Willy Tarreau 2d392c2c2f MEDIUM: tcp: add new tcp action "silent-drop" ... This stops the evaluation of the rules and makes the client-facing connection suddenly disappear using a system-dependant way that tries to prevent the client from being notified. The effect it then that the client still sees an established connection while there's none on HAProxy. The purpose is to achieve a comparable effect to "tarpit" except that it doesn't use any local resource at all on the machine running HAProxy. It can resist much higher loads than "tarpit", and slow down stronger attackers. It is important to undestand the impact of using this mechanism. All stateful equipments placed between the client and HAProxy (firewalls, proxies, load balancers) will also keep the established connection for a long time and may suffer from this action. On modern Linux systems running with enough privileges, the TCP_REPAIR socket option is used to block the emission of a TCP reset. On other systems, the socket's TTL is reduced to 1 so that the TCP reset doesn't pass the first router, though it's still delivered to local networks.		2015-09-28 22:14:57 +02:00
..
51d.c	MINOR: 51d: Improved string handling for LRU cache	2015-09-21 12:55:24 +02:00
acl.c	BUG/MEDIUM: acl: always accept match "found"	2015-09-24 16:38:48 +02:00
applet.c	MINOR: stream-int: rename si_applet_done() to si_applet_wake_cb()	2015-09-25 21:16:02 +02:00
arg.c	BUG/MINOR: args: add name for ARGT_VAR	2015-09-21 20:57:12 +02:00
auth.c	MINOR: samples: rename union from "data" to "u"	2015-08-20 17:13:46 +02:00
backend.c	MAJOR: tproxy: remove support for cttproxy	2015-08-20 19:35:14 +02:00
base64.c	[MINOR] add encode/decode function for 30-bit integers from/to base64	2010-10-30 19:04:33 +02:00
buffer.c	BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data	2015-07-02 15:27:24 +02:00
cfgparse.c	MEDIUM: logs: have global.log_send_hostname not contain the trailing space	2015-09-28 18:27:45 +02:00
channel.c	MEDIUM: channel: don't always set CF_WAKE_WRITE on bi_put*	2015-03-13 14:00:47 +01:00
checks.c	MINOR: server: startup slowstart task when using seamless reload of HAProxy	2015-09-19 17:05:28 +02:00
chunk.c	MINOR: chunk: New function free_trash_buffers()	2015-09-28 14:00:00 +02:00
compression.c	MINOR: samples: rename union from "data" to "u"	2015-08-20 17:13:46 +02:00
connection.c	BUG/MAJOR: connection: fix TLV offset calculation for proxy protocol v2 parsing	2015-07-03 17:05:20 +02:00
da.c	MAJOR: da: Update of the DeviceAtlas API module	2015-09-28 14:01:27 +02:00
dns.c	BUG: dns: can't connect UDP socket on FreeBSD	2015-09-22 16:06:41 +02:00
dumpstats.c	MINOR: cli: do not call the release handler on internal error.	2015-09-25 21:16:03 +02:00
ev_epoll.c	CLEANUP: poll: move the conditions for waiting out of the poll functions	2015-04-13 20:47:51 +02:00
ev_kqueue.c	CLEANUP: poll: move the conditions for waiting out of the poll functions	2015-04-13 20:47:51 +02:00
ev_poll.c	CLEANUP: poll: move the conditions for waiting out of the poll functions	2015-04-13 20:47:51 +02:00
ev_select.c	CLEANUP: poll: move the conditions for waiting out of the poll functions	2015-04-13 20:47:51 +02:00
fd.c	MAJOR: polling: centralize calls to I/O callbacks	2014-11-21 20:37:32 +01:00
freq_ctr.c	BUG/MINOR: time: frequency counters are not totally accurate	2012-12-29 21:50:07 +01:00
frontend.c	MINOR: samples: rename union from "data" to "u"	2015-08-20 17:13:46 +02:00
haproxy-systemd-wrapper.c	BUILD/CLEANUP: systemd: avoid a warning due to mixed code and declaration	2015-03-04 10:11:57 +01:00
haproxy.c	MEDIUM: init: completely deallocate unused peers	2015-09-28 16:43:48 +02:00
hash.c	MINOR: hash: add new function hash_crc32	2015-01-20 19:48:05 +01:00
hdr_idx.c	OPTIM/MINOR: move the hdr_idx pools out of the proxy struct	2011-10-24 18:15:04 +02:00
hlua.c	MINOR: lua: add AppletHTTP class and service	2015-09-28 01:03:48 +02:00
i386-linux-vsys.c	MEDIUM: listener: add support for linux's accept4() syscall	2012-10-08 20:11:03 +02:00
lb_chash.c	REORG/MEDIUM: server: split server state and flags in two different variables	2014-05-22 11:27:00 +02:00
lb_fas.c	REORG/MEDIUM: server: split server state and flags in two different variables	2014-05-22 11:27:00 +02:00
lb_fwlc.c	REORG/MEDIUM: server: split server state and flags in two different variables	2014-05-22 11:27:00 +02:00
lb_fwrr.c	REORG/MEDIUM: server: split server state and flags in two different variables	2014-05-22 11:27:00 +02:00
lb_map.c	MINOR: server: make use of srv_is_usable() instead of checking eweight	2014-05-23 14:29:11 +02:00
listener.c	MINOR: samples: rename union from "data" to "u"	2015-08-20 17:13:46 +02:00
log.c	MEDIUM: logs: pass the trailing "\n" as an iovec	2015-09-28 18:31:09 +02:00
lru.c	BUG/MEDIUM: lru: fix possible memory leak when ->free() is used	2015-06-17 20:33:30 +02:00
mailers.c	MEDIUM: Add parsing of mailers section	2015-02-03 00:24:16 +01:00
map.c	MINOR: map: The map can return IPv4 and IPv6	2015-08-20 17:13:46 +02:00
memory.c	MEDIUM: memory: improve pool_refill_alloc() to pass a refill count	2014-12-24 23:47:31 +01:00
namespace.c	MAJOR: namespace: add Linux network namespace support	2014-11-21 07:51:57 +01:00
pattern.c	MINOR: samples: rename union from "data" to "u"	2015-08-20 17:13:46 +02:00
payload.c	BUG/MEDIUM: payload: make req.payload and payload_lv aware of dynamic buffers	2015-09-24 16:38:48 +02:00
peers.c	BUG/MINOR: fct peer_prepare_ackmsg should not use trash.	2015-09-22 16:07:34 +02:00
pipe.c	BUILD/MINOR: silent a build warning in src/pipe.c (fcntl)	2011-10-24 17:09:22 +02:00
proto_http.c	MINOR: proto_http: Externalisation of previously internal functions	2015-09-28 14:01:27 +02:00
proto_tcp.c	MEDIUM: tcp: add new tcp action "silent-drop"	2015-09-28 22:14:57 +02:00
proto_udp.c	MEDIUM: protocol: add minimalist UDP protocol client	2015-06-13 22:07:35 +02:00
proto_uxst.c	REORG/MEDIUM: stream: rename stream flags from SN_* to SF_*	2015-04-06 11:23:57 +02:00
protocol.c	MEDIUM: protocol: use a family array to index the protocol handlers	2015-02-28 23:12:31 +01:00
proxy.c	BUG/MEDIUM: proxy: do not wake stopped proxies' tasks during soft_stop()	2015-09-28 16:35:04 +02:00
queue.c	REORG/MEDIUM: stream: rename stream flags from SN_* to SF_*	2015-04-06 11:23:57 +02:00
raw_sock.c	BUG/MINOR: raw_sock: also consider ENOTCONN in addition to EAGAIN for recv()	2014-03-04 07:27:18 +01:00
rbtree.c	[MINOR] imported the rbtree function from Linux kernel	2007-01-07 02:12:57 +01:00
regex.c	MEDIUM: regex: add support for passing regex flags to regex_exec_match()	2015-01-22 14:24:53 +01:00
sample.c	MEDIUM: logs: add a new RFC5424 log-format for the structured-data	2015-09-28 14:01:27 +02:00
server.c	MINOR: standard: avoid DNS resolution from the function str2sa_range()	2015-09-27 15:04:32 +02:00
session.c	MEDIUM: vars: move the session variables to the session, not the stream	2015-06-19 11:59:02 +02:00
shctx.c	MINOR: stats: add counters for SSL cache lookups and misses	2014-05-28 16:53:04 +02:00
signal.c	BUG/MEDIUM: signal: signal handler does not properly check for signal bounds	2013-01-24 16:19:19 +01:00
ssl_sock.c	DOC: ssl: missing LF	2015-08-27 11:24:23 +02:00
standard.c	MINOR: standard: avoid DNS resolution from the function str2sa_range()	2015-09-27 15:04:32 +02:00
stick_table.c	MEDIUM: actions: pass a new "flags" argument to custom actions	2015-09-27 11:04:06 +02:00
stream.c	MINOR: stream/applet: add use-service action	2015-09-28 01:03:48 +02:00
stream_interface.c	BUG/MEDIUM: stream-int: avoid double-call to applet->release	2015-09-25 21:16:03 +02:00
task.c	REORG/MAJOR: session: rename the "session" entity to "stream"	2015-04-06 11:23:56 +02:00
time.c	BUG/MINOR: time: frequency counters are not totally accurate	2012-12-29 21:50:07 +01:00
trace.c	MINOR: add a new function call tracer for debugging purposes	2012-05-26 00:12:37 +02:00
uri_auth.c	BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage	2013-01-24 16:19:19 +01:00
vars.c	MEDIUM: actions: pass a new "flags" argument to custom actions	2015-09-27 11:04:06 +02:00
xxhash.c	IMPORT: hash: import xxhash-r39	2015-04-29 19:15:21 +02:00