include $(TOPDIR)/rules.mk
PKG_NAME:=haproxy
-PKG_VERSION:=1.4.24
-PKG_RELEASE:=11
+PKG_VERSION:=1.4.25
+PKG_RELEASE:=01
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.4/src
-PKG_MD5SUM:=86422620faa9759907563d5e0524b98c
+PKG_MD5SUM:=74b5ec1f0f9b4d148c8083bcfb512ccd
include $(INCLUDE_DIR)/package.mk
+++ /dev/null
-From d362dc75f3dfa7062e5c2cb7822ad12ffb755389 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Thu, 4 Jul 2013 11:44:27 +0200
-Subject: [PATCH 1/2] BUG/MAJOR: http: don't emit the send-name-header when no
- server is available
-
-Lukas Benes reported that http-send-name-header causes a segfault if no
-server is available because we're dereferencing the session's target which
-is NULL. The tiniest reproducer looks like this :
-
- listen foo
- bind :1234
- mode http
- http-send-name-header srv
-
-This obvious fix must be backported to 1.4 which is affected as well.
-(cherry picked from commit 0fc36e3ae99ccbe6de88cf64093f3045e526d088)
----
- src/session.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/session.c b/src/session.c
-index 6211a45..21ecb9f 100644
---- a/src/session.c
-+++ b/src/session.c
-@@ -1428,9 +1428,9 @@ resync_stream_interface:
- /* Now we can add the server name to a header (if requested) */
- /* check for HTTP mode and proxy server_name_hdr_name != NULL */
- if ((s->flags & SN_BE_ASSIGNED) &&
-- (s->be->mode == PR_MODE_HTTP) &&
-- (s->be->server_id_hdr_name != NULL)) {
--
-+ (s->be->mode == PR_MODE_HTTP) &&
-+ (s->be->server_id_hdr_name != NULL) &&
-+ (s->srv)) {
- http_send_name_header(&s->txn,
- &s->txn.req,
- s->req,
---
-1.8.1.5
-
+++ /dev/null
-From 9f2080114f79f64051e17b12957655e26c46bdf0 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Thu, 4 Jul 2013 12:46:56 +0200
-Subject: [PATCH 2/2] BUG/MEDIUM: http: "option checkcache" fails with the
- no-cache header
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The checkcache option checks for cacheable responses with a set-cookie
-header. Since the response processing code was refactored in 1.3.8
-(commit a15645d4), the check was broken because the no-cache value
-is only checked as no-cache="set-cookie", and not alone.
-
-Thanks to Hervé Commowick for reporting this stupid bug!
-
-The fix should be backported to 1.4 and 1.3.
-(cherry picked from commit 5b15f9004d13b8a7e5e665929cad97a2c0beebd3)
----
- src/proto_http.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/proto_http.c b/src/proto_http.c
-index a63d65d..22a7737 100644
---- a/src/proto_http.c
-+++ b/src/proto_http.c
-@@ -7373,6 +7373,7 @@ void check_response_for_cacheability(struct session *t, struct buffer *rtr)
-
- /* OK, so we know that either p2 points to the end of string or to a comma */
- if (((p2 - p1 == 7) && strncasecmp(p1, "private", 7) == 0) ||
-+ ((p2 - p1 == 8) && strncasecmp(p1, "no-cache", 8) == 0) ||
- ((p2 - p1 == 8) && strncasecmp(p1, "no-store", 8) == 0) ||
- ((p2 - p1 == 9) && strncasecmp(p1, "max-age=0", 9) == 0) ||
- ((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) {
---
-1.8.1.5
-
+++ /dev/null
-From d45840bd28f5cf604d320ab9ff308ba7ba8c0b28 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Fri, 21 Jun 2013 08:20:19 +0200
-Subject: [PATCH 3/9] MEDIUM: session: disable lingering on the server when the
- client aborts
-
-When abortonclose is used and an error is detected on the client side,
-better force an RST to the server. That way we propagate to the server
-the same vision we got from the client, and we ensure that we won't keep
-TIME_WAITs.
-
-(cherry picked from commit 8615c2af67dc2be07bdb246ed13130fe7d32e3d1)
----
- src/session.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/session.c b/src/session.c
-index 21ecb9f..9ed932c 100644
---- a/src/session.c
-+++ b/src/session.c
-@@ -1370,8 +1370,11 @@ resync_stream_interface:
- buffer_shutw_now(s->req);
-
- /* shutdown(write) pending */
-- if (unlikely((s->req->flags & (BF_SHUTW|BF_SHUTW_NOW|BF_OUT_EMPTY)) == (BF_SHUTW_NOW|BF_OUT_EMPTY)))
-+ if (unlikely((s->req->flags & (BF_SHUTW|BF_SHUTW_NOW|BF_OUT_EMPTY)) == (BF_SHUTW_NOW|BF_OUT_EMPTY))) {
-+ if (s->req->flags & BF_READ_ERROR)
-+ s->req->cons->flags |= SI_FL_NOLINGER;
- s->req->cons->shutw(s->req->cons);
-+ }
-
- /* shutdown(write) done on server side, we must stop the client too */
- if (unlikely((s->req->flags & (BF_SHUTW|BF_SHUTR|BF_SHUTR_NOW)) == BF_SHUTW &&
---
-1.8.1.5
-
+++ /dev/null
-From 25d0a14ada411dc73b55b55d5b27599ccd2fa4a2 Mon Sep 17 00:00:00 2001
-From: Godbach <nylzhaowei@gmail.com>
-Date: Wed, 26 Jun 2013 16:49:51 +0800
-Subject: [PATCH 4/9] BUG/MINOR: deinit: free fdinfo while doing cleanup
-
-Both fdinfo and fdtab are allocated memory in init() while haproxy is starting,
-but only fdtab is freed in deinit(), fdinfo should also be freed.
-
-Signed-off-by: Godbach <nylzhaowei@gmail.com>
-(cherry picked from commit 4cc1b0d4ef283b5ace5249483ec7eb3b1fc5d193)
----
- src/haproxy.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/haproxy.c b/src/haproxy.c
-index 7a09e3f..c163743 100644
---- a/src/haproxy.c
-+++ b/src/haproxy.c
-@@ -941,6 +941,7 @@ void deinit(void)
- free(global.pidfile); global.pidfile = NULL;
- free(global.node); global.node = NULL;
- free(global.desc); global.desc = NULL;
-+ free(fdinfo); fdinfo = NULL;
- free(fdtab); fdtab = NULL;
- free(oldpids); oldpids = NULL;
-
---
-1.8.1.5
-
+++ /dev/null
-From ee591233efd57d625fea9057a975281fb8f4d358 Mon Sep 17 00:00:00 2001
-From: Godbach <nylzhaowei@gmail.com>
-Date: Mon, 22 Jul 2013 07:44:53 +0800
-Subject: [PATCH 5/9] BUG/MEDIUM: server: set the macro for server's max weight
- SRV_UWGHT_MAX to SRV_UWGHT_RANGE
-
-The max weight of server is 256 now, but SRV_UWGHT_MAX is still 255. As a result,
-FWRR will not work well when server's weight is 256. The description is as below:
-
-There are some macros related to server's weight in include/types/server.h:
- #define SRV_UWGHT_RANGE 256
- #define SRV_UWGHT_MAX (SRV_UWGHT_RANGE - 1)
- #define SRV_EWGHT_MAX (SRV_UWGHT_MAX * BE_WEIGHT_SCALE)
-
-Since weight of server can be reach to 256 and BE_WEIGHT_SCALE equals to 16,
-the max eweight of server should be 256*16 = 4096, it will exceed SRV_EWGHT_MAX
-which equals to SRV_UWGHT_MAX*BE_WEIGHT_SCALE = 255*16 = 4080. When a server
-with weight 256 is insterted into FWRR tree during initialization, the key value
-of this server should be SRV_EWGHT_MAX - s->eweight = 4080 - 4096 = -16 which
-is closed to UINT_MAX in unsigned type, so the server with highest weight will
-be not elected as the first server to process request.
-
-In addition, it is a better choice to compare with SRV_UWGHT_MAX than a magic
-number 256 while doing check for the weight. The max number of servers for
-round-robin algorithm is also updated.
-
-Signed-off-by: Godbach <nylzhaowei@gmail.com>
-(cherry picked from commit a34bdc0ea402ea5be1e9d7f80eaddec772b94393)
----
- doc/configuration.txt | 2 +-
- include/types/backend.h | 4 ++--
- include/types/server.h | 2 +-
- src/cfgparse.c | 6 +++---
- src/lb_fwrr.c | 2 +-
- 5 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/doc/configuration.txt b/doc/configuration.txt
-index 6e0add7..a008cd7 100644
---- a/doc/configuration.txt
-+++ b/doc/configuration.txt
-@@ -1141,7 +1141,7 @@ balance url_param <param> [check_post [<max_wait>]]
- processing time remains equally distributed. This algorithm
- is dynamic, which means that server weights may be adjusted
- on the fly for slow starts for instance. It is limited by
-- design to 4128 active servers per backend. Note that in some
-+ design to 4095 active servers per backend. Note that in some
- large farms, when a server becomes up after having been down
- for a very short time, it may sometimes take a few hundreds
- requests for it to be re-integrated into the farm and start
-diff --git a/include/types/backend.h b/include/types/backend.h
-index dc4786e..1067125 100644
---- a/include/types/backend.h
-+++ b/include/types/backend.h
-@@ -102,8 +102,8 @@
- * weight modulation even with small weights (eg: 1). It should not be too high
- * though because it limits the number of servers in FWRR mode in order to
- * prevent any integer overflow. The max number of servers per backend is
-- * limited to about 2^32/255^2/scale ~= 66051/scale. A scale of 16 looks like
-- * a good value, as it allows more than 4000 servers per backend while leaving
-+ * limited to about (2^32-1)/256^2/scale ~= 65535.9999/scale. A scale of 16
-+ * looks like a good value, as it allows 4095 servers per backend while leaving
- * modulation steps of about 6% for servers with the lowest weight (1).
- */
- #define BE_WEIGHT_SCALE 16
-diff --git a/include/types/server.h b/include/types/server.h
-index 14e4d1f..9fbd290 100644
---- a/include/types/server.h
-+++ b/include/types/server.h
-@@ -69,7 +69,7 @@
-
- /* various constants */
- #define SRV_UWGHT_RANGE 256
--#define SRV_UWGHT_MAX (SRV_UWGHT_RANGE - 1)
-+#define SRV_UWGHT_MAX (SRV_UWGHT_RANGE)
- #define SRV_EWGHT_RANGE (SRV_UWGHT_RANGE * BE_WEIGHT_SCALE)
- #define SRV_EWGHT_MAX (SRV_UWGHT_MAX * BE_WEIGHT_SCALE)
-
-diff --git a/src/cfgparse.c b/src/cfgparse.c
-index 345b415..7d349b3 100644
---- a/src/cfgparse.c
-+++ b/src/cfgparse.c
-@@ -3639,9 +3639,9 @@ stats_error_parsing:
- else if (!strcmp(args[cur_arg], "weight")) {
- int w;
- w = atol(args[cur_arg + 1]);
-- if (w < 0 || w > 256) {
-- Alert("parsing [%s:%d] : weight of server %s is not within 0 and 256 (%d).\n",
-- file, linenum, newsrv->id, w);
-+ if (w < 0 || w > SRV_UWGHT_MAX) {
-+ Alert("parsing [%s:%d] : weight of server %s is not within 0 and %d (%d).\n",
-+ file, linenum, newsrv->id, SRV_UWGHT_MAX, w);
- err_code |= ERR_ALERT | ERR_FATAL;
- goto out;
- }
-diff --git a/src/lb_fwrr.c b/src/lb_fwrr.c
-index d92b6eb..7f5c8a9 100644
---- a/src/lb_fwrr.c
-+++ b/src/lb_fwrr.c
-@@ -343,7 +343,7 @@ static void fwrr_queue_srv(struct server *s)
- * lower the scale, the rougher the weights modulation, and the
- * higher the scale, the lower the number of servers without
- * overflow. With this formula, the result is always positive,
-- * so we can use eb3é_insert().
-+ * so we can use eb32_insert().
- */
- s->lb_node.key = SRV_UWGHT_RANGE * s->npos +
- (unsigned)(SRV_EWGHT_MAX + s->rweight - s->eweight) / BE_WEIGHT_SCALE;
---
-1.8.1.5
-
+++ /dev/null
-From 3bd693057420af0cd04132fdfb7c59e56aa90421 Mon Sep 17 00:00:00 2001
-From: Godbach <nylzhaowei@gmail.com>
-Date: Wed, 7 Aug 2013 09:48:23 +0800
-Subject: [PATCH 6/9] BUG/MINOR: use the same check condition for server as
- other algorithms
-
-Such load balance algorithms as roundrobin, leastconn and first will check the
-server after being selected with the following condition:
- if (!s->maxconn || (!s->nbpend && s->served < srv_dynamic_maxconn(s)))
-
-But static-rr uses the different one in map_get_server_rr() as below:
- if (!srv->maxconn || srv->cur_sess < srv_dynamic_maxconn(srv))
-After viewing this difference, it is a better choice for static-rr to use the
-same check condition as other algorithms.
-
-This change will only affect static-rr. Though all hash algorithms with type
-map-based will use the same server map as static-rr, they call another function
-map_get_server_hash() to get server.
-
-Signed-off-by: Godbach <nylzhaowei@gmail.com>
-(cherry picked from commit 8f9fd2f0a0893761afeb6800c7b62a51d782af0e)
----
- src/lb_map.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/lb_map.c b/src/lb_map.c
-index 49805ad..9858249 100644
---- a/src/lb_map.c
-+++ b/src/lb_map.c
-@@ -229,7 +229,7 @@ struct server *map_get_server_rr(struct proxy *px, struct server *srvtoavoid)
- avoididx = 0; /* shut a gcc warning */
- do {
- srv = px->lbprm.map.srv[newidx++];
-- if (!srv->maxconn || srv->cur_sess < srv_dynamic_maxconn(srv)) {
-+ if (!srv->maxconn || (!srv->nbpend && srv->served < srv_dynamic_maxconn(srv))) {
- /* make sure it is not the server we are try to exclude... */
- if (srv != srvtoavoid) {
- px->lbprm.map.rr_idx = newidx;
---
-1.8.1.5
-
+++ /dev/null
-From 8c1b1be9e4f11a8474f64dcb85d507a57b6cfe9f Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Tue, 13 Aug 2013 17:19:08 +0200
-Subject: [PATCH 7/9] MINOR: config: warn when a server with no specific port
- uses rdp-cookie
-
-Mathew Levett reported an issue which is a bit nasty and hard to track
-down. RDP cookies contain both the IP and the port, and haproxy matches
-them exactly. So if a server has no port specified (or a remapped port),
-it will never match a port specified in a cookie. Better warn the user
-when this is detected.
-(cherry picked from commit 82ffa39bfd34e5680cb65cc0b7ef625c0a274856)
----
- src/cfgparse.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/cfgparse.c b/src/cfgparse.c
-index 7d349b3..cecec03 100644
---- a/src/cfgparse.c
-+++ b/src/cfgparse.c
-@@ -5638,6 +5638,12 @@ out_uri_auth_compat:
- err_code |= ERR_WARN;
- }
-
-+ if ((newsrv->state & SRV_MAPPORTS) && (curproxy->options2 & PR_O2_RDPC_PRST)) {
-+ Warning("config : %s '%s' : RDP cookie persistence will not work for server '%s' because it lacks an explicit port number.\n",
-+ proxy_type_str(curproxy), curproxy->id, newsrv->id);
-+ err_code |= ERR_WARN;
-+ }
-+
- #if defined(CONFIG_HAP_CTTPROXY) || defined(CONFIG_HAP_LINUX_TPROXY)
- if (curproxy->mode != PR_MODE_HTTP && newsrv->bind_hdr_occ) {
- newsrv->bind_hdr_occ = 0;
---
-1.8.1.5
-
+++ /dev/null
-From 92518a563b9c1f9117e1dec2cc2a8ae95b1643d6 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Fri, 24 Feb 2012 19:20:12 +0100
-Subject: [PATCH 8/9] MEDIUM: increase chunk-size limit to 2GB-1
-
-Since commit 115acb97, chunk size was limited to 256MB. There is no reason for
-such a limit and the comment on the code suggests a missing zero. However,
-increasing the limit past 2 GB causes trouble due to some 32-bit subtracts
-in various computations becoming negative (eg: buffer_max_len). So let's limit
-the chunk size to 2 GB - 1 max.
-(cherry picked from commit 431946e9617572d2813bd5a8f5a51ce36f841ea3)
----
- src/proto_http.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/proto_http.c b/src/proto_http.c
-index 22a7737..7fd1fe6 100644
---- a/src/proto_http.c
-+++ b/src/proto_http.c
-@@ -2112,7 +2112,7 @@ int http_parse_chunk_size(struct buffer *buf, struct http_msg *msg)
- break;
- if (++ptr >= end)
- ptr = buf->data;
-- if (chunk & 0xF000000) /* overflow will occur */
-+ if (chunk & 0xF8000000) /* integer overflow will occur if result >= 2GB */
- goto error;
- chunk = (chunk << 4) + c;
- }
---
-1.8.1.5
-
+++ /dev/null
-From fdeb2171b83ab4fd5db36f1c45d57e2100529076 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Sat, 31 Aug 2013 08:16:26 +0200
-Subject: [PATCH 9/9] DOC: add a mention about the limited chunk size
-
-We now indicate that PD flags can be returned for chunk sizes >= 2GB.
-(cherry picked from commit f3a3e1389e40434da9e1fc295be6ff5a8037effb)
----
- doc/configuration.txt | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/doc/configuration.txt b/doc/configuration.txt
-index a008cd7..56438dd 100644
---- a/doc/configuration.txt
-+++ b/doc/configuration.txt
-@@ -8044,7 +8044,8 @@ easier finding and understanding.
- PD The proxy blocked an incorrectly formatted chunked encoded message in
- a request or a response, after the server has emitted its headers. In
- most cases, this will indicate an invalid message from the server to
-- the client.
-+ the client. Haproxy supports chunk sizes of up to 2GB - 1 (2147483647
-+ bytes). Any larger size will be considered as an error.
-
- PH The proxy blocked the server's response, because it was invalid,
- incomplete, dangerous (cache control), or matched a security filter.
---
-1.8.1.5
-
src/standard.c | 9 ++-
10 files changed, 275 insertions(+), 19 deletions(-)
---- a/doc/configuration.txt
-+++ b/doc/configuration.txt
+Index: haproxy-1.4.25/doc/configuration.txt
+===================================================================
+--- haproxy-1.4.25.orig/doc/configuration.txt
++++ haproxy-1.4.25/doc/configuration.txt
@@ -1343,6 +1343,7 @@ bind [<address>]:<port_range> [, ...] tr
bind [<address>]:<port_range> [, ...] id <id>
bind [<address>]:<port_range> [, ...] name <name>
bind-process [ all | odd | even | <number 1-32> ] ...
-@@ -7237,7 +7253,9 @@ marked with a star ('*') after the field
+@@ -7257,7 +7273,9 @@ marked with a star ('*') after the field
Detailed fields description :
- "client_ip" is the IP address of the client which initiated the TCP
- "client_port" is the TCP port of the client which initiated the connection.
-@@ -7410,7 +7428,9 @@ with a star ('*') after the field name b
+@@ -7430,7 +7448,9 @@ with a star ('*') after the field name b
Detailed fields description :
- "client_ip" is the IP address of the client which initiated the TCP
- "client_port" is the TCP port of the client which initiated the connection.
---- a/include/common/standard.h
-+++ b/include/common/standard.h
+Index: haproxy-1.4.25/include/common/standard.h
+===================================================================
+--- haproxy-1.4.25.orig/include/common/standard.h
++++ haproxy-1.4.25/include/common/standard.h
@@ -269,6 +269,28 @@ static inline unsigned int __strl2uic(co
return i;
}
static inline char *cut_crlf(char *s) {
---- a/include/proto/client.h
-+++ b/include/proto/client.h
+Index: haproxy-1.4.25/include/proto/client.h
+===================================================================
+--- haproxy-1.4.25.orig/include/proto/client.h
++++ haproxy-1.4.25/include/proto/client.h
@@ -25,6 +25,7 @@
#include <common/config.h>
#include <types/session.h>
void get_frt_addr(struct session *s);
int event_accept(int fd);
---- a/include/types/buffers.h
-+++ b/include/types/buffers.h
+Index: haproxy-1.4.25/include/types/buffers.h
+===================================================================
+--- haproxy-1.4.25.orig/include/types/buffers.h
++++ haproxy-1.4.25/include/types/buffers.h
@@ -135,16 +135,16 @@
* The field is blanked by buffer_init() and only by analysers themselves
* afterwards.
#define AN_REQ_PRST_RDP_COOKIE 0x00000400 /* persistence on rdp cookie */
#define AN_REQ_HTTP_XFER_BODY 0x00000800 /* forward request body */
---- a/include/types/protocols.h
-+++ b/include/types/protocols.h
+Index: haproxy-1.4.25/include/types/protocols.h
+===================================================================
+--- haproxy-1.4.25.orig/include/types/protocols.h
++++ haproxy-1.4.25/include/types/protocols.h
@@ -72,6 +72,7 @@
#define LI_O_FOREIGN 0x0002 /* permit listening on foreing addresses */
#define LI_O_NOQUICKACK 0x0004 /* disable quick ack of immediate data (linux) */
/* The listener will be directly referenced by the fdtab[] which holds its
* socket. The listener provides the protocol-specific accept() function to
---- a/src/cfgparse.c
-+++ b/src/cfgparse.c
+Index: haproxy-1.4.25/src/cfgparse.c
+===================================================================
+--- haproxy-1.4.25.orig/src/cfgparse.c
++++ haproxy-1.4.25/src/cfgparse.c
@@ -1467,6 +1467,16 @@ int cfg_parse_listen(const char *file, i
#endif
}
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
-@@ -5726,6 +5736,9 @@ out_uri_auth_compat:
+@@ -5743,6 +5753,9 @@ out_uri_auth_compat:
listener->handler = process_session;
listener->analysers |= curproxy->fe_req_ana;
/* smart accept mode is automatic in HTTP mode */
if ((curproxy->options2 & PR_O2_SMARTACC) ||
(curproxy->mode == PR_MODE_HTTP &&
---- a/src/client.c
-+++ b/src/client.c
+Index: haproxy-1.4.25/src/client.c
+===================================================================
+--- haproxy-1.4.25.orig/src/client.c
++++ haproxy-1.4.25/src/client.c
@@ -22,6 +22,7 @@
#include <common/compat.h>
/* Retrieves the original destination address used by the client, and sets the
* SN_FRT_ADDR_SET flag.
*/
---- a/src/proto_http.c
-+++ b/src/proto_http.c
-@@ -4156,7 +4156,8 @@ void http_end_txn_clean_session(struct s
+Index: haproxy-1.4.25/src/proto_http.c
+===================================================================
+--- haproxy-1.4.25.orig/src/proto_http.c
++++ haproxy-1.4.25/src/proto_http.c
+@@ -4209,7 +4209,8 @@ void http_end_txn_clean_session(struct s
if (s->rep->lr >= s->rep->data + s->rep->size)
s->rep->lr -= s->req->size;
s->rep->analysers = 0;
http_silent_debug(__LINE__, s);
-@@ -7741,7 +7742,6 @@ void http_reset_txn(struct session *s)
+@@ -7807,7 +7808,6 @@ void http_reset_txn(struct session *s)
http_init_txn(s);
s->be = s->fe;
s->logs.logwait = s->fe->to_log;
s->srv = s->prev_srv = s->srv_conn = NULL;
/* re-init store persistence */
---- a/src/session.c
-+++ b/src/session.c
+Index: haproxy-1.4.25/src/session.c
+===================================================================
+--- haproxy-1.4.25.orig/src/session.c
++++ haproxy-1.4.25/src/session.c
@@ -34,6 +34,7 @@
#include <proto/proxy.h>
#include <proto/queue.h>
#include <proto/stick_table.h>
#include <proto/stream_interface.h>
#include <proto/stream_sock.h>
-@@ -1071,6 +1072,12 @@ resync_stream_interface:
+@@ -1083,6 +1084,12 @@ resync_stream_interface:
while (ana_list && max_loops--) {
/* Warning! ensure that analysers are always placed in ascending order! */
if (ana_list & AN_REQ_INSPECT) {
if (!tcp_inspect_request(s, s->req, AN_REQ_INSPECT))
break;
---- a/src/standard.c
-+++ b/src/standard.c
+Index: haproxy-1.4.25/src/standard.c
+===================================================================
+--- haproxy-1.4.25.orig/src/standard.c
++++ haproxy-1.4.25/src/standard.c
@@ -569,6 +569,11 @@ unsigned int strl2uic(const char *s, int
return __strl2uic(s, len);
}
+++ /dev/null
-From eb9632f7c6ae675bdee4c82eb0d298ba7f37fc52 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Wed, 12 Sep 2012 08:43:15 +0200
-Subject: [PATCH 10/10] MEDIUM: http: add "redirect scheme" to ease HTTP to
- HTTPS redirection
-
-For instance :
-
- redirect scheme https if !{ is_ssl }
-
-Backport-suggested-by: Russell Geldmacher <russell.geldmacher@gmail.com>
-(cherry picked from commit 2e1dca8f5238155cbc52d37316fe858c4f61cf34)
----
- doc/configuration.txt | 35 ++++++++++++++++++-------
- include/types/proto_http.h | 1 +
- src/cfgparse.c | 14 +++++++++-
- src/proto_http.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++
- 4 files changed, 104 insertions(+), 11 deletions(-)
-
-diff --git a/doc/configuration.txt b/doc/configuration.txt
-index 56438dd..f2043a1 100644
---- a/doc/configuration.txt
-+++ b/doc/configuration.txt
-@@ -4039,8 +4039,9 @@ rate-limit sessions <rate>
- See also : the "backlog" keyword and the "fe_sess_rate" ACL criterion.
-
-
--redirect location <to> [code <code>] <option> [{if | unless} <condition>]
--redirect prefix <to> [code <code>] <option> [{if | unless} <condition>]
-+redirect location <loc> [code <code>] <option> [{if | unless} <condition>]
-+redirect prefix <pfx> [code <code>] <option> [{if | unless} <condition>]
-+redirect scheme <sch> [code <code>] <option> [{if | unless} <condition>]
- Return an HTTP redirection if/unless a condition is matched
- May be used in sections : defaults | frontend | listen | backend
- no | yes | yes | yes
-@@ -4049,14 +4050,25 @@ redirect prefix <to> [code <code>] <option> [{if | unless} <condition>]
- response. If no condition is specified, the redirect applies unconditionally.
-
- Arguments :
-- <to> With "redirect location", the exact value in <to> is placed into
-- the HTTP "Location" header. In case of "redirect prefix", the
-- "Location" header is built from the concatenation of <to> and the
-- complete URI, including the query string, unless the "drop-query"
-- option is specified (see below). As a special case, if <to>
-- equals exactly "/" in prefix mode, then nothing is inserted
-- before the original URI. It allows one to redirect to the same
-- URL.
-+ <loc> With "redirect location", the exact value in <loc> is placed into
-+ the HTTP "Location" header.
-+
-+ <pfx> With "redirect prefix", the "Location" header is built from the
-+ concatenation of <pfx> and the complete URI path, including the
-+ query string, unless the "drop-query" option is specified (see
-+ below). As a special case, if <pfx> equals exactly "/", then
-+ nothing is inserted before the original URI. It allows one to
-+ redirect to the same URL (for instance, to insert a cookie).
-+
-+ <sch> With "redirect scheme", then the "Location" header is built by
-+ concatenating <sch> with "://" then the first occurrence of the
-+ "Host" header, and then the URI path, including the query string
-+ unless the "drop-query" option is specified (see below). If no
-+ path is found or if the path is "*", then "/" is used instead. If
-+ no "Host" header is found, then an empty host component will be
-+ returned, which most recent browsers interprete as redirecting to
-+ the same host. This directive is mostly used to redirect HTTP to
-+ HTTPS.
-
- <code> The code is optional. It indicates which type of HTTP redirection
- is desired. Only codes 301, 302, 303, 307 and 308 are supported,
-@@ -4117,6 +4129,9 @@ redirect prefix <to> [code <code>] <option> [{if | unless} <condition>]
- acl missing_slash path_reg ^/article/[^/]*$
- redirect code 301 prefix / drop-query append-slash if missing_slash
-
-+ Example: redirect all HTTP traffic to HTTPS when SSL is handled by haproxy.
-+ redirect scheme https if !{ is_ssl }
-+
- See section 7 about ACL usage.
-
-
-diff --git a/include/types/proto_http.h b/include/types/proto_http.h
-index 09d4dd8..0e2b14f 100644
---- a/include/types/proto_http.h
-+++ b/include/types/proto_http.h
-@@ -224,6 +224,7 @@ enum {
- REDIRECT_TYPE_NONE = 0, /* no redirection */
- REDIRECT_TYPE_LOCATION, /* location redirect */
- REDIRECT_TYPE_PREFIX, /* prefix redirect */
-+ REDIRECT_TYPE_SCHEME, /* scheme redirect (eg: switch from http to https) */
- };
-
- /* Perist types (force-persist, ignore-persist) */
-diff --git a/src/cfgparse.c b/src/cfgparse.c
-index cecec03..09ffcd3 100644
---- a/src/cfgparse.c
-+++ b/src/cfgparse.c
-@@ -2182,6 +2182,18 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
- cur_arg++;
- destination = args[cur_arg];
- }
-+ else if (!strcmp(args[cur_arg], "scheme")) {
-+ if (!*args[cur_arg + 1]) {
-+ Alert("parsing [%s:%d] : '%s': missing argument for '%s'.\n",
-+ file, linenum, args[0], args[cur_arg]);
-+ err_code |= ERR_ALERT | ERR_FATAL;
-+ goto out;
-+ }
-+
-+ type = REDIRECT_TYPE_SCHEME;
-+ cur_arg++;
-+ destination = args[cur_arg];
-+ }
- else if (!strcmp(args[cur_arg], "set-cookie")) {
- if (!*args[cur_arg + 1]) {
- Alert("parsing [%s:%d] : '%s': missing argument for '%s'.\n",
-@@ -2240,7 +2252,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
- break;
- }
- else {
-- Alert("parsing [%s:%d] : '%s' expects 'code', 'prefix', 'location', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s').\n",
-+ Alert("parsing [%s:%d] : '%s' expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s').\n",
- file, linenum, args[0], args[cur_arg]);
- err_code |= ERR_ALERT | ERR_FATAL;
- goto out;
-diff --git a/src/proto_http.c b/src/proto_http.c
-index 7fd1fe6..ed35795 100644
---- a/src/proto_http.c
-+++ b/src/proto_http.c
-@@ -3390,6 +3390,71 @@ int http_process_req_common(struct session *s, struct buffer *req, int an_bit, s
- goto return_bad_req;
-
- switch(rule->type) {
-+ case REDIRECT_TYPE_SCHEME: {
-+ const char *path;
-+ const char *host;
-+ struct hdr_ctx ctx;
-+ int pathlen;
-+ int hostlen;
-+
-+ host = "";
-+ hostlen = 0;
-+ ctx.idx = 0;
-+ if (http_find_header2("Host", 4, msg->sol, &txn->hdr_idx, &ctx)) {
-+ host = ctx.line + ctx.val;
-+ hostlen = ctx.vlen;
-+ }
-+
-+ path = http_get_path(txn);
-+ /* build message using path */
-+ if (path) {
-+ pathlen = txn->req.sl.rq.u_l + (txn->req.sol + txn->req.sl.rq.u) - path;
-+ if (rule->flags & REDIRECT_FLAG_DROP_QS) {
-+ int qs = 0;
-+ while (qs < pathlen) {
-+ if (path[qs] == '?') {
-+ pathlen = qs;
-+ break;
-+ }
-+ qs++;
-+ }
-+ }
-+ } else {
-+ path = "/";
-+ pathlen = 1;
-+ }
-+
-+ /* check if we can add scheme + "://" + host + path */
-+ if (rdr.len + rule->rdr_len + 3 + hostlen + pathlen > rdr.size - 4)
-+ goto return_bad_req;
-+
-+ /* add scheme */
-+ memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len);
-+ rdr.len += rule->rdr_len;
-+
-+ /* add "://" */
-+ memcpy(rdr.str + rdr.len, "://", 3);
-+ rdr.len += 3;
-+
-+ /* add host */
-+ memcpy(rdr.str + rdr.len, host, hostlen);
-+ rdr.len += hostlen;
-+
-+ /* add path */
-+ memcpy(rdr.str + rdr.len, path, pathlen);
-+ rdr.len += pathlen;
-+
-+ /* append a slash at the end of the location is needed and missing */
-+ if (rdr.len && rdr.str[rdr.len - 1] != '/' &&
-+ (rule->flags & REDIRECT_FLAG_APPEND_SLASH)) {
-+ if (rdr.len > rdr.size - 5)
-+ goto return_bad_req;
-+ rdr.str[rdr.len] = '/';
-+ rdr.len++;
-+ }
-+
-+ break;
-+ }
- case REDIRECT_TYPE_PREFIX: {
- const char *path;
- int pathlen;
---
-1.8.1.5
-
projects / packages.git / commitdiff