Hi, HAProxy 2.0-dev3 was released on 2019/05/15. It added 393 new commits after version 2.0-dev2.
This is another huge version, having been distacted by a number of bugs lately, this one was postponed a bit too much in my taste. As usual for a development version, I'll skip over the bugfixes which are uninteresting for this changelog. The main points of this release are : - HTX enabled by default on all proxies. The only showstopper used to be the lack of ability to upgrade from TCP to HTTP in HTX mode when branching from a TCP frontend to an HTTP backend. Since it now works there is no reason for staying in legacy mode anymore. This means that all features (backend H2 etc) are all implicitly allowed without the need for an extra option. It is still possible to disable HTX in case of regression or suspicion using "no option http-use-htx". Keep in mind that any problem ought to be reported as the intent is to remove legacy mode with 2.1, so 2.0 will be the last one supporting both modes. - HTTP/2 is now supported on HTTP/1 ports (in HTX mode). Whenever the H2 preface is met on an H1 listener, the connection is automatically switched to H2. - significant scheduler improvements to improve fairness between all tasks in multi-threaded mode. There used to be a situation where some tasks could starve other ones, which was observable by some CLI commands timing out too early when doing "echo foo|socat" - lockup bug detection : if a task loops forever and uses all the CPU, this is a bug and haproxy will be killed. Similarly if a task locks up for a long time, haproxy is killed. This is enabled for now in development, and maybe it will stay enabled by default after the release as it would have helped a number of users to recover faster from some annoying bugs. If you see haproxy crash in an abort() and dump a core, first you'll know you've hit a serious bug and it managed to stop it, second keep in mind that there are developers who could be interested by knowing what was detected so please don't erase the trace and the core immediately. I still have some watchdog code under development that is even able to detect dead locks and crash the process in this case, I need to polish it. - Layer 7 retries : <rant> many of you know my disgust for such a feature essentially requested by incompetent admins trying to hide their horribly bogus applications and who prefer to shoot themselves in the foot instead of fixing the code, but there are a few valid (read riskless) use cases. One of them concerns the use of TCP fastopen to connect to the servers. It is not usable without such retries. Another one concerns 0-RTT to the servers where it's highly desirable that haproxy retries itself if the server ignores the early data. In addition to this there are some more legitimate users with known idempotent applications (static file servers and applications using replay-safe transaction numbers) where this can be understandable. The thing is that all these use cases require exactly the same mechanism. So now that this was implemented, it will also be available for those who want to do whatever and who will complain that haproxy multiplies their payment requests or kills all their servers in a domino effect. They'd rather not complain here or I may reserve them a selection of not-so-kind words. It is possible to finely enumerate the situations where a retry is permitted (see "retry-on"), and a few status codes are permitted (404 was included as this one is sometimes requested by content providers). In addition there is a new HTTP request action "disable-l7-retry" which allows to prevent such retries from happening (e.g. POST to an application not specifically designed to be replay-safe). Of course it is not enabled by default.</rant> - TFO is now supported when talking to servers. It is one of the positive effects of having L7 retries. Similarly 0-RTT can now be replayed without going back to the client. - stick-tables can now be declared inside peers sections. Many of those using tons of stick-tables have many backends with only one stick-table line. These backends also pollute the stats. And these stick-tables have to reference a peers section to be synchronized. We figured that since it is not possible to synchronize stick-tables between multiple peers sections, it made quite some sense to be able to declare several of them directly inside peers sections so that they are easily found, automatically synchronized, and require less configuration. These ones will be accessible using the peers section name followed by a slash and the stick-table name. - http-request/tcp-request action "do-resolve", which takes an argument, submits it to the DNS resolvers and sets the result back into a variable. It can be used to resolve anything on the fly. I already hear some people asking if we'll become a forward proxy, the response is "no" :-) But Baptiste had a working demo of something like this just for fun. - log sampling and load balancing. The idea is to specify intervals of wider ranges for which logs will be sent to a given server. Thus it is possible for example to send only 1 log every 100 to a server to perform some sampling, or to send 1/3 to log server 1, 2/3 to log server 2 and 3/3 to log server 3 and perform some log load balancing. It's likely that over the long term we could add some hashing rules so that logs belonging to a same session end up on the same log server, but one thing at a time :-) - it is possible to load sidecar programs from the global section using the "program" keyword in master-worker mode. They will be monitored by the master process. This is mainly aimed at simplifying some complex setups and allowing haproxy + extra components to start/stop together. For example some may want to load a syslog relay. In the very distant past we could have imagined loading stud or stunnel to offload SSL. - idle server connections are better controlled now so that we don't enter a situation where a single session could collect tons of them and not reuse them. Some heuristics are applied so that we give back idle connections more often. - the WURFL device detection was reintroduced. The Scientiamobile team has done a pretty good job at addressing all the issues that were raised and led to their removal so there was no reason to keep them out anymore. One nice improvement is that they provided a dummy library which allows to compile their code without any external dependency. This was the main issue developers were facing, and it turned out to be quite easy. Thus DeviceAtlas followed on the same principle and 51Degrees said they'll contribute such a thing soon as well. It will then be possible to detect internal API regressions affecting any of them during development so that these issues should only be bad memories by now. We should even enable them in Travis builds by the way. There are still a few WURFL patches pending for review but nothing dramatic. - DeviceAtlas implemented support for HTX mode, so it's already 2.0-ready as well. - some systemd unit file changes were brought to ease the activation of the master socket. My understanding is that it will look at a few config files to figure the options passed on the command line so it should work on multiple distros. - Just like we used to rely on "hard-stop-after" to limit the number of old processes upon reload, it is now possible to limit the number of reloads a process survives (see "mworker-max-reloads") before being actively killed. Those reloading very frequently will probably like this one! - new "set-dumpable" global keyword. It tries its best to re-enable core dumps. It will do the equivalent of "ulimit -c unlimited" and of enabling dumps after setuid, which should save lots of trouble to users willing to provide some help on bug reports. - lots of cleanups and reorganization of the regtests. They have a real name now, which is more convenient to manipulate them, and their dependencies are cleaner as they can depend on individual build options. - I discovered an old SPOA server that Thierry implemented more than one year ago, and which provides SPOA to Python and Lua programs. I could verify that it starts so I merged it, it can be useful to a number of people, including developers who want an example of a more complex application than the basic examples. - Travis-CI integration : the patches we push are now automatically tested in about a dozen of setups (OS, SSL versions) and the reg tests are run. This has already saved quite some time to detect bugs. Thanks to Ilya for working on this. - addressed some build issues, mainly old AIX support and LibreSSL compatibility issues caused by their creative numbering (they pretend to be OpenSSL 2.0.0, complicating many compatibility tests). Now it should not break every morning anymore. Also some build issues of the "ist" strings affecting at least Cygwin should be addressed now (once I get a confirmation I can backport this to 1.9). Yes I know it's a long list. There are still a few things pending but we're seeing the end of the tunnel. Some SSL layering changes that will be needed for QUIC were started and are currently being finished. I really want to have them in 2.0 so that we don't have two distinct architectures to deal with between 2.0 (which is long-term supported) and 2.1+. Manu has proposed the support of Solaris' event ports as a much better poller than poll(). I reviewed it, he's doing the final polishing and should be ready soon. Some deprecated keywords which do not generate a warning should be addressed as well or we'll never manage to get rid of them. I know that Christopher is still addressing some HTX design concepts that could make the long term maintenance much easier and that I'd rather see merged early. Tim already has some patches for this. Alec Liu proposed to integrate the support of SOCKS4. At first I was a bit worried but it turns out the protocol could be supported in a very non-intrusive way so if it's ready in time I'm fine with integrating it. I'm aware of a few other things people are working on, we'll see. I'm not disclosing them to avoid putting needless pressure! I've also seen based on recent reports and patch submissions that a few harmless bugs here and there might still be present, but nothing to be alarmed of. Given that recently we've been working on lots of bug reports and that things start to cool down, I'm considering that we're getting much better. I'd like to emit a new -dev release next week with the rest of the pending stuff, aiming at a final release by the end of this month. Please do test and report issues so that we don't get all of them in the last 3 days as usual. We all know releases slip a bit and I'm fine with this, but at least I'd like this to be for a good reason. Oh and keep in mind, this is *development* so please be careful with it. We all really appreciate to see bugs reported on live traffic but please don't use it as an excuse for switching all your LBs on it, or it may bite you hard! I'm going to open a -next branch to collect the pending stuff for 2.1. This one will periodically be rebased on top of master so that it can become the next master after the release. Have fun! Willy --- Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/2.0/src/ Git repository : http://git.haproxy.org/git/haproxy.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy.git Changelog : http://www.haproxy.org/download/2.0/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Apollon Oikonomopoulos (1): MINOR: systemd: Use the variables from /etc/default/haproxy Baptiste Assmann (5): MINOR: proto_tcp: tcp-request content: enable set-dst and set-dst-var MINOR: dns: dns_requester structures are now in a memory pool MINOR: dns: move callback affection in dns_link_resolution() MINOR: obj_type: new object type for struct stream MINOR: action: new '(http-request|tcp-request content) do-resolve' action Chris Packham (1): BUILD: threads: Add __ha_cas_dw fallback for single threaded builds Christopher Faulet (79): BUG/MINOR: contrib/prometheus-exporter: Fix applet accordingly to recent changes BUG/MINOR: mux-h1: Only skip invalid C-L headers on output BUG/MINOR: htx: Preserve empty HTX messages with an unprocessed parsing error BUG/MINOR: proto_htx: Reset to_forward value when a message is set to DONE REGTEST: http-capture/h00000: Relax a regex matching the log message REGTEST: http-messaging/h00000: Fix the test when the HTX is enabled REGTEST: http-rules/h00003: Use a different client for requests expecting a 301 REGTEST: log/b00000: Be sure the client always hits its timeout REGTEST: lua/b00003: Relax the regex matching the log message REGTEST: lua/b00003: Specify the HAProxy pid when the command ss is executed BUG/MEDIUM: spoe: Queue message only if no SPOE applet is attached to the stream BUG/MEDIUM: spoe: Return an error if nothing is encoded for fragmented messages BUG/MINOR: spoe: Be sure to set tv_request when each message fragment is encoded BUG/MEDIUM: htx: Defrag if blocks position is changed and the payloads wrap BUG/MEDIUM: htx: Don't crush blocks payload when append is done on a data block MEDIUM: htx: Deprecate the option 'http-tunnel' and ignore it in HTX MINOR: proto_htx: Don't adjust transaction mode anymore in HTX analyzers BUG/MEDIUM: htx: Fix the process of HTTP CONNECT with h2 connections MINOR: mux-h1: Simplify handling of 1xx responses MINOR: stats/htx: Don't add "Connection: close" header anymore in stats responses MEDIUM: h1: Add an option to sanitize connection headers during parsing MEDIUM: mux-h1: Simplify the connection mode management by sanitizing headers MINOR: mux-h1: Don't release the conn_stream anymore when h1s is destroyed BUG/MINOR: mux-h1: Handle the flag CS_FL_KILL_CONN during a shutdown read/write MINOR: mux-h2: Add a mux_ops dedicated to the HTX mode MINOR: muxes: Add a flag to specify a multiplexer uses the HTX MINOR: stream: Set a flag when the stream uses the HTX MINOR: http: update the macro IS_HTX_STRM() to check the stream flag SF_HTX MINOR: http_fetch/htx: Use stream flags instead of px mode in smp_prefetch_htx MINOR: filters/htx: Use stream flags instead of px mode to instanciate a filter MINOR: muxes: Rely on conn_is_back() during init to handle front/back conn MEDIUM: muxes: Add an optional input buffer during mux initialization MINOR: muxes: Pass the context of the mux to destroy() instead of the connection MEDIUM: muxes: Be prepared to don't own connection during the release MEDIUM: connection: Add conn_upgrade_mux_fe() to handle mux upgrades MEDIUM: htx: Allow the option http-use-htx to be used on TCP proxies too MAJOR: proxy/htx: Handle mux upgrades from TCP to HTTP in HTX mode MAJOR: muxes/htx: Handle inplicit upgrades from h1 to h2 MAJOR: htx: Enable the HTX mode by default for all proxies REGTEST: Use HTX by default and add '--no-htx' option to disable it BUG/MEDIUM: muxes: Don't dereference mux context if null in release functions BUG/MINOR: mux-h1: Process input even if the input buffer is empty BUG/MINOR: mux-h1: Don't switch the parser in busy mode if other side has done BUG/MEDIUM: mux-h1: Notify the stream waiting for TCP splicing if ibuf is empty BUG/MEDIUM: mux-h1: Enable TCP splicing to exchange data only MINOR: mux-h1: Handle read0 during TCP splicing BUG/MEDIUM: htx: Don't return the start-line if the HTX message is empty BUG/MAJOR: http_fetch: Get the channel depending on the keyword used BUG/MINOR: http_fetch/htx: Allow permissive sample prefetch for the HTX BUG/MINOR: http_fetch/htx: Use HTX versions if the proxy enables the HTX mode BUG/MINOR: contrib/prometheus-exporter: Fix a typo in the run-queue metric type MINOR: contrib/prometheus-exporter: Remove usless rate metrics MINOR: contrib/prometheus-exporter: Rename some metrics to be more usable MINOR: contrib/prometheus-exporter: Follow best practices about metrics type BUG/MEDIUM: h1: Don't parse chunks CRLF if not enough data are available BUG/MEDIUM: thread/http: Add missing locks in set-map and add-acl HTTP rules BUG/MEDIUM: stream: Don't request a server connection if a shutw was scheduled BUG/MINOR: 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST() BUG/MINOR: da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST() MINOR: gcc: Fix a silly gcc warning in connect_server() BUG/MEDIUM: stream: Fix the way early aborts on the client side are handled BUG/MINOR: spoe: Don't systematically wakeup SPOE stream in the applet handler BUG/MAJOR: muxes: Use the HTX mode to find the best mux for HTTP proxies only BUG/MINOR: htx: Exclude TCP proxies when the HTX mode is handled during startup BUG/MINOR: http: Call stream_inc_be_http_req_ctr() only one time per request MINOR: spoe: Use the sample context to pass frag_ctx info during encoding BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled MINOR: config: Test validity of tune.maxaccept during the config parsing CLEANUP: config: Don't alter listener->maxaccept when nbproc is set to 1 BUG/MEDIUM: spoe: Be sure the sample is found before setting its context BUG/MINOR: mux-h1: Fix the parsing of trailers BUG/MINOR: htx: Never transfer more than expected in htx_xfer_blks() MINOR: htx: Split on DATA blocks only when blocks are moved to an HTX message MINOR: htx: Don't try to append a trailer block with the previous one MINOR: htx: Remove support for unused OOB HTX blocks BUG/MINOR: stream: Attach the read side on the response as soon as possible BUG/MEDIUM: http: Use pointer to the begining of input to parse message headers MINOR: spoe: Set the argument chunk size to 0 when SPOE variables are checked BUG/MEDIUM: mux-h2: Set EOI on the conn_stream during h2_rcv_buf() David CARLIER (1): MEDIUM: da: HTX mode support. David Carlier (2): BUILD/MINOR: listener: Silent a few signedness warnings. BUILD/MEDIUM: contrib: Dummy DeviceAtlas API. Dragan Dosen (7): BUG/MINOR: haproxy: fix rule->file memory leak BUG/MINOR: log: properly free memory on logformat parse error and deinit() BUG/MINOR: checks: free memory allocated for tasklets BUG/MEDIUM: pattern: fix memory leak in regex pattern functions MEDIUM: regex: modify regex_comp() to atomically allocate/free the my_regex struct BUG/MEDIUM: stick-table: fix regression caused by a change in proxy struct BUG/MEDIUM: tasks: fix possible segfault on task_destroy() Emeric Brun (3): BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on release. MINOR: peers: adds counters on show peers about tasks calls. MINOR: ssl/cli: async fd io-handlers printable on show fd Emmanuel Hocdet (1): MINOR: ssl: Activate aes_gcm_dec converter for BoringSSL Freddy Spierenburg (1): DOC: The option httplog is no longer valid in a backend. Frédéric Lécaille (1): REGTEST: Missing REQUIRE_VERSION declarations. Frédéric Lécaille (32): BUG/MINOR: peers: Really close the sessions with no heartbeat. CLEANUP: peers: remove useless annoying tabulations. CLEANUP: peers: replace timeout constants by macros. REGTEST: Enable again reg tests with HEAD HTTP method usage. DOC: peers: Peers protocol documentation update. BUG/MINOR: peers: Missing initializations after peer session shutdown. MINOR: peers: Add a new command to the CLI for peers. DOC: update for "show peers" CLI command. MINOR: log: Extract some code to send syslog messages. REGTEST: replace LEVEL option by a more human readable one. REGTEST: rename the reg test files. REGTEST: adapt some reg tests after renaming. BUG/MAJOR: stream: Missing DNS context initializations. MINOR: log: Add "sample" new keyword to "log" lines. MINOR: log: Enable the log sampling and load-balancing feature. DOC: log: Document the sampling and load-balancing logging feature. REGTEST: Add a new reg test for log load-balancing feature. REGTEST: Make this reg test be Linux specific. BUILD: travis: TMPDIR replacement. MINOR: config: Extract the code of "stick-table" line parsing. BUILD/MINOR: stick-table: Compilation fix. MEDIUM: stick-table: Stop handling stick-tables as proxies. MINOR: stick-tables: Add peers process binding computing. MINOR: stick-table: Add prefixes to stick-table names. MINOR: peers: Do not emit global stick-table names. DOC: Update for "table" lines in "peers" section. REGTEST: Add reg tests for "table" lines in "peers" sections. REGTEST: Flag some slow reg tests. REGTEST: Reg tests file renaming. REGTEST: Wrong renaming for one reg test. REGTEST: Wrong assumption in IP:port logging test. BUG/MINOR: log: Wrong log format initialization. Ilya Shipitsin (11): REGTESTS: exclude tests that require ssl, pcre if no such feature is enabled MEDIUM: enable travis-ci builds BUG/MEDIUM: servers: fix typo "src" instead of "srv" BUILD: extend travis-ci matrix BUILD: remove "build_libressl" duplicate declaration BUILD: travis-ci: get back to osx without openssl support BUILD: enable several LibreSSL hacks, including BUILD: temporarily mark LibreSSL builds as allowed to fail BUILD: travis-ci bugfixes and improvements BUILD: add BoringSSL to travis-ci build matrix BUILD: travis-ci: make TMPDIR global variable in travis-ci Kevin Zhu (1): BUG/MEDIUM: spoe: arg len encoded in previous frag frame but len changed Nenad Merdanovic (3): MINOR: ssl: Add aes_gcm_dec converter BUG/MEDIUM: map: Fix memory leak in the map converter BUG/MINOR: ssl: Fix 48 byte TLS ticket key rotation Olivier Houchard (55): BUG/MEDIUM: checks: Don't bother subscribing if we have a connection error. BUG/MEDIUM: h2: Don't attempt to recv from h2_process_demux if we subscribed. BUG/MEDIUM: streams: Don't remove the SI_FL_ERR flag in si_update_both(). BUG/MEDIUM: streams: Store prev_state before calling si_update_both(). BUG/MEDIUM: stream: Don't clear the stream_interface flags in si_update_both. MINOR: initcall: Don't forget to define the __start/stop_init_##stg symbols. MINOR: threads: Implement thread_cpus_enabled() for FreeBSD. BUG/MEDIUM: streams: Only re-run process_stream if we're in a connected state. BUG/MEDIUM: stream_interface: Don't bother doing chk_rcv/snd if not connected. BUG/MEDIUM: muxes: Make sure we unsubcribed when destroying mux ctx. BUG/MEDIUM: h2: Make sure we're not already in the send_list in h2_subscribe(). BUG/MEDIUM: h2: Revamp the way send subscriptions works. MINOR: connections: Remove the SUB_CALL_UNSUBSCRIBE flag. BUG/MEDIUM: Threads: Only use the gcc >= 4.7 builtins when using gcc >= 4.7. BUG/MEDIUM: tasks: Make sure we modify global_tasks_mask with the rq_lock. MINOR: tasks: Don't consider we can wake task with tasklet_wakeup(). MEDIUM: tasks: No longer use rq.node.leaf_p as a lock. MINOR: tasks: Don't set the TASK_RUNNING flag when adding in the tasklet list. BUG/MEDIUM: applets: Don't use task_in_rq(). MEDIUM: tasks: Merge task_delete() and task_free() into task_destroy(). MEDIUM: tasks: Don't account a destroyed task as a runned task. MEDIUM: tasks: Use __ha_barrier_store after modifying global_tasks_mask. MEDIUM: ssl: Give ssl_sock its own context. MEDIUM: connections: Move some fields from struct connection to ssl_sock_ctx. MEDIUM: ssl: provide its own subscribe/unsubscribe function. MEDIUM: connections: Provide a xprt_ctx for each xprt method. MEDIUM: ssl: provide our own BIO. BUILD/medium: ssl: Fix build with OpenSSL < 1.1.0 MINOR: fd: Add a counter of used fds. MEDIUM: connections: Add a way to control the number of idling connections. BUG/MEDIUM: ssl: Return -1 on recv/send if we got EAGAIN. MINOR: threads: Implement HA_ATOMIC_LOAD(). BUG/MEDIUM: port_range: Make the ring buffer lock-free. BUG/MEDIUM: ssl: Don't pretend we can retry a recv/send if we got a shutr/w. BUG/MEDIUM: channels: Don't forget to reset output in channel_erase(). BUG/MEDIUM: connections: Make sure we remove CO_FL_SESS_IDLE on disown. BUG/MEDIUM: ssl: Use the early_data API the right way. BUG/MEDIUM: streams: Don't add CF_WRITE_ERROR if early data were rejected. MEDIUM: streams: Add the ability to retry a request on L7 failure. MEDIUM: streams: Add a way to replay failed 0rtt requests. MEDIUM: streams: Add a new keyword for retry-on, "junk-response" BUG/MEDIUM: ssl: Don't attempt to use early data with libressl. MINOR: doc: Document allow-0rtt on the server line. MINOR: doc: Document the interaction of allow-0rtt and retry-on 0rtt-rejected. MEDIUM: proto: Change the prototype of the connect() method. BUG/MEDIUM: servers: Don't use the same srv flag for cookie-set and TFO. BUG/MEDIUM: h2: Make sure we set send_list to NULL in h2_detach(). BUG/MEDIUM: h2: Don't check send_wait to know if we're in the send_list. BUG/MEDIUM: streams: Make sur SI_FL_L7_RETRY is set before attempting a retry. MEDIUM: streams: Add a new http action, disable-l7-retry. MINOR: streams: Introduce a new retry-on keyword, all-retryable-errors. BUG/MEDIUM: connections: Don't forget to set xprt_ctx to NULL on close. MINOR: h2: Use BUG_ON() to enforce rules in subscribe/unsubscribe. MINOR: h1: Use BUG_ON() to enforce rules in subscribe/unsubscribe. MINOR: connections: Use BUG_ON() to enforce rules in subscribe/unsubscribe. Ricardo Nabinger Sanchez (1): BUG/MAJOR: checks: segfault during tcpcheck_main Rob Allen (1): BUG/MINOR: mworker/ssl: close OpenSSL FDs on reload Robin H. Johnson (1): MINOR: skip get_gmtime where tm is unused Thierry FOURNIER (14): MINOR: spoa-server: Clone the v1.7 spoa-example project MINOR: spoa-server: move some definition from spoa_server.c to spoa_server.h MINOR: spoa-server: Externalise debug functions MINOR: spoe-server: rename "worker" functions MINOR: spoa-server: Replace the thread init system by processes MINOR: spoa-server: With debug mode, start only one process MINOR: spoa-server: Allow registering external processes MINOR: spoa-server: Allow registering message processors MINOR: spoa-server: Load files MINOR: spoa-server: Prepare responses MINOR: spoa-server: Execute registered callbacks MINOR: spoa-server: Add Lua processing MINOR: spoa-server: Add python MINOR/DOC: spoe-server: Add documentation Tim Duesterhus (7): BUILD: extend Travis CI config to support more platforms CLEANUP: Remove appsession documentation DOC: Fix typo in keyword matrix MINOR: systemd: Make use of master socket in systemd unit BUG/MINOR: vars: Fix memory leak in vars_check_arg BUG/MINOR: peers: Fix memory leak in cfg_parse_peers BUG/MINOR: vars: Fix memory leak in vars_check_arg William Lallemand (28): BUG/MEDIUM: mworker: don't free the wrong child when not found REORG: mworker: move serializing functions to mworker.c REORG: mworker: move signals functions to mworker.c REORG: mworker: move IPC functions to mworker.c REORG: mworker: move signal handlers and related functions REORG: mworker: move mworker_cleanlisteners to mworker.c MINOR: mworker: calloc mworker_proc structures MINOR: mworker: don't use children variable anymore MINOR: cli: export cli_parse_default() definition in cli.h REORG: mworker/cli: move CLI functions to mworker.c MEDIUM: mworker-prog: implement program for master-worker MINOR: mworker/cli: show programs in 'show proc' BUG/MINOR: cli: correctly handle abns in 'show cli sockets' MINOR: cli: start addresses by a prefix in 'show cli sockets' MINOR: cli: export HAPROXY_CLI environment variable MEDIUM: mworker: store the leaving state of a process MEDIUM: mworker-prog: implements 'option start-on-reload' CLEANUP: mworker: remove the type field in mworker_proc MEDIUM: mworker/cli: export the HAPROXY_MASTER_CLI variable MINOR: cli: don't add a semicolon at the end of HAPROXY_CLI MINOR: mworker: export HAPROXY_MWORKER=1 when running in mworker mode BUG/MINOR: mworker: mworker_kill should apply on every children BUG/MINOR: mworker: don't exit with an ambiguous value BUG/MINOR: mworker: ensure that we still quits with SIGINT MINOR: systemd: support /etc/sysconfig/ for redhat based distrib MINOR: mworker: support a configurable maximum number of reloads BUG/MAJOR: ssl: segfault upon an heartbeat request BUG/MINOR: mworker: use after free when the PID not assigned Willy Tarreau (130): REGTEST: remove unexpected "nbthread" statement from Lua test cases BUILD: Makefile: remove 11-years old workarounds for deprecated options BUILD: remove 10-years old error message for obsolete option USE_TCPSPLICE BUILD: Makefile: remove outdated support for dlmalloc BUILD: Makefile: consider a variable's origin and not its value for the options list BUILD: Makefile: also report disabled options in the BUILD_OPTIONS variable BUILD: Makefile: shorten default settings declaration BUILD: Makefile: clean up the target declarations BUILD: report the whole feature set with their status in haproxy -vv BUILD: pass all "USE_*" variables as -DUSE_* to the compiler REGTEST: script: make the script use the new features list REGTEST: script: remove platform-specific assigments of OPTIONS BUILD: makefile: work around an old bug in GNU make-3.80 BUILD: makefile: work around another bug in make 3.80 BUILD: http: properly mark some struct as extern BUILD: chunk: properly declare pool_head_trash as extern BUILD: cache: avoid a build warning with some compilers/linkers MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf() MINOR: tools: add an unsetenv() implementation BUILD: re-implement an initcall variant without using executable sections BUILD: use inttypes.h instead of stdint.h BUILD: connection: fix naming of ip_v field BUILD: makefile: fix build of IPv6 header on aix51 BUILD: makefile: add _LINUX_SOURCE_COMPAT to build on AIX-51 BUILD: define unsetenv on AIX 5.1 BUILD: Makefile: disable shared cache on AIX 5.1 BUG/MEDIUM: htx: fix random premature abort of data transfers BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity BUG/MEDIUM: task/threads: address a fairness issue between local and global tasks BUG/MINOR: tasks: make sure the first task to be queued keeps its nice value BUG/MINOR: listener: renice the accept ring processing task MINOR: cli/listener: report the number of accepts on "show activity" MINOR: cli/activity: report the accept queue sizes in "show activity" CLEANUP: task: do not export rq_next anymore MEDIUM: tasks: improve fairness between the local and global queues MEDIUM: tasks: only base the nice offset on the run queue depth MINOR: tasks: restore the lower latency scheduling when niced tasks are present BUILD: task/thread: fix single-threaded build of task.c BUILD: cli/threads: fix build in single-threaded mode BUILD: address a few cases of "static <type> inline foo()" BUILD: do not specify "const" on functions returning structs or scalars BUILD: htx: fix a used uninitialized warning on is_cookie2 BUG/MAJOR: lb/threads: fix insufficient locking on round-robin LB MINOR: init: add a "set-dumpable" global directive to enable core dumps BUG/MINOR: listener/mq: correctly scan all bound threads under low load BUG/MEDIUM: tasks: Make sure we set TASK_QUEUED before adding a task to the rq. BUG/MAJOR: task: make sure never to delete a queued task MINOR: task/thread: factor out a wake-up condition CLEANUP: task: remain consistent when using the task's handler BUG/MINOR: mworker: disable busy polling in the master process BUG/MEDIUM: maps: only try to parse the default value when it's present BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR Revert "CLEANUP: wurfl: remove dead, broken and unmaintained code" BUILD: add USE_WURFL to the list of known build options MINOR: wurfl: indicate in haproxy -vv the wurfl version in use REGTEST: make the "run-regtests" script search for tests in reg-tests by default BUG/MAJOR: lb/threads: fix AB/BA locking issue in round-robin LB CLEANUP: task: report calls as unsigned in show sess MINOR: tasks/activity: report the context switch and task wakeup rates MINOR: stream: measure and report a stream's call rate in "show sess" MINOR: applet: measure and report an appctx's call rate in "show sess" REGTEST: exclude osx and generic targets for 40be_2srv_odd_health_checks REGTEST: relax the IPv6 address format checks in converters_ipmask_concat_strcmp_field_word REGTEST: exclude OSX and generic targets from abns_socket.vtc BUILD: travis: remove the "allow_failures" entry BUG/MINOR: activity: always initialize the profiling variable MINOR: activity: make the profiling status per thread and not global MINOR: activity: enable automatic profiling turn on/off CLEANUP: standard: use proper const to addr_to_str() and port_to_str() BUG/MINOR: proto_http: properly reset the stream's call rate on keep-alive MINOR: connection: make the debugging helper functions safer MINOR: stream/debug: make a stream dump and crash function MEDIUM: appctx/debug: force a crash if an appctx spins over itself forever MEDIUM: stream/debug: force a crash if a stream spins over itself forever MEDIUM: streams: measure processing time and abort when detecting bugs BUG/MEDIUM: mux-h2: properly deal with too large headers frames BUG/MAJOR: map/acl: real fix segfault during show map/acl on CLI CLEANUP: task: move the task_per_thread definition to task.h MINOR: activity: report context switch counts instead of rates MINOR: threads: flatten the per-thread cpu-map MINOR: init/threads: remove the useless tids[] array MINOR: init/threads: make the threads array global BUG/MINOR: stream: also increment the retry stats counter on L7 retries BUG/MEDIUM: checks: make sure the warmup task takes the server lock BUG/MINOR: logs/threads: properly split the log area upon startup MEDIUM: tcp: add the "tfo" option to support TCP fastopen on the server REGTEST: make the tls_health_checks test much faster REGTEST: make the "table in peers" test require v2.0 BUG/MINOR: mux-h2: rely on trailers output not input to turn them to empty data BUG/MEDIUM: h2/htx: always fail on too large trailers MEDIUM: mux-h2: discard contents that are to be sent after a shutdown BUG/MEDIUM: mux-h2/htx: never wait for EOM when processing trailers BUG/MEDIUM: h2/htx: never leave a trailers block alone with no EOM block CLEANUP: task: remove unneeded tests before task_destroy() BUG/MINOR: mux-h2: fix the condition to close a cs-less h2s on the backend BUILD: ssl: fix again a libressl build failure after the openssl FD leak fix CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER instead of OPENSSL_VERSION_NUMBER BUILD: ssl: make libressl use its own version numbers CLEANUP: ssl: remove 57 occurrences of useless tests on LIBRESSL_VERSION_NUMBER MINOR: ssl: enable aes_gcm_dec on LibreSSL BUILD: ssl: fix libressl build again after aes-gcm-enc REORG: ssl: move openssl-compat from proto to common REORG: ssl: move some OpenSSL defines from ssl_sock to openssl-compat CLEANUP: ssl: never include openssl/*.h outside of openssl-compat.h anymore CLEANUP: ssl: make inclusion of openssl headers safe CLEANUP: ssl: move the SSL_OP_* and SSL_MODE_* definitions to openssl-compat CLEANUP: ssl: remove ifdef around SSL_CTX_get_extra_chain_certs() CLEANUP: ssl: move all BIO_* definitions to openssl-compat BUILD: threads: fix again the __ha_cas_dw() definition BUG/MAJOR: mux-h2: do not add a stream twice to the send list Revert "BUG/MINOR: vars: Fix memory leak in vars_check_arg" BUG/MINOR: htx: make sure to always initialize the HTTP method when parsing a buffer REGTEST: fix tls_health_checks random failures on MacOS in Travis-CI MINOR: lists: add LIST_ADDED() to check if an element belongs to a list CLEANUP: mux-h2: use LIST_ADDED() instead of LIST_ISEMPTY() where relevant MINOR: mux-h2: add two H2S flags to report the need for shutr/shutw CLEANUP: mux-h2: simply use h2s->flags instead of ret in h2_deferred_shut() CLEANUP: connection: remove the handle field from the wait_event struct BUG/MINOR: mux-h2: make the do_shut{r,w} functions more robust against retries MINOR: mux-h2: remove useless test on stream ID vs last in wake function MINOR: mux-h2: make h2_wake_some_streams() not depend on the CS flags MINOR: mux-h2: make h2s_wake_one_stream() the only function to deal with CS MINOR: mux-h2: make h2s_wake_one_stream() not depend on temporary CS flags BUG/MINOR: mux-h2: make sure to honor KILL_CONN in do_shut{r,w} CLEANUP: mux-h2: don't test for impossible CS_FL_REOS conditions MINOR: mux-h2: add macros to check multiple stream states at once MINOR: mux-h2: stop relying on CS_FL_REOS BUILD: debug: make gcc not complain on the ABORT_NOW() macro MINOR: debug: add a new BUG_ON macro BUILD: ist: turn the lower/upper case tables to literal on obsolete linkers Yann Cézard (2): DOC: contrib/modsecurity: Typos and fix the reject example BUG/MEDIUM: contrib/modsecurity: If host header is NULL, don't try to strdup it paulborile (5): BUILD: wurfl: build fix for 1.9/2.0 code base CLEANUP: wurfl: removed deprecated methods DOC: wurfl: added point of contact in MAINTAINERS file MINOR: wurfl: enabled multithreading mode MINOR: contrib: dummy wurfl library ---