Hi, HAProxy 2.3-dev5 was released on 2020/09/25. It added 104 new commits after version 2.3-dev4.
Willy has finally finished the first part of the listeners rework and pushed a bunch of patches. First, the listener and bind_conf structures have been reorganized to better suite the new design. The listening socket settings have been moved in a dedicated structure, inlined in the bind_conf. Thanks to this change, it has been possible to split the listeners into the listener part and the receiver part. The protocols have then been reworked to have a listener callback function, responsible to start a listener and a bind callback function, responsible to bind the receiver. Both were previously performed by the same callback function. In addition, common functions used for a given address familily (INET4, INET6, UNIX...) have been regrouped into a new structure, proto_fam, and referenced in the protocols. And the last be not the least, the str2sa_range() function, responsible to parse addresses, has been totally refactored to be less ambiguous. This function was full of exceptions to guess the calling context. Now, it is the caller responsibility to provide desired parsing options. All this description is probably a bit cryptic and it does not do Willy's work justice. It was amazingly hard and painful to unmangle. But, it was a mandatory step to add the QUIC support. The next changes to come in this area are about the way listeners, receivers and proxies are started, stopped, paused or resumed. On his part, William has removed the support of the multi certificates bundle, to load each certificate in a separate SSL_CTX. This was implemented with openssl 1.0.2 to load different certificates (RSA, ECDSA and DSA) for the same SNI host, in the same SSL_CTX, before the client_hello callback was available. It is now a deprecated way to do and a mess to maintain. He has also fixed a bug about the verifyhost option which should be case insensitive. Still on the SSL part, Olivier has fixed a crash when we were waiting for the availability of the crypto engine. In its FD handler function, the I/O callback function was called directly with a NULL tasklet, leading to a crash. Now, a tasklet wakeup is performed. The "path-only" option has been added to "balance uri" to have a consistent way to balance H1 and H2 requests, based on the path, excluding any authority part. Finally, the usual set of fixes. Two memory leaks during configuration parsing have been fixed, thanks to Amaury and Eric. A subtle bug has been fixed in the smp_prefetch_htx() function causing the "method" sample fetch to fail for unknown method. And so on. Thanks to everyone working on this release. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.3/src/ Git repository : http://git.haproxy.org/git/haproxy.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy.git Changelog : http://www.haproxy.org/download/2.3/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ --- Complete changelog : Amaury Denoyelle (1): BUG/MINOR: config: Fix memory leak on config parse listen Brad Smith (1): BUILD: makefile: change default value of CC from gcc to cc Christopher Faulet (1): BUG/MINOR: http-fetch: Don't set the sample type during the htx prefetch Eric Salama (1): BUG/MINOR: Fix memory leaks cfg_parse_peers Ilya Shipitsin (4): CLEANUP: Update .gitignore BUILD: introduce possibility to define ABORT_NOW() conditionally CI: travis-ci: help Coverity to recognize abort() CI: travis-ci: split asan step out of running tests Miroslav Zagorac (1): BUILD: trace: include tools.h Olivier Houchard (1): BUG/MEDIUM: ssl: Don't call ssl_sock_io_cb() directly. Tim Duesterhus (3): DOC: Fix typo in iif() example BUG/MINOR: Fix type passed of sizeof() for calloc() CLEANUP: Do not use a fixed type for 'sizeof' in 'calloc' William Lallemand (13): BUG/MINOR: ssl: verifyhost is case sensitive BUG/MINOR: ssl/crt-list: crt-list could end without a \n MEDIUM: ssl: remove bundle support in crt-list and directories MEDIUM: ssl/cli: remove support for multi certificates bundle MINOR: ssl: crtlist_dup_ssl_conf() duplicates a ssl_bind_conf MINOR: ssl: crtlist_entry_dup() duplicates a crtlist_entry MEDIUM: ssl: emulates the multi-cert bundles in the crtlist MEDIUM: ssl: emulate multi-cert bundles loading in standard loading CLEANUP: ssl: remove test on "multi" variable in ckch functions CLEANUP: ssl/cli: remove test on 'multi' variable in CLI functions CLEANUP: ssl: remove utility functions for bundle DOC: explain bundle emulation in configuration.txt BUILD: fix build with openssl < 1.0.2 since bundle removal Willy Tarreau (78): CLEANUP: tree-wide: use VAR_ARRAY instead of [0] in various definitions BUILD: connection: fix build on clang after the VAR_ARRAY cleanup BUG/MINOR: server: report correct error message for invalid port on "socks4" BUG/MINOR: log-forward: fail on unknown keywords MEDIUM: log-forward: use "dgram-bind" instead of "bind" for the listener BUG/MEDIUM: log-forward: always quit on parsing errors BUG/MINOR: log: gracefully handle the "udp@" address format for log servers BUG/MINOR: dns: gracefully handle the "udp@" address format for nameservers MINOR: listener: create a new struct "settings" in bind_conf MINOR: listener: move bind_proc and bind_thread to struct settings MINOR: listener: move the interface to the struct settings MINOR: listener: move the network namespace to the struct settings REORG: listener: create a new struct receiver REORG: listener: move the listening address to a struct receiver REORG: listener: move the receiving FD to struct receiver REORG: listener: move the listener's proto to the receiver MINOR: listener: make sock_find_compatible_fd() check the socket type REORG: listener: move the receiver part to a new file MINOR: receiver: link the receiver to its settings MINOR: receiver: link the receiver to its owner MINOR: listener: prefer to retrieve the socket's settings via the receiver MINOR: receiver: add a receiver-specific flag to indicate the socket is bound MINOR: listener: move the INHERITED flag down to the receiver MINOR: receiver: move the FOREIGN and V6ONLY options from listener to settings MINOR: sock: make sock_find_compatible_fd() only take a receiver MINOR: protocol: rename the ->bind field to ->listen MINOR: protocol: add a new ->bind() entry to bind the receiver MEDIUM: sock_inet: implement sock_inet_bind_receiver() MEDIUM: tcp: make use of sock_inet_bind_receiver() MEDIUM: udp: make use of sock_inet_bind_receiver() MEDIUM: sock_unix: implement sock_unix_bind_receiver() MEDIUM: uxst: make use of sock_unix_bind_receiver() MEDIUM: sockpair: implement sockpair_bind_receiver() MEDIUM: proto_sockpair: make use of sockpair_bind_receiver() MEDIUM: protocol: explicitly start the receiver before the listener MEDIUM: protocol: do not call proto->bind() anymore from bind_listener() MINOR: protocol: add a new proto_fam structure for protocol families MINOR: protocol: retrieve the family-specific fields from the family CLEANUP: protocol: remove family-specific fields from struct protocol MINOR: protocol: add a real family for existing FDs CLEANUP: tools: make str2sa_range() less awful for fd@ and sockpair@ MINOR: tools: make str2sa_range() take more options than just resolve MINOR: tools: add several PA_O_PORT_* flags in str2sa_range() callers MEDIUM: tools: make str2sa_range() validate callers' port specifications MEDIUM: config: remove all checks for missing/invalid ports/ranges MINOR: tools: add several PA_O_* flags in str2sa_range() callers MINOR: listener: remove the inherited arg to create_listener() MINOR: tools: make str2sa_range() optionally return the fd MINOR: log: detect LOG_TARGET_FD from the fd and not from the syntax MEDIUM: tools: make str2sa_range() resolve pre-bound listeners MINOR: config: do not test an inherited socket again MEDIUM: tools: make str2sa_range() check for the sockpair's FD usability MINOR: tools: start to distinguish stream and dgram in str2sa_range() MEDIUM: tools: make str2sa_range() only report AF_CUST_UDP on listeners MINOR: tools: remove the central test for "udp" in str2sa_range() MINOR: cfgparse: add str2receiver() to parse dgram receivers MINOR: log-forward: use str2receiver() to parse the dgram-bind address MEDIUM: config: make str2listener() not accept datagram sockets anymore MINOR: listener: pass the chosen protocol to create_listeners() MINOR: tools: make str2sa_range() directly return the protocol MEDIUM: tools: make str2sa_range() check that the protocol has ->connect() MINOR: protocol: add the control layer type in the protocol struct MEDIUM: protocol: store the socket and control type in the protocol array MEDIUM: tools: make str2sa_range() use protocol_lookup() MEDIUM: proto_udp: replace last AF_CUST_UDP* with AF_INET* MINOR: tools: drop listener detection hack from str2sa_range() BUILD: sock_unix: add missing errno.h MINOR: sock_inet: report the errno string in binding errors MINOR: sock_unix: report the errno string in binding errors BUILD: sock_inet: include errno.h MINOR: h2/trace: also display the remaining frame length in traces BUG/MINOR: h2/trace: do not display "stream error" after a frame ACK BUG/MEDIUM: h2: report frame bits only for handled types MINOR: backend: make the "whole" option of balance uri take only one bit MINOR: backend: add a new "path-only" option to "balance uri" REGTESTS: add a few load balancing tests BUG/MEDIUM: listeners: do not pause foreign listeners BUG/MINOR: listeners: properly close listener FDs -- Christopher Faulet