert("parsing [%s:%d] : unknown log facility '%s'\n", file, linenum, args[arg+2]);
- err_code |= ERR_ALERT | ERR_FATAL;
- logsrv->facility = 0;
- }
-
- logsrv->level = 7; /* max syslog level = debug */
-- if (*(args[3])) {
-- logsrv->level = get_log_level(args[3]);
-+ if (*(args[arg+3])) {
-+ logsrv->level = get_log_level(args[arg+3]);
- if (logsrv->level < 0) {
-- Alert("parsing [%s:%d] : unknown optional log level '%s'\n", file, linenum, args[3]);
-+ Alert("parsing [%s:%d] : unknown optional log level '%s'\n", file, linenum, args[arg+3]);
- err_code |= ERR_ALERT | ERR_FATAL;
- logsrv->level = 0;
- }
- }
-
- logsrv->minlvl = 0; /* limit syslog level to this level (emerg) */
-- if (*(args[4])) {
-- logsrv->minlvl = get_log_level(args[4]);
-+ if (*(args[arg+4])) {
-+ logsrv->minlvl = get_log_level(args[arg+4]);
- if (logsrv->minlvl < 0) {
-- Alert("parsing [%s:%d] : unknown optional minimum log level '%s'\n", file, linenum, args[4]);
-+ Alert("parsing [%s:%d] : unknown optional minimum log level '%s'\n", file, linenum, args[arg+4]);
- err_code |= ERR_ALERT | ERR_FATAL;
- logsrv->minlvl = 0;
- }
-@@ -4791,22 +4815,46 @@ stats_error_parsing:
- else if (*(args[1]) && *(args[2])) {
- struct sockaddr_storage *sk;
- int port1, port2;
-+ int arg = 0;
-+ int len = 0;
-
- logsrv = calloc(1, sizeof(struct logsrv));
-
-- logsrv->facility = get_log_facility(args[2]);
-+ /* just after the address, a length may be specified */
-+ if (strcmp(args[arg+2], "len") == 0) {
-+ len = atoi(args[arg+3]);
-+ if (len < 80 || len > 65535) {
-+ Alert("parsing [%s:%d] : invalid log length '%s', must be between 80 and 65535.\n",
-+ file, linenum, args[arg+3]);
-+ err_code |= ERR_ALERT | ERR_FATAL;
-+ goto out;
-+ }
-+ logsrv->maxlen = len;
-+
-+ /* skip these two args */
-+ arg += 2;
-+ }
-+ else
-+ logsrv->maxlen = MAX_SYSLOG_LEN;
-+
-+ if (logsrv->maxlen > global.max_syslog_len) {
-+ global.max_syslog_len = logsrv->maxlen;
-+ logline = realloc(logline, global.max_syslog_len + 1);
-+ }
-+
-+ logsrv->facility = get_log_facility(args[arg+2]);
- if (logsrv->facility < 0) {
-- Alert("parsing [%s:%d] : unknown log facility '%s'\n", file, linenum, args[2]);
-+ Alert("parsing [%s:%d] : unknown log facility '%s'\n", file, linenum, args[arg+2]);
- err_code |= ERR_ALERT | ERR_FATAL;
- goto out;
-
- }
-
- logsrv->level = 7; /* max syslog level = debug */
-- if (*(args[3])) {
-- logsrv->level = get_log_level(args[3]);
-+ if (*(args[arg+3])) {
-+ logsrv->level = get_log_level(args[arg+3]);
- if (logsrv->level < 0) {
-- Alert("parsing [%s:%d] : unknown optional log level '%s'\n", file, linenum, args[3]);
-+ Alert("parsing [%s:%d] : unknown optional log level '%s'\n", file, linenum, args[arg+3]);
- err_code |= ERR_ALERT | ERR_FATAL;
- goto out;
-
-@@ -4814,10 +4862,10 @@ stats_error_parsing:
- }
-
- logsrv->minlvl = 0; /* limit syslog level to this level (emerg) */
-- if (*(args[4])) {
-- logsrv->minlvl = get_log_level(args[4]);
-+ if (*(args[arg+4])) {
-+ logsrv->minlvl = get_log_level(args[arg+4]);
- if (logsrv->minlvl < 0) {
-- Alert("parsing [%s:%d] : unknown optional minimum log level '%s'\n", file, linenum, args[4]);
-+ Alert("parsing [%s:%d] : unknown optional minimum log level '%s'\n", file, linenum, args[arg+4]);
- err_code |= ERR_ALERT | ERR_FATAL;
- goto out;
-
-diff --git a/src/log.c b/src/log.c
-index 114ab7b..3e3acb4 100644
---- a/src/log.c
-+++ b/src/log.c
-@@ -146,7 +146,7 @@ char *log_format = NULL;
- /* This is a global syslog line, common to all outgoing messages. It begins
- * with the syslog tag and the date that are updated by update_log_hdr().
- */
--static char logline[MAX_SYSLOG_LEN];
-+char *logline = NULL;
-
- struct logformat_var_args {
- char *name;
-@@ -736,7 +736,7 @@ static char *update_log_hdr()
- tvsec = date.tv_sec;
- get_localtime(tvsec, &tm);
-
-- hdr_len = snprintf(logline, MAX_SYSLOG_LEN,
-+ hdr_len = snprintf(logline, global.max_syslog_len,
- "<<<<>%s %2d %02d:%02d:%02d %s%s[%d]: ",
- monthname[tm.tm_mon],
- tm.tm_mday, tm.tm_hour, tm.tm_min, tm.tm_sec,
-@@ -746,8 +746,8 @@ static char *update_log_hdr()
- * either -1 or the number of bytes that would be needed to store
- * the total message. In both cases, we must adjust it.
- */
-- if (hdr_len < 0 || hdr_len > MAX_SYSLOG_LEN)
-- hdr_len = MAX_SYSLOG_LEN;
-+ if (hdr_len < 0 || hdr_len > global.max_syslog_len)
-+ hdr_len = global.max_syslog_len;
-
- dataptr = logline + hdr_len;
- }
-@@ -772,9 +772,9 @@ void send_log(struct proxy *p, int level, const char *format, ...)
- data_len = dataptr - logline;
-
- va_start(argp, format);
-- data_len += vsnprintf(dataptr, logline + sizeof(logline) - dataptr, format, argp);
-- if (data_len < 0 || data_len > MAX_SYSLOG_LEN)
-- data_len = MAX_SYSLOG_LEN;
-+ data_len += vsnprintf(dataptr, logline + global.max_syslog_len - dataptr, format, argp);
-+ if (data_len < 0 || data_len > global.max_syslog_len)
-+ data_len = global.max_syslog_len;
- va_end(argp);
-
- __send_log(p, level, logline, data_len);
-@@ -811,8 +811,6 @@ void __send_log(struct proxy *p, int level, char *message, size_t size)
- if (!logsrvs)
- return;
-
-- message[size - 1] = '\n';
--
- /* Send log messages to syslog server. */
- nblogger = 0;
- list_for_each_entry(tmp, logsrvs, list) {
-@@ -820,6 +818,8 @@ void __send_log(struct proxy *p, int level, char *message, size_t size)
- int *plogfd = logsrv->addr.ss_family == AF_UNIX ?
- &logfdunix : &logfdinet;
- int sent;
-+ int max;
-+ char backup;
-
- nblogger++;
-
-@@ -858,9 +858,23 @@ void __send_log(struct proxy *p, int level, char *message, size_t size)
- } while (fac_level && log_ptr > dataptr);
- *log_ptr = '<';
-
-- sent = sendto(*plogfd, log_ptr, size - (log_ptr - dataptr),
-+ max = size - (log_ptr - dataptr);
-+ if (max > logsrv->maxlen)
-+ max = logsrv->maxlen;
-+
-+ /* insert a \n at the end of the message, but save what was
-+ * there first because we could have different max lengths
-+ * for different log targets.
-+ */
-+ backup = log_ptr[max - 1];
-+ log_ptr[max - 1] = '\n';
-+
-+ sent = sendto(*plogfd, log_ptr, max,
- MSG_DONTWAIT | MSG_NOSIGNAL,
- (struct sockaddr *)&logsrv->addr, get_addr_len(&logsrv->addr));
-+
-+ log_ptr[max - 1] = backup;
-+
- if (sent < 0) {
- Alert("sendto logger #%d failed: %s (errno=%d)\n",
- nblogger, strerror(errno), errno);
-@@ -1604,7 +1618,7 @@ void sess_log(struct session *s)
-
- tmplog = update_log_hdr();
- size = tmplog - logline;
-- size += build_logline(s, tmplog, sizeof(logline) - size, &s->fe->logformat);
-+ size += build_logline(s, tmplog, global.max_syslog_len - size, &s->fe->logformat);
- if (size > 0) {
- __send_log(s->fe, level, logline, size + 1);
- s->logs.logwait = 0;
---
-1.8.5.5
-
+++ /dev/null
-From d38f5c0c1cbba00d80cad2640c005794fa5bc4f9 Mon Sep 17 00:00:00 2001
-From: Marco Corte <marco@marcocorte.it>
-Date: Wed, 2 Jul 2014 17:49:34 +0200
-Subject: [PATCH 10/12] MINOR: stats: fix minor typo in HTML page
-
-There is a very small typo in the statistics interface: a "set" in
-lowercase where allothers are uppercase "Set".
-(cherry picked from commit 8c27bcaea0116247ee055c5481a63507de4fe6e4)
----
- src/dumpstats.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/dumpstats.c b/src/dumpstats.c
-index c8bac08..5365042 100644
---- a/src/dumpstats.c
-+++ b/src/dumpstats.c
-@@ -3710,7 +3710,7 @@ static void stats_dump_html_px_end(struct stream_interface *si, struct proxy *px
- "<option value=\"\"></option>"
- "<option value=\"ready\">Set state to READY</option>"
- "<option value=\"drain\">Set state to DRAIN</option>"
-- "<option value=\"maint\">set state to MAINT</option>"
-+ "<option value=\"maint\">Set state to MAINT</option>"
- "<option value=\"dhlth\">Health: disable checks</option>"
- "<option value=\"ehlth\">Health: enable checks</option>"
- "<option value=\"hrunn\">Health: force UP</option>"
---
-1.8.5.5
-
+++ /dev/null
-From 76ad998e2b6ae852567ff53edb84a0b467c0c9cb Mon Sep 17 00:00:00 2001
-From: Jan Seda <hodor@hodor.cz>
-Date: Thu, 26 Jun 2014 20:44:05 +0200
-Subject: [PATCH 11/12] BUG/MEDIUM: unix: do not unlink() abstract namespace
- sockets upon failure.
-
-When bind() fails (function uxst_bind_listener()), the fail path doesn't
-consider the abstract namespace and tries to unlink paths held in
-uninitiliazed memory (tempname and backname). See the strace excerpt;
-the strings still hold the path from test1.
-
-===============================================================================================
-23722 bind(5, {sa_family=AF_FILE, path=@"test2"}, 110) = -1 EADDRINUSE (Address already in use)
-23722 unlink("/tmp/test1.sock.23722.tmp") = -1 ENOENT (No such file or directory)
-23722 close(5) = 0
-23722 unlink("/tmp/test1.sock.23722.bak") = -1 ENOENT (No such file or directory)
-===============================================================================================
-
-This patch should be backported to 1.5.
-(cherry picked from commit 7319b64fc4c9b7e04726816c6cc02f6ecf66a0a4)
----
- src/proto_uxst.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/proto_uxst.c b/src/proto_uxst.c
-index f83d34e..c9a52ff 100644
---- a/src/proto_uxst.c
-+++ b/src/proto_uxst.c
-@@ -309,11 +309,11 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle
- if (ret < 0 && errno == ENOENT)
- unlink(path);
- err_unlink_temp:
-- if (!ext)
-+ if (!ext && path[0])
- unlink(tempname);
- close(fd);
- err_unlink_back:
-- if (!ext)
-+ if (!ext && path[0])
- unlink(backname);
- err_return:
- if (msg && errlen) {
---
-1.8.5.5
-
+++ /dev/null
-From 9fe4cb64cd9514a72bcd4b2fd8781620da9e1f76 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Wed, 2 Jul 2014 19:01:22 +0200
-Subject: [PATCH 12/12] DOC: provide an example of how to use ssl_c_sha1
-
-As suggested by Aydan Yumerefendi, a little bit of examples never hurts.
-(cherry picked from commit 2d0caa38e040b081903e50faa56bae52599b3949)
----
- doc/configuration.txt | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/doc/configuration.txt b/doc/configuration.txt
-index e53bb21..fcc6454 100644
---- a/doc/configuration.txt
-+++ b/doc/configuration.txt
-@@ -10722,6 +10722,10 @@ ssl_c_sha1 : binary
- Returns the SHA-1 fingerprint of the certificate presented by the client when
- the incoming connection was made over an SSL/TLS transport layer. This can be
- used to stick a client to a server, or to pass this information to a server.
-+ Note that the output is binary, so if you want to pass that signature to the
-+ server, you need to encode it in hex or base64, such as in the example below:
-+
-+ http-request set-header X-SSL-Client-SHA1 %[ssl_c_sha1,hex]
-
- ssl_c_sig_alg : string
- Returns the name of the algorithm used to sign the certificate presented by
---
-1.8.5.5
-
+++ /dev/null
-From 463ae6f09e485faf3d1cdc4daceefe4bcd50b50e Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Tue, 8 Jul 2014 00:59:48 +0200
-Subject: [PATCH 13/21] BUILD: http: fix isdigit & isspace warnings on Solaris
-
-As usual, when touching any is* function, Solaris complains about the
-type of the element being checked. Better backport this to 1.5 since
-nobody knows what the emitted code looks like since macros are used
-instead of functions.
-(cherry picked from commit 506c69a50e8d434b6b0c2c89b0402f220830644d)
----
- src/proto_http.c | 20 ++++++++++----------
- 1 file changed, 10 insertions(+), 10 deletions(-)
-
-diff --git a/src/proto_http.c b/src/proto_http.c
-index 01fe62d..4a862b0 100644
---- a/src/proto_http.c
-+++ b/src/proto_http.c
-@@ -2143,22 +2143,22 @@ int parse_qvalue(const char *qvalue, const char **end)
- {
- int q = 1000;
-
-- if (!isdigit(*qvalue))
-+ if (!isdigit((unsigned char)*qvalue))
- goto out;
- q = (*qvalue++ - '0') * 1000;
-
- if (*qvalue++ != '.')
- goto out;
-
-- if (!isdigit(*qvalue))
-+ if (!isdigit((unsigned char)*qvalue))
- goto out;
- q += (*qvalue++ - '0') * 100;
-
-- if (!isdigit(*qvalue))
-+ if (!isdigit((unsigned char)*qvalue))
- goto out;
- q += (*qvalue++ - '0') * 10;
-
-- if (!isdigit(*qvalue))
-+ if (!isdigit((unsigned char)*qvalue))
- goto out;
- q += (*qvalue++ - '0') * 1;
- out:
-@@ -11226,7 +11226,7 @@ static int sample_conv_q_prefered(const struct arg *args, struct sample *smp)
- while (1) {
-
- /* Jump spaces, quit if the end is detected. */
-- while (al < end && isspace(*al))
-+ while (al < end && isspace((unsigned char)*al))
- al++;
- if (al >= end)
- break;
-@@ -11235,7 +11235,7 @@ static int sample_conv_q_prefered(const struct arg *args, struct sample *smp)
- token = al;
-
- /* Look for separator: isspace(), ',' or ';'. Next value if 0 length word. */
-- while (al < end && *al != ';' && *al != ',' && !isspace(*al))
-+ while (al < end && *al != ';' && *al != ',' && !isspace((unsigned char)*al))
- al++;
- if (al == token)
- goto expect_comma;
-@@ -11264,7 +11264,7 @@ static int sample_conv_q_prefered(const struct arg *args, struct sample *smp)
- look_for_q:
-
- /* Jump spaces, quit if the end is detected. */
-- while (al < end && isspace(*al))
-+ while (al < end && isspace((unsigned char)*al))
- al++;
- if (al >= end)
- goto process_value;
-@@ -11283,7 +11283,7 @@ look_for_q:
- al++;
-
- /* Jump spaces, process value if the end is detected. */
-- while (al < end && isspace(*al))
-+ while (al < end && isspace((unsigned char)*al))
- al++;
- if (al >= end)
- goto process_value;
-@@ -11294,7 +11294,7 @@ look_for_q:
- al++;
-
- /* Jump spaces, process value if the end is detected. */
-- while (al < end && isspace(*al))
-+ while (al < end && isspace((unsigned char)*al))
- al++;
- if (al >= end)
- goto process_value;
-@@ -11305,7 +11305,7 @@ look_for_q:
- al++;
-
- /* Jump spaces, process value if the end is detected. */
-- while (al < end && isspace(*al))
-+ while (al < end && isspace((unsigned char)*al))
- al++;
- if (al >= end)
- goto process_value;
---
-1.8.5.5
-
+++ /dev/null
-From fb8bf6324bfe9f36d0be5110fcc13facba4389a8 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Mon, 7 Jul 2014 18:24:48 +0200
-Subject: [PATCH 14/21] BUG/MINOR: listener: set the listener's fd to -1 after
- deletion
-
-This is currently harmless, but when stopping a listener, its fd is
-closed but not set to -1, so it is not possible to re-open it again.
-Currently this has no impact but can have after the abstract sockets
-are modified to perform a complete close on soft-reload.
-
-The fix can be backported to 1.5 and may even apply to 1.4 (protocols.c).
-(cherry picked from commit 39447b6a5799a160eae452db920fd0735a78638b)
----
- src/listener.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/listener.c b/src/listener.c
-index ec3a39b..a82ce81 100644
---- a/src/listener.c
-+++ b/src/listener.c
-@@ -236,6 +236,7 @@ int unbind_listener(struct listener *listener)
-
- if (listener->state >= LI_PAUSED) {
- fd_delete(listener->fd);
-+ listener->fd = -1;
- listener->state = LI_ASSIGNED;
- }
- return ERR_NONE;
---
-1.8.5.5
-
+++ /dev/null
-From 58dd0f33fa908e83199d28775bad8ee2f24151a9 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Mon, 7 Jul 2014 18:36:45 +0200
-Subject: [PATCH 15/21] BUG/MEDIUM: unix: failed abstract socket binding is
- retryable
-
-Jan Seda noticed that abstract sockets are incompatible with soft reload,
-because the new process cannot bind and immediately fails. This patch marks
-the binding as retryable and not fatal so that the new process can try to
-bind again after sending a signal to the old process.
-
-Note that this fix is not enough to completely solve the problem, but it
-is necessary. This patch should be backported to 1.5.
-(cherry picked from commit 3c5efa2b3268f31cffc2c18887010d4bc906a066)
----
- src/proto_uxst.c | 30 ++++++++++++++++++++++++++----
- 1 file changed, 26 insertions(+), 4 deletions(-)
-
-diff --git a/src/proto_uxst.c b/src/proto_uxst.c
-index c9a52ff..409c659 100644
---- a/src/proto_uxst.c
-+++ b/src/proto_uxst.c
-@@ -166,9 +166,11 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle
- const char *path;
- int ext, ready;
- socklen_t ready_len;
--
-+ int err;
- int ret;
-
-+ err = ERR_NONE;
-+
- /* ensure we never return garbage */
- if (errlen)
- *errmsg = 0;
-@@ -191,29 +193,34 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle
- if (path[0]) {
- ret = snprintf(tempname, MAXPATHLEN, "%s.%d.tmp", path, pid);
- if (ret < 0 || ret >= MAXPATHLEN) {
-+ err |= ERR_FATAL | ERR_ALERT;
- msg = "name too long for UNIX socket";
- goto err_return;
- }
-
- ret = snprintf(backname, MAXPATHLEN, "%s.%d.bak", path, pid);
- if (ret < 0 || ret >= MAXPATHLEN) {
-+ err |= ERR_FATAL | ERR_ALERT;
- msg = "name too long for UNIX socket";
- goto err_return;
- }
-
- /* 2. clean existing orphaned entries */
- if (unlink(tempname) < 0 && errno != ENOENT) {
-+ err |= ERR_FATAL | ERR_ALERT;
- msg = "error when trying to unlink previous UNIX socket";
- goto err_return;
- }
-
- if (unlink(backname) < 0 && errno != ENOENT) {
-+ err |= ERR_FATAL | ERR_ALERT;
- msg = "error when trying to unlink previous UNIX socket";
- goto err_return;
- }
-
- /* 3. backup existing socket */
- if (link(path, backname) < 0 && errno != ENOENT) {
-+ err |= ERR_FATAL | ERR_ALERT;
- msg = "error when trying to preserve previous UNIX socket";
- goto err_return;
- }
-@@ -231,24 +238,35 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle
-
- fd = socket(PF_UNIX, SOCK_STREAM, 0);
- if (fd < 0) {
-+ err |= ERR_FATAL | ERR_ALERT;
- msg = "cannot create UNIX socket";
- goto err_unlink_back;
- }
-
- fd_ready:
- if (fd >= global.maxsock) {
-+ err |= ERR_FATAL | ERR_ALERT;
- msg = "socket(): not enough free sockets, raise -n argument";
- goto err_unlink_temp;
- }
-
- if (fcntl(fd, F_SETFL, O_NONBLOCK) == -1) {
-+ err |= ERR_FATAL | ERR_ALERT;
- msg = "cannot make UNIX socket non-blocking";
- goto err_unlink_temp;
- }
-
- if (!ext && bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
- /* note that bind() creates the socket <tempname> on the file system */
-- msg = "cannot bind UNIX socket";
-+ if (errno == EADDRINUSE) {
-+ /* the old process might still own it, let's retry */
-+ err |= ERR_RETRYABLE | ERR_ALERT;
-+ msg = "cannot listen to socket";
-+ }
-+ else {
-+ err |= ERR_FATAL | ERR_ALERT;
-+ msg = "cannot bind UNIX socket";
-+ }
- goto err_unlink_temp;
- }
-
-@@ -261,6 +279,7 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle
- (((listener->bind_conf->ux.uid != -1 || listener->bind_conf->ux.gid != -1) &&
- (chown(tempname, listener->bind_conf->ux.uid, listener->bind_conf->ux.gid) == -1)) ||
- (listener->bind_conf->ux.mode != 0 && chmod(tempname, listener->bind_conf->ux.mode) == -1))) {
-+ err |= ERR_FATAL | ERR_ALERT;
- msg = "cannot change UNIX socket ownership";
- goto err_unlink_temp;
- }
-@@ -272,6 +291,7 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle
-
- if (!(ext && ready) && /* only listen if not already done by external process */
- listen(fd, listener->backlog ? listener->backlog : listener->maxconn) < 0) {
-+ err |= ERR_FATAL | ERR_ALERT;
- msg = "cannot listen to UNIX socket";
- goto err_unlink_temp;
- }
-@@ -281,6 +301,7 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle
- * backname. Abstract sockets are not renamed.
- */
- if (!ext && path[0] && rename(tempname, path) < 0) {
-+ err |= ERR_FATAL | ERR_ALERT;
- msg = "cannot switch final and temporary UNIX sockets";
- goto err_rename;
- }
-@@ -303,7 +324,8 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle
- fd_insert(fd);
- fdtab[fd].iocb = listener->proto->accept;
- fdtab[fd].owner = listener; /* reference the listener instead of a task */
-- return ERR_NONE;
-+ return err;
-+
- err_rename:
- ret = rename(backname, path);
- if (ret < 0 && errno == ENOENT)
-@@ -322,7 +344,7 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle
- else
- snprintf(errmsg, errlen, "%s [fd %d]", msg, fd);
- }
-- return ERR_FATAL | ERR_ALERT;
-+ return err;
- }
-
- /* This function closes the UNIX sockets for the specified listener.
---
-1.8.5.5
-
+++ /dev/null
-From d903bb345dcf6ed058ccf84f476f066b3dc08d47 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Mon, 7 Jul 2014 20:22:12 +0200
-Subject: [PATCH 16/21] MEDIUM: listener: implement a per-protocol pause()
- function
-
-In order to fix the abstact socket pause mechanism during soft restarts,
-we'll need to proceed differently depending on the socket protocol. The
-pause_listener() function already supports some protocol-specific handling
-for the TCP case.
-
-This commit makes this cleaner by adding a new ->pause() function to the
-protocol struct, which, if defined, may be used to pause a listener of a
-given protocol.
-
-For now, only TCP has been adapted, with the specific code moved from
-pause_listener() to tcp_pause_listener().
-(cherry picked from commit 092d865c53de80afc847c5ff0a079b414041ce2a)
----
- include/proto/proto_tcp.h | 1 +
- include/types/protocol.h | 1 +
- src/listener.c | 17 +++++++++--------
- src/proto_tcp.c | 18 ++++++++++++++++++
- 4 files changed, 29 insertions(+), 8 deletions(-)
-
-diff --git a/include/proto/proto_tcp.h b/include/proto/proto_tcp.h
-index 4adf4d2..ac8b711 100644
---- a/include/proto/proto_tcp.h
-+++ b/include/proto/proto_tcp.h
-@@ -30,6 +30,7 @@
- int tcp_bind_socket(int fd, int flags, struct sockaddr_storage *local, struct sockaddr_storage *remote);
- void tcpv4_add_listener(struct listener *listener);
- void tcpv6_add_listener(struct listener *listener);
-+int tcp_pause_listener(struct listener *l);
- int tcp_connect_server(struct connection *conn, int data, int delack);
- int tcp_connect_probe(struct connection *conn);
- int tcp_get_src(int fd, struct sockaddr *sa, socklen_t salen, int dir);
-diff --git a/include/types/protocol.h b/include/types/protocol.h
-index e03692a..74b20e8 100644
---- a/include/types/protocol.h
-+++ b/include/types/protocol.h
-@@ -60,6 +60,7 @@ struct protocol {
- int (*get_src)(int fd, struct sockaddr *, socklen_t, int dir); /* syscall used to retrieve src addr */
- int (*get_dst)(int fd, struct sockaddr *, socklen_t, int dir); /* syscall used to retrieve dst addr */
- int (*drain)(int fd); /* indicates whether we can safely close the fd */
-+ int (*pause)(struct listener *l); /* temporarily pause this listener for a soft restart */
-
- struct list listeners; /* list of listeners using this protocol */
- int nb_listeners; /* number of listeners */
-diff --git a/src/listener.c b/src/listener.c
-index a82ce81..67f8ca7 100644
---- a/src/listener.c
-+++ b/src/listener.c
-@@ -95,15 +95,16 @@ int pause_listener(struct listener *l)
- if (l->state <= LI_PAUSED)
- return 1;
-
-- if (l->proto->sock_prot == IPPROTO_TCP) {
-- if (shutdown(l->fd, SHUT_WR) != 0)
-- return 0; /* Solaris dies here */
--
-- if (listen(l->fd, l->backlog ? l->backlog : l->maxconn) != 0)
-- return 0; /* OpenBSD dies here */
-+ if (l->proto->pause) {
-+ /* Returns < 0 in case of failure, 0 if the listener
-+ * was totally stopped, or > 0 if correctly paused.
-+ */
-+ int ret = l->proto->pause(l);
-
-- if (shutdown(l->fd, SHUT_RD) != 0)
-- return 0; /* should always be OK */
-+ if (ret < 0)
-+ return 0;
-+ else if (ret == 0)
-+ return 1;
- }
-
- if (l->state == LI_LIMITED)
-diff --git a/src/proto_tcp.c b/src/proto_tcp.c
-index e9dbc9c..9778856 100644
---- a/src/proto_tcp.c
-+++ b/src/proto_tcp.c
-@@ -80,6 +80,7 @@ static struct protocol proto_tcpv4 = {
- .get_src = tcp_get_src,
- .get_dst = tcp_get_dst,
- .drain = tcp_drain,
-+ .pause = tcp_pause_listener,
- .listeners = LIST_HEAD_INIT(proto_tcpv4.listeners),
- .nb_listeners = 0,
- };
-@@ -102,6 +103,7 @@ static struct protocol proto_tcpv6 = {
- .get_src = tcp_get_src,
- .get_dst = tcp_get_dst,
- .drain = tcp_drain,
-+ .pause = tcp_pause_listener,
- .listeners = LIST_HEAD_INIT(proto_tcpv6.listeners),
- .nb_listeners = 0,
- };
-@@ -947,6 +949,22 @@ void tcpv6_add_listener(struct listener *listener)
- proto_tcpv6.nb_listeners++;
- }
-
-+/* Pause a listener. Returns < 0 in case of failure, 0 if the listener
-+ * was totally stopped, or > 0 if correctly paused.
-+ */
-+int tcp_pause_listener(struct listener *l)
-+{
-+ if (shutdown(l->fd, SHUT_WR) != 0)
-+ return -1; /* Solaris dies here */
-+
-+ if (listen(l->fd, l->backlog ? l->backlog : l->maxconn) != 0)
-+ return -1; /* OpenBSD dies here */
-+
-+ if (shutdown(l->fd, SHUT_RD) != 0)
-+ return -1; /* should always be OK */
-+ return 1;
-+}
-+
- /* This function performs the TCP request analysis on the current request. It
- * returns 1 if the processing can continue on next analysers, or zero if it
- * needs more data, encounters an error, or wants to immediately abort the
---
-1.8.5.5
-
+++ /dev/null
-From ff12090bf067a1ddd56bed14cf27371cdf2e77cb Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Mon, 7 Jul 2014 21:06:24 +0200
-Subject: [PATCH 17/21] MEDIUM: listener: support rebinding during resume()
-
-When a listener resumes operations, supporting a full rebind makes it
-possible to perform a full stop as a pause(). This will be used for
-pausing abstract namespace unix sockets.
-(cherry picked from commit 1c4b814087189b4b0225a473b7cb0a844bc30839)
----
- src/listener.c | 18 +++++++++++++++++-
- 1 file changed, 17 insertions(+), 1 deletion(-)
-
-diff --git a/src/listener.c b/src/listener.c
-index 67f8ca7..11df69f 100644
---- a/src/listener.c
-+++ b/src/listener.c
-@@ -120,10 +120,26 @@ int pause_listener(struct listener *l)
- * may replace enable_listener(). The resulting state will either be LI_READY
- * or LI_FULL. 0 is returned in case of failure to resume (eg: dead socket).
- * Listeners bound to a different process are not woken up unless we're in
-- * foreground mode.
-+ * foreground mode. If the listener was only in the assigned state, it's totally
-+ * rebound. This can happen if a pause() has completely stopped it. If the
-+ * resume fails, 0 is returned and an error might be displayed.
- */
- int resume_listener(struct listener *l)
- {
-+ if (l->state == LI_ASSIGNED) {
-+ char msg[100];
-+ int err;
-+
-+ err = l->proto->bind(l, msg, sizeof(msg));
-+ if (err & ERR_ALERT)
-+ Alert("Resuming listener: %s\n", msg);
-+ else if (err & ERR_WARN)
-+ Warning("Resuming listener: %s\n", msg);
-+
-+ if (err & (ERR_FATAL | ERR_ABORT))
-+ return 0;
-+ }
-+
- if (l->state < LI_PAUSED)
- return 0;
-
---
-1.8.5.5
-
+++ /dev/null
-From 631a70f8baff6d26a2a6692ccd368de8d3948bf9 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Mon, 7 Jul 2014 21:07:51 +0200
-Subject: [PATCH 18/21] BUG/MEDIUM: unix: completely unbind abstract sockets
- during a pause()
-
-Abstract namespace sockets ignore the shutdown() call and do not make
-it possible to temporarily stop listening. The issue it causes is that
-during a soft reload, the new process cannot bind, complaining that the
-address is already in use.
-
-This change registers a new pause() function for unix sockets and
-completely unbinds the abstract ones since it's possible to rebind
-them later. It requires the two previous patches as well as preceeding
-fixes.
-
-This fix should be backported into 1.5 since the issue apperas there.
-(cherry picked from commit fd0e008d9d4db2f860b739bd28f6cd31d9aaf2b5)
----
- include/proto/proto_uxst.h | 1 +
- src/proto_uxst.c | 15 +++++++++++++++
- 2 files changed, 16 insertions(+)
-
-diff --git a/include/proto/proto_uxst.h b/include/proto/proto_uxst.h
-index 9422ea7..8e796ec 100644
---- a/include/proto/proto_uxst.h
-+++ b/include/proto/proto_uxst.h
-@@ -27,6 +27,7 @@
- #include <types/task.h>
-
- void uxst_add_listener(struct listener *listener);
-+int uxst_pause_listener(struct listener *l);
- int uxst_get_src(int fd, struct sockaddr *sa, socklen_t salen, int dir);
- int uxst_get_dst(int fd, struct sockaddr *sa, socklen_t salen, int dir);
-
-diff --git a/src/proto_uxst.c b/src/proto_uxst.c
-index 409c659..adc1b46 100644
---- a/src/proto_uxst.c
-+++ b/src/proto_uxst.c
-@@ -68,6 +68,7 @@ static struct protocol proto_unix = {
- .disable_all = disable_all_listeners,
- .get_src = uxst_get_src,
- .get_dst = uxst_get_dst,
-+ .pause = uxst_pause_listener,
- .listeners = LIST_HEAD_INIT(proto_unix.listeners),
- .nb_listeners = 0,
- };
-@@ -373,6 +374,20 @@ void uxst_add_listener(struct listener *listener)
- proto_unix.nb_listeners++;
- }
-
-+/* Pause a listener. Returns < 0 in case of failure, 0 if the listener
-+ * was totally stopped, or > 0 if correctly paused. Nothing is done for
-+ * plain unix sockets since currently it's the new process which handles
-+ * the renaming. Abstract sockets are completely unbound.
-+ */
-+int uxst_pause_listener(struct listener *l)
-+{
-+ if (((struct sockaddr_un *)&l->addr)->sun_path[0])
-+ return 1;
-+
-+ unbind_listener(l);
-+ return 0;
-+}
-+
-
- /*
- * This function initiates a UNIX connection establishment to the target assigned
---
-1.8.5.5
-
+++ /dev/null
-From b4fca5dbf0cfe887b88d6213b014e2f73e02a5e6 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Tue, 8 Jul 2014 00:37:50 +0200
-Subject: [PATCH 19/21] DOC: explicitly mention the limits of abstract
- namespace sockets
-
-Listening to an abstract namespace socket is quite convenient but
-comes with some drawbacks that must be clearly understood when the
-socket is being listened to by multiple processes. The trouble is
-that the socket cannot be rebound if a new process attempts a soft
-restart and fails, so only one of the initially bound processes
-will still be bound to it, the other ones will fail to rebind. For
-most situations it's not an issue but it needs to be indicated.
-(cherry picked from commit 70f72e0c90691c72cb72306b718f785902270015)
----
- doc/configuration.txt | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/doc/configuration.txt b/doc/configuration.txt
-index fcc6454..73195ba 100644
---- a/doc/configuration.txt
-+++ b/doc/configuration.txt
-@@ -1791,7 +1791,13 @@ bind /<path> [, ...] [param*]
- - 'ipv4@' -> address is always IPv4
- - 'ipv6@' -> address is always IPv6
- - 'unix@' -> address is a path to a local unix socket
-- - 'abns@' -> address is in abstract namespace (Linux only)
-+ - 'abns@' -> address is in abstract namespace (Linux only).
-+ Note: since abstract sockets are not "rebindable", they
-+ do not cope well with multi-process mode during
-+ soft-restart, so it is better to avoid them if
-+ nbproc is greater than 1. The effect is that if the
-+ new process fails to start, only one of the old ones
-+ will be able to rebind to the socket.
- - 'fd@<n>' -> use file descriptor <n> inherited from the
- parent. The fd must be bound and may or may not already
- be listening.
---
-1.8.5.5
-
+++ /dev/null
-From 75c98ad211c9e1b7304033b9d3eb4fe552d725d2 Mon Sep 17 00:00:00 2001
-From: James Westby <james.westby@canonical.com>
-Date: Tue, 8 Jul 2014 10:14:57 -0400
-Subject: [PATCH 20/21] DOC: expand the docs for the provided stats.
-
-Indicate for each statistic which types may have a value for
-that statistic.
-
-Explain some of the provided statistics a little more deeply.
-(cherry picked from commit ebe62d645b45aa2210ef848fa16805a0aba7d75a)
----
- doc/configuration.txt | 163 +++++++++++++++++++++++++++++++-------------------
- 1 file changed, 100 insertions(+), 63 deletions(-)
-
-diff --git a/doc/configuration.txt b/doc/configuration.txt
-index 73195ba..8407500 100644
---- a/doc/configuration.txt
-+++ b/doc/configuration.txt
-@@ -13075,44 +13075,76 @@ text is doubled ('""'), which is the format that most tools recognize. Please
- do not insert any column before these ones in order not to break tools which
- use hard-coded column positions.
-
-- 0. pxname: proxy name
-- 1. svname: service name (FRONTEND for frontend, BACKEND for backend, any name
-- for server)
-- 2. qcur: current queued requests
-- 3. qmax: max queued requests
-- 4. scur: current sessions
-- 5. smax: max sessions
-- 6. slim: sessions limit
-- 7. stot: total sessions
-- 8. bin: bytes in
-- 9. bout: bytes out
-- 10. dreq: denied requests
-- 11. dresp: denied responses
-- 12. ereq: request errors
-- 13. econ: connection errors
-- 14. eresp: response errors (among which srv_abrt)
-- 15. wretr: retries (warning)
-- 16. wredis: redispatches (warning)
-- 17. status: status (UP/DOWN/NOLB/MAINT/MAINT(via)...)
-- 18. weight: server weight (server), total weight (backend)
-- 19. act: server is active (server), number of active servers (backend)
-- 20. bck: server is backup (server), number of backup servers (backend)
-- 21. chkfail: number of failed checks
-- 22. chkdown: number of UP->DOWN transitions
-- 23. lastchg: last status change (in seconds)
-- 24. downtime: total downtime (in seconds)
-- 25. qlimit: queue limit
-- 26. pid: process id (0 for first instance, 1 for second, ...)
-- 27. iid: unique proxy id
-- 28. sid: service id (unique inside a proxy)
-- 29. throttle: warm up status
-- 30. lbtot: total number of times a server was selected
-- 31. tracked: id of proxy/server if tracking is enabled
-- 32. type (0=frontend, 1=backend, 2=server, 3=socket)
-- 33. rate: number of sessions per second over last elapsed second
-- 34. rate_lim: limit on new sessions per second
-- 35. rate_max: max number of new sessions per second
-- 36. check_status: status of last health check, one of:
-+In brackets after each field name are the types which may have a value for
-+that field. The types are L (Listeners), F (Frontends), B (Backends), and
-+S (Servers).
-+
-+ 0. pxname [LFBS]: proxy name
-+ 1. svname [LFBS]: service name (FRONTEND for frontend, BACKEND for backend,
-+ any name for server/listener)
-+ 2. qcur [..BS]: current queued requests. For the backend this reports the
-+ number queued without a server assigned.
-+ 3. qmax [..BS]: max value of qcur
-+ 4. scur [LFBS]: current sessions
-+ 5. smax [LFBS]: max sessions
-+ 6. slim [LFBS]: configured session limit
-+ 7. stot [LFBS]: cumulative number of connections
-+ 8. bin [LFBS]: bytes in
-+ 9. bout [LFBS]: bytes out
-+ 10. dreq [LFB.]: requests denied because of security concerns.
-+ - For tcp this is because of a matched tcp-request content rule.
-+ - For http this is because of a matched http-request or tarpit rule.
-+ 11. dresp [LFBS]: responses denied because of security concerns.
-+ - For http this is because of a matched http-request rule, or
-+ "option checkcache".
-+ 12. ereq [LF..]: request errors. Some of the possible causes are:
-+ - early termination from the client, before the request has been sent.
-+ - read error from the client
-+ - client timeout
-+ - client closed connection
-+ - various bad requests from the client.
-+ - request was tarpitted.
-+ 13. econ [..BS]: number of requests that encountered an error trying to
-+ connect to a backend server. The backend stat is the sum of the stat
-+ for all servers of that backend, plus any connection errors not
-+ associated with a particular server (such as the backend having no
-+ active servers).
-+ 14. eresp [..BS]: response errors. srv_abrt will be counted here also.
-+ Some other errors are:
-+ - write error on the client socket (won't be counted for the server stat)
-+ - failure applying filters to the response.
-+ 15. wretr [..BS]: number of times a connection to a server was retried.
-+ 16. wredis [..BS]: number of times a request was redispatched to another
-+ server. The server value counts the number of times that server was
-+ switched away from.
-+ 17. status [LFBS]: status (UP/DOWN/NOLB/MAINT/MAINT(via)...)
-+ 18. weight [..BS]: server weight (server), total weight (backend)
-+ 19. act [..BS]: server is active (server), number of active servers (backend)
-+ 20. bck [..BS]: server is backup (server), number of backup servers (backend)
-+ 21. chkfail [...S]: number of failed checks. (Only counts checks failed when
-+ the server is up.)
-+ 22. chkdown [..BS]: number of UP->DOWN transitions. The backend counter counts
-+ transitions to the whole backend being down, rather than the sum of the
-+ counters for each server.
-+ 23. lastchg [..BS]: number of seconds since the last UP<->DOWN transition
-+ 24. downtime [..BS]: total downtime (in seconds). The value for the backend
-+ is the downtime for the whole backend, not the sum of the server downtime.
-+ 25. qlimit [...S]: configured maxqueue for the server, or nothing in the
-+ value is 0 (default, meaning no limit)
-+ 26. pid [LFBS]: process id (0 for first instance, 1 for second, ...)
-+ 27. iid [LFBS]: unique proxy id
-+ 28. sid [L..S]: server id (unique inside a proxy)
-+ 29. throttle [...S]: current throttle percentage for the server, when
-+ slowstart is active, or no value if not in slowstart.
-+ 30. lbtot [..BS]: total number of times a server was selected, either for new
-+ sessions, or when re-dispatching. The server counter is the number
-+ of times that server was selected.
-+ 31. tracked [...S]: id of proxy/server if tracking is enabled.
-+ 32. type [LFBS]: (0=frontend, 1=backend, 2=server, 3=socket/listener)
-+ 33. rate [.FBS]: number of sessions per second over last elapsed second
-+ 34. rate_lim [.F..]: configured limit on new sessions per second
-+ 35. rate_max [.FBS]: max number of new sessions per second
-+ 36. check_status [...S]: status of last health check, one of:
- UNK -> unknown
- INI -> initializing
- SOCKERR -> socket error
-@@ -13129,31 +13161,36 @@ use hard-coded column positions.
- L7TOUT -> layer 7 (HTTP/SMTP) timeout
- L7RSP -> layer 7 invalid response - protocol error
- L7STS -> layer 7 response error, for example HTTP 5xx
-- 37. check_code: layer5-7 code, if available
-- 38. check_duration: time in ms took to finish last health check
-- 39. hrsp_1xx: http responses with 1xx code
-- 40. hrsp_2xx: http responses with 2xx code
-- 41. hrsp_3xx: http responses with 3xx code
-- 42. hrsp_4xx: http responses with 4xx code
-- 43. hrsp_5xx: http responses with 5xx code
-- 44. hrsp_other: http responses with other codes (protocol error)
-- 45. hanafail: failed health checks details
-- 46. req_rate: HTTP requests per second over last elapsed second
-- 47. req_rate_max: max number of HTTP requests per second observed
-- 48. req_tot: total number of HTTP requests received
-- 49. cli_abrt: number of data transfers aborted by the client
-- 50. srv_abrt: number of data transfers aborted by the server (inc. in eresp)
-- 51. comp_in: number of HTTP response bytes fed to the compressor
-- 52. comp_out: number of HTTP response bytes emitted by the compressor
-- 53. comp_byp: number of bytes that bypassed the HTTP compressor (CPU/BW limit)
-- 54. comp_rsp: number of HTTP responses that were compressed
-- 55. lastsess: number of seconds since last session assigned to server/backend
-- 56. last_chk: last health check contents or textual error
-- 57. last_agt: last agent check contents or textual error
-- 58. qtime: the average queue time in ms over the 1024 last requests
-- 59. ctime: the average connect time in ms over the 1024 last requests
-- 60. rtime: the average response time in ms over the 1024 last requests (0 for TCP)
-- 61. ttime: the average total session time in ms over the 1024 last requests
-+ 37. check_code [...S]: layer5-7 code, if available
-+ 38. check_duration [...S]: time in ms took to finish last health check
-+ 39. hrsp_1xx [.FBS]: http responses with 1xx code
-+ 40. hrsp_2xx [.FBS]: http responses with 2xx code
-+ 41. hrsp_3xx [.FBS]: http responses with 3xx code
-+ 42. hrsp_4xx [.FBS]: http responses with 4xx code
-+ 43. hrsp_5xx [.FBS]: http responses with 5xx code
-+ 44. hrsp_other [.FBS]: http responses with other codes (protocol error)
-+ 45. hanafail [...S]: failed health checks details
-+ 46. req_rate [.F..]: HTTP requests per second over last elapsed second
-+ 47. req_rate_max [.F..]: max number of HTTP requests per second observed
-+ 48. req_tot [.F..]: total number of HTTP requests received
-+ 49. cli_abrt [..BS]: number of data transfers aborted by the client
-+ 50. srv_abrt [..BS]: number of data transfers aborted by the server
-+ (inc. in eresp)
-+ 51. comp_in [.FB.]: number of HTTP response bytes fed to the compressor
-+ 52. comp_out [.FB.]: number of HTTP response bytes emitted by the compressor
-+ 53. comp_byp [.FB.]: number of bytes that bypassed the HTTP compressor
-+ (CPU/BW limit)
-+ 54. comp_rsp [.FB.]: number of HTTP responses that were compressed
-+ 55. lastsess [..BS]: number of seconds since last session assigned to
-+ server/backend
-+ 56. last_chk [...S]: last health check contents or textual error
-+ 57. last_agt [...S]: last agent check contents or textual error
-+ 58. qtime [..BS]: the average queue time in ms over the 1024 last requests
-+ 59. ctime [..BS]: the average connect time in ms over the 1024 last requests
-+ 60. rtime [..BS]: the average response time in ms over the 1024 last requests
-+ (0 for TCP)
-+ 61. ttime [..BS]: the average total session time in ms over the 1024 last
-+ requests
-
-
- 9.2. Unix Socket commands
---
-1.8.5.5
-
+++ /dev/null
-From 82456753cae9200aa1f4031f64c22c08e130f072 Mon Sep 17 00:00:00 2001
-From: Dan Dubovik <ddubovik@godaddy.com>
-Date: Tue, 8 Jul 2014 08:51:03 -0700
-Subject: [PATCH 21/21] BUG/MEDIUM: backend: Update hash to use unsigned int
- throughout
-
-When we were generating a hash, it was done using an unsigned long. When the hash was used
-to select a backend, it was sent as an unsigned int. This made it difficult to predict which
-backend would be selected.
-
-This patch updates get_hash, and the hash methods to use an unsigned int, to remain consistent
-throughout the codebase.
-
-This fix should be backported to 1.5 and probably in part to 1.4.
-(cherry picked from commit bd57a9f977f60fcf7818f462953da3740e3bd010)
----
- include/common/hash.h | 6 +++---
- src/backend.c | 14 +++++++-------
- src/hash.c | 10 +++++-----
- 3 files changed, 15 insertions(+), 15 deletions(-)
-
-diff --git a/include/common/hash.h b/include/common/hash.h
-index 379bf89..7039ba5 100644
---- a/include/common/hash.h
-+++ b/include/common/hash.h
-@@ -22,8 +22,8 @@
- #ifndef _COMMON_HASH_H_
- #define _COMMON_HASH_H_
-
--unsigned long hash_djb2(const char *key, int len);
--unsigned long hash_wt6(const char *key, int len);
--unsigned long hash_sdbm(const char *key, int len);
-+unsigned int hash_djb2(const char *key, int len);
-+unsigned int hash_wt6(const char *key, int len);
-+unsigned int hash_sdbm(const char *key, int len);
-
- #endif /* _COMMON_HASH_H_ */
-diff --git a/src/backend.c b/src/backend.c
-index 5ddb88c..a96b767 100644
---- a/src/backend.c
-+++ b/src/backend.c
-@@ -63,9 +63,9 @@ int be_lastsession(const struct proxy *be)
- }
-
- /* helper function to invoke the correct hash method */
--static unsigned long gen_hash(const struct proxy* px, const char* key, unsigned long len)
-+static unsigned int gen_hash(const struct proxy* px, const char* key, unsigned long len)
- {
-- unsigned long hash;
-+ unsigned int hash;
-
- switch (px->lbprm.algo & BE_LB_HASH_FUNC) {
- case BE_LB_HFCN_DJB2:
-@@ -183,7 +183,7 @@ struct server *get_server_sh(struct proxy *px, const char *addr, int len)
- */
- struct server *get_server_uh(struct proxy *px, char *uri, int uri_len)
- {
-- unsigned long hash = 0;
-+ unsigned int hash = 0;
- int c;
- int slashes = 0;
- const char *start, *end;
-@@ -232,7 +232,7 @@ struct server *get_server_uh(struct proxy *px, char *uri, int uri_len)
- */
- struct server *get_server_ph(struct proxy *px, const char *uri, int uri_len)
- {
-- unsigned long hash = 0;
-+ unsigned int hash = 0;
- const char *start, *end;
- const char *p;
- const char *params;
-@@ -294,7 +294,7 @@ struct server *get_server_ph(struct proxy *px, const char *uri, int uri_len)
- */
- struct server *get_server_ph_post(struct session *s)
- {
-- unsigned long hash = 0;
-+ unsigned int hash = 0;
- struct http_txn *txn = &s->txn;
- struct channel *req = s->req;
- struct http_msg *msg = &txn->req;
-@@ -372,7 +372,7 @@ struct server *get_server_ph_post(struct session *s)
- */
- struct server *get_server_hh(struct session *s)
- {
-- unsigned long hash = 0;
-+ unsigned int hash = 0;
- struct http_txn *txn = &s->txn;
- struct proxy *px = s->be;
- unsigned int plen = px->hh_len;
-@@ -444,7 +444,7 @@ struct server *get_server_hh(struct session *s)
- /* RDP Cookie HASH. */
- struct server *get_server_rch(struct session *s)
- {
-- unsigned long hash = 0;
-+ unsigned int hash = 0;
- struct proxy *px = s->be;
- unsigned long len;
- int ret;
-diff --git a/src/hash.c b/src/hash.c
-index 034685e..aa236cb 100644
---- a/src/hash.c
-+++ b/src/hash.c
-@@ -17,7 +17,7 @@
- #include <common/hash.h>
-
-
--unsigned long hash_wt6(const char *key, int len)
-+unsigned int hash_wt6(const char *key, int len)
- {
- unsigned h0 = 0xa53c965aUL;
- unsigned h1 = 0x5ca6953aUL;
-@@ -44,9 +44,9 @@ unsigned long hash_wt6(const char *key, int len)
- return h0 ^ h1;
- }
-
--unsigned long hash_djb2(const char *key, int len)
-+unsigned int hash_djb2(const char *key, int len)
- {
-- unsigned long hash = 5381;
-+ unsigned int hash = 5381;
-
- /* the hash unrolled eight times */
- for (; len >= 8; len -= 8) {
-@@ -72,9 +72,9 @@ unsigned long hash_djb2(const char *key, int len)
- return hash;
- }
-
--unsigned long hash_sdbm(const char *key, int len)
-+unsigned int hash_sdbm(const char *key, int len)
- {
-- unsigned long hash = 0;
-+ unsigned int hash = 0;
- int c;
-
- while (len--) {
---
-1.8.5.5
-
+++ /dev/null
-From 911780c5f0e20760164cb0f9b92318185651237c Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Thu, 10 Jul 2014 15:29:24 +0200
-Subject: [PATCH 22/25] DOC: minor fix on {sc,src}_kbytes_{in,out}
-
-These ones report total amount of bytes, not byte rates.
-This fix should be backported into 1.5 which has the same error.
-(cherry picked from commit a01b974d5f5a067d99f288dcb3e05b78fe780a76)
----
- doc/configuration.txt | 35 ++++++++++++++++-------------------
- 1 file changed, 16 insertions(+), 19 deletions(-)
-
-diff --git a/doc/configuration.txt b/doc/configuration.txt
-index 8407500..b6d1b3b 100644
---- a/doc/configuration.txt
-+++ b/doc/configuration.txt
-@@ -10386,19 +10386,17 @@ sc_kbytes_in(<ctr>[,<table>]) : integer
- sc0_kbytes_in([<table>]) : integer
- sc1_kbytes_in([<table>]) : integer
- sc2_kbytes_in([<table>]) : integer
-- Returns the amount of client-to-server data from the currently tracked
-- counters, measured in kilobytes over the period configured in the table. The
-- test is currently performed on 32-bit integers, which limits values to 4
-- terabytes. See also src_kbytes_in.
-+ Returns the total amount of client-to-server data from the currently tracked
-+ counters, measured in kilobytes. The test is currently performed on 32-bit
-+ integers, which limits values to 4 terabytes. See also src_kbytes_in.
-
- sc_kbytes_out(<ctr>[,<table>]) : integer
- sc0_kbytes_out([<table>]) : integer
- sc1_kbytes_out([<table>]) : integer
- sc2_kbytes_out([<table>]) : integer
-- Returns the amount of server-to-client data from the currently tracked
-- counters, measured in kilobytes over the period configured in the table. The
-- test is currently performed on 32-bit integers, which limits values to 4
-- terabytes. See also src_kbytes_out.
-+ Returns the total amount of server-to-client data from the currently tracked
-+ counters, measured in kilobytes. The test is currently performed on 32-bit
-+ integers, which limits values to 4 terabytes. See also src_kbytes_out.
-
- sc_sess_cnt(<ctr>[,<table>]) : integer
- sc0_sess_cnt([<table>]) : integer
-@@ -10562,19 +10560,18 @@ src_inc_gpc0([<table>]) : integer
- tcp-request connection reject if abuse kill
-
- src_kbytes_in([<table>]) : integer
-- Returns the amount of data received from the incoming connection's source
-- address in the current proxy's stick-table or in the designated stick-table,
-- measured in kilobytes over the period configured in the table. If the address
-- is not found, zero is returned. The test is currently performed on 32-bit
-- integers, which limits values to 4 terabytes. See also
-- sc/sc0/sc1/sc2_kbytes_in.
-+ Returns the total amount of data received from the incoming connection's
-+ source address in the current proxy's stick-table or in the designated
-+ stick-table, measured in kilobytes. If the address is not found, zero is
-+ returned. The test is currently performed on 32-bit integers, which limits
-+ values to 4 terabytes. See also sc/sc0/sc1/sc2_kbytes_in.
-
- src_kbytes_out([<table>]) : integer
-- Returns the amount of data sent to the incoming connection's source address
-- in the current proxy's stick-table or in the designated stick-table, measured
-- in kilobytes over the period configured in the table. If the address is not
-- found, zero is returned. The test is currently performed on 32-bit integers,
-- which limits values to 4 terabytes. See also sc/sc0/sc1/sc2_kbytes_out.
-+ Returns the total amount of data sent to the incoming connection's source
-+ address in the current proxy's stick-table or in the designated stick-table,
-+ measured in kilobytes. If the address is not found, zero is returned. The
-+ test is currently performed on 32-bit integers, which limits values to 4
-+ terabytes. See also sc/sc0/sc1/sc2_kbytes_out.
-
- src_port : integer
- Returns an integer value corresponding to the TCP source port of the
---
-1.8.5.5
-
+++ /dev/null
-From 644d9ef5af4f8010412007374c345f7465c97391 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Thu, 10 Jul 2014 16:29:08 +0200
-Subject: [PATCH 23/25] DOC: fix alphabetical sort of converters
-
-For an unknown reason, these ones were not sorted.
-(cherry picked from commit ffcb2e4b42acd710121a57eb39651a373d904e5b)
----
- doc/configuration.txt | 32 ++++++++++++++++----------------
- 1 file changed, 16 insertions(+), 16 deletions(-)
-
-diff --git a/doc/configuration.txt b/doc/configuration.txt
-index b6d1b3b..f8199b9 100644
---- a/doc/configuration.txt
-+++ b/doc/configuration.txt
-@@ -9887,28 +9887,12 @@ base64
- transfer binary content in a way that can be reliably transferred (eg:
- an SSL ID can be copied in a header).
-
--lower
-- Convert a string sample to lower case. This can only be placed after a string
-- sample fetch function or after a transformation keyword returning a string
-- type. The result is of type string.
--
--upper
-- Convert a string sample to upper case. This can only be placed after a string
-- sample fetch function or after a transformation keyword returning a string
-- type. The result is of type string.
--
- hex
- Converts a binary input sample to an hex string containing two hex digits per
- input byte. It is used to log or transfer hex dumps of some binary input data
- in a way that can be reliably transferred (eg: an SSL ID can be copied in a
- header).
-
--ipmask(<mask>)
-- Apply a mask to an IPv4 address, and use the result for lookups and storage.
-- This can be used to make all hosts within a certain mask to share the same
-- table entries and as such use the same server. The mask can be passed in
-- dotted form (eg: 255.255.255.0) or in CIDR form (eg: 24).
--
- http_date([<offset>])
- Converts an integer supposed to contain a date since epoch to a string
- representing this date in a format suitable for use in HTTP header fields. If
-@@ -9917,6 +9901,12 @@ http_date([<offset>])
- emit Date header fields, Expires values in responses when combined with a
- positive offset, or Last-Modified values when the offset is negative.
-
-+ipmask(<mask>)
-+ Apply a mask to an IPv4 address, and use the result for lookups and storage.
-+ This can be used to make all hosts within a certain mask to share the same
-+ table entries and as such use the same server. The mask can be passed in
-+ dotted form (eg: 255.255.255.0) or in CIDR form (eg: 24).
-+
- language(<value>[,<default>])
- Returns the value with the highest q-factor from a list as extracted from the
- "accept-language" header using "req.fhdr". Values with no q-factor have a
-@@ -9944,6 +9934,11 @@ language(<value>[,<default>])
- use_backend english if en
- default_backend choose_your_language
-
-+lower
-+ Convert a string sample to lower case. This can only be placed after a string
-+ sample fetch function or after a transformation keyword returning a string
-+ type. The result is of type string.
-+
- map(<map_file>[,<default_value>])
- map_<match_type>(<map_file>[,<default_value>])
- map_<match_type>_<output_type>(<map_file>[,<default_value>])
-@@ -10001,6 +9996,11 @@ map_<match_type>_<output_type>(<map_file>[,<default_value>])
- | `---------------------------- key
- `------------------------------------ leading spaces ignored
-
-+upper
-+ Convert a string sample to upper case. This can only be placed after a string
-+ sample fetch function or after a transformation keyword returning a string
-+ type. The result is of type string.
-+
-
- 7.3.2. Fetching samples from internal states
- --------------------------------------------
---
-1.8.5.5
-
+++ /dev/null
-From 5bebcd06287be9024f0fba25f350393f02e050c1 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Thu, 10 Jul 2014 19:06:10 +0200
-Subject: [PATCH 24/25] BUG/MAJOR: http: correctly rewind the request body
- after start of forwarding
-
-Daniel Dubovik reported an interesting bug showing that the request body
-processing was still not 100% fixed. If a POST request contained short
-enough data to be forwarded at once before trying to establish the
-connection to the server, we had no way to correctly rewind the body.
-
-The first visible case is that balancing on a header does not always work
-on such POST requests since the header cannot be found. But there are even
-nastier implications which are that http-send-name-header would apply to
-the wrong location and possibly even affect part of the request's body
-due to an incorrect rewinding.
-
-There are two options to fix the problem :
- - first one is to force the HTTP_MSG_F_WAIT_CONN flag on all hash-based
- balancing algorithms and http-send-name-header, but there's always a
- risk that any new algorithm forgets to set it ;
-
- - the second option is to account for the amount of skipped data before
- the connection establishes so that we always know the position of the
- request's body relative to the buffer's origin.
-
-The second option is much more reliable and fits very well in the spirit
-of the past changes to fix forwarding. Indeed, at the moment we have
-msg->sov which points to the start of the body before headers are forwarded
-and which equals zero afterwards (so it still points to the start of the
-body before forwarding data). A minor change consists in always making it
-point to the start of the body even after data have been forwarded. It means
-that it can get a negative value (so we need to change its type to signed)..
-
-In order to avoid wrapping, we only do this as long as the other side of
-the buffer is not connected yet.
-
-Doing this definitely fixes the issues above for the requests. Since the
-response cannot be rewound we don't need to perform any change there.
-
-This bug was introduced/remained unfixed in 1.5-dev23 so the fix must be
-backported to 1.5.
-(cherry picked from commit bb2e669f9e73531ac9cc9277b40066b701eec918)
----
- doc/internals/body-parsing.txt | 20 +++++++++++++-------
- include/types/proto_http.h | 11 ++++++-----
- src/proto_http.c | 9 +++++++--
- 3 files changed, 26 insertions(+), 14 deletions(-)
-
-diff --git a/doc/internals/body-parsing.txt b/doc/internals/body-parsing.txt
-index e9c8b4b..5baa549 100644
---- a/doc/internals/body-parsing.txt
-+++ b/doc/internals/body-parsing.txt
-@@ -67,12 +67,17 @@ msg.next : points to the next byte to inspect. This offset is automatically
- automatically adjusted to the number of bytes already inspected.
-
- msg.sov : start of value. First character of the header's value in the header
-- states, start of the body in the data states until headers are
-- forwarded. This offset is automatically adjusted when inserting or
-- removing some headers. In data states, it always constains the size
-- of the whole HTTP headers (including the trailing CRLF) that needs
-- to be forwarded before the first byte of body. Once the headers are
-- forwarded, this value drops to zero.
-+ states, start of the body in the data states. Strictly positive
-+ values indicate that headers were not forwarded yet (<buf.p> is
-+ before the start of the body), and null or positive values are seen
-+ after headers are forwarded (<buf.p> is at or past the start of the
-+ body). The value stops changing when data start to leave the buffer
-+ (in order to avoid integer overflows). So the maximum possible range
-+ is -<buf.size> to +<buf.size>. This offset is automatically adjusted
-+ when inserting or removing some headers. It is useful to rewind the
-+ request buffer to the beginning of the body at any phase. The
-+ response buffer does not really use it since it is immediately
-+ forwarded to the client.
-
- msg.sol : start of line. Points to the beginning of the current header line
- while parsing headers. It is cleared to zero in the BODY state,
-@@ -97,7 +102,8 @@ msg.eol : end of line. Points to the CRLF or LF of the current header line
- states nor by forwarding.
-
- The beginning of the message headers can always be found this way even after
--headers have been forwarded :
-+headers or data have been forwarded, provided that everything is still present
-+in the buffer :
-
- headers = buf.p + msg->sov - msg->eoh - msg->eol
-
-diff --git a/include/types/proto_http.h b/include/types/proto_http.h
-index 12e1141..c53c7fd 100644
---- a/include/types/proto_http.h
-+++ b/include/types/proto_http.h
-@@ -329,7 +329,8 @@ enum {
- * message or a response message.
- *
- * The values there are a little bit obscure, because their meaning can change
-- * during the parsing :
-+ * during the parsing. Please read carefully doc/internal/body-parsing.txt if
-+ * you need to manipulate them. Quick reminder :
- *
- * - eoh (End of Headers) : relative offset in the buffer of first byte that
- * is not part of a completely processed header.
-@@ -344,9 +345,9 @@ enum {
- * - sov (start of value) : Before HTTP_MSG_BODY, points to the value of
- * the header being parsed. Starting from
- * HTTP_MSG_BODY, will point to the start of the
-- * body (relative to buffer's origin), or to data
-- * following a chunk size. Thus <sov> bytes of
-- * headers will have to be sent only once.
-+ * body (relative to buffer's origin). It can be
-+ * negative when forwarding data. It stops growing
-+ * once data start to leave the buffer.
- *
- * - next (parse pointer) : next relative byte to be parsed. Always points
- * to a byte matching the current state.
-@@ -372,7 +373,7 @@ struct http_msg {
- /* 6 bytes unused here */
- struct channel *chn; /* pointer to the channel transporting the message */
- unsigned int next; /* pointer to next byte to parse, relative to buf->p */
-- unsigned int sov; /* current header: start of value */
-+ int sov; /* current header: start of value ; data: start of body */
- unsigned int eoh; /* End Of Headers, relative to buffer */
- unsigned int sol; /* start of current line during parsing otherwise zero */
- unsigned int eol; /* end of line */
-diff --git a/src/proto_http.c b/src/proto_http.c
-index 4a862b0..94afed7 100644
---- a/src/proto_http.c
-+++ b/src/proto_http.c
-@@ -5315,7 +5315,7 @@ int http_request_forward_body(struct session *s, struct channel *req, int an_bit
- * an "Expect: 100-continue" header.
- */
-
-- if (msg->sov) {
-+ if (msg->sov > 0) {
- /* we have msg->sov which points to the first byte of message
- * body, and req->buf.p still points to the beginning of the
- * message. We forward the headers now, as we don't need them
-@@ -5429,6 +5429,8 @@ int http_request_forward_body(struct session *s, struct channel *req, int an_bit
- * such as last chunk of data or trailers.
- */
- b_adv(req->buf, msg->next);
-+ if (unlikely(!(s->rep->flags & CF_READ_ATTACHED)))
-+ msg->sov -= msg->next;
- msg->next = 0;
-
- /* for keep-alive we don't want to forward closes on DONE */
-@@ -5479,6 +5481,9 @@ int http_request_forward_body(struct session *s, struct channel *req, int an_bit
- missing_data:
- /* we may have some pending data starting at req->buf->p */
- b_adv(req->buf, msg->next);
-+ if (unlikely(!(s->rep->flags & CF_READ_ATTACHED)))
-+ msg->sov -= msg->next + MIN(msg->chunk_len, req->buf->i);
-+
- msg->next = 0;
- msg->chunk_len -= channel_forward(req, msg->chunk_len);
-
-@@ -6493,7 +6498,7 @@ int http_response_forward_body(struct session *s, struct channel *res, int an_bi
- /* in most states, we should abort in case of early close */
- channel_auto_close(res);
-
-- if (msg->sov) {
-+ if (msg->sov > 0) {
- /* we have msg->sov which points to the first byte of message
- * body, and res->buf.p still points to the beginning of the
- * message. We forward the headers now, as we don't need them
---
-1.8.5.5
-
+++ /dev/null
-From 94fb38fbb77e664e4f41343257a26ae5bab40d1d Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Thu, 10 Jul 2014 20:24:25 +0200
-Subject: [PATCH 25/25] DOC: remove references to CPU=native in the README
-
-Certain compilers running in virtualized environments may produce code
-that the same processor cannot execute with -march=native, either because
-of hypervisor bugs reporting wrong CPU features, or because of compiler
-bugs forgetting to check CPU features. So better stop recommending this
-combination so that users don't get trapped anymore.
-(cherry picked from commit 817dad50b02d1a82d495dfea4eab9e3a91127391)
----
- README | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/README b/README
-index 0ef0179..e2b8570 100644
---- a/README
-+++ b/README
-@@ -53,8 +53,9 @@ one of the following choices to the CPU variable :
- - i686 for intel PentiumPro, Pentium 2 and above, AMD Athlon
- - i586 for intel Pentium, AMD K6, VIA C3.
- - ultrasparc : Sun UltraSparc I/II/III/IV processor
-- - native : use the build machine's specific processor optimizations
-- - generic : any other processor or no specific optimization. (default)
-+ - native : use the build machine's specific processor optimizations. Use with
-+ extreme care, and never in virtualized environments (known to break).
-+ - generic : any other processor or no CPU-specific optimization. (default)
-
- Alternatively, you may just set the CPU_CFLAGS value to the optimal GCC options
- for your platform.
-@@ -132,11 +133,11 @@ And I build it this way on OpenBSD or FreeBSD :
-
- And on a classic Linux with SSL and ZLIB support (eg: Red Hat 5.x) :
-
-- $ make TARGET=linux26 CPU=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
-+ $ make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
-
- And on a recent Linux >= 2.6.28 with SSL and ZLIB support :
-
-- $ make TARGET=linux2628 CPU=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
-+ $ make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
-
- In order to build a 32-bit binary on an x86_64 Linux system with SSL support
- without support for compression but when OpenSSL requires ZLIB anyway :
---
-1.8.5.5
-
projects / feed / packages.git / commitdiff