Re: [ANNOUNCE] haproxy-2.3-dev5

[Willy Tarreau]

On Fri, Sep 25, 2020 at 09:55:46PM +0200, Christopher Faulet wrote:
> Hi,
> 
> HAProxy 2.3-dev5 was released on 2020/09/25. It added 104 new commits
> after version 2.3-dev4.

Thanks for doing this one, Christopher, you definitely saved me quite
some time, allowing me to progress further on the listeners :-)

(...)
> All this description is probably a bit cryptic and it does not do Willy's
> work justice. It was amazingly hard and painful to unmangle. But, it was a
> mandatory step to add the QUIC support. The next changes to come in this
> area are about the way listeners, receivers and proxies are started,
> stopped, paused or resumed.

I'm starting to see the end of the tunnel there (well just a little bit of
light), as well as some stuff that will still cause some trouble but
overall we're soon about to be able to declare a QUIC listener, with
a stream protocol for the upper layers with datagram for the lower ones.
This will also remove a lot of the ugly tricks that were needed for the
log forwarder (such as the fake "bind" lines that silently ignore unknown
keywords).

Among the upcoming changes that I mentioned a while ago that I'd still like
to see done before 2.3, there was:
  - setting log-send-hostname by default
  - enabling tune.fd.edge-triggered by default
  - changing the way "http-reuse safe" works for backend H2 connections
to avoid mixing two clients over the same connection and avoid head
of line blocking

We're already at end of September, we must really finish quickly what's
still in progress and think about stabilizing. I know we've been late on
2.2 but that didn't remove development time on 2.3 since all that was
done before 2.2 was released is still there :-) So let's say that what
is not merged in two weeks by 9th october will go to -next so that we
still have a few weeks left to fix bugs, test and document.

In addition I'd like that for 2.4 we further shorten the merge window,
that's still far too long, as we spend most of the bug-fixing time after
the release instead of before, which is counter-productive. So we'll
need to have pending stuff in -next anyway.

Cheers,
Willy

[ANNOUNCE] haproxy-2.3-dev5

[Christopher Faulet]

Hi,

HAProxy 2.3-dev5 was released on 2020/09/25. It added 104 new commits
after version 2.3-dev4.

Willy has finally finished the first part of the listeners rework and
pushed a bunch of patches. First, the listener and bind_conf structures
have been reorganized to better suite the new design. The listening socket
settings have been moved in a dedicated structure, inlined in the
bind_conf. Thanks to this change, it has been possible to split the
listeners into the listener part and the receiver part. The protocols have
then been reworked to have a listener callback function, responsible to
start a listener and a bind callback function, responsible to bind the
receiver. Both were previously performed by the same callback function. In
addition, common functions used for a given address familily (INET4, INET6,
UNIX...) have been regrouped into a new structure, proto_fam, and
referenced in the protocols. And the last be not the least, the
str2sa_range() function, responsible to parse addresses, has been totally
refactored to be less ambiguous. This function was full of exceptions to
guess the calling context. Now, it is the caller responsibility to provide
desired parsing options.

All this description is probably a bit cryptic and it does not do Willy's
work justice. It was amazingly hard and painful to unmangle. But, it was a
mandatory step to add the QUIC support. The next changes to come in this
area are about the way listeners, receivers and proxies are started,
stopped, paused or resumed.

On his part, William has removed the support of the multi certificates
bundle, to load each certificate in a separate SSL_CTX. This was
implemented with openssl 1.0.2 to load different certificates (RSA, ECDSA
and DSA) for the same SNI host, in the same SSL_CTX, before the
client_hello callback was available. It is now a deprecated way to do and
a mess to maintain. He has also fixed a bug about the verifyhost option
which should be case insensitive.

Still on the SSL part, Olivier has fixed a crash when we were waiting for
the availability of the crypto engine. In its FD handler function, the I/O
callback function was called directly with a NULL tasklet, leading to a
crash. Now, a tasklet wakeup is performed.

The "path-only" option has been added to "balance uri" to have a
consistent way to balance H1 and H2 requests, based on the path, excluding
any authority part.

Finally, the usual set of fixes. Two memory leaks during configuration
parsing have been fixed, thanks to Amaury and Eric. A subtle bug has been
fixed in the smp_prefetch_htx() function causing the "method" sample fetch
to fail for unknown method. And so on.

Thanks to everyone working on this release.

Please find the usual URLs below :
   Site index   : http://www.haproxy.org/
   Discourse: http://discourse.haproxy.org/
   Slack channel: https://slack.haproxy.org/
   Issue tracker: https://github.com/haproxy/haproxy/issues
   Wiki : https://github.com/haproxy/wiki/wiki
   Sources  : http://www.haproxy.org/download/2.3/src/
   Git repository   : http://git.haproxy.org/git/haproxy.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy.git
   Changelog: http://www.haproxy.org/download/2.3/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/


---
Complete changelog :
Amaury Denoyelle (1):
  BUG/MINOR: config: Fix memory leak on config parse listen

Brad Smith (1):
  BUILD: makefile: change default value of CC from gcc to cc

Christopher Faulet (1):
  BUG/MINOR: http-fetch: Don't set the sample type during the htx prefetch

Eric Salama (1):
  BUG/MINOR: Fix memory leaks cfg_parse_peers

Ilya Shipitsin (4):
  CLEANUP: Update .gitignore
  BUILD: introduce possibility to define ABORT_NOW() conditionally
  CI: travis-ci: help Coverity to recognize abort()
  CI: travis-ci: split asan step out of running tests

Miroslav Zagorac (1):
  BUILD: trace: include tools.h

Olivier Houchard (1):
  BUG/MEDIUM: ssl: Don't call ssl_sock_io_cb() directly.

Tim Duesterhus (3):
  DOC: Fix typo in iif() example
  BUG/MINOR: Fix type passed of sizeof() for calloc()
  CLEANUP: Do not use a fixed type for 'sizeof' in 'calloc'

William Lallemand (13):
  BUG/MINOR: ssl: verifyhost is case sensitive
  BUG/MINOR: ssl/crt-list: crt-list could end without a \n
  MEDIUM: ssl: remove bundle support in crt-list and directories
  MEDIUM: ssl/cli: remove support for multi certificates bundle
  MINOR: ssl: crtlist_dup_ssl_conf() duplicates a ssl_bind_conf
  MINOR: ssl: crtlist_entry_dup() duplicates a crtlist_entry
  MEDIUM: ssl: emulates the multi-cert bundles in the crtlist
  MEDIUM: ssl: emulate multi-cert bundles loading in standard loading
  CLEANUP: ssl: remove test on "multi" variable in ckch functions
  CLEANUP: ssl/cli: remove test on 'multi' variable in CLI functions
  CLEANUP: ssl: remove utility functions for