Hi,
there were still a significant number of issues in 1.5-dev10, to the point
that I'm ashamed of running it in prod! So I have released 1.5-dev11. Among
the worst things, we can count :
- the trash size issue if tune.bufsize is increased past twice its
default value and reqrep rules are used (a crash may occur. I don't
think it's possible to make it execute code since it's in the BSS
which is not executable. Still it's possible to crash the process
and that's a real issue.
- "option forwardfor if-none" stopped working on some configs
- http-send-name-header stopped working, as well as any post-lb L7
processing (URL hashing, header hashing, bind to header, redirects, ...)
- risk of crash when checking a server in a farm with "option transparent"
- double free on exit when parsing some ACL args
- fixed peer synchronisation which was broken.
- fixed warnings emitted about log-format when in TCP mode or when
"option httplog" was specified before "mode http".
OK end of the thriller, now the good news :
- added "on-marked-up" server option to kill sessions on backup servers
(Justin Karneges)
- added "balance uri whole" to include query string (Oskar Stolc)
- added "httponly" and "secure" cookie options
- added a build target "linux2628" which is like linux26 but automatically
includes splicing and tproxy.
- added "soft stop", "soft start" and "kill" on the stats page in admin mode.
Some changes were begun on connection handling since we discovered that
the way some things are done is a bit awkward when we merge SSL (eg:
incompatibilities with proxy protocol or TCP health checks). After
several days of scratching my head, I found that the changes will need
to be more important than what I expected, so I preferred to stop doing
them and issue 1.5-dev11 before, because it's very likely that there will
be some breakage again.
I'm appending the changelog, and you can and should download the code at
the usual place :
site index : http://haproxy.1wt.eu/
sources : http://haproxy.1wt.eu/download/1.5/src/devel/
changelog : http://haproxy.1wt.eu/download/1.5/src/CHANGELOG
Cheers,
Willy
---
2012/06/04 : 1.5-dev11
- BUG/MEDIUM: option forwardfor if-none doesn't work with some
configurations
- BUG/MAJOR: trash must always be the size of a buffer
- DOC: fix minor regex example issue and improve doc on stats
- MINOR: stream_interface: add a pointer to the listener for
TARG_TYPE_CLIENT
- MEDIUM: protocol: add a pointer to struct sock_ops to the listener struct
- MINOR: checks: add on-marked-up option
- MINOR: balance uri: added 'whole' parameter to include query string in
hash calculation
- MEDIUM: stream_interface: remove the si->init
- MINOR: buffers: add a rewind function
- BUG/MAJOR: fix regression on content-based hashing and
http-send-name-header
- MAJOR: http: stop using msg->sol outside the parsers
- CLEANUP: http: make it more obvious that msg->som is always null outside
of chunks
- MEDIUM: http: get rid of msg->som which is not used anymore
- MEDIUM: http: msg->sov and msg->sol will never wrap
- BUG/MAJOR: checks: don't call set_server_status_* when no LB algo is set
- BUG/MINOR: stop connect timeout when connect succeeds
- REORG: move the send-proxy code to tcp_connect_write()
- REORG/MINOR: session: detect the TCP monitor checks at the protocol accept
- MINOR: stream_interface: introduce a new "struct connection" type
- REORG/MINOR: stream_interface: move si->fd to struct connection
- REORG/MEDIUM: stream_interface: move applet->state and private to
connection
- MINOR: stream_interface: add a data channel close function
- MEDIUM: stream_interface: call si_data_close() before releasing the si
- MINOR: peers: use the socket layer operations from the peer instead of
sock_raw
- BUG/MINOR: checks: expire on timeout.check if smaller than timeout.connect
- MINOR: add a new function call tracer for debugging purposes
- BUG/MINOR: perform_http_redirect also needs to rewind the buffer
- BUG/MAJOR: b_rew() must pass a signed offset to b_ptr()
- BUG/MEDIUM: register peer sync handler in the proper order
- BUG/MEDIUM: buffers: fix bi_putchr() to correctly advance the pointer
- BUG/MINOR: fix option httplog validation with TCP frontends
- BUG/MINOR: log: don't report logformat errors in backends
- REORG/MINOR: use dedicated proxy flags for the cookie handling
- BUG/MINOR: config: do not report twice the incompatibility between cookie
and non-http
- MINOR: http: add support for "httponly" and "secure" cookie attributes
- BUG/MEDIUM: ensure that unresolved arguments are freed exactly once
- BUG/MINOR: commit 196729ef used wrong condition resulting in freeing
constants
- MEDIUM: stats: add support for soft stop/soft start in the admin interface
- MEDIUM: stats: add the ability to kill sessions from the admin interface
- BUILD: add support for linux kernels >= 2.6.28
