Hello, can we pay some attention to cppcheck findings before 2.6 ? https://github.com/haproxy/haproxy/issues/1184
I found cppcheck somewhat useful (and somewhat noisy as well, but cppcheck folks are really friendly on fixing false positives). сб, 9 апр. 2022 г. в 17:00, Willy Tarreau <w...@1wt.eu>: > Hi, > > HAProxy 2.6-dev5 was released on 2022/04/09. It added 120 new commits > after version 2.6-dev4. > > It's visible that we're progressively getting closer to the end of a > development cycle, updates are arriving faster and cleanups and small > improvements are becoming more numerous. > > Aside the usual bug fixes, this version brings: > - a new converter, add_item(), developed by Nikola Sale, which eases > the concatenation of values in headers by automatically prepending > delimiters only when the previous value and the added value are not > empty. It can typically cut in half the number of "set-var" rules > in complex configs. > > - httpclient improvements and fixes: now the HTTP client can correctly > buffer a request body and enable L7 retries to transparently deal > with connection errors and torn down keep-alive connections. A final > touch on automatic name resolution is currently being worked on to > complete the whole thing. > > - QUIC updates: QUIC was deployed a week ago on https://haproxy.org/ > and even if there's little HTTPS traffic there, it already helped > identify minor issues, most of which were addressed. One of them > limits the performance due to the way buffers are handled down the > transmission chain, but this is currently being addressed. I was > very pleased to see that it worked without trouble for 6.5 days, > after which it was restarted for an update. Those interested in > duplicating the experiment can read the latest news on haproxy.org > where the main steps are explained. If there's some demand, maybe > we could write a more detailed howto, but for now I'd rather see > the experts spending their time on polishing the code ;-) > > - Opentracing updates: in 2.5 we had to disable the use of variables > between the plugin and the haproxy core because the code was relying > on an original misfeature of the variables which was that they > would never disappear after being created, and this misfeature was > fixed in 2.5, breaking that part of Opentracing. Miroslav finally > found the time to address this and rework it in an elegant way so > that the module is fully functional again. It is technically possible > to backport his work to 2.5 if there is some demand but at this stage > I prefer not to, until there's demand (i.e. some 2.4 users who are > blocked on 2.4 only because of this). If you're using opentracing > and are missing this in 2.5, please voice in. And similarly if you're > using it in 2.5 and would prefer this not to change, feel free to > voice in as well. > > - the automatic frontend connection closing mechanism on reload that > was brought into 2.5 caused some concerns to some users, leading > to an option to disable it. Now there's a new global setting, > "close-spread-time", which can be used to indicate that the closure > of idle connections should be randomly spread over that interval, so > that reconnecting clients don't all rush at the same time on the new > process. This applies both to passive close ("connection: close" on > responses), and to active close of idle connections. For best > efficiency, the interval should obviously be shorter than the one > used in "hard-stop-after" if any. We'll also see how to extend the > mechanism to allow never to close at all as there's also some demand > for this. > > - the "ca-file" SSL directive now supports a special "@system-ca" name > that requests that the CA provided by default on the operating system > are used. This is convenient for outgoing connections to servers that > use standard certificates emitted by standard CAs. This way you know > that you don't have to maintain your own copy of these CAs and that > your system updates will bring you fresh new ones from time to time. > > - for those who have to produce or parse configs (typically ingress > controllers, and the dataplane API), a new set of debug options on > the boot command line was added, "-dK", to dump registered keywords > per category (config, actions, CLI, samples, etc). This applies > after the config loads so that it's also possible to enumerate > keywords brought by a Lua module. If there's no config it will work > by just running a config check on an empty file or /dev/null. The > goal essentially is to compare outputs between versions to detect > syntax changes. Note that many old keywords (those parsed by strcmp) > are not listed. > > Regarding what's left to be done before the release, as I mentioned > above, host name resolution for the httpclient will be nice and seems > within reach. There's still quite some QUIC work to be done (improved > buffer management, improved traces, some reliability fixes, cleanups). > There are some pending reworks of some of relation between streams, > connections and applets, to make them more straightforward and help to > avoid a number of bugs in the future, as well as to help fixing issues. > I'll recheck with Björn if we can finish the MPTCP patchset (it was > almost finished for 2.5, but none of us had time to polish it), and > we need to see with Christopher if we can unblock the stream creation > on a different thread so that Maciej can optimize the thread usage on > peers. There were a few tunables I wanted to add for H2, maybe they'll > be added late in the cycle. > > Aside this, with Cyril and Tim we've been working on integrating the > doc generation in the CI so that it's automated. That's why there's a > new "docs" repository on the github account. No need to go there for > now, that's not finished but we're working on it, and will announce > the updated URLs once it looks complete. > > Please find the usual URLs below : > Site index : http://www.haproxy.org/ > Discourse : http://discourse.haproxy.org/ > Slack channel : https://slack.haproxy.org/ > Issue tracker : https://github.com/haproxy/haproxy/issues > Wiki : https://github.com/haproxy/wiki/wiki > Sources : http://www.haproxy.org/download/2.6/src/ > Git repository : http://git.haproxy.org/git/haproxy.git/ > Git Web browsing : http://git.haproxy.org/?p=haproxy.git > Changelog : http://www.haproxy.org/download/2.6/src/CHANGELOG > Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ > > Willy > --- > Complete changelog : > Aleksandar Lazic (1): > DOC: remove double blanks in configuration.txt > > Amaury Denoyelle (23): > BUG/MEDIUM: quic: do not use qcs from quic_stream on ACK parsing > MINOR: mux-quic: return qcs instance from qcc_get_qcs > MINOR: mux-quic: reorganize qcs free > MINOR: mux-quic: define release app-ops > BUG/MINOR: h3: release resources on close > BUG/MINOR: mux-quic: ensure to free all qcs on MUX release > CLEANUP: quic: complete comment on qcs_try_to_consume > MINOR: quic: implement stream descriptor for transport layer > MEDIUM: quic: move transport fields from qcs to qc_conn_stream > MEDIUM: mux-quic: remove qcs tree node > BUG/MEDIUM: quic: ensure quic-conn survives to the MUX > CLEANUP: quic: use static qualifer on quic_close > CLEANUP: mux-quic: remove unused QC_CF_CC_RECV > BUG/MINOR: fix memleak on quic-conn streams cleaning > MINOR: mux-quic: factorize conn-stream attach > MINOR: mux-quic: adjust timeout to accelerate closing > MINOR: mux-quic: define is_active app-ops > MINOR: mux-quic: centralize send operations in qc_send > MEDIUM: mux-quic: report CO_FL_ERROR on send > MEDIUM: mux-quic: report errors on conn-streams > MEDIUM: quic: report closing state for the MUX > CLEANUP: mux-quic: remove uneeded TODO in qc_detach > BUG/MEDIUM: mux-quic: properly release conn-stream on detach > > Christopher Faulet (11): > BUG/MEDIUM: mux-fcgi: Properly handle return value of > headers/trailers parsing > BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message > parsing > BUG/MINOR: log: Initialize the list element when allocating a new > log server > BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD > requests > BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX > message > BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP > applet > BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX > message > BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length > is reached > BUG/MINOR: http_client: Don't add input data on an empty request > buffer > BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples > BUG/MEDIUM: http-act: Don't replace URI if path is not found or > invalid > > Frédéric Lécaille (24): > BUG/MEDIUM: quic: Possible crash in ha_quic_set_encryption_secrets() > CLEANUP: quic: Remove all atomic operations on quic_conn struct > CLEANUP: quic: Remove all atomic operations on packet number spaces > MEDIUM: quic: Send ACK frames asap > BUG/MINOR: quic: Missing probing packets when coalescing > BUG/MINOR: quic: Discard Initial packet number space only one time > MINOR: quic: Do not display any timer value from process_timer() > BUG/MINOR: quic: Do not probe from an already probing packet number > space > BUG/MINOR: quic: Non duplicated frames upon fast retransmission > BUG/MINOR: quic: Too much prepared retransmissions due to > anti-amplification > MINOR: quic: Useless call to SSL_CTX_set_default_verify_paths() > MINOR: quic: Add traces about list of frames > BUG/MINOR: h3: Missing wait event struct field initialization > BUG/MINOR: quic: QUIC TLS secrets memory leak > BUG/MINOR: quic: Missing ACK range deallocations > BUG/MINOR: quic: Missing TX packet deallocations > MINOR: quic: Add draining connection state. > MINOR: quic: Add closing connection state > BUG/MEDIUM: quic: Possible crash from quic_free_arngs() > MINOR: quic_tls: Add reusable cipher contexts to QUIC TLS contexts > MINOR: quic_tls: Stop hardcoding cipher IV lengths > CLEANUP: quic: Do not set any cipher/group from > ssl_quic_initial_ctx() > MINOR: quic: Add short packet key phase bit values to traces > MINOR: quic_tls: Make key update use of reusable cipher contexts > > Ilya Shipitsin (1): > CI: github actions: update OpenSSL to 3.0.2 > > Lukas Tribus (1): > DOC: reflect H2 timeout changes > > Miroslav Zagorac (16): > BUG/MINOR: opentracing: setting the return value in function > flt_ot_var_set() > BUG/BUILD: opentracing: fixed OT_DEFINE variable setting > EXAMPLES: opentracing: refined shell scripts for testing filter > performance > DOC: opentracing: corrected comments in function descriptions > CLEANUP: opentracing: removed unused function flt_ot_var_unset() > CLEANUP: opentracing: removed unused function flt_ot_var_get() > Revert "MINOR: opentracing: change the scope of the variable > 'ot.uuid' from 'sess' to 'txn'" > MINOR: opentracing: only takes the variables lock on shared entries > CLEANUP: opentracing: added flt_ot_smp_init() function > CLEANUP: opentracing: added variable to store variable length > MINOR: opentracing: improved normalization of context variable names > DEBUG: opentracing: show return values of all functions in the debug > output > CLEANUP: opentracing: added FLT_OT_PARSE_INVALID_enum enum > DEBUG: opentracing: display the contents of the err variable after > setting > MAJOR: opentracing: reenable usage of vars to transmit opentracing > context > Revert "BUILD: opentracing: display warning in case of using > OT_USE_VARS at compile time" > > Nikola Sale (1): > MINOR: sample: converter: Add add_item convertor > > Remi Tricot-Le Breton (2): > BUG/MINOR: ssl/cli: Remove empty lines from CLI output > MEDIUM: global: Add a "close-spread-time" option to spread soft-stop > on time window > > William Lallemand (18): > MEDIUM: httpclient/lua: be stricter with httpclient parameters > MINOR: ssl: split the cert commit io handler > MINOR: ssl: move the cert_exts and the CERT_TYPE enum > MINOR: ssl: simplify the certificate extensions array > MINOR: ssl: export ckch_inst_rebuild() > MINOR: ssl: add "crt" in the cert_exts array > MINOR: ssl/lua: CertCache.set() allows to update an SSL certificate > file > BUILD: ssl/lua: CacheCert needs OpenSSL > DOC: lua: CertCache class documentation > DOC: management: add missing dot in 9.4.1 > MEDIUM: ssl: allow loading of a directory with the ca-file directive > BUG/MINOR: ssl: continue upon error when opening a directory w/ > ca-file > MINOR: ssl: ca-file @system-ca loads the system trusted CA > DOC: configuration: add the ca-file changes > BUG/MINOR: ssl: handle X509_get_default_cert_dir() returning NULL > MINOR: httpclient: enable request buffering > MEDIUM: httpclient: enable l7-retry > BUG/MINOR: httpclient: end callback in applet release > > Willy Tarreau (22): > BUG/MINOR: samples: add missing context names for sample fetch > functions > MINOR: management: add some basic keyword dump infrastructure > MINOR: config: add a function to dump all known config keywords > MINOR: filters: extend flt_dump_kws() to dump to stdout > MINOR: services: extend list_services() to dump to stdout > MINOR: cli: add a new keyword dump function > MINOR: acl: add a function to dump the list of known ACL keywords > MINOR: samples: add a function to list register sample fetch keywords > MINOR: sample: list registered sample converter functions > MINOR: tools: add strordered() to check whether strings are ordered > MINOR: action: add a function to dump the list of actions for a > ruleset > MINOR: config: alphanumerically sort config keywords output > MINOR: sample: alphanumerically sort sample & conv keyword dumps > MINOR: acl: alphanumerically sort the ACL dump > MINOR: cli: alphanumerically sort the dump of supported commands > MINOR: filters: alphabetically sort the list of filter names > MINOR: services: alphabetically sort service names > BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all > threads > BUG/MAJOR: mux_pt: always report the connection error to the > conn_stream > CLEANUP: hpack: be careful about integer promotion from uint8_t > OPTIM: hpack: read 32 bits at once when possible. > BUG/MINOR: quic: set the source not the destination address on > accept() > > --- > >