upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-03 20:39:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 12
haproxy/src
History
Willy Tarreau e5658c52d0 BUG/MINOR: sock-inet: ignore conntrack for transparent sockets on Linux 
As reported in github issue #3192, in certain situations with transparent
listeners, it is possible to get the incoming connection's destination
wrong via SO_ORIGINAL_DST. Two cases were identified thus far:
  - incorrect conntrack configuration where NOTRACK is used only on
    incoming packets, resulting in reverse connections being created
    from response packets. It's then mostly a matter of timing, i.e.
    whether or not the connection is confirmed before the source is
    retrieved, but in this case the connection's destination address
    as retrieved by SO_ORIGINAL_DST is the client's address.

  - late outgoing retransmit that recreates a just expired conntrack
    entry, in reverse direction as well. It's possible that combinations
    of RST or FIN might play a role here in speeding up conntrack eviction,
    as well as the rollover of source ports on the client whose new
    connection matches an older one and simply refreshes it due to
    nf_conntrack_tcp_loose being set by default.

TPROXY doesn't require conntrack, only REDIRECT, DNAT etc do. However
the system doesn't offer any option to know how a conntrack entry was
created (i.e. normally or via a response packet) to let us know that
it's pointless to check the original destination, nor does it permit
to access the local vs peer addresses in opposition to src/dst which
can be wrong in this case.

One alternate approach could consist in only checking SO_ORIGINAL_DST
for listening sockets not configured with the "transparent" option,
but the problem here is that our low-level API only works with FDs
without knowing their purpose, so it's unknown there that the fd
corresponds to a listener, let alone in transparent mode.

A (slightly more expensive) variant of this approach here consists in
checking on the socket itself that it was accepted in transparent mode
using IP_TRANSPARENT, and skip SO_ORIGINAL_DST if this is the case.
This does the job well enough (no more client addresses appearing in
the dst field) and remains a good compromise. A future improvement of
the API could permit to pass the transparent flag down the stack to
that function.

This should be backported to stable versions after some observation
in latest -dev.

For reference, here are some links to older conversations on that topic
that Lukas found during this analysis:

  https://lists.openwall.net/netdev/2019/01/12/34
  https://discourse.haproxy.org/t/send-proxy-not-modifying-some-traffic-with-proxy-ip-port-details/3336/9
  https://www.mail-archive.com/haproxy@formilux.org/msg32199.html
  https://lists.openwall.net/netdev/2019/01/23/114
2025-11-26 13:43:58 +01:00
..
_ceb_addr.c IMPORT: cebtree: import version 0.5.0 to support duplicates 2025-09-16 09:23:46 +02:00
_ceb_blk.c IMPORT: cebtree: import version 0.5.0 to support duplicates 2025-09-16 09:23:46 +02:00
_ceb_int.c IMPORT: cebtree: import version 0.5.0 to support duplicates 2025-09-16 09:23:46 +02:00
_ceb_str.c IMPORT: cebtree: import version 0.5.0 to support duplicates 2025-09-16 09:23:46 +02:00
acl.c BUG/MINOR: acl: warn if "_sub" derivative used with an explicit match 2025-10-28 11:59:32 +01:00
acme.c BUG/MINOR: acme: fix ha_alert() call 2025-11-25 20:20:25 +01:00
action.c
activity.c MINOR: activity/memory: count allocations performed under a lock 2025-09-11 16:32:34 +02:00
applet.c BUG/MEDIUM: applet: Fix conditions to detect spinning loop with the new API 2025-11-21 09:41:05 +01:00
arg.c MINOR: arg: add an argument type for identifier 2024-10-18 14:30:24 +02:00
auth.c BUG/MINOR: auth: Fix a leak on error path when parsing user's groups 2025-02-06 16:55:37 +01:00
backend.c Revert "BUG/MEDIUM: server/ssl: Unset the SNI for new server connections if none is set" 2025-11-26 12:05:43 +01:00
base64.c
buf.c CLEANUP: buffers: simplify b_get_varint() 2024-10-18 18:28:39 +02:00
cache.c MINOR: cache: Use the <kip> value to check too big objects 2025-10-08 11:10:42 +02:00
calltrace.c
ceb32_tree.c IMPORT: cebtree: import version 0.5.0 to support duplicates 2025-09-16 09:23:46 +02:00
ceb64_tree.c IMPORT: cebtree: import version 0.5.0 to support duplicates 2025-09-16 09:23:46 +02:00
ceba_tree.c IMPORT: cebtree: import version 0.5.0 to support duplicates 2025-09-16 09:23:46 +02:00
cebb_tree.c IMPORT: cebtree: import version 0.5.0 to support duplicates 2025-09-16 09:23:46 +02:00
cebib_tree.c IMPORT: cebtree: import version 0.5.0 to support duplicates 2025-09-16 09:23:46 +02:00
cebis_tree.c IMPORT: cebtree: import version 0.5.0 to support duplicates 2025-09-16 09:23:46 +02:00
cebl_tree.c IMPORT: cebtree: import version 0.5.0 to support duplicates 2025-09-16 09:23:46 +02:00
cebs_tree.c IMPORT: cebtree: import version 0.5.0 to support duplicates 2025-09-16 09:23:46 +02:00
cebtree-dbg.c IMPORT: cebtree: import version 0.5.0 to support duplicates 2025-09-16 09:23:46 +02:00
cebtree-prv.h IMPORT: import cebtree (compact elastic binary trees) 2024-09-15 23:44:59 +02:00
cfgcond.c MINOR: cfgcond: add "awslc_api_atleast" and "awslc_api_before" 2025-11-14 11:01:45 +01:00
cfgdiag.c MINOR: check: clarify check-reuse-pool interaction with reuse policy 2025-11-14 10:44:05 +01:00
cfgparse-global.c BUG/MINOR: config: Limit "tune.maxpollevents" parameter to 1000000 2025-11-06 15:56:21 +01:00
cfgparse-listen.c MEDIUM: proxy: index proxy ID using compact trees 2025-09-16 09:23:46 +02:00
cfgparse-quic.c BUG/MINOR: quic: rename and duplicate stream settings 2025-10-23 16:49:20 +02:00
cfgparse-ssl.c MEDIUM: ssl: Add certificate password callback that calls external command 2025-10-29 10:54:17 +01:00
cfgparse-tcp.c MINOR: server: add the "cc" keyword to set the TCP congestion controller 2025-09-17 17:19:33 +02:00
cfgparse-unix.c
cfgparse.c BUG/MEDIUM: server: do not use default SNI if manually set 2025-11-24 11:45:18 +01:00
channel.c MINOR: channel: Remove total field from channels 2025-11-06 15:01:29 +01:00
check.c BUG/MINOR: check: fix QUIC check test when QUIC disabled 2025-11-14 17:27:53 +01:00
chunk.c BUG/MEDIUM: chunk: make sure to flush the trash pool before resizing 2025-01-29 17:55:18 +01:00
cli.c BUG/MEDIUM: cli: State the cli have no more data to deliver if it yields 2025-11-21 10:00:15 +01:00
clock.c MINOR: clock: add clock_get_now_offset() helper 2025-08-07 22:27:09 +02:00
compression.c MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL 2025-08-11 19:55:30 +02:00
connection.c Revert "BUG/MEDIUM: connections: permit to permanently remove an idle conn" 2025-11-14 16:06:34 +01:00
counters.c MEDIUM: guid: switch guid to more compact cebuis_tree 2025-09-16 09:23:46 +02:00
cpu_topo.c MINOR: cpu-topo: write thread-cpu bindings into trash buffer 2025-07-17 19:07:58 +02:00
cpuset.c BUG/MINOR: cpu_topo: work around a small bug in musl's CPU_ISSET() 2025-09-06 11:05:52 +02:00
debug.c MINOR: thread: add a lock level information in the thread_ctx 2025-09-11 16:32:34 +02:00
dgram.c MINOR: cfgparse: parse tune.{rcvbuf,sndbuf}.{frontend,backend} as sizes 2024-11-18 18:50:02 +01:00
dict.c
dns.c MEDIUM: dns: bind the nameserver sockets to the initiating thread 2025-09-10 16:48:09 +02:00
dns_ring.c MAJOR: import: update mt_list to support exponential back-off (try #2) 2024-07-09 16:46:38 +02:00
dynbuf.c OPTIM: buffers: align the buffer pool to 64 2025-08-11 19:55:30 +02:00
eb32sctree.c
eb32tree.c IMPORT: ebtree: only use __builtin_prefetch() when supported 2025-09-17 14:30:32 +02:00
eb64tree.c IMPORT: ebtree: only use __builtin_prefetch() when supported 2025-09-17 14:30:32 +02:00
ebimtree.c
ebistree.c
ebmbtree.c
ebsttree.c
ebtree.c
ech.c BUILD: ech: fix clang warnings 2025-11-14 11:35:38 +01:00
errors.c MEDIUM: errors: get rid of shm_open() 2025-01-07 16:42:38 +01:00
ev_epoll.c MEDIUM: pollers: Drop fd events after a takeover to another tgid. 2025-02-26 13:00:18 +01:00
ev_evports.c MEDIUM: pollers: Drop fd events after a takeover to another tgid. 2025-02-26 13:00:18 +01:00
ev_kqueue.c MEDIUM: pollers: Drop fd events after a takeover to another tgid. 2025-02-26 13:00:18 +01:00
ev_poll.c DEBUG: pollers/fd: add thread id suffix to per-thread memory areas name hints 2024-05-24 12:07:18 +02:00
ev_select.c DEBUG: pollers/fd: add thread id suffix to per-thread memory areas name hints 2024-05-24 12:07:18 +02:00
event_hdl.c MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL 2025-08-11 19:55:30 +02:00
extcheck.c BUG/MEDIUM: checks: make sure to always apply offsets to now_ms in expiration 2024-11-15 15:39:00 +01:00
fcgi-app.c MEDIUM: stats: consider that shared stats pointers may be NULL 2025-09-18 16:49:51 +02:00
fcgi.c
fd.c CLEANUP: fd: make use of ha_aligned_alloc() for the fdtab 2025-08-11 19:55:30 +02:00
filters.c MEDIUM: htx: Remove the HTX extra field 2025-10-08 11:10:42 +02:00
fix.c
flt_bwlim.c BUG/MINOR: freq_ctr: Prevent possible signed overflow in freq_ctr_overshoot_period 2025-11-24 14:10:13 +01:00
flt_http_comp.c MINOR: compression: Use the <kip> value to check body size 2025-10-08 11:10:42 +02:00
flt_spoe.c BUG/MEDIUM: spoe: Improve error detection in SPOE applet on client abort 2025-08-26 16:12:18 +02:00
flt_trace.c BUG/MINOR: flt-trace: Support only one name option 2025-02-06 17:01:15 +01:00
freq_ctr.c BUG/MINOR: freq_ctr: Prevent possible signed overflow in freq_ctr_overshoot_period 2025-11-24 14:10:13 +01:00
frontend.c MEDIUM: stats: avoid 1 indirection by storing the shared stats directly in counters struct 2025-07-25 16:46:10 +02:00
guid.c MEDIUM: guid: switch guid to more compact cebuis_tree 2025-09-16 09:23:46 +02:00
h1.c BUG/MEDIUM: h1/h2/h3: reject forbidden chars in the Host header field 2025-05-16 15:13:17 +02:00
h1_htx.c BUG/MEDIUM: mux-h1: fix 414 / 431 status code reporting 2025-11-05 10:55:18 +01:00
h2.c BUG/MINOR: h2: forbid 'Z' as well in header field names checks 2025-10-02 15:29:58 +02:00
h3.c BUG/MINOR: h3: handle properly buf alloc failure on response forwarding 2025-11-25 15:55:08 +01:00
h3_stats.c MINOR: h3/qpack: adjust naming for errors 2024-05-16 10:31:17 +02:00
haproxy.c MINOR: limits: keep a copy of the rough estimate of needed FDs in global struct 2025-11-20 08:44:52 +01:00
hash.c
hlua.c MINOR: hlua/http-fetch: Use <kip> instead of HTX extra field to get body size 2025-10-08 11:10:25 +02:00
hlua_fcn.c MINOR: stick-tables: Rename stksess shards to use buckets 2025-11-17 07:42:51 +01:00
hpack-dec.c
hpack-enc.c
hpack-huff.c
hpack-tbl.c
hq_interop.c MINOR: channel: Remove total field from channels 2025-11-06 15:01:29 +01:00
http.c MINOR: http: fix 405,431,501 default errorfile 2025-10-29 08:47:19 +01:00
http_acl.c
http_act.c MEDIUM: stats: consider that shared stats pointers may be NULL 2025-09-18 16:49:51 +02:00
http_ana.c MINOR: channel: Remove total field from channels 2025-11-06 15:01:29 +01:00
http_client.c BUG/MEDIUM: http-client: Fix the test on the response start-line 2025-09-19 14:59:28 +02:00
http_conv.c MINOR: http-conv: Remove unreachable goto statement in sample_conv_q_preferred 2024-11-06 10:06:52 +01:00
http_ext.c CLEANUP: assorted typo fixes in the code and comments 2025-04-02 11:12:20 +02:00
http_fetch.c MINOR: hlua/http-fetch: Use <kip> instead of HTX extra field to get body size 2025-10-08 11:10:25 +02:00
http_htx.c MINOR: config: Alert about extra arguments for errorfile and errorloc 2025-01-03 10:10:09 +01:00
http_rules.c MINOR: http-ana: Add support for "set-cookie-fmt" option to redirect rules 2024-11-19 15:20:02 +01:00
httpclient_cli.c MINOR: httpclient-cli: Reset httpclient HTX buffer instead of removing blocks 2025-07-24 12:13:42 +02:00
htx.c MEDIUM: htx: prevent <mark> to copy incomplete headers in htx_xfer_blks() 2025-01-31 15:51:51 +01:00
init.c MINOR: init: add REGISTER_POST_DEINIT_MASTER() hook 2025-08-07 22:27:14 +02:00
jws.c BUG/MEDIUM: jws: return size_t in JWS functions 2025-09-11 14:31:32 +02:00
jwt.c MINOR: jwt: Add specific error code for known but unavailable certificate 2025-10-13 10:38:52 +02:00
lb_chash.c BUG/MAJOR: lb-chash: fix key calculation when using default hash-key id 2025-10-16 10:43:09 +02:00
lb_fas.c MINOR: proxies/servers: Calculate queueslength and use it. 2025-01-28 12:49:41 +01:00
lb_fwlc.c BUG/MEDIUM: fwlc: Handle memory allocation failures. 2025-10-01 18:13:33 +02:00
lb_fwrr.c MEDIUM: lb_fwrr: Don't start all thread groups on the same server. 2025-04-17 17:38:23 +02:00
lb_map.c MINOR: proxies/servers: Calculate queueslength and use it. 2025-01-28 12:49:41 +01:00
lb_ss.c MINOR: lbprm: implement true "sticky" balance algo 2024-03-29 17:08:37 +01:00
limits.c MINOR: limits: display the computed maxconn using ha_notice() 2025-11-20 18:38:09 +01:00
linuxcap.c MEDIUM: init: always warn when running as root without being asked to 2025-09-05 08:51:07 +02:00
listener.c MINOR: listener: implement bind_conf_find_by_name() 2025-10-30 10:37:42 +01:00
log.c MINOR: httpclient: complete the https log 2025-11-22 12:29:33 +01:00
lru.c BUG/MINOR: lru: fix the standalone test case for invalid revision 2024-04-13 08:43:12 +02:00
mailers.c MINOR: mailers: warn if mailers are configured but not actually used 2025-06-27 16:41:18 +02:00
map.c MINOR: cli/applet: Move appctx fields only used by the CLI in a private context 2025-04-24 15:09:37 +02:00
mjson.c CLEANUP: mjson: remove unused defines from mjson.h 2025-10-06 09:30:07 +02:00
mqtt.c CLEANUP: mqtt: fix typo in MQTT_REMAINING_LENGHT_MAX_SIZE 2024-08-30 14:58:59 +02:00
mux_fcgi.c BUG/MEDIUM: connection: do not reinsert a purgeable conn in idle list 2025-11-14 16:06:34 +01:00
mux_h1.c MINOR: muxes: Support an optional ALPN string when defining mux protocols 2025-11-20 16:14:52 +01:00
mux_h2.c MINOR: muxes: Support an optional ALPN string when defining mux protocols 2025-11-20 16:14:52 +01:00
mux_pt.c MEDIUM: mux_h1/mux_pt: Use XPRT_CAN_SPLICE to decide if we should splice 2025-08-20 18:33:10 +02:00
mux_quic.c BUG/MINOR: mux-quic: check access on qcs stream-endpoint 2025-11-21 11:16:07 +01:00
mux_spop.c BUG/MEDIUM: connection: do not reinsert a purgeable conn in idle list 2025-11-14 16:06:34 +01:00
mworker.c BUG/MEDIUM: mworker: signals inconsistencies during startup and reload 2025-11-18 10:05:42 +01:00
namespace.c BUG/MINOR: namespace: handle a possible strdup() failure 2024-12-10 08:05:34 +01:00
ncbmbuf.c MINOR: ncbmbuf: add tests as standalone mode 2025-10-22 15:04:24 +02:00
ncbuf.c
pattern.c BUG/MINOR: pattern: Fix pattern lookup for map with opt@ prefix 2025-09-25 15:28:22 +02:00
payload.c MINOR: ssl: Introduce new smp_client_hello_parse() function 2025-07-01 11:55:36 +02:00
peers.c CLEANUP: peers: remove an unneeded null check 2025-11-14 13:47:20 +01:00
pipe.c MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL 2025-08-11 19:55:30 +02:00
pool.c BUG/MAJOR: pools: fix default pool alignment 2025-10-22 09:06:20 +02:00
proto_quic.c MINOR: quic: store source address for backend conns 2025-11-20 16:44:03 +01:00
proto_rhttp.c OPTIM: proto_rhttp: Don't set SNI for non-ssl connections 2025-09-05 15:56:42 +02:00
proto_sockpair.c MINOR: proto_sockpair: send_fd_uxst: init iobuf, cmsghdr, cmsgbuf to zeros 2024-11-25 15:20:24 +01:00
proto_tcp.c MINOR: server: add the "cc" keyword to set the TCP congestion controller 2025-09-17 17:19:33 +02:00
proto_udp.c CLEANUP: protocol: no longer initialize .receivers nor .nb_receivers 2024-08-21 17:37:46 +02:00
proto_uxdg.c MINOR: protocol: create abnsz socket address family 2024-10-29 12:14:50 +01:00
proto_uxst.c MINOR: sock: Add protocol and socket types parameters to sock_create_server_socket() 2025-06-11 18:37:34 +02:00
protocol.c MINOR: quic: rename "no-quic" to "tune.quic.listen" 2025-10-23 16:47:58 +02:00
proxy.c BUG/MEDIUM: proxy: use aligned allocations for struct proxy_per_tgroup 2025-11-07 22:22:55 +01:00
qmux_http.c MEDIUM: htx: Remove the HTX extra field 2025-10-08 11:10:42 +02:00
qmux_trace.c MINOR: mux-quic: define flag for backend side 2025-06-12 11:28:54 +02:00
qpack-dec.c MINOR: h3/qpack: adjust naming for errors 2024-05-16 10:31:17 +02:00
qpack-enc.c BUG/MINOR: h3: ensure that invalid status code are not encoded (FE side) 2025-07-15 18:39:23 +02:00
qpack-tbl.c
queue.c OPTIM: queue: align the pendconn pools to 64 2025-08-11 19:55:30 +02:00
quic_ack.c MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL 2025-08-11 19:55:30 +02:00
quic_cc.c MINOR: quic: rename max Tx mem setting 2025-10-23 16:49:20 +02:00
quic_cc_bbr.c BUG/MINOR: quic: ensure cwnd limits are always enforced 2025-04-29 15:10:06 +02:00
quic_cc_cubic.c MINOR: quic: split congestion controler options for FE/BE usage 2025-10-23 16:49:20 +02:00
quic_cc_drs.c BUG/MINOR: quic: remove max_bw filter from delivery rate sampling 2024-12-13 14:42:43 +01:00
quic_cc_newreno.c BUG/MINOR: quic: ensure cwnd limits are always enforced 2025-04-29 15:10:06 +02:00
quic_cc_nocc.c MINOR: quic: rename min/max fields for congestion window algo 2025-04-29 15:10:06 +02:00
quic_cid.c MINOR: quic: split global CID tree between FE and BE sides 2025-11-25 14:30:18 +01:00
quic_cli.c BUG/MINOR: quic: fix uninit list on show quic handler 2025-11-25 14:50:19 +01:00
quic_conn.c BUG/MINOR: quic: release BE quic_conn on connect failure 2025-11-25 14:50:23 +01:00
quic_enc.c TESTS: quic: useless param for b_quic_dec_int() 2025-10-15 09:58:03 +02:00
quic_fctl.c MINOR: mux-quic: define a flow control related type 2024-01-31 16:28:54 +01:00
quic_frame.c MINOR: quic-be: Parse the NEW_TOKEN frame 2025-11-13 14:04:31 +01:00
quic_loss.c MINOR: quic: split congestion controler options for FE/BE usage 2025-10-23 16:49:20 +02:00
quic_openssl_compat.c MINOR: quic: prefer qc_is_back() usage over qc->target 2025-08-07 16:59:59 +02:00
quic_pacing.c MINOR: quic: adapt credit based pacing to BBR 2025-01-23 17:41:07 +01:00
quic_retransmit.c MINOR: quic: prefer qc_is_back() usage over qc->target 2025-08-07 16:59:59 +02:00
quic_retry.c MINOR: quic-be: address validation support implementation (RETRY) 2025-06-26 09:48:00 +02:00
quic_rules.c CLEANUP: tree-wide: define and use acl_match_cond() helper 2025-01-27 11:11:43 +01:00
quic_rx.c MINOR: quic: split global CID tree between FE and BE sides 2025-11-25 14:30:18 +01:00
quic_sock.c MINOR: quic: store source address for backend conns 2025-11-20 16:44:03 +01:00
quic_ssl.c BUG/MEDIUM: quic-be: prevent use of MUX for 0-RTT sessions without secrets 2025-11-17 15:40:24 +01:00
quic_stats.c MINOR: stats: introduce a more expressive stat definition method 2024-04-26 10:20:57 +02:00
quic_stream.c MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL 2025-08-11 19:55:30 +02:00
quic_tls.c BUG/MAJOR: quic: use ncbmbuf for CRYPTO handling 2025-10-22 15:04:41 +02:00
quic_token.c MINOR: quic: Token for future connections implementation. 2024-08-30 17:04:09 +02:00
quic_tp.c MINOR: quic-be: validate the 0-RTT transport parameters 2025-11-13 14:04:31 +01:00
quic_trace.c MINOR: quic-be: helper functions to save/restore transport params (0-RTT) 2025-11-13 14:04:31 +01:00
quic_tx.c BUG/MEDIUM: quic: do not prevent sending if no BE token 2025-11-25 14:30:18 +01:00
raw_sock.c MINOR: rawsock: introduce CO_RFL_TRY_HARDER to detect closures on complete reads 2025-10-01 10:23:01 +02:00
regex.c MINOR: regex: use a thread-local match pointer for pcre2 2025-10-13 16:56:43 +02:00
resolvers.c BUG/MINOR: resolvers: ensure fair round robin iteration 2025-11-02 17:28:32 +01:00
ring.c OPTIM: ring: avoid reloading the tail_ofs value before the CAS in ring_write() 2025-09-18 15:27:32 +02:00
sample.c MINOR: sample/stats: Add "bytes" in req_{in,out} and res_{in,out} names 2025-11-07 14:09:48 +01:00
server.c BUG/MINOR: server: fix srv_drop() crash on partially init srv 2025-11-25 15:16:13 +01:00
server_state.c MEDIUM: stats: consider that shared stats pointers may be NULL 2025-09-18 16:49:51 +02:00
session.c MEDIUM: stats: consider that shared stats pointers may be NULL 2025-09-18 16:49:51 +02:00
sha1.c
shctx.c DEBUG: shctx: name shared memory using vma_set_name() 2024-05-21 17:55:03 +02:00
signal.c MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL 2025-08-11 19:55:30 +02:00
sink.c BUG/MINOR: sink: retry attempt for sft server may never occur 2025-10-03 14:31:05 +02:00
slz.c IMPORT: slz: silence a build warning on non-x86 non-arm 2025-05-16 16:43:53 +02:00
sock.c MINOR: sock: update broken accept4 detection for older hardwares. 2025-08-08 06:01:18 +02:00
sock_inet.c BUG/MINOR: sock-inet: ignore conntrack for transparent sockets on Linux 2025-11-26 13:43:58 +01:00
sock_unix.c MEDIUM: socket: add zero-terminated ABNS alternative 2024-10-29 12:15:24 +01:00
ssl_ckch.c BUG/MINOR: acme: allow 'key' when generating cert 2025-11-06 14:11:43 +01:00
ssl_clienthello.c MINOR: quic-be: validate the 0-RTT transport parameters 2025-11-13 14:04:31 +01:00
ssl_crtlist.c MEDIUM: ssl/cli: relax crt insertion in crt-list of type directory 2025-08-11 17:42:16 +02:00
ssl_gencert.c BUG/MEDIUM: quic: Crash after QUIC server callbacks restoration (OpenSSL 3.5) 2025-07-09 16:01:02 +02:00
ssl_ocsp.c MEDIUM: ssl/ckch: use ckch_store instead of ckch_data for ckch_conf_kws 2025-11-06 11:56:27 +01:00
ssl_sample.c MINOR: ssl/sample: expose ssl_*c_curve for AWS-LC 2025-11-13 17:36:43 +01:00
ssl_sock.c BUG/MEDIUM: connection/ssl: also fix the ssl_sock_io_cb() regarding idle list 2025-11-20 17:19:50 +01:00
ssl_trace.c BUG/MINOR: ssl: Fix potential NULL deref in trace callback 2025-09-11 14:31:32 +02:00
ssl_utils.c BUG/MINOR: acme: P-256 doesn't work with openssl >= 3.0 2025-11-18 11:34:28 +01:00
stats-file.c BUG/MEDIUM: stats-file: fix shm-stats-file preload not working anymore 2025-11-11 22:36:17 +01:00
stats-html.c MINOR: stats: display new curr_sess_idle_conns server counter 2025-08-28 18:58:11 +02:00
stats-json.c BUG/MINOR: stats-json: Define JSON_INT_MAX as a signed integer 2025-02-06 17:19:49 +01:00
stats-proxy.c MINOR: stats-proxy: ensure future-proof FN_AGE manipulation in me_generate_field() 2025-11-10 21:32:22 +01:00
stats.c MINOR: pattern: add a counter of added/freed patterns 2025-07-05 00:12:45 +02:00
stconn.c MINOR: channel: Remove total field from channels 2025-11-06 15:01:29 +01:00
stick_table.c MINOR: stick-tables: Rename stksess shards to use buckets 2025-11-17 07:42:51 +01:00
stream.c DEBUG: stream: Add bytes_in/bytes_out value for both SC in session dump 2025-11-06 15:01:29 +01:00
systemd.c BUILD: systemd: fix usage of reserved name "sun" in the address field 2024-11-25 08:09:09 +01:00
task.c MINOR: sched: pass the thread number to is_sched_alive() 2025-10-01 10:18:53 +02:00
tcp_act.c MEDIUM: stats: consider that shared stats pointers may be NULL 2025-09-18 16:49:51 +02:00
tcp_rules.c MEDIUM: stats: consider that shared stats pointers may be NULL 2025-09-18 16:49:51 +02:00
tcp_sample.c MINOR: sample: define bc_reused fetch 2025-04-02 14:57:40 +02:00
tcpcheck.c Revert "BUG/MEDIUM: server/ssl: Unset the SNI for new server connections if none is set" 2025-11-26 12:05:43 +01:00
thread.c BUG/MEDIUM: threads/config: drop absent threads from thread groups 2025-10-17 20:36:00 +02:00
time.c
tools.c MINOR: cfgcond: add "awslc_api_atleast" and "awslc_api_before" 2025-11-14 11:01:45 +01:00
trace.c MINOR: trace: don't call strlen() on the function's name 2025-09-18 08:31:57 +02:00
uri_auth.c MEDIUM: uri_auth: implement clean uri_auth cleaning 2024-11-14 15:03:38 +01:00
uri_normalizer.c BUILD: tree-wide: cast arguments to tolower/toupper to unsigned char (2) 2024-07-18 13:29:52 +02:00
vars.c CLEANUP: vars: use the item API for the variables trees 2025-09-16 10:51:23 +02:00
version.c REORG: version: move the remaining BUILD_* stuff from haproxy.c to version.c 2025-01-20 17:53:55 +01:00
wdt.c BUG/MEDIUM: wdt: improve stuck task detection accuracy 2025-10-01 10:18:53 +02:00
xprt_handshake.c MINOR: xprt: Add recvmsg() and sendmsg() parameters to rcv_buf() and snd_buf(). 2025-08-20 17:28:03 +02:00
xprt_quic.c BUG/MINOR: quic: release BE quic_conn on connect failure 2025-11-25 14:50:23 +01:00