package: haproxy update to 1.4.25
authorThomas Heil <heil@terminal-consulting.de>
Wed, 23 Apr 2014 11:42:46 +0000 (11:42 +0000)
committerThomas Heil <heil@terminal-consulting.de>
Wed, 23 Apr 2014 11:42:46 +0000 (11:42 +0000)
SVN-Revision: 40562

12 files changed:
net/haproxy/Makefile
net/haproxy/patches/0001-BUG-MAJOR-http-don-t-emit-the-send-name-header-when-.patch [deleted file]
net/haproxy/patches/0002-BUG-MEDIUM-http-option-checkcache-fails-with-the-no-.patch [deleted file]
net/haproxy/patches/0003-MEDIUM-session-disable-lingering-on-the-server-when-.patch [deleted file]
net/haproxy/patches/0004-BUG-MINOR-deinit-free-fdinfo-while-doing-cleanup.patch [deleted file]
net/haproxy/patches/0005-BUG-MEDIUM-server-set-the-macro-for-server-s-max-wei.patch [deleted file]
net/haproxy/patches/0006-BUG-MINOR-use-the-same-check-condition-for-server-as.patch [deleted file]
net/haproxy/patches/0007-MINOR-config-warn-when-a-server-with-no-specific-por.patch [deleted file]
net/haproxy/patches/0008-MEDIUM-increase-chunk-size-limit-to-2GB-1.patch [deleted file]
net/haproxy/patches/0009-DOC-add-a-mention-about-the-limited-chunk-size.patch [deleted file]
net/haproxy/patches/001-haproxy-1.4.x-sendproxy.patch
net/haproxy/patches/0010-MEDIUM-http-add-redirect-scheme-to-ease-HTTP-to-HTTP.patch [deleted file]

index efe6388701235ff1b1b444acb846748ad052093e..80757525b6e92ecff5d17d1c1ae3eee160d6436f 100644 (file)
@@ -9,12 +9,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=haproxy
-PKG_VERSION:=1.4.24
-PKG_RELEASE:=11
+PKG_VERSION:=1.4.25
+PKG_RELEASE:=01
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.4/src
-PKG_MD5SUM:=86422620faa9759907563d5e0524b98c
+PKG_MD5SUM:=74b5ec1f0f9b4d148c8083bcfb512ccd
 
 include $(INCLUDE_DIR)/package.mk
 
diff --git a/net/haproxy/patches/0001-BUG-MAJOR-http-don-t-emit-the-send-name-header-when-.patch b/net/haproxy/patches/0001-BUG-MAJOR-http-don-t-emit-the-send-name-header-when-.patch
deleted file mode 100644 (file)
index 010e035..0000000
+++ /dev/null
@@ -1,41 +0,0 @@
-From d362dc75f3dfa7062e5c2cb7822ad12ffb755389 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Thu, 4 Jul 2013 11:44:27 +0200
-Subject: [PATCH 1/2] BUG/MAJOR: http: don't emit the send-name-header when no
- server is available
-
-Lukas Benes reported that http-send-name-header causes a segfault if no
-server is available because we're dereferencing the session's target which
-is NULL. The tiniest reproducer looks like this :
-
-     listen foo
-         bind :1234
-         mode http
-         http-send-name-header srv
-
-This obvious fix must be backported to 1.4 which is affected as well.
-(cherry picked from commit 0fc36e3ae99ccbe6de88cf64093f3045e526d088)
----
- src/session.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/session.c b/src/session.c
-index 6211a45..21ecb9f 100644
---- a/src/session.c
-+++ b/src/session.c
-@@ -1428,9 +1428,9 @@ resync_stream_interface:
-               /* Now we can add the server name to a header (if requested) */
-               /* check for HTTP mode and proxy server_name_hdr_name != NULL */
-               if ((s->flags & SN_BE_ASSIGNED) &&
--                      (s->be->mode == PR_MODE_HTTP) &&
--                      (s->be->server_id_hdr_name != NULL)) {
--
-+                  (s->be->mode == PR_MODE_HTTP) &&
-+                  (s->be->server_id_hdr_name != NULL) &&
-+                  (s->srv)) {
-                       http_send_name_header(&s->txn,
-                                             &s->txn.req,
-                                             s->req,
--- 
-1.8.1.5
-
diff --git a/net/haproxy/patches/0002-BUG-MEDIUM-http-option-checkcache-fails-with-the-no-.patch b/net/haproxy/patches/0002-BUG-MEDIUM-http-option-checkcache-fails-with-the-no-.patch
deleted file mode 100644 (file)
index 8d17bee..0000000
+++ /dev/null
@@ -1,37 +0,0 @@
-From 9f2080114f79f64051e17b12957655e26c46bdf0 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Thu, 4 Jul 2013 12:46:56 +0200
-Subject: [PATCH 2/2] BUG/MEDIUM: http: "option checkcache" fails with the
- no-cache header
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The checkcache option checks for cacheable responses with a set-cookie
-header. Since the response processing code was refactored in 1.3.8
-(commit a15645d4), the check was broken because the no-cache value
-is only checked as no-cache="set-cookie", and not alone.
-
-Thanks to Hervé Commowick for reporting this stupid bug!
-
-The fix should be backported to 1.4 and 1.3.
-(cherry picked from commit 5b15f9004d13b8a7e5e665929cad97a2c0beebd3)
----
- src/proto_http.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/proto_http.c b/src/proto_http.c
-index a63d65d..22a7737 100644
---- a/src/proto_http.c
-+++ b/src/proto_http.c
-@@ -7373,6 +7373,7 @@ void check_response_for_cacheability(struct session *t, struct buffer *rtr)
-               /* OK, so we know that either p2 points to the end of string or to a comma */
-               if (((p2 - p1 ==  7) && strncasecmp(p1, "private", 7) == 0) ||
-+                  ((p2 - p1 ==  8) && strncasecmp(p1, "no-cache", 8) == 0) ||
-                   ((p2 - p1 ==  8) && strncasecmp(p1, "no-store", 8) == 0) ||
-                   ((p2 - p1 ==  9) && strncasecmp(p1, "max-age=0", 9) == 0) ||
-                   ((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) {
--- 
-1.8.1.5
-
diff --git a/net/haproxy/patches/0003-MEDIUM-session-disable-lingering-on-the-server-when-.patch b/net/haproxy/patches/0003-MEDIUM-session-disable-lingering-on-the-server-when-.patch
deleted file mode 100644 (file)
index 56bdbe7..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-From d45840bd28f5cf604d320ab9ff308ba7ba8c0b28 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Fri, 21 Jun 2013 08:20:19 +0200
-Subject: [PATCH 3/9] MEDIUM: session: disable lingering on the server when the
- client aborts
-
-When abortonclose is used and an error is detected on the client side,
-better force an RST to the server. That way we propagate to the server
-the same vision we got from the client, and we ensure that we won't keep
-TIME_WAITs.
-
-(cherry picked from commit 8615c2af67dc2be07bdb246ed13130fe7d32e3d1)
----
- src/session.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/session.c b/src/session.c
-index 21ecb9f..9ed932c 100644
---- a/src/session.c
-+++ b/src/session.c
-@@ -1370,8 +1370,11 @@ resync_stream_interface:
-                       buffer_shutw_now(s->req);
-       /* shutdown(write) pending */
--      if (unlikely((s->req->flags & (BF_SHUTW|BF_SHUTW_NOW|BF_OUT_EMPTY)) == (BF_SHUTW_NOW|BF_OUT_EMPTY)))
-+      if (unlikely((s->req->flags & (BF_SHUTW|BF_SHUTW_NOW|BF_OUT_EMPTY)) == (BF_SHUTW_NOW|BF_OUT_EMPTY))) {
-+              if (s->req->flags & BF_READ_ERROR)
-+                      s->req->cons->flags |= SI_FL_NOLINGER;
-               s->req->cons->shutw(s->req->cons);
-+      }
-       /* shutdown(write) done on server side, we must stop the client too */
-       if (unlikely((s->req->flags & (BF_SHUTW|BF_SHUTR|BF_SHUTR_NOW)) == BF_SHUTW &&
--- 
-1.8.1.5
-
diff --git a/net/haproxy/patches/0004-BUG-MINOR-deinit-free-fdinfo-while-doing-cleanup.patch b/net/haproxy/patches/0004-BUG-MINOR-deinit-free-fdinfo-while-doing-cleanup.patch
deleted file mode 100644 (file)
index b153b32..0000000
+++ /dev/null
@@ -1,29 +0,0 @@
-From 25d0a14ada411dc73b55b55d5b27599ccd2fa4a2 Mon Sep 17 00:00:00 2001
-From: Godbach <nylzhaowei@gmail.com>
-Date: Wed, 26 Jun 2013 16:49:51 +0800
-Subject: [PATCH 4/9] BUG/MINOR: deinit: free fdinfo while doing cleanup
-
-Both fdinfo and fdtab are allocated memory in init() while haproxy is starting,
-but only fdtab is freed in deinit(), fdinfo should also be freed.
-
-Signed-off-by: Godbach <nylzhaowei@gmail.com>
-(cherry picked from commit 4cc1b0d4ef283b5ace5249483ec7eb3b1fc5d193)
----
- src/haproxy.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/haproxy.c b/src/haproxy.c
-index 7a09e3f..c163743 100644
---- a/src/haproxy.c
-+++ b/src/haproxy.c
-@@ -941,6 +941,7 @@ void deinit(void)
-       free(global.pidfile); global.pidfile = NULL;
-       free(global.node);    global.node = NULL;
-       free(global.desc);    global.desc = NULL;
-+      free(fdinfo);         fdinfo  = NULL;
-       free(fdtab);          fdtab   = NULL;
-       free(oldpids);        oldpids = NULL;
--- 
-1.8.1.5
-
diff --git a/net/haproxy/patches/0005-BUG-MEDIUM-server-set-the-macro-for-server-s-max-wei.patch b/net/haproxy/patches/0005-BUG-MEDIUM-server-set-the-macro-for-server-s-max-wei.patch
deleted file mode 100644 (file)
index 4c75366..0000000
+++ /dev/null
@@ -1,110 +0,0 @@
-From ee591233efd57d625fea9057a975281fb8f4d358 Mon Sep 17 00:00:00 2001
-From: Godbach <nylzhaowei@gmail.com>
-Date: Mon, 22 Jul 2013 07:44:53 +0800
-Subject: [PATCH 5/9] BUG/MEDIUM: server: set the macro for server's max weight
- SRV_UWGHT_MAX to SRV_UWGHT_RANGE
-
-The max weight of server is 256 now, but SRV_UWGHT_MAX is still 255. As a result,
-FWRR will not work well when server's weight is 256. The description is as below:
-
-There are some macros related to server's weight in include/types/server.h:
-    #define SRV_UWGHT_RANGE 256
-    #define SRV_UWGHT_MAX   (SRV_UWGHT_RANGE - 1)
-    #define SRV_EWGHT_MAX   (SRV_UWGHT_MAX   * BE_WEIGHT_SCALE)
-
-Since weight of server can be reach to 256 and BE_WEIGHT_SCALE equals to 16,
-the max eweight of server should be 256*16 = 4096, it will exceed SRV_EWGHT_MAX
-which equals to SRV_UWGHT_MAX*BE_WEIGHT_SCALE = 255*16 = 4080. When a server
-with weight 256 is insterted into FWRR tree during initialization, the key value
-of this server should be SRV_EWGHT_MAX - s->eweight = 4080 - 4096 = -16 which
-is closed to UINT_MAX in unsigned type, so the server with highest weight will
-be not elected as the first server to process request.
-
-In addition, it is a better choice to compare with SRV_UWGHT_MAX than a magic
-number 256 while doing check for the weight. The max number of servers for
-round-robin algorithm is also updated.
-
-Signed-off-by: Godbach <nylzhaowei@gmail.com>
-(cherry picked from commit a34bdc0ea402ea5be1e9d7f80eaddec772b94393)
----
- doc/configuration.txt   | 2 +-
- include/types/backend.h | 4 ++--
- include/types/server.h  | 2 +-
- src/cfgparse.c          | 6 +++---
- src/lb_fwrr.c           | 2 +-
- 5 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/doc/configuration.txt b/doc/configuration.txt
-index 6e0add7..a008cd7 100644
---- a/doc/configuration.txt
-+++ b/doc/configuration.txt
-@@ -1141,7 +1141,7 @@ balance url_param <param> [check_post [<max_wait>]]
-                   processing time remains equally distributed. This algorithm
-                   is dynamic, which means that server weights may be adjusted
-                   on the fly for slow starts for instance. It is limited by
--                  design to 4128 active servers per backend. Note that in some
-+                  design to 4095 active servers per backend. Note that in some
-                   large farms, when a server becomes up after having been down
-                   for a very short time, it may sometimes take a few hundreds
-                   requests for it to be re-integrated into the farm and start
-diff --git a/include/types/backend.h b/include/types/backend.h
-index dc4786e..1067125 100644
---- a/include/types/backend.h
-+++ b/include/types/backend.h
-@@ -102,8 +102,8 @@
-  * weight modulation even with small weights (eg: 1). It should not be too high
-  * though because it limits the number of servers in FWRR mode in order to
-  * prevent any integer overflow. The max number of servers per backend is
-- * limited to about 2^32/255^2/scale ~= 66051/scale. A scale of 16 looks like
-- * a good value, as it allows more than 4000 servers per backend while leaving
-+ * limited to about (2^32-1)/256^2/scale ~= 65535.9999/scale. A scale of 16
-+ * looks like a good value, as it allows 4095 servers per backend while leaving
-  * modulation steps of about 6% for servers with the lowest weight (1).
-  */
- #define BE_WEIGHT_SCALE 16
-diff --git a/include/types/server.h b/include/types/server.h
-index 14e4d1f..9fbd290 100644
---- a/include/types/server.h
-+++ b/include/types/server.h
-@@ -69,7 +69,7 @@
- /* various constants */
- #define SRV_UWGHT_RANGE 256
--#define SRV_UWGHT_MAX   (SRV_UWGHT_RANGE - 1)
-+#define SRV_UWGHT_MAX   (SRV_UWGHT_RANGE)
- #define SRV_EWGHT_RANGE (SRV_UWGHT_RANGE * BE_WEIGHT_SCALE)
- #define SRV_EWGHT_MAX   (SRV_UWGHT_MAX   * BE_WEIGHT_SCALE)
-diff --git a/src/cfgparse.c b/src/cfgparse.c
-index 345b415..7d349b3 100644
---- a/src/cfgparse.c
-+++ b/src/cfgparse.c
-@@ -3639,9 +3639,9 @@ stats_error_parsing:
-                       else if (!strcmp(args[cur_arg], "weight")) {
-                               int w;
-                               w = atol(args[cur_arg + 1]);
--                              if (w < 0 || w > 256) {
--                                      Alert("parsing [%s:%d] : weight of server %s is not within 0 and 256 (%d).\n",
--                                            file, linenum, newsrv->id, w);
-+                              if (w < 0 || w > SRV_UWGHT_MAX) {
-+                                      Alert("parsing [%s:%d] : weight of server %s is not within 0 and %d (%d).\n",
-+                                            file, linenum, newsrv->id, SRV_UWGHT_MAX, w);
-                                       err_code |= ERR_ALERT | ERR_FATAL;
-                                       goto out;
-                               }
-diff --git a/src/lb_fwrr.c b/src/lb_fwrr.c
-index d92b6eb..7f5c8a9 100644
---- a/src/lb_fwrr.c
-+++ b/src/lb_fwrr.c
-@@ -343,7 +343,7 @@ static void fwrr_queue_srv(struct server *s)
-                * lower the scale, the rougher the weights modulation, and the
-                * higher the scale, the lower the number of servers without
-                * overflow. With this formula, the result is always positive,
--               * so we can use eb3é_insert().
-+               * so we can use eb32_insert().
-                */
-               s->lb_node.key = SRV_UWGHT_RANGE * s->npos +
-                       (unsigned)(SRV_EWGHT_MAX + s->rweight - s->eweight) / BE_WEIGHT_SCALE;
--- 
-1.8.1.5
-
diff --git a/net/haproxy/patches/0006-BUG-MINOR-use-the-same-check-condition-for-server-as.patch b/net/haproxy/patches/0006-BUG-MINOR-use-the-same-check-condition-for-server-as.patch
deleted file mode 100644 (file)
index 00e058e..0000000
+++ /dev/null
@@ -1,41 +0,0 @@
-From 3bd693057420af0cd04132fdfb7c59e56aa90421 Mon Sep 17 00:00:00 2001
-From: Godbach <nylzhaowei@gmail.com>
-Date: Wed, 7 Aug 2013 09:48:23 +0800
-Subject: [PATCH 6/9] BUG/MINOR: use the same check condition for server as
- other algorithms
-
-Such load balance algorithms as roundrobin, leastconn and first will check the
-server after being selected with the following condition:
-       if (!s->maxconn || (!s->nbpend && s->served < srv_dynamic_maxconn(s)))
-
-But static-rr uses the different one in map_get_server_rr()  as below:
-       if (!srv->maxconn || srv->cur_sess < srv_dynamic_maxconn(srv))
-After viewing this difference, it is a better choice for static-rr to use the
-same check condition as other algorithms.
-
-This change will only affect static-rr. Though all hash algorithms with type
-map-based will use the same server map as static-rr, they call another function
-map_get_server_hash() to get server.
-
-Signed-off-by: Godbach <nylzhaowei@gmail.com>
-(cherry picked from commit 8f9fd2f0a0893761afeb6800c7b62a51d782af0e)
----
- src/lb_map.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/lb_map.c b/src/lb_map.c
-index 49805ad..9858249 100644
---- a/src/lb_map.c
-+++ b/src/lb_map.c
-@@ -229,7 +229,7 @@ struct server *map_get_server_rr(struct proxy *px, struct server *srvtoavoid)
-       avoididx = 0; /* shut a gcc warning */
-       do {
-               srv = px->lbprm.map.srv[newidx++];
--              if (!srv->maxconn || srv->cur_sess < srv_dynamic_maxconn(srv)) {
-+              if (!srv->maxconn || (!srv->nbpend && srv->served < srv_dynamic_maxconn(srv))) {
-                       /* make sure it is not the server we are try to exclude... */
-                       if (srv != srvtoavoid) {
-                               px->lbprm.map.rr_idx = newidx;
--- 
-1.8.1.5
-
diff --git a/net/haproxy/patches/0007-MINOR-config-warn-when-a-server-with-no-specific-por.patch b/net/haproxy/patches/0007-MINOR-config-warn-when-a-server-with-no-specific-por.patch
deleted file mode 100644 (file)
index 194da64..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-From 8c1b1be9e4f11a8474f64dcb85d507a57b6cfe9f Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Tue, 13 Aug 2013 17:19:08 +0200
-Subject: [PATCH 7/9] MINOR: config: warn when a server with no specific port
- uses rdp-cookie
-
-Mathew Levett reported an issue which is a bit nasty and hard to track
-down. RDP cookies contain both the IP and the port, and haproxy matches
-them exactly. So if a server has no port specified (or a remapped port),
-it will never match a port specified in a cookie. Better warn the user
-when this is detected.
-(cherry picked from commit 82ffa39bfd34e5680cb65cc0b7ef625c0a274856)
----
- src/cfgparse.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/cfgparse.c b/src/cfgparse.c
-index 7d349b3..cecec03 100644
---- a/src/cfgparse.c
-+++ b/src/cfgparse.c
-@@ -5638,6 +5638,12 @@ out_uri_auth_compat:
-                               err_code |= ERR_WARN;
-                       }
-+                      if ((newsrv->state & SRV_MAPPORTS) && (curproxy->options2 & PR_O2_RDPC_PRST)) {
-+                              Warning("config : %s '%s' : RDP cookie persistence will not work for server '%s' because it lacks an explicit port number.\n",
-+                                      proxy_type_str(curproxy), curproxy->id, newsrv->id);
-+                              err_code |= ERR_WARN;
-+                      }
-+
- #if defined(CONFIG_HAP_CTTPROXY) || defined(CONFIG_HAP_LINUX_TPROXY)
-                       if (curproxy->mode != PR_MODE_HTTP && newsrv->bind_hdr_occ) {
-                               newsrv->bind_hdr_occ = 0;
--- 
-1.8.1.5
-
diff --git a/net/haproxy/patches/0008-MEDIUM-increase-chunk-size-limit-to-2GB-1.patch b/net/haproxy/patches/0008-MEDIUM-increase-chunk-size-limit-to-2GB-1.patch
deleted file mode 100644 (file)
index 794255e..0000000
+++ /dev/null
@@ -1,31 +0,0 @@
-From 92518a563b9c1f9117e1dec2cc2a8ae95b1643d6 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Fri, 24 Feb 2012 19:20:12 +0100
-Subject: [PATCH 8/9] MEDIUM: increase chunk-size limit to 2GB-1
-
-Since commit 115acb97, chunk size was limited to 256MB. There is no reason for
-such a limit and the comment on the code suggests a missing zero. However,
-increasing the limit past 2 GB causes trouble due to some 32-bit subtracts
-in various computations becoming negative (eg: buffer_max_len). So let's limit
-the chunk size to 2 GB - 1 max.
-(cherry picked from commit 431946e9617572d2813bd5a8f5a51ce36f841ea3)
----
- src/proto_http.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/proto_http.c b/src/proto_http.c
-index 22a7737..7fd1fe6 100644
---- a/src/proto_http.c
-+++ b/src/proto_http.c
-@@ -2112,7 +2112,7 @@ int http_parse_chunk_size(struct buffer *buf, struct http_msg *msg)
-                       break;
-               if (++ptr >= end)
-                       ptr = buf->data;
--              if (chunk & 0xF000000) /* overflow will occur */
-+              if (chunk & 0xF8000000) /* integer overflow will occur if result >= 2GB */
-                       goto error;
-               chunk = (chunk << 4) + c;
-       }
--- 
-1.8.1.5
-
diff --git a/net/haproxy/patches/0009-DOC-add-a-mention-about-the-limited-chunk-size.patch b/net/haproxy/patches/0009-DOC-add-a-mention-about-the-limited-chunk-size.patch
deleted file mode 100644 (file)
index d645e7b..0000000
+++ /dev/null
@@ -1,28 +0,0 @@
-From fdeb2171b83ab4fd5db36f1c45d57e2100529076 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Sat, 31 Aug 2013 08:16:26 +0200
-Subject: [PATCH 9/9] DOC: add a mention about the limited chunk size
-
-We now indicate that PD flags can be returned for chunk sizes >= 2GB.
-(cherry picked from commit f3a3e1389e40434da9e1fc295be6ff5a8037effb)
----
- doc/configuration.txt | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/doc/configuration.txt b/doc/configuration.txt
-index a008cd7..56438dd 100644
---- a/doc/configuration.txt
-+++ b/doc/configuration.txt
-@@ -8044,7 +8044,8 @@ easier finding and understanding.
-      PD   The proxy blocked an incorrectly formatted chunked encoded message in
-           a request or a response, after the server has emitted its headers. In
-           most cases, this will indicate an invalid message from the server to
--          the client.
-+          the client. Haproxy supports chunk sizes of up to 2GB - 1 (2147483647
-+          bytes). Any larger size will be considered as an error.
-      PH   The proxy blocked the server's response, because it was invalid,
-           incomplete, dangerous (cache control), or matched a security filter.
--- 
-1.8.1.5
-
index 66e6acdb1c27661157bdfd6c312010d216b12943..401d57ffd62da983ccc868166ac699e5f9ae2ef2 100644 (file)
@@ -16,8 +16,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
  src/standard.c            |   9 ++-
  10 files changed, 275 insertions(+), 19 deletions(-)
 
---- a/doc/configuration.txt
-+++ b/doc/configuration.txt
+Index: haproxy-1.4.25/doc/configuration.txt
+===================================================================
+--- haproxy-1.4.25.orig/doc/configuration.txt
++++ haproxy-1.4.25/doc/configuration.txt
 @@ -1343,6 +1343,7 @@ bind [<address>]:<port_range> [, ...] tr
  bind [<address>]:<port_range> [, ...] id <id>
  bind [<address>]:<port_range> [, ...] name <name>
@@ -58,7 +60,7 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
  
  
  bind-process [ all | odd | even | <number 1-32> ] ...
-@@ -7237,7 +7253,9 @@ marked with a star ('*') after the field
+@@ -7257,7 +7273,9 @@ marked with a star ('*') after the field
  
  Detailed fields description :
    - "client_ip" is the IP address of the client which initiated the TCP
@@ -69,7 +71,7 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
  
    - "client_port" is the TCP port of the client which initiated the connection.
  
-@@ -7410,7 +7428,9 @@ with a star ('*') after the field name b
+@@ -7430,7 +7448,9 @@ with a star ('*') after the field name b
  
  Detailed fields description :
    - "client_ip" is the IP address of the client which initiated the TCP
@@ -80,8 +82,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
  
    - "client_port" is the TCP port of the client which initiated the connection.
  
---- a/include/common/standard.h
-+++ b/include/common/standard.h
+Index: haproxy-1.4.25/include/common/standard.h
+===================================================================
+--- haproxy-1.4.25.orig/include/common/standard.h
++++ haproxy-1.4.25/include/common/standard.h
 @@ -269,6 +269,28 @@ static inline unsigned int __strl2uic(co
        return i;
  }
@@ -123,8 +127,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
  
  static inline char *cut_crlf(char *s) {
  
---- a/include/proto/client.h
-+++ b/include/proto/client.h
+Index: haproxy-1.4.25/include/proto/client.h
+===================================================================
+--- haproxy-1.4.25.orig/include/proto/client.h
++++ haproxy-1.4.25/include/proto/client.h
 @@ -25,6 +25,7 @@
  #include <common/config.h>
  #include <types/session.h>
@@ -133,8 +139,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
  void get_frt_addr(struct session *s);
  int event_accept(int fd);
  
---- a/include/types/buffers.h
-+++ b/include/types/buffers.h
+Index: haproxy-1.4.25/include/types/buffers.h
+===================================================================
+--- haproxy-1.4.25.orig/include/types/buffers.h
++++ haproxy-1.4.25/include/types/buffers.h
 @@ -135,16 +135,16 @@
   * The field is blanked by buffer_init() and only by analysers themselves
   * afterwards.
@@ -162,8 +170,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
  #define AN_REQ_PRST_RDP_COOKIE  0x00000400  /* persistence on rdp cookie */
  #define AN_REQ_HTTP_XFER_BODY   0x00000800  /* forward request body */
  
---- a/include/types/protocols.h
-+++ b/include/types/protocols.h
+Index: haproxy-1.4.25/include/types/protocols.h
+===================================================================
+--- haproxy-1.4.25.orig/include/types/protocols.h
++++ haproxy-1.4.25/include/types/protocols.h
 @@ -72,6 +72,7 @@
  #define LI_O_FOREIGN  0x0002  /* permit listening on foreing addresses */
  #define LI_O_NOQUICKACK       0x0004  /* disable quick ack of immediate data (linux) */
@@ -172,8 +182,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
  
  /* The listener will be directly referenced by the fdtab[] which holds its
   * socket. The listener provides the protocol-specific accept() function to
---- a/src/cfgparse.c
-+++ b/src/cfgparse.c
+Index: haproxy-1.4.25/src/cfgparse.c
+===================================================================
+--- haproxy-1.4.25.orig/src/cfgparse.c
++++ haproxy-1.4.25/src/cfgparse.c
 @@ -1467,6 +1467,16 @@ int cfg_parse_listen(const char *file, i
  #endif
                        }
@@ -200,7 +212,7 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
                              file, linenum, args[0]);
                        err_code |= ERR_ALERT | ERR_FATAL;
                        goto out;
-@@ -5726,6 +5736,9 @@ out_uri_auth_compat:
+@@ -5743,6 +5753,9 @@ out_uri_auth_compat:
                        listener->handler = process_session;
                        listener->analysers |= curproxy->fe_req_ana;
  
@@ -210,8 +222,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
                        /* smart accept mode is automatic in HTTP mode */
                        if ((curproxy->options2 & PR_O2_SMARTACC) ||
                            (curproxy->mode == PR_MODE_HTTP &&
---- a/src/client.c
-+++ b/src/client.c
+Index: haproxy-1.4.25/src/client.c
+===================================================================
+--- haproxy-1.4.25.orig/src/client.c
++++ haproxy-1.4.25/src/client.c
 @@ -22,6 +22,7 @@
  
  #include <common/compat.h>
@@ -412,9 +426,11 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
  /* Retrieves the original destination address used by the client, and sets the
   * SN_FRT_ADDR_SET flag.
   */
---- a/src/proto_http.c
-+++ b/src/proto_http.c
-@@ -4156,7 +4156,8 @@ void http_end_txn_clean_session(struct s
+Index: haproxy-1.4.25/src/proto_http.c
+===================================================================
+--- haproxy-1.4.25.orig/src/proto_http.c
++++ haproxy-1.4.25/src/proto_http.c
+@@ -4209,7 +4209,8 @@ void http_end_txn_clean_session(struct s
        if (s->rep->lr >= s->rep->data + s->rep->size)
                s->rep->lr -= s->req->size;
  
@@ -424,7 +440,7 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
        s->rep->analysers = 0;
  
        http_silent_debug(__LINE__, s);
-@@ -7741,7 +7742,6 @@ void http_reset_txn(struct session *s)
+@@ -7807,7 +7808,6 @@ void http_reset_txn(struct session *s)
        http_init_txn(s);
  
        s->be = s->fe;
@@ -432,8 +448,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
        s->logs.logwait = s->fe->to_log;
        s->srv = s->prev_srv = s->srv_conn = NULL;
        /* re-init store persistence */
---- a/src/session.c
-+++ b/src/session.c
+Index: haproxy-1.4.25/src/session.c
+===================================================================
+--- haproxy-1.4.25.orig/src/session.c
++++ haproxy-1.4.25/src/session.c
 @@ -34,6 +34,7 @@
  #include <proto/proxy.h>
  #include <proto/queue.h>
@@ -442,7 +460,7 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
  #include <proto/stick_table.h>
  #include <proto/stream_interface.h>
  #include <proto/stream_sock.h>
-@@ -1071,6 +1072,12 @@ resync_stream_interface:
+@@ -1083,6 +1084,12 @@ resync_stream_interface:
                        while (ana_list && max_loops--) {
                                /* Warning! ensure that analysers are always placed in ascending order! */
  
@@ -455,8 +473,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
                                if (ana_list & AN_REQ_INSPECT) {
                                        if (!tcp_inspect_request(s, s->req, AN_REQ_INSPECT))
                                                break;
---- a/src/standard.c
-+++ b/src/standard.c
+Index: haproxy-1.4.25/src/standard.c
+===================================================================
+--- haproxy-1.4.25.orig/src/standard.c
++++ haproxy-1.4.25/src/standard.c
 @@ -569,6 +569,11 @@ unsigned int strl2uic(const char *s, int
        return __strl2uic(s, len);
  }
diff --git a/net/haproxy/patches/0010-MEDIUM-http-add-redirect-scheme-to-ease-HTTP-to-HTTP.patch b/net/haproxy/patches/0010-MEDIUM-http-add-redirect-scheme-to-ease-HTTP-to-HTTP.patch
deleted file mode 100644 (file)
index 53863c5..0000000
+++ /dev/null
@@ -1,202 +0,0 @@
-From eb9632f7c6ae675bdee4c82eb0d298ba7f37fc52 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Wed, 12 Sep 2012 08:43:15 +0200
-Subject: [PATCH 10/10] MEDIUM: http: add "redirect scheme" to ease HTTP to
- HTTPS redirection
-
-For instance :
-
-   redirect scheme https if !{ is_ssl }
-
-Backport-suggested-by: Russell Geldmacher <russell.geldmacher@gmail.com>
-(cherry picked from commit 2e1dca8f5238155cbc52d37316fe858c4f61cf34)
----
- doc/configuration.txt      | 35 ++++++++++++++++++-------
- include/types/proto_http.h |  1 +
- src/cfgparse.c             | 14 +++++++++-
- src/proto_http.c           | 65 ++++++++++++++++++++++++++++++++++++++++++++++
- 4 files changed, 104 insertions(+), 11 deletions(-)
-
-diff --git a/doc/configuration.txt b/doc/configuration.txt
-index 56438dd..f2043a1 100644
---- a/doc/configuration.txt
-+++ b/doc/configuration.txt
-@@ -4039,8 +4039,9 @@ rate-limit sessions <rate>
-   See also : the "backlog" keyword and the "fe_sess_rate" ACL criterion.
--redirect location <to> [code <code>] <option> [{if | unless} <condition>]
--redirect prefix   <to> [code <code>] <option> [{if | unless} <condition>]
-+redirect location <loc> [code <code>] <option> [{if | unless} <condition>]
-+redirect prefix   <pfx> [code <code>] <option> [{if | unless} <condition>]
-+redirect scheme   <sch> [code <code>] <option> [{if | unless} <condition>]
-   Return an HTTP redirection if/unless a condition is matched
-   May be used in sections :   defaults | frontend | listen | backend
-                                  no    |    yes   |   yes  |   yes
-@@ -4049,14 +4050,25 @@ redirect prefix   <to> [code <code>] <option> [{if | unless} <condition>]
-   response. If no condition is specified, the redirect applies unconditionally.
-   Arguments :
--    <to>      With "redirect location", the exact value in <to> is placed into
--              the HTTP "Location" header. In case of "redirect prefix", the
--              "Location" header is built from the concatenation of <to> and the
--              complete URI, including the query string, unless the "drop-query"
--              option is specified (see below). As a special case, if <to>
--              equals exactly "/" in prefix mode, then nothing is inserted
--              before the original URI. It allows one to redirect to the same
--              URL.
-+    <loc>     With "redirect location", the exact value in <loc> is placed into
-+              the HTTP "Location" header.
-+
-+    <pfx>     With "redirect prefix", the "Location" header is built from the
-+              concatenation of <pfx> and the complete URI path, including the
-+              query string, unless the "drop-query" option is specified (see
-+              below). As a special case, if <pfx> equals exactly "/", then
-+              nothing is inserted before the original URI. It allows one to
-+              redirect to the same URL (for instance, to insert a cookie).
-+
-+    <sch>     With "redirect scheme", then the "Location" header is built by
-+              concatenating <sch> with "://" then the first occurrence of the
-+              "Host" header, and then the URI path, including the query string
-+              unless the "drop-query" option is specified (see below). If no
-+              path is found or if the path is "*", then "/" is used instead. If
-+              no "Host" header is found, then an empty host component will be
-+              returned, which most recent browsers interprete as redirecting to
-+              the same host. This directive is mostly used to redirect HTTP to
-+              HTTPS.
-     <code>    The code is optional. It indicates which type of HTTP redirection
-               is desired. Only codes 301, 302, 303, 307 and 308 are supported,
-@@ -4117,6 +4129,9 @@ redirect prefix   <to> [code <code>] <option> [{if | unless} <condition>]
-         acl missing_slash path_reg ^/article/[^/]*$
-         redirect code 301 prefix / drop-query append-slash if missing_slash
-+  Example: redirect all HTTP traffic to HTTPS when SSL is handled by haproxy.
-+        redirect scheme https if !{ is_ssl }
-+
-   See section 7 about ACL usage.
-diff --git a/include/types/proto_http.h b/include/types/proto_http.h
-index 09d4dd8..0e2b14f 100644
---- a/include/types/proto_http.h
-+++ b/include/types/proto_http.h
-@@ -224,6 +224,7 @@ enum {
-       REDIRECT_TYPE_NONE = 0,         /* no redirection */
-       REDIRECT_TYPE_LOCATION,         /* location redirect */
-       REDIRECT_TYPE_PREFIX,           /* prefix redirect */
-+      REDIRECT_TYPE_SCHEME,           /* scheme redirect (eg: switch from http to https) */
- };
- /* Perist types (force-persist, ignore-persist) */
-diff --git a/src/cfgparse.c b/src/cfgparse.c
-index cecec03..09ffcd3 100644
---- a/src/cfgparse.c
-+++ b/src/cfgparse.c
-@@ -2182,6 +2182,18 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
-                               cur_arg++;
-                               destination = args[cur_arg];
-                       }
-+                      else if (!strcmp(args[cur_arg], "scheme")) {
-+                              if (!*args[cur_arg + 1]) {
-+                                      Alert("parsing [%s:%d] : '%s': missing argument for '%s'.\n",
-+                                            file, linenum, args[0], args[cur_arg]);
-+                                      err_code |= ERR_ALERT | ERR_FATAL;
-+                                      goto out;
-+                              }
-+
-+                              type = REDIRECT_TYPE_SCHEME;
-+                              cur_arg++;
-+                              destination = args[cur_arg];
-+                      }
-                       else if (!strcmp(args[cur_arg], "set-cookie")) {
-                               if (!*args[cur_arg + 1]) {
-                                       Alert("parsing [%s:%d] : '%s': missing argument for '%s'.\n",
-@@ -2240,7 +2252,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
-                               break;
-                       }
-                       else {
--                              Alert("parsing [%s:%d] : '%s' expects 'code', 'prefix', 'location', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s').\n",
-+                              Alert("parsing [%s:%d] : '%s' expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s').\n",
-                                     file, linenum, args[0], args[cur_arg]);
-                               err_code |= ERR_ALERT | ERR_FATAL;
-                               goto out;
-diff --git a/src/proto_http.c b/src/proto_http.c
-index 7fd1fe6..ed35795 100644
---- a/src/proto_http.c
-+++ b/src/proto_http.c
-@@ -3390,6 +3390,71 @@ int http_process_req_common(struct session *s, struct buffer *req, int an_bit, s
-                               goto return_bad_req;
-                       switch(rule->type) {
-+                      case REDIRECT_TYPE_SCHEME: {
-+                              const char *path;
-+                              const char *host;
-+                              struct hdr_ctx ctx;
-+                              int pathlen;
-+                              int hostlen;
-+
-+                              host = "";
-+                              hostlen = 0;
-+                              ctx.idx = 0;
-+                              if (http_find_header2("Host", 4, msg->sol, &txn->hdr_idx, &ctx)) {
-+                                      host = ctx.line + ctx.val;
-+                                      hostlen = ctx.vlen;
-+                              }
-+
-+                              path = http_get_path(txn);
-+                              /* build message using path */
-+                              if (path) {
-+                                      pathlen = txn->req.sl.rq.u_l + (txn->req.sol + txn->req.sl.rq.u) - path;
-+                                      if (rule->flags & REDIRECT_FLAG_DROP_QS) {
-+                                              int qs = 0;
-+                                              while (qs < pathlen) {
-+                                                      if (path[qs] == '?') {
-+                                                              pathlen = qs;
-+                                                              break;
-+                                                      }
-+                                                      qs++;
-+                                              }
-+                                      }
-+                              } else {
-+                                      path = "/";
-+                                      pathlen = 1;
-+                              }
-+
-+                              /* check if we can add scheme + "://" + host + path */
-+                              if (rdr.len + rule->rdr_len + 3 + hostlen + pathlen > rdr.size - 4)
-+                                      goto return_bad_req;
-+
-+                              /* add scheme */
-+                              memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len);
-+                              rdr.len += rule->rdr_len;
-+
-+                              /* add "://" */
-+                              memcpy(rdr.str + rdr.len, "://", 3);
-+                              rdr.len += 3;
-+
-+                              /* add host */
-+                              memcpy(rdr.str + rdr.len, host, hostlen);
-+                              rdr.len += hostlen;
-+
-+                              /* add path */
-+                              memcpy(rdr.str + rdr.len, path, pathlen);
-+                              rdr.len += pathlen;
-+
-+                              /* append a slash at the end of the location is needed and missing */
-+                              if (rdr.len && rdr.str[rdr.len - 1] != '/' &&
-+                                  (rule->flags & REDIRECT_FLAG_APPEND_SLASH)) {
-+                                      if (rdr.len > rdr.size - 5)
-+                                              goto return_bad_req;
-+                                      rdr.str[rdr.len] = '/';
-+                                      rdr.len++;
-+                              }
-+
-+                              break;
-+                      }
-                       case REDIRECT_TYPE_PREFIX: {
-                               const char *path;
-                               int pathlen;
--- 
-1.8.1.5
-