- [PATCH 05/13] BUG/MINOR: http/sample: gmtime/localtime can fail - [PATCH 06/13] DOC: typo in 'redirect', 302 code meaning - [PATCH 07/13] DOC: mention that %ms is left-padded with zeroes. - [PATCH 08/13] CLEANUP: .gitignore: ignore more test files - [PATCH 09/13] CLEANUP: .gitignore: finally ignore everything but what - [PATCH 10/13] MEDIUM: config: emit a warning on a frontend without - [PATCH 11/13] BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 - [PATCH 12/13] DOC: ssl: missing LF - [PATCH 13/13] DOC: fix example of http-request using Signed-off-by: heil <heil@terminal-consulting.de>lilik-openwrt-22.03
@ -0,0 +1,33 @@ | |||
From 955587271031d66e9b7a768e3bb18dae00b60cc6 Mon Sep 17 00:00:00 2001 | |||
From: Thierry FOURNIER <tfournier@arpalert.org> | |||
Date: Wed, 8 Jul 2015 00:15:20 +0200 | |||
Subject: [PATCH 05/13] BUG/MINOR: http/sample: gmtime/localtime can fail | |||
The man said that gmtime() and localtime() can return a NULL value. | |||
This is not tested. It appears that all the values of a 32 bit integer | |||
are valid, but it is better to check the return of these functions. | |||
However, if the integer move from 32 bits to 64 bits, some 64 values | |||
can be unsupported. | |||
(cherry picked from commit fac9ccfb705702f211f99e67d5f5d5129002086a) | |||
[wt: we only have sample_conv_date() in 1.5] | |||
--- | |||
src/proto_http.c | 2 ++ | |||
1 file changed, 2 insertions(+) | |||
diff --git a/src/proto_http.c b/src/proto_http.c | |||
index 5db64b5..02dc42b 100644 | |||
--- a/src/proto_http.c | |||
+++ b/src/proto_http.c | |||
@@ -11249,6 +11249,8 @@ static int sample_conv_http_date(const struct arg *args, struct sample *smp) | |||
curr_date += args[0].data.sint; | |||
tm = gmtime(&curr_date); | |||
+ if (!tm) | |||
+ return 0; | |||
temp = get_trash_chunk(); | |||
temp->len = snprintf(temp->str, temp->size - temp->len, | |||
-- | |||
2.4.6 | |||
@ -0,0 +1,27 @@ | |||
From 6c7351bdd0778bc171a2b54faed058eadc8c9d0d Mon Sep 17 00:00:00 2001 | |||
From: Baptiste Assmann <bedis9@gmail.com> | |||
Date: Mon, 3 Aug 2015 11:42:50 +0200 | |||
Subject: [PATCH 06/13] DOC: typo in 'redirect', 302 code meaning | |||
302 means a temprary move, not a permanent one | |||
(cherry picked from commit ea849c0cca63b1b56c9c36f9c3504caa5e826816) | |||
--- | |||
doc/configuration.txt | 2 +- | |||
1 file changed, 1 insertion(+), 1 deletion(-) | |||
diff --git a/doc/configuration.txt b/doc/configuration.txt | |||
index 64697a4..e8d8b2a 100644 | |||
--- a/doc/configuration.txt | |||
+++ b/doc/configuration.txt | |||
@@ -5443,7 +5443,7 @@ redirect scheme <sch> [code <code>] <option> [{if | unless} <condition>] | |||
is desired. Only codes 301, 302, 303, 307 and 308 are supported, | |||
with 302 used by default if no code is specified. 301 means | |||
"Moved permanently", and a browser may cache the Location. 302 | |||
- means "Moved permanently" and means that the browser should not | |||
+ means "Moved temporarily" and means that the browser should not | |||
cache the redirection. 303 is equivalent to 302 except that the | |||
browser will fetch the location with a GET method. 307 is just | |||
like 302 but makes it clear that the same method must be reused. | |||
-- | |||
2.4.6 | |||
@ -0,0 +1,27 @@ | |||
From c3453d53f2862b22d8c8e7d2399dfc38ec966aa4 Mon Sep 17 00:00:00 2001 | |||
From: Willy Tarreau <w@1wt.eu> | |||
Date: Sun, 9 Aug 2015 10:56:35 +0200 | |||
Subject: [PATCH 07/13] DOC: mention that %ms is left-padded with zeroes. | |||
That's important to emit logs. | |||
(cherry picked from commit 812c88ec126e8fc4fc0f7853f265594d03c63956) | |||
--- | |||
doc/configuration.txt | 2 +- | |||
1 file changed, 1 insertion(+), 1 deletion(-) | |||
diff --git a/doc/configuration.txt b/doc/configuration.txt | |||
index e8d8b2a..1d95b5b 100644 | |||
--- a/doc/configuration.txt | |||
+++ b/doc/configuration.txt | |||
@@ -12381,7 +12381,7 @@ Please refer to the table below for currently defined variables : | |||
| | %hrl | captured_request_headers CLF style | string list | | |||
| | %hs | captured_response_headers default style | string | | |||
| | %hsl | captured_response_headers CLF style | string list | | |||
- | | %ms | accept date milliseconds | numeric | | |||
+ | | %ms | accept date milliseconds (left-padded with 0) | numeric | | |||
| | %pid | PID | numeric | | |||
| H | %r | http_request | string | | |||
| | %rc | retries | numeric | | |||
-- | |||
2.4.6 | |||
@ -0,0 +1,50 @@ | |||
From 1104336c0ba5f474fce8fe7c0125511b59f4dd3d Mon Sep 17 00:00:00 2001 | |||
From: Willy Tarreau <w@1wt.eu> | |||
Date: Tue, 11 Aug 2015 11:20:45 +0200 | |||
Subject: [PATCH 08/13] CLEANUP: .gitignore: ignore more test files | |||
Exclude from "git status" many of the files that often result from | |||
development tests and bug reports reproducers. | |||
(cherry picked from commit de365a320ead43168e78facfa337130759783515) | |||
--- | |||
.gitignore | 27 +++++++++++++++++++++++++++ | |||
1 file changed, 27 insertions(+) | |||
diff --git a/.gitignore b/.gitignore | |||
index 762f5ad..f6ccd0e 100644 | |||
--- a/.gitignore | |||
+++ b/.gitignore | |||
@@ -18,3 +18,30 @@ make-* | |||
dlmalloc.c | |||
00*.patch | |||
*.service | |||
+*.bak | |||
+contrib/base64/base64rev | |||
+contrib/halog/halog | |||
+contrib/ip6range/ip6range | |||
+contrib/iprange/iprange | |||
+tests/test_hashes | |||
+/*.cfg | |||
+/*.conf | |||
+/*.diff | |||
+/*.patch | |||
+/*.c | |||
+/*.o | |||
+/*.so | |||
+/*.txt | |||
+/*.TXT | |||
+/*.txt.* | |||
+/*.prof | |||
+/*.gprof | |||
+/*.prof.* | |||
+/*.gprof.* | |||
+/*.tar | |||
+/*.tar.gz | |||
+/*.tgz | |||
+/*.mbox | |||
+/*.sh | |||
+/bug* | |||
+/TAGS | |||
-- | |||
2.4.6 | |||
@ -0,0 +1,44 @@ | |||
From 5e077624951a65e6aae381c7213fc54984768dd4 Mon Sep 17 00:00:00 2001 | |||
From: Willy Tarreau <w@1wt.eu> | |||
Date: Tue, 11 Aug 2015 11:21:47 +0200 | |||
Subject: [PATCH 09/13] CLEANUP: .gitignore: finally ignore everything but what | |||
is known. | |||
Still too many files remain, it's easier to block everything but | |||
what we know. | |||
(cherry picked from commit d71f1766bdbb041f80394662b0d293f033f93005) | |||
--- | |||
.gitignore | 20 ++++++++++++++++++++ | |||
1 file changed, 20 insertions(+) | |||
diff --git a/.gitignore b/.gitignore | |||
index f6ccd0e..1953ba3 100644 | |||
--- a/.gitignore | |||
+++ b/.gitignore | |||
@@ -45,3 +45,23 @@ tests/test_hashes | |||
/*.sh | |||
/bug* | |||
/TAGS | |||
+# Below we forbid everything and only allow what we know, that's much easier | |||
+# than blocking about 500 different test files and bug report outputs. | |||
+/.* | |||
+/* | |||
+!/.gitignore | |||
+!/CHANGELOG | |||
+!/LICENSE | |||
+!/Makefile | |||
+!/README | |||
+!/ROADMAP | |||
+!/SUBVERS | |||
+!/VERDATE | |||
+!/VERSION | |||
+!/contrib | |||
+!/doc | |||
+!/ebtree | |||
+!/examples | |||
+!/include | |||
+!/src | |||
+!/tests | |||
-- | |||
2.4.6 | |||
@ -0,0 +1,46 @@ | |||
From c7c1e55f09839727ba7defd37347fc500dabb202 Mon Sep 17 00:00:00 2001 | |||
From: Willy Tarreau <w@1wt.eu> | |||
Date: Tue, 11 Aug 2015 11:36:45 +0200 | |||
Subject: [PATCH 10/13] MEDIUM: config: emit a warning on a frontend without | |||
listener | |||
Commit c6678e2 ("MEDIUM: config: authorize frontend and listen without bind") | |||
completely removed the test for bind lines in frontends in order to make it | |||
easier for automated tools to generate configs (eg: replacing a bind with | |||
another one passing via a temporary config without any bind line). The | |||
problem is that some common mistakes are totally hidden now. For example, | |||
this apparently valid entry is silently ignored : | |||
listen 1.2.3.4:8000 | |||
server s1 127.0.0.1:8000 | |||
Hint: 1.2.3.4:8000 is mistakenly the proxy name here. | |||
Thus instead we now emit a warning to indicate that a frontend was found | |||
with no listener. This should be backported to 1.5 to help spot abnormal | |||
configurations. | |||
(cherry picked from commit f82d1ca2d7ec83804d6b54e61a35747ad2f85188) | |||
--- | |||
src/cfgparse.c | 6 ++++++ | |||
1 file changed, 6 insertions(+) | |||
diff --git a/src/cfgparse.c b/src/cfgparse.c | |||
index 2a5f178..d67edc5 100644 | |||
--- a/src/cfgparse.c | |||
+++ b/src/cfgparse.c | |||
@@ -6193,6 +6193,12 @@ int check_config_validity() | |||
break; | |||
} | |||
+ if ((curproxy->cap & PR_CAP_FE) && LIST_ISEMPTY(&curproxy->conf.listeners)) { | |||
+ Warning("config : %s '%s' has no 'bind' directive. Please declare it as a backend if this was intended.\n", | |||
+ proxy_type_str(curproxy), curproxy->id); | |||
+ err_code |= ERR_WARN; | |||
+ } | |||
+ | |||
if ((curproxy->cap & PR_CAP_BE) && (curproxy->mode != PR_MODE_HEALTH)) { | |||
if (curproxy->lbprm.algo & BE_LB_KIND) { | |||
if (curproxy->options & PR_O_TRANSP) { | |||
-- | |||
2.4.6 | |||
@ -0,0 +1,93 @@ | |||
From ee12145d38a7dee81a20cf232c724ccb7a46ad8b Mon Sep 17 00:00:00 2001 | |||
From: Willy Tarreau <w@1wt.eu> | |||
Date: Tue, 18 Aug 2015 17:15:20 +0200 | |||
Subject: [PATCH 11/13] BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 | |||
creates a missing entry | |||
During 1.5-dev20 there was some code refactoring to make the src_* fetch | |||
function use the same code as sc_*. Unfortunately this introduced a | |||
regression where src_* doesn't create an entry anymore if it does not | |||
exist in the table. The reason is that smp_fetch_sc_stkctr() only calls | |||
stktable_lookup_key() while src_inc_*/src_clr_* used to make use of | |||
stktable_update_key() which additionally create the entry if it does | |||
not exist. | |||
There's no point modifying the common function for these two exceptions, | |||
so instead we now have a function dedicated to the creation of this entry | |||
for src_* only. It is called when the entry didn't exist, so that requires | |||
minimal modifications to existing code. | |||
Thanks to Thierry Fournier for helping diagnose the issue. | |||
This fix must be backported to 1.5. | |||
(cherry picked from commit 0f4eadd4830279f5ee83aa545728fb750f5c8185) | |||
[Note: the backport to 1.5 significantly differs from the version in 1.6 | |||
since we need to use the table's type and to retrieve the source address | |||
directly from the connection. At least it matches the way other src_* | |||
fetch functions work, and it's been verified to work fine] | |||
--- | |||
src/session.c | 33 +++++++++++++++++++++++++++++++++ | |||
1 file changed, 33 insertions(+) | |||
diff --git a/src/session.c b/src/session.c | |||
index 5b9e407..6d62e36 100644 | |||
--- a/src/session.c | |||
+++ b/src/session.c | |||
@@ -2806,6 +2806,33 @@ smp_fetch_sc_stkctr(struct session *l4, const struct arg *args, const char *kw) | |||
return &l4->stkctr[num]; | |||
} | |||
+/* same as smp_fetch_sc_stkctr() but dedicated to src_* and can create | |||
+ * the entry if it doesn't exist yet. This is needed for a few fetch | |||
+ * functions which need to create an entry, such as src_inc_gpc* and | |||
+ * src_clr_gpc*. | |||
+ */ | |||
+struct stkctr * | |||
+smp_create_src_stkctr(struct session *sess, const struct arg *args, const char *kw) | |||
+{ | |||
+ static struct stkctr stkctr; | |||
+ struct stktable_key *key; | |||
+ struct connection *conn = objt_conn(sess->si[0].end); | |||
+ | |||
+ if (strncmp(kw, "src_", 4) != 0) | |||
+ return NULL; | |||
+ | |||
+ if (!conn) | |||
+ return NULL; | |||
+ | |||
+ key = addr_to_stktable_key(&conn->addr.from, args->data.prx->table.type); | |||
+ if (!key) | |||
+ return NULL; | |||
+ | |||
+ stkctr.table = &args->data.prx->table; | |||
+ stkctr_set_entry(&stkctr, stktable_update_key(stkctr.table, key)); | |||
+ return &stkctr; | |||
+} | |||
+ | |||
/* set return a boolean indicating if the requested session counter is | |||
* currently being tracked or not. | |||
* Supports being called as "sc[0-9]_tracked" only. | |||
@@ -2887,6 +2914,9 @@ smp_fetch_sc_inc_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned i | |||
if (!stkctr) | |||
return 0; | |||
+ if (stkctr_entry(stkctr) == NULL) | |||
+ stkctr = smp_create_src_stkctr(l4, args, kw); | |||
+ | |||
smp->flags = SMP_F_VOL_TEST; | |||
smp->type = SMP_T_UINT; | |||
smp->data.uint = 0; | |||
@@ -2924,6 +2954,9 @@ smp_fetch_sc_clr_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned i | |||
if (!stkctr) | |||
return 0; | |||
+ if (stkctr_entry(stkctr) == NULL) | |||
+ stkctr = smp_create_src_stkctr(l4, args, kw); | |||
+ | |||
smp->flags = SMP_F_VOL_TEST; | |||
smp->type = SMP_T_UINT; | |||
smp->data.uint = 0; | |||
-- | |||
2.4.6 | |||
@ -0,0 +1,27 @@ | |||
From 2272b4ffde38c836adfd9a9b43ff5c019ef4190a Mon Sep 17 00:00:00 2001 | |||
From: Thierry FOURNIER <tfournier@arpalert.org> | |||
Date: Wed, 26 Aug 2015 08:21:26 +0200 | |||
Subject: [PATCH 12/13] DOC: ssl: missing LF | |||
An error message miss LF | |||
(cherry picked from commit bc965348d7ccc0a306504232ab85dc240fd31fbf) | |||
--- | |||
src/ssl_sock.c | 2 +- | |||
1 file changed, 1 insertion(+), 1 deletion(-) | |||
diff --git a/src/ssl_sock.c b/src/ssl_sock.c | |||
index 2ae45ec..8f698c0 100644 | |||
--- a/src/ssl_sock.c | |||
+++ b/src/ssl_sock.c | |||
@@ -1760,7 +1760,7 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy) | |||
#ifndef OPENSSL_NO_SSL3 | |||
SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, SSLv3_client_method()); | |||
#else | |||
- Alert("SSLv3 support requested but unavailable."); | |||
+ Alert("SSLv3 support requested but unavailable.\n"); | |||
cfgerr++; | |||
#endif | |||
} | |||
-- | |||
2.4.6 | |||
@ -0,0 +1,30 @@ | |||
From d3a93a932430bc1a4cd5d1350820c2bec706e26d Mon Sep 17 00:00:00 2001 | |||
From: Willy Tarreau <w@1wt.eu> | |||
Date: Thu, 27 Aug 2015 17:15:05 +0200 | |||
Subject: [PATCH 13/13] DOC: fix example of http-request using | |||
ssl_fc_session_id | |||
It was missing the ",hex" resulting in raw binary data being dumped in | |||
the header or the logs. Now we know where these crazy logs originated | |||
from! | |||
(cherry picked from commit fca4261dacab51db960d30120f4bb4201f7e4a51) | |||
--- | |||
doc/configuration.txt | 2 +- | |||
1 file changed, 1 insertion(+), 1 deletion(-) | |||
diff --git a/doc/configuration.txt b/doc/configuration.txt | |||
index 1d95b5b..67d273b 100644 | |||
--- a/doc/configuration.txt | |||
+++ b/doc/configuration.txt | |||
@@ -3135,7 +3135,7 @@ http-request { allow | deny | tarpit | auth [realm <realm>] | redirect <rule> | | |||
Example: | |||
http-request set-header X-Haproxy-Current-Date %T | |||
http-request set-header X-SSL %[ssl_fc] | |||
- http-request set-header X-SSL-Session_ID %[ssl_fc_session_id] | |||
+ http-request set-header X-SSL-Session_ID %[ssl_fc_session_id,hex] | |||
http-request set-header X-SSL-Client-Verify %[ssl_c_verify] | |||
http-request set-header X-SSL-Client-DN %{+Q}[ssl_c_s_dn] | |||
http-request set-header X-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)] | |||
-- | |||
2.4.6 | |||