Hi,
HAProxy 2.0-dev3 was released on 2019/05/15. It added 393 new commits
after version 2.0-dev2.
This is another huge version, having been distacted by a number of bugs
lately, this one was postponed a bit too much in my taste. As usual for a
development version, I'll skip over the bugfixes which are uninteresting
for this changelog.
The main points of this release are :
- HTX enabled by default on all proxies. The only showstopper used to
be the lack of ability to upgrade from TCP to HTTP in HTX mode when
branching from a TCP frontend to an HTTP backend. Since it now works
there is no reason for staying in legacy mode anymore. This means
that all features (backend H2 etc) are all implicitly allowed without
the need for an extra option. It is still possible to disable HTX in
case of regression or suspicion using "no option http-use-htx". Keep
in mind that any problem ought to be reported as the intent is to
remove legacy mode with 2.1, so 2.0 will be the last one supporting
both modes.
- HTTP/2 is now supported on HTTP/1 ports (in HTX mode). Whenever the
H2 preface is met on an H1 listener, the connection is automatically
switched to H2.
- significant scheduler improvements to improve fairness between all
tasks in multi-threaded mode. There used to be a situation where some
tasks could starve other ones, which was observable by some CLI commands
timing out too early when doing "echo foo|socat"
- lockup bug detection : if a task loops forever and uses all the CPU, this
is a bug and haproxy will be killed. Similarly if a task locks up for a
long time, haproxy is killed. This is enabled for now in development, and
maybe it will stay enabled by default after the release as it would have
helped a number of users to recover faster from some annoying bugs. If you
see haproxy crash in an abort() and dump a core, first you'll know you've
hit a serious bug and it managed to stop it, second keep in mind that
there are developers who could be interested by knowing what was detected
so please don't erase the trace and the core immediately. I still have
some watchdog code under development that is even able to detect dead
locks and crash the process in this case, I need to polish it.
- Layer 7 retries : <rant> many of you know my disgust for such a feature
essentially requested by incompetent admins trying to hide their horribly
bogus applications and who prefer to shoot themselves in the foot instead
of fixing the code, but there are a few valid (read riskless) use cases.
One of them concerns the use of TCP fastopen to connect to the servers.
It is not usable without such retries. Another one concerns 0-RTT to the
servers where it's highly desirable that haproxy retries itself if the
server ignores the early data. In addition to this there are some more
legitimate users with known idempotent applications (static file servers
and applications using replay-safe transaction numbers) where this can
be understandable. The thing is that all these use cases require exactly
the same mechanism. So now that this was implemented, it will also be
available for those who want to do whatever and who will complain that
haproxy multiplies their payment requests or kills all their servers in
a domino effect. They'd rather not complain here or I may reserve them
a selection of not-so-kind words. It is possible to finely enumerate
the situations where a retry is permitted (see "retry-on"), and a few
status codes are permitted (404 was included as this one is sometimes
requested by content providers). In addition there is a new HTTP request
action "disable-l7-retry" which allows to prevent such retries from
happening (e.g. POST to an application not specifically designed to be
replay-safe). Of course it is not enabled by default.</rant>
- TFO is now supported when talking to servers. It is one of the positive
effects of having L7 retries. Similarly 0-RTT can now be replayed without
going back to the client.
- stick-tables can now be declared inside peers sections. Many of those
using tons of stick-tables have many backends with only one stick-table
line. These backends also pollute the stats. And these stick-tables have
to reference a peers section to be synchronized. We figured that since
it is not possible to synchronize stick-tables between multiple peers
sections, it made quite some sense to be able to declare several of
them directly inside peers sections so that they are easily found,
automatically synchronized, and require less configuration. These ones
will be accessible using the peers section name followed by a slash and
the stick-table name.
- http-request/tcp-request action "do-resolve", which takes an argument,
submits it to the DNS resolvers and sets the result back into a variable.
It can be used to resolve anything on the fly. I already hear some people
asking if we'll become a forward proxy, the response is "no" :-) But
Baptiste had a working demo of something like this just for fun.
- log sampling and load balancing. The idea is to specify intervals of
wider ranges for which logs will be sent to a given server. Thus it
is possible for example to send only 1 log every 100 to a server to
perform some sampling, or to send 1/3 to log server 1, 2/3 to log
server 2 and 3/3 to log server 3 and perform some log load balancing.
It's likely that over the long term we could add some hashing rules so
that logs belonging to a same session end up on the same log server,
but one thing at a time :-)
- it is possible to load sidecar programs from the global section using
the "program" keyword in master-worker mode. They will be monitored by
the master process. This is mainly aimed at simplifying some complex
setups and allowing haproxy + extra components to start/stop together.
For example some may want to load a syslog relay. In the very distant
past we could have imagined loading stud or stunnel to offload SSL.
- idle server connections are better controlled now so that we don't
enter a situation where a single session could collect tons of them
and not reuse them. Some heuristics are applied so that we give back
idle connections more often.
- the WURFL device detection was reintroduced. The Scientiamobile team
has done a pretty good job at addressing all the issues that were
raised and led to their removal so there was no reason to keep them
out anymore. One nice improvement is that they provided a dummy library
which allows to compile their code without any external dependency.
This was the main issue developers were facing, and it turned out to
be quite easy. Thus DeviceAtlas followed on the same principle and
51Degrees said they'll contribute such a thing soon as well. It will
then be possible to detect internal API regressions affecting any of
them during development so that these issues should only be bad
memories by now. We should even enable them in Travis builds by the
way. There are still a few WURFL patches pending for review but
nothing dramatic.
- DeviceAtlas implemented support for HTX mode, so it's already 2.0-ready
as well.
- some systemd unit file changes were brought to ease the activation of
the master socket. My understanding is that it will look at a few config
files to figure the options passed on the command line so it should work
on multiple distros.
- Just like we used to rely on "hard-stop-after" to limit the number of
old processes upon reload, it is now possible to limit the number of
reloads a process survives (see "mworker-max-reloads") before being
actively killed. Those reloading very frequently will probably like
this one!
- new "set-dumpable" global keyword. It tries its best to re-enable
core dumps. It will do the equivalent of "ulimit -c unlimited" and
of enabling dumps after setuid, which should save lots of trouble
to users willing to provide some help on bug reports.
- lots of cleanups and reorganization of the regtests. They have a
real name now, which is more convenient to manipulate them, and their
dependencies are cleaner as they can depend on individual build options.
- I discovered an old SPOA server that Thierry implemented more than one
year ago, and which provides SPOA to Python and Lua programs. I could
verify that it starts so I merged it, it can be useful to a number of
people, including developers who want an example of a more complex
application than the basic examples.
- Travis-CI integration : the patches we push are now automatically tested
in about a dozen of setups (OS, SSL versions) and the reg tests are run.
This has already saved quite some time to detect bugs. Thanks to Ilya
for working on this.
- addressed some build issues, mainly old AIX support and LibreSSL
compatibility issues caused by their creative numbering (they pretend
to be OpenSSL 2.0.0, complicating many compatibility tests). Now it
should not break every morning anymore. Also some build issues of the
"ist" strings affecting at least Cygwin should be addressed now (once
I get a confirmation I can backport this to 1.9).
Yes I know it's a long list. There are still a few things pending but we're
seeing the end of the tunnel. Some SSL layering changes that will be needed
for QUIC were started and are currently being finished. I really want to
have them in 2.0 so that we don't have two distinct architectures to deal
with between 2.0 (which is long-term supported) and 2.1+. Manu has proposed
the support of Solaris' event ports as a much better poller than poll(). I
reviewed it, he's doing the final polishing and should be ready soon. Some
deprecated keywords which do not generate a warning should be addressed as
well or we'll never manage to get rid of them. I know that Christopher is
still addressing some HTX design concepts that could make the long term
maintenance much easier and that I'd rather see merged early. Tim already
has some patches for this. Alec Liu proposed to integrate the support of
SOCKS4. At first I was a bit worried but it turns out the protocol could
be supported in a very non-intrusive way so if it's ready in time I'm fine
with integrating it. I'm aware of a few other things people are working
on, we'll see. I'm not disclosing them to avoid putting needless pressure!
I've also seen based on recent reports and patch submissions that a few
harmless bugs here and there might still be present, but nothing to be
alarmed of. Given that recently we've been working on lots of bug reports
and that things start to cool down, I'm considering that we're getting much
better.
I'd like to emit a new -dev release next week with the rest of the pending
stuff, aiming at a final release by the end of this month. Please do test
and report issues so that we don't get all of them in the last 3 days as
usual. We all know releases slip a bit and I'm fine with this, but at
least I'd like this to be for a good reason. Oh and keep in mind, this
is *development* so please be careful with it. We all really appreciate
to see bugs reported on live traffic but please don't use it as an excuse
for switching all your LBs on it, or it may bite you hard!
I'm going to open a -next branch to collect the pending stuff for 2.1. This
one will periodically be rebased on top of master so that it can become the
next master after the release.
Have fun!
Willy
---
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : http://www.haproxy.org/download/2.0/src/
Git repository : http://git.haproxy.org/git/haproxy.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy.git
Changelog : http://www.haproxy.org/download/2.0/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Apollon Oikonomopoulos (1):
MINOR: systemd: Use the variables from /etc/default/haproxy
Baptiste Assmann (5):
MINOR: proto_tcp: tcp-request content: enable set-dst and set-dst-var
MINOR: dns: dns_requester structures are now in a memory pool
MINOR: dns: move callback affection in dns_link_resolution()
MINOR: obj_type: new object type for struct stream
MINOR: action: new '(http-request|tcp-request content) do-resolve' action
Chris Packham (1):
BUILD: threads: Add __ha_cas_dw fallback for single threaded builds
Christopher Faulet (79):
BUG/MINOR: contrib/prometheus-exporter: Fix applet accordingly to recent
changes
BUG/MINOR: mux-h1: Only skip invalid C-L headers on output
BUG/MINOR: htx: Preserve empty HTX messages with an unprocessed parsing
error
BUG/MINOR: proto_htx: Reset to_forward value when a message is set to DONE
REGTEST: http-capture/h00000: Relax a regex matching the log message
REGTEST: http-messaging/h00000: Fix the test when the HTX is enabled
REGTEST: http-rules/h00003: Use a different client for requests expecting
a 301
REGTEST: log/b00000: Be sure the client always hits its timeout
REGTEST: lua/b00003: Relax the regex matching the log message
REGTEST: lua/b00003: Specify the HAProxy pid when the command ss is
executed
BUG/MEDIUM: spoe: Queue message only if no SPOE applet is attached to the
stream
BUG/MEDIUM: spoe: Return an error if nothing is encoded for fragmented
messages
BUG/MINOR: spoe: Be sure to set tv_request when each message fragment is
encoded
BUG/MEDIUM: htx: Defrag if blocks position is changed and the payloads
wrap
BUG/MEDIUM: htx: Don't crush blocks payload when append is done on a data
block
MEDIUM: htx: Deprecate the option 'http-tunnel' and ignore it in HTX
MINOR: proto_htx: Don't adjust transaction mode anymore in HTX analyzers
BUG/MEDIUM: htx: Fix the process of HTTP CONNECT with h2 connections
MINOR: mux-h1: Simplify handling of 1xx responses
MINOR: stats/htx: Don't add "Connection: close" header anymore in stats
responses
MEDIUM: h1: Add an option to sanitize connection headers during parsing
MEDIUM: mux-h1: Simplify the connection mode management by sanitizing
headers
MINOR: mux-h1: Don't release the conn_stream anymore when h1s is destroyed
BUG/MINOR: mux-h1: Handle the flag CS_FL_KILL_CONN during a shutdown
read/write
MINOR: mux-h2: Add a mux_ops dedicated to the HTX mode
MINOR: muxes: Add a flag to specify a multiplexer uses the HTX
MINOR: stream: Set a flag when the stream uses the HTX
MINOR: http: update the macro IS_HTX_STRM() to check the stream flag
SF_HTX
MINOR: http_fetch/htx: Use stream flags instead of px mode in
smp_prefetch_htx
MINOR: filters/htx: Use stream flags instead of px mode to instanciate a
filter
MINOR: muxes: Rely on conn_is_back() during init to handle front/back conn
MEDIUM: muxes: Add an optional input buffer during mux initialization
MINOR: muxes: Pass the context of the mux to destroy() instead of the
connection
MEDIUM: muxes: Be prepared to don't own connection during the release
MEDIUM: connection: Add conn_upgrade_mux_fe() to handle mux upgrades
MEDIUM: htx: Allow the option http-use-htx to be used on TCP proxies too
MAJOR: proxy/htx: Handle mux upgrades from TCP to HTTP in HTX mode
MAJOR: muxes/htx: Handle inplicit upgrades from h1 to h2
MAJOR: htx: Enable the HTX mode by default for all proxies
REGTEST: Use HTX by default and add '--no-htx' option to disable it
BUG/MEDIUM: muxes: Don't dereference mux context if null in release
functions
BUG/MINOR: mux-h1: Process input even if the input buffer is empty
BUG/MINOR: mux-h1: Don't switch the parser in busy mode if other side has
done
BUG/MEDIUM: mux-h1: Notify the stream waiting for TCP splicing if ibuf is
empty
BUG/MEDIUM: mux-h1: Enable TCP splicing to exchange data only
MINOR: mux-h1: Handle read0 during TCP splicing
BUG/MEDIUM: htx: Don't return the start-line if the HTX message is empty
BUG/MAJOR: http_fetch: Get the channel depending on the keyword used
BUG/MINOR: http_fetch/htx: Allow permissive sample prefetch for the HTX
BUG/MINOR: http_fetch/htx: Use HTX versions if the proxy enables the HTX
mode
BUG/MINOR: contrib/prometheus-exporter: Fix a typo in the run-queue
metric type
MINOR: contrib/prometheus-exporter: Remove usless rate metrics
MINOR: contrib/prometheus-exporter: Rename some metrics to be more usable
MINOR: contrib/prometheus-exporter: Follow best practices about metrics
type
BUG/MEDIUM: h1: Don't parse chunks CRLF if not enough data are available
BUG/MEDIUM: thread/http: Add missing locks in set-map and add-acl HTTP
rules
BUG/MEDIUM: stream: Don't request a server connection if a shutw was
scheduled
BUG/MINOR: 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
BUG/MINOR: da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
MINOR: gcc: Fix a silly gcc warning in connect_server()
BUG/MEDIUM: stream: Fix the way early aborts on the client side are
handled
BUG/MINOR: spoe: Don't systematically wakeup SPOE stream in the applet
handler
BUG/MAJOR: muxes: Use the HTX mode to find the best mux for HTTP proxies
only
BUG/MINOR: htx: Exclude TCP proxies when the HTX mode is handled during
startup
BUG/MINOR: http: Call stream_inc_be_http_req_ctr() only one time per
request
MINOR: spoe: Use the sample context to pass frag_ctx info during encoding
BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is
handled
MINOR: config: Test validity of tune.maxaccept during the config parsing
CLEANUP: config: Don't alter listener->maxaccept when nbproc is set to 1
BUG/MEDIUM: spoe: Be sure the sample is found before setting its context
BUG/MINOR: mux-h1: Fix the parsing of trailers
BUG/MINOR: htx: Never transfer more than expected in htx_xfer_blks()
MINOR: htx: Split on DATA blocks only when blocks are moved to an HTX
message
MINOR: htx: Don't try to append a trailer block with the previous one
MINOR: htx: Remove support for unused OOB HTX blocks
BUG/MINOR: stream: Attach the read side on the response as soon as
possible
BUG/MEDIUM: http: Use pointer to the begining of input to parse message
headers
MINOR: spoe: Set the argument chunk size to 0 when SPOE variables are
checked
BUG/MEDIUM: mux-h2: Set EOI on the conn_stream during h2_rcv_buf()
David CARLIER (1):
MEDIUM: da: HTX mode support.
David Carlier (2):
BUILD/MINOR: listener: Silent a few signedness warnings.
BUILD/MEDIUM: contrib: Dummy DeviceAtlas API.
Dragan Dosen (7):
BUG/MINOR: haproxy: fix rule->file memory leak
BUG/MINOR: log: properly free memory on logformat parse error and deinit()
BUG/MINOR: checks: free memory allocated for tasklets
BUG/MEDIUM: pattern: fix memory leak in regex pattern functions
MEDIUM: regex: modify regex_comp() to atomically allocate/free the
my_regex struct
BUG/MEDIUM: stick-table: fix regression caused by a change in proxy struct
BUG/MEDIUM: tasks: fix possible segfault on task_destroy()
Emeric Brun (3):
BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on
release.
MINOR: peers: adds counters on show peers about tasks calls.
MINOR: ssl/cli: async fd io-handlers printable on show fd
Emmanuel Hocdet (1):
MINOR: ssl: Activate aes_gcm_dec converter for BoringSSL
Freddy Spierenburg (1):
DOC: The option httplog is no longer valid in a backend.
Frédéric Lécaille (1):
REGTEST: Missing REQUIRE_VERSION declarations.
Frédéric Lécaille (32):
BUG/MINOR: peers: Really close the sessions with no heartbeat.
CLEANUP: peers: remove useless annoying tabulations.
CLEANUP: peers: replace timeout constants by macros.
REGTEST: Enable again reg tests with HEAD HTTP method usage.
DOC: peers: Peers protocol documentation update.
BUG/MINOR: peers: Missing initializations after peer session shutdown.
MINOR: peers: Add a new command to the CLI for peers.
DOC: update for "show peers" CLI command.
MINOR: log: Extract some code to send syslog messages.
REGTEST: replace LEVEL option by a more human readable one.
REGTEST: rename the reg test files.
REGTEST: adapt some reg tests after renaming.
BUG/MAJOR: stream: Missing DNS context initializations.
MINOR: log: Add "sample" new keyword to "log" lines.
MINOR: log: Enable the log sampling and load-balancing feature.
DOC: log: Document the sampling and load-balancing logging feature.
REGTEST: Add a new reg test for log load-balancing feature.
REGTEST: Make this reg test be Linux specific.
BUILD: travis: TMPDIR replacement.
MINOR: config: Extract the code of "stick-table" line parsing.
BUILD/MINOR: stick-table: Compilation fix.
MEDIUM: stick-table: Stop handling stick-tables as proxies.
MINOR: stick-tables: Add peers process binding computing.
MINOR: stick-table: Add prefixes to stick-table names.
MINOR: peers: Do not emit global stick-table names.
DOC: Update for "table" lines in "peers" section.
REGTEST: Add reg tests for "table" lines in "peers" sections.
REGTEST: Flag some slow reg tests.
REGTEST: Reg tests file renaming.
REGTEST: Wrong renaming for one reg test.
REGTEST: Wrong assumption in IP:port logging test.
BUG/MINOR: log: Wrong log format initialization.
Ilya Shipitsin (11):
REGTESTS: exclude tests that require ssl, pcre if no such feature is
enabled
MEDIUM: enable travis-ci builds
BUG/MEDIUM: servers: fix typo "src" instead of "srv"
BUILD: extend travis-ci matrix
BUILD: remove "build_libressl" duplicate declaration
BUILD: travis-ci: get back to osx without openssl support
BUILD: enable several LibreSSL hacks, including
BUILD: temporarily mark LibreSSL builds as allowed to fail
BUILD: travis-ci bugfixes and improvements
BUILD: add BoringSSL to travis-ci build matrix
BUILD: travis-ci: make TMPDIR global variable in travis-ci
Kevin Zhu (1):
BUG/MEDIUM: spoe: arg len encoded in previous frag frame but len changed
Nenad Merdanovic (3):
MINOR: ssl: Add aes_gcm_dec converter
BUG/MEDIUM: map: Fix memory leak in the map converter
BUG/MINOR: ssl: Fix 48 byte TLS ticket key rotation
Olivier Houchard (55):
BUG/MEDIUM: checks: Don't bother subscribing if we have a connection
error.
BUG/MEDIUM: h2: Don't attempt to recv from h2_process_demux if we
subscribed.
BUG/MEDIUM: streams: Don't remove the SI_FL_ERR flag in si_update_both().
BUG/MEDIUM: streams: Store prev_state before calling si_update_both().
BUG/MEDIUM: stream: Don't clear the stream_interface flags in
si_update_both.
MINOR: initcall: Don't forget to define the __start/stop_init_##stg
symbols.
MINOR: threads: Implement thread_cpus_enabled() for FreeBSD.
BUG/MEDIUM: streams: Only re-run process_stream if we're in a connected
state.
BUG/MEDIUM: stream_interface: Don't bother doing chk_rcv/snd if not
connected.
BUG/MEDIUM: muxes: Make sure we unsubcribed when destroying mux ctx.
BUG/MEDIUM: h2: Make sure we're not already in the send_list in
h2_subscribe().
BUG/MEDIUM: h2: Revamp the way send subscriptions works.
MINOR: connections: Remove the SUB_CALL_UNSUBSCRIBE flag.
BUG/MEDIUM: Threads: Only use the gcc >= 4.7 builtins when using gcc >=
4.7.
BUG/MEDIUM: tasks: Make sure we modify global_tasks_mask with the rq_lock.
MINOR: tasks: Don't consider we can wake task with tasklet_wakeup().
MEDIUM: tasks: No longer use rq.node.leaf_p as a lock.
MINOR: tasks: Don't set the TASK_RUNNING flag when adding in the tasklet
list.
BUG/MEDIUM: applets: Don't use task_in_rq().
MEDIUM: tasks: Merge task_delete() and task_free() into task_destroy().
MEDIUM: tasks: Don't account a destroyed task as a runned task.
MEDIUM: tasks: Use __ha_barrier_store after modifying global_tasks_mask.
MEDIUM: ssl: Give ssl_sock its own context.
MEDIUM: connections: Move some fields from struct connection to
ssl_sock_ctx.
MEDIUM: ssl: provide its own subscribe/unsubscribe function.
MEDIUM: connections: Provide a xprt_ctx for each xprt method.
MEDIUM: ssl: provide our own BIO.
BUILD/medium: ssl: Fix build with OpenSSL < 1.1.0
MINOR: fd: Add a counter of used fds.
MEDIUM: connections: Add a way to control the number of idling
connections.
BUG/MEDIUM: ssl: Return -1 on recv/send if we got EAGAIN.
MINOR: threads: Implement HA_ATOMIC_LOAD().
BUG/MEDIUM: port_range: Make the ring buffer lock-free.
BUG/MEDIUM: ssl: Don't pretend we can retry a recv/send if we got a
shutr/w.
BUG/MEDIUM: channels: Don't forget to reset output in channel_erase().
BUG/MEDIUM: connections: Make sure we remove CO_FL_SESS_IDLE on disown.
BUG/MEDIUM: ssl: Use the early_data API the right way.
BUG/MEDIUM: streams: Don't add CF_WRITE_ERROR if early data were rejected.
MEDIUM: streams: Add the ability to retry a request on L7 failure.
MEDIUM: streams: Add a way to replay failed 0rtt requests.
MEDIUM: streams: Add a new keyword for retry-on, "junk-response"
BUG/MEDIUM: ssl: Don't attempt to use early data with libressl.
MINOR: doc: Document allow-0rtt on the server line.
MINOR: doc: Document the interaction of allow-0rtt and retry-on
0rtt-rejected.
MEDIUM: proto: Change the prototype of the connect() method.
BUG/MEDIUM: servers: Don't use the same srv flag for cookie-set and TFO.
BUG/MEDIUM: h2: Make sure we set send_list to NULL in h2_detach().
BUG/MEDIUM: h2: Don't check send_wait to know if we're in the send_list.
BUG/MEDIUM: streams: Make sur SI_FL_L7_RETRY is set before attempting a
retry.
MEDIUM: streams: Add a new http action, disable-l7-retry.
MINOR: streams: Introduce a new retry-on keyword, all-retryable-errors.
BUG/MEDIUM: connections: Don't forget to set xprt_ctx to NULL on close.
MINOR: h2: Use BUG_ON() to enforce rules in subscribe/unsubscribe.
MINOR: h1: Use BUG_ON() to enforce rules in subscribe/unsubscribe.
MINOR: connections: Use BUG_ON() to enforce rules in
subscribe/unsubscribe.
Ricardo Nabinger Sanchez (1):
BUG/MAJOR: checks: segfault during tcpcheck_main
Rob Allen (1):
BUG/MINOR: mworker/ssl: close OpenSSL FDs on reload
Robin H. Johnson (1):
MINOR: skip get_gmtime where tm is unused
Thierry FOURNIER (14):
MINOR: spoa-server: Clone the v1.7 spoa-example project
MINOR: spoa-server: move some definition from spoa_server.c to
spoa_server.h
MINOR: spoa-server: Externalise debug functions
MINOR: spoe-server: rename "worker" functions
MINOR: spoa-server: Replace the thread init system by processes
MINOR: spoa-server: With debug mode, start only one process
MINOR: spoa-server: Allow registering external processes
MINOR: spoa-server: Allow registering message processors
MINOR: spoa-server: Load files
MINOR: spoa-server: Prepare responses
MINOR: spoa-server: Execute registered callbacks
MINOR: spoa-server: Add Lua processing
MINOR: spoa-server: Add python
MINOR/DOC: spoe-server: Add documentation
Tim Duesterhus (7):
BUILD: extend Travis CI config to support more platforms
CLEANUP: Remove appsession documentation
DOC: Fix typo in keyword matrix
MINOR: systemd: Make use of master socket in systemd unit
BUG/MINOR: vars: Fix memory leak in vars_check_arg
BUG/MINOR: peers: Fix memory leak in cfg_parse_peers
BUG/MINOR: vars: Fix memory leak in vars_check_arg
William Lallemand (28):
BUG/MEDIUM: mworker: don't free the wrong child when not found
REORG: mworker: move serializing functions to mworker.c
REORG: mworker: move signals functions to mworker.c
REORG: mworker: move IPC functions to mworker.c
REORG: mworker: move signal handlers and related functions
REORG: mworker: move mworker_cleanlisteners to mworker.c
MINOR: mworker: calloc mworker_proc structures
MINOR: mworker: don't use children variable anymore
MINOR: cli: export cli_parse_default() definition in cli.h
REORG: mworker/cli: move CLI functions to mworker.c
MEDIUM: mworker-prog: implement program for master-worker
MINOR: mworker/cli: show programs in 'show proc'
BUG/MINOR: cli: correctly handle abns in 'show cli sockets'
MINOR: cli: start addresses by a prefix in 'show cli sockets'
MINOR: cli: export HAPROXY_CLI environment variable
MEDIUM: mworker: store the leaving state of a process
MEDIUM: mworker-prog: implements 'option start-on-reload'
CLEANUP: mworker: remove the type field in mworker_proc
MEDIUM: mworker/cli: export the HAPROXY_MASTER_CLI variable
MINOR: cli: don't add a semicolon at the end of HAPROXY_CLI
MINOR: mworker: export HAPROXY_MWORKER=1 when running in mworker mode
BUG/MINOR: mworker: mworker_kill should apply on every children
BUG/MINOR: mworker: don't exit with an ambiguous value
BUG/MINOR: mworker: ensure that we still quits with SIGINT
MINOR: systemd: support /etc/sysconfig/ for redhat based distrib
MINOR: mworker: support a configurable maximum number of reloads
BUG/MAJOR: ssl: segfault upon an heartbeat request
BUG/MINOR: mworker: use after free when the PID not assigned
Willy Tarreau (130):
REGTEST: remove unexpected "nbthread" statement from Lua test cases
BUILD: Makefile: remove 11-years old workarounds for deprecated options
BUILD: remove 10-years old error message for obsolete option USE_TCPSPLICE
BUILD: Makefile: remove outdated support for dlmalloc
BUILD: Makefile: consider a variable's origin and not its value for the
options list
BUILD: Makefile: also report disabled options in the BUILD_OPTIONS
variable
BUILD: Makefile: shorten default settings declaration
BUILD: Makefile: clean up the target declarations
BUILD: report the whole feature set with their status in haproxy -vv
BUILD: pass all "USE_*" variables as -DUSE_* to the compiler
REGTEST: script: make the script use the new features list
REGTEST: script: remove platform-specific assigments of OPTIONS
BUILD: makefile: work around an old bug in GNU make-3.80
BUILD: makefile: work around another bug in make 3.80
BUILD: http: properly mark some struct as extern
BUILD: chunk: properly declare pool_head_trash as extern
BUILD: cache: avoid a build warning with some compilers/linkers
MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf()
MINOR: tools: add an unsetenv() implementation
BUILD: re-implement an initcall variant without using executable sections
BUILD: use inttypes.h instead of stdint.h
BUILD: connection: fix naming of ip_v field
BUILD: makefile: fix build of IPv6 header on aix51
BUILD: makefile: add _LINUX_SOURCE_COMPAT to build on AIX-51
BUILD: define unsetenv on AIX 5.1
BUILD: Makefile: disable shared cache on AIX 5.1
BUG/MEDIUM: htx: fix random premature abort of data transfers
BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity
BUG/MEDIUM: task/threads: address a fairness issue between local and
global tasks
BUG/MINOR: tasks: make sure the first task to be queued keeps its nice
value
BUG/MINOR: listener: renice the accept ring processing task
MINOR: cli/listener: report the number of accepts on "show activity"
MINOR: cli/activity: report the accept queue sizes in "show activity"
CLEANUP: task: do not export rq_next anymore
MEDIUM: tasks: improve fairness between the local and global queues
MEDIUM: tasks: only base the nice offset on the run queue depth
MINOR: tasks: restore the lower latency scheduling when niced tasks are
present
BUILD: task/thread: fix single-threaded build of task.c
BUILD: cli/threads: fix build in single-threaded mode
BUILD: address a few cases of "static <type> inline foo()"
BUILD: do not specify "const" on functions returning structs or scalars
BUILD: htx: fix a used uninitialized warning on is_cookie2
BUG/MAJOR: lb/threads: fix insufficient locking on round-robin LB
MINOR: init: add a "set-dumpable" global directive to enable core dumps
BUG/MINOR: listener/mq: correctly scan all bound threads under low load
BUG/MEDIUM: tasks: Make sure we set TASK_QUEUED before adding a task to
the rq.
BUG/MAJOR: task: make sure never to delete a queued task
MINOR: task/thread: factor out a wake-up condition
CLEANUP: task: remain consistent when using the task's handler
BUG/MINOR: mworker: disable busy polling in the master process
BUG/MEDIUM: maps: only try to parse the default value when it's present
BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR
Revert "CLEANUP: wurfl: remove dead, broken and unmaintained code"
BUILD: add USE_WURFL to the list of known build options
MINOR: wurfl: indicate in haproxy -vv the wurfl version in use
REGTEST: make the "run-regtests" script search for tests in reg-tests by
default
BUG/MAJOR: lb/threads: fix AB/BA locking issue in round-robin LB
CLEANUP: task: report calls as unsigned in show sess
MINOR: tasks/activity: report the context switch and task wakeup rates
MINOR: stream: measure and report a stream's call rate in "show sess"
MINOR: applet: measure and report an appctx's call rate in "show sess"
REGTEST: exclude osx and generic targets for 40be_2srv_odd_health_checks
REGTEST: relax the IPv6 address format checks in
converters_ipmask_concat_strcmp_field_word
REGTEST: exclude OSX and generic targets from abns_socket.vtc
BUILD: travis: remove the "allow_failures" entry
BUG/MINOR: activity: always initialize the profiling variable
MINOR: activity: make the profiling status per thread and not global
MINOR: activity: enable automatic profiling turn on/off
CLEANUP: standard: use proper const to addr_to_str() and port_to_str()
BUG/MINOR: proto_http: properly reset the stream's call rate on keep-alive
MINOR: connection: make the debugging helper functions safer
MINOR: stream/debug: make a stream dump and crash function
MEDIUM: appctx/debug: force a crash if an appctx spins over itself forever
MEDIUM: stream/debug: force a crash if a stream spins over itself forever
MEDIUM: streams: measure processing time and abort when detecting bugs
BUG/MEDIUM: mux-h2: properly deal with too large headers frames
BUG/MAJOR: map/acl: real fix segfault during show map/acl on CLI
CLEANUP: task: move the task_per_thread definition to task.h
MINOR: activity: report context switch counts instead of rates
MINOR: threads: flatten the per-thread cpu-map
MINOR: init/threads: remove the useless tids[] array
MINOR: init/threads: make the threads array global
BUG/MINOR: stream: also increment the retry stats counter on L7 retries
BUG/MEDIUM: checks: make sure the warmup task takes the server lock
BUG/MINOR: logs/threads: properly split the log area upon startup
MEDIUM: tcp: add the "tfo" option to support TCP fastopen on the server
REGTEST: make the tls_health_checks test much faster
REGTEST: make the "table in peers" test require v2.0
BUG/MINOR: mux-h2: rely on trailers output not input to turn them to
empty data
BUG/MEDIUM: h2/htx: always fail on too large trailers
MEDIUM: mux-h2: discard contents that are to be sent after a shutdown
BUG/MEDIUM: mux-h2/htx: never wait for EOM when processing trailers
BUG/MEDIUM: h2/htx: never leave a trailers block alone with no EOM block
CLEANUP: task: remove unneeded tests before task_destroy()
BUG/MINOR: mux-h2: fix the condition to close a cs-less h2s on the backend
BUILD: ssl: fix again a libressl build failure after the openssl FD leak
fix
CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER instead of
OPENSSL_VERSION_NUMBER
BUILD: ssl: make libressl use its own version numbers
CLEANUP: ssl: remove 57 occurrences of useless tests on
LIBRESSL_VERSION_NUMBER
MINOR: ssl: enable aes_gcm_dec on LibreSSL
BUILD: ssl: fix libressl build again after aes-gcm-enc
REORG: ssl: move openssl-compat from proto to common
REORG: ssl: move some OpenSSL defines from ssl_sock to openssl-compat
CLEANUP: ssl: never include openssl/*.h outside of openssl-compat.h
anymore
CLEANUP: ssl: make inclusion of openssl headers safe
CLEANUP: ssl: move the SSL_OP_* and SSL_MODE_* definitions to
openssl-compat
CLEANUP: ssl: remove ifdef around SSL_CTX_get_extra_chain_certs()
CLEANUP: ssl: move all BIO_* definitions to openssl-compat
BUILD: threads: fix again the __ha_cas_dw() definition
BUG/MAJOR: mux-h2: do not add a stream twice to the send list
Revert "BUG/MINOR: vars: Fix memory leak in vars_check_arg"
BUG/MINOR: htx: make sure to always initialize the HTTP method when
parsing a buffer
REGTEST: fix tls_health_checks random failures on MacOS in Travis-CI
MINOR: lists: add LIST_ADDED() to check if an element belongs to a list
CLEANUP: mux-h2: use LIST_ADDED() instead of LIST_ISEMPTY() where relevant
MINOR: mux-h2: add two H2S flags to report the need for shutr/shutw
CLEANUP: mux-h2: simply use h2s->flags instead of ret in
h2_deferred_shut()
CLEANUP: connection: remove the handle field from the wait_event struct
BUG/MINOR: mux-h2: make the do_shut{r,w} functions more robust against
retries
MINOR: mux-h2: remove useless test on stream ID vs last in wake function
MINOR: mux-h2: make h2_wake_some_streams() not depend on the CS flags
MINOR: mux-h2: make h2s_wake_one_stream() the only function to deal with
CS
MINOR: mux-h2: make h2s_wake_one_stream() not depend on temporary CS flags
BUG/MINOR: mux-h2: make sure to honor KILL_CONN in do_shut{r,w}
CLEANUP: mux-h2: don't test for impossible CS_FL_REOS conditions
MINOR: mux-h2: add macros to check multiple stream states at once
MINOR: mux-h2: stop relying on CS_FL_REOS
BUILD: debug: make gcc not complain on the ABORT_NOW() macro
MINOR: debug: add a new BUG_ON macro
BUILD: ist: turn the lower/upper case tables to literal on obsolete
linkers
Yann Cézard (2):
DOC: contrib/modsecurity: Typos and fix the reject example
BUG/MEDIUM: contrib/modsecurity: If host header is NULL, don't try to
strdup it
paulborile (5):
BUILD: wurfl: build fix for 1.9/2.0 code base
CLEANUP: wurfl: removed deprecated methods
DOC: wurfl: added point of contact in MAINTAINERS file
MINOR: wurfl: enabled multithreading mode
MINOR: contrib: dummy wurfl library
---
