diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index 4f99f94e5..cded16eb5 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -9,11 +9,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=haproxy -PKG_VERSION:=1.5.1 -PKG_RELEASE:=25 +PKG_VERSION:=1.5.2 +PKG_RELEASE:=02 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/ -PKG_MD5SUM:=49640cf3ddd793a05fbd3394481a1ed4 +PKG_MD5SUM:=e854fed32ea751d6db7f366cb910225a PKG_MAINTAINER:=Thomas Heil PKG_LICENSE:=GPL-2.0 diff --git a/net/haproxy/patches/0001-BUG-MEDIUM-http-fetch-base-is-not-compatible-with-se.patch b/net/haproxy/patches/0001-BUG-MEDIUM-http-fetch-base-is-not-compatible-with-se.patch deleted file mode 100644 index e154d8ecb..000000000 --- a/net/haproxy/patches/0001-BUG-MEDIUM-http-fetch-base-is-not-compatible-with-se.patch +++ /dev/null @@ -1,45 +0,0 @@ -From c1fbbd4a3dd480b4eebbd8b32ca6cdf08791477a Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Tue, 24 Jun 2014 17:27:02 +0200 -Subject: [PATCH] BUG/MEDIUM: http: fetch "base" is not compatible with - set-header - -The sample fetch function "base" makes use of the trash which is also -used by set-header/add-header etc... everything which builds a formated -line. So we end up with some junk in the header if base is in use. Let's -fix this as all other fetches by using a trash chunk instead. - -This bug was reported by Baptiste Assmann, and also affects 1.5. -(cherry picked from commit 3caf2afabe89fb0ef0886cd1d8ea99ef21ec3491) ---- - src/proto_http.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/proto_http.c b/src/proto_http.c -index 231d49a..5321f7d 100644 ---- a/src/proto_http.c -+++ b/src/proto_http.c -@@ -10247,6 +10247,7 @@ smp_fetch_base(struct proxy *px, struct session *l4, void *l7, unsigned int opt, - struct http_txn *txn = l7; - char *ptr, *end, *beg; - struct hdr_ctx ctx; -+ struct chunk *temp; - - CHECK_HTTP_MESSAGE_FIRST(); - -@@ -10255,9 +10256,10 @@ smp_fetch_base(struct proxy *px, struct session *l4, void *l7, unsigned int opt, - return smp_fetch_path(px, l4, l7, opt, args, smp, kw); - - /* OK we have the header value in ctx.line+ctx.val for ctx.vlen bytes */ -- memcpy(trash.str, ctx.line + ctx.val, ctx.vlen); -+ temp = get_trash_chunk(); -+ memcpy(temp->str, ctx.line + ctx.val, ctx.vlen); - smp->type = SMP_T_STR; -- smp->data.str.str = trash.str; -+ smp->data.str.str = temp->str; - smp->data.str.len = ctx.vlen; - - /* now retrieve the path */ --- -1.8.5.5 - diff --git a/net/haproxy/patches/0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch b/net/haproxy/patches/0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch new file mode 100644 index 000000000..f9daf4022 --- /dev/null +++ b/net/haproxy/patches/0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch @@ -0,0 +1,29 @@ +From a124eb6d7838eff2c52cc9bf027594c11e87fae9 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Sat, 12 Jul 2014 17:31:07 +0200 +Subject: [PATCH 1/2] DOC: mention that Squid correctly responds 400 to PPv2 + header + +Amos reported that Squid builds 3.5.0.0_20140624 and 3.5.0.0_20140630 +were confirmed to respond correctly here and that any version will do +the same. +(cherry picked from commit 9e1382002aa1ba12dcc637870befd077ff887aad) +--- + doc/proxy-protocol.txt | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/doc/proxy-protocol.txt b/doc/proxy-protocol.txt +index a2dbcea..a3925a4 100644 +--- a/doc/proxy-protocol.txt ++++ b/doc/proxy-protocol.txt +@@ -692,6 +692,7 @@ presented, even with minimal implementations : + - thttpd 2.20c : 400 Bad Request + abort => pass/optimal + - mini-httpd-1.19 : 400 Bad Request + abort => pass/optimal + - haproxy 1.4.21 : 400 Bad Request + abort => pass/optimal ++ - Squid 3 : 400 Bad Request + abort => pass/optimal + - SSL : + - stud 0.3.47 : connection abort => pass/optimal + - stunnel 4.45 : connection abort => pass/optimal +-- +1.8.5.5 + diff --git a/net/haproxy/patches/0002-BUG-MINOR-ssl-Fix-external-function-in-order-not-to-.patch b/net/haproxy/patches/0002-BUG-MINOR-ssl-Fix-external-function-in-order-not-to-.patch deleted file mode 100644 index 0bb82ec11..000000000 --- a/net/haproxy/patches/0002-BUG-MINOR-ssl-Fix-external-function-in-order-not-to-.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 4910098653e356f814924663b4ddf71c971a71d6 Mon Sep 17 00:00:00 2001 -From: Emeric Brun -Date: Tue, 24 Jun 2014 18:26:41 +0200 -Subject: [PATCH 2/6] BUG/MINOR: ssl: Fix external function in order not to - return a pointer on an internal trash buffer. - -'ssl_sock_get_common_name' applied to a connection was also renamed -'ssl_sock_get_remote_common_name'. Currently, this function is only used -with protocol PROXYv2 to retrieve the client certificate's common name. -A further usage could be to retrieve the server certificate's common name -on an outgoing connection. -(cherry picked from commit 0abf836ecb32767fa1f9ad598f3e236e073491bd) ---- - include/proto/ssl_sock.h | 2 +- - src/connection.c | 5 ++--- - src/ssl_sock.c | 23 +++++++++++------------ - 3 files changed, 14 insertions(+), 16 deletions(-) - -diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h -index 0902fde..3e111cd 100644 ---- a/include/proto/ssl_sock.h -+++ b/include/proto/ssl_sock.h -@@ -52,7 +52,7 @@ const char *ssl_sock_get_cipher_name(struct connection *conn); - const char *ssl_sock_get_proto_version(struct connection *conn); - char *ssl_sock_get_version(struct connection *conn); - int ssl_sock_get_cert_used(struct connection *conn); --char *ssl_sock_get_common_name(struct connection *conn); -+int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *out); - unsigned int ssl_sock_get_verify_result(struct connection *conn); - #ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB - int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err); -diff --git a/src/connection.c b/src/connection.c -index 0b154d8..20a911b 100644 ---- a/src/connection.c -+++ b/src/connection.c -@@ -682,9 +682,8 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec - tlv->verify = htonl(ssl_sock_get_verify_result(remote)); - } - if (srv->pp_opts & SRV_PP_V2_SSL_CN) { -- value = ssl_sock_get_common_name(remote); -- if (value) { -- tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, strlen(value), value); -+ if (ssl_sock_get_remote_common_name(remote, &trash) > 0) { -+ tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, trash.len, trash.str); - ssl_tlv_len += tlv_len; - } - } -diff --git a/src/ssl_sock.c b/src/ssl_sock.c -index 328b978..375225d 100644 ---- a/src/ssl_sock.c -+++ b/src/ssl_sock.c -@@ -2654,21 +2654,25 @@ char *ssl_sock_get_version(struct connection *conn) - return (char *)SSL_get_version(conn->xprt_ctx); - } - --/* returns common name, NULL terminated, from client certificate, or NULL if none */ --char *ssl_sock_get_common_name(struct connection *conn) -+/* Extract peer certificate's common name into the chunk dest -+ * Returns -+ * the len of the extracted common name -+ * or 0 if no CN found in DN -+ * or -1 on error case (i.e. no peer certificate) -+ */ -+int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *dest) - { - X509 *crt = NULL; - X509_NAME *name; -- struct chunk *cn_trash; - const char find_cn[] = "CN"; - const struct chunk find_cn_chunk = { - .str = (char *)&find_cn, - .len = sizeof(find_cn)-1 - }; -- char *result = NULL; -+ int result = -1; - - if (!ssl_sock_is_ssl(conn)) -- return NULL; -+ goto out; - - /* SSL_get_peer_certificate, it increase X509 * ref count */ - crt = SSL_get_peer_certificate(conn->xprt_ctx); -@@ -2679,13 +2683,8 @@ char *ssl_sock_get_common_name(struct connection *conn) - if (!name) - goto out; - -- cn_trash = get_trash_chunk(); -- if (ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, cn_trash) <= 0) -- goto out; -- cn_trash->str[cn_trash->len] = '\0'; -- result = cn_trash->str; -- -- out: -+ result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest); -+out: - if (crt) - X509_free(crt); - --- -1.8.5.5 - diff --git a/net/haproxy/patches/0002-DOC-fix-typo-in-Unix-Socket-commands.patch b/net/haproxy/patches/0002-DOC-fix-typo-in-Unix-Socket-commands.patch new file mode 100644 index 000000000..2a463c878 --- /dev/null +++ b/net/haproxy/patches/0002-DOC-fix-typo-in-Unix-Socket-commands.patch @@ -0,0 +1,29 @@ +From de9789b37466c37547d8c5d52d96a9d4466eb431 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Cyril=20Bont=C3=A9?= +Date: Sat, 12 Jul 2014 18:22:42 +0200 +Subject: [PATCH 2/2] DOC: fix typo in Unix Socket commands + +Konstantin Romanenko reported a typo in the HTML documentation. The typo is +already present in the raw text version : the "shutdown sessions" command +should be "shutdown sessions server". +(cherry picked from commit e63a1eb290a1c407453dbcaa16535c85a1904f9e) +--- + doc/configuration.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/configuration.txt b/doc/configuration.txt +index ca21f7d..2d71555 100644 +--- a/doc/configuration.txt ++++ b/doc/configuration.txt +@@ -13869,7 +13869,7 @@ shutdown session + endless transfer is ongoing. Such terminated sessions are reported with a 'K' + flag in the logs. + +-shutdown sessions / ++shutdown sessions server / + Immediately terminate all the sessions attached to the specified server. This + can be used to terminate long-running sessions after a server is put into + maintenance mode, for instance. Such terminated sessions are reported with a +-- +1.8.5.5 + diff --git a/net/haproxy/patches/0003-BUG-MINOR-counters-do-not-untrack-counters-before-lo.patch b/net/haproxy/patches/0003-BUG-MINOR-counters-do-not-untrack-counters-before-lo.patch deleted file mode 100644 index 2330eb163..000000000 --- a/net/haproxy/patches/0003-BUG-MINOR-counters-do-not-untrack-counters-before-lo.patch +++ /dev/null @@ -1,42 +0,0 @@ -From c177ea7187bc1918a1900c1b0e3fc67c559987a2 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Wed, 25 Jun 2014 15:36:04 +0200 -Subject: [PATCH 3/6] BUG/MINOR: counters: do not untrack counters before - logging - -Baptiste Assmann reported a corner case in the releasing of stick-counters: -we release content-aware counters before logging. In the past it was not a -problem, but since now we can log them it, it prevents one from logging -their value. Simply switching the log production and the release of the -counter fixes the issue. - -This should be backported into 1.5. -(cherry picked from commit d713bcc326da5d1ac80adab666d7710f3e37650c) ---- - src/proto_http.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/proto_http.c b/src/proto_http.c -index 5321f7d..d566bcc 100644 ---- a/src/proto_http.c -+++ b/src/proto_http.c -@@ -4808,7 +4808,6 @@ void http_end_txn_clean_session(struct session *s) - - s->logs.t_close = tv_ms_elapsed(&s->logs.tv_accept, &now); - session_process_counters(s); -- session_stop_content_counters(s); - - if (s->txn.status) { - int n; -@@ -4842,6 +4841,8 @@ void http_end_txn_clean_session(struct session *s) - s->do_log(s); - } - -+ /* stop tracking content-based counters */ -+ session_stop_content_counters(s); - session_update_time_stats(s); - - s->logs.accept_date = date; /* user-visible date for logging */ --- -1.8.5.5 - diff --git a/net/haproxy/patches/0004-BUG-MAJOR-sample-correctly-reinitialize-sample-fetch.patch b/net/haproxy/patches/0004-BUG-MAJOR-sample-correctly-reinitialize-sample-fetch.patch deleted file mode 100644 index a145cce62..000000000 --- a/net/haproxy/patches/0004-BUG-MAJOR-sample-correctly-reinitialize-sample-fetch.patch +++ /dev/null @@ -1,65 +0,0 @@ -From a4ba9dbfc688576ffb7e0a3ce43ac0b420211bf6 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Wed, 25 Jun 2014 16:56:41 +0200 -Subject: [PATCH 4/6] BUG/MAJOR: sample: correctly reinitialize sample fetch - context before calling sample_process() - -We used to only clear flags when reusing the static sample before calling -sample_process(), but that's not enough because there's a context in samples -that can be used by some fetch functions such as auth, headers and cookies, -and not reinitializing it risks that a pointer of a different type is used -in the wrong context. - -An example configuration which triggers the case consists in mixing hdr() -and http_auth_group() which both make use of contexts : - - http-request add-header foo2 %[hdr(host)],%[http_auth_group(foo)] - -The solution is simple, initialize all the sample and not just the flags. -This fix must be backported into 1.5 since it was introduced in 1.5-dev19. -(cherry picked from commit 6c616e0b96106dd33d183afbda31e72799e967c3) ---- - src/proto_http.c | 3 +++ - src/sample.c | 5 +++-- - 2 files changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/proto_http.c b/src/proto_http.c -index d566bcc..01fe62d 100644 ---- a/src/proto_http.c -+++ b/src/proto_http.c -@@ -9748,6 +9748,9 @@ smp_prefetch_http(struct proxy *px, struct session *s, void *l7, unsigned int op - return 1; - } - -+/* Note: these functinos *do* modify the sample. Even in case of success, at -+ * least the type and uint value are modified. -+ */ - #define CHECK_HTTP_MESSAGE_FIRST() \ - do { int r = smp_prefetch_http(px, l4, l7, opt, args, smp, 1); if (r <= 0) return r; } while (0) - -diff --git a/src/sample.c b/src/sample.c -index 9f22ef9..3a0f3fb 100644 ---- a/src/sample.c -+++ b/src/sample.c -@@ -905,7 +905,7 @@ struct sample *sample_process(struct proxy *px, struct session *l4, void *l7, - - if (p == NULL) { - p = &temp_smp; -- p->flags = 0; -+ memset(p, 0, sizeof(*p)); - } - - if (!expr->fetch->process(px, l4, l7, opt, expr->arg_p, p, expr->fetch->kw)) -@@ -1160,7 +1160,8 @@ struct sample *sample_fetch_string(struct proxy *px, struct session *l4, void *l - { - struct sample *smp = &temp_smp; - -- smp->flags = 0; -+ memset(smp, 0, sizeof(*smp)); -+ - if (!sample_process(px, l4, l7, opt, expr, smp)) { - if ((smp->flags & SMP_F_MAY_CHANGE) && !(opt & SMP_OPT_FINAL)) - return smp; --- -1.8.5.5 - diff --git a/net/haproxy/patches/0005-MINOR-stick-table-make-stktable_fetch_key-indicate-w.patch b/net/haproxy/patches/0005-MINOR-stick-table-make-stktable_fetch_key-indicate-w.patch deleted file mode 100644 index f93601a5a..000000000 --- a/net/haproxy/patches/0005-MINOR-stick-table-make-stktable_fetch_key-indicate-w.patch +++ /dev/null @@ -1,109 +0,0 @@ -From d008394057c4fe46ca6eb775c66cc0ff986a5495 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Wed, 25 Jun 2014 16:20:53 +0200 -Subject: [PATCH 5/6] MINOR: stick-table: make stktable_fetch_key() indicate - why it failed - -stktable_fetch_key() does not indicate whether it returns NULL because -the input sample was not found or because it's unstable. It causes trouble -with track-sc* rules. Just like with sample_fetch_string(), we want it to -be able to give more information to the caller about what it found. Thus, -now we use the pointer to a sample passed by the caller, and fill it with -the information we have about the sample. That way, even if we return NULL, -the caller has the ability to check whether a sample was found and if it is -still changing or not. -(cherry picked from commit b5975defba61e7ef37ae771614166d0970ede04e) ---- - include/proto/stick_table.h | 2 +- - src/proto_tcp.c | 4 ++-- - src/session.c | 4 ++-- - src/stick_table.c | 12 +++++++----- - 4 files changed, 12 insertions(+), 10 deletions(-) - -diff --git a/include/proto/stick_table.h b/include/proto/stick_table.h -index 0c26fbe..57ca223 100644 ---- a/include/proto/stick_table.h -+++ b/include/proto/stick_table.h -@@ -48,7 +48,7 @@ struct stksess *stktable_lookup_key(struct stktable *t, struct stktable_key *key - struct stksess *stktable_update_key(struct stktable *table, struct stktable_key *key); - struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px, - struct session *l4, void *l7, unsigned int opt, -- struct sample_expr *expr); -+ struct sample_expr *expr, struct sample *smp); - int stktable_compatible_sample(struct sample_expr *expr, unsigned long table_type); - int stktable_get_data_type(char *name); - struct proxy *find_stktable(const char *name); -diff --git a/src/proto_tcp.c b/src/proto_tcp.c -index 65c4fda..1aac0d9 100644 ---- a/src/proto_tcp.c -+++ b/src/proto_tcp.c -@@ -1027,7 +1027,7 @@ int tcp_inspect_request(struct session *s, struct channel *req, int an_bit) - continue; - - t = rule->act_prm.trk_ctr.table.t; -- key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr); -+ key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr, NULL); - - if (key && (ts = stktable_get_entry(t, key))) { - session_track_stkctr(&s->stkctr[tcp_trk_idx(rule->action)], t, ts); -@@ -1228,7 +1228,7 @@ int tcp_exec_req_rules(struct session *s) - continue; - - t = rule->act_prm.trk_ctr.table.t; -- key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr); -+ key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr, NULL); - - if (key && (ts = stktable_get_entry(t, key))) - session_track_stkctr(&s->stkctr[tcp_trk_idx(rule->action)], t, ts); -diff --git a/src/session.c b/src/session.c -index e26f5ad..df85170 100644 ---- a/src/session.c -+++ b/src/session.c -@@ -1458,7 +1458,7 @@ static int process_sticking_rules(struct session *s, struct channel *req, int an - if (ret) { - struct stktable_key *key; - -- key = stktable_fetch_key(rule->table.t, px, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->expr); -+ key = stktable_fetch_key(rule->table.t, px, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->expr, NULL); - if (!key) - continue; - -@@ -1561,7 +1561,7 @@ static int process_store_rules(struct session *s, struct channel *rep, int an_bi - if (ret) { - struct stktable_key *key; - -- key = stktable_fetch_key(rule->table.t, px, s, &s->txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL, rule->expr); -+ key = stktable_fetch_key(rule->table.t, px, s, &s->txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL, rule->expr, NULL); - if (!key) - continue; - -diff --git a/src/stick_table.c b/src/stick_table.c -index c6463ec..a708d3c 100644 ---- a/src/stick_table.c -+++ b/src/stick_table.c -@@ -601,15 +601,17 @@ static sample_to_key_fct sample_to_key[SMP_TYPES][STKTABLE_TYPES] = { - * Process a fetch + format conversion as defined by the sample expression - * on request or response considering the parameter. Returns either NULL if - * no key could be extracted, or a pointer to the converted result stored in -- * static_table_key in format . -+ * static_table_key in format . If is not NULL, it will be reset -+ * and its flags will be initialized so that the caller gets a copy of the input -+ * sample, and knows why it was not accepted (eg: SMP_F_MAY_CHANGE is present). - */ - struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px, struct session *l4, void *l7, -- unsigned int opt, -- struct sample_expr *expr) -+ unsigned int opt, struct sample_expr *expr, struct sample *smp) - { -- struct sample *smp; -+ if (smp) -+ memset(smp, 0, sizeof(*smp)); - -- smp = sample_process(px, l4, l7, opt, expr, NULL); -+ smp = sample_process(px, l4, l7, opt, expr, smp); - if (!smp) - return NULL; - --- -1.8.5.5 - diff --git a/net/haproxy/patches/0006-BUG-MEDIUM-counters-fix-track-sc-to-wait-on-unstable.patch b/net/haproxy/patches/0006-BUG-MEDIUM-counters-fix-track-sc-to-wait-on-unstable.patch deleted file mode 100644 index 2bfe2dee9..000000000 --- a/net/haproxy/patches/0006-BUG-MEDIUM-counters-fix-track-sc-to-wait-on-unstable.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 86bd33a9f842caf1788b61d1f99e95f8ad866660 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Wed, 25 Jun 2014 17:01:56 +0200 -Subject: [PATCH 6/6] BUG/MEDIUM: counters: fix track-sc* to wait on unstable - contents - -I've been facing multiple configurations which involved track-sc* rules -in tcp-request content without the "if ..." to force it to wait for the -contents, resulting in random behaviour with contents sometimes retrieved -and sometimes not. - -Reading the doc doesn't make it clear either that the tracking will be -performed only if data are already there and that waiting on an ACL is -the only way to avoid this. - -Since this behaviour is not natural and we now have the ability to fix -it, this patch ensures that if input data are still moving, instead of -silently dropping them, we naturally wait for them to stabilize up to -the inspect-delay. This way it's not needed anymore to implement an -ACL-based condition to force to wait for data, eventhough the behaviour -is not changed for when an ACL is present. - -The most obvious usage will be when track-sc is followed by any HTTP -sample expression, there's no need anymore for adding "if HTTP". - -It's probably worth backporting this to 1.5 to avoid further configuration -issues. Note that it requires previous patch. -(cherry picked from commit 1b71eb581ec1637879f725421efb95ad69f0ea4f) ---- - src/proto_tcp.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/proto_tcp.c b/src/proto_tcp.c -index 1aac0d9..e9dbc9c 100644 ---- a/src/proto_tcp.c -+++ b/src/proto_tcp.c -@@ -1022,12 +1022,16 @@ int tcp_inspect_request(struct session *s, struct channel *req, int an_bit) - * applies. - */ - struct stktable_key *key; -+ struct sample smp; - - if (stkctr_entry(&s->stkctr[tcp_trk_idx(rule->action)])) - continue; - - t = rule->act_prm.trk_ctr.table.t; -- key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr, NULL); -+ key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ | partial, rule->act_prm.trk_ctr.expr, &smp); -+ -+ if (smp.flags & SMP_F_MAY_CHANGE) -+ goto missing_data; - - if (key && (ts = stktable_get_entry(t, key))) { - session_track_stkctr(&s->stkctr[tcp_trk_idx(rule->action)], t, ts); --- -1.8.5.5 - diff --git a/net/haproxy/patches/0007-BUILD-remove-TODO-from-the-spec-file-and-add-README.patch b/net/haproxy/patches/0007-BUILD-remove-TODO-from-the-spec-file-and-add-README.patch deleted file mode 100644 index 52134f311..000000000 --- a/net/haproxy/patches/0007-BUILD-remove-TODO-from-the-spec-file-and-add-README.patch +++ /dev/null @@ -1,28 +0,0 @@ -From e726fd6571f684d0e92b8d97de8ca7a68d30f708 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Thu, 26 Jun 2014 08:20:38 +0200 -Subject: [PATCH 7/9] BUILD: remove TODO from the spec file and add README - -This used to cause a build failure since 1.5.0, as reported by -Timothy Shelton. The proxy protocol doc was also added. -(cherry picked from commit ca3094d0b1531ce62fc1970aa7396a01330bb5c1) ---- - examples/haproxy.spec | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/examples/haproxy.spec b/examples/haproxy.spec -index 4ee3aa5..2fdb1a7 100644 ---- a/examples/haproxy.spec -+++ b/examples/haproxy.spec -@@ -67,7 +67,7 @@ fi - - %files - %defattr(-,root,root) --%doc CHANGELOG TODO examples/*.cfg doc/haproxy-en.txt doc/haproxy-fr.txt doc/architecture.txt doc/configuration.txt -+%doc CHANGELOG README examples/*.cfg doc/haproxy-en.txt doc/haproxy-fr.txt doc/architecture.txt doc/configuration.txt doc/proxy-protocol.txt - %doc %{_mandir}/man1/%{name}.1* - - %attr(0755,root,root) %{_sbindir}/%{name} --- -1.8.5.5 - diff --git a/net/haproxy/patches/0008-MINOR-log-make-MAX_SYSLOG_LEN-overridable-at-build-t.patch b/net/haproxy/patches/0008-MINOR-log-make-MAX_SYSLOG_LEN-overridable-at-build-t.patch deleted file mode 100644 index 0423a9965..000000000 --- a/net/haproxy/patches/0008-MINOR-log-make-MAX_SYSLOG_LEN-overridable-at-build-t.patch +++ /dev/null @@ -1,44 +0,0 @@ -From b4cbc1e2227754ff384da1437e7d3448f91571b2 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Fri, 27 Jun 2014 18:08:49 +0200 -Subject: [PATCH 8/9] MINOR: log: make MAX_SYSLOG_LEN overridable at build time - -This value was set in log.h without any #ifndef around, so when one -wanted to change it, a patch was needed. Let's move it to defaults.h -with the usual #ifndef so that it's easier to change it. -(cherry picked from commit 4e957907aa117c07214ab84ba2a58f2fc1666931) ---- - include/common/defaults.h | 4 ++++ - include/types/log.h | 1 - - 2 files changed, 4 insertions(+), 1 deletion(-) - -diff --git a/include/common/defaults.h b/include/common/defaults.h -index c53db08..0075509 100644 ---- a/include/common/defaults.h -+++ b/include/common/defaults.h -@@ -48,6 +48,10 @@ - #define CAPTURE_LEN 64 - #endif - -+#ifndef MAX_SYSLOG_LEN -+#define MAX_SYSLOG_LEN 1024 -+#endif -+ - // maximum line size when parsing config - #ifndef LINESIZE - #define LINESIZE 2048 -diff --git a/include/types/log.h b/include/types/log.h -index 8ee8d7c..b3288bd 100644 ---- a/include/types/log.h -+++ b/include/types/log.h -@@ -28,7 +28,6 @@ - #include - #include - --#define MAX_SYSLOG_LEN 1024 - #define NB_LOG_FACILITIES 24 - #define NB_LOG_LEVELS 8 - #define SYSLOG_PORT 514 --- -1.8.5.5 - diff --git a/net/haproxy/patches/0009-MEDIUM-log-support-a-user-configurable-max-log-line-.patch b/net/haproxy/patches/0009-MEDIUM-log-support-a-user-configurable-max-log-line-.patch deleted file mode 100644 index d28aa5ca3..000000000 --- a/net/haproxy/patches/0009-MEDIUM-log-support-a-user-configurable-max-log-line-.patch +++ /dev/null @@ -1,360 +0,0 @@ -From dc2695cc531bd7fc98f09df5f6e1e57290ab1a14 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Fri, 27 Jun 2014 18:10:07 +0200 -Subject: [PATCH 9/9] MEDIUM: log: support a user-configurable max log line - length - -With all the goodies supported by logformat, people find that the limit -of 1024 chars for log lines is too short. Some servers do not support -larger lines and can simply drop them, so changing the default value is -not always the best choice. - -This patch takes a different approach. Log line length is specified per -log server on the "log" line, with a value between 80 and 65535. That -way it's possibly to satisfy all needs, even with some fat local servers -and small remote ones. -(cherry picked from commit 18324f574f349d510622ff45635de899437a3a11) ---- - doc/configuration.txt | 28 ++++++++++++++++-- - include/proto/log.h | 1 + - include/types/global.h | 1 + - include/types/log.h | 1 + - src/cfgparse.c | 80 ++++++++++++++++++++++++++++++++++++++++---------- - src/log.c | 36 ++++++++++++++++------- - 6 files changed, 118 insertions(+), 29 deletions(-) - -diff --git a/doc/configuration.txt b/doc/configuration.txt -index 080d8fc..e53bb21 100644 ---- a/doc/configuration.txt -+++ b/doc/configuration.txt -@@ -559,7 +559,7 @@ group - Similar to "gid" but uses the GID of group name from /etc/group. - See also "gid" and "user". - --log
[max level [min level]] -+log
[len ] [max level [min level]] - Adds a global syslog server. Up to two global servers can be defined. They - will receive logs for startups and exits, as well as all logs from proxies - configured with "log global". -@@ -584,6 +584,18 @@ log
[max level [min level]] - optionally enclosing them with braces ('{}'), similarly to what is done - in Bourne shell. - -+ is an optional maximum line length. Log lines larger than this value -+ will be truncated before being sent. The reason is that syslog -+ servers act differently on log line length. All servers support the -+ default value of 1024, but some servers simply drop larger lines -+ while others do log them. If a server supports long lines, it may -+ make sense to set this value here in order to avoid truncating long -+ lines. Similarly, if a server drops long lines, it is preferable to -+ truncate them before sending them. Accepted values are 80 to 65535 -+ inclusive. The default value of 1024 is generally fine for all -+ standard usages. Some specific cases of long captures or -+ JSON-formated logs may require larger values. -+ - must be one of the 24 standard syslog facilities : - - kern user mail daemon auth syslog lpr news -@@ -3349,7 +3361,7 @@ ignore-persist { if | unless } - - - log global --log
[ []] -+log
[len ] [ []] - no log - Enable per-instance logging of events and traffic. - May be used in sections : defaults | frontend | listen | backend -@@ -3389,6 +3401,18 @@ no log - sign ('$') and optionally enclosing them with braces ('{}'), - similarly to what is done in Bourne shell. - -+ is an optional maximum line length. Log lines larger than this -+ value will be truncated before being sent. The reason is that -+ syslog servers act differently on log line length. All servers -+ support the default value of 1024, but some servers simply drop -+ larger lines while others do log them. If a server supports long -+ lines, it may make sense to set this value here in order to avoid -+ truncating long lines. Similarly, if a server drops long lines, -+ it is preferable to truncate them before sending them. Accepted -+ values are 80 to 65535 inclusive. The default value of 1024 is -+ generally fine for all standard usages. Some specific cases of -+ long captures or JSON-formated logs may require larger values. -+ - must be one of the 24 standard syslog facilities : - - kern user mail daemon auth syslog lpr news -diff --git a/include/proto/log.h b/include/proto/log.h -index e3c1a75..54c51d1 100644 ---- a/include/proto/log.h -+++ b/include/proto/log.h -@@ -39,6 +39,7 @@ extern char *log_format; - extern char default_tcp_log_format[]; - extern char default_http_log_format[]; - extern char clf_http_log_format[]; -+extern char *logline; - - - int build_logline(struct session *s, char *dst, size_t maxsize, struct list *list_format); -diff --git a/include/types/global.h b/include/types/global.h -index 23e3f3d..77df1dd 100644 ---- a/include/types/global.h -+++ b/include/types/global.h -@@ -110,6 +110,7 @@ struct global { - int last_checks; - int spread_checks; - int max_spread_checks; -+ int max_syslog_len; - char *chroot; - char *pidfile; - char *node, *desc; /* node name & description */ -diff --git a/include/types/log.h b/include/types/log.h -index b3288bd..c7e47ea 100644 ---- a/include/types/log.h -+++ b/include/types/log.h -@@ -152,6 +152,7 @@ struct logsrv { - int facility; - int level; - int minlvl; -+ int maxlen; - }; - - #endif /* _TYPES_LOG_H */ -diff --git a/src/cfgparse.c b/src/cfgparse.c -index 762978a..e6e65b4 100644 ---- a/src/cfgparse.c -+++ b/src/cfgparse.c -@@ -1254,6 +1254,8 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm) - struct sockaddr_storage *sk; - int port1, port2; - struct logsrv *logsrv; -+ int arg = 0; -+ int len = 0; - - if (*(args[1]) == 0 || *(args[2]) == 0) { - Alert("parsing [%s:%d] : '%s' expects
and as arguments.\n", file, linenum, args[0]); -@@ -1263,28 +1265,50 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm) - - logsrv = calloc(1, sizeof(struct logsrv)); - -- logsrv->facility = get_log_facility(args[2]); -+ /* just after the address, a length may be specified */ -+ if (strcmp(args[arg+2], "len") == 0) { -+ len = atoi(args[arg+3]); -+ if (len < 80 || len > 65535) { -+ Alert("parsing [%s:%d] : invalid log length '%s', must be between 80 and 65535.\n", -+ file, linenum, args[arg+3]); -+ err_code |= ERR_ALERT | ERR_FATAL; -+ goto out; -+ } -+ logsrv->maxlen = len; -+ -+ /* skip these two args */ -+ arg += 2; -+ } -+ else -+ logsrv->maxlen = MAX_SYSLOG_LEN; -+ -+ if (logsrv->maxlen > global.max_syslog_len) { -+ global.max_syslog_len = logsrv->maxlen; -+ logline = realloc(logline, global.max_syslog_len + 1); -+ } -+ -+ logsrv->facility = get_log_facility(args[arg+2]); - if (logsrv->facility < 0) { -- Alert("parsing [%s:%d] : unknown log facility '%s'\n", file, linenum, args[2]); -+ Alert("parsing [%s:%d] : unknown log facility '%s'\n", file, linenum, args[arg+2]); - err_code |= ERR_ALERT | ERR_FATAL; - logsrv->facility = 0; - } - - logsrv->level = 7; /* max syslog level = debug */ -- if (*(args[3])) { -- logsrv->level = get_log_level(args[3]); -+ if (*(args[arg+3])) { -+ logsrv->level = get_log_level(args[arg+3]); - if (logsrv->level < 0) { -- Alert("parsing [%s:%d] : unknown optional log level '%s'\n", file, linenum, args[3]); -+ Alert("parsing [%s:%d] : unknown optional log level '%s'\n", file, linenum, args[arg+3]); - err_code |= ERR_ALERT | ERR_FATAL; - logsrv->level = 0; - } - } - - logsrv->minlvl = 0; /* limit syslog level to this level (emerg) */ -- if (*(args[4])) { -- logsrv->minlvl = get_log_level(args[4]); -+ if (*(args[arg+4])) { -+ logsrv->minlvl = get_log_level(args[arg+4]); - if (logsrv->minlvl < 0) { -- Alert("parsing [%s:%d] : unknown optional minimum log level '%s'\n", file, linenum, args[4]); -+ Alert("parsing [%s:%d] : unknown optional minimum log level '%s'\n", file, linenum, args[arg+4]); - err_code |= ERR_ALERT | ERR_FATAL; - logsrv->minlvl = 0; - } -@@ -4791,22 +4815,46 @@ stats_error_parsing: - else if (*(args[1]) && *(args[2])) { - struct sockaddr_storage *sk; - int port1, port2; -+ int arg = 0; -+ int len = 0; - - logsrv = calloc(1, sizeof(struct logsrv)); - -- logsrv->facility = get_log_facility(args[2]); -+ /* just after the address, a length may be specified */ -+ if (strcmp(args[arg+2], "len") == 0) { -+ len = atoi(args[arg+3]); -+ if (len < 80 || len > 65535) { -+ Alert("parsing [%s:%d] : invalid log length '%s', must be between 80 and 65535.\n", -+ file, linenum, args[arg+3]); -+ err_code |= ERR_ALERT | ERR_FATAL; -+ goto out; -+ } -+ logsrv->maxlen = len; -+ -+ /* skip these two args */ -+ arg += 2; -+ } -+ else -+ logsrv->maxlen = MAX_SYSLOG_LEN; -+ -+ if (logsrv->maxlen > global.max_syslog_len) { -+ global.max_syslog_len = logsrv->maxlen; -+ logline = realloc(logline, global.max_syslog_len + 1); -+ } -+ -+ logsrv->facility = get_log_facility(args[arg+2]); - if (logsrv->facility < 0) { -- Alert("parsing [%s:%d] : unknown log facility '%s'\n", file, linenum, args[2]); -+ Alert("parsing [%s:%d] : unknown log facility '%s'\n", file, linenum, args[arg+2]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - - } - - logsrv->level = 7; /* max syslog level = debug */ -- if (*(args[3])) { -- logsrv->level = get_log_level(args[3]); -+ if (*(args[arg+3])) { -+ logsrv->level = get_log_level(args[arg+3]); - if (logsrv->level < 0) { -- Alert("parsing [%s:%d] : unknown optional log level '%s'\n", file, linenum, args[3]); -+ Alert("parsing [%s:%d] : unknown optional log level '%s'\n", file, linenum, args[arg+3]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - -@@ -4814,10 +4862,10 @@ stats_error_parsing: - } - - logsrv->minlvl = 0; /* limit syslog level to this level (emerg) */ -- if (*(args[4])) { -- logsrv->minlvl = get_log_level(args[4]); -+ if (*(args[arg+4])) { -+ logsrv->minlvl = get_log_level(args[arg+4]); - if (logsrv->minlvl < 0) { -- Alert("parsing [%s:%d] : unknown optional minimum log level '%s'\n", file, linenum, args[4]); -+ Alert("parsing [%s:%d] : unknown optional minimum log level '%s'\n", file, linenum, args[arg+4]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - -diff --git a/src/log.c b/src/log.c -index 114ab7b..3e3acb4 100644 ---- a/src/log.c -+++ b/src/log.c -@@ -146,7 +146,7 @@ char *log_format = NULL; - /* This is a global syslog line, common to all outgoing messages. It begins - * with the syslog tag and the date that are updated by update_log_hdr(). - */ --static char logline[MAX_SYSLOG_LEN]; -+char *logline = NULL; - - struct logformat_var_args { - char *name; -@@ -736,7 +736,7 @@ static char *update_log_hdr() - tvsec = date.tv_sec; - get_localtime(tvsec, &tm); - -- hdr_len = snprintf(logline, MAX_SYSLOG_LEN, -+ hdr_len = snprintf(logline, global.max_syslog_len, - "<<<<>%s %2d %02d:%02d:%02d %s%s[%d]: ", - monthname[tm.tm_mon], - tm.tm_mday, tm.tm_hour, tm.tm_min, tm.tm_sec, -@@ -746,8 +746,8 @@ static char *update_log_hdr() - * either -1 or the number of bytes that would be needed to store - * the total message. In both cases, we must adjust it. - */ -- if (hdr_len < 0 || hdr_len > MAX_SYSLOG_LEN) -- hdr_len = MAX_SYSLOG_LEN; -+ if (hdr_len < 0 || hdr_len > global.max_syslog_len) -+ hdr_len = global.max_syslog_len; - - dataptr = logline + hdr_len; - } -@@ -772,9 +772,9 @@ void send_log(struct proxy *p, int level, const char *format, ...) - data_len = dataptr - logline; - - va_start(argp, format); -- data_len += vsnprintf(dataptr, logline + sizeof(logline) - dataptr, format, argp); -- if (data_len < 0 || data_len > MAX_SYSLOG_LEN) -- data_len = MAX_SYSLOG_LEN; -+ data_len += vsnprintf(dataptr, logline + global.max_syslog_len - dataptr, format, argp); -+ if (data_len < 0 || data_len > global.max_syslog_len) -+ data_len = global.max_syslog_len; - va_end(argp); - - __send_log(p, level, logline, data_len); -@@ -811,8 +811,6 @@ void __send_log(struct proxy *p, int level, char *message, size_t size) - if (!logsrvs) - return; - -- message[size - 1] = '\n'; -- - /* Send log messages to syslog server. */ - nblogger = 0; - list_for_each_entry(tmp, logsrvs, list) { -@@ -820,6 +818,8 @@ void __send_log(struct proxy *p, int level, char *message, size_t size) - int *plogfd = logsrv->addr.ss_family == AF_UNIX ? - &logfdunix : &logfdinet; - int sent; -+ int max; -+ char backup; - - nblogger++; - -@@ -858,9 +858,23 @@ void __send_log(struct proxy *p, int level, char *message, size_t size) - } while (fac_level && log_ptr > dataptr); - *log_ptr = '<'; - -- sent = sendto(*plogfd, log_ptr, size - (log_ptr - dataptr), -+ max = size - (log_ptr - dataptr); -+ if (max > logsrv->maxlen) -+ max = logsrv->maxlen; -+ -+ /* insert a \n at the end of the message, but save what was -+ * there first because we could have different max lengths -+ * for different log targets. -+ */ -+ backup = log_ptr[max - 1]; -+ log_ptr[max - 1] = '\n'; -+ -+ sent = sendto(*plogfd, log_ptr, max, - MSG_DONTWAIT | MSG_NOSIGNAL, - (struct sockaddr *)&logsrv->addr, get_addr_len(&logsrv->addr)); -+ -+ log_ptr[max - 1] = backup; -+ - if (sent < 0) { - Alert("sendto logger #%d failed: %s (errno=%d)\n", - nblogger, strerror(errno), errno); -@@ -1604,7 +1618,7 @@ void sess_log(struct session *s) - - tmplog = update_log_hdr(); - size = tmplog - logline; -- size += build_logline(s, tmplog, sizeof(logline) - size, &s->fe->logformat); -+ size += build_logline(s, tmplog, global.max_syslog_len - size, &s->fe->logformat); - if (size > 0) { - __send_log(s->fe, level, logline, size + 1); - s->logs.logwait = 0; --- -1.8.5.5 - diff --git a/net/haproxy/patches/0010-MINOR-stats-fix-minor-typo-in-HTML-page.patch b/net/haproxy/patches/0010-MINOR-stats-fix-minor-typo-in-HTML-page.patch deleted file mode 100644 index 8496abcb6..000000000 --- a/net/haproxy/patches/0010-MINOR-stats-fix-minor-typo-in-HTML-page.patch +++ /dev/null @@ -1,28 +0,0 @@ -From d38f5c0c1cbba00d80cad2640c005794fa5bc4f9 Mon Sep 17 00:00:00 2001 -From: Marco Corte -Date: Wed, 2 Jul 2014 17:49:34 +0200 -Subject: [PATCH 10/12] MINOR: stats: fix minor typo in HTML page - -There is a very small typo in the statistics interface: a "set" in -lowercase where allothers are uppercase "Set". -(cherry picked from commit 8c27bcaea0116247ee055c5481a63507de4fe6e4) ---- - src/dumpstats.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/dumpstats.c b/src/dumpstats.c -index c8bac08..5365042 100644 ---- a/src/dumpstats.c -+++ b/src/dumpstats.c -@@ -3710,7 +3710,7 @@ static void stats_dump_html_px_end(struct stream_interface *si, struct proxy *px - "" - "" - "" -- "" -+ "" - "" - "" - "" --- -1.8.5.5 - diff --git a/net/haproxy/patches/0011-BUG-MEDIUM-unix-do-not-unlink-abstract-namespace-soc.patch b/net/haproxy/patches/0011-BUG-MEDIUM-unix-do-not-unlink-abstract-namespace-soc.patch deleted file mode 100644 index 4851224c1..000000000 --- a/net/haproxy/patches/0011-BUG-MEDIUM-unix-do-not-unlink-abstract-namespace-soc.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 76ad998e2b6ae852567ff53edb84a0b467c0c9cb Mon Sep 17 00:00:00 2001 -From: Jan Seda -Date: Thu, 26 Jun 2014 20:44:05 +0200 -Subject: [PATCH 11/12] BUG/MEDIUM: unix: do not unlink() abstract namespace - sockets upon failure. - -When bind() fails (function uxst_bind_listener()), the fail path doesn't -consider the abstract namespace and tries to unlink paths held in -uninitiliazed memory (tempname and backname). See the strace excerpt; -the strings still hold the path from test1. - -=============================================================================================== -23722 bind(5, {sa_family=AF_FILE, path=@"test2"}, 110) = -1 EADDRINUSE (Address already in use) -23722 unlink("/tmp/test1.sock.23722.tmp") = -1 ENOENT (No such file or directory) -23722 close(5) = 0 -23722 unlink("/tmp/test1.sock.23722.bak") = -1 ENOENT (No such file or directory) -=============================================================================================== - -This patch should be backported to 1.5. -(cherry picked from commit 7319b64fc4c9b7e04726816c6cc02f6ecf66a0a4) ---- - src/proto_uxst.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/proto_uxst.c b/src/proto_uxst.c -index f83d34e..c9a52ff 100644 ---- a/src/proto_uxst.c -+++ b/src/proto_uxst.c -@@ -309,11 +309,11 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle - if (ret < 0 && errno == ENOENT) - unlink(path); - err_unlink_temp: -- if (!ext) -+ if (!ext && path[0]) - unlink(tempname); - close(fd); - err_unlink_back: -- if (!ext) -+ if (!ext && path[0]) - unlink(backname); - err_return: - if (msg && errlen) { --- -1.8.5.5 - diff --git a/net/haproxy/patches/0012-DOC-provide-an-example-of-how-to-use-ssl_c_sha1.patch b/net/haproxy/patches/0012-DOC-provide-an-example-of-how-to-use-ssl_c_sha1.patch deleted file mode 100644 index c9b9898fd..000000000 --- a/net/haproxy/patches/0012-DOC-provide-an-example-of-how-to-use-ssl_c_sha1.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 9fe4cb64cd9514a72bcd4b2fd8781620da9e1f76 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Wed, 2 Jul 2014 19:01:22 +0200 -Subject: [PATCH 12/12] DOC: provide an example of how to use ssl_c_sha1 - -As suggested by Aydan Yumerefendi, a little bit of examples never hurts. -(cherry picked from commit 2d0caa38e040b081903e50faa56bae52599b3949) ---- - doc/configuration.txt | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/doc/configuration.txt b/doc/configuration.txt -index e53bb21..fcc6454 100644 ---- a/doc/configuration.txt -+++ b/doc/configuration.txt -@@ -10722,6 +10722,10 @@ ssl_c_sha1 : binary - Returns the SHA-1 fingerprint of the certificate presented by the client when - the incoming connection was made over an SSL/TLS transport layer. This can be - used to stick a client to a server, or to pass this information to a server. -+ Note that the output is binary, so if you want to pass that signature to the -+ server, you need to encode it in hex or base64, such as in the example below: -+ -+ http-request set-header X-SSL-Client-SHA1 %[ssl_c_sha1,hex] - - ssl_c_sig_alg : string - Returns the name of the algorithm used to sign the certificate presented by --- -1.8.5.5 - diff --git a/net/haproxy/patches/0013-BUILD-http-fix-isdigit-isspace-warnings-on-Solaris.patch b/net/haproxy/patches/0013-BUILD-http-fix-isdigit-isspace-warnings-on-Solaris.patch deleted file mode 100644 index bcd0e45e5..000000000 --- a/net/haproxy/patches/0013-BUILD-http-fix-isdigit-isspace-warnings-on-Solaris.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 463ae6f09e485faf3d1cdc4daceefe4bcd50b50e Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Tue, 8 Jul 2014 00:59:48 +0200 -Subject: [PATCH 13/21] BUILD: http: fix isdigit & isspace warnings on Solaris - -As usual, when touching any is* function, Solaris complains about the -type of the element being checked. Better backport this to 1.5 since -nobody knows what the emitted code looks like since macros are used -instead of functions. -(cherry picked from commit 506c69a50e8d434b6b0c2c89b0402f220830644d) ---- - src/proto_http.c | 20 ++++++++++---------- - 1 file changed, 10 insertions(+), 10 deletions(-) - -diff --git a/src/proto_http.c b/src/proto_http.c -index 01fe62d..4a862b0 100644 ---- a/src/proto_http.c -+++ b/src/proto_http.c -@@ -2143,22 +2143,22 @@ int parse_qvalue(const char *qvalue, const char **end) - { - int q = 1000; - -- if (!isdigit(*qvalue)) -+ if (!isdigit((unsigned char)*qvalue)) - goto out; - q = (*qvalue++ - '0') * 1000; - - if (*qvalue++ != '.') - goto out; - -- if (!isdigit(*qvalue)) -+ if (!isdigit((unsigned char)*qvalue)) - goto out; - q += (*qvalue++ - '0') * 100; - -- if (!isdigit(*qvalue)) -+ if (!isdigit((unsigned char)*qvalue)) - goto out; - q += (*qvalue++ - '0') * 10; - -- if (!isdigit(*qvalue)) -+ if (!isdigit((unsigned char)*qvalue)) - goto out; - q += (*qvalue++ - '0') * 1; - out: -@@ -11226,7 +11226,7 @@ static int sample_conv_q_prefered(const struct arg *args, struct sample *smp) - while (1) { - - /* Jump spaces, quit if the end is detected. */ -- while (al < end && isspace(*al)) -+ while (al < end && isspace((unsigned char)*al)) - al++; - if (al >= end) - break; -@@ -11235,7 +11235,7 @@ static int sample_conv_q_prefered(const struct arg *args, struct sample *smp) - token = al; - - /* Look for separator: isspace(), ',' or ';'. Next value if 0 length word. */ -- while (al < end && *al != ';' && *al != ',' && !isspace(*al)) -+ while (al < end && *al != ';' && *al != ',' && !isspace((unsigned char)*al)) - al++; - if (al == token) - goto expect_comma; -@@ -11264,7 +11264,7 @@ static int sample_conv_q_prefered(const struct arg *args, struct sample *smp) - look_for_q: - - /* Jump spaces, quit if the end is detected. */ -- while (al < end && isspace(*al)) -+ while (al < end && isspace((unsigned char)*al)) - al++; - if (al >= end) - goto process_value; -@@ -11283,7 +11283,7 @@ look_for_q: - al++; - - /* Jump spaces, process value if the end is detected. */ -- while (al < end && isspace(*al)) -+ while (al < end && isspace((unsigned char)*al)) - al++; - if (al >= end) - goto process_value; -@@ -11294,7 +11294,7 @@ look_for_q: - al++; - - /* Jump spaces, process value if the end is detected. */ -- while (al < end && isspace(*al)) -+ while (al < end && isspace((unsigned char)*al)) - al++; - if (al >= end) - goto process_value; -@@ -11305,7 +11305,7 @@ look_for_q: - al++; - - /* Jump spaces, process value if the end is detected. */ -- while (al < end && isspace(*al)) -+ while (al < end && isspace((unsigned char)*al)) - al++; - if (al >= end) - goto process_value; --- -1.8.5.5 - diff --git a/net/haproxy/patches/0014-BUG-MINOR-listener-set-the-listener-s-fd-to-1-after-.patch b/net/haproxy/patches/0014-BUG-MINOR-listener-set-the-listener-s-fd-to-1-after-.patch deleted file mode 100644 index e5292dac4..000000000 --- a/net/haproxy/patches/0014-BUG-MINOR-listener-set-the-listener-s-fd-to-1-after-.patch +++ /dev/null @@ -1,32 +0,0 @@ -From fb8bf6324bfe9f36d0be5110fcc13facba4389a8 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Mon, 7 Jul 2014 18:24:48 +0200 -Subject: [PATCH 14/21] BUG/MINOR: listener: set the listener's fd to -1 after - deletion - -This is currently harmless, but when stopping a listener, its fd is -closed but not set to -1, so it is not possible to re-open it again. -Currently this has no impact but can have after the abstract sockets -are modified to perform a complete close on soft-reload. - -The fix can be backported to 1.5 and may even apply to 1.4 (protocols.c). -(cherry picked from commit 39447b6a5799a160eae452db920fd0735a78638b) ---- - src/listener.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/listener.c b/src/listener.c -index ec3a39b..a82ce81 100644 ---- a/src/listener.c -+++ b/src/listener.c -@@ -236,6 +236,7 @@ int unbind_listener(struct listener *listener) - - if (listener->state >= LI_PAUSED) { - fd_delete(listener->fd); -+ listener->fd = -1; - listener->state = LI_ASSIGNED; - } - return ERR_NONE; --- -1.8.5.5 - diff --git a/net/haproxy/patches/0015-BUG-MEDIUM-unix-failed-abstract-socket-binding-is-re.patch b/net/haproxy/patches/0015-BUG-MEDIUM-unix-failed-abstract-socket-binding-is-re.patch deleted file mode 100644 index f15c981ae..000000000 --- a/net/haproxy/patches/0015-BUG-MEDIUM-unix-failed-abstract-socket-binding-is-re.patch +++ /dev/null @@ -1,153 +0,0 @@ -From 58dd0f33fa908e83199d28775bad8ee2f24151a9 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Mon, 7 Jul 2014 18:36:45 +0200 -Subject: [PATCH 15/21] BUG/MEDIUM: unix: failed abstract socket binding is - retryable - -Jan Seda noticed that abstract sockets are incompatible with soft reload, -because the new process cannot bind and immediately fails. This patch marks -the binding as retryable and not fatal so that the new process can try to -bind again after sending a signal to the old process. - -Note that this fix is not enough to completely solve the problem, but it -is necessary. This patch should be backported to 1.5. -(cherry picked from commit 3c5efa2b3268f31cffc2c18887010d4bc906a066) ---- - src/proto_uxst.c | 30 ++++++++++++++++++++++++++---- - 1 file changed, 26 insertions(+), 4 deletions(-) - -diff --git a/src/proto_uxst.c b/src/proto_uxst.c -index c9a52ff..409c659 100644 ---- a/src/proto_uxst.c -+++ b/src/proto_uxst.c -@@ -166,9 +166,11 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle - const char *path; - int ext, ready; - socklen_t ready_len; -- -+ int err; - int ret; - -+ err = ERR_NONE; -+ - /* ensure we never return garbage */ - if (errlen) - *errmsg = 0; -@@ -191,29 +193,34 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle - if (path[0]) { - ret = snprintf(tempname, MAXPATHLEN, "%s.%d.tmp", path, pid); - if (ret < 0 || ret >= MAXPATHLEN) { -+ err |= ERR_FATAL | ERR_ALERT; - msg = "name too long for UNIX socket"; - goto err_return; - } - - ret = snprintf(backname, MAXPATHLEN, "%s.%d.bak", path, pid); - if (ret < 0 || ret >= MAXPATHLEN) { -+ err |= ERR_FATAL | ERR_ALERT; - msg = "name too long for UNIX socket"; - goto err_return; - } - - /* 2. clean existing orphaned entries */ - if (unlink(tempname) < 0 && errno != ENOENT) { -+ err |= ERR_FATAL | ERR_ALERT; - msg = "error when trying to unlink previous UNIX socket"; - goto err_return; - } - - if (unlink(backname) < 0 && errno != ENOENT) { -+ err |= ERR_FATAL | ERR_ALERT; - msg = "error when trying to unlink previous UNIX socket"; - goto err_return; - } - - /* 3. backup existing socket */ - if (link(path, backname) < 0 && errno != ENOENT) { -+ err |= ERR_FATAL | ERR_ALERT; - msg = "error when trying to preserve previous UNIX socket"; - goto err_return; - } -@@ -231,24 +238,35 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle - - fd = socket(PF_UNIX, SOCK_STREAM, 0); - if (fd < 0) { -+ err |= ERR_FATAL | ERR_ALERT; - msg = "cannot create UNIX socket"; - goto err_unlink_back; - } - - fd_ready: - if (fd >= global.maxsock) { -+ err |= ERR_FATAL | ERR_ALERT; - msg = "socket(): not enough free sockets, raise -n argument"; - goto err_unlink_temp; - } - - if (fcntl(fd, F_SETFL, O_NONBLOCK) == -1) { -+ err |= ERR_FATAL | ERR_ALERT; - msg = "cannot make UNIX socket non-blocking"; - goto err_unlink_temp; - } - - if (!ext && bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) { - /* note that bind() creates the socket on the file system */ -- msg = "cannot bind UNIX socket"; -+ if (errno == EADDRINUSE) { -+ /* the old process might still own it, let's retry */ -+ err |= ERR_RETRYABLE | ERR_ALERT; -+ msg = "cannot listen to socket"; -+ } -+ else { -+ err |= ERR_FATAL | ERR_ALERT; -+ msg = "cannot bind UNIX socket"; -+ } - goto err_unlink_temp; - } - -@@ -261,6 +279,7 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle - (((listener->bind_conf->ux.uid != -1 || listener->bind_conf->ux.gid != -1) && - (chown(tempname, listener->bind_conf->ux.uid, listener->bind_conf->ux.gid) == -1)) || - (listener->bind_conf->ux.mode != 0 && chmod(tempname, listener->bind_conf->ux.mode) == -1))) { -+ err |= ERR_FATAL | ERR_ALERT; - msg = "cannot change UNIX socket ownership"; - goto err_unlink_temp; - } -@@ -272,6 +291,7 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle - - if (!(ext && ready) && /* only listen if not already done by external process */ - listen(fd, listener->backlog ? listener->backlog : listener->maxconn) < 0) { -+ err |= ERR_FATAL | ERR_ALERT; - msg = "cannot listen to UNIX socket"; - goto err_unlink_temp; - } -@@ -281,6 +301,7 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle - * backname. Abstract sockets are not renamed. - */ - if (!ext && path[0] && rename(tempname, path) < 0) { -+ err |= ERR_FATAL | ERR_ALERT; - msg = "cannot switch final and temporary UNIX sockets"; - goto err_rename; - } -@@ -303,7 +324,8 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle - fd_insert(fd); - fdtab[fd].iocb = listener->proto->accept; - fdtab[fd].owner = listener; /* reference the listener instead of a task */ -- return ERR_NONE; -+ return err; -+ - err_rename: - ret = rename(backname, path); - if (ret < 0 && errno == ENOENT) -@@ -322,7 +344,7 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle - else - snprintf(errmsg, errlen, "%s [fd %d]", msg, fd); - } -- return ERR_FATAL | ERR_ALERT; -+ return err; - } - - /* This function closes the UNIX sockets for the specified listener. --- -1.8.5.5 - diff --git a/net/haproxy/patches/0016-MEDIUM-listener-implement-a-per-protocol-pause-funct.patch b/net/haproxy/patches/0016-MEDIUM-listener-implement-a-per-protocol-pause-funct.patch deleted file mode 100644 index 0ee82173e..000000000 --- a/net/haproxy/patches/0016-MEDIUM-listener-implement-a-per-protocol-pause-funct.patch +++ /dev/null @@ -1,124 +0,0 @@ -From d903bb345dcf6ed058ccf84f476f066b3dc08d47 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Mon, 7 Jul 2014 20:22:12 +0200 -Subject: [PATCH 16/21] MEDIUM: listener: implement a per-protocol pause() - function - -In order to fix the abstact socket pause mechanism during soft restarts, -we'll need to proceed differently depending on the socket protocol. The -pause_listener() function already supports some protocol-specific handling -for the TCP case. - -This commit makes this cleaner by adding a new ->pause() function to the -protocol struct, which, if defined, may be used to pause a listener of a -given protocol. - -For now, only TCP has been adapted, with the specific code moved from -pause_listener() to tcp_pause_listener(). -(cherry picked from commit 092d865c53de80afc847c5ff0a079b414041ce2a) ---- - include/proto/proto_tcp.h | 1 + - include/types/protocol.h | 1 + - src/listener.c | 17 +++++++++-------- - src/proto_tcp.c | 18 ++++++++++++++++++ - 4 files changed, 29 insertions(+), 8 deletions(-) - -diff --git a/include/proto/proto_tcp.h b/include/proto/proto_tcp.h -index 4adf4d2..ac8b711 100644 ---- a/include/proto/proto_tcp.h -+++ b/include/proto/proto_tcp.h -@@ -30,6 +30,7 @@ - int tcp_bind_socket(int fd, int flags, struct sockaddr_storage *local, struct sockaddr_storage *remote); - void tcpv4_add_listener(struct listener *listener); - void tcpv6_add_listener(struct listener *listener); -+int tcp_pause_listener(struct listener *l); - int tcp_connect_server(struct connection *conn, int data, int delack); - int tcp_connect_probe(struct connection *conn); - int tcp_get_src(int fd, struct sockaddr *sa, socklen_t salen, int dir); -diff --git a/include/types/protocol.h b/include/types/protocol.h -index e03692a..74b20e8 100644 ---- a/include/types/protocol.h -+++ b/include/types/protocol.h -@@ -60,6 +60,7 @@ struct protocol { - int (*get_src)(int fd, struct sockaddr *, socklen_t, int dir); /* syscall used to retrieve src addr */ - int (*get_dst)(int fd, struct sockaddr *, socklen_t, int dir); /* syscall used to retrieve dst addr */ - int (*drain)(int fd); /* indicates whether we can safely close the fd */ -+ int (*pause)(struct listener *l); /* temporarily pause this listener for a soft restart */ - - struct list listeners; /* list of listeners using this protocol */ - int nb_listeners; /* number of listeners */ -diff --git a/src/listener.c b/src/listener.c -index a82ce81..67f8ca7 100644 ---- a/src/listener.c -+++ b/src/listener.c -@@ -95,15 +95,16 @@ int pause_listener(struct listener *l) - if (l->state <= LI_PAUSED) - return 1; - -- if (l->proto->sock_prot == IPPROTO_TCP) { -- if (shutdown(l->fd, SHUT_WR) != 0) -- return 0; /* Solaris dies here */ -- -- if (listen(l->fd, l->backlog ? l->backlog : l->maxconn) != 0) -- return 0; /* OpenBSD dies here */ -+ if (l->proto->pause) { -+ /* Returns < 0 in case of failure, 0 if the listener -+ * was totally stopped, or > 0 if correctly paused. -+ */ -+ int ret = l->proto->pause(l); - -- if (shutdown(l->fd, SHUT_RD) != 0) -- return 0; /* should always be OK */ -+ if (ret < 0) -+ return 0; -+ else if (ret == 0) -+ return 1; - } - - if (l->state == LI_LIMITED) -diff --git a/src/proto_tcp.c b/src/proto_tcp.c -index e9dbc9c..9778856 100644 ---- a/src/proto_tcp.c -+++ b/src/proto_tcp.c -@@ -80,6 +80,7 @@ static struct protocol proto_tcpv4 = { - .get_src = tcp_get_src, - .get_dst = tcp_get_dst, - .drain = tcp_drain, -+ .pause = tcp_pause_listener, - .listeners = LIST_HEAD_INIT(proto_tcpv4.listeners), - .nb_listeners = 0, - }; -@@ -102,6 +103,7 @@ static struct protocol proto_tcpv6 = { - .get_src = tcp_get_src, - .get_dst = tcp_get_dst, - .drain = tcp_drain, -+ .pause = tcp_pause_listener, - .listeners = LIST_HEAD_INIT(proto_tcpv6.listeners), - .nb_listeners = 0, - }; -@@ -947,6 +949,22 @@ void tcpv6_add_listener(struct listener *listener) - proto_tcpv6.nb_listeners++; - } - -+/* Pause a listener. Returns < 0 in case of failure, 0 if the listener -+ * was totally stopped, or > 0 if correctly paused. -+ */ -+int tcp_pause_listener(struct listener *l) -+{ -+ if (shutdown(l->fd, SHUT_WR) != 0) -+ return -1; /* Solaris dies here */ -+ -+ if (listen(l->fd, l->backlog ? l->backlog : l->maxconn) != 0) -+ return -1; /* OpenBSD dies here */ -+ -+ if (shutdown(l->fd, SHUT_RD) != 0) -+ return -1; /* should always be OK */ -+ return 1; -+} -+ - /* This function performs the TCP request analysis on the current request. It - * returns 1 if the processing can continue on next analysers, or zero if it - * needs more data, encounters an error, or wants to immediately abort the --- -1.8.5.5 - diff --git a/net/haproxy/patches/0017-MEDIUM-listener-support-rebinding-during-resume.patch b/net/haproxy/patches/0017-MEDIUM-listener-support-rebinding-during-resume.patch deleted file mode 100644 index 570f7ce3d..000000000 --- a/net/haproxy/patches/0017-MEDIUM-listener-support-rebinding-during-resume.patch +++ /dev/null @@ -1,48 +0,0 @@ -From ff12090bf067a1ddd56bed14cf27371cdf2e77cb Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Mon, 7 Jul 2014 21:06:24 +0200 -Subject: [PATCH 17/21] MEDIUM: listener: support rebinding during resume() - -When a listener resumes operations, supporting a full rebind makes it -possible to perform a full stop as a pause(). This will be used for -pausing abstract namespace unix sockets. -(cherry picked from commit 1c4b814087189b4b0225a473b7cb0a844bc30839) ---- - src/listener.c | 18 +++++++++++++++++- - 1 file changed, 17 insertions(+), 1 deletion(-) - -diff --git a/src/listener.c b/src/listener.c -index 67f8ca7..11df69f 100644 ---- a/src/listener.c -+++ b/src/listener.c -@@ -120,10 +120,26 @@ int pause_listener(struct listener *l) - * may replace enable_listener(). The resulting state will either be LI_READY - * or LI_FULL. 0 is returned in case of failure to resume (eg: dead socket). - * Listeners bound to a different process are not woken up unless we're in -- * foreground mode. -+ * foreground mode. If the listener was only in the assigned state, it's totally -+ * rebound. This can happen if a pause() has completely stopped it. If the -+ * resume fails, 0 is returned and an error might be displayed. - */ - int resume_listener(struct listener *l) - { -+ if (l->state == LI_ASSIGNED) { -+ char msg[100]; -+ int err; -+ -+ err = l->proto->bind(l, msg, sizeof(msg)); -+ if (err & ERR_ALERT) -+ Alert("Resuming listener: %s\n", msg); -+ else if (err & ERR_WARN) -+ Warning("Resuming listener: %s\n", msg); -+ -+ if (err & (ERR_FATAL | ERR_ABORT)) -+ return 0; -+ } -+ - if (l->state < LI_PAUSED) - return 0; - --- -1.8.5.5 - diff --git a/net/haproxy/patches/0018-BUG-MEDIUM-unix-completely-unbind-abstract-sockets-d.patch b/net/haproxy/patches/0018-BUG-MEDIUM-unix-completely-unbind-abstract-sockets-d.patch deleted file mode 100644 index b635a650c..000000000 --- a/net/haproxy/patches/0018-BUG-MEDIUM-unix-completely-unbind-abstract-sockets-d.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 631a70f8baff6d26a2a6692ccd368de8d3948bf9 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Mon, 7 Jul 2014 21:07:51 +0200 -Subject: [PATCH 18/21] BUG/MEDIUM: unix: completely unbind abstract sockets - during a pause() - -Abstract namespace sockets ignore the shutdown() call and do not make -it possible to temporarily stop listening. The issue it causes is that -during a soft reload, the new process cannot bind, complaining that the -address is already in use. - -This change registers a new pause() function for unix sockets and -completely unbinds the abstract ones since it's possible to rebind -them later. It requires the two previous patches as well as preceeding -fixes. - -This fix should be backported into 1.5 since the issue apperas there. -(cherry picked from commit fd0e008d9d4db2f860b739bd28f6cd31d9aaf2b5) ---- - include/proto/proto_uxst.h | 1 + - src/proto_uxst.c | 15 +++++++++++++++ - 2 files changed, 16 insertions(+) - -diff --git a/include/proto/proto_uxst.h b/include/proto/proto_uxst.h -index 9422ea7..8e796ec 100644 ---- a/include/proto/proto_uxst.h -+++ b/include/proto/proto_uxst.h -@@ -27,6 +27,7 @@ - #include - - void uxst_add_listener(struct listener *listener); -+int uxst_pause_listener(struct listener *l); - int uxst_get_src(int fd, struct sockaddr *sa, socklen_t salen, int dir); - int uxst_get_dst(int fd, struct sockaddr *sa, socklen_t salen, int dir); - -diff --git a/src/proto_uxst.c b/src/proto_uxst.c -index 409c659..adc1b46 100644 ---- a/src/proto_uxst.c -+++ b/src/proto_uxst.c -@@ -68,6 +68,7 @@ static struct protocol proto_unix = { - .disable_all = disable_all_listeners, - .get_src = uxst_get_src, - .get_dst = uxst_get_dst, -+ .pause = uxst_pause_listener, - .listeners = LIST_HEAD_INIT(proto_unix.listeners), - .nb_listeners = 0, - }; -@@ -373,6 +374,20 @@ void uxst_add_listener(struct listener *listener) - proto_unix.nb_listeners++; - } - -+/* Pause a listener. Returns < 0 in case of failure, 0 if the listener -+ * was totally stopped, or > 0 if correctly paused. Nothing is done for -+ * plain unix sockets since currently it's the new process which handles -+ * the renaming. Abstract sockets are completely unbound. -+ */ -+int uxst_pause_listener(struct listener *l) -+{ -+ if (((struct sockaddr_un *)&l->addr)->sun_path[0]) -+ return 1; -+ -+ unbind_listener(l); -+ return 0; -+} -+ - - /* - * This function initiates a UNIX connection establishment to the target assigned --- -1.8.5.5 - diff --git a/net/haproxy/patches/0019-DOC-explicitly-mention-the-limits-of-abstract-namesp.patch b/net/haproxy/patches/0019-DOC-explicitly-mention-the-limits-of-abstract-namesp.patch deleted file mode 100644 index 0dfa8826f..000000000 --- a/net/haproxy/patches/0019-DOC-explicitly-mention-the-limits-of-abstract-namesp.patch +++ /dev/null @@ -1,40 +0,0 @@ -From b4fca5dbf0cfe887b88d6213b014e2f73e02a5e6 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Tue, 8 Jul 2014 00:37:50 +0200 -Subject: [PATCH 19/21] DOC: explicitly mention the limits of abstract - namespace sockets - -Listening to an abstract namespace socket is quite convenient but -comes with some drawbacks that must be clearly understood when the -socket is being listened to by multiple processes. The trouble is -that the socket cannot be rebound if a new process attempts a soft -restart and fails, so only one of the initially bound processes -will still be bound to it, the other ones will fail to rebind. For -most situations it's not an issue but it needs to be indicated. -(cherry picked from commit 70f72e0c90691c72cb72306b718f785902270015) ---- - doc/configuration.txt | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/doc/configuration.txt b/doc/configuration.txt -index fcc6454..73195ba 100644 ---- a/doc/configuration.txt -+++ b/doc/configuration.txt -@@ -1791,7 +1791,13 @@ bind / [, ...] [param*] - - 'ipv4@' -> address is always IPv4 - - 'ipv6@' -> address is always IPv6 - - 'unix@' -> address is a path to a local unix socket -- - 'abns@' -> address is in abstract namespace (Linux only) -+ - 'abns@' -> address is in abstract namespace (Linux only). -+ Note: since abstract sockets are not "rebindable", they -+ do not cope well with multi-process mode during -+ soft-restart, so it is better to avoid them if -+ nbproc is greater than 1. The effect is that if the -+ new process fails to start, only one of the old ones -+ will be able to rebind to the socket. - - 'fd@' -> use file descriptor inherited from the - parent. The fd must be bound and may or may not already - be listening. --- -1.8.5.5 - diff --git a/net/haproxy/patches/0020-DOC-expand-the-docs-for-the-provided-stats.patch b/net/haproxy/patches/0020-DOC-expand-the-docs-for-the-provided-stats.patch deleted file mode 100644 index d9c198577..000000000 --- a/net/haproxy/patches/0020-DOC-expand-the-docs-for-the-provided-stats.patch +++ /dev/null @@ -1,198 +0,0 @@ -From 75c98ad211c9e1b7304033b9d3eb4fe552d725d2 Mon Sep 17 00:00:00 2001 -From: James Westby -Date: Tue, 8 Jul 2014 10:14:57 -0400 -Subject: [PATCH 20/21] DOC: expand the docs for the provided stats. - -Indicate for each statistic which types may have a value for -that statistic. - -Explain some of the provided statistics a little more deeply. -(cherry picked from commit ebe62d645b45aa2210ef848fa16805a0aba7d75a) ---- - doc/configuration.txt | 163 +++++++++++++++++++++++++++++++------------------- - 1 file changed, 100 insertions(+), 63 deletions(-) - -diff --git a/doc/configuration.txt b/doc/configuration.txt -index 73195ba..8407500 100644 ---- a/doc/configuration.txt -+++ b/doc/configuration.txt -@@ -13075,44 +13075,76 @@ text is doubled ('""'), which is the format that most tools recognize. Please - do not insert any column before these ones in order not to break tools which - use hard-coded column positions. - -- 0. pxname: proxy name -- 1. svname: service name (FRONTEND for frontend, BACKEND for backend, any name -- for server) -- 2. qcur: current queued requests -- 3. qmax: max queued requests -- 4. scur: current sessions -- 5. smax: max sessions -- 6. slim: sessions limit -- 7. stot: total sessions -- 8. bin: bytes in -- 9. bout: bytes out -- 10. dreq: denied requests -- 11. dresp: denied responses -- 12. ereq: request errors -- 13. econ: connection errors -- 14. eresp: response errors (among which srv_abrt) -- 15. wretr: retries (warning) -- 16. wredis: redispatches (warning) -- 17. status: status (UP/DOWN/NOLB/MAINT/MAINT(via)...) -- 18. weight: server weight (server), total weight (backend) -- 19. act: server is active (server), number of active servers (backend) -- 20. bck: server is backup (server), number of backup servers (backend) -- 21. chkfail: number of failed checks -- 22. chkdown: number of UP->DOWN transitions -- 23. lastchg: last status change (in seconds) -- 24. downtime: total downtime (in seconds) -- 25. qlimit: queue limit -- 26. pid: process id (0 for first instance, 1 for second, ...) -- 27. iid: unique proxy id -- 28. sid: service id (unique inside a proxy) -- 29. throttle: warm up status -- 30. lbtot: total number of times a server was selected -- 31. tracked: id of proxy/server if tracking is enabled -- 32. type (0=frontend, 1=backend, 2=server, 3=socket) -- 33. rate: number of sessions per second over last elapsed second -- 34. rate_lim: limit on new sessions per second -- 35. rate_max: max number of new sessions per second -- 36. check_status: status of last health check, one of: -+In brackets after each field name are the types which may have a value for -+that field. The types are L (Listeners), F (Frontends), B (Backends), and -+S (Servers). -+ -+ 0. pxname [LFBS]: proxy name -+ 1. svname [LFBS]: service name (FRONTEND for frontend, BACKEND for backend, -+ any name for server/listener) -+ 2. qcur [..BS]: current queued requests. For the backend this reports the -+ number queued without a server assigned. -+ 3. qmax [..BS]: max value of qcur -+ 4. scur [LFBS]: current sessions -+ 5. smax [LFBS]: max sessions -+ 6. slim [LFBS]: configured session limit -+ 7. stot [LFBS]: cumulative number of connections -+ 8. bin [LFBS]: bytes in -+ 9. bout [LFBS]: bytes out -+ 10. dreq [LFB.]: requests denied because of security concerns. -+ - For tcp this is because of a matched tcp-request content rule. -+ - For http this is because of a matched http-request or tarpit rule. -+ 11. dresp [LFBS]: responses denied because of security concerns. -+ - For http this is because of a matched http-request rule, or -+ "option checkcache". -+ 12. ereq [LF..]: request errors. Some of the possible causes are: -+ - early termination from the client, before the request has been sent. -+ - read error from the client -+ - client timeout -+ - client closed connection -+ - various bad requests from the client. -+ - request was tarpitted. -+ 13. econ [..BS]: number of requests that encountered an error trying to -+ connect to a backend server. The backend stat is the sum of the stat -+ for all servers of that backend, plus any connection errors not -+ associated with a particular server (such as the backend having no -+ active servers). -+ 14. eresp [..BS]: response errors. srv_abrt will be counted here also. -+ Some other errors are: -+ - write error on the client socket (won't be counted for the server stat) -+ - failure applying filters to the response. -+ 15. wretr [..BS]: number of times a connection to a server was retried. -+ 16. wredis [..BS]: number of times a request was redispatched to another -+ server. The server value counts the number of times that server was -+ switched away from. -+ 17. status [LFBS]: status (UP/DOWN/NOLB/MAINT/MAINT(via)...) -+ 18. weight [..BS]: server weight (server), total weight (backend) -+ 19. act [..BS]: server is active (server), number of active servers (backend) -+ 20. bck [..BS]: server is backup (server), number of backup servers (backend) -+ 21. chkfail [...S]: number of failed checks. (Only counts checks failed when -+ the server is up.) -+ 22. chkdown [..BS]: number of UP->DOWN transitions. The backend counter counts -+ transitions to the whole backend being down, rather than the sum of the -+ counters for each server. -+ 23. lastchg [..BS]: number of seconds since the last UP<->DOWN transition -+ 24. downtime [..BS]: total downtime (in seconds). The value for the backend -+ is the downtime for the whole backend, not the sum of the server downtime. -+ 25. qlimit [...S]: configured maxqueue for the server, or nothing in the -+ value is 0 (default, meaning no limit) -+ 26. pid [LFBS]: process id (0 for first instance, 1 for second, ...) -+ 27. iid [LFBS]: unique proxy id -+ 28. sid [L..S]: server id (unique inside a proxy) -+ 29. throttle [...S]: current throttle percentage for the server, when -+ slowstart is active, or no value if not in slowstart. -+ 30. lbtot [..BS]: total number of times a server was selected, either for new -+ sessions, or when re-dispatching. The server counter is the number -+ of times that server was selected. -+ 31. tracked [...S]: id of proxy/server if tracking is enabled. -+ 32. type [LFBS]: (0=frontend, 1=backend, 2=server, 3=socket/listener) -+ 33. rate [.FBS]: number of sessions per second over last elapsed second -+ 34. rate_lim [.F..]: configured limit on new sessions per second -+ 35. rate_max [.FBS]: max number of new sessions per second -+ 36. check_status [...S]: status of last health check, one of: - UNK -> unknown - INI -> initializing - SOCKERR -> socket error -@@ -13129,31 +13161,36 @@ use hard-coded column positions. - L7TOUT -> layer 7 (HTTP/SMTP) timeout - L7RSP -> layer 7 invalid response - protocol error - L7STS -> layer 7 response error, for example HTTP 5xx -- 37. check_code: layer5-7 code, if available -- 38. check_duration: time in ms took to finish last health check -- 39. hrsp_1xx: http responses with 1xx code -- 40. hrsp_2xx: http responses with 2xx code -- 41. hrsp_3xx: http responses with 3xx code -- 42. hrsp_4xx: http responses with 4xx code -- 43. hrsp_5xx: http responses with 5xx code -- 44. hrsp_other: http responses with other codes (protocol error) -- 45. hanafail: failed health checks details -- 46. req_rate: HTTP requests per second over last elapsed second -- 47. req_rate_max: max number of HTTP requests per second observed -- 48. req_tot: total number of HTTP requests received -- 49. cli_abrt: number of data transfers aborted by the client -- 50. srv_abrt: number of data transfers aborted by the server (inc. in eresp) -- 51. comp_in: number of HTTP response bytes fed to the compressor -- 52. comp_out: number of HTTP response bytes emitted by the compressor -- 53. comp_byp: number of bytes that bypassed the HTTP compressor (CPU/BW limit) -- 54. comp_rsp: number of HTTP responses that were compressed -- 55. lastsess: number of seconds since last session assigned to server/backend -- 56. last_chk: last health check contents or textual error -- 57. last_agt: last agent check contents or textual error -- 58. qtime: the average queue time in ms over the 1024 last requests -- 59. ctime: the average connect time in ms over the 1024 last requests -- 60. rtime: the average response time in ms over the 1024 last requests (0 for TCP) -- 61. ttime: the average total session time in ms over the 1024 last requests -+ 37. check_code [...S]: layer5-7 code, if available -+ 38. check_duration [...S]: time in ms took to finish last health check -+ 39. hrsp_1xx [.FBS]: http responses with 1xx code -+ 40. hrsp_2xx [.FBS]: http responses with 2xx code -+ 41. hrsp_3xx [.FBS]: http responses with 3xx code -+ 42. hrsp_4xx [.FBS]: http responses with 4xx code -+ 43. hrsp_5xx [.FBS]: http responses with 5xx code -+ 44. hrsp_other [.FBS]: http responses with other codes (protocol error) -+ 45. hanafail [...S]: failed health checks details -+ 46. req_rate [.F..]: HTTP requests per second over last elapsed second -+ 47. req_rate_max [.F..]: max number of HTTP requests per second observed -+ 48. req_tot [.F..]: total number of HTTP requests received -+ 49. cli_abrt [..BS]: number of data transfers aborted by the client -+ 50. srv_abrt [..BS]: number of data transfers aborted by the server -+ (inc. in eresp) -+ 51. comp_in [.FB.]: number of HTTP response bytes fed to the compressor -+ 52. comp_out [.FB.]: number of HTTP response bytes emitted by the compressor -+ 53. comp_byp [.FB.]: number of bytes that bypassed the HTTP compressor -+ (CPU/BW limit) -+ 54. comp_rsp [.FB.]: number of HTTP responses that were compressed -+ 55. lastsess [..BS]: number of seconds since last session assigned to -+ server/backend -+ 56. last_chk [...S]: last health check contents or textual error -+ 57. last_agt [...S]: last agent check contents or textual error -+ 58. qtime [..BS]: the average queue time in ms over the 1024 last requests -+ 59. ctime [..BS]: the average connect time in ms over the 1024 last requests -+ 60. rtime [..BS]: the average response time in ms over the 1024 last requests -+ (0 for TCP) -+ 61. ttime [..BS]: the average total session time in ms over the 1024 last -+ requests - - - 9.2. Unix Socket commands --- -1.8.5.5 - diff --git a/net/haproxy/patches/0021-BUG-MEDIUM-backend-Update-hash-to-use-unsigned-int-t.patch b/net/haproxy/patches/0021-BUG-MEDIUM-backend-Update-hash-to-use-unsigned-int-t.patch deleted file mode 100644 index 57e37c1c5..000000000 --- a/net/haproxy/patches/0021-BUG-MEDIUM-backend-Update-hash-to-use-unsigned-int-t.patch +++ /dev/null @@ -1,138 +0,0 @@ -From 82456753cae9200aa1f4031f64c22c08e130f072 Mon Sep 17 00:00:00 2001 -From: Dan Dubovik -Date: Tue, 8 Jul 2014 08:51:03 -0700 -Subject: [PATCH 21/21] BUG/MEDIUM: backend: Update hash to use unsigned int - throughout - -When we were generating a hash, it was done using an unsigned long. When the hash was used -to select a backend, it was sent as an unsigned int. This made it difficult to predict which -backend would be selected. - -This patch updates get_hash, and the hash methods to use an unsigned int, to remain consistent -throughout the codebase. - -This fix should be backported to 1.5 and probably in part to 1.4. -(cherry picked from commit bd57a9f977f60fcf7818f462953da3740e3bd010) ---- - include/common/hash.h | 6 +++--- - src/backend.c | 14 +++++++------- - src/hash.c | 10 +++++----- - 3 files changed, 15 insertions(+), 15 deletions(-) - -diff --git a/include/common/hash.h b/include/common/hash.h -index 379bf89..7039ba5 100644 ---- a/include/common/hash.h -+++ b/include/common/hash.h -@@ -22,8 +22,8 @@ - #ifndef _COMMON_HASH_H_ - #define _COMMON_HASH_H_ - --unsigned long hash_djb2(const char *key, int len); --unsigned long hash_wt6(const char *key, int len); --unsigned long hash_sdbm(const char *key, int len); -+unsigned int hash_djb2(const char *key, int len); -+unsigned int hash_wt6(const char *key, int len); -+unsigned int hash_sdbm(const char *key, int len); - - #endif /* _COMMON_HASH_H_ */ -diff --git a/src/backend.c b/src/backend.c -index 5ddb88c..a96b767 100644 ---- a/src/backend.c -+++ b/src/backend.c -@@ -63,9 +63,9 @@ int be_lastsession(const struct proxy *be) - } - - /* helper function to invoke the correct hash method */ --static unsigned long gen_hash(const struct proxy* px, const char* key, unsigned long len) -+static unsigned int gen_hash(const struct proxy* px, const char* key, unsigned long len) - { -- unsigned long hash; -+ unsigned int hash; - - switch (px->lbprm.algo & BE_LB_HASH_FUNC) { - case BE_LB_HFCN_DJB2: -@@ -183,7 +183,7 @@ struct server *get_server_sh(struct proxy *px, const char *addr, int len) - */ - struct server *get_server_uh(struct proxy *px, char *uri, int uri_len) - { -- unsigned long hash = 0; -+ unsigned int hash = 0; - int c; - int slashes = 0; - const char *start, *end; -@@ -232,7 +232,7 @@ struct server *get_server_uh(struct proxy *px, char *uri, int uri_len) - */ - struct server *get_server_ph(struct proxy *px, const char *uri, int uri_len) - { -- unsigned long hash = 0; -+ unsigned int hash = 0; - const char *start, *end; - const char *p; - const char *params; -@@ -294,7 +294,7 @@ struct server *get_server_ph(struct proxy *px, const char *uri, int uri_len) - */ - struct server *get_server_ph_post(struct session *s) - { -- unsigned long hash = 0; -+ unsigned int hash = 0; - struct http_txn *txn = &s->txn; - struct channel *req = s->req; - struct http_msg *msg = &txn->req; -@@ -372,7 +372,7 @@ struct server *get_server_ph_post(struct session *s) - */ - struct server *get_server_hh(struct session *s) - { -- unsigned long hash = 0; -+ unsigned int hash = 0; - struct http_txn *txn = &s->txn; - struct proxy *px = s->be; - unsigned int plen = px->hh_len; -@@ -444,7 +444,7 @@ struct server *get_server_hh(struct session *s) - /* RDP Cookie HASH. */ - struct server *get_server_rch(struct session *s) - { -- unsigned long hash = 0; -+ unsigned int hash = 0; - struct proxy *px = s->be; - unsigned long len; - int ret; -diff --git a/src/hash.c b/src/hash.c -index 034685e..aa236cb 100644 ---- a/src/hash.c -+++ b/src/hash.c -@@ -17,7 +17,7 @@ - #include - - --unsigned long hash_wt6(const char *key, int len) -+unsigned int hash_wt6(const char *key, int len) - { - unsigned h0 = 0xa53c965aUL; - unsigned h1 = 0x5ca6953aUL; -@@ -44,9 +44,9 @@ unsigned long hash_wt6(const char *key, int len) - return h0 ^ h1; - } - --unsigned long hash_djb2(const char *key, int len) -+unsigned int hash_djb2(const char *key, int len) - { -- unsigned long hash = 5381; -+ unsigned int hash = 5381; - - /* the hash unrolled eight times */ - for (; len >= 8; len -= 8) { -@@ -72,9 +72,9 @@ unsigned long hash_djb2(const char *key, int len) - return hash; - } - --unsigned long hash_sdbm(const char *key, int len) -+unsigned int hash_sdbm(const char *key, int len) - { -- unsigned long hash = 0; -+ unsigned int hash = 0; - int c; - - while (len--) { --- -1.8.5.5 - diff --git a/net/haproxy/patches/0022-DOC-minor-fix-on-sc-src-_kbytes_-in-out.patch b/net/haproxy/patches/0022-DOC-minor-fix-on-sc-src-_kbytes_-in-out.patch deleted file mode 100644 index 473bc95a8..000000000 --- a/net/haproxy/patches/0022-DOC-minor-fix-on-sc-src-_kbytes_-in-out.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 911780c5f0e20760164cb0f9b92318185651237c Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Thu, 10 Jul 2014 15:29:24 +0200 -Subject: [PATCH 22/25] DOC: minor fix on {sc,src}_kbytes_{in,out} - -These ones report total amount of bytes, not byte rates. -This fix should be backported into 1.5 which has the same error. -(cherry picked from commit a01b974d5f5a067d99f288dcb3e05b78fe780a76) ---- - doc/configuration.txt | 35 ++++++++++++++++------------------- - 1 file changed, 16 insertions(+), 19 deletions(-) - -diff --git a/doc/configuration.txt b/doc/configuration.txt -index 8407500..b6d1b3b 100644 ---- a/doc/configuration.txt -+++ b/doc/configuration.txt -@@ -10386,19 +10386,17 @@ sc_kbytes_in([,]) : integer - sc0_kbytes_in([
]) : integer - sc1_kbytes_in([
]) : integer - sc2_kbytes_in([
]) : integer -- Returns the amount of client-to-server data from the currently tracked -- counters, measured in kilobytes over the period configured in the table. The -- test is currently performed on 32-bit integers, which limits values to 4 -- terabytes. See also src_kbytes_in. -+ Returns the total amount of client-to-server data from the currently tracked -+ counters, measured in kilobytes. The test is currently performed on 32-bit -+ integers, which limits values to 4 terabytes. See also src_kbytes_in. - - sc_kbytes_out([,
]) : integer - sc0_kbytes_out([
]) : integer - sc1_kbytes_out([
]) : integer - sc2_kbytes_out([
]) : integer -- Returns the amount of server-to-client data from the currently tracked -- counters, measured in kilobytes over the period configured in the table. The -- test is currently performed on 32-bit integers, which limits values to 4 -- terabytes. See also src_kbytes_out. -+ Returns the total amount of server-to-client data from the currently tracked -+ counters, measured in kilobytes. The test is currently performed on 32-bit -+ integers, which limits values to 4 terabytes. See also src_kbytes_out. - - sc_sess_cnt([,
]) : integer - sc0_sess_cnt([
]) : integer -@@ -10562,19 +10560,18 @@ src_inc_gpc0([
]) : integer - tcp-request connection reject if abuse kill - - src_kbytes_in([
]) : integer -- Returns the amount of data received from the incoming connection's source -- address in the current proxy's stick-table or in the designated stick-table, -- measured in kilobytes over the period configured in the table. If the address -- is not found, zero is returned. The test is currently performed on 32-bit -- integers, which limits values to 4 terabytes. See also -- sc/sc0/sc1/sc2_kbytes_in. -+ Returns the total amount of data received from the incoming connection's -+ source address in the current proxy's stick-table or in the designated -+ stick-table, measured in kilobytes. If the address is not found, zero is -+ returned. The test is currently performed on 32-bit integers, which limits -+ values to 4 terabytes. See also sc/sc0/sc1/sc2_kbytes_in. - - src_kbytes_out([
]) : integer -- Returns the amount of data sent to the incoming connection's source address -- in the current proxy's stick-table or in the designated stick-table, measured -- in kilobytes over the period configured in the table. If the address is not -- found, zero is returned. The test is currently performed on 32-bit integers, -- which limits values to 4 terabytes. See also sc/sc0/sc1/sc2_kbytes_out. -+ Returns the total amount of data sent to the incoming connection's source -+ address in the current proxy's stick-table or in the designated stick-table, -+ measured in kilobytes. If the address is not found, zero is returned. The -+ test is currently performed on 32-bit integers, which limits values to 4 -+ terabytes. See also sc/sc0/sc1/sc2_kbytes_out. - - src_port : integer - Returns an integer value corresponding to the TCP source port of the --- -1.8.5.5 - diff --git a/net/haproxy/patches/0023-DOC-fix-alphabetical-sort-of-converters.patch b/net/haproxy/patches/0023-DOC-fix-alphabetical-sort-of-converters.patch deleted file mode 100644 index 02055fb79..000000000 --- a/net/haproxy/patches/0023-DOC-fix-alphabetical-sort-of-converters.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 644d9ef5af4f8010412007374c345f7465c97391 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Thu, 10 Jul 2014 16:29:08 +0200 -Subject: [PATCH 23/25] DOC: fix alphabetical sort of converters - -For an unknown reason, these ones were not sorted. -(cherry picked from commit ffcb2e4b42acd710121a57eb39651a373d904e5b) ---- - doc/configuration.txt | 32 ++++++++++++++++---------------- - 1 file changed, 16 insertions(+), 16 deletions(-) - -diff --git a/doc/configuration.txt b/doc/configuration.txt -index b6d1b3b..f8199b9 100644 ---- a/doc/configuration.txt -+++ b/doc/configuration.txt -@@ -9887,28 +9887,12 @@ base64 - transfer binary content in a way that can be reliably transferred (eg: - an SSL ID can be copied in a header). - --lower -- Convert a string sample to lower case. This can only be placed after a string -- sample fetch function or after a transformation keyword returning a string -- type. The result is of type string. -- --upper -- Convert a string sample to upper case. This can only be placed after a string -- sample fetch function or after a transformation keyword returning a string -- type. The result is of type string. -- - hex - Converts a binary input sample to an hex string containing two hex digits per - input byte. It is used to log or transfer hex dumps of some binary input data - in a way that can be reliably transferred (eg: an SSL ID can be copied in a - header). - --ipmask() -- Apply a mask to an IPv4 address, and use the result for lookups and storage. -- This can be used to make all hosts within a certain mask to share the same -- table entries and as such use the same server. The mask can be passed in -- dotted form (eg: 255.255.255.0) or in CIDR form (eg: 24). -- - http_date([]) - Converts an integer supposed to contain a date since epoch to a string - representing this date in a format suitable for use in HTTP header fields. If -@@ -9917,6 +9901,12 @@ http_date([]) - emit Date header fields, Expires values in responses when combined with a - positive offset, or Last-Modified values when the offset is negative. - -+ipmask() -+ Apply a mask to an IPv4 address, and use the result for lookups and storage. -+ This can be used to make all hosts within a certain mask to share the same -+ table entries and as such use the same server. The mask can be passed in -+ dotted form (eg: 255.255.255.0) or in CIDR form (eg: 24). -+ - language([,]) - Returns the value with the highest q-factor from a list as extracted from the - "accept-language" header using "req.fhdr". Values with no q-factor have a -@@ -9944,6 +9934,11 @@ language([,]) - use_backend english if en - default_backend choose_your_language - -+lower -+ Convert a string sample to lower case. This can only be placed after a string -+ sample fetch function or after a transformation keyword returning a string -+ type. The result is of type string. -+ - map([,]) - map_([,]) - map__([,]) -@@ -10001,6 +9996,11 @@ map__([,]) - | `---------------------------- key - `------------------------------------ leading spaces ignored - -+upper -+ Convert a string sample to upper case. This can only be placed after a string -+ sample fetch function or after a transformation keyword returning a string -+ type. The result is of type string. -+ - - 7.3.2. Fetching samples from internal states - -------------------------------------------- --- -1.8.5.5 - diff --git a/net/haproxy/patches/0024-BUG-MAJOR-http-correctly-rewind-the-request-body-aft.patch b/net/haproxy/patches/0024-BUG-MAJOR-http-correctly-rewind-the-request-body-aft.patch deleted file mode 100644 index 1857fe5c9..000000000 --- a/net/haproxy/patches/0024-BUG-MAJOR-http-correctly-rewind-the-request-body-aft.patch +++ /dev/null @@ -1,167 +0,0 @@ -From 5bebcd06287be9024f0fba25f350393f02e050c1 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Thu, 10 Jul 2014 19:06:10 +0200 -Subject: [PATCH 24/25] BUG/MAJOR: http: correctly rewind the request body - after start of forwarding - -Daniel Dubovik reported an interesting bug showing that the request body -processing was still not 100% fixed. If a POST request contained short -enough data to be forwarded at once before trying to establish the -connection to the server, we had no way to correctly rewind the body. - -The first visible case is that balancing on a header does not always work -on such POST requests since the header cannot be found. But there are even -nastier implications which are that http-send-name-header would apply to -the wrong location and possibly even affect part of the request's body -due to an incorrect rewinding. - -There are two options to fix the problem : - - first one is to force the HTTP_MSG_F_WAIT_CONN flag on all hash-based - balancing algorithms and http-send-name-header, but there's always a - risk that any new algorithm forgets to set it ; - - - the second option is to account for the amount of skipped data before - the connection establishes so that we always know the position of the - request's body relative to the buffer's origin. - -The second option is much more reliable and fits very well in the spirit -of the past changes to fix forwarding. Indeed, at the moment we have -msg->sov which points to the start of the body before headers are forwarded -and which equals zero afterwards (so it still points to the start of the -body before forwarding data). A minor change consists in always making it -point to the start of the body even after data have been forwarded. It means -that it can get a negative value (so we need to change its type to signed).. - -In order to avoid wrapping, we only do this as long as the other side of -the buffer is not connected yet. - -Doing this definitely fixes the issues above for the requests. Since the -response cannot be rewound we don't need to perform any change there. - -This bug was introduced/remained unfixed in 1.5-dev23 so the fix must be -backported to 1.5. -(cherry picked from commit bb2e669f9e73531ac9cc9277b40066b701eec918) ---- - doc/internals/body-parsing.txt | 20 +++++++++++++------- - include/types/proto_http.h | 11 ++++++----- - src/proto_http.c | 9 +++++++-- - 3 files changed, 26 insertions(+), 14 deletions(-) - -diff --git a/doc/internals/body-parsing.txt b/doc/internals/body-parsing.txt -index e9c8b4b..5baa549 100644 ---- a/doc/internals/body-parsing.txt -+++ b/doc/internals/body-parsing.txt -@@ -67,12 +67,17 @@ msg.next : points to the next byte to inspect. This offset is automatically - automatically adjusted to the number of bytes already inspected. - - msg.sov : start of value. First character of the header's value in the header -- states, start of the body in the data states until headers are -- forwarded. This offset is automatically adjusted when inserting or -- removing some headers. In data states, it always constains the size -- of the whole HTTP headers (including the trailing CRLF) that needs -- to be forwarded before the first byte of body. Once the headers are -- forwarded, this value drops to zero. -+ states, start of the body in the data states. Strictly positive -+ values indicate that headers were not forwarded yet ( is -+ before the start of the body), and null or positive values are seen -+ after headers are forwarded ( is at or past the start of the -+ body). The value stops changing when data start to leave the buffer -+ (in order to avoid integer overflows). So the maximum possible range -+ is - to +. This offset is automatically adjusted -+ when inserting or removing some headers. It is useful to rewind the -+ request buffer to the beginning of the body at any phase. The -+ response buffer does not really use it since it is immediately -+ forwarded to the client. - - msg.sol : start of line. Points to the beginning of the current header line - while parsing headers. It is cleared to zero in the BODY state, -@@ -97,7 +102,8 @@ msg.eol : end of line. Points to the CRLF or LF of the current header line - states nor by forwarding. - - The beginning of the message headers can always be found this way even after --headers have been forwarded : -+headers or data have been forwarded, provided that everything is still present -+in the buffer : - - headers = buf.p + msg->sov - msg->eoh - msg->eol - -diff --git a/include/types/proto_http.h b/include/types/proto_http.h -index 12e1141..c53c7fd 100644 ---- a/include/types/proto_http.h -+++ b/include/types/proto_http.h -@@ -329,7 +329,8 @@ enum { - * message or a response message. - * - * The values there are a little bit obscure, because their meaning can change -- * during the parsing : -+ * during the parsing. Please read carefully doc/internal/body-parsing.txt if -+ * you need to manipulate them. Quick reminder : - * - * - eoh (End of Headers) : relative offset in the buffer of first byte that - * is not part of a completely processed header. -@@ -344,9 +345,9 @@ enum { - * - sov (start of value) : Before HTTP_MSG_BODY, points to the value of - * the header being parsed. Starting from - * HTTP_MSG_BODY, will point to the start of the -- * body (relative to buffer's origin), or to data -- * following a chunk size. Thus bytes of -- * headers will have to be sent only once. -+ * body (relative to buffer's origin). It can be -+ * negative when forwarding data. It stops growing -+ * once data start to leave the buffer. - * - * - next (parse pointer) : next relative byte to be parsed. Always points - * to a byte matching the current state. -@@ -372,7 +373,7 @@ struct http_msg { - /* 6 bytes unused here */ - struct channel *chn; /* pointer to the channel transporting the message */ - unsigned int next; /* pointer to next byte to parse, relative to buf->p */ -- unsigned int sov; /* current header: start of value */ -+ int sov; /* current header: start of value ; data: start of body */ - unsigned int eoh; /* End Of Headers, relative to buffer */ - unsigned int sol; /* start of current line during parsing otherwise zero */ - unsigned int eol; /* end of line */ -diff --git a/src/proto_http.c b/src/proto_http.c -index 4a862b0..94afed7 100644 ---- a/src/proto_http.c -+++ b/src/proto_http.c -@@ -5315,7 +5315,7 @@ int http_request_forward_body(struct session *s, struct channel *req, int an_bit - * an "Expect: 100-continue" header. - */ - -- if (msg->sov) { -+ if (msg->sov > 0) { - /* we have msg->sov which points to the first byte of message - * body, and req->buf.p still points to the beginning of the - * message. We forward the headers now, as we don't need them -@@ -5429,6 +5429,8 @@ int http_request_forward_body(struct session *s, struct channel *req, int an_bit - * such as last chunk of data or trailers. - */ - b_adv(req->buf, msg->next); -+ if (unlikely(!(s->rep->flags & CF_READ_ATTACHED))) -+ msg->sov -= msg->next; - msg->next = 0; - - /* for keep-alive we don't want to forward closes on DONE */ -@@ -5479,6 +5481,9 @@ int http_request_forward_body(struct session *s, struct channel *req, int an_bit - missing_data: - /* we may have some pending data starting at req->buf->p */ - b_adv(req->buf, msg->next); -+ if (unlikely(!(s->rep->flags & CF_READ_ATTACHED))) -+ msg->sov -= msg->next + MIN(msg->chunk_len, req->buf->i); -+ - msg->next = 0; - msg->chunk_len -= channel_forward(req, msg->chunk_len); - -@@ -6493,7 +6498,7 @@ int http_response_forward_body(struct session *s, struct channel *res, int an_bi - /* in most states, we should abort in case of early close */ - channel_auto_close(res); - -- if (msg->sov) { -+ if (msg->sov > 0) { - /* we have msg->sov which points to the first byte of message - * body, and res->buf.p still points to the beginning of the - * message. We forward the headers now, as we don't need them --- -1.8.5.5 - diff --git a/net/haproxy/patches/0025-DOC-remove-references-to-CPU-native-in-the-README.patch b/net/haproxy/patches/0025-DOC-remove-references-to-CPU-native-in-the-README.patch deleted file mode 100644 index f1a3c0ce3..000000000 --- a/net/haproxy/patches/0025-DOC-remove-references-to-CPU-native-in-the-README.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 94fb38fbb77e664e4f41343257a26ae5bab40d1d Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Thu, 10 Jul 2014 20:24:25 +0200 -Subject: [PATCH 25/25] DOC: remove references to CPU=native in the README - -Certain compilers running in virtualized environments may produce code -that the same processor cannot execute with -march=native, either because -of hypervisor bugs reporting wrong CPU features, or because of compiler -bugs forgetting to check CPU features. So better stop recommending this -combination so that users don't get trapped anymore. -(cherry picked from commit 817dad50b02d1a82d495dfea4eab9e3a91127391) ---- - README | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/README b/README -index 0ef0179..e2b8570 100644 ---- a/README -+++ b/README -@@ -53,8 +53,9 @@ one of the following choices to the CPU variable : - - i686 for intel PentiumPro, Pentium 2 and above, AMD Athlon - - i586 for intel Pentium, AMD K6, VIA C3. - - ultrasparc : Sun UltraSparc I/II/III/IV processor -- - native : use the build machine's specific processor optimizations -- - generic : any other processor or no specific optimization. (default) -+ - native : use the build machine's specific processor optimizations. Use with -+ extreme care, and never in virtualized environments (known to break). -+ - generic : any other processor or no CPU-specific optimization. (default) - - Alternatively, you may just set the CPU_CFLAGS value to the optimal GCC options - for your platform. -@@ -132,11 +133,11 @@ And I build it this way on OpenBSD or FreeBSD : - - And on a classic Linux with SSL and ZLIB support (eg: Red Hat 5.x) : - -- $ make TARGET=linux26 CPU=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 -+ $ make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 - - And on a recent Linux >= 2.6.28 with SSL and ZLIB support : - -- $ make TARGET=linux2628 CPU=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 -+ $ make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 - - In order to build a 32-bit binary on an x86_64 Linux system with SSL support - without support for compression but when OpenSSL requires ZLIB anyway : --- -1.8.5.5 -