From 75e24e96f9356a751eb85d333a141ceab55bd03b070fcc079db32b8aac69f2e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Tue, 15 Oct 2013 08:42:00 +0000 Subject: [PATCH] Accepting request 203204 from network:ha-clustering:Factory Resubmit of haproxy after applying license patch from legal. OBS-URL: https://build.opensuse.org/request/show/203204 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=1 --- .gitattributes | 23 + .gitignore | 1 + haproxy-1.2.16_config_haproxy_user.patch | 32 ++ haproxy-1.4.24.tar.gz | 3 + haproxy-makefile_lib.patch | 13 + haproxy-rpmlintrc | 2 + haproxy.changes | 591 +++++++++++++++++++++++ haproxy.init | 248 ++++++++++ haproxy.spec | 107 ++++ haproxy.vim | 164 +++++++ 10 files changed, 1184 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 haproxy-1.2.16_config_haproxy_user.patch create mode 100644 haproxy-1.4.24.tar.gz create mode 100644 haproxy-makefile_lib.patch create mode 100644 haproxy-rpmlintrc create mode 100644 haproxy.changes create mode 100644 haproxy.init create mode 100644 haproxy.spec create mode 100644 haproxy.vim diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/haproxy-1.2.16_config_haproxy_user.patch b/haproxy-1.2.16_config_haproxy_user.patch new file mode 100644 index 0000000..bbea24f --- /dev/null +++ b/haproxy-1.2.16_config_haproxy_user.patch @@ -0,0 +1,32 @@ +Index: examples/examples.cfg +=================================================================== +--- examples/examples.cfg.orig ++++ examples/examples.cfg +@@ -3,8 +3,8 @@ + # log 127.0.0.1 local1 + maxconn 4000 + ulimit-n 8000 +- uid 0 +- gid 0 ++ user haproxy ++ group haproxy + # chroot /tmp + # nbproc 2 + # daemon +Index: examples/haproxy.cfg +=================================================================== +--- examples/haproxy.cfg.orig ++++ examples/haproxy.cfg +@@ -5,9 +5,9 @@ + log 127.0.0.1 local1 notice + #log loghost local0 info + maxconn 4096 +- chroot /usr/share/haproxy +- uid 99 +- gid 99 ++ chroot /var/lib/haproxy ++ user haproxy ++ group haproxy + daemon + #debug + #quiet diff --git a/haproxy-1.4.24.tar.gz b/haproxy-1.4.24.tar.gz new file mode 100644 index 0000000..2ec29a1 --- /dev/null +++ b/haproxy-1.4.24.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:680928f4d001be3b59b69d4501f41aeea69e7e56bf183fa032ad6144cf97c7ef +size 836768 diff --git a/haproxy-makefile_lib.patch b/haproxy-makefile_lib.patch new file mode 100644 index 0000000..46d4c78 --- /dev/null +++ b/haproxy-makefile_lib.patch @@ -0,0 +1,13 @@ +Index: Makefile +=================================================================== +--- Makefile.orig ++++ Makefile +@@ -460,7 +460,7 @@ ifneq ($(USE_PCRE)$(USE_STATIC_PCRE),) + PCREDIR := $(shell pcre-config --prefix 2>/dev/null || echo /usr/local) + ifneq ($(PCREDIR),) + PCRE_INC := $(PCREDIR)/include +-PCRE_LIB := $(PCREDIR)/lib ++PCRE_LIB := $(PCREDIR)/$(LIB) + endif + + ifeq ($(USE_STATIC_PCRE),) diff --git a/haproxy-rpmlintrc b/haproxy-rpmlintrc new file mode 100644 index 0000000..662d246 --- /dev/null +++ b/haproxy-rpmlintrc @@ -0,0 +1,2 @@ +addFilter('wrong-file-end-of-line-encoding .*/examples/errorfiles/.*\.http$') +addFilter('file-contains-current-date /usr/share/doc/packages/haproxy/examples/haproxy.spec') diff --git a/haproxy.changes b/haproxy.changes new file mode 100644 index 0000000..6275f92 --- /dev/null +++ b/haproxy.changes @@ -0,0 +1,591 @@ +------------------------------------------------------------------- +Thu Oct 10 15:16:32 UTC 2013 - cdenicolo@suse.com + +- license update: GPL-2.0+ and LGPL-2.1+ + only header files are LGPL, the rest is still GPL + +------------------------------------------------------------------- +Tue Jun 18 09:14:13 UTC 2013 - mrueckert@suse.de + +- update to 1.4.24 (bnc#825412) + - BUG/MAJOR: backend: consistent hash can loop forever in certain + circumstances + - BUG/MEDIUM: checks: disable TCP quickack when pure TCP checks + are used + - MEDIUM: protocol: implement a "drain" function in protocol + layers + - BUG/CRITICAL: fix a possible crash when using negative header + occurrences CVE-2013-2175 + +------------------------------------------------------------------- +Wed Apr 3 14:47:43 UTC 2013 - mrueckert@suse.de + +- update to 1.4.23 CVE-2013-1912 + - CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read + - BUG: fix garbage data when http-send-name-header replaces an + existing header + - BUG/MEDIUM: remove supplementary groups when changing gid + - BUG/MINOR: Correct logic in cut_crlf() + - BUG/MINOR: config: use a copy of the file name in proxy + configurations + - BUG/MINOR: epoll: correctly disable FD polling in fd_rem() + - MINOR: halog: sort output by cookie code + - BUG/MINOR: halog: -ad/-ac report the correct number of output + lines + - BUG/MINOR: halog: fix help message for -ut/-uto + - BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel + mode + - BUG/MEDIUM: command-line option -D must have precedence over + "debug" + - OPTIM: halog: keep a fast path for the lines-count only + - MINOR: halog: add a parameter to limit output line count + - BUG: halog: fix broken output limitation + - MEDIUM: checks: avoid accumulating TIME_WAITs during checks + - MEDIUM: checks: prevent TIME_WAITs from appearing also on + timeouts + - BUG/MAJOR: cli: show sess may randomly corrupt the + back-ref list + - BUG/MINOR: http: don't report client aborts as server errors + - BUG/MINOR: http: don't log a 503 on client errors while waiting + for requests + - BUG/MEDIUM: tcp: process could theorically crash on lack of + source ports + - BUG/MINOR: http: don't abort client connection on premature + responses + - BUILD: no need to clean up when making git-tar + - MINOR: http: always report PR-- flags for redirect rules + - BUG/MINOR: time: frequency counters are not totally accurate + - BUG/MINOR: http: don't process abortonclose when request was + sent + - BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait() + - BUG/MINOR: config: fix improper check for failed memory alloc + in ACL parser + - BUG/MEDIUM: checks: ensure the health_status is always within + bounds + - CLEANUP: http: remove a useless null check + - BUG/MEDIUM: signal: signal handler does not properly check for + signal bounds + - BUG/MEDIUM: uri_auth: missing NULL check and memory leak on + memory shortage + - CLEANUP: config: slowstart is never negative + - BUILD: improve the makefile's support for libpcre + - BUG/MINOR: checks: fix an warning introduced by commit 2f61455a + - MEDIUM: halog: add support for counting per source address + (-ic) + - DOC: mention the new HTTP 307 and 308 redirect statues + (cherry picked from commit + b67fdc4cd8bde202f2805d98683ddab929469a05) + - MEDIUM: poll: do not use FD_* macros anymore + - BUG/MAJOR: ev_select: disable the select() poller if maxsock > + FD_SETSIZE + - BUILD: enable poll() by default in the makefile + - BUILD: add explicit support for Mac OS/X + - BUG/CRITICAL: using HTTP information in tcp-request content may + crash the process CVE-2013-1912 + - MEDIUM: http: implement redirect 307 and 308 + - MINOR: http: status 301 should not be marked non-cacheable +- adapt haproxy-makefile_lib.patch to the rewritten Makefile + +------------------------------------------------------------------- +Mon Nov 12 14:10:33 UTC 2012 - mrueckert@suse.de + +- switch license tag to spdx format. + +------------------------------------------------------------------- +Mon Nov 12 13:50:46 UTC 2012 - mrueckert@suse.de + +- update to 1.4.22 + - BUG/MEDIUM: option forwardfor if-none doesn't work with some + configurations + - MINOR: balance uri: added 'whole' parameter to include query + string in hash calculation + - DOC: specify the default value for maxconn in the context of a + proxy + - BUG/MINOR: checks: expire on timeout.check if smaller than + timeout.connect + - REORG/MINOR: use dedicated proxy flags for the cookie handling + - BUG/MINOR: config: do not report twice the incompatibility + between cookie and non-http + - MINOR: http: add support for "httponly" and "secure" cookie + attributes + - MEDIUM: stats: add support for soft stop/soft start in the + admin interface + - BUILD: add support for linux kernels >= 2.6.28 + - MINOR: contrib/iprange: add a network IP range to mask + converter + - BUILD: add an AIX 5.2 (and later) target. + - MINOR: halog: use the more recent dual-mode fgets2 + implementation + - BUG/MEDIUM: ebtree: ebmb_insert() must not call cmp_bits on + full-length matches + - CLEANUP: halog: make clean should also remove .o files + (cherry picked from commit + 8ad4193100aafa19f04929670371bf823dbe11d0) + - OPTIM: halog: make use of memchr() on platforms which provide a + fast one + - OPTIM: halog: improve cold-cache behaviour when loading a file + - [MINOR] config: make it possible to specify a cookie even + without a server + - MINOR: config: tolerate server "cookie" setting in non-HTTP + mode + - BUG/MINOR: tarpit: fix condition to return the HTTP 500 message + +------------------------------------------------------------------- +Tue Oct 30 16:02:03 UTC 2012 - mrueckert@suse.de + +- fix description in the init script + +------------------------------------------------------------------- +Tue May 22 16:47:45 UTC 2012 - pascal.bleser@opensuse.org + +- update to 1.4.21 (bnc#763833) CVE-2012-2391 + - MINOR: patch for minor typo (ressources/resources) + - CLEANUP: fix typo in findserver() log message + - DOC: cleanup indentation, alignment, columns and chapters + - DOC: fix some keywords arguments documentation + - MINOR: stats admin: allow unordered parameters in POST requests + - MINOR: stats admin: use the backend id instead of its name in + the form + - BUG/MAJOR: trash must always be the size of a buffer + - DOC: fix minor regex example issue and improve doc on stats + - BUG/MAJOR: possible crash when using capture headers on TCP + frontends + - MINOR: config: disable header captures in TCP mode and complain + - BUG/MEDIUM: balance source did not properly hash IPv6 addresses + - CLEANUP: http: message parser must ignore HTTP_MSG_ERROR + - CLEANUP: remove a few warning about unchecked return values in + debug code + - CLEANUP: http: remove unused http_msg->col + - BUG/MINOR: http: error snapshots are wrong if buffer wraps + - BUG/MAJOR: checks: don't call set_server_status_* when no LB + algo is set + - MINOR: proxy: make findproxy() return proxies from numeric IDs + too + - BUILD: http: stop gcc-4.1.2 from complaining about possibly + uninitialized values + - BUG/MINOR: stop connect timeout when connect succeeds + +------------------------------------------------------------------- +Sun Mar 11 19:16:20 UTC 2012 - pascal.bleser@opensuse.org + +- update to 1.4.20: + - BUG/MINOR: fix typo in processing of http-send-name-header + - BUG/MEDIUM: correctly disable servers tracking another disabled servers. + - BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend + - MINOR: halog: add some help on the command line (cherry picked from + commit 615674cdec067066a42f53f5d55628ab7b207e6c) + - BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions + - BUG: http: disable TCP delayed ACKs when forwarding content-length data + - BUG: checks: fix server maintenance exit sequence + - BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on + partial writes + - DOC: enumerate valid status codes for "observe layer7" + +------------------------------------------------------------------- +Wed Feb 8 15:30:58 UTC 2012 - mrueckert@suse.de + +- update to 1.4.19 + - MEDIUM: http: add support for sending the server's name in the + outgoing request + - BUG/MINOR: fix options forwardfor if-none when an alternative + header name is specified + - MINOR: task: new function task_schedule() to schedule a wake up + - BUG/MEDIUM: checks: fix slowstart behaviour when server + tracking is in use + - BUG: tcp: option nolinger does not work on backends + - BUG: ebtree: ebst_lookup() could return the wrong entry + - BUG: http: re-enable TCP quick-ack upon incomplete HTTP + requests + - CLEANUP: ebtree: remove a few annoying signedness warnings + - CLEANUP: ebtree: remove 4-year old harmless typo in duplicates + insertion code + - CLEANUP: ebtree: remove another typo, a wrong initialization in + insertion code + - BUG: proto_tcp: set AF_INET on tproxy for use with recent + kernels + - MINOR: halog: add support for matching queued requests + - BUG: http: tighten the list of allowed characters in a URI + +------------------------------------------------------------------- +Wed Nov 9 12:09:33 UTC 2011 - mrueckert@suse.de + +- update to 1.4.18 + - [MINOR] http: *_dom matching header functions now also split on + ":" + - [MINOR] halog: support backslash-escaped quotes + - BUILD/MINOR: fix the source URL in the spec file + - DOC: acl is http_first_req, not http_req_first + - BUG/MEDIUM: don't trim last spaces from headers consisting only + of spaces + - MINOR: acl: add new matches for header/path/url length + - [MINOR] halog: do not consider byte 0x8A as end of line + - [OPTIM] halog: make fgets parse more bytes by blocks + - [OPTIM] halog: add assembly version of the field lookup code + - [CLEANUP] startup: report only the basename in the usage + message + - [DOC] update the README file to reflect new naming rules for + patches + +------------------------------------------------------------------- +Mon Sep 05 22:26:59 UTC 2011 - pascal.bleser@opensuse.org + +- update to 1.4.17: + - [MINOR] halog: add support for termination code matching (-tcn/-TCN) + - [MINOR] halog: make SKIP_CHAR stop on field delimiters + - [MINOR] halog: add support for HTTP log matching (-H) + - [MINOR] halog: gain back performance before SKIP_CHAR fix + - [OPTIM] halog: cache some common fields positions + - [OPTIM] halog: check once for correct line format and reuse the pointer + - [OPTIM] halog: remove many 'if' by using a function pointer for the filters + - [OPTIM] halog: remove support for tab delimiters in input data + - [MINOR] halog: add -hs/-HS to filter by HTTP status code range + - [CLEANUP] update the year in the copyright banner + - [BUG] check: http-check expect + regex would crash in defaults section + - [MEDIUM] http: make x-forwarded-for addition conditional + - [DOC] fixed a few "sensible" -> "sensitive" errors + - [MINOR] stats: display "" instead of the frontend name when unknown + - [BUG] http: trailing white spaces must also be trimmed after headers + - [MINOR] http: take a capture of too large requests and responses + - [MINOR] http: take a capture of truncated responses + - [MINOR] http: take a capture of bad content-lengths. + +------------------------------------------------------------------- +Sat Aug 13 22:49:36 UTC 2011 - mrueckert@suse.de + +- update to version 1.4.16 + - [BUG] checks: fix support of Mysqld >= 5.5 for mysql-check + - [DOC] Minor spelling fixes and grammatical enhancements + - [CLEANUP] Remove assigned but unused variables + - [BUG] checks: http-check expect could fail a check on + multi-packet responses + - [DOC] fix minor typo in the "dispatch" doc + - [MINOR] http: make the "HTTP 200" status code configurable. + - [MINOR] http: partially revert the chunking optimization for + now + - [MINOR] stream_sock: always clear BF_EXPECT_MORE upon complete + transfer + - [CLEANUP] stream_sock: remove unneeded FL_TCP and factor out + test + - [MEDIUM] http: add support for "http-no-delay" + - [OPTIM] http: optimize chunking again in non-interactive mode + - [OPTIM] stream_sock: avoid fast-forwarding of partial data + - [OPTIM] stream_sock: don't use splice on too small payloads + - [BUG] stats: support url-encoded forms + - [BUG] halog: correctly handle truncated last line + - [DOC] fix typos, "#" is a sharp, not a dash + +------------------------------------------------------------------- +Fri Apr 15 22:14:24 UTC 2011 - pascal.bleser@opensuse.org + +- revert splitting out the documentation + +------------------------------------------------------------------- +Thu Apr 14 19:18:45 UTC 2011 - pascal.bleser@opensuse.org + +- split out documentation and examples into haproxy-doc +- add rpmlintrc to suppress false positive warnings about + script examples in documentation files (without exec flag) +- fix license + +------------------------------------------------------------------- +Tue Apr 12 15:31:38 UTC 2011 - mrueckert@suse.de + +- update to version 1.4.15 + - [CRITICAL] fix risk of crash when dealing with space in + response cookies +- additional changes from 1.4.14 + - [MINOR] config: fix endianness of server check port + - [BUG] http: fix possible incorrect forwarded wrapping chunk + size (take 2) + - [MINOR] tools: add two macros MID_RANGE and MAX_RANGE + - [BUG] http: fix content-length handling on 32-bit platforms + - [OPTIM] buffers: uninline buffer_forward() + +------------------------------------------------------------------- +Wed Mar 9 12:00:23 UTC 2011 - mrueckert@suse.de + +- update to 1.4.13 + - config: don't crash on empty pattern files. +- additional changes from 1.4.12 + - stats: add support for several packets in stats admin + - stats: admin commands must check the proxy state + - stats: admin web interface must check the proxy state + - http: update the header list's tail when removing the last + header + - fix typos (http-request instead of http-check) (cherry + picked from commit 8f2a1e72bebea700f37add40997b716fdfd86b9c) + - http: use correct ACL pointer when evaluating authentication + - cfgparse: correctly count one socket per port in ranges + - startup: set the rlimits before binding ports, not after. + - acl: srv_id must return no match when the server is NULL + - acl: fd leak when reading patterns from file + - fix minor typo in "usesrc" + - http: fix possible incorrect forwarded wrapping chunk size + - http: fix computation of message body length after forwarding + has started + - http: balance url_param did not work with first parameters on + POST + - update the url_param regression test to test check_post too + +------------------------------------------------------------------- +>>>>>>> ./haproxy.changes.r40 +Tue Feb 15 14:30:53 UTC 2011 - mrueckert@suse.de + +- update to 1.4.11 + - cfgparse: Check whether the path given for the stats socket + actually fits into the sockaddr_un structure to avoid + truncation. + - fix a minor typo + - fix ignore-persist documentation + - http: fix http-pretend-keepalive and httpclose/tunnel mode + - add warnings on features not compatible with multi-process mode + - acl: add be_id/srv_id to match backend's and server's id + - log: add support for passing the forwarded hostname + - log: ability to override the syslog tag + - fix minor typos in the doc + - fix another typo in the doc + - http chunking: don't report a parsing error on connection + errors + - stream_interface: truncate buffers when sending error messages + - http: fix incorrect error reporting during data transfers + - session: correctly leave turn-around and queue states on abort + - session: release slot before processing pending connections + - stats: report HTTP message state and buffer flags in error + dumps + - http: support wrapping messages in error captures + - http: capture incorrectly chunked message bodies + - stats: add global event ID and count + - http: don't send each chunk in a separate packet + - acl: fix handling of empty lines in pattern files + - ebtree: fix ebmb_lookup() with len smaller than the tree's keys + - ebtree: ebmb_lookup: reduce stack usage by moving the return + code out of the loop + +------------------------------------------------------------------- +Mon Nov 29 13:57:37 UTC 2010 - pascal.bleser@opensuse.org + +- update to 1.4.10: + * a possible crash when using Cookie-based persistence with + appsessions was fixed + * header processing could become wrong after a single reqidel + rule removed exactly two headers + * some out-of-memory conditions were not correctly handled in + appsession or cookie captures + * users of appsessions are strongly encouraged to upgrade + +------------------------------------------------------------------- +Tue Nov 2 13:11:15 UTC 2010 - pascal.bleser@opensuse.org + +- update to 1.4.9: + * the Web interface now allows you to enable or disable servers + * the ECV and LDAPv3 checks were merged + * the MySQL check was improved to support a real login sequence + * persistence cookies can now be timestamped to support a maximum + idle time and a maximum life time, and can be removed by the + server if needed (e.g. logout) + * the SNMP plugin was improved to report socket stats + * some Cacti templates were merged + * the halog tool can now instantly report per-URL response times + +------------------------------------------------------------------- +Tue Aug 17 15:46:13 UTC 2010 - mrueckert@suse.de + +- implement graceful restart in the init script + +------------------------------------------------------------------- +Tue Jun 22 14:49:12 UTC 2010 - mrueckert@suse.de + +- update to 1.4.8: + * mention 'option http-server-close' effect in Tq section + * summarize and highlight persistent connections behaviour + * add configuration samples + * stick_table: the fix for the memory leak caused a regression + * client: don't add a new session to the list too early + +------------------------------------------------------------------- +Thu Jun 10 09:03:34 UTC 2010 - pascal.bleser@opensuse.org + +- update to 1.4.7: + * fixes problems where consistent hashing was broken when no + server ID was specified in the configuration + * some errors were incorrectly reported as failed instead of + denied in the statistics + * the dispatch and http_proxy modes were fixed + * a few termination flags in the logs used for troubleshooting + were corrected + * a few other minor issues were fixed + * upgrading is recommended + +------------------------------------------------------------------- +Mon May 17 20:29:02 UTC 2010 - pascal.bleser@opensuse.org + +- update to 1.4.6: + * a minor precision about RDP cookies was added to the + documentation + * a new ACL keyword was added + * those who had no problem building and running 1.4.5 don't need + to upgrade + +- drop haproxy-fix_dprintf.patch, merged upstream + +------------------------------------------------------------------- +Fri May 14 07:18:03 UTC 2010 - pascal.bleser@opensuse.org + +- update to 1.4.5: + * Haproxy can now read huge ACL pattern lists from files and + match inputs against them without any noticeable performance + impact, making geolocation possible + * adds a new "ignore-persist" directive, allowing it to ignore + the persistence cookie if an ACL-based condition is matched + (which is useful for static objects in stateful farms) + * a few other minor improvements + * a nice performance boost of the log analyzer, which can now + process more than 1 GB of logs per second and report request + counts by status codes + +------------------------------------------------------------------- +Thu Apr 8 09:41:51 UTC 2010 - pascal.bleser@opensuse.org + +- update to 1.4.4: + * brings a new option to work around optimization issues with + Tomcat and Jetty in server close mode, and for a bug in Jetty's + handling of Expect: 100-continue + * a very old appsession unexpected match of shorter cookie names + was also fixed + * a new feature to make it possible to connect to a server from + an IP found in a header was merged: it allows you to run + stunnel+haproxy in transparent mode together + +------------------------------------------------------------------- +Fri Apr 2 23:42:44 UTC 2010 - pascal.bleser@opensuse.org + +- update to 1.4.3: + * fxes a regression introduced in 1.4.2 which could cause a + connection to still be attempted on the server side in case of + an error on the client side; this issue could even lead to a + crash if a Layer7 hash algorithm was used, so this code was + strengthened + * the configuration parser now detects many more inappropriate + options in TCP mode and emits related warnings + * it is now possible to indicate in the configuration that a + server will start in the "disabled" state + * other very minor issues were fixed + +------------------------------------------------------------------- +Thu Mar 18 12:00:49 UTC 2010 - pascal.bleser@opensuse.org + +- update to 1.4.2: + * fixes a very rare case of stuck client sessions when using + keep-alive + * fixes a url_param hash bug which could result in a dead server + in very rare situations + * fixes status codes 501 and 505 which could cause a server to be + marked down if on-error was used + * fixes a risk of getting truncated HTTP responses when + chunk-encoding was used + * fixes an issue with anonymous ACLs + * improvements on health checks + +------------------------------------------------------------------- +Fri Mar 5 00:45:12 UTC 2010 - pascal.bleser@opensuse.org + +- update to 1.4.1: + * some errors were incorrectly reported as 502 with the flags + "SL" in the logs; this is now fixed + * other minor issues were fixed + * documentation was updated + +------------------------------------------------------------------- +Fri Feb 26 20:44:34 UTC 2010 - pascal.bleser@opensuse.org + +- update to 1.4.0: + * new features: + + keep-alive + + IP-based stickiness + + consistent hashing + + support for the RDP protocol + + a much nicer stats interface + + a much-improved performance level + * add -fno-strict-aliasing + +- changes from 1.4rc1: + * new features: + + server maintenance mode + + HTTP authentication (server and proxy) + + secure passwords + + conditional request/response header rewriting using ACLs + + anonymous ACLs that can be declared inline + + support for HTTP/1.1 101+Upgrade status code to support non- + HTTP protocols such as WebSocket + +------------------------------------------------------------------- +Thu Feb 11 15:20:01 UTC 2010 - mrueckert@suse.de + +- update to 1.3.23 + +------------------------------------------------------------------- +Tue Sep 15 14:09:34 CEST 2009 - mrueckert@suse.de + +- update to 1.3.20 + +------------------------------------------------------------------- +Fri Apr 3 13:54:40 CEST 2009 - mrueckert@suse.de + +- update to 1.3.17 + +------------------------------------------------------------------- +Mon Mar 9 16:40:38 CET 2009 - mrueckert@suse.de + +- update to 1.3.15.8 + +------------------------------------------------------------------- +Wed Feb 4 15:13:15 CET 2009 - mrueckert@suse.de + +- update to 1.3.15.7 + +------------------------------------------------------------------- +Mon Sep 15 15:52:45 CEST 2008 - mrueckert@suse.de + +- update to 1.3.15.4 + +------------------------------------------------------------------- +Sun Nov 4 21:21:35 CET 2007 - mrueckert@suse.de + +- update to 1.3.13.1: + too many changes see changelog file + +------------------------------------------------------------------- +Mon Apr 2 00:53:38 CEST 2007 - mrueckert@suse.de + +- prepared spec for easy split out of -snapshot packages. +- added vim syntax file + +------------------------------------------------------------------- +Mon Mar 19 17:50:33 CET 2007 - mrueckert@suse.de + +- update to 1.2.17: + - replaced the linked-list with a faster rbtree in the scheduler + - add user/group support (Marcus Rueckert) + - add the "except" keyword to the "forwardfor" option (Bryan + Germann) + - re-implemented support for multi-line headers (was + incidently reverted) + - fixed possible crash when no cookie was set on a server + - fixed various length checks in appsession + - fixed unlikely memory leak in appsession in case of memory + shortage + - updates to the architecture guide +- remove haproxy-1.2.16_username_groupname_support.patch: + patch included upstream + +------------------------------------------------------------------- +Mon Jan 8 00:27:17 CET 2007 - mrueckert@suse.de + +- initial package of 1.2.16 +- added 2 patches: + haproxy-1.2.16_config_haproxy_user.patch + haproxy-1.2.16_username_groupname_support.patch + the patches allow to specify username and groupname instead of + uid/gid. The patches are needed as we do not have a static + uid/gid for the haproxy user/group. + diff --git a/haproxy.init b/haproxy.init new file mode 100644 index 0000000..57fd237 --- /dev/null +++ b/haproxy.init @@ -0,0 +1,248 @@ +#!/bin/sh +# +### BEGIN INIT INFO +# Provides: haproxy +# Required-Start: $syslog $remote_fs +# Should-Start: $time ypbind sendmail +# Required-Stop: $syslog $remote_fs +# Should-Stop: $time ypbind sendmail +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Short-Description: haproxy +# Description: Start haproxy a reliable, high performance TCP/HTTP load balancer +### END INIT INFO +# +# Any extensions to the keywords given above should be preceeded by +# X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB. +# +# Notes on Required-Start/Should-Start: +# * There are two different issues that are solved by Required-Start +# and Should-Start +# (a) Hard dependencies: This is used by the runlevel editor to determine +# which services absolutely need to be started to make the start of +# this service make sense. Example: nfsserver should have +# Required-Start: $portmap +# Also, required services are started before the dependent ones. +# The runlevel editor will warn about such missing hard dependencies +# and suggest enabling. During system startup, you may expect an error, +# if the dependency is not fulfilled. +# (b) Specifying the init script ordering, not real (hard) dependencies. +# This is needed by insserv to determine which service should be +# started first (and at a later stage what services can be started +# in parallel). The tag Should-Start: is used for this. +# It tells, that if a service is available, it should be started +# before. If not, never mind. +# * When specifying hard dependencies or ordering requirements, you can +# use names of services (contents of their Provides: section) +# or pseudo names starting with a $. The following ones are available +# according to LSB (1.1): +# $local_fs all local file systems are mounted +# (most services should need this!) +# $remote_fs all remote file systems are mounted +# (note that /usr may be remote, so +# many services should Require this!) +# $syslog system logging facility up +# $network low level networking (eth card, ...) +# $named hostname resolution available +# $netdaemons all network daemons are running +# The $netdaemons pseudo service has been removed in LSB 1.2. +# For now, we still offer it for backward compatibility. +# These are new (LSB 1.2): +# $time the system time has been set correctly +# $portmap SunRPC portmapping service available +# UnitedLinux extensions: +# $ALL indicates that a script should be inserted +# at the end +# * The services specified in the stop tags +# (Required-Stop/Should-Stop) +# specify which services need to be still running when this service +# is shut down. Often the entries there are just copies or a subset +# from the respective start tag. +# * Should-Start/Stop are now part of LSB as of 2.0, +# formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop. +# insserv does support both variants. +# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time +# (%fillup_and_insserv macro in %post of many RPMs) to specify whether +# a startup script should default to be enabled after installation. +# It's not used by insserv. +# +# Note on runlevels: +# 0 - halt/poweroff 6 - reboot +# 1 - single user 2 - multiuser without network exported +# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) +# +# Note on script names: +# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html +# A registry has been set up to manage the init script namespace. +# http://www.lanana.org/ +# Please use the names already registered or register one or use a +# vendor prefix. + + +# Check for missing binaries (stale symlinks should not happen) +# Note: Special treatment of stop for LSB conformance +HAPROXY_BIN=/usr/sbin/haproxy +test -x $HAPROXY_BIN || { echo "$HAPROXY_BIN not installed"; + if [ "$1" = "stop" ]; then exit 0; + else exit 5; fi; } +HAPROXY_PID="/var/run/haproxy.pid" +HAPROXY_CONF="/etc/haproxy/haproxy.cfg" +## Check for existence of needed config file and read it +#HAPROXY_CONFIG=/etc/sysconfig/haproxy +#test -r $HAPROXY_CONFIG || { echo "$HAPROXY_CONFIG not existing"; +# if [ "$1" = "stop" ]; then exit 0; +# else exit 6; fi; } +# +## Read config +#. $HAPROXY_CONFIG + +# Source LSB init functions +# providing start_daemon, killproc, pidofproc, +# log_success_msg, log_failure_msg and log_warning_msg. +# This is currently not used by UnitedLinux based distributions and +# not needed for init scripts for UnitedLinux only. If it is used, +# the functions from rc.status should not be sourced or used. +#. /lib/lsb/init-functions + +# Shell functions sourced from /etc/rc.status: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v be verbose in local rc status and clear it afterwards +# rc_status -v -r ditto and clear both the local and overall rc status +# rc_status -s display "skipped" and exit with status 3 +# rc_status -u display "unused" and exit with status 3 +# rc_failed set local and overall rc status to failed +# rc_failed set local and overall rc status to +# rc_reset clear both the local and overall rc status +# rc_exit exit appropriate to overall rc status +# rc_active checks whether a service is activated by symlinks +. /etc/rc.status + +# Reset status of this service +rc_reset + +# Return values acc. to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - user had insufficient privileges +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) +# +# Note that starting an already running service, stopping +# or restarting a not-running service as well as the restart +# with force-reload (in case signaling is not supported) are +# considered a success. + +function haproxy_check() { + HAPROXY_CONFIG_CHECK="$($HAPROXY_BIN -c -q -f $HAPROXY_CONF 2>&1)" + if [ $? -ne 0 ] ; then + echo "" >&2 + echo "$HAPROXY_CONFIG_CHECK" >&2 + rc_failed + rc_status -v + exit 1 + else + return 0 + fi +} + +case "$1" in + start) + echo -n "Starting haproxy " + ## Start daemon with startproc(8). If this fails + ## the return value is set appropriately by startproc. + haproxy_check + /sbin/startproc $HAPROXY_BIN -D -f $HAPROXY_CONF -p $HAPROXY_PID + # Remember status and be verbose + rc_status -v + ;; + stop) + echo -n "Shutting down haproxy " + ## Stop daemon with killproc(8) and if this fails + ## killproc sets the return value according to LSB. + + /sbin/killproc -TERM $HAPROXY_BIN + + # Remember status and be verbose + rc_status -v + ;; + try-restart|condrestart) + ## Do a restart only if the service was active before. + ## Note: try-restart is now part of LSB (as of 1.9). + ## RH has a similar command named condrestart. + if test "$1" = "condrestart"; then + echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" + fi + $0 status + if test $? = 0; then + # we us reload here for a graceful restart during update + $0 reload + else + rc_reset # Not running is not a failure. + fi + # Remember status and be quiet + rc_status + ;; + restart) + ## Stop the service and regardless of whether it was + ## running or not, start it again. + haproxy_check + $0 stop + $0 start + + # Remember status and be quiet + rc_status + ;; + check) + ## Stop the service and regardless of whether it was + ## running or not, start it again. + echo -n "Checking config of haproxy " + haproxy_check + rc_status -v + ;; + reload|force-reload) + ## Like force-reload, but if daemon does not support + ## signaling, do nothing (!) + + haproxy_check + # If it supports signaling: + echo -n "Reload service haproxy " + $HAPROXY_BIN -p $HAPROXY_PID -D -f $HAPROXY_CONF -sf $(cat $HAPROXY_PID) + rc_status -v + ;; + status) + echo -n "Checking for service haproxy " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Return value is slightly different for the status command: + # 0 - service up and running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running (unused) + # 4 - service status unknown :-( + # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) + + # NOTE: checkproc returns LSB compliant status values. + /sbin/checkproc $HAPROXY_BIN + # NOTE: rc_status knows that we called this init script with + # "status" option and adapts its messages accordingly. + rc_status -v + ;; + probe) + ## Optional: Probe for the necessity of a reload, print out the + ## argument to this init script which is required for a reload. + ## Note: probe is not (yet) part of LSB (as of 1.9) + + test $HAPROXY_CONF -nt $HAPROXY_PID && echo reload + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" + exit 1 + ;; +esac +rc_exit diff --git a/haproxy.spec b/haproxy.spec new file mode 100644 index 0000000..c065235 --- /dev/null +++ b/haproxy.spec @@ -0,0 +1,107 @@ +# +# spec file for package haproxy +# +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ + +Name: haproxy +Version: 1.4.24 +Release: 0 +# +License: GPL-2.0+ and LGPL-2.1+ +Group: Productivity/Networking/Web/Proxy +# +BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: pcre-devel libgcrypt-devel +BuildRequires: udev +%define pkg_name haproxy +%define pkg_home /var/lib/%{pkg_name} +# +Url: http://haproxy.1wt.eu/ +Source: http://haproxy.1wt.eu/download/1.4/src/haproxy-%{version}.tar.gz +Source1: %{pkg_name}.init +Source2: http://haproxy.1wt.eu/download/contrib/haproxy.vim +Patch1: haproxy-1.2.16_config_haproxy_user.patch +Patch2: haproxy-makefile_lib.patch +Source99: haproxy-rpmlintrc +# +Summary: The Reliable, High Performance TCP/HTTP Load Balancer +Provides: %{name}-doc = %{version} +Obsoletes: %{name}-doc < %{version} + +%description +HAProxy implements an event-driven, mono-process model which enables support +for very high number of simultaneous connections at very high speeds. +Multi-process or multi-threaded models can rarely cope with thousands of +connections because of memory limits, system scheduler limits, and lock +contention everywhere. Event-driven models do not have these problems because +implementing all the tasks in user-space allows a finer resource and time +management. The down side is that those programs generally don't scale well on +multi-processor systems. That's the reason why they must be optimized to get +the most work done from every CPU cycle. + +%prep +%setup -q +%patch1 +%patch2 + +%build +%{__make} \ + TARGET=linux26 \ + CPU="%{_target_cpu}" \ + USE_PCRE=1 \ + USE_LIBCRYPT=1 \ + LIB="%{_lib}" \ + DEBUG="%{optflags} -fno-strict-aliasing" + +%install +%{__install} -D -m 0755 %{pkg_name} %{buildroot}%{_sbindir}/%{pkg_name} +%{__install} -D -m 0644 examples/%{pkg_name}.cfg %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg +%{__install} -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name} +%{__ln_s} -f %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name} +%{__install} -d -m 0755 %{buildroot}%{pkg_home} +%{__install} -D -m 0644 %{S:2} %{buildroot}%{_datadir}/%{pkg_name}/%{pkg_name}.vim +%{__install} -D -m 0644 doc/%{pkg_name}.1 %{buildroot}%{_mandir}/man1/%{pkg_name}.1 +gzip %{buildroot}%{_mandir}/man1/%{pkg_name}.1 + +%clean +%{?buildroot:%{__rm} -rf %{buildroot}} + +%pre +/usr/sbin/groupadd -r %{pkg_name} &>/dev/null ||: +/usr/sbin/useradd -g %{pkg_name} -s /bin/false -r -c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name} &>/dev/null ||: + +%post +%fillup_and_insserv %{pkg_name} + +%preun +%stop_on_removal %{pkg_name} + +%postun +%restart_on_update %{pkg_name} +%{insserv_cleanup} + +%files +%defattr(-,root,root,-) +%doc CHANGELOG README LICENSE +%doc ROADMAP TODO doc/* examples +%dir %{_sysconfdir}/%{pkg_name} +%config(noreplace) %{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg +%config(noreplace) %{_sysconfdir}/init.d/%{pkg_name} +%{_sbindir}/haproxy +%{_sbindir}/rchaproxy +%{pkg_home} +%doc %{_mandir}/man1/%{pkg_name}.1.gz +%{_datadir}/%{pkg_name} + +%changelog diff --git a/haproxy.vim b/haproxy.vim new file mode 100644 index 0000000..2a30fb6 --- /dev/null +++ b/haproxy.vim @@ -0,0 +1,164 @@ +" Vim syntax file +" Language: HAproxy +" Maintainer: Bruno Michel +" Last Change: Mar 30, 2007 +" Version: 0.3 +" URL: http://haproxy.1wt.eu/ +" URL: http://vim.sourceforge.net/scripts/script.php?script_id=1845 + +" It is suggested to add the following line to $HOME/.vimrc : +" au BufRead,BufNewFile haproxy* set ft=haproxy + +" For version 5.x: Clear all syntax items +" For version 6.x: Quit when a syntax file was already loaded +if version < 600 + syntax clear +elseif exists("b:current_syntax") + finish +endif + +if version >= 600 + setlocal iskeyword=_,-,a-z,A-Z,48-57 +else + set iskeyword=_,-,a-z,A-Z,48-57 +endif + + +" Escaped chars +syn match hapEscape +\\\(\\\| \|n\|r\|t\|#\|x\x\x\)+ + +" Comments +syn match hapComment /#.*$/ contains=hapTodo +syn keyword hapTodo contained TODO FIXME XXX +syn case ignore + +" Sections +syn match hapSection /^\s*\(global\|defaults\)/ +syn match hapSection /^\s*\(listen\|frontend\|backend\|ruleset\)/ skipwhite nextgroup=hapSectLabel +syn match hapSectLabel /\S\+/ skipwhite nextgroup=hapIp1 contained +syn match hapIp1 /\(\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\)\?:\d\{1,5}/ nextgroup=hapIp2 contained +syn match hapIp2 /,\(\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\)\?:\d\{1,5}/hs=s+1 nextgroup=hapIp2 contained + +" Parameters +syn keyword hapParam chroot cliexp clitimeout contimeout +syn keyword hapParam daemon debug disabled +syn keyword hapParam enabled +syn keyword hapParam fullconn +syn keyword hapParam gid grace +syn keyword hapParam maxconn monitor-uri +syn keyword hapParam nbproc noepoll nopoll +syn keyword hapParam pidfile +syn keyword hapParam quiet +syn keyword hapParam redispatch retries +syn keyword hapParam reqallow reqdel reqdeny reqpass reqtarpit skipwhite nextgroup=hapRegexp +syn keyword hapParam reqiallow reqidel reqideny reqipass reqitarpit skipwhite nextgroup=hapRegexp +syn keyword hapParam rspdel rspdeny skipwhite nextgroup=hapRegexp +syn keyword hapParam rspidel rspideny skipwhite nextgroup=hapRegexp +syn keyword hapParam reqsetbe reqisetbe skipwhite nextgroup=hapRegexp2 +syn keyword hapParam reqadd reqiadd rspadd rspiadd +syn keyword hapParam server source srvexp srvtimeout +syn keyword hapParam uid ulimit-n +syn keyword hapParam reqrep reqirep rsprep rspirep skipwhite nextgroup=hapRegexp +syn keyword hapParam errorloc errorloc302 errorloc303 skipwhite nextgroup=hapStatus +syn keyword hapParam default_backend skipwhite nextgroup=hapSectLabel +syn keyword hapParam appsession skipwhite nextgroup=hapAppSess +syn keyword hapParam bind skipwhite nextgroup=hapIp1 +syn keyword hapParam balance skipwhite nextgroup=hapBalance +syn keyword hapParam cookie skipwhite nextgroup=hapCookieNam +syn keyword hapParam capture skipwhite nextgroup=hapCapture +syn keyword hapParam dispatch skipwhite nextgroup=hapIpPort +syn keyword hapParam source skipwhite nextgroup=hapIpPort +syn keyword hapParam mode skipwhite nextgroup=hapMode +syn keyword hapParam monitor-net skipwhite nextgroup=hapIPv4Mask +syn keyword hapParam option skipwhite nextgroup=hapOption +syn keyword hapParam stats skipwhite nextgroup=hapStats +syn keyword hapParam server skipwhite nextgroup=hapServerN +syn keyword hapParam source skipwhite nextgroup=hapServerEOL +syn keyword hapParam log skipwhite nextgroup=hapGLog,hapLogIp + +" Options and additional parameters +syn keyword hapAppSess contained len timeout +syn keyword hapBalance contained roundrobin source +syn keyword hapLen contained len +syn keyword hapGLog contained global +syn keyword hapMode contained http tcp health +syn keyword hapOption contained abortonclose allbackups checkcache clitcpka dontlognull forceclose forwardfor +syn keyword hapOption contained httpchk httpclose httplog keepalive logasap persist srvtcpka ssl-hello-chk +syn keyword hapOption contained tcplog tcpka tcpsplice +syn keyword hapOption contained except skipwhite nextgroup=hapIPv4Mask +syn keyword hapStats contained uri realm auth scope enable +syn keyword hapLogFac contained kern user mail daemon auth syslog lpr news nextgroup=hapLogLvl skipwhite +syn keyword hapLogFac contained uucp cron auth2 ftp ntp audit alert cron2 nextgroup=hapLogLvl skipwhite +syn keyword hapLogFac contained local0 local1 local2 local3 local4 local5 local6 local7 nextgroup=hapLogLvl skipwhite +syn keyword hapLogLvl contained emerg alert crit err warning notice info debug +syn keyword hapCookieKey contained rewrite insert nocache postonly indirect prefix nextgroup=hapCookieKey skipwhite +syn keyword hapCapture contained cookie nextgroup=hapNameLen skipwhite +syn keyword hapCapture contained request response nextgroup=hapHeader skipwhite +syn keyword hapHeader contained header nextgroup=hapNameLen skipwhite +syn keyword hapSrvKey contained backup cookie check inter rise fall port source minconn maxconn weight usesrc +syn match hapStatus contained /\d\{3}/ +syn match hapIPv4Mask contained /\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\(\/\d\{1,2}\)\?/ +syn match hapLogIp contained /\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}/ nextgroup=hapLogFac skipwhite +syn match hapIpPort contained /\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}:\d\{1,5}/ +syn match hapServerAd contained /\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\(:[+-]\?\d\{1,5}\)\?/ nextgroup=hapSrvEOL skipwhite +syn match hapNameLen contained /\S\+/ nextgroup=hapLen skipwhite +syn match hapCookieNam contained /\S\+/ nextgroup=hapCookieKey skipwhite +syn match hapServerN contained /\S\+/ nextgroup=hapServerAd skipwhite +syn region hapSrvEOL contained start=/\S/ end=/$/ contains=hapSrvKey +syn region hapRegexp contained start=/\S/ end=/\(\s\|$\)/ skip=/\\ / nextgroup=hapRegRepl skipwhite +syn region hapRegRepl contained start=/\S/ end=/$/ contains=hapComment,hapEscape,hapBackRef +syn region hapRegexp2 contained start=/\S/ end=/\(\s\|$\)/ skip=/\\ / nextgroup=hapSectLabel skipwhite +syn match hapBackref contained /\\\d/ + + +" Transparent is a Vim keyword, so we need a regexp to match it +syn match hapParam +transparent+ +syn match hapOption +transparent+ contained + + +" Define the default highlighting. +" For version 5.7 and earlier: only when not done already +" For version 5.8 and later: only when an item doesn't have highlighting yet +if version < 508 + command -nargs=+ HiLink hi link +else + command -nargs=+ HiLink hi def link +endif + +HiLink hapEscape SpecialChar +HiLink hapBackRef Special +HiLink hapComment Comment +HiLink hapTodo Todo +HiLink hapSection Constant +HiLink hapSectLabel Identifier +HiLink hapParam Keyword + +HiLink hapRegexp String +HiLink hapRegexp2 hapRegexp +HiLink hapIp1 Number +HiLink hapIp2 hapIp1 +HiLink hapLogIp hapIp1 +HiLink hapIpPort hapIp1 +HiLink hapIPv4Mask hapIp1 +HiLink hapServerAd hapIp1 +HiLink hapStatus Number + +HiLink hapOption Operator +HiLink hapAppSess hapOption +HiLink hapBalance hapOption +HiLink hapCapture hapOption +HiLink hapCookieKey hapOption +HiLink hapHeader hapOption +HiLink hapGLog hapOption +HiLink hapLogFac hapOption +HiLink hapLogLvl hapOption +HiLink hapMode hapOption +HiLink hapStats hapOption +HiLink hapLen hapOption +HiLink hapSrvKey hapOption + + +delcommand HiLink + +let b:current_syntax = "haproxy" +" vim: ts=8