bakabtw/packages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package: haproxy update to 1.4.25

Browse Source 
git-svn-id: svn://svn.openwrt.org/openwrt/packages@40562 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
heil 2014-04-23 11:42:46 +00:00
parent 9ecc63c86d
commit c8277d8143
12 changed files with 49 additions and 620 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
net/haproxy/Makefile
View File

@ -9,12 +9,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=haproxy
PKG_VERSION:=1.4.24
PKG_RELEASE:=11
PKG_VERSION:=1.4.25
PKG_RELEASE:=01
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.4/src
PKG_MD5SUM:=86422620faa9759907563d5e0524b98c
PKG_MD5SUM:=74b5ec1f0f9b4d148c8083bcfb512ccd
include $(INCLUDE_DIR)/package.mk

41
net/haproxy/patches/0001-BUG-MAJOR-http-don-t-emit-the-send-name-header-when-.patch
View File

@ -1,41 +0,0 @@
From d362dc75f3dfa7062e5c2cb7822ad12ffb755389 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Thu, 4 Jul 2013 11:44:27 +0200
Subject: [PATCH 1/2] BUG/MAJOR: http: don't emit the send-name-header when no
server is available
Lukas Benes reported that http-send-name-header causes a segfault if no
server is available because we're dereferencing the session's target which
is NULL. The tiniest reproducer looks like this :
listen foo
bind :1234
mode http
http-send-name-header srv
This obvious fix must be backported to 1.4 which is affected as well.
(cherry picked from commit 0fc36e3ae99ccbe6de88cf64093f3045e526d088)
---
src/session.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/session.c b/src/session.c
index 6211a45..21ecb9f 100644
--- a/src/session.c
+++ b/src/session.c
@@ -1428,9 +1428,9 @@ resync_stream_interface:
/* Now we can add the server name to a header (if requested) */
/* check for HTTP mode and proxy server_name_hdr_name != NULL */
if ((s->flags & SN_BE_ASSIGNED) &&
- (s->be->mode == PR_MODE_HTTP) &&
- (s->be->server_id_hdr_name != NULL)) {
-
+ (s->be->mode == PR_MODE_HTTP) &&
+ (s->be->server_id_hdr_name != NULL) &&
+ (s->srv)) {
http_send_name_header(&s->txn,
&s->txn.req,
s->req,
--
1.8.1.5

37
net/haproxy/patches/0002-BUG-MEDIUM-http-option-checkcache-fails-with-the-no-.patch
View File

@ -1,37 +0,0 @@
From 9f2080114f79f64051e17b12957655e26c46bdf0 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Thu, 4 Jul 2013 12:46:56 +0200
Subject: [PATCH 2/2] BUG/MEDIUM: http: "option checkcache" fails with the
no-cache header
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The checkcache option checks for cacheable responses with a set-cookie
header. Since the response processing code was refactored in 1.3.8
(commit a15645d4), the check was broken because the no-cache value
is only checked as no-cache="set-cookie", and not alone.
Thanks to Hervé Commowick for reporting this stupid bug!
The fix should be backported to 1.4 and 1.3.
(cherry picked from commit 5b15f9004d13b8a7e5e665929cad97a2c0beebd3)
---
src/proto_http.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/proto_http.c b/src/proto_http.c
index a63d65d..22a7737 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -7373,6 +7373,7 @@ void check_response_for_cacheability(struct session *t, struct buffer *rtr)
/* OK, so we know that either p2 points to the end of string or to a comma */
if (((p2 - p1 == 7) && strncasecmp(p1, "private", 7) == 0) ||
+ ((p2 - p1 == 8) && strncasecmp(p1, "no-cache", 8) == 0) ||
((p2 - p1 == 8) && strncasecmp(p1, "no-store", 8) == 0) ||
((p2 - p1 == 9) && strncasecmp(p1, "max-age=0", 9) == 0) ||
((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) {
--
1.8.1.5

36
net/haproxy/patches/0003-MEDIUM-session-disable-lingering-on-the-server-when-.patch
View File

@ -1,36 +0,0 @@
From d45840bd28f5cf604d320ab9ff308ba7ba8c0b28 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Fri, 21 Jun 2013 08:20:19 +0200
Subject: [PATCH 3/9] MEDIUM: session: disable lingering on the server when the
client aborts
When abortonclose is used and an error is detected on the client side,
better force an RST to the server. That way we propagate to the server
the same vision we got from the client, and we ensure that we won't keep
TIME_WAITs.
(cherry picked from commit 8615c2af67dc2be07bdb246ed13130fe7d32e3d1)
---
src/session.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/session.c b/src/session.c
index 21ecb9f..9ed932c 100644
--- a/src/session.c
+++ b/src/session.c
@@ -1370,8 +1370,11 @@ resync_stream_interface:
buffer_shutw_now(s->req);
/* shutdown(write) pending */
- if (unlikely((s->req->flags & (BF_SHUTW|BF_SHUTW_NOW|BF_OUT_EMPTY)) == (BF_SHUTW_NOW|BF_OUT_EMPTY)))
+ if (unlikely((s->req->flags & (BF_SHUTW|BF_SHUTW_NOW|BF_OUT_EMPTY)) == (BF_SHUTW_NOW|BF_OUT_EMPTY))) {
+ if (s->req->flags & BF_READ_ERROR)
+ s->req->cons->flags |= SI_FL_NOLINGER;
s->req->cons->shutw(s->req->cons);
+ }
/* shutdown(write) done on server side, we must stop the client too */
if (unlikely((s->req->flags & (BF_SHUTW|BF_SHUTR|BF_SHUTR_NOW)) == BF_SHUTW &&
--
1.8.1.5

29
net/haproxy/patches/0004-BUG-MINOR-deinit-free-fdinfo-while-doing-cleanup.patch
View File

@ -1,29 +0,0 @@
From 25d0a14ada411dc73b55b55d5b27599ccd2fa4a2 Mon Sep 17 00:00:00 2001
From: Godbach <nylzhaowei@gmail.com>
Date: Wed, 26 Jun 2013 16:49:51 +0800
Subject: [PATCH 4/9] BUG/MINOR: deinit: free fdinfo while doing cleanup
Both fdinfo and fdtab are allocated memory in init() while haproxy is starting,
but only fdtab is freed in deinit(), fdinfo should also be freed.
Signed-off-by: Godbach <nylzhaowei@gmail.com>
(cherry picked from commit 4cc1b0d4ef283b5ace5249483ec7eb3b1fc5d193)
---
src/haproxy.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/haproxy.c b/src/haproxy.c
index 7a09e3f..c163743 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -941,6 +941,7 @@ void deinit(void)
free(global.pidfile); global.pidfile = NULL;
free(global.node); global.node = NULL;
free(global.desc); global.desc = NULL;
+ free(fdinfo); fdinfo = NULL;
free(fdtab); fdtab = NULL;
free(oldpids); oldpids = NULL;
--
1.8.1.5

110
net/haproxy/patches/0005-BUG-MEDIUM-server-set-the-macro-for-server-s-max-wei.patch
View File

@ -1,110 +0,0 @@
From ee591233efd57d625fea9057a975281fb8f4d358 Mon Sep 17 00:00:00 2001
From: Godbach <nylzhaowei@gmail.com>
Date: Mon, 22 Jul 2013 07:44:53 +0800
Subject: [PATCH 5/9] BUG/MEDIUM: server: set the macro for server's max weight
SRV_UWGHT_MAX to SRV_UWGHT_RANGE
The max weight of server is 256 now, but SRV_UWGHT_MAX is still 255. As a result,
FWRR will not work well when server's weight is 256. The description is as below:
There are some macros related to server's weight in include/types/server.h:
#define SRV_UWGHT_RANGE 256
#define SRV_UWGHT_MAX (SRV_UWGHT_RANGE - 1)
#define SRV_EWGHT_MAX (SRV_UWGHT_MAX * BE_WEIGHT_SCALE)
Since weight of server can be reach to 256 and BE_WEIGHT_SCALE equals to 16,
the max eweight of server should be 256*16 = 4096, it will exceed SRV_EWGHT_MAX
which equals to SRV_UWGHT_MAX*BE_WEIGHT_SCALE = 255*16 = 4080. When a server
with weight 256 is insterted into FWRR tree during initialization, the key value
of this server should be SRV_EWGHT_MAX - s->eweight = 4080 - 4096 = -16 which
is closed to UINT_MAX in unsigned type, so the server with highest weight will
be not elected as the first server to process request.
In addition, it is a better choice to compare with SRV_UWGHT_MAX than a magic
number 256 while doing check for the weight. The max number of servers for
round-robin algorithm is also updated.
Signed-off-by: Godbach <nylzhaowei@gmail.com>
(cherry picked from commit a34bdc0ea402ea5be1e9d7f80eaddec772b94393)
---
doc/configuration.txt | 2 +-
include/types/backend.h | 4 ++--
include/types/server.h | 2 +-
src/cfgparse.c | 6 +++---
src/lb_fwrr.c | 2 +-
5 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 6e0add7..a008cd7 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -1141,7 +1141,7 @@ balance url_param <param> [check_post [<max_wait>]]
processing time remains equally distributed. This algorithm
is dynamic, which means that server weights may be adjusted
on the fly for slow starts for instance. It is limited by
- design to 4128 active servers per backend. Note that in some
+ design to 4095 active servers per backend. Note that in some
large farms, when a server becomes up after having been down
for a very short time, it may sometimes take a few hundreds
requests for it to be re-integrated into the farm and start
diff --git a/include/types/backend.h b/include/types/backend.h
index dc4786e..1067125 100644
--- a/include/types/backend.h
+++ b/include/types/backend.h
@@ -102,8 +102,8 @@
* weight modulation even with small weights (eg: 1). It should not be too high
* though because it limits the number of servers in FWRR mode in order to
* prevent any integer overflow. The max number of servers per backend is
- * limited to about 2^32/255^2/scale ~= 66051/scale. A scale of 16 looks like
- * a good value, as it allows more than 4000 servers per backend while leaving
+ * limited to about (2^32-1)/256^2/scale ~= 65535.9999/scale. A scale of 16
+ * looks like a good value, as it allows 4095 servers per backend while leaving
* modulation steps of about 6% for servers with the lowest weight (1).
*/
#define BE_WEIGHT_SCALE 16
diff --git a/include/types/server.h b/include/types/server.h
index 14e4d1f..9fbd290 100644
--- a/include/types/server.h
+++ b/include/types/server.h
@@ -69,7 +69,7 @@
/* various constants */
#define SRV_UWGHT_RANGE 256
-#define SRV_UWGHT_MAX (SRV_UWGHT_RANGE - 1)
+#define SRV_UWGHT_MAX (SRV_UWGHT_RANGE)
#define SRV_EWGHT_RANGE (SRV_UWGHT_RANGE * BE_WEIGHT_SCALE)
#define SRV_EWGHT_MAX (SRV_UWGHT_MAX * BE_WEIGHT_SCALE)
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 345b415..7d349b3 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -3639,9 +3639,9 @@ stats_error_parsing:
else if (!strcmp(args[cur_arg], "weight")) {
int w;
w = atol(args[cur_arg + 1]);
- if (w < 0 || w > 256) {
- Alert("parsing [%s:%d] : weight of server %s is not within 0 and 256 (%d).\n",
- file, linenum, newsrv->id, w);
+ if (w < 0 || w > SRV_UWGHT_MAX) {
+ Alert("parsing [%s:%d] : weight of server %s is not within 0 and %d (%d).\n",
+ file, linenum, newsrv->id, SRV_UWGHT_MAX, w);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
diff --git a/src/lb_fwrr.c b/src/lb_fwrr.c
index d92b6eb..7f5c8a9 100644
--- a/src/lb_fwrr.c
+++ b/src/lb_fwrr.c
@@ -343,7 +343,7 @@ static void fwrr_queue_srv(struct server *s)
* lower the scale, the rougher the weights modulation, and the
* higher the scale, the lower the number of servers without
* overflow. With this formula, the result is always positive,
- * so we can use eb3é_insert().
+ * so we can use eb32_insert().
*/
s->lb_node.key = SRV_UWGHT_RANGE * s->npos +
(unsigned)(SRV_EWGHT_MAX + s->rweight - s->eweight) / BE_WEIGHT_SCALE;
--
1.8.1.5

41
net/haproxy/patches/0006-BUG-MINOR-use-the-same-check-condition-for-server-as.patch
View File

@ -1,41 +0,0 @@
From 3bd693057420af0cd04132fdfb7c59e56aa90421 Mon Sep 17 00:00:00 2001
From: Godbach <nylzhaowei@gmail.com>
Date: Wed, 7 Aug 2013 09:48:23 +0800
Subject: [PATCH 6/9] BUG/MINOR: use the same check condition for server as
other algorithms
Such load balance algorithms as roundrobin, leastconn and first will check the
server after being selected with the following condition:
if (!s->maxconn || (!s->nbpend && s->served < srv_dynamic_maxconn(s)))
But static-rr uses the different one in map_get_server_rr() as below:
if (!srv->maxconn || srv->cur_sess < srv_dynamic_maxconn(srv))
After viewing this difference, it is a better choice for static-rr to use the
same check condition as other algorithms.
This change will only affect static-rr. Though all hash algorithms with type
map-based will use the same server map as static-rr, they call another function
map_get_server_hash() to get server.
Signed-off-by: Godbach <nylzhaowei@gmail.com>
(cherry picked from commit 8f9fd2f0a0893761afeb6800c7b62a51d782af0e)
---
src/lb_map.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lb_map.c b/src/lb_map.c
index 49805ad..9858249 100644
--- a/src/lb_map.c
+++ b/src/lb_map.c
@@ -229,7 +229,7 @@ struct server *map_get_server_rr(struct proxy *px, struct server *srvtoavoid)
avoididx = 0; /* shut a gcc warning */
do {
srv = px->lbprm.map.srv[newidx++];
- if (!srv->maxconn || srv->cur_sess < srv_dynamic_maxconn(srv)) {
+ if (!srv->maxconn || (!srv->nbpend && srv->served < srv_dynamic_maxconn(srv))) {
/* make sure it is not the server we are try to exclude... */
if (srv != srvtoavoid) {
px->lbprm.map.rr_idx = newidx;
--
1.8.1.5

36
net/haproxy/patches/0007-MINOR-config-warn-when-a-server-with-no-specific-por.patch
View File

@ -1,36 +0,0 @@
From 8c1b1be9e4f11a8474f64dcb85d507a57b6cfe9f Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Tue, 13 Aug 2013 17:19:08 +0200
Subject: [PATCH 7/9] MINOR: config: warn when a server with no specific port
uses rdp-cookie
Mathew Levett reported an issue which is a bit nasty and hard to track
down. RDP cookies contain both the IP and the port, and haproxy matches
them exactly. So if a server has no port specified (or a remapped port),
it will never match a port specified in a cookie. Better warn the user
when this is detected.
(cherry picked from commit 82ffa39bfd34e5680cb65cc0b7ef625c0a274856)
---
src/cfgparse.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 7d349b3..cecec03 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -5638,6 +5638,12 @@ out_uri_auth_compat:
err_code |= ERR_WARN;
}
+ if ((newsrv->state & SRV_MAPPORTS) && (curproxy->options2 & PR_O2_RDPC_PRST)) {
+ Warning("config : %s '%s' : RDP cookie persistence will not work for server '%s' because it lacks an explicit port number.\n",
+ proxy_type_str(curproxy), curproxy->id, newsrv->id);
+ err_code |= ERR_WARN;
+ }
+
#if defined(CONFIG_HAP_CTTPROXY) || defined(CONFIG_HAP_LINUX_TPROXY)
if (curproxy->mode != PR_MODE_HTTP && newsrv->bind_hdr_occ) {
newsrv->bind_hdr_occ = 0;
--
1.8.1.5

31
net/haproxy/patches/0008-MEDIUM-increase-chunk-size-limit-to-2GB-1.patch
View File

@ -1,31 +0,0 @@
From 92518a563b9c1f9117e1dec2cc2a8ae95b1643d6 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Fri, 24 Feb 2012 19:20:12 +0100
Subject: [PATCH 8/9] MEDIUM: increase chunk-size limit to 2GB-1
Since commit 115acb97, chunk size was limited to 256MB. There is no reason for
such a limit and the comment on the code suggests a missing zero. However,
increasing the limit past 2 GB causes trouble due to some 32-bit subtracts
in various computations becoming negative (eg: buffer_max_len). So let's limit
the chunk size to 2 GB - 1 max.
(cherry picked from commit 431946e9617572d2813bd5a8f5a51ce36f841ea3)
---
src/proto_http.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/proto_http.c b/src/proto_http.c
index 22a7737..7fd1fe6 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -2112,7 +2112,7 @@ int http_parse_chunk_size(struct buffer *buf, struct http_msg *msg)
break;
if (++ptr >= end)
ptr = buf->data;
- if (chunk & 0xF000000) /* overflow will occur */
+ if (chunk & 0xF8000000) /* integer overflow will occur if result >= 2GB */
goto error;
chunk = (chunk << 4) + c;
}
--
1.8.1.5

28
net/haproxy/patches/0009-DOC-add-a-mention-about-the-limited-chunk-size.patch
View File

@ -1,28 +0,0 @@
From fdeb2171b83ab4fd5db36f1c45d57e2100529076 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Sat, 31 Aug 2013 08:16:26 +0200
Subject: [PATCH 9/9] DOC: add a mention about the limited chunk size
We now indicate that PD flags can be returned for chunk sizes >= 2GB.
(cherry picked from commit f3a3e1389e40434da9e1fc295be6ff5a8037effb)
---
doc/configuration.txt | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index a008cd7..56438dd 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -8044,7 +8044,8 @@ easier finding and understanding.
PD The proxy blocked an incorrectly formatted chunked encoded message in
a request or a response, after the server has emitted its headers. In
most cases, this will indicate an invalid message from the server to
- the client.
+ the client. Haproxy supports chunk sizes of up to 2GB - 1 (2147483647
+ bytes). Any larger size will be considered as an error.
PH The proxy blocked the server's response, because it was invalid,
incomplete, dangerous (cache control), or matched a security filter.
--
1.8.1.5

72
net/haproxy/patches/001-haproxy-1.4.x-sendproxy.patch
View File

@ -16,8 +16,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
src/standard.c | 9 ++-
10 files changed, 275 insertions(+), 19 deletions(-)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
Index: haproxy-1.4.25/doc/configuration.txt
===================================================================
--- haproxy-1.4.25.orig/doc/configuration.txt
+++ haproxy-1.4.25/doc/configuration.txt
@@ -1343,6 +1343,7 @@ bind [<address>]:<port_range> [, ...] tr
bind [<address>]:<port_range> [, ...] id <id>
bind [<address>]:<port_range> [, ...] name <name>
@ -58,7 +60,7 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
bind-process [ all | odd | even | <number 1-32> ] ...
@@ -7237,7 +7253,9 @@ marked with a star ('*') after the field
@@ -7257,7 +7273,9 @@ marked with a star ('*') after the field
Detailed fields description :
- "client_ip" is the IP address of the client which initiated the TCP
@ -69,7 +71,7 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
- "client_port" is the TCP port of the client which initiated the connection.
@@ -7410,7 +7428,9 @@ with a star ('*') after the field name b
@@ -7430,7 +7448,9 @@ with a star ('*') after the field name b
Detailed fields description :
- "client_ip" is the IP address of the client which initiated the TCP
@ -80,8 +82,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
- "client_port" is the TCP port of the client which initiated the connection.
--- a/include/common/standard.h
+++ b/include/common/standard.h
Index: haproxy-1.4.25/include/common/standard.h
===================================================================
--- haproxy-1.4.25.orig/include/common/standard.h
+++ haproxy-1.4.25/include/common/standard.h
@@ -269,6 +269,28 @@ static inline unsigned int __strl2uic(co
return i;
}
@ -123,8 +127,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
static inline char *cut_crlf(char *s) {
--- a/include/proto/client.h
+++ b/include/proto/client.h
Index: haproxy-1.4.25/include/proto/client.h
===================================================================
--- haproxy-1.4.25.orig/include/proto/client.h
+++ haproxy-1.4.25/include/proto/client.h
@@ -25,6 +25,7 @@
#include <common/config.h>
#include <types/session.h>
@ -133,8 +139,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
void get_frt_addr(struct session *s);
int event_accept(int fd);
--- a/include/types/buffers.h
+++ b/include/types/buffers.h
Index: haproxy-1.4.25/include/types/buffers.h
===================================================================
--- haproxy-1.4.25.orig/include/types/buffers.h
+++ haproxy-1.4.25/include/types/buffers.h
@@ -135,16 +135,16 @@
* The field is blanked by buffer_init() and only by analysers themselves
* afterwards.
@ -162,8 +170,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
#define AN_REQ_PRST_RDP_COOKIE 0x00000400 /* persistence on rdp cookie */
#define AN_REQ_HTTP_XFER_BODY 0x00000800 /* forward request body */
--- a/include/types/protocols.h
+++ b/include/types/protocols.h
Index: haproxy-1.4.25/include/types/protocols.h
===================================================================
--- haproxy-1.4.25.orig/include/types/protocols.h
+++ haproxy-1.4.25/include/types/protocols.h
@@ -72,6 +72,7 @@
#define LI_O_FOREIGN 0x0002 /* permit listening on foreing addresses */
#define LI_O_NOQUICKACK 0x0004 /* disable quick ack of immediate data (linux) */
@ -172,8 +182,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
/* The listener will be directly referenced by the fdtab[] which holds its
* socket. The listener provides the protocol-specific accept() function to
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
Index: haproxy-1.4.25/src/cfgparse.c
===================================================================
--- haproxy-1.4.25.orig/src/cfgparse.c
+++ haproxy-1.4.25/src/cfgparse.c
@@ -1467,6 +1467,16 @@ int cfg_parse_listen(const char *file, i
#endif
}
@ -200,7 +212,7 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
@@ -5726,6 +5736,9 @@ out_uri_auth_compat:
@@ -5743,6 +5753,9 @@ out_uri_auth_compat:
listener->handler = process_session;
listener->analysers |= curproxy->fe_req_ana;
@ -210,8 +222,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
/* smart accept mode is automatic in HTTP mode */
if ((curproxy->options2 & PR_O2_SMARTACC) ||
(curproxy->mode == PR_MODE_HTTP &&
--- a/src/client.c
+++ b/src/client.c
Index: haproxy-1.4.25/src/client.c
===================================================================
--- haproxy-1.4.25.orig/src/client.c
+++ haproxy-1.4.25/src/client.c
@@ -22,6 +22,7 @@
#include <common/compat.h>
@ -412,9 +426,11 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
/* Retrieves the original destination address used by the client, and sets the
* SN_FRT_ADDR_SET flag.
*/
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -4156,7 +4156,8 @@ void http_end_txn_clean_session(struct s
Index: haproxy-1.4.25/src/proto_http.c
===================================================================
--- haproxy-1.4.25.orig/src/proto_http.c
+++ haproxy-1.4.25/src/proto_http.c
@@ -4209,7 +4209,8 @@ void http_end_txn_clean_session(struct s
if (s->rep->lr >= s->rep->data + s->rep->size)
s->rep->lr -= s->req->size;
@ -424,7 +440,7 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
s->rep->analysers = 0;
http_silent_debug(__LINE__, s);
@@ -7741,7 +7742,6 @@ void http_reset_txn(struct session *s)
@@ -7807,7 +7808,6 @@ void http_reset_txn(struct session *s)
http_init_txn(s);
s->be = s->fe;
@ -432,8 +448,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
s->logs.logwait = s->fe->to_log;
s->srv = s->prev_srv = s->srv_conn = NULL;
/* re-init store persistence */
--- a/src/session.c
+++ b/src/session.c
Index: haproxy-1.4.25/src/session.c
===================================================================
--- haproxy-1.4.25.orig/src/session.c
+++ haproxy-1.4.25/src/session.c
@@ -34,6 +34,7 @@
#include <proto/proxy.h>
#include <proto/queue.h>
@ -442,7 +460,7 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
#include <proto/stick_table.h>
#include <proto/stream_interface.h>
#include <proto/stream_sock.h>
@@ -1071,6 +1072,12 @@ resync_stream_interface:
@@ -1083,6 +1084,12 @@ resync_stream_interface:
while (ana_list && max_loops--) {
/* Warning! ensure that analysers are always placed in ascending order! */
@ -455,8 +473,10 @@ Subject: [PATCH] Proxy Protocol based on haproxy 1.4.23
if (ana_list & AN_REQ_INSPECT) {
if (!tcp_inspect_request(s, s->req, AN_REQ_INSPECT))
break;
--- a/src/standard.c
+++ b/src/standard.c
Index: haproxy-1.4.25/src/standard.c
===================================================================
--- haproxy-1.4.25.orig/src/standard.c
+++ haproxy-1.4.25/src/standard.c
@@ -569,6 +569,11 @@ unsigned int strl2uic(const char *s, int
return __strl2uic(s, len);
}

202
net/haproxy/patches/0010-MEDIUM-http-add-redirect-scheme-to-ease-HTTP-to-HTTP.patch
View File

@ -1,202 +0,0 @@
From eb9632f7c6ae675bdee4c82eb0d298ba7f37fc52 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Wed, 12 Sep 2012 08:43:15 +0200
Subject: [PATCH 10/10] MEDIUM: http: add "redirect scheme" to ease HTTP to
HTTPS redirection
For instance :
redirect scheme https if !{ is_ssl }
Backport-suggested-by: Russell Geldmacher <russell.geldmacher@gmail.com>
(cherry picked from commit 2e1dca8f5238155cbc52d37316fe858c4f61cf34)
---
doc/configuration.txt | 35 ++++++++++++++++++-------
include/types/proto_http.h | 1 +
src/cfgparse.c | 14 +++++++++-
src/proto_http.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 104 insertions(+), 11 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 56438dd..f2043a1 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -4039,8 +4039,9 @@ rate-limit sessions <rate>
See also : the "backlog" keyword and the "fe_sess_rate" ACL criterion.
-redirect location <to> [code <code>] <option> [{if | unless} <condition>]
-redirect prefix <to> [code <code>] <option> [{if | unless} <condition>]
+redirect location <loc> [code <code>] <option> [{if | unless} <condition>]
+redirect prefix <pfx> [code <code>] <option> [{if | unless} <condition>]
+redirect scheme <sch> [code <code>] <option> [{if | unless} <condition>]
Return an HTTP redirection if/unless a condition is matched
May be used in sections : defaults | frontend | listen | backend
no | yes | yes | yes
@@ -4049,14 +4050,25 @@ redirect prefix <to> [code <code>] <option> [{if | unless} <condition>]
response. If no condition is specified, the redirect applies unconditionally.
Arguments :
- <to> With "redirect location", the exact value in <to> is placed into
- the HTTP "Location" header. In case of "redirect prefix", the
- "Location" header is built from the concatenation of <to> and the
- complete URI, including the query string, unless the "drop-query"
- option is specified (see below). As a special case, if <to>
- equals exactly "/" in prefix mode, then nothing is inserted
- before the original URI. It allows one to redirect to the same
- URL.
+ <loc> With "redirect location", the exact value in <loc> is placed into
+ the HTTP "Location" header.
+
+ <pfx> With "redirect prefix", the "Location" header is built from the
+ concatenation of <pfx> and the complete URI path, including the
+ query string, unless the "drop-query" option is specified (see
+ below). As a special case, if <pfx> equals exactly "/", then
+ nothing is inserted before the original URI. It allows one to
+ redirect to the same URL (for instance, to insert a cookie).
+
+ <sch> With "redirect scheme", then the "Location" header is built by
+ concatenating <sch> with "://" then the first occurrence of the
+ "Host" header, and then the URI path, including the query string
+ unless the "drop-query" option is specified (see below). If no
+ path is found or if the path is "*", then "/" is used instead. If
+ no "Host" header is found, then an empty host component will be
+ returned, which most recent browsers interprete as redirecting to
+ the same host. This directive is mostly used to redirect HTTP to
+ HTTPS.
<code> The code is optional. It indicates which type of HTTP redirection
is desired. Only codes 301, 302, 303, 307 and 308 are supported,
@@ -4117,6 +4129,9 @@ redirect prefix <to> [code <code>] <option> [{if | unless} <condition>]
acl missing_slash path_reg ^/article/[^/]*$
redirect code 301 prefix / drop-query append-slash if missing_slash
+ Example: redirect all HTTP traffic to HTTPS when SSL is handled by haproxy.
+ redirect scheme https if !{ is_ssl }
+
See section 7 about ACL usage.
diff --git a/include/types/proto_http.h b/include/types/proto_http.h
index 09d4dd8..0e2b14f 100644
--- a/include/types/proto_http.h
+++ b/include/types/proto_http.h
@@ -224,6 +224,7 @@ enum {
REDIRECT_TYPE_NONE = 0, /* no redirection */
REDIRECT_TYPE_LOCATION, /* location redirect */
REDIRECT_TYPE_PREFIX, /* prefix redirect */
+ REDIRECT_TYPE_SCHEME, /* scheme redirect (eg: switch from http to https) */
};
/* Perist types (force-persist, ignore-persist) */
diff --git a/src/cfgparse.c b/src/cfgparse.c
index cecec03..09ffcd3 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -2182,6 +2182,18 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
cur_arg++;
destination = args[cur_arg];
}
+ else if (!strcmp(args[cur_arg], "scheme")) {
+ if (!*args[cur_arg + 1]) {
+ Alert("parsing [%s:%d] : '%s': missing argument for '%s'.\n",
+ file, linenum, args[0], args[cur_arg]);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ goto out;
+ }
+
+ type = REDIRECT_TYPE_SCHEME;
+ cur_arg++;
+ destination = args[cur_arg];
+ }
else if (!strcmp(args[cur_arg], "set-cookie")) {
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d] : '%s': missing argument for '%s'.\n",
@@ -2240,7 +2252,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
break;
}
else {
- Alert("parsing [%s:%d] : '%s' expects 'code', 'prefix', 'location', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s').\n",
+ Alert("parsing [%s:%d] : '%s' expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s').\n",
file, linenum, args[0], args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
diff --git a/src/proto_http.c b/src/proto_http.c
index 7fd1fe6..ed35795 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -3390,6 +3390,71 @@ int http_process_req_common(struct session *s, struct buffer *req, int an_bit, s
goto return_bad_req;
switch(rule->type) {
+ case REDIRECT_TYPE_SCHEME: {
+ const char *path;
+ const char *host;
+ struct hdr_ctx ctx;
+ int pathlen;
+ int hostlen;
+
+ host = "";
+ hostlen = 0;
+ ctx.idx = 0;
+ if (http_find_header2("Host", 4, msg->sol, &txn->hdr_idx, &ctx)) {
+ host = ctx.line + ctx.val;
+ hostlen = ctx.vlen;
+ }
+
+ path = http_get_path(txn);
+ /* build message using path */
+ if (path) {
+ pathlen = txn->req.sl.rq.u_l + (txn->req.sol + txn->req.sl.rq.u) - path;
+ if (rule->flags & REDIRECT_FLAG_DROP_QS) {
+ int qs = 0;
+ while (qs < pathlen) {
+ if (path[qs] == '?') {
+ pathlen = qs;
+ break;
+ }
+ qs++;
+ }
+ }
+ } else {
+ path = "/";
+ pathlen = 1;
+ }
+
+ /* check if we can add scheme + "://" + host + path */
+ if (rdr.len + rule->rdr_len + 3 + hostlen + pathlen > rdr.size - 4)
+ goto return_bad_req;
+
+ /* add scheme */
+ memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len);
+ rdr.len += rule->rdr_len;
+
+ /* add "://" */
+ memcpy(rdr.str + rdr.len, "://", 3);
+ rdr.len += 3;
+
+ /* add host */
+ memcpy(rdr.str + rdr.len, host, hostlen);
+ rdr.len += hostlen;
+
+ /* add path */
+ memcpy(rdr.str + rdr.len, path, pathlen);
+ rdr.len += pathlen;
+
+ /* append a slash at the end of the location is needed and missing */
+ if (rdr.len && rdr.str[rdr.len - 1] != '/' &&
+ (rule->flags & REDIRECT_FLAG_APPEND_SLASH)) {
+ if (rdr.len > rdr.size - 5)
+ goto return_bad_req;
+ rdr.str[rdr.len] = '/';
+ rdr.len++;
+ }
+
+ break;
+ }
case REDIRECT_TYPE_PREFIX: {
const char *path;
int pathlen;
--
1.8.1.5