Commit Graph

325 Commits

Author SHA1 Message Date
Willy Tarreau c5d0342fa2 [RELEASE] Released version 3.1-dev14
Released version 3.1-dev14 with the following main changes :
    - MINOR: acl: export find_acl_default()
    - MINOR: sample: extend the "when" converter to support an ACL
    - MINOR: cfgparse: parse tune.{rcvbuf,sndbuf}.{client,server} as sizes
    - MINOR: cfgparse: parse tune.{rcvbuf,sndbuf}.{frontend,backend} as sizes
    - MINOR: cfgparse: parse tune.pipesize as a size
    - MINOR: cfgparse: parse tune.recv_enough as a size
    - MINOR: cfgparse: parse tune.bufsize as a size
    - MINOR: cfgparse: parse tune.bufsize.small as a size
    - REGTESTS: silence the "log format ignored" warnings
    - REGTESTS: silence warning "previous 'http-response' action is final"
    - REGTESTS: make the unit explicit for very short timeouts
    - REGTESTS: silence warnings about content-type being ignored
    - REGTESTS: remove a duplicate "option httpslog" in the defaults section
    - REGTESTS: silence warning "L6 sample fetches ignored" in cond_set_var
    - REGTESTS: add missing timeouts to 30 tests
    - REGTESTS: only use tune.ssl.default-dh-param when not using AWS-LC
    - REGTESTS: enable -dW on almost all tests to fail on warnings
    - MEDIUM: config: warn on unitless timeouts < 100 ms
    - MINOR: tools: make parse_size_err() support 32/64 bits
    - MINOR: ring: support unit suffixes in the size
    - MINOR: cfgparse-global: parse options to allow non std keywords in discovery mode
    - BUG/MINOR: mworker-prog: don't warn about deprecated section with expose-deprecated-directives
    - MINOR: cli: make "show env" accessible via master CLI without enabling debug
    - MINOR: config: show HAPROXY_BRANCH in "show env" output
    - MINOR: http-ana: Add option to keep query-string on a localtion-based redirect
    - MINOR: http-ana: Add support for "set-cookie-fmt" option to redirect rules
    - MINOR: agent-check: Be able to set absolute weight via an agent
    - MINOR: stream: Add an option to "show sess" command to dump the captured URI
    - DOC: config: A a space before ':' for {bs,fs}.aborted and {bs,fs}.rst_code
    - DOC: config: Fix a typo in "1.3.1. The Request line"
    - MINOR: http: Add support for HTTP 414/431 status codes
    - DEV: phash: Update 414 and 431 status codes to phash
    - MINIR: mux-h1: Return 414 or 431 when appropriate
    - BUG/MINOR: http_ana: Report -1 for %Tr for invalid response only
    - DOC: config: Slightly improve the %Tr documentation
    - DOC: config: Move wait_end in section about internal samples
    - DOC: config: Move fs.* and bs.* in section about L5 samples
    - MINOR: stats-file: add the filename in the warning
    - MEDIUM: stats-file: explicitely ignore comments starting by //
    - DOC: quic: rename max-window-size as with default prefix
    - MINOR: mux-quic: add missing values for show flags
    - MINOR: quic: simplify qc_prep_pkts() exit path
    - MINOR: quic: support a max number of built packet per send iteration
    - MINOR: quic: extend qc_send_mux() return type with a dedicated enum
    - MINOR: quic: define quic_pacing module
    - MINOR: quic/pacing: implement quic_pacer engine
    - MINOR: quic/pacing: support pacing emission on quic_conn layer
    - MINOR: quic/pacing: add burst support
    - MINOR: mux-quic: define a tx STREAM frame list member
    - MINOR: mux-quic: encapsulate QCC tasklet wakeup
    - MAJOR: mux-quic: support pacing emission
    - MINOR: quic: use dynamic cc_algo on bind_conf
    - MINOR: quic: extend quic-cc-algo optional parameters
    - MEDIUM: quic: define cubic-pacing congestion algorithm
    - MINOR: mux_quic/pacing: display pacing info on show quic
    - MEDIUM: stats-file: silently ignore be/fe mistmatch
    - REGTESTS: use -dW by default on every reg-tests
    - DOC: lua: fix yield-dependent methods expected contexts
    - DOC: sched: add missing scheduler API documentation for tasklet_wakeup_after()
    - DOC: sched: document the missing TASK_F_UEVT* flags
    - CLEANUP: tinfo: move sched_*_date/*_mono_time to the thread-local area
    - MINOR: stream: don't update s->lat_time when the wakeup date is not set
    - MINOR: tinfo/clock: turn sched_call_date to 64-bits
    - MINOR: sched: add TASK_F_WANTS_TIME to make the scheduler update the call date
    - MINOR: tools: add new macro DEFZERO to provide a default zero argument
    - MINOR: tasklet: make the low-level tasklet API take a flag
    - MINOR: tasklet: support an optional set of wakeup flags to tasklet_wakeup_on()
    - DOC: configuration: explain the rules regarding spaces in arguments
    - DOC: configuration: explain quotes and spaces in conditional blocks
    - DOC: configuration: wrap long line for "strstr()" conditional expression
    - BUG/MINOR: http-ana: Adjust the server status before the L7 retries
    - MINOR: http-fetch: Add an option to 'query" to get the QS with the '?'
    - BUG/MINOR: cfgparse-quic: fix renaming of max-window-size
    - MEDIUM: mworker: remove USE_SYSTEMD requirement for -Ws
    - CI: vtest: temporarily build from the sd-notify PR
    - MINOR: systemd: replace SOCK_CLOEXEC by fcntl call to FD_CLOEXEC
    - BUILD: makefile: make ERR apply to build options as well
    - MINOR: startup: set HAPROXY_LOCALPEER only once
    - DOC: configuration: update "Environment variables" chapter
    - DOC: config: indent the list of environment variables
    - OPTION: map/hlua: make core.set_map() lookup more efficient
    - REGTESTS: switch to -Ws for master-worker reg-tests
    - REGTESTS: disable temporarly mworker test on OSX
    - MINOR: quic: Add the congestion window initial value to QUIC path
    - MINOR: window_filter: Implement windowed filter (only max)
    - MINOR: quic: implement delivery rate sampling algorithm
    - MINOR: quic: implement BBR congestion control algorithm for QUIC
    - MINOR: quic: quic_cc modifications to support BBR
    - MINOR: quic: quic_loss modifications to support BBR
    - MINOR: quic: RX part modifications to support BBR
    - MINOR: quic: TX part modifications to support BBR.
    - MINOR: quic: add "bbr" new "quic-cc-algo" option
    - BUG/MEDIUM: mux-h2: Increase max number of headers when encoding HEADERS frames
    - BUG/MEDIUM: mux-h2: Check the number of headers in HEADERS frame after decoding
    - BUG/MEDIUM: h3: Properly limit the number of headers received
    - BUG/MEDIUM: h3: Increase max number of headers when sending headers
    - DOC: config: Improve documentation of tune.http.maxhdr directive
    - DOC: management: Clearly state "show errors" only reports malformed H1 messages
    - BUILD: makefile: build flags.c before haproxy to speed up the build
    - BUILD: makefile: reorder object files by build time
    - MINOR: config: Improve warnings on misplaced rules by adding an optional arg
    - CLEANUP: cfgparse: Add direction in functions name that warn on misplaced rules
    - MINOR: cfgparse: Emit a warning for misplaced "tcp-response content" rules
    - BUG/MINOR: cfgparse-quic: fix bbr initialization
    - MINOR: cfgparse-quic: activate pacing only via burst argument
    - MINOR: quic: Useless rate sample member initialization
    - BUG/MINOR: cfgparse-quic: fix warning for cc-aglo with 0 burst
    - MINOR: quic: support pacing for newreno and nocc
    - BUG/MINOR: quic: Missing application limitations tracking for BBR
    - MINOR: cfgparse-global: add cfg_parse_global_chroot
    - MINOR: cfgparse-global: add more checks for "chroot" argument
    - BUG/MINOR: startup: fix UAF when set the default for log_tag
    - MINOR: capabilities: rename program_name argument to progname
    - MINOR: startup: use global progname variable
    - MINOR: cfgparse-global: add cfg_parse_global_localpeer
    - BUG/MINOR: config: allow to check HAPROXY_LOCALPEER in config
    - BUG/MINOR: startup: init_early: remove obsolete comment
    - BUG/MEDIUM: debug: don't set the STUCK flag from debug_handler()
    - BUG/MEDIUM: wdt: fix the stuck detection for warnings
    - BUG/MINOR: activity/memprofile: reinitialize the free calls on DSO summary
    - MINOR: activity/memprofile: offer a function to unregister stale info
    - BUG/MEDIUM: pools/memprofile: always clean stale pool info on pool_destroy()
    - MINOR: activity: better report nil than ffff in unknown callers
    - CLEANUP: activity: better use a mask to tests freeing methods
    - MINOR: activity/memprofile: also monitor strdup() activity
    - MINOR: activity/memprofile: monitor non-portable calls as well
    - MINOR: activity: interrupt the show profile dump more often
    - MINOR: tools: resolve main() only once in resolve_sym_name()
    - MINOR: tools: add a new function "resolve_dso_name" to find a symbol's DSO
    - MINOR: activity/memprofile: use resolve_dso_name() for the DSO summary
    - REGTESTS: relax strerror matching to avoid a failure on libmusl
    - REGTESTS: don't rely on the base64 utility when openssl base64 is already used
2024-11-21 23:26:41 +01:00
Willy Tarreau 9539f2b097 [RELEASE] Released version 3.1-dev13
Released version 3.1-dev13 with the following main changes :
    - MEDIUM: mworker: depreciate the 'program' section
    - BUILD: ot: use a cebtree instead of a list for variable names
    - MINOR: startup: replace HAPROXY_LOAD_SUCCESS with global load_status
    - BUG/MINOR: startup: set HAPROXY_CFGFILES in read_cfg
    - BUG/MINOR: cli: don't show sockpairs in HAPROXY_CLI and HAPROXY_MASTER_CLI
    - BUG/MEDIUM: stconn: Don't forward shut for SC in connecting state
    - BUG/MEDIUM: resolvers: Insert a non-executed resulution in front of the wait list
    - MINOR: debug: explicitly permit the counter condition to be empty
    - MINOR: debug: add a new counter type for glitches
    - MINOR: mux-h2: count glitches when they're reported
    - BUG/MINOR: deinit: release uri_auth admin rules
    - MINOR: uri_auth: add stats_uri_auth_free helper
    - MEDIUM: uri_auth: implement clean uri_auth cleaning
    - MINOR: mux-quic/h3: count glitches when they're reported
    - BUG/MEDIUM: mux-h2: Don't send RST_STREAM frame for streams with no ID
    - BUG/MINOR: Don't report early srv aborts on request forwarding in DONE state
    - MINOR: promex: Expose the global node and description in process metrics
    - MINOR: promex: Add global and proxies description as labels to all metrics
    - OPTIM: pattern: only apply LRU cache for large enough lists
    - BUG/MEDIUM: checks: make sure to always apply offsets to now_ms in expiration
    - BUG/MINOR: debug: do not set task expiration to TICK_ETERNITY
    - BUG/MEDIUM: mailers: make sure to always apply offsets to now_ms in expiration
    - BUG/MINOR: mux_quic: make sure to always apply offsets to now_ms in expiration
    - BUG/MINOR: peers: make sure to always apply offsets to now_ms in expiration
    - BUG/MEDIUM: clock: make sure now_ms cannot be TICK_ETERNITY
    - MINOR: debug/cli: replace "debug dev counters" with "debug counters"
    - DOC: config: add tune.h2.{be,fe}.rxbuf to the global keywords index
    - MINOR: chunk: add a BUG_ON upon the next init_trash_buffer()
2024-11-15 18:42:29 +01:00
Willy Tarreau 0434e87348 [RELEASE] Released version 3.1-dev12
Released version 3.1-dev12 with the following main changes :
    - MINOR: startup: tune.renice.{startup,runtime} allow to change priorities
    - BUG/MEDIUM: promex: Fix dump of extra counters
    - BUILD: import/mt_list: support building with TCC
    - BUILD: compiler: define __builtin_prefetch() for tcc
    - CLEANUP: quic: Remove the useless directive "tune.quic.backend.max-idle-timeou"
    - DOC: config: document connection error 44 (reverse connect failure)
    - CLEANUP: connection: properly name the CO_ER_SSL_FATAL enum entry
    - DEBUG: cli: support closing "hard" using close() in addition to fd_delete()
    - MINOR: connection: add more connection error codes to cover common errno
    - MINOR: rawsock: set connection error codes when returning from recv/send/splice
    - MINOR: connection: add new sample fetch functions fc_err_name and bc_err_name
    - MINOR: quic: Help diagnosing malformed probing packets
    - BUG/MINOR: quic: fix malformed probing packet building
    - MINOR: listener: Remove useless checks on the receiver protocol existence
    - MINOR: http-conv: Remove unreachable goto statement in sample_conv_q_preferred
    - MINOR: http: don't %-encode the payload when not relevant
    - MINOR: quic: simplify qc_parse_pkt_frms() return path
    - MINOR: quic: use dynamically allocated frame on parsing
    - MINOR: quic: extend return value of CRYPTO parsing
    - BUG/MINOR: quic: repeat packet parsing to deal with fragmented CRYPTO
    - BUG/MINOR: mworker: do 'program' postparser checks in read_cfg_in_discovery_mode
    - EXAMPLES: add "traces.cfg" with traces examples
    - BUG/MEDIUM: quic: do not consider ACK on released stream as error
    - CLEANUP: stats: fix misleading comment on top of stat_idx_info
    - MINOR: wdt: move the local timers to a struct
    - MINOR: debug: add a function to dump a stuck thread
    - DEBUG: wdt: better detect apparently locked up threads and warn about them
    - DEBUG: cli: make it possible for "debug dev loop" to trigger warnings
    - DEBUG: wdt: make the blocked traffic warning delay configurable
    - DEBUG: wdt: add a stats counter "BlockedTrafficWarnings" in show info
    - DEBUG: wdt: set the default blocked task delay to 100 ms
    - MINOR: debug: move the "recover now" warn message after the optional notes
    - MINOR: event_hdl: add event_hdl_sub_list_empty() helper func
    - MINOR: pattern: add _pat_ref_new() helper func
    - OPTIM: pattern: use malloc() to initialize new pat_ref struct
    - MINOR: pattern: add pat_ref_free() helper func
    - CLEANUP: guid: remove global tree export
    - BUG/MINOR: guid/server: ensure thread-safety on GUID insert/delete
    - DOC: management: explain the change of behavior of the program section
    - BUG/MEDIUM: mux-h2: try to wait for the peer to read the GOAWAY
    - BUG/MEDIUM: quic: prevent crash due to CRYPTO parsing error
2024-11-08 15:46:54 +01:00
Willy Tarreau 2092199353 [RELEASE] Released version 3.1-dev11
Released version 3.1-dev11 with the following main changes :
    - BUG/MINOR: httpclient: return NULL when no proxy available during httpclient_new()
    - BUG/MEDIUM: mworker/httpclient: initialization skipped by accident in mworker mode
    - BUG/MINOR: resolvers/mworker: missing default resolvers in mworker mode
    - MINOR: mworker/ocsp: skip ocsp-update proxy init in master
    - BUG/MEDIUM: stconn: Wait iobuf is empty to shut SE down during a check send
    - MINOR: mux-h1: Show the SD iobuf in trace messages on stream send events
    - MINOR: mux-h1: Add a trace on shutdown when keep-alive is not possible
    - BUG/MINOR: http-ana: Don't report a server abort if response payload is invalid
    - BUG/MEDIUM: stconn: Check FF data of SC to perform a shutdown in sc_notify()
    - BUG/MAJOR: filters/htx: Add a flag to state the payload is altered by a filter
    - REGTESTS: Never reuse server connection in http-messaging/truncated.vtc
    - BUG/MINOR: quic: avoid leaking post handshake frames
    - MINOR: quic: send new tokens (NEW_TOKEN) even for 1RTT sessions
    - BUG/MEDIUM: quic: avoid freezing 0RTT connections
    - DOC: config: fix rfc7239 forwarded typo in desc
    - MINOR: http_ext: implement rfc7239_{nn,np} converters
    - CLEANUP: http_ext: remove useless BUG_ON() in http_handle_xot_header()
    - BUG/MINOR: sample: free err2 in smp_resolve_args for type ARGT_REG
    - MINOR: arg: add an argument type for identifier
    - BUILD: buffers: keep b_getblk_nc() and b_peek_varint() in buf.h
    - CLEANUP: buffers: simplify b_get_varint()
    - OPTIM: buffers: avoid a useless wrapping check for ofs == 0
    - MINOR: debug: make mark_tainted() return the previous value
    - MINOR: chunk: drop the global thread_dump_buffer
    - MINOR: debug: split ha_thread_dump() in two parts
    - MINOR: debug: slightly change the thread_dump_pointer signification
    - MINOR: debug: make ha_thread_dump_done() take the pointer to be used
    - MINOR: debug: replace ha_thread_dump() with its two components
    - MEDIUM: debug: on panic, make the target thread automatically allocate its buf
    - BUILD: mux-h2/traces: fix build on 32-bit due to size of the DATA frame
    - CI: prepare Coverity build for Ubuntu 24
    - CI: bump development builds explicitely to Ubuntu 24.04
    - CI: modernize macos builds to macos-15
    - BUG/MINOR: mworker: fix mworker-max-reloads parser
    - MINOR: mux-quic: simplify sending of empty STREAM FIN
    - BUG/MINOR: mux-quic: do not close STREAM with empty FIN if no data sent
    - CLEANUP: debug: make the BUG_ON() macros check the condition in the outer one
    - MEDIUM: debug: add match counters for BUG_ON/WARN_ON/CHECK_IF
    - MINOR: debug: add a new debug macro COUNT_IF()
    - MINOR: debug: add "debug dev counters" to list code counters
    - BUG/MEDIUM: stats-html: Never dump more data than expected during 0-copy FF
    - BUG/MEDIUM: mux-h2: Remove H2S from send list if data are sent via 0-copy FF
    - BUG/MINOR: stconn: Pretend the SE have more data to deliver on abortonclose
    - CLEANUP: stream: remove outdated comments
    - DEBUG: stream: Add debug counters to track some client/server aborts
    - DEBUG: mux-h1: Add debug counters to track some errors
    - MINOR: mux-h1: Add support of the debug string for logs
    - MINOR: stream: maintain per-stream counters of the number of passes on code
    - MINOR: filters: add per-filter call counters
    - MINOR: sample: add the "when" converter to condition some expressions
    - BUG/MEDIUM: connection/http-reuse: fix address collision on unhandled address families
    - BUILD: spoe: fix build warning on older gcc around sub-struct initialization
    - Revert "OPTIM: mux-h2: make h2_send() report more accurate wake up conditions"
    - DEBUG: mux-h1: Add debug counters to track errors with in/out pending data
    - BUG/MINOR: mux-h1: Fix conditions on pipe in some COUNT_IF()
    - MINOR: activity/memprofile: show per-DSO stats
    - BUG/MINOR: mworker/cli: show master startup logs in recovery mode
    - MINOR: mworker: stop MASTER proxy listener on worker mcli sockpair
    - MINOR: error: simplify startup_logs_init_shm
    - BUG/MINOR: mworker: show worker warnings in startup logs
    - CLEANUP: mworker: clean mworker_reexec
    - MINOR: mworker/cli: split mworker_cli_proxy_create
    - BUG/MINOR: server: fix dynamic server leak with check on failed init
    - BUG/MEDIUM: server: fix race on servers_list during server deletion
    - BUG/MEDIUM: stconn: Report blocked send if sends are blocked by an error
    - BUG/MINOR: http-ana: Fix wrong client abort reports during responses forwarding
    - BUG/MINOR: stconn: Don't disable 0-copy FF if EOS was reported on consumer side
    - MINOR: mworker/cli: add 'debug' to 'show proc'
    - MINOR: mworker/cli: remove comment line for program when useless
    - MINOR: mworker/cli: 'show proc debug' for old workers
    - BUILD: debug: silence a build warning with threads disabled
    - CLEANUP: mux-h2: remove the unused "full" variable in h2_frt_transfer_data()
    - MINOR: pools: export the pools variable
    - MINOR: debug: place a magic pattern at the beginning of post_mortem
    - MINOR: debug: place the post_mortem struct in its own section.
    - MINOR: debug: store important pointers in post_mortem
    - MINOR: debug: do not limit backtraces to stuck threads
    - MINOR: cli: remove non-printable characters from 'debug dev fd'
    - MINOR: cli: add an 'echo' command
    - MINOR: debug: also add a pointer to struct global to post_mortem
    - CLEANUP: mworker: make mworker_create_master_cli more readable
    - BUG/MEIDUM: mworker: fix fd leak from master to worker
    - BUG/MINOR: mworker/cli: fix mworker_cli_global_proxy_new_listener
    - MINOR: tools: add strnlen2() helper
    - CLEANUP: log: use strnlen2() in _lf_text_len() to compute string length
    - DOC: design: add notes about more detailed error reporting for logs
    - MINOR: debug: also add fdtab and acitvity to struct post_mortem
    - MINOR: debug: remove the redundant process.thread_info array from post_mortem
    - DEV: gdb: add a number of gdb scripts to navigate in core dumps
    - BUG/MINOR: trace: stop rewriting argv with -dt
    - MEDIUM: protocol: make abns a custom unix socket address family
    - MEDIUM: protocol: rely on AF_CUST_ABNS family to recognize ABNS sockets
    - CLEANUP: tools: rely on address family to detect ABNS sockets
    - MINOR: protocol: create abnsz socket address family
    - MINOR: sock: restore effective UNIX family in sock_get_old_sockets()
    - MEDIUM: sock: also restore effective unix family in get_{src,dst}()
    - MEDIUM: sock_unix: use per-family addrcmp function
    - MEDIUM: socket: add zero-terminated ABNS alternative
    - BUG/MINOR: ssl/cli: 'set ssl cert' does not check the transaction name correctly
    - BUG/MINOR: mworker: mworker_reexec: unset MODE_STARTING before free startup logs ring
    - BUG/MINOR: errors: startup_logs_free: set global startup_logs ptr to NULL
    - BUG/MINOR: errors: print_message: don't allocate startup logs ring
    - BUG/MINOR: startup: don't fork worker if started with -c -W
    - BUG/MINOR: startup: dump libs only in worker if started with -W -dL
    - BUG/MINOR: startup: dump keywords only in worker if started with -W -dKAll
    - BUG/MINOR: startup: don't dump polling info for master in verbose mode
    - CI: switch QUIC Interop on AWS-LC to common docker image
    - CI: switch QUIC Interop on LibreSSL to common docker image
    - CI: enable chacha20 test on LibreSSL QUIC Interop
    - DOC: config: add missing glitch_{cnt,rate} data types
    - DOC: config: add missing glitch_{cnt,rate} sample definitions
    - CI: LibreSSL QUIC Interop: fix docker context
    - DEBUG: mux-h1: Add H1C expiration dates in trace messages
    - BUG/MEDIUM: mux-h1: Fix how timeouts are applied on H1 connections
    - BUG/MINOR: http-ana: Report internal error if an action yields on a final eval
    - MINOR: stream: Save last evaluated rule on invalid yield
    - MINOR: quic: complete trace in qc_may_build_pkt()
    - MINOR: quic: move qc_send_mux() prototype into quic_tx.h
    - MINOR: stream: Replace last_rule_file/line fields by a more generic field
    - MINOR: stream: Save the last filter evaluated interrupting the processing
    - MINOR: stream: Save the entity waiting to continue its processing
    - MINOR: stream: Use an enum to identify last and waiting entities for streams
    - MINOR: stream: Add http-buffer-request option in the waiting entities
    - DOC: config: Add documentation about last_entity sample fetch
    - DOC: config: Add documentation about waiting_entity sample fetch
2024-11-01 10:17:02 +01:00
Willy Tarreau 1fb61475f2 [RELEASE] Released version 3.1-dev10
Released version 3.1-dev10 with the following main changes :
    - BUG/MAJOR: mux-quic: do not crash on empty STREAM frame emission
    - BUG/MINOR: stats: Fix the name for the total number of streams created
    - MINOR: quic: strengthen qc_release_frm()
    - MEDIUM: quic: decount acknowledged data for MUX txbuf window
    - MINOR: quic: implement dedicated type for out-of-order stream ACK
    - MEDIUM: quic: merge contiguous/overlapping buffered ack stream range
    - MEDIUM: quic: decount out-of-order ACK data range for MUX txbuf window
    - MINOR: log: add do_log() logging helper
    - MINOR: log: add do_log_parse_act() helper func
    - MINOR: action: add do-log action
    - REGTESTS: add some tests for 'do-log' action
    - BUG/MEDIUM: hlua: make hlua_ctx_renew() safe
    - BUG/MEDIUM: hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}()
    - BUG/MINOR: quic: fix discarding of already stored out-of-order ACK
    - BUG/MEDIUM: quic: properly decount out-of-order ACK on stream release
    - MINOR: ssl: disable server side default CRL check with WolfSSL
    - MEDIUM: sink: implement sink_find_early()
    - MINOR: trace: postresolve sink names
    - MINOR: sample: postresolve sink names in debug() converter
    - BUG/MEDIUM: mux-quic: ensure timeout server is active for short requests
    - MINOR: cfgparse: simulate long configuration parsing with force-cfg-parser-pause
    - BUILD: cache: silence an uninitialized warning at -Og with gcc-12.2
    - BUG/MINOR: mux-h2/traces: present the correct buffer for trailers errors traces
    - MINOR: mux-h2/traces: print the size of the DATA frames
    - CLEANUP: muxes: remove useless inclusion of ebmbtree.h
    - REORG: buffers: move some of the heavy functions from buf.h to buf.c
    - MINOR: buffer: add a buffer list type with functions
    - MINOR: mux-h2: split the amount of rx data from the amount to ack
    - MINOR: mux-h2: create and initialize an rx offset per stream
    - MEDIUM: mux-h2: start to update stream when sending WU
    - MEDIUM: mux-h2: start to introduce the window size in the offset calculation
    - MINOR: mux-h2: count within a connection, how many streams are receiving data
    - MINOR: mux-h2: allocate the array of shared rx bufs in the h2c
    - MINOR: mux-h2: add rxbuf head/tail/count management for h2s
    - MINOR: mux-h2: move H2_CF_WAIT_IN_LIST flag away from the demux flags
    - MINOR: mux-h2: simplify the exit code in h2_rcv_buf()
    - MINOR: mux-h2: simplify the wake up code in h2_rcv_buf()
    - MINOR: mux-h2: clear up H2_CF_DEM_DFULL and H2_CF_DEM_SHORT_READ ambiguity
    - MAJOR: mux-h2: make streams use the connection's buffers
    - MAJOR: mux-h2: permit a stream to allocate as many buffers as desired
    - MAJOR: mux-h2: make the rxbuf allocation algorithm a bit smarter
    - MINOR: mux-h2: add tune.h2.be.rxbuf and tune.h2.fe.rxbuf global settings
    - MEDIUM: mux-h2: change the default initial window to 16kB
    - DOC: design-thoughts: add diagrams illustrating an rx win groth
    - MEDIUM: mux-h2: rework h2_restart_reading() to differentiate recv and demux
    - OPTIM: mux-h2: make h2_send() report more accurate wake up conditions
    - OPTIM: mux-h2: try to continue reading after demuxing when useful
    - OPTIM: mux-h2: use tasklet_wakeup_after() in h2s_notify_recv()
    - MINOR: mux-h2/traces: add missing flags and proxy ID in traces
    - MINOR: mux-h2/traces: add buffer-related info to h2s and h2c
    - CI: cirrus-ci: bump FreeBSD image to 14-1
    - REGTESTS: fix a reload race in abns_socket.vtc
    - MINOR: activity/memprofile: always return "other" bin on NULL return address
    - MINOR: quic: notify connection layer on handshake completion
    - BUG/MINOR: stream: unblock stream on wait-for-handshake completion
    - BUG/MEDIUM: quic: support wait-for-handshake
    - BUG/MEDIUM: server: server stuck in maintenance after FQDN change
    - BUG/MEDIUM: queue: make sure never to queue when there's no more served conns
    - DEBUG: mux-h2/flags: add H2_CF_DEM_RXBUF & H2_SF_EXPECT_RXDATA for the decoder
    - REGTESTS: cli: add delay 0.1 before connect to cli
    - MINOR: startup: add O_CLOEXEC flag to open /dev/null
    - MEDIUM: startup: move daemonization fork in init
    - MINOR: startup: refactor "daemonization" fork
    - MEDIUM: startup: move PID handling in init()
    - MAJOR: mworker: move master-worker fork in init()
    - BUG/MINOR: mworker: fix memory leak due to master-worker fork
    - REORG: mworker: set nbthread=1 for master after fork
    - MINOR: init: check MODE_MWORKER before creating master CLI
    - REORG: mworker: move mworker_create_master_cli in master 'case'
    - MEDIUM: startup: call chroot() if needed in one place
    - MEDIUM: startup: do set_identity() if needed in one place
    - MINOR: startup: only worker gets capabilities from bin
    - CLEANUP: haproxy: rm no longer used mworker_reexec_waitmode
    - MINOR: startup: rename exit_on_waitmode_failure to exit_on_failure
    - MINOR: defaults: update MASTER_MAXCONN description
    - MEDIUM: startup: remove MODE_MWORKER_WAIT
    - MINOR: global: add MODE_DISCOVERY flag
    - MEDIUM: cfgparse: add KWF_DISCOVERY keyword flag
    - MEDIUM: cfgparse: call some parsers only in MODE_DISCOVERY
    - MEDIUM: cfgparse-global: parse only KWF_DISCOVERY keywords in MODE_DISCOVERY
    - MEDIUM: cfgparse: parse only "global" section in MODE_DISCOVERY
    - MEDIUM: startup: introduce load_cfg and read_cfg
    - MINOR: cfgparse: fix *thread keywords sensitive to global section position
    - MINOR: mworker/cli: rename mworker_cli_proxy_new_listener
    - MINOR: mworker/cli: rename and clean mworker_cli_sockpair_new
    - MINOR: mworker/cli: create master CLI sockpair before fork
    - MINOR: mworker/cli: create MASTER proxy before mcli listeners
    - MINOR: mworker: add and set state PROC_O_INIT for new worker
    - MEDIUM: mworker/cli: close child and parent fds, setup listeners
    - MINOR: mworker: mworker_catch_sigchld: use fd_delete instead of close
    - MINOR: startup: rename and adapt reexec_on_failure
    - MINOR: mworker: add support for case when new worker dies
    - MINOR: mworker: simplify the code that sets PROC_O_LEAVING
    - MINOR: mworker/cli: add _send_status to support state transition
    - MEDIUM: startup: split sending oldpids_sig logic for standalone and mworker modes
    - MINOR: startup: split init() into separate initialization routines
    - MINOR: startup: split main: add step_init_3
    - MINOR: startup: simplify check for calling sock_get_old_sockets
    - MINOR: startup: encapsulate sock_get_old_sockets in a function
    - MINOR: startup: add bind_listeners
    - MINOR: startup: split main: add step_init_4
    - MINOR: startup: encapsulate master's code in run_master
    - MINOR: startup: add read_cfg_in_discovery_mode
    - MINOR: mworker: adapt exit_on_failure for master recovery mode
    - MEDIUM: mworker: add support of master recovery mode
    - MINOR: startup: add set_verbosity
    - MEDIUM: mworker: block reloads
    - MINOR: mworker: slow load status delivery if worker is starting
    - MINOR: mworker: readapt program support in mworker_catch_sigchld
    - MINOR: mworker: deserialize process list before read_cfg_in_discovery_mode
    - MINOR: mworker: parse program only in MODE_DISCOVERY
    - MINOR: cfgparse: add support for program section
    - MINOR: startup: reintroduce program support
    - MINOR: mworker-prog: stop old programs in mworker_ext_launch_all
    - MINOR: mworker: reintroduce systemd support
    - MINOR: mworker: report explicitly when worker exits due to max reloads
    - MINOR: cfgparse-global: parse *env keywords in MODE_DISCOVERY
    - MINOR: startup: reintroduce *env keywords support
    - MINOR: startup: close devnullfd, when daemon mode is applied
2024-10-16 22:57:52 +02:00
Willy Tarreau 7cdc9325a1 [RELEASE] Released version 3.1-dev9
Released version 3.1-dev9 with the following main changes :
    - MINOR: tools: add minimal file name management
    - CLEANUP: stick-table: make the file location point to a global file name
    - MINOR: proxy: use the global file names for conf->file
    - CLEANUP: cfgparse: factor proxy vs log-forward collisions
    - BUG/MINOR: cfgparse: detect another uncaught case of duplicate defaults
    - MINOR: proxy: add a list of orphaned defaults sections
    - MEDIUM: cfgparse: drop duplicate named defaults sections after use
    - OPTIM: cfgparse: speed up duplicate server detection
    - MEDIUM: cfgparse: warn about deprecated use of duplicate server names
    - BUG/MINOR: server: shut down streams under thread isolation
    - BUG/MINOR: proxy: also make the cli and resolvers use the global name
    - REGTESTS: log: fix log-profile.vtc
    - MEDIUM: mailers: warn about deprecated legacy mailers
    - BUG/MEDIUM: cli: Be sure to catch immediate client abort
    - DEV: flags/applet: decode appctx flags
    - BUG/MEDIUM: cli: Deadlock when setting frontend maxconn
    - MINOR: log: fix indent in strm_log()
    - MINOR: log: introduce extra log profile steps
    - MINOR: log: handle extra log origins in _process_send_log_override()
    - MINOR: log: introduce log_orig flags
    - MINOR: log: explicitly handle extra log origins as error when relevant
    - MINOR: log: support extra log origins for '%OG' alias
    - MINOR: proxy: add log_steps struct member
    - MINOR: log: introduce "log-steps" proxy keyword
    - MINOR: log: add log_orig_proxy() helper function
    - MEDIUM: log: consider log-steps proxy setting for existing log origins
    - DOC: config: document proxy "log-steps" keyword
    - REGTESTS: add a test for proxy "log-steps"
    - Revert "BUG/MINOR: server: shut down streams under thread isolation"
    - MINOR: task: define two new one-shot events for use with WOKEN_OTHER or MSG
    - BUG/MEDIUM: stream: make stream_shutdown() async-safe
    - BUG/MINOR: server: make sure the HMAINT state is part of MAINT
    - BUG/MINOR: queue: make sure that maintenance redispatches server queue
    - MINOR: server: make srv_shutdown_sessions() call pendconn_redistribute()
    - BUILD: tools: only include execinfo.h for the real backtrace() function
    - MINOR: tools: do not attempt to use backtrace() on linux without glibc
    - OPTIM: channel: speed up co_getline()'s search of the end of line
    - OPTIM: stconn: Don't pretend mux have more data to deliver on EOI/EOS/ERROR
    - BUG/MINOR: mcli: Pretend the mux have more data to deliver between two commands
    - MINOR: action: Export release_expr_int_action() release function
    - MINOR: stream: Rely on a per-stream max connection retries value
    - MINOR: stream: Support dynamic changes of the number of connection retries
    - MINOR: stream/stats: Expose the current number of streams in stats
    - MINOR: stream/stats: Expose the total number of streams ever created in stats
    - BUG/MINOR: cfgparse-global: fix allowed args number for setenv
    - MINOR: cfgparse-global: add dedicated parser for *env keywords
    - MINOR: mux-quic: complete Tx infos for QCS dump
    - MINOR: quic: ensure txbuf realloc is only performed on empty buffer
    - MINOR: mux-quic: strengthen qcs_send_metadata() usage
    - MINOR: quic: remove unneeded notification of txbuf room
    - MINOR: quic: refactor MUX send notification
    - MEDIUM: quic: strengthen MUX send notification
    - MINOR: quic: refactor STREAM room notification
    - MINOR: quic: do not remove qc_stream_desc automatically on ACK handling
    - MINOR: quic: store streambuf in a streamdesc tree
    - MINOR: quic: move buffered ACK to streambuf
    - MEDIUM: quic: handle out-of-order ACK at streamdesc layer
    - MEDIUM: quic: refactor buffered STREAM ACK consuming
    - BUG/MEDIUM: queue: always dequeue the backend when redistributing the last server
    - MINOR: config/trace: Add a 'traces' section to declare debug traces
    - MINOR: trace: Be able to chain commands for a source in one line
    - MINOR: tcpcheck: Add support for an option host header value for httpchk option
    - BUG/MINOR: mux-h1: Fix condition to set EOI on SE during zero-copy forwarding
    - MINOR: mux-h1: Use a dedicated function to conditionnaly set EOI flag on SE
    - BUG/MINOR: http-ana: Disable fast-fwd for unfinished req waiting for upgrade
    - BUG/MINOR: mux-quic: fix crash on qcc_init() early return
    - BUG/MINOR: quic: fix trace on releasing STREAM frame after ack
2024-10-03 17:47:33 +02:00
Willy Tarreau 30a0e93fe6 [RELEASE] Released version 3.1-dev8
Released version 3.1-dev8 with the following main changes :
    - DOC: configuration: place the HAPROXY_HTTP_LOG_FMT example on the correct line
    - MINOR: mux-h1: Set EOI on SE during demux when both side are in DONE state
    - BUG/MEDIUM: mux-h1/mux-h2: Reject upgrades with payload on H2 side only
    - REGTESTS: h1/h2: Update script testing H1/H2 protocol upgrades
    - BUG/MEDIUM: clock: detect and cover jumps during execution
    - BUG/MINOR: pattern: prevent const sample from being tampered in pat_match_beg()
    - BUG/MEDIUM: pattern: prevent uninitialized reads in pat_match_{str,beg}
    - BUG/MEDIUM: pattern: prevent UAF on reused pattern expr
    - MEDIUM: ssl/cli: "dump ssl cert" allow to dump a certificate in PEM format
    - BUG/MAJOR: mux-h1: Wake SC to perform 0-copy forwarding in CLOSING state
    - BUG/MINOR: h1-htx: Don't flag response as bodyless when a tunnel is established
    - REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load
    - BUG/MINOR: pattern: do not leave a leading comma on "set" error messages
    - REGTESTS: shorten a bit the delay for the h1/h2 upgrade test
    - MINOR: server: allow init-state for dynamic servers
    - DOC: server: document what to check for when adding new server keywords
    - MEDIUM: h1: Accept invalid T-E values with accept-invalid-http-response option
    - BUG/MINOR: polling: fix time reporting when using busy polling
    - BUG/MINOR: clock: make time jump corrections a bit more accurate
    - BUG/MINOR: clock: validate that now_offset still applies to the current date
    - BUG/MEDIUM: queue: implement a flag to check for the dequeuing
    - OPTIM: sample: don't check casts for samples of same type
    - OPTIM: vars: remove the unneeded lock in vars_prune_*
    - OPTIM: vars: inline vars_prune() to avoid many calls
    - MINOR: vars: remove the emptiness tests in callers before pruning
    - IMPORT: import cebtree (compact elastic binary trees)
    - OPTIM: vars: use a cebtree instead of a list for variable names
    - OPTIM: vars: use multiple name heads in the vars struct
    - BUG/MINOR: peers: local entries updates may not be advertised after resync
    - DOC: config: Explicitly list relaxing rules for accept-invalid-http-* options
    - MINOR: proxy: Rename accept-invalid-http-* options
    - DOC: configuration: Remove dangerous directives from the proxy matrix
    - BUG/MEDIUM: sc_strm/applet: Wake applet after a successfull synchronous send
    - BUG/MEDIUM: cache/stats: Wait to have the request before sending the response
    - BUG/MEDIUM: promex: Wait to have the request before sending the response
    - MINOR: clock: test all clock_gettime() return values
    - MEDIUM: clock: collect the monotonic time in clock_local_update_date()
    - MEDIUM: clock: opportunistically use CLOCK_MONOTONIC for the internal time
    - MEDIUM: clock: use the monotonic clock for idle time calculation
    - MEDIUM: clock: don't compute before_poll when using monotonic clock
    - BUG/MINOR: fix missing "log-format overrides previous 'option tcplog clf'..." detection
    - BUG/MINOR: fix missing "'option httpslog' overrides previous 'option tcplog clf'..." detection
    - BUG/MINOR: cfgparse-listen: fix option httpslog override warning message
    - BUG/MINOR: cfgparse: detect incorrect overlap of same backend names
    - MEDIUM: cfgparse: warn about proxies having the same names
    - DOC: management: add init-state to add server keywords
    - BUG/MINOR: mux-quic: report glitches to session
    - BUILD: cebtree: silence a bogus gcc warning on impossible code paths
    - MEDIUM: cfgparse: warn about colliding names between defaults and proxies
    - MEDIUM: cfgparse: detect collisions between defaults and log-forward
2024-09-18 22:29:08 +02:00
Willy Tarreau a2aea9f573 [RELEASE] Released version 3.1-dev7
Released version 3.1-dev7 with the following main changes :
    - MINOR: config: Created env variables for http and tcp clf formats
    - MINOR: mux-quic: add buf_in_flight to QCC debug infos
    - MINOR: mux-quic: correct qcc_bufwnd_full() documentation
    - MINOR: tools: add helpers to backup/clean/restore env
    - MINOR: mworker: restore initial env before wait mode
    - BUG/MINOR: haproxy: free init_env in deinit only if allocated
    - BUILD: tools: environ is not defined in OS X and BSD
    - DEV: coccinelle: add a test to detect unchecked malloc()
    - DEV: coccinelle: add a test to detect unchecked calloc()
    - CI: QUIC Interop AWS-LC: enable ngtcp2 client
    - CI: fix missing comma introduced in 956839c0f6
    - CI: QUIC Interop: do not run bandwidth measurement tests
    - CI: QUIC Interop: use different artifact names for uploading logs
    - BUILD: quic: 32bits build broken by wrong integer conversions for printf()
    - CLEANUP: ssl: cleanup the clienthello capture
    - MEDIUM: ssl: capture the supported_versions extension from Client Hello
    - MEDIUM: ssl/sample: add ssl_fc_supported_versions_bin sample fetch
    - MEDIUM: ssl: capture the signature_algorithms extension from Client Hello
    - MEDIUM: ssl/sample: add ssl_fc_sigalgs_bin sample fetch
    - MINOR: proxy: Add support of 429-Too-Many-Requests in retry-on status
    - BUG/MEDIUM: mux-h2: Set ES flag when necessary on 0-copy data forwarding
    - BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer ready
    - BUG/MINIR: proxy: Match on 429 status when trying to perform a L7 retry
    - CLEANUP: haproxy: fix typos in code comment
    - CLEANUP: mqtt: fix typo in MQTT_REMAINING_LENGHT_MAX_SIZE
    - MINOR: tools: Implement ipaddrcpy().
    - MINOR: quic: Implement quic_tls_derive_token_secret().
    - MINOR: quic: Token for future connections implementation.
    - BUG/MINOR: quic: Missing incrementation in NEW_TOKEN frame builder
    - MINOR: quic: Modify NEW_TOKEN frame structure (qf_new_token struct)
    - MINOR: quic: Implement qc_ssl_eary_data_accepted().
    - MINOR: quic: Add trace for QUIC_EV_CONN_IO_CB event.
    - BUG/MEDIUM: quic: always validate sender address on 0-RTT
    - BUILD: quic: fix build errors on FreeBSD since recent GSO changes
    - MINOR: tools: extend str2sa_range to add an alt parameter
    - MINOR: server: add a alt_proto field for server
    - MEDIUM: sock: use protocol when creating socket
    - MEDIUM: protocol: add MPTCP per address support
    - BUG/MINOR: quic: Crash from trace dumping SSL eary data status (AWS-LC)
    - MEDIUM: stick-table: Add support of a factor for IN/OUT bytes rates
    - MEDIUM: bwlim: Use a read-lock on the sticky session to apply a shared limit
    - BUG/MEDIUM: mux-pt: Never fully close the connection on shutdown
    - BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli
    - BUG/MINOR: quic: unexploited retransmission cases for Initial pktns.
    - BUG/MEDIUM: mux-h1: Properly handle empty message when an error is triggered
    - MINOR: mux-h2: try to clear DEM_MROOM and MUX_MFULL at more places
    - BUG/MAJOR: mux-h2: always clear MUX_MFULL and DEM_MROOM when clearing the mbuf
    - BUG/MINOR: mux-spop: always clear MUX_MFULL and DEM_MROOM when clearing the mbuf
    - BUG/MINOR: Crash on O-RTT RX packet after dropping Initial pktns
    - BUG/MEDIUM: mux-pt: Fix condition to perform a shutdown for writes in mux_pt_shut()
    - CLEANUP: assorted typo fixes in the code and comments
    - DEV: patchbot: count the number of backported/non-backported patches
    - DEV: patchbot: add direct links to show only specific categories
    - DEV: patchbot: detect commit IDs starting with 7 chars
    - BUG/MEDIUM: clock: also update the date offset on time jumps
    - MEDIUM: server: add init-state
2024-09-05 18:53:54 +02:00
Willy Tarreau 599f043e74 [RELEASE] Released version 3.1-dev6
Released version 3.1-dev6 with the following main changes :
    - BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails
    - BUG/MINOR: proto_tcp: keep error msg if listen() fails
    - MINOR: proto_tcp: tcp_bind_listener: copy errno in errmsg
    - MINOR: channel: implement ci_insert() function
    - BUG/MEDIUM: mworker/cli: fix pipelined modes on master CLI
    - REGTESTS: mcli: test the pipelined commands on master CLI
    - MINOR: cfgparse: load_cfg_in_mem: fix null ptr dereference reported by coverity
    - MINOR: startup: fix unused value reported by coverity
    - BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID
    - BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails
    - BUG/MINOR: cfgparse: parse_cfg: fix null ptr dereference reported by coverity
    - MINOR: proto_uxst: copy errno in errmsg for syscalls
    - MINOR: mux-quic: do not trace error in qcc_send_frames() on empty list
    - BUG/MINOR: h3: properly reject too long header responses
    - CLEANUP: mworker/cli: clean up the mode handling
    - BUG/MINOR: tools: make fgets_from_mem() stop at the end of the input
    - BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity
    - BUG/MINOR: pattern: pat_ref_set: return 0 if err was found
    - CI: keep logs for failed QIUC Interop jobs
    - BUG/MINOR: release-estimator: fix relative scheme in CHANGELOG URL
    - MINOR: release-estimator: add requirements.txt
    -  MINOR: release-estimator: add installation steps in README.md
    - MINOR: release-estimator: fix the shebang of the python script
    - DOC: config: correct the table for option tcplog
    - MEDIUM: log: relax some checks and emit diag warnings instead in lf_expr_postcheck()
    - MINOR: log: "drop" support for log-profile steps
    - CI: QUIC Interop LibreSSL: document chacha20 test status
    - CI: modernize codespell action, switch to node 16
    - CI: QUIC Interop AWS-LC: enable chrome client
    - DOC: lua: fix incorrect english in lua.txt
    - MINOR: Implements new log format of option tcplog clf
    - MINOR: cfgparse: limit file size loaded via /dev/stdin
    - BUG/MINOR: stats: fix color of input elements in dark mode
    - CLEANUP: stats: use modern DOCTYPE tag
    - BUG/MINOR: stats: add lang attribute to html tag
    - DOC: quic: fix default minimal value for max window size
    - DOC: quic: document nocc debug congestion algorithm
    - MINOR: quic: extract config window-size parsing
    - MINOR: quic: define max-window-size config setting
    - MINOR: quic: allocate stream txbuf via qc_stream_desc API
    - MINOR: mux-quic: account stream txbuf in QCC
    - MEDIUM: mux-quic: implement API to ignore txbuf limit for some streams
    - MINOR: h3: mark control stream as metadata
    - MINOR: mux-quic: define buf_in_flight
    - MAJOR: mux-quic: allocate Tx buffers based on congestion window
    - MINOR: quic/config: adapt settings to new conn buffer limit
    - MINOR: quic: define sbuf pool
    - MINOR: quic: support sbuf allocation in quic_stream
    - MEDIUM: h3: allocate small buffers for headers frames
    - MINOR: mux-quic: retry after small buf alloc failure
    - BUG/MINOR: cfgparse-global: fix err msg in mworker keyword parser
    - BUG/MINOR: cfgparse-global: clean common_kw_list
    - BUG/MINOR: cfgparse-global: remove redundant goto
    - MINOR: cfgparse-global: move 'pidfile' in global keywords list
    - MINOR: cfgparse-global: move 'expose-*' in global keywords list
    - MINOR: cfgparse-global: move tune options in global keywords list
    - MINOR: cfgparse-global: move unsupported keywords in global list
    - BUG/MINOR: cfgparse-global: remove tune.fast-forward from common_kw_list
    - MINOR: quic: store the lost packets counter in the quic_cc_event element
    - MINOR: quic: support a tolerance for spurious losses
    - MINOR: protocol: properly assign the sock_domain and sock_family
    - MINOR: protocol: add a family lookup
    - MEDIUM: socket: always properly use the sock_domain for requested families
    - MINOR: protocol: add the real address family to the protocol
    - MINOR: socket: don't ban all custom families from reuseport
    - MINOR: protocol: always initialize the receivers list on registration
    - CLEANUP: protocol: no longer initialize .receivers nor .nb_receivers
2024-08-21 17:50:03 +02:00
Willy Tarreau 8427c5b542 [RELEASE] Released version 3.1-dev5
Released version 3.1-dev5 with the following main changes :
    - BUG/MINOR: quic: Lack of precision when computing K (cubic only cc)
    - MEDIUM: ssl/quic: implement quic crypto with EVP_AEAD
    - MINOR: quic: rename confusing wording aes to hp
    - MEDIUM: quic: add key argument to header protection crypto functions
    - MEDIUM: quic: implement CHACHA20_POLY1305 for AWS-LC
    - MEDIUM: sink: assume sft appctx stickiness
    - MINOR: quic: delay Retry emission on quic-force-retry
    - MEDIUM: quic: implement quic-initial rules
    - MINOR: quic: support ACL for quic-initial rules
    - MINOR: quic: pass quic_dgram as obj_type for quic-initial rules
    - MINOR: quic: implement reject quic-initial action
    - MINOR: quic: implement send-retry quic-initial rules
    - BUG/MEDIUM: quic: fix invalid conn reject with CONNECTION_REFUSED
    - MEDIUM: h1: allow to preserve keep-alive on T-E + C-L
    - MINOR: quic: Add information to "show quic" for CUBIC cc.
    - MINOR: quic: Dump TX in flight bytes vs window values ratio.
    - BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature
    - BUILD: cfgparse-quic: fix build error on Solaris due to missing netinet/in.h
    - MINOR: queue: add a function to check for TOCTOU after queueing
    - BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue()
    - DOC: config: Add documentation about spop mode for backends
    - BUG/MEDIUM: stconn: Report error on SC on send if a previous SE error was set
    - BUG/MEDIUM: mux-pt/mux-h1: Release the pipe on connection error on sending path
    - BUILD: mux-pt: Use the right name for the sedesc variable
    - BUG/MINOR: stconn: bs.id and fs.id had their dependencies incorrect
    - BUG/MEDIUM: ssl: reactivate 0-RTT for AWS-LC
    - BUG/MEDIUM: ssl: 0-RTT initialized at the wrong place for AWS-LC
    - BUILD: ssl: replace USE_OPENSSL_AWSLC by OPENSSL_IS_AWSLC
    - BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content
    - MINOR: tcp_sample: Move TCP low level sample fetch function to control layer
    - MINOR: quic: Define ->get_info() control layer callback for QUIC
    - MINOR: flags/mux-quic: decode qcc and qcs flags
    - BUG/MINOR: quic: fix fc_rtt/srtt values
    - BUG/MIONR: quic: fix fc_lost
    - BUG/MINOR: h1: do not forward h2c upgrade header token
    - BUG/MINOR: h2: reject extended connect for h2c protocol
    - BUG/MEDIUM: http-ana: Report error on write error waiting for the response
    - BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams
    - BUG/MEDIUM: mux-h2: Propagate term flags to SE on error in h2s_wake_one_stream
    - BUG/MEDIUM: peer: Notify the applet won't consume data when it waits for sync
    - BUG/MINOR: quic: Too shord datagram during O-RTT handshakes (aws-lc only)
    - CI: add weekly QUIC Interop regression against AWS-LC
    - CI: harden NetBSD builds by ERR=1
    - BUG/MINOR: quic: Too short datagram during packet building failures (aws-lc only)
    - DEV: coccinelle: add a test to detect unchecked strdup()
    - BUG/MINOR: fcgi-app: handle a possible strdup() failure
    - BUG/MEDIUM: server/addr: fix tune.events.max-events-at-once event miss and leak
    - MINOR: quic: convert qc_stream_desc release field to flags
    - MINOR: quic: implement function to check if STREAM is fully acked
    - BUG/MEDIUM: quic: handle retransmit for standalone FIN STREAM
    - MINOR: quic: enforce ACK reception is handled in order
    - DOC: configuration: fix alphabetical ordering of {bs,fs}.aborted
    - MINOR: stconn: add a new pair of sf functions {bs,fs}.debug_str
    - MINOR: mux-h2: implement the debug string for logs
    - MINOR: mux-quic: define dump functions for QCC and QCS
    - MINOR: mux-quic: implement debug string for logs
    - MINOR: quic: dump quic_conn debug string for logs
    - MINOR: time: define tot_time structure
    - MINOR: mux-quic: measure QCS lifetime and its blocking state
    - BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn
    - BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc
    - BUG/MEDIUM: trace: fix null deref in lockon mechanism since TRACE_ENABLED()
    - BUG/MINOR: trace: automatically start in waiting mode with "start <evt>"
    - BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion
    - BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE
    - MINOR: trace: support setting the sink and level for all sources at once
    - MINOR: session/trace: enable very minimal session tracing
    - MEDIUM: trace: implement a "follow" mechanism
    - MINOR: trace: move the known trace context into a dedicated struct
    - MINOR: trace: add a per-source helper to pre-fill the context
    - MINOR: mux-h2: add a trace context filling helper
    - MINOR: mux-h1: add a trace context filling helper
    - MINOR: mux-quic: don't leave dangling pointer after freeing qcs->sd
    - MINOR: mux-quic: add a trace context filling helper
    - MINOR: mux-h1/trace: add a state trace on stream creation/upgrade
    - MINOR: mux-h2/trace: add a state trace on stream creation/destruction
    - MINOR: mux-h3/trace: add a state trace on stream creation/destruction
    - BUG/MINOR: quic: prevent freeze after early QCS closure
    - MINOR: server: ensure max_events_at_once > 0 in server_atomic_sync()
    - MINOR: cfgparse: add struct cfgfile to represent config in memory
    - REORG: tools: move list_append_word to cfgparse
    - MINOR: startup: adapt list_append_word to use cfgfile
    - MINOR: cfgparse: add load_cfg_in_mem
    - MINOR: cfgparse: load_cfg_in_mem: take in account file size
    - MINOR: tools: add fgets_from_mem
    - MEDIUM: startup: make read_cfg() return immediately on ENOMEM
    - MEDIUM: startup: load and parse configs from memory
    - MINOR: startup: rename readcfgfile in parse_cfg
2024-08-07 18:42:33 +02:00
Willy Tarreau 7eca16921b [RELEASE] Released version 3.1-dev4
Released version 3.1-dev4 with the following main changes :
    - MINOR: limits: prepare to keep limits in one place
    - REORG: fd: move raise_rlim_nofile to limits
    - CLEANUP: fd: rm struct rlimit definition
    - REORG: global: move rlim_fd_*_at_boot in limits
    - MINOR: haproxy: prepare to move limits-related code
    - REORG: haproxy: move limits handlers to limits
    - MINOR: limits: add is_any_limit_configured
    - CLEANUP: quic: remove obsolete comment on send
    - MINOR: quic: extend detection of UDP API OS features
    - MINOR: quic: activate UDP GSO for QUIC if supported
    - MINOR: quic: define quic_cc_path MTU as constant
    - MINOR: quic: add GSO parameter on quic_sock send API
    - MAJOR: quic: support GSO when encoding datagrams
    - MEDIUM: quic: implement GSO fallback mechanism
    - MINOR: quic: add counters of sent bytes with and without GSO
    - BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in past
    - CLEANUP: proto: rename TID affinity callbacks
    - CLEANUP: quic: rename TID affinity elements
    - BUG/MINOR: limits: fix license type in limits.h
    - BUG/MINOR: session: Eval L4/L5 rules defined in the default section
    - CLEANUP: stconn: Fix a typo in comments for SE_ABRT_SRC_*
    - MEDIUM: spoe: Remove fragmentation support
    - MEDIUM: spoe: Remove async mode support
    - MINOR: spoe: Use only a global engine-id per agent
    - MINOR: spoe: Remove debugging
    - MAJOR: spoe: Remove idle applets and pipelining support
    - MINOR: spoe: Remove the dedicated SPOE applet task
    - MEDIUM: proxy/spoe: Add a SPOP mode
    - MEDIUM: applet: Add a .shut callback function for applets
    - MINOR: connection: No longer include stconn type header in connection-t.h
    - MINOR: stconn: Use a dedicated function to get the opposite sedesc
    - MINOR: spoe: Rename some flags and constant to use SPOP prefix
    - MINOR: spoe: Dynamically alloc the message list per event of an agent
    - MINOR: spoe: Move all stuff regarding the filter/applet in the C file
    - MINOR: spoe: Move spoe_str_to_vsn() into the header file
    - MEDIUM: mux-spop: Introduce the SPOP multiplexer
    - MEDIUM: check/spoe: Use SPOP multiplexer to perform SPOP health-checks
    - MAJOR: spoe: Rewrite SPOE applet to use the SPOP mux
    - CLEANUP: spoe: Uniformize function definitions
    - MINOR: spoe: Add internal sample fetch to retrieve the SPOE engine ID
    - MEDIUM: spoe: Set a specific name for the connection pool of SPOP servers
    - MINOR: backend: Remove test on HTX streams to reuse idle connections on connect
    - MEDIUM: spoe: Force the reuse 'always' mode for SPOP backends
    - MINOR: mux-spop: Use a dedicated function to update the SPOP connection timeout
    - MAJOR: mux-spop: Make the SPOP connections reusable
    - MINOR: stats-html: Display reuse ratio for spop connections
    - MEDIUM: spoe: Directly xfer NOTIFY frame when SPOE applet is created
    - MEDIUM: spoe: Directly receive ACK frame in the SPOE context buffer
    - MEDIUM: mux-spop/spoe: Save negociated max-frame-size value in the mux
    - MINOR: spoe: Remove the spop version from the SPOE appctx context
    - MEDIUM: mux-spop: Add checks on received frames
    - MEDIUM: mux-spop: Announce the pipeling support if possible
    - MEDIUM: spoe: Forward SPOE context error to the SPOE applet
    - MEDIUM: spoe: Make the SPOE applet use its own buffers
    - DOC: spoe: Update SPOE documentation to reflect recent refactoring
    - BUILD: mux-spop: fix build failure on gcc 4-10 and clang
    - MINOR: fd: don't scan the full fdtab on all threads
    - MINOR: server: better mt_list usage for node migration (prev_deleted handling)
    - BUG/MINOR: do not close uninit FD in quic_test_socketops()
    - BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts
    - MINOR: debug: prepare feed_post_mortem_late
    - CLEANUP: debug: fix indents in debug_parse_cli_show_dev
    - MINOR: debug: store runtime uid/gid in postmortem
    - MINOR: debug: keep runtime capabilities in post_mortem
    - MINOR: debug: use LIM2A to show limits
    - MINOR: debug: prepare to show runtime limits
    - MINOR: debug: keep runtime limits in postmortem
    - DOC: install: don't reference removed CPU arg
    - BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path
    - BUG/MAJOR: mux-h2: force a hard error upon short read with pending error
    - MEDIUM: sink: start applets asynchronously
    - OPTIM: sink: balance applets accross threads
    - MEDIUM: ocsp: fix ocsp when the chain is loaded from 'issuers-chain-path'
    - MEDIUM: ssl: add extra_chain to ckch_data
    - MINOR: ssl: change issuers-chain for show_cert_detail()
    - REGTESTS: ssl: test the issuers-chain-path keyword
    - DOC: configuration: issuers-chain-path not compatible with OCSP
    - DOC: configuration: issuers-chain-path is compatible with OCSP
    - BUG/MEDIUM: startup: fix zero-warning mode
    - BUILD: tree-wide: cast arguments to tolower/toupper to unsigned char (2)
    - MINOR: cfgparse-global: move mode's keywords in cfg_kw_list
    - MINOR: cfgparse-global: move no<poller_name> in cfg_kw_list
    - DOC: config: improve the http-keep-alive section
    - BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter
    - BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution
    - BUG/MINOR: cli: Atomically inc the global request counter between CLI commands
    - MINOR: stream: Add a pointer to set the parent stream
    - MINOR: vars: Fill a description instead of hash and scope when a name is parsed
    - MINOR: vars: Use a description to set/unset a variable instead of its hash and scope
    - MEDIUM: vars: Be able to parse parent scopes for variables
    - MINOR: vars: Use a variable description to get variables of a specific scope
    - MEDIUM: vars: Be able to retrieve variable of the parent stream, if any
    - MEDIUM: spoe: Set the parent stream for SPOE streams
    - BUG/MINOR: quic: Non optimal first datagram.
    - DOC: config: Add a dedicated section about variables
    - DOC: config: Add info about variable scopes referencing the parent stream
    - DOC: config: Explicitly state the SPOE streams have a usable parent stream
    - MINOR: quic: Avoid cc priv buffer overflow.
    - MINOR: spoe: Add a function to validate a version is supported
    - MINOR: spoe: export the list of SPOP error reasons
    - MEDIUM: spoe/tcpcheck: Reintroduce SPOP check as a customized tcp-check
    - REGTESTS: check/spoe: Re-enable the script performing SPOP health-checks
    - BUG/MEDIUM: sink: properly init applet under sft lock
    - MINOR: sink: unify and sink_forward_io_handler() and sink_forward_oc_io_handler()
    - MINOR: sink: Remove useless test on SE_FL_SHR/SHW flags
    - MINOR: sink: merge sink_forward_io_handler() with sink_forward_oc_io_handler()
    - MINOR: sink: add some comments about sft->appctx usage in applet handlers
    - MINOR: sink: distinguish between hard and soft close in _sink_forward_io_handler()
    - MEDIUM: sink: don't set NOLINGER flag on the outgoing stream interface
    - MINOR: ring: count processed messages in ring_dispatch_messages()
    - MINOR: sink: add processed events counter in sft
    - MEDIUM: sink: "max-reuse" support for sink servers
    - OPTIM: sink: consider threads' current load when rebalancing applets
2024-07-24 18:20:24 +02:00
Willy Tarreau a4bc71a1a3 [RELEASE] Released version 3.1-dev3
Released version 3.1-dev3 with the following main changes :
    - BUG/MINOR: quic: Wrong datagram building when probing.
    - BUG/MEDIUM: quic: fix possible exit from qc_check_dcid() without unlocking
    - BUG/MINOR: promex: Remove Help prefix repeated twice for each metric
    - DOC: configuration: add details about crt-store in bind "crt" keyword
    - BUG/MEDIUM: hlua/cli: Fix lua CLI commands to work with applet's buffers
    - DOC: configuration: more details about the master-worker mode
    - BUG/MEDIUM: server: fix race on server_atomic_sync()
    - BUG/MINOR: jwt: don't try to load files with HMAC algorithm
    - CLEANUP: quic: cleanup prototypes related to CIDs handling
    - CLEANUP: quic: remove non-existing quic_cid_tree definition
    - MINOR: quic: remove access to CID global tree outside of quic_cid module
    - REORG: quic: remove quic_cid_trees reference from proto_quic
    - MINOR: quic: add 2 BUG_ON() on datagram dispatch
    - MINOR: quic: ensure quic_conn is never removed on thread affinity rebind
    - MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD
    - DOC: configuration: update maxconn description
    - MINOR: proto: extend connection thread rebind API
    - BUG/MEDIUM: quic: prevent crash on accept queue full
    - BUG/MEDIUM: peers: Fix crash when syncing learn state of a peer without appctx
    - CI: add weekly QUIC Interop regression against LibreSSL
    - DEV: flags/quic: decode quic_conn flags
    - MINOR: quic: rename "ssl error" trace
    - BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn
    - BUG/MINOR: jwt: fix variable initialisation
    - MINOR: ssl/sample: ssl_c_san returns a comma separated list of SAN
    - OPTIM: pool: improve needed_avg cache line access pattern
    - MAJOR: import: update mt_list to support exponential back-off (try #2)
    - CI: weekly QUIC Interop: try to fix private image
    - BUG/MINOR: h1: Fail to parse empty transfer coding names
    - BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value
    - BUG/MEDIUM: h1: Reject empty Transfer-encoding header
    - BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread
    - BUILD: listener: silence a build warning about unused value without threads
    - DOC: architecture: remove the totally outdated architecture manual
    - SCRIPTS: create-release: no more need to skip architecture.txt
2024-07-10 15:39:36 +02:00
Willy Tarreau bbc2f043e3 [RELEASE] Released version 3.1-dev2
Released version 3.1-dev2 with the following main changes :
    - BUG/MINOR: log: fix broken '+bin' logformat node option
    - DEBUG: hlua: distinguish burst timeout errors from exec timeout errors
    - REGTESTS: ssl: fix some regtests 'feature cmd' start condition
    - BUG/MEDIUM: ssl: AWS-LC + TLSv1.3 won't do ECDSA in RSA+ECDSA configuration
    - MINOR: ssl: activate sigalgs feature for AWS-LC
    - REGTESTS: ssl: activate new SSL reg-tests with AWS-LC
    - BUG/MEDIUM: proxy: fix email-alert invalid free
    - REORG: mailers: move free_email_alert() to mailers.c
    - BUG/MINOR: proxy: fix email-alert leak on deinit() (2nd try)
    - DOC: configuration: fix alphabetical order of bind options
    - DOC: management: document ptr lookup for table commands
    - BUG/MAJOR: quic: fix padding with short packets
    - BUG/MAJOR: quic: do not loop on emission on closing/draining state
    - MINOR: sample: date converter takes HTTP date and output an UNIX timestamp
    - SCRIPTS: git-show-backports: do not truncate git-show output
    - DOC: api/event_hdl: small updates, fix an example and add some precisions
    - BUG/MINOR: h3: fix crash on STOP_SENDING receive after GOAWAY emission
    - BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure
    - BUG/MINOR: h3: fix BUG_ON() crash on control stream alloc failure
    - BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure
    - DEV: flags/show-fd-to-flags: adapt to recent versions
    - MINOR: capabilities: export capget and __user_cap_header_struct
    - MINOR: capabilities: prepare support for version 3
    - MINOR: capabilities: use _LINUX_CAPABILITY_VERSION_3
    - MINOR: cli/debug: show dev: add cmdline and version
    - MINOR: cli/debug: show dev: show capabilities
    - MINOR: debug: print gdb hints when crashing
    - BUILD: debug: also declare strlen() in __ABORT_NOW()
    - BUILD: Missing inclusion header for ssize_t type
    - BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct()
    - MINOR: cfgparse/log: remove leftover dead code
    - BUG/MEDIUM: stick-table: Decrement the ref count inside lock to kill a session
    - MINOR: stick-table: Always decrement ref count before killing a session
    - REORG: init: do MODE_CHECK_CONDITION logic first
    - REORG: init: encapsulate CHECK_CONDITION logic in a func
    - REORG: init: encapsulate 'reload' sockpair and master CLI listeners creation
    - REORG: init: encapsulate code that reads cfg files
    - BUG/MINOR: server: fix first server template name lookup UAF
    - MINOR: activity: make the memory profiling hash size configurable at build time
    - BUG/MEDIUM: server/dns: prevent DOWN/UP flap upon resolution timeout or error
    - BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid
    - BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid
    - BUG/MEDIUM: quic: fix race-condition in quic_get_cid_tid()
    - BUG/MINOR: quic: fix race condition in qc_check_dcid()
    - BUG/MINOR: quic: fix race-condition on trace for CID retrieval
2024-06-29 11:28:41 +02:00
Christopher Faulet dc1bca4e9f [RELEASE] Released version 3.1-dev1
Released version 3.1-dev1 with the following main changes :
    - REGTESTS: Remove REQUIRE_VERSION=2.1 from all tests
    - REGTESTS: Remove REQUIRE_VERSION=2.2 from all tests
    - CI: use "--no-install-recommends" for apt-get
    - CI: switch to lua 5.4
    - CI: use USE_PCRE2 instead of USE_PCRE
    - DOC: replace the README by a markdown version
    - CI: VTest: accelerate package install a bit
    - ADMIN: acme.sh: remove the old acme.sh code
    - BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning
    - BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser
    - BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory
    - DOC: configuration: add an example for keywords from crt-store
    - CI: speedup apt package install
    - DOC: add the FreeBSD status badge to README.md
    - DOC: change the link to the FreeBSD CI in README.md
    - MINOR: stktable: avoid ambiguous stktable_data_ptr() usage in cli_io_handler_table()
    - BUG/MINOR: hlua: use CertCache.set() from various hlua contexts
    - CLEANUP: hlua: fix CertCache class comment
    - CI: FreeBSD: upgrade image, packages
    - BUG/MEDIUM: h1-htx: Don't state interim responses are bodyless
    - MEDIUM: stconn: Be able to unblock zero-copy data forwarding from done_fastfwd
    - BUG/MEDIUM: mux-quic: Unblock zero-copy forwarding if the txbuf can be released
    - BUG/MINOR: quic: prevent crash on qc_kill_conn()
    - CLEANUP: hlua: use hlua_pusherror() where relevant
    - BUG/MINOR: hlua: don't use lua_pushfstring() when we don't expect LJMP
    - BUG/MINOR: hlua: fix unsafe hlua_pusherror() usage
    - BUG/MINOR: hlua: prevent LJMP in hlua_traceback()
    - CLEANUP: hlua: get rid of hlua_traceback() security checks
    - BUG/MINOR: hlua: fix leak in hlua_ckch_set() error path
    - CLEANUP: hlua: simplify ambiguous lua_insert() usage in hlua_ctx_resume()
    - BUG/MEDIUM: mux-quic: Don't unblock zero-copy fwding if blocked during nego
    - MINOR: mux-quic: Don't send an emtpy H3 DATA frame during zero-copy forwarding
    - BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration
    - BUG/MEDIUM: ssl: bad auth selection with TLS1.2 and WolfSSL
    - BUG/MINOR: quic: fix computed length of emitted STREAM frames
    - BUG/MINOR: quic: ensure Tx buf is always purged
    - BUG/MEDIUM: stconn/mux-h1: Fix suspect change causing timeouts
    - BUG/MAJOR: mux-h1:  Properly copy chunked input data during zero-copy nego
    - BUG/MINOR: mux-h1: Use the right variable to set NEGO_FF_FL_EXACT_SIZE flag
    - DOC: install: remove boringssl from the list of supported libraries
    - MINOR: log: fix "http-send-name-header" ignore warning message
    - BUG/MINOR: proxy: fix server_id_hdr_name leak on deinit()
    - BUG/MINOR: proxy: fix log_tag leak on deinit()
    - BUG/MINOR: proxy: fix email-alert leak on deinit()
    - BUG/MINOR: proxy: fix check_{command,path} leak on deinit()
    - BUG/MINOR: proxy: fix dyncookie_key leak on deinit()
    - BUG/MINOR: proxy: fix source interface and usesrc leaks on deinit()
    - BUG/MINOR: proxy: fix header_unique_id leak on deinit()
    - MINOR: proxy: add proxy_free_common() helper function
    - BUG/MEDIUM: proxy: fix UAF with {tcp,http}checks logformat expressions
    - MINOR: log: change wording in lf_expr_postcheck() error message
    - BUG/MEDIUM: log: fix lf_expr_postcheck() behavior with default section
    - CLEANUP: log/proxy: fix comment in proxy_free_common()
    - DOC: config: move "hash-key" from proxy to server options
    - DOC: config: add missing section hint for "guid" proxy keyword
    - DOC: config: add missing context hint for new server and proxy keywords
    - BUG/MINOR: promex: Skip resolvers metrics when there is no resolver section
    - DOC: internals: add a documentation about the master worker
    - BUG/MAJOR: mux-h1: Prevent any UAF on H1 connection after draining a request
    - BUG/MINOR: quic: fix padding of INITIAL packets
    - OPTIM: quic: fill whole Tx buffer if needed
    - MINOR: quic: refactor qc_build_pkt() error handling
    - MINOR: quic: use global datagram headlen definition
    - MINOR: quic: refactor qc_prep_pkts() loop
    - DOC/MINOR: management: add missed -dR and -dv options
    - DOC/MINOR: management: add -dZ option
    - DOC: management: rename show stats domain cli "dns" to "resolvers"
    - REORG: log: reorder send log helpers by dependency order
    - MINOR: session: expose session_embryonic_build_legacy_err() function
    - MEDIUM: log/session: handle embryonic session log within sess_log()
    - MINOR: log: provide sending log context to process_send_log() when available
    - MINOR: log: add log_orig_to_str() function
    - MINOR: log: provide log origin in logformat expressions using '%OG'
    - CLEANUP: log: remove ambiguous legacy comment for resolve_logger()
    - MINOR: log/backend: always free parsing hints in resolve_logger()
    - MINOR: log: make resolve_logger() static
    - MINOR: log: provide proxy context to resolve_logger()
    - MINOR: log: add __send_log_set_metadata_sd helper
    - MINOR: log: add logger flags
    - MINOR: log: add log-profile parsing logic
    - MINOR: log: add log profile buildlines
    - MEDIUM: log: handle log-profile in process_send_log()
    - DOC: config: add documentation for log profiles
    - REGTESTS: log: add a test for log-profile
    - MINOR: ssl: add ssl_sock_bind_verifycbk() in ssl_sock.h
    - REORG: ssl: move the SNI selection code in ssl_clienthello.c
    - BUILD: ssl: fix build with wolfSSL
    - CI: github: upgrade aws-lc to 1.29.0
    - Revert "CI: github: upgrade aws-lc to 1.29.0"
    - MEDIUM: ssl: support for ECDA+RSA certificate selection with AWS-LC
    - BUILD: ssl: disable deprecated functions for AWS-LC 1.29.0
    - MINOR: ssl: relax the 'ssl.default-dh-param' keyword parsing
    - CI: github: upgrade aws-lc to 1.29.0
    - DOC: INSTALL: minimum AWS-LC version is v1.22.0
    - CI: github: do the AWS-LC weekly build with ERR=1
2024-06-14 16:04:18 +02:00
Willy Tarreau 1eb0f22ee1 [RELEASE] Released version 3.1-dev0
Released version 3.1-dev0 with the following main changes :
    - MINOR: version: mention that it's development again
2024-05-29 15:00:02 +02:00
Willy Tarreau 5590ada473 [RELEASE] Released version 3.0.0
Released version 3.0.0 with the following main changes :
    - MINOR: sample: implement the uptime sample fetch
    - CI: scripts: fix build of vtest regarding option -C
    - CI: scripts: build vtest using multiple CPUs
    - MINOR: log: rename 'log-format tag' to 'log-format alias'
    - DOC: config: document logformat item naming and typecasting features
    - BUILD: makefile: yearly reordering of objects by build time
    - BUILD: fd: errno is also needed without poll()
    - DOC: config: fix two typos "RST_STEAM" vs "RST_STREAM"
    - DOC: config: refer to the non-deprecated keywords in ocsp-update on/off
    - DOC: streamline http-reuse and connection naming definition
    - REGTESTS: complete http-reuse test with pool-conn-name
    - DOC: config: add %ID logformat alias alternative
    - CLEANUP: ssl/ocsp: readable ifdef in ssl_sock_load_ocsp
    - BUG/MINOR: ssl/ocsp: init callback func ptr as NULL
    - CLEANUP: ssl_sock: move dirty openssl-1.0.2 wrapper to openssl-compat
    - BUG/MINOR: activity: fix Delta_calls and Delta_bytes count
    - CI: github: upgrade the WolfSSL job to 5.7.0
    - DOC: install: update quick build reminders with some missing options
    - DOC: install: update the range of tested openssl version to cover 3.3
    - DEV: patchbot: prepare for new version 3.1-dev
    - MINOR: version: mention that it's 3.0 LTS now.
2024-05-29 14:43:38 +02:00
Willy Tarreau f76e73511a [RELEASE] Released version 3.0-dev13
Released version 3.0-dev13 with the following main changes :
    - CLEANUP: ssl/cli: remove unused code in dump_crtlist_conf
    - MINOR: ssl: check parameter in ckch_conf_cmp()
    - BUG/MINOR: ring: free ring's allocated area not ring's usable area when using maps
    - DOC: configuration: rework the crt-store load documentation
    - DEBUG: tools: add vma_set_name() helper
    - DEBUG: shctx: name shared memory using vma_set_name()
    - DEBUG: sink: add name hint for memory area used by memory-backed sinks
    - DEBUG: pollers: add name hint for large memory areas used by pollers
    - DEBUG: errors: add name hint for startup-logs memory area
    - DEBUG: fd: add name hint for large memory areas
    - MEDIUM: ssl: don't load file by discovering them in crt-store
    - DOC: configuration: update the crt-list documentation
    - DOC: configuration: add the supported crt-store options in crt-list
    - BUG/MEDIUM: proto: fix fd leak in <proto>_connect_server
    - MINOR: sock: set conn->err_code in case of EPERM
    - BUG/MINOR: http-ana: Don't crush stream termination condition on internal error
    - MAJOR: spoe: Let the SPOE back into the game
    - BUG/MINOR: connection: parse PROXY TLV for LOCAL mode
    - BUG/MINOR: server: free PROXY v2 TLVs on srv drop
    - MINOR: rhttp: add log on connection allocation failure
    - BUG/MEDIUM: rhttp: fix preconnect on single-thread
    - BUG/MINOR: rhttp: prevent listener suspend
    - BUG/MINOR: rhttp: fix task_wakeup state
    - MINOR: session: define flag to explicitely release listener on free
    - MEDIUM: rhttp: create session for active preconnect
    - MINOR: rhttp: support PROXY emission on preconnect
    - MINOR: connection: support PROXY v2 TLV emission without stream
    - MINOR: traces: enumerate the list of levels/verbosities when not found
    - BUG/MINOR: sock: fix sock_create_server_socket
    - MINOR: proto: fix coding style
    - BUG/MAJOR: quic: Crash with TLS_AES_128_CCM_SHA256 (libressl only)
    - REGTESTS: scripts: allow to change the vtest timeout
    - BUG/MEDIUM: quic_tls: prevent LibreSSL < 4.0 from negotiating CHACHA20_POLY1305
    - CI: scripts/build-ssl.sh: loudly fail on unsupported platforms
    - BUG/MEDIUM: mux-quic: Create sedesc in same time of the QUIC stream
    - MINOR: mux-quic: Set abort info for SC-less QCS on STOP_SENDING frame
    - CI: scripts/build-ssl: add a DESTDIR and TMPDIR variable
    - CI: scripts/buil-ssl: cleanup the boringssl and quictls build
    - MINOR: config: add thread-hard-limit to set an upper bound to nbthread
    - BUILD: quic: fix unused variable warning when threads are disabled
    - BUG/MEDIUM: stick-tables: Fix race with peers when trashing oldest entries
    - BUG/MEDIUM: stick-tables: Fix race with peers when killing a sticky session
    - BUG/MEDIUM: stick-tables: make sure never to create two same remote entries
    - CLEANUP: stick-tables: remove a few unneeded tests for use_wrlock
    - MINOR: stick-tables: remove the uneeded read lock in stksess_free()
    - CLEANUP: tools: fix vma_set_name() function comment
    - DEBUG: tools: add vma_set_name_id() helper
    - DEBUG: pollers/fd: add thread id suffix to per-thread memory areas name hints
    - DOC: config: fix aes_gcm_enc() description text
    - BUILD: trace: fix warning on null dereference
    - MEDIUM: config: prevent communication with privileged ports
    - MAJOR: config: prevent QUIC with clients privileged port by default
    - BUG/MINOR: quic: adjust restriction for stateless reset emission
    - MINOR: quic: clarify doc for quic_recv()
    - MINOR: server: generalize sni expr parsing
    - MINOR: server: define pool-conn-name keyword
    - MEDIUM: connection: use pool-conn-name instead of sni on reuse
    - BUG/MINOR: rhttp: initialize session origin after preconnect reversal
    - BUG/MEDIUM: server/dns: preserve server's port upon resolution timeout or error
    - BUG/MINOR: http-htx: Support default path during scheme based normalization
    - BUG/MINOR: server: Don't reset resolver options on a new default-server line
    - DOC: quic: specify that connection migration is not supported
    - DOC: config: fix incorrect section reference about custom log format
    - DOC: config: uniformize the naming and description of custom log format args
    - DOC: config: clarify the fact that custom log format is not just for logging
    - REGTESTS: acl_cli_spaces: avoid a warning caused by undefined logs
2024-05-24 17:57:29 +02:00
Willy Tarreau d236b43da7 [RELEASE] Released version 3.0-dev12
Released version 3.0-dev12 with the following main changes :
    - CI: drop asan.log umbrella completely
    - BUG/MINOR: log: fix leak in add_sample_to_logformat_list() error path
    - BUG/MINOR: log: smp_rgs array issues with inherited global log directives
    - MINOR: rhttp: Don't require SSL when attach-srv name parsing
    - REGTESTS: ssl: be more verbose with ocsp_compat_check.vtc
    - DOC: Update UUID references to RFC 9562
    - MINOR: hlua: add hlua_nb_instruction getter
    - MEDIUM: hlua: take nbthread into account in hlua_get_nb_instruction()
    - BUG/MEDIUM: server: clear purgeable conns before server deletion
    - BUG/MINOR: mux-quic: fix error code on shutdown for non HTTP/3
    - BUG/MINOR: qpack: fix error code reported on QPACK decoding failure
    - BUG/MEDIUM: htx: mark htx_sl as packed since it may be realigned
    - BUG/MEDIUM: stick-tables: properly mark stktable_data as packed
    - SCRIPTS: run-regtests: fix a few occurrences of extended regexes
    - BUG/MINOR: ssl_sock: fix xprt_set_used() to properly clear the TASK_F_USR1 bit
    - MINOR: dynbuf: provide a b_dequeue() variant for multi-thread
    - BUG/MEDIUM: muxes: enforce buf_wait check in takeover()
    - BUG/MINOR: h1: Check authority for non-CONNECT methods only if a scheme is found
    - BUG/MEDIUM: h1: Reject CONNECT request if the target has a scheme
    - BUG/MAJOR: h1: Be stricter on request target validation during message parsing
    - MINOR: qpack: prepare error renaming
    - MINOR: h3/qpack: adjust naming for errors
    - MINOR: h3: adjust error reporting on sending
    - MINOR: h3: adjust error reporting on receive
    - MINOR: mux-quic: support glitches
    - MINOR: h3: report glitch on RFC violation
    - BUILD: stick-tables: better mark the stktable_data as 32-bit aligned
    - MINOR: ssl: rename tune.ssl.ocsp-update.mode in ocsp-update.mode
    - REGTESTS: update the ocsp-update tests
    - BUILD: stats: remove non portable getline() usage
    - MEDIUM: ssl: add ocsp-update.mindelay and ocsp-update.maxdelay
    - BUILD: log: get rid of non-portable strnlen() func
    - BUG/MEDIUM: fd: prevent memory waste in fdtab array
    - CLEANUP: compat: make the MIN/MAX macros more reliable
    - Revert: MEDIUM: evports: permit to report multiple events at once"
    - BUG/MINOR: stats: Don't state the 303 redirect response is chunked
    - MINOR: mux-h1: Add a flag to ignore the request payload
    - REORG: mux-h1: Group H1S_F_BODYLESS_* flags
    - CLEANUP: mux-h1: Remove unused H1S_F_ERROR_MASK mask value
    - MEDIUM: mux-h1: Support C-L/T-E header suppressions when sending messages
    - MINOR: ssl: ckch_store_new_load_files_conf() loads filenames from ckch_conf
    - MEDIUM: ssl/crtlist: loading crt-store keywords from a crt-list
    - CLEANUP: ssl/ocsp: remove the deprecated parsing code for "ocsp-update"
    - MINOR: ssl: pass ckch_store instead of ckch_data to ssl_sock_load_ocsp()
    - MEDIUM: ssl: ckch_conf_parse() uses -1/0/1 for off/default/on
    - MINOR: ssl: handle PARSE_TYPE_INT and PARSE_TYPE_ONOFF in ckch_store_load_files()
    - MINOR: ssl/ocsp: use 'ocsp-update' in crt-store
    - MINOR: ssl: ckch_conf_clean() utility function for ckch_conf
    - MEDIUM: ssl: add ocsp-update.disable global option
    - MEDIUM: ssl/cli: handle crt-store keywords in crt-list over the CLI
    - MINOR: ssl: ckch_conf_cmp() compare multiple ckch_conf structures
    - MEDIUM: ssl: temporarily load files by detecting their presence in crt-store
    - REGTESTS: ocsp-update: change the reg-test to support the new crt-store mode
    - DOC: capabilities: fix chapter header rendering
2024-05-18 16:51:23 +02:00
Willy Tarreau 7217a9e9b9 [RELEASE] Released version 3.0-dev11
Released version 3.0-dev11 with the following main changes :
    - BUILD: clock: improve check for pthread_getcpuclockid()
    - CI: add Illumos scheduled workflow
    - CI: netbsd: limit scheduled workflow to parent repo only
    - OPTIM: log: resolve logformat options during postparsing
    - BUG/MINOR: haproxy: only tid 0 must not sleep if got signal
    - REGTEST: add tests for acl() sample fetch
    - BUG/MINOR: acl: support built-in ACLs with acl() sample
    - BUG/MINOR: cfgparse: use curproxy global var from config post validation
    - MEDIUM: stconn/muxes: Add an abort reason for SE shutdowns on muxes
    - MINOR: mux-h2: Set the SE abort reason when a RST_STREAM frame is received
    - MEDIUM: mux-h2: Forward h2 client cancellations to h2 servers
    - MINOR: mux-quic: Set tha SE abort reason when a STOP_SENDING frame is received
    - MINOR: stconn: Add samples to retrieve about stream aborts
    - MINOR: mux-quic: Add .ctl callback function to get info about a mux connection
    - MINOR: muxes: Add ctl commands to get info on streams for a connection
    - MINOR: connection: Add samples to retrieve info on streams for a connection
    - BUG/MEDIUM: log/ring: broken syslog octet counting
    - BUG/MEDIUM: mux-quic: fix crash on STOP_SENDING received without SD
    - DOC: lua: fix filters.txt file location
    - MINOR: dynbuf: pass a criticality argument to b_alloc()
    - MINOR: dynbuf: add functions to help queue/requeue buffer_wait fields
    - MINOR: dynbuf: use the b_queue()/b_requeue() functions everywhere
    - MEDIUM: dynbuf: make the buffer_wq an array of list heads
    - CLEANUP: tinfo: better align fields in thread_ctx
    - MINOR: dynbuf: provide a b_dequeue() function to detach a bw from the queue
    - MEDIUM: dynbuf: generalize the use of b_dequeue() to detach buffer_wait
    - MEDIUM: dynbuf/stream: re-enable queueing upon failed buffer allocation
    - MEDIUM: dynbuf/stream: do not allocate the buffers in the callback
    - MEDIUM: applet: make appctx_buf_available() only wake the applet up, not allocate
    - MINOR: applet: set the blocking flag in the buffer allocation function
    - MINOR: applet: adjust the allocation criticity based on the requested buffer
    - MINOR: dynbuf/mux-h1: use different criticalities for buffer allocations
    - MEDIUM: dynbuf/mux-h1: do not allocate the buffers in the callback
    - MEDIUM: dynbuf: refrain from offering a buffer if more critical ones are waiting
    - MINOR: stconn: report that a buffer allocation succeeded
    - MINOR: stream: report that a buffer allocation succeeded
    - MINOR: applet: report about buffer allocation success
    - MINOR: mux-h1: report that a buffer allocation succeeded
    - MEDIUM: stream: allocate without queuing when retrying
    - MEDIUM: channel: allocate without queuing when retrying
    - MEDIUM: mux-h1: allocate without queuing when retrying
    - MEDIUM: dynbuf: implement emergency buffers
    - MEDIUM: dynbuf: use emergency buffers upon failed memory allocations
2024-05-10 17:39:19 +02:00
Willy Tarreau 22ff8aa97c [RELEASE] Released version 3.0-dev10
Released version 3.0-dev10 with the following main changes :
    - BUG/MEDIUM: cache: Vary not working properly on anything other than accept-encoding
    - REGTESTS: cache: Add test on 'vary' other than accept-encoding
    - BUG/MINOR: stats: replace objt_* by __objt_* macros
    - CLEANUP: tools/cbor: rename cbor_encode_ctx struct members
    - MINOR: log/cbor: _lf_cbor_encode_byte() explicitly requires non-NULL ctx
    - BUG/MINOR: log: fix global lf_expr node options behavior
    - CLEANUP: log: add a macro to know if a lf_node is configurable
    - MINOR: httpclient: allow to use absolute URI with new flag HC_F_HTTPROXY
    - MINOR: ssl: introduce ocsp_update.http_proxy for ocsp-update keyword
    - BUG/MINOR: log/encode: consider global options for key encoding
    - BUG/MINOR: log/encode: fix potential NULL-dereference in LOGCHAR()
    - BUG/MINOR: log: fix global lf_expr node options behavior (2nd try)
    - MINOR: log/cbor: _lf_cbor_encode_byte() explicitly requires non-NULL ctx (again)
    - BUG/MEDIUM: log: don't ignore disabled node's options
    - BUG/MINOR: stconn: don't wake up an applet waiting on buffer allocation
    - MINOR: sock: rename sock to sock_fd in sock_create_server_socket
    - MEDIUM: proto_uxst: take in account server namespace
    - MEIDUM: unix sock: use my_socketat to create bind socket
    - MINOR: sock_set_mark: take sock family in account
    - MEDIUM: proto: make common fd checks in sock_create_server_socket
    - MINOR: sock: add EPERM case in sock_handle_system_err
    - MINOR: capabilities: add cap_sys_admin support
    - CLEANUP: ssl: clean the includes in ssl_ocsp.c
    - CLEANUP: ssl: move the global ocsp-update options parsing to ssl_ocsp.c
    - MINOR: stats: fix visual alignment for stat_cols_px definition
    - MINOR: stats: convert req_tot as generic column
    - MINOR: stats: prepare stats-file support for values other than FN_COUNTER
    - MINOR: counters: move freq-ctr from proxy/server into counters struct
    - MINOR: stats: support rate in stats-file
    - MINOR: stats: convert rate as generic column for proxy stats
    - MINOR: counters: move last_change into counters struct
    - MINOR: stats: support age in stats-file
    - MINOR: stats: convert age as generic column for proxy stat
    - CLEANUP: ssl: rename new_ckch_store_load_files_path() to ckch_store_new_load_files_path()
    - MINOR: ssl: rename ocsp_update.http_proxy into ocsp-update.httpproxy
    - REORG: stats: define stats-proxy source module
    - MINOR: stats: extract proxy clear-counter in a dedicated function
    - REGTESTS: stats: add test stats-file counters preload
    - CI: netbsd: adjust packages after NetBSD-10 released
    - CLEANUP: assorted typo fixes in the code and comments
    - REGTESTS: replace REQUIRE_VERSION by version_atleast
    - MEDIUM: log: optimizing tmp->type handling in sess_build_logline()
    - BUG/MINOR: log: prevent double spaces emission in sess_build_logline()
    - OPTIM: log: declare empty buffer as global variable
    - OPTIM: log: use thread local lf_buildctx to stop pushing it on the stack
    - OPTIM: log: use lf_buildctx's buffer instead of temporary stack buffers
    - OPTIM: log: speedup date printing in sess_build_logline() when no encoding is used
2024-05-04 10:16:05 +02:00
Willy Tarreau ba0f8b5330 [RELEASE] Released version 3.0-dev9
Released version 3.0-dev9 with the following main changes :
    - BUILD: ssl: use %zd for sizeof() in ssl_ckch.c
    - MINOR: backend: use be_counters for health down accounting
    - BUG/MINOR: backend: use cum_sess counters instead of cum_conn
    - BUG/MINOR: stats: fix stot metric for listeners
    - REGTESTS: use -dI for insecure fork by default in the regtest scripts
    - MINOR: stats: rename proxy stats
    - MINOR: stats: rename ambiguous stat_l and stat_count
    - MINOR: stats: rename info stats
    - MINOR: stats: use stricter naming stats/field/line
    - MINOR: stats: use STAT_F_* prefix for flags
    - BUG/MEDIUM: applet: Let's applets decide if they have more data to deliver
    - BUILD: stick-tables: silence build warnings when threads are disabled
    - MINOR: tools: Rename `ha_generate_uuid` to `ha_generate_uuid_v4`
    - MINOR: Add `ha_generate_uuid_v7`
    - MINOR: Add support for UUIDv7 to the `uuid` sample fetch
    - MEDIUM: shctx: Naming shared memory context
    - BUG/MINOR: h1: fix detection of upper bytes in the URI
    - MINOR: intops: add a pair of functions to check multi-byte ranges
    - TESTS: add a unit test for the multi-byte range checks
    - CLEANUP: h1: make use of the multi-byte matching functions
    - REGTESTS: ssl: Remove "sleep" calls from ocsp auto update test
    - BUG/MEDIUM: peers: Automatically start to learn on local peer
    - BUG/MEDIUM: peers: Reprocess peer state after all session shutdowns
    - MINOR: peers: Remove unused PEERS_F_RESYNC_REQUESTED flag
    - MINOR: peers: Don't set TEACH flags on a peer from the sync task
    - MINOR: peers: Use a peer flag to block the applet waiting ack of the sync task
    - BUG/MEDIUM: peers: Wait for sync task ack when a resynchro is finished
    - MINOR: peers: Remove unused PEERS_F_RESYNC_PROCESS flag
    - MINOR: applet: Add a function to know the side where an applet was created
    - MEDIUM: peers: Simplify the peer flags dealing with the connection state
    - MEDIUM: peers: Use true states for the peer applets as seen from outside
    - MEDIUM: peers: Use true states for the learn state of a peer
    - MINOR: peers: Start learning for local peer before receiving messages
    - MINOR: peers: Rename PEERS_F_TEACH_COMPLETE to PEERS_F_LOCAL_TEACH_COMPLETE
    - MINOR: peers: Reorder and slightly rename PEER flags
    - MINOR: peers: Reorder and rename PEERS flags
    - REORG: peers: Move peer and peers flags in the corresponding header file
    - DEV: flags/peers: Decode PEER and PEERS flags
    - MINOR: peers: Add comment on processing functions of the sync task
    - MINOR: peers: Use a static variable to wait a resync on reload
    - BUG/MEDIUM: peers: Use atomic operations on peers flags when necessary
    - REORG: peers: Rename all occurrences to 'ps' variable
    - BUG/MINOR: peers: Don't wait for a remote resync if there no remote peer
    - MINOR: stats: update ambiguous "metrics" naming to "stat_cols"
    - MINOR: stats: introduce a more expressive stat definition method
    - MINOR: stats: implement automatic metric generation from stat_col
    - MINOR: stats: hide some columns in output
    - MEDIUM: stats: convert counters to new column definition
    - MINOR: stats: define stats-file output format support
    - MEDIUM: stats: implement dump stats-file CLI
    - MINOR: ist: define iststrip() new function
    - MINOR: guid: define guid_is_valid_fmt()
    - MINOR: stats: apply stats-file on process startup
    - MINOR: stats: parse header lines from stats-file
    - MINOR: stats: parse values from stats-file
    - MEDIUM: stats: define stats-file keyword
    - BUG/MINOR: mworker: reintroduce way to disable seamless reload with -x /dev/null
    - CLEANUP: log: remove unused checks for encode_{chunk,string}
    - MINOR: log: store lf_expr nodes inside substruct
    - MINOR: log: global lf_expr node options
    - CLEANUP: log: simplify complex values usages in sess_build_logline()
    - MINOR: log: skip custom logformat_node name if empty
    - MINOR: log: add lf_int() wrapper to print integers
    - MINOR: log: add lf_rawtext{_len}() functions
    - MEDIUM: log: pass date strings to lf_rawtext()
    - MEDIUM: log: write raw strings using lf_rawtext()
    - MEDIUM: log: use lf_rawtext for lf_ip() and lf_port() hex strings
    - MINOR: log: explicitly handle %ts and %tsc as text strings
    - MINOR: log: use LOG_VARTEXT_{START,END} to enclose text strings
    - MINOR: log: make all lf_* sess build helper static
    - MINOR: log: merge lf_encode_string() and lf_encode_chunk() logic
    - MEDIUM: log: lf_* build helpers now take a ctx argument
    - MINOR: log: expose node typecast in lf_buildctx struct
    - MINOR: log: postpone conversion for sample expressions in sess_build_logline()
    - MINOR: log: add LOG_OPT_NONE flag
    - MINOR: log: add no_escape_map to bypass escape with _lf_encode_bytes()
    - MINOR: log: add +bin logformat node option
    - MINOR: log: add +json encoding option
    - MINOR: tools: add cbor encode helpers
    - MINOR: log: add +cbor encoding option
    - MINOR: log: support true cbor binary encoding
    - CLEANUP: dynbuf: move the reserve and limit parsers to dynbuf.c
    - MINOR: list: add a macro to detect that a list contains at most one element
    - MINOR: cli/wait: rename the condition "srv-unused" to "srv-removable"
2024-04-27 09:37:03 +02:00
Willy Tarreau ad6760b9bd [RELEASE] Released version 3.0-dev8
Released version 3.0-dev8 with the following main changes :
    - BUG/MINOR: cli: Don't warn about a too big command for incomplete commands
    - BUG/MINOR: listener: always assign distinct IDs to shards
    - BUG/MINOR: log: fix lf_text_len() truncate inconsistency
    - BUG/MINOR: tools/log: invalid encode_{chunk,string} usage
    - BUG/MINOR: log: invalid snprintf() usage in sess_build_logline()
    - CLEANUP: log: lf_text_len() returns a pointer not an integer
    - MINOR: quic: simplify qc_send_hdshk_pkts() return
    - MINOR: quic: uniformize sending methods for handshake
    - MINOR: quic: improve sending API on retransmit
    - MINOR: quic: use qc_send_hdshk_pkts() in handshake IO cb
    - MEDIUM: quic: remove duplicate hdshk/app send functions
    - OPTIM: quic: do not call qc_send() if nothing to emit
    - OPTIM: quic: do not call qc_prep_pkts() if everything sent
    - BUG/MEDIUM: http-ana: Deliver 502 on keep-alive for fressh server connection
    - BUG/MINOR: http-ana: Fix TX_L7_RETRY and TX_D_L7_RETRY values
    - BUILD: makefile: warn about unknown USE_* variables
    - BUILD: makefile: support USE_xxx=0 as well
    - BUG/MINOR: guid: fix crash on invalid guid name
    - BUILD: atomic: fix peers build regression on gcc < 4.7 after recent changes
    - BUG/MINOR: debug: make sure DEBUG_STRICT=0 does work as documented
    - BUILD: cache: fix non-inline vs inline declaration mismatch to silence a warning
    - BUILD: debug: make DEBUG_STRICT=1 the default
    - BUILD: pools: make DEBUG_MEMORY_POOLS=1 the default option
    - CI: update the build options to get rid of unneeded DEBUG options
    - BUILD: makefile: get rid of the config CFLAGS variable
    - BUILD: makefile: allow to use CFLAGS to append build options
    - BUILD: makefile: drop the SMALL_OPTS settings
    - BUILD: makefile: move -O2 from CPU_CFLAGS to OPT_CFLAGS
    - BUILD: makefile: get rid of the CPU variable
    - BUILD: makefile: drop the ARCH variable and better document ARCH_FLAGS
    - BUILD: makefile: extract ARCH_FLAGS out of LDFLAGS
    - BUILD: makefile: move the fwrapv option to STD_CFLAGS
    - BUILD: makefile: make the ERR variable also support 0
    - BUILD: makefile: add FAILFAST to select the -Wfatal-errors behavior
    - BUILD: makefile: extract -Werror/-Wfatal-errors from automatic CFLAGS
    - BUILD: makefile: split WARN_CFLAGS from SPEC_CFLAGS
    - BUILD: makefile: rename SPEC_CFLAGS to NOWARN_CFLAGS
    - BUILD: makefile: do not pass warnings to VERBOSE_CFLAGS
    - BUILD: makefile: also drop DEBUG_CFLAGS
    - CLEANUP: makefile: make the output of the "opts" target more readable
    - DOC: install: clarify the build process by splitting it into subsections
    - BUG/MINOR: server: fix slowstart behavior
    - BUG/MEDIUM: cache/stats: Handle inbuf allocation failure in the I/O handler
    - MINOR: ssl: add the section parser for 'crt-store'
    - DOC: configuration: Add 3.12 Certificate Storage
    - REGTESTS: ssl: test simple case of crt-store
    - MINOR: ssl: rename ckchs_load_cert_file to new_ckch_store_load_files_path
    - MINOR: ssl/crtlist: alloc ssl_conf only when a valid keyword is found
    - BUG/MEDIUM: stick-tables: fix the task's next expiration date
    - CLEANUP: stick-tables: always respect the to_batch limit when trashing
    - BUG/MEDIUM: peers/trace: fix crash when listing event types
    - BUG/MAJOR: stick-tables: fix race with peers in entry expiration
    - DEBUG: pool: improve decoding of corrupted pools
    - REORG: pool: move the area dump with symbol resolution to tools.c
    - DEBUG: pools: report the data around the offending area in case of mismatch
    - MINOR: listener/protocol: add proto name in alerts
    - MINOR: proto_quic: add proto name in alert
    - BUG/MINOR: lru: fix the standalone test case for invalid revision
    - DOC: management: fix typos
    - CI: revert kernel addr randomization introduced in 3a0fc864
    - MINOR: ring: clarify the usage of ring_size() and add ring_allocated_size()
    - BUG/MAJOR: ring: use the correct size to reallocate startup_logs
    - MINOR: ring: always check that the old ring fits in the new one in ring_dup()
    - CLEANUP: ssl: remove dead code in cfg_parse_crtstore()
    - MINOR: ssl: supports crt-base in crt-store
    - MINOR: ssl: 'key-base' allows to load a 'key' from a specific path
    - MINOR: net_helper: Add support for floats/doubles.
    - BUG/MEDIUM: grpc: Fix several unaligned 32/64 bits accesses
    - MINOR: peers: Split resync process function to separate running/stopping states
    - MINOR: peers: Add 2 peer flags about the peer learn status
    - MINOR: peers: Add flags to report the peer state to the resync task
    - MINOR: peers: sligthly adapt part processing the stopping signal
    - MINOR: peers: Add functions to commit peer changes from the resync task
    - BUG/MINOR: peers: Report a resync was explicitly requested from a thread-safe manner
    - BUG/MAJOR: peers: Update peers section state from a thread-safe manner
    - MEDIUM: peers: Only lock one peer at a time in the sync process function
    - MINOR: peer: Restore previous peer flags value to ease debugging
    - BUG/MEDIUM: stconn: Don't forward channel data if input data must be filtered
    - BUILD: cache: fix a build warning with gcc < 7
    - BUILD: xxhash: silence a build warning on Solaris + gcc-5.5
    - CI: reduce ASAN log redirection umbrella size
    - CLEANUP: assorted typo fixes in the code and comments
    - BUG/MEDIUM: evports: do not clear returned events list on signal
    - MEDIUM: evports: permit to report multiple events at once
    - MEDIUM: ssl: support aliases in crt-store
    - BUG/MINOR: ssl: check on forbidden character on wrong value
    - BUG/MINOR: ssl: fix crt-store load parsing
    - BUG/MEDIUM: applet: Fix applet API to put input data in a buffer
    - BUG/MEDIUM: spoe: Always retry when an applet fails to send a frame
    - BUG/MEDIUM: peers: Fix exit condition when max-updates-at-once is reached
    - BUILD: linuxcap: Properly declare prepare_caps_from_permitted_set()
    - BUG/MEDIUM: peers: fix localpeer regression with 'bind+server' config style
    - MINOR: peers: stop relying on srv->addr to find peer port
    - MEDIUM: ssl: support a named crt-store section
    - MINOR: stats: remove implicit static trash_chunk usage
    - REORG: stats: extract HTML related functions
    - REORG: stats: extract JSON related functions
    - MEDIUM: ssl: crt-base and key-base local keywords for crt-store
    - MINOR: stats: Get the right prototype for stats_dump_html_end().
    - MAJOR: ssl: use the msg callback mecanism for backend connections
    - MINOR: ssl: implement keylog fetches for backend connections
    - BUG/MINOR: stconn: Fix sc_mux_strm() return value
    - MINOR: mux-pt: Test conn flags instead of sedesc ones to perform a full close
    - MINOR: stconn/connection: Move shut modes at the SE descriptor level
    - MINOR: stconn: Rewrite shutdown functions to simplify the switch statements
    - MEDIUM: stconn: Use only one SC function to shut connection endpoints
    - MEDIUM: stconn: Explicitly pass shut modes to shut applet endpoints
    - MEDIUM: stconn: Use one function to shut connection and applet endpoints
    - MEDIUM: muxes: Use one callback function to shut a mux stream
    - BUG/MINOR: sock: handle a weird condition with connect()
    - BUG/MINOR: fd: my_closefrom() on Linux could skip contiguous series of sockets
    - BUG/MEDIUM: peers: Don't set PEERS_F_RESYNC_PROCESS flag on a peer
    - BUG/MEDIUM: peers: Fix state transitions of a peer
    - MINOR: init: use RLIMIT_DATA instead of RLIMIT_AS
    - CI: modernize macos matrix
2024-04-19 18:02:28 +02:00
Willy Tarreau 0046922aed [RELEASE] Released version 3.0-dev7
Released version 3.0-dev7 with the following main changes :
    - BUG/MINOR: ssl: Wrong ocsp-update "incompatibility" error message
    - BUG/MINOR: ssl: Detect more 'ocsp-update' incompatibilities
    - MEDIUM: ssl: Add 'tune.ssl.ocsp-update.mode' global option
    - REGTESTS: ssl: Add OCSP update compatibility tests
    - REGTESTS: ssl: Add functional test for global ocsp-update option
    - BUG/MINOR: server: reject enabled for dynamic server
    - BUG/MINOR: server: fix persistence cookie for dynamic servers
    - MINOR: server: allow cookie for dynamic servers
    - REGTESTS: Fix script about OCSP update compatibility tests
    - BUG/MINOR: cli: Report an error to user if command or payload is too big
    - MINOR: sc_strm: Add generic version to perform sync receives and sends
    - MEDIUM: stream: Use generic version to perform sync receives and sends
    - MEDIUM: buf: Add b_getline() and b_getdelim() functions
    - MEDIUM: applet: Handle applets with their own buffers in put functions
    - MEDIUM: cli/applet: Stop to test opposite SC in I/O handler of CLI commands
    - MINOR: applet: Always use applet API to set appctx flags
    - BUG/MEDIUM: applet: State appctx have more data if its EOI/EOS/ERROR flag is set
    - MAJOR: cli: Update the CLI applet to handle its own buffers
    - MINOR: applet: Let's applets .snd_buf function deal with full input buffers
    - MINOR: stconn: Add a connection flag to notify sending data are the last ones
    - MAJOR: cli: Use a custom .snd_buf function to only copy the current command
    - DOC: config: balance 'first' not usable in LOG mode
    - BUG/MINOR: log/balance: detect if user tries to use unsupported algo
    - MINOR: lbprm: implement true "sticky" balance algo
    - MEDIUM: log/balance: leverage lbprm api for log load-balancing
    - BUG/BUILD: debug: fix unused variable error
    - MEDIUM: lb-chash: Deterministic node hashes based on server address
    - BUG/MEDIUM: stick-tables: fix a small remaining race in expiration task
    - REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (4)
    - REGTESTS: Remove REQUIRE_VERSION=1.9 from all tests (2)
    - CLEANUP: Reapply ist.cocci (3)
    - CLEANUP: Reapply strcmp.cocci (2)
    - CLEANUP: Reapply xalloc_cast.cocci
    - CLEANUP: Reapply ha_free.cocci
    - CI: vtest: show coredumps if any
    - REGTESTS: ssl: disable ssl/ocsp_auto_update.vtc
    - BUG/MINOR: backend: properly handle redispatch 0
    - MINOR: quic: HyStart++ implementation (RFC 9406)
    - BUG/MEDIUM: stconn: Don't forward shutdown to SE if iobuf is not empty
    - BUG/MEDIUM: stick-table: use the update lock when reading tables from peers
    - BUG/MAJOR: applet: fix a MIN vs MAX usage in appctx_raw_rcv_buf()
    - OPTIM: peers: avoid the locking dance around peer_send_teach_process_msgs()
    - BUILD: quic: 32 bits compilation issue (QUIC_MIN() usage)
    - BUG/MEDIUM: server/lbprm: fix crash in _srv_set_inetaddr_port()
    - MEDIUM: mworker: get rid of libsystemd
    - BUILD: systemd: fix build error on non-systemd systems with USE_SYSTEMD=1
    - BUG/MINOR: bwlim/config: fix missing '\n' after error messages
    - MINOR: stick-tables: mark the seen stksess with a flag "seen"
    - OPTIM: stick-tables: check the stksess without taking the read lock
    - MAJOR: stktable: split the keys across multiple shards to reduce contention
    - CI: extend Fedora Rawhide, add m32 mode
    - BUG/MINOR: stick-tables: Missing stick-table key nullity check
    - BUILD: systemd: enable USE_SYSTEMD by default with TARGET=linux-glibc
    - MINOR: systemd: Include MONOTONIC_USEC field in RELOADING=1 message
    - BUG/MINOR: proxy: fix logformat expression leak in use_backend rules
    - MEDIUM: log: rename logformat var to logformat tag
    - MINOR: log: expose logformat_tag struct
    - MEDIUM: log: carry tag context in logformat node
    - MEDIUM: tree-wide: add logformat expressions wrapper
    - MINOR: proxy: add PR_FL_CHECKED flag
    - MAJOR: log: implement proper postparsing for logformat expressions
    - MEDIUM: log: add compiling logic to logformat expressions
    - MEDIUM: proxy/log: leverage lf_expr API for logformat preparsing
    - MINOR: guid: introduce global UID module
    - MINOR: guid: restrict guid format
    - MINOR: proxy: implement GUID support
    - MINOR: server: implement GUID support
    - MINOR: listener: implement GUID support
    - DOC: configuration: grammar fixes for strict-sni
    - BUG/MINOR: init: relax LSTCHK_NETADM checks for non root
    - MEDIUM: capabilities: check process capabilities sets
    - CLEANUP: global: remove LSTCHK_CAP_BIND
    - BUG/MEDIUM: quic: don't blindly rely on unaligned accesses
2024-04-06 17:02:07 +02:00
Willy Tarreau 9cf3d1fcc0 [RELEASE] Released version 3.0-dev6
Released version 3.0-dev6 with the following main changes :
    - MINOR: mux-h2: always use h2c_report_glitch()
    - MEDIUM: mux-h2: allow to set the glitches threshold to kill a connection
    - MINOR: quic: simplify rescheduling for handshake
    - MINOR: quic: remove qc_treat_rx_crypto_frms()
    - DOC: configuration: clarify ciphersuites usage (V2)
    - MINOR: tools: use public interface for FreeBSD get_exec_path()
    - BUG/MINOR: ssl: fix possible ctx memory leak in sample_conv_aes_gcm()
    - BUG/MINOR: ssl: do not set the aead_tag flags in sample_conv_aes_gcm()
    - BUG/MINOR: server: fix first server template not being indexed
    - MEDIUM: ssl: initialize the SSL stack explicitely
    - MEDIUM: ssl: allow to change the OpenSSL security level from global section
    - CLEANUP: ssl: remove useless #ifdef in openssl-compat.h
    - CI: github: add -DDEBUG_LIST to the default builds
    - BUG/MINOR: hlua: segfault when loading the same filter from different contexts
    - BUG/MINOR: hlua: missing lock in hlua_filter_new()
    - BUG/MINOR: hlua: fix missing lock in hlua_filter_delete()
    - DEBUG: lua: precisely identify if stream is stuck inside lua or not
    - MINOR: hlua: use accessors for stream hlua ctx
    - BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread (2nd try)
    - MINOR: debug: enable insecure fork on the command line
    - CI: github: add -dI to haproxy arguments
    - BUG/MINOR: listener: Wake proxy's mngmt task up if necessary on session release
    - BUG/MINOR: listener: Don't schedule frontend without task in listener_release()
    - MINOR: session: rename private conns elements
    - BUG/MAJOR: server: do not delete srv referenced by session
    - BUG/MEDIUM: spoe: Don't rely on stream's expiration to detect processing timeout
    - BUG/MINOR: spoe: Be sure to be able to quickly close IDLE applets on soft-stop
    - MAJOR: spoe: Deprecate the SPOE filter
    - MINOR: cfgparse: Add a global option to expose deprecated directives
    - MINOR: spoe: Add SPOE filters in the exposed deprecated directives
    - CLEANUP: assorted typo fixes in the code and comments
    - CI: temporarily adjust kernel entropy to work with ASAN/clang
    - BUG/MEDIUM: spoe: Return an invalid frame on recv if size is too small
    - BUG/MINOR: session: ensure conn owner is set after insert into session
    - BUG/MEDIUM: http_ana: ignore NTLM for reuse aggressive/always and no H1
    - BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe
    - BUG/MAJOR: ocsp: Separate refcount per instance and per store
    - REGTESTS: ssl: Add OCSP related tests
    - BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing
    - BUG/MEDIUM: ssl: Fix crash in ocsp-update log function
    - MEDIUM: ssl: Change output of ocsp-update log
    - MINOR: ssl: Change level of ocsp-update logs
    - CLEANUP: ssl: Remove undocumented ocsp fetches
    - REGTESTS: ssl: Add checks on ocsp-update log format
    - MINOR: connection: implement conn_release()
    - MINOR: connection: extend takeover with release option
    - MEDIUM: server: close idle conn on server deletion
    - MEDIUM: mux: prepare for takeover on private connections
    - MEDIUM: server: close private idle connection before server deletion
    - BUG/MINOR: mux-quic: close all QCS before freeing QCC tasklet
    - BUG/MEDIUM: mux-fcgi: Properly handle EOM flag on end-of-trailers HTX block
    - BUILD: server: fix build regression on old compilers (<= gcc-4.4)
    - OPTIM: http_ext: avoid useless copy in http_7239_extract_{ipv4,ipv6}
    - MINOR: debug: add "debug dev trace" to flood with traces
    - MINOR: atomic: add a read-specific variant of __ha_cpu_relax()
    - MINOR: applet: add new function applet_append_line()
    - MINOR: log/applet: add new function syslog_applet_append_event()
    - MEDIUM: ring/sink: use applet_append_line()/syslog_applet_append_event() for readers
    - REORG: dns/ring: split the ring between the generic one and the DNS one
    - MEDIUM: ring: move the ring reader code to ring_dispatch_messages()
    - MEDIUM: sink: move the generic ring forwarder code use ring_dispatch_messages()
    - MEDIUM: log/sink: make the log forwarder code use ring_dispatch_messages()
    - MINOR: buf: add b_add_ofs() to add a count to an absolute position
    - MINOR: buf: add b_rel_ofs() to turn an absolute offset into a relative one
    - MINOR: buf: add b_putblk_ofs() to copy a block at a specific position
    - MINOR: buf: add b_getblk_ofs() that works relative to area and not head
    - MINOR: ring: make the ring reader use only absolute offsets
    - MINOR: ring: reserve one special value for the readers count
    - MINOR: vecpair: add new vector pair based data manipulation mechanisms
    - MINOR: vecpair: add necessary functions to use vecpairss from/to ring APIs
    - MINOR: ring: rename totlen vs msglen in ring_write()
    - MINOR: ring: add ring_data() to report the amount of data in a ring
    - MINOR: ring: add ring_size() to return the ring's size
    - MINOR: ring: add ring_dup() to copy a ring into another one
    - MINOR: ring: also add ring_area(), ring_head(), ring_tail()
    - MINOR: ring: make callers use ring_data() and ring_size(), not ring->buf
    - MINOR: errors: use ring_dup() to duplicate the startup_logs
    - MINOR: ring: use ring_size(), ring_area(), ring_head() and ring_tail()
    - MINOR: ring: add a flag to indicate a mapped file
    - MAJOR: ring: insert an intermediary ring_storage level
    - MINOR: ring: resize only under thread isolation
    - MINOR: ring: allow to reduce a ring size
    - MEDIUM: ring: replace the buffer API in ring_write() with the vec<->ring API
    - MEDIUM: ring: change the ring reader to use the new vector-based API now
    - MEDIUM: ring: remove the struct buffer from the ring
    - MEDIUM: ring: align the head and tail fields in the ring_storage structure
    - MINOR: ring: make the reader check the readers count before inc/dec
    - MEDIUM: ring: lock the tail's readers counters before proceeding with the changes
    - MEDIUM: ring: protect the reader's positions against writers
    - MEDIUM: ring: use the topmost bit of the tail as a lock
    - MEDIUM: move the ring's lock to only protect the readers list
    - MEDIUM: ring: unlock the ring's tail earlier
    - MINOR: ring: don't take the readers lock if there are no readers
    - MEDIUM: ring/applet: turn the wait_entry list to an mt_list instead
    - MEDIUM: ring: protect the initialization of the initial reader offset
    - MINOR: ring: make sure ring_dispatch waits when facing a changing message
    - MAJOR: ring: drop the now unneeded lock
    - OPTIM: ring: don't even try to update offset when failed to read
    - OPTIM: ring: have only one thread at a time wake up all readers
    - MINOR: ring: keep a few frequently used pointers in the local stack
    - MINOR: ring: add the definition of a ring waiting cell
    - MINOR: ring: make the number of queues configurable
    - MAJOR: ring: implement a waiting queue in front of the ring
    - MEDIUM: ring: significant boost in the loop by checking the ring queue ptr first
    - MEDIUM: ring: improve speed in the queue waiting loop on x86_64
    - MINOR: ring: simplify the write loop a little bit
    - CLEANUP: ring: further simplify the write loop
    - MINOR: ring: it's not x86 but all non-ARMv8.1 which needs the read before OR
    - MINOR: ring: avoid writes to cells during copy
    - OPTIM: ring: use relaxed stores to release the threads
    - CLEANUP: ring: use only curr_cell and not next_cell in the main write loop
    - BUILD: ssl: fix build error on older compilers with openssl-3.2
    - BUG/MINOR: server: 'source' interface ignored from 'default-server' directive
    - BUG/MAJOR: ring: free the ring storage not the ring itself when using maps
2024-03-26 15:36:49 +01:00
Willy Tarreau db1a7513b7 [RELEASE] Released version 3.0-dev5
Released version 3.0-dev5 with the following main changes :
    - BUG/MEDIUM: applet: Fix HTX .rcv_buf callback function to release outbuf buffer
    - BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp CLI
    - BUG/MEDIUM: server: fix dynamic servers initial settings
    - BUG/MINOR: ssl/cli: duplicate cleaning code in cli_parse_del_crtlist
    - LICENSE: event_hdl: fix GPL license version
    - LICENSE: http_ext: fix GPL license version
    - BUG/MEDIUM: mux-h1: Fix again 0-copy forwarding of chunks with an unknown size
    - BUG/MINOR: mux-h1: Properly report when mux is blocked during a nego
    - MINOR: mux-h1: Move checks performed before a shutdown in a dedicated function
    - MINOR: mux-h1: Move all stuff to detach a stream in an internal function
    - MAJOR: mux-h1: Drain requests on client side before shut a stream down
    - MEDIUM: htx/http-ana: No longer close connection on early HAProxy response
    - MINOR: quic: filter show quic by address
    - MINOR: quic: specify show quic output fields
    - MINOR: quic: add MUX output for show quic
    - CLEANUP: mux-h2: Fix h2s_make_data() comment about the return value
    - DOC: configuration: clarify ciphersuites usage
    - BUG/MINOR: config/quic: Alert about PROXY protocol use on a QUIC listener
    - BUG/MINOR: hlua: Fix log level to the right value when set via TXN:set_loglevel
    - MINOR: hlua: Be able to disable logging from lua
    - BUG/MINOR: tools: seed the statistical PRNG slightly better
    - BUG/MINOR: hlua: fix unsafe lua_tostring() usage with empty stack
    - BUG/MINOR: hlua: don't use lua_tostring() from unprotected contexts
    - BUG/MINOR: hlua: fix possible crash in hlua_filter_new() under load
    - BUG/MINOR: hlua: improper lock usage in hlua_filter_callback()
    - BUG/MINOR: hlua: improper lock usage in hlua_filter_new()
    - BUG/MEDIUM: hlua: improper lock usage with SET_SAFE_LJMP()
    - BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume()
    - BUG/MINOR: hlua: don't call ha_alert() in hlua_event_subscribe()
    - MINOR: hlua: use SEND_ERR to report errors in hlua_event_runner()
    - CLEANUP: hlua: txn class functions may LJMP
    - BUG/MINOR: sink: fix a race condition in the TCP log forwarding code
    - BUILD: thread: move lock label definitions to thread-t.h
    - BUILD: tree-wide: fix a few missing includes in a few files
    - BUILD: buf: make b_ncat() take a const for the source
    - CLEANUP: assorted typo fixes in the code and comments
    - CLEANUP: fix typo in naming for variable "unused"
    - CI: run more smoke tests on config syntax to check memory related issues
    - CI: enable monthly build only test on netbsd-9.3
    - CI: skip scheduled builds on forks
    - BUG/MINOR: ssl/cli: typo in new ssl crl-file CLI description
    - BUG/MEDIUM: quic: fix connection freeze on post handshake
    - BUG/MINOR: mux-quic: fix crash on aborting uni remote stream
    - CLEANUP: log: fix obsolete comment for add_sample_to_logformat_list()
    - CLEANUP: tree-wide: use proper ERR_* return values for PRE_CHECK fcts
    - BUG/MINOR: cfgparse: report proper location for log-format-sd errors
    - MINOR: vars: export var_set and var_unset functions
    - MINOR: Add aes_gcm_enc converter
    - BUG/MEDIUM: quic: fix handshake freeze under high traffic
    - MINOR: quic: always use ncbuf for rx CRYPTO
    - BUILD: ssl: define EVP_CTRL_AEAD_GET_TAG for older versions
    - DOC: design: write first notes about ring-v2
    - OPTIM: sink: try to merge "dropped" messages faster
    - OPTIM: sink: drop the sink lock used to count drops
    - DEV: haring: make haring not depend on the struct ring itself
    - DEV: haring: split the code between ring and buffer
    - DEV: haring: automatically use the advertised ring header size
    - BUILD: solaris: fix compilation errors
2024-03-09 16:50:15 +01:00
Willy Tarreau dec017575d [RELEASE] Released version 3.0-dev4
Released version 3.0-dev4 with the following main changes :
    - BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing
    - BUG/MEDIUM: quic: Wrong K CUBIC calculation.
    - MINOR: quic: Update K CUBIC calculation (RFC 9438)
    - MINOR: quic: Dynamic packet reordering threshold
    - MINOR: quic: Add a counter for reordered packets
    - BUG/MAJOR: mux-h1: Fix zero-copy forwarding when sending chunks of unknown size
    - MINOR: stats: Use a dedicated function to check if output is almost full
    - BUG/MEDIUM: applet: Add a flag to state an applet is using zero-copy forwarding
    - BUG/MEDIUM: stconn/applet: Block 0-copy forwarding if producer needs more room
    - MINOR: applet: Remove uselelss test on SE_FL_SHR/SHW flags
    - MEDIUM: applet: Add notion of shutdown for write for applets
    - MINOR: cli: No longer check SC for shutdown to interrupt wait command
    - BUG/MEDIUM: stconn: Allow expiration update when READ/WRITE event is pending
    - BUG/MEDIUM: stconn: Don't check pending shutdown to wake an applet up
    - CLEANUP: stconn: Move SE flags set by app layer at the end of the bitfield
    - MINOR: stconn: Rename SE_FL_MAY_FASTFWD and reorder bitfield
    - MINOR: stconn: Add SE flag to announce zero-copy forwarding on consumer side
    - MINOR: muxes: Announce support for zero-copy forwarding on consumer side
    - BUG/MAJOR: stconn: Check support for zero-copy forwarding on both sides
    - MINOR: muxes/applet: Simplify checks on options to disable zero-copy forwarding
    - BUG/MINOR: quic: reject unknown frame type
    - MINOR: quic: handle all frame types on reception
    - BUG/MINOR: quic: reject HANDSHAKE_DONE as server
    - BUG/MINOR: qpack: reject invalid increment count decoding
    - BUG/MINOR: qpack: reject invalid dynamic table capacity
    - DOC/MINOR: userlists: mention solutions to high cpu with hashes
    - DOC: quic: Missing tuning setting in "Global parameters"
    - BUG/MEDIUM: applet: Immediately free appctx on early error
    - BUG/MEDIUM: hlua: Be able to garbage collect uninitialized lua sockets
    - BUG/MEDIUM: hlua: Don't loop if a lua socket does not consume received data
    - BUG/MEDIUM: quic: fix transient send error with listener socket
    - MINOR: log: custom name for logformat node
    - MINOR: sample: add type_to_smp() helper function
    - MINOR: log: explicit typecasting for logformat nodes
    - MINOR: log: simplify last_isspace in sess_build_logline()
    - MINOR: log: simplify quotes handling in sess_build_logline()
    - MINOR: log: print metadata prefixes separately in sess_build_logline()
    - MINOR: log: automate string array construction in sess_build_logline()
    - DOC: quic: fix recommandation for bind on multiple address
    - MINOR: quic: warn on bind on multiple addresses if no IP_PKTINFO support
    - OPTIM: quic: improve slightly qc_snd_buf() internal
    - MINOR: quic: move IP_PKTINFO on send on a dedicated function
    - MINOR: quic: remove sendto() usage variant
    - MINOR: quic: only use sendmsg() syscall variant
    - BUILD: applet: fix build on some 32-bit archs
    - BUG/MINOR: quic: initialize msg_flags before sendmsg
    - BUG/MEDIUM: mux-h1: Don't emit 0-CRLF chunk in h1_done_ff() when iobuf is empty
    - CLEANUP: proxy/log: remove unused proxy flag
    - CLEANUP: log: fix process_send_log() indentation
    - CLEANUP: log: use free_logformat_list() in parse_logformat_string()
    - MINOR: log: add free_logformat_node() helper function
    - BUG/MINOR: log: fix potential lf->name memory leak
    - BUG/MINOR: ist: allocate nul byte on istdup
    - BUG/MINOR: stats: drop srv refcount on early release
    - BUG/MAJOR: promex: fix crash on deleted server
    - BUG/MAJOR: server: fix stream crash due to deleted server
    - BUG/MEDIUM: mux-quic: do not crash on qcs_destroy for connection error
    - MINOR: cli: Remove useless loop on commands to find unescaped semi-colon
    - BUG/MEDIUM: cli: Warn if pipelined commands are delimited by a \n
    - BUG/MAJOR: cli: Restore non-interactive mode behavior with pipelined commands
    - BUG/MINOR: quic: fix output of show quic
    - MINOR: ssl: Call callback function after loading SSL CRL data
    - BUG/MINOR: ist: only store NUL byte on succeeded alloc
2024-02-23 20:01:45 +01:00
Willy Tarreau c7ce5281c4 [RELEASE] Released version 3.0-dev3
Released version 3.0-dev3 with the following main changes :
    - DOC: configuration: clarify http-request wait-for-body
    - BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions
    - MINOR: h3: add traces for stream sending function
    - BUG/MEDIUM: h3: do not crash on invalid response status code
    - BUG/MEDIUM: qpack: allow 6xx..9xx status codes
    - BUG/MEDIUM: quic: fix crash on invalid qc_stream_buf_free() BUG_ON
    - CLEANUP: log: deinitialization of the log buffer in one function
    - BUG/MINOR: h1: Don't support LF only at the end of chunks
    - BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size
    - MINOR: ssl: add HAVE_SSL_0RTT constant
    - MINOR: ssl: rename HA_OPENSSL_HAVE_0RTT_SUPPORT constant to HAVE_SSL_0RTT_QUIC
    - MEDIUM: ssl/quic: always compile the ssl_conf.early_data test
    - DOC: httpclient: add dedicated httpclient section
    - BUG/MINOR: h1-htx: properly initialize the err_pos field
    - BUG/MEDIUM: h1: always reject the NUL character in header values
    - CLEANUP: h1: remove unused function h1_measure_trailers()
    - BUG/MINOR: ssl/quic: fix 0RTT define
    - MINOR: mux-quic: prepare for earlier flow control update
    - MINOR: mux-quic: define a flow control related type
    - MEDIUM: mux-quic: limit stream flow control on snd_buf
    - MEDIUM: mux-quic: limit conn flow control on snd_buf
    - MINOR: mux-quic: remove unneeded sent-offset fields
    - MINOR: mux-quic: check fctl during STREAM frame build
    - MAJOR: mux-quic: remove intermediary Tx buffer
    - MEDIUM: mux-quic: simplify sending API
    - MEDIUM: mux-quic: release Tx buf on too small room
    - MEDIUM: mux-quic: properly handle conn Tx buf exhaustion
    - MINOR: mux-quic: realign Tx buffer if possible
    - CLEANUP: connection: remove obsolete comment in header file
    - OPTIM: connection: progressive hash for conn_calculate_hash()
    - MINOR: tcp_act: fix alphabetical ordering of tcp request content actions
    - MINOR: tcp-act: Rename "set-{mark,tos}" to "set-fc-{mark,tos}"
    - MINOR: hlua: Rename set_{tos, mark} to set_fc_{tos, mark}
    - MEDIUM: tcp-act: <expr> support for set-fc-{mark,tos} actions
    - MEDIUM: tcp-act/backend: support for set-bc-{mark,tos} actions
    - MINOR: stats: Be able to access to registered stats modules from anywhere
    - MEDIUM: stats: Be able to access a specific field into a stats module
    - MINOR: promex: Add a param to override the description when a metric is dumped
    - MINOR: promex: Add info in the promex context to dump extra counters
    - MEDIUM: promex: Dump frontends extra counters if requested
    - MEDIUM: promex: Dump backends extra counters if requested
    - MEDIUM: promex: Dump servers extra counters if requested
    - MEDIUM: promex: Dump listeners extra counters if requested
    - DOC: promex: Add documentation about extra-counters
    - MINOR: promex: Always limit the number of labels dumped for each metric
    - MEDIUM: promex: Simplify the context using generic pointers for restart points
    - MINOR: promex: Remove unsued htx parameter when a metric is dumped
    - MEDIUM: promex: Add a registration mechanism to support modules
    - MEDIUM: promex: Dump metrics of registered modules with a way to filter them
    - MEDIUM: promex/stick-table: Dump stick-table metrics via a promex module
    - MEDIUM: promex/resolvers: Dump resolvers metrics via a promex module
    - MINOR: promex: Rename dump functions to use the right wording
    - MINOR: promex: Always pass the final name and description to promex_dmp_ts()
    - MEDIUM: promex: Add support for filters on metric names
    - REGTESTS: promex: Adapt script to be less verbose
    - MINOR: compiler: add a new DO_NOT_FOLD() macro to prevent code folding
    - MINOR: debug: make sure calls to ha_crash_now() are never merged
    - MINOR: debug: make ABORT_NOW() store the caller's line number when using abort
    - BUG/MINOR: diag: always show the version before dumping a diag warning
    - BUG/MINOR: diag: run the final diags before quitting when using -c
    - MINOR: acl: add extra diagnostics about suspicious string patterns
    - BUG/MINOR: quic: Wrong ack ranges handling when reaching the limit.
    - BUILD: quic: Variable name typo inside a BUG_ON().
    - DOC: config: fix typo for '%ms' log format alternative
    - DOC: config: fix ordering for "txn.*" fetches
    - MINOR: stream: add "txn.redispatch" fetch
    - BUILD: debug: remove leftover parentheses in ABORT_NOW()
    - MINOR: debug: make BUG_ON() catch build errors even without DEBUG_STRICT
    - BUG/MINOR: ssl: Fix error message after ssl_sock_load_ocsp call
    - MINOR: debug: support passing an optional message in ABORT_NOW()
    - MINOR: debug: add an optional message argument to the BUG_ON() family
    - DEBUG: make the "debug dev {debug|warn|check}" command print a message
    - CLEANUP: quic: Code clarifications for QUIC CUBIC (RFC 9438)
    - BUG/MINOR: quic: fix possible integer wrap around in cubic window calculation
    - MINOR: quic: Stop using 1024th of a second.
    - CI: github: abandon asan matrix.py helper
    - CI: ssl: add yet another OpenSSL download fallback
    - DOC: install: clarify WolfSSL chroot requirements
    - MINOR: task: Move wait_event in the task header file
    - MINOR: stconn: Be able to detect applets using HTX
    - MINOR: stconn: Explicitly use an appctx to attach a stconn on it
    - MINOR: stconn: Be prepared to handle error when a SC is attached to an applet
    - MINOR: applet: Add dedicated IN/OUT buffers for appctx
    - MINOR: applet: Add traces to debug receive/send and block/wake events
    - MINOR: applet: Add support for callback functions to exchange data with channels
    - MINOR: applet: Implement default functions to exchange data with channels
    - MEDIUM: stconn: Add functions to handle applets I/O from the SC layer
    - MEDIM: applet: Add the applet handler based on IN/OUT buffers
    - MINOR: applet: Show IN/OUT buffers in trace messages when used
    - MINOR: applet: Add flags on the appctx and stop abusing its state
    - MINIOR: applet: Add flags to deal with ends of input, ends of stream and errors
    - MINOR: applet: Remove appctx state field to only used the flags
    - MINOR: applet: Add an appctx flag to report shutdown to applets
    - MEDIUM: applet: Use appctx flags to report EOS/EOI/ERROR to SE
    - MINOR: applet: Add callback function to deal with zero-copy forwarding
    - MEDIUM: applet: Add support for zero-copy forwarding from an applet
    - MINOR: applet: Automatically handle applets having more data for the stream
    - MEDIUM: stats: Don't interrupt processing on partial post
    - MAJOR: stats: Update HTTP stats applet to handle its own buffers
    - MEDIUM: cache: Temporarily remove zero-copy forwarding support
    - MAJOR: cache: Update HTTP cache applet to handle its own buffers
    - MAJOR: cache: Send cached objects using zero-copy forwarding
    - MINOR: stconn: Add support for flags during zero-copy forwarding negotiation
    - MINOR: mux-h1: Be able to define the length of a chunk size when it is prepended
    - MEDIUM: stconn: Nofify requested size during zero-copy forwarding nego is exact
    - MINOR: mux-h1: Stop zero-copy forwarding during nego for too big requested size
    - MEDIUM: mux-h1: Support zero-copy forwarding for chunks with an unknown size
    - MAJOR: stats: Send stats dump over HTTP using zero-copy forwarding
    - MEDIUM: applet: Simplify a bit API to exchange data with applets
    - MINOR: cache: Remove unsed .data_sent field from the cache applet context
    - MINOR: applet: Use an option to disable zero-copy forwarding for all applets
    - MINOR: applet: Identify applets using their own buffers via a flag
    - BUG/MINOR: ssl: Duplicate ocsp update mode when dup'ing ckch
    - MINOR: ssl: Use OCSP_CERTID instead of ckch_store in ckch_store_build_certid
    - BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line
    - BUG/MEDIUM: ocsp: Separate refcount per instance and per store
    - BUG/MINOR: ssl: Destroy ckch instances before the store during deinit
    - BUG/MINOR: ssl: Reenable ocsp auto-update after an "add ssl crt-list"
    - REGTESTS: ssl: Add OCSP related tests
    - REGTESTS: ssl: Fix empty line in cli command input
    - DOC: install: recommend pcre2
    - DOC: config: fix misplaced "txn.conn_retries"
    - DOC: config: fix typos for "bytes_{in,out}"
    - DOC: config: fix misplaced "bytes_{in,out}"
    - DOC: config: add more custom log format table alternatives
    - MINOR: stream: rename "txn.redispatch" to "txn.redispatched"
    - MINOR: sample: implement bc_{be,srv}_queue samples
    - BUG/MINOR: mux-h2: count rejected DATA frames against the connection's flow control
    - MINOR: mux-h2: count excess of CONTINUATION frames as a glitch
    - MINOR: mux-h2: count late reduction of INITIAL_WINDOW_SIZE as a glitch
    - DOC: internal: update missing data types in peers-v2.0.txt
    - MEDIUM: stick-tables: add a new stored type for glitch_cnt and glitch_rate
    - MINOR: session: add the necessary functions to update the per-session glitches
    - MEDIUM: mux-h2: update session trackers with number of glitches
    - BUG/MINOR: server/cli: add missing LF at the end of certain notice/error lines
    - BUG/MINOR: vars/cli: fix missing LF after "get var" output
    - BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs
    - MINOR: cli: make sure to always print a pending message after release()
    - MINOR: cli: always reset the applet task's timeout
    - MINOR: cli: add a new "wait" command to wait for a certain delay
    - BUG/MINOR: applet: Always release empty appctx buffers after processing
    - MINOR: server: split the server deletion code in two parts
    - MINOR: cli/wait: make the wait command support a more detailed help message
    - MINOR: cli/wait: also support an unrecoverable failure status
    - MINOR: cli/wait: also pass up to 4 arguments to the external conditions
    - MINOR: cli/wait: add a condition to wait on a server to become unused
    - CI: Update to actions/cache@v4
    - BUILD: address a few remaining calloc(size, n) cases
    - BUG/MEDIUM: pool: fix rare risk of deadlock in pool_flush()
2024-02-10 17:24:06 +01:00
Willy Tarreau 535b247bf6 [RELEASE] Released version 3.0-dev2
Released version 3.0-dev2 with the following main changes :
    - MINOR: ot: logsrv struct becomes logger
    - MINOR: ssl: Update ssl_fc_curve/ssl_bc_curve to use SSL_get0_group_name
    - CLEANUP: ssl: fix indentation in smp_fetch_ssl_fc_ec()
    - DEV: patchbot: produce a verdict for too long commit messages
    - CLEANUP: ssl: fix indentation in smp_fetch_ssl_fc_ec() (part 2)
    - CLEANUP: quic: Double quic_dgram_parse() prototype declaration.
    - BUG/MINOR: map: list-based matching potential ordering regression
    - REGTESTS: add a test to ensure map-ordering is preserved
    - DOC: config: fix typo about map_*_key converters
    - DOC: configuration: corrected description of keyword tune.ssl.ocsp-update.mindelay
    - MINOR: map: mapfile ordering also matters for tree-based match types
    - DEV: phash: add a trivial perfect hash generator for integers
    - OPTIM: http: simplify http_get_status_idx() using a hash
    - CLEANUP: http: avoid duplicating literals in find_http_meth()
    - MINOR: http: add infrastructure to choose status codes for err / fail
    - MEDIUM: http_act: check status codes against the bit fields for err/fail
    - MEDIUM: http: add the ability to redefine http-err-codes and http-fail-codes
    - CI: codespell: ignore some words in URLs
    - CI: codespell: add more words to whitelist
    - CLEANUP: fix spelling of "occured" in src/h3.c
    - BUILD: quic: missing include for quic_tp
    - BUG/MINOR: mux-quic: do not prevent non-STREAM sending on flow control
    - MEDIUM: ssl: allow multiple fallback certificate to allow ECDSA/RSA selection
    - MEDIUM: ssl: generate '*' SNI filters for default certificates
    - MEDIUM: ssl: does not use default_ctx for 'generate-certificate' option
    - REORG: ssl: move 'generate-certificates' code to ssl_gencert.c
    - DOC: configuration: update configuration on how to have multiple default certs
    - MEDIUM: ssl: implements 'default-crt' keyword for bind Lines
    - CI: github: update wolfSSL to 5.6.6
    - DOC: INSTALL: require at least WolfSSL 5.6.6
    - DEV: h2: add support for multiple flags in mkhdr
    - DEV: h2: support hex-encoded data sequences in mkhdr
    - BUG/MINOR: mux-h2: also count streams for refused ones
    - BUG/MEDIUM: quic: keylog callback not called (USE_OPENSSL_COMPAT)
    - MINOR: vars: fix indentation in var_clear_buffer()
    - DOC: configuration: fix set-dst in actions keywords matrix
    - BUG/MEDIUM: mux-h2: refine connection vs stream error on headers
    - MINOR: mux-h2/traces: add a missing trace on connection WU with negative inc
    - MINOR: mux-h2: add a counter of "glitches" on a connection
    - MINOR: connection: add a new mux_ctl to report number of connection glitches
    - MINOR: mux-h2: implement MUX_CTL_GET_GLITCHES
    - MINOR: connection: add sample fetches to report per-connection glitches
    - BUILD: stick-table: fix build error on 32-bit platforms
    - MINOR: quic: Transport parameters encoding without version_information
    - MINOR: quic: Enable early data at SSL session level (aws-lc)
    - MINOR: ssl_sock: Early data disabled during SSL_CTX switching (aws-lc)
    - MINOR: quic: Correctly wait for the completion of handshakes with early data (aws-lc)
    - BUG/MEDIUM: cli: some err/warn msg dumps add LR into CSV output on stat's CLI
    - BUG/MINOR: jwt: fix jwt_verify crash on 32-bit archs
    - BUILD: quic: fix build error when using the compatibility layer
    - BUILD: quic: Fix build error when building QUIC against wolfssl.
    - BUILD: quic: Fix build error when building QUIC against libressl.
    - BUG/MINOR: hlua: fix uninitialized var in hlua_core_get_var()
    - CLEANUP: hlua: fix indent, remove extra return in hlua_core_get_var()
    - BUG/MEDIUM: cache: Fix crash when deleting secondary entry
    - BUG/MINOR: quic: newreno QUIC congestion control algorithm no more available
    - CLEANUP: quic: Remove unused CUBIC_BETA_SCALE_FACTOR_SHIFT macro.
    - MINOR: quic: Stop hardcoding a scale shifting value (CUBIC_BETA_SCALE_FACTOR_SHIFT)
    - MINOR: quic: extract qc_stream_buf free in a dedicated function
    - BUG/MEDIUM: quic: remove unsent data from qc_stream_desc buf
    - CLEANUP: fix spelling of "elemt"
    - CI: extend spell check white list
    - CI: enable spell check on git push
    - BUILD: makefile: also define cmd_CXX to pretty-print C++ build commands
    - BUILD/MEDIUM: deviceatlas: addon build rework.
    - DOC: deviceatlas: update to be in line with the v3 api.
    - BUILD/MEDIUM: deviceatlas: updating the addon part.
    - BUILD: deviceatlas: remove unneeded depenency on libcurl / libzip
    - BUILD: deviceatlas: fix empty "-I" left on CFLAGS
    - Revert "CI: enable spell check on git push"
2024-01-26 20:11:39 +01:00
Willy Tarreau 2b930aa7c3 [RELEASE] Released version 3.0-dev1
Released version 3.0-dev1 with the following main changes :
    - MINOR: channel: Use dedicated functions to deal with STREAMER flags
    - MEDIUM: applet: Handle channel's STREAMER flags on applets size
    - MINOR: applets: Use channel's field to compute amount of data received
    - MEDIUM: cache: Save body size of cached objects and track it on delivery
    - MEDIUM: cache: Add support for endp-to-endp fast-forwarding
    - MINOR: cache: Add global option to enable/disable zero-copy forwarding
    - MINOR: pattern: Use reference name as filename to read patterns from a file
    - MEDIUM: pattern: Add support for virtual and optional files for patterns
    - DOC: config: Add section about name format for maps and ACLs
    - DOC: management/lua: Update commands about map and acl
    - MINOR: promex: Add support for specialized front/back/li/srv metric names
    - MINOR: promex: Export active/backup metrics per-server
    - BUG/MINOR: ssl: Double free of OCSP Certificate ID
    - MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback
    - BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate
    - BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA)
    - DOC: configuration: typo req.ssl_hello_type
    - MINOR: hq-interop: add fastfwd support
    - CLEANUP: mux_quic: rename ffwd function with prefix qmux_strm_
    - MINOR: mux-quic: add traces for 0-copy/fast-forward
    - BUG/MINOR: mworker/cli: fix set severity-output support
    - CLEANUP: mworker/cli: add comments about pcli_find_and_exec_kw()
    - BUG/MEDIUM: quic: Possible buffer overflow when building TLS records
    - BUILD: ssl: update types in wolfssl cert selection callback
    - MINOR: ssl: activate the certificate selection callback for WolfSSL
    - CI: github: switch to wolfssl git-c4b77ad for new PR
    - BUG/MEDIUM: map/acl: pat_ref_{set,delete}_by_id regressions
    - BUG/MINOR: ext-check: cannot use without preserve-env
    - CLEANUP: mux-quic: remove unused prototype
    - MINOR: mux-quic: clean up qcs Rx buffer allocation API
    - MINOR: mux-quic: clean up qcs Tx buffer allocation API
    - CLEANUP: mux-quic: clean up app ops callback definitions
    - MINOR: mux-quic: factorize QC_SF_UNKNOWN_PL_LENGTH set
    - MINOR: h3: complete traces for sending
    - MINOR: h3: adjust zero-copy sending related code
    - MINOR: hq-interop: use zero-copy to transfer single HTX data block
    - BUG/MEDIUM: quic: QUIC CID removed from tree without locking
    - BUG/MEDIUM: stconn: Block zero-copy forwarding if EOS/ERROR on consumer side
    - BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding
    - BUG/MEDIUM: mux-h1: Explicitly skip request's C-L header if not set originally
    - CLEANUP: mux-h1: Fix a trace message about C-L header addition
    - BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty
    - BUG/MEDIUM: mux-quic: report early error on stream
    - DOC: config: add arguments to sample fetch methods in the table
    - DOC: config: also add arguments to the converters in the table
    - BUG/MINOR: resolvers: default resolvers fails when network not configured
    - SCRIPTS: mk-patch-list: produce a list of patches
    - DEV: patchbot: add the AI-based bot to pre-select candidate patches to backport
    - BUG/MEDIUM: mux-h2: Switch pending error to error if demux buffer is empty
    - BUG/MEDIUM: mux-h2: Only Report H2C error on read error if demux buffer is empty
    - BUG/MEDIUM: mux-h2: Don't report error on SE if error is only pending on H2C
    - BUG/MEDIUM: mux-h2: Don't report error on SE for closed H2 streams
    - DOC: config: Update documentation about local haproxy response
    - DEV: patchbot: use checked buttons as reference instead of internal table
    - DEV: patchbot: allow to show/hide backported patches
    - MINOR: h3: remove quic_conn only reference
    - BUG/MINOR: server: Use the configured address family for the initial resolution
    - MINOR: mux-quic: remove qcc_shutdown() from qcc_release()
    - MINOR: mux-quic: use qcc_release in case of init failure
    - MINOR: mux-quic: adjust error code in init failure
    - MINOR: h3: add traces for connection init stage
    - BUG/MINOR: h3: properly handle alloc failure on finalize
    - MINOR: h3: use INTERNAL_ERROR code for init failure
    - BUG/MAJOR: stconn: Disable zero-copy forwarding if consumer is shut or in error
    - MINOR: stats: store the parent proxy in stats ctx (http)
    - BUG/MEDIUM: stats: unhandled switching rules with TCP frontend
    - MEDIUM: proxy: set PR_O_HTTP_UPG on implicit upgrades
    - MINOR: proxy: monitor-uri works with tcp->http upgrades
    - OPTIM: server: eb lookup for server_find_by_name()
    - OPTIM: server: ebtree lookups for findserver_unique_* functions
    - MINOR: server/event_hdl: add server_inetaddr struct to facilitate event data usage
    - MINOR: server/event_hdl: update _srv_event_hdl_prepare_inetaddr prototype
    - BUG/MINOR: server/event_hdl: propagate map port info through inetaddr event
    - MINOR: server: ensure connection cleanup on server addr changes
    - CLEANUP: server/event_hdl: remove purge_conn hint in INETADDR event
    - MEDIUM: server: merge srv_update_addr() and srv_update_addr_port() logic
    - CLEANUP: server: remove unused server_parse_addr_change_request() function
    - CLEANUP: resolvers: remove duplicate func prototype
    - MINOR: resolvers: add unique numeric id to nameservers
    - MEDIUM: server: make server_set_inetaddr() updater serializable
    - MINOR: server/event_hdl: expose updater info through INETADDR event
    - MINOR: server: add dns hint in server_inetaddr_updater struct
    - MEDIUM: server/dns: clear RMAINT when addr resolves again
    - BUG/MINOR: server/dns: use server_set_inetaddr() to unset srv addr from DNS
    - BUG/MEDIUM: server/dns: perform svc_port updates atomically from SRV records
    - MEDIUM: peers: use server as stream target
    - CLEANUP: peers: remove unused sock_init_arg struct member
    - CLEANUP: peers: remove unused "proto" and "xprt" struct members
    - MINOR: peers: rely on srv->addr and remove peer->addr
    - DOC: config: add context hint for server keywords
    - MINOR: stktable: add table_process_entry helper function
    - MINOR: stktable: use {show,set,clear} table with ptr
    - MINOR: map: add map_*_key converters to provide the matching key
    - DOC: fix typo for fastfwd QUIC option
    - BUG/MINOR: mux-quic: always report error to SC on RESET_STREAM emission
    - MEDIUM: mux-quic: add BUG_ON if sending on locally closed QCS
    - BUG/MINOR: mux-quic: disable fast-fwd if connection on error
    - BUG/MINOR: quic: Wrong keylog callback setting.
    - BUG/MINOR: quic: Missing call to TLS message callbacks
    - MINOR: h3: check connection error during sending
    - BUG/MINOR: h3: close connection on header list too big
    - BUG/MINOR: h3: close connection on sending alloc errors
    - BUG/MINOR: h3: disable fast-forward on buffer alloc failure
    - Revert "MINOR: mux-quic: Disable zero-copy forwarding for send by default"
    - MINOR: stktable: stktable_data_ptr() cannot fail in table_process_entry()
    - CLEANUP: assorted typo fixes in the code and comments
    - CI: use semantic version compare for determing "latest" OpenSSL
    - CLEANUP: server: remove ambiguous check in srv_update_addr_port()
    - CLEANUP: resolvers: remove unused RSLV_UPD_OBSOLETE_IP flag
    - CLEANUP: resolvers: remove some more unused RSLV_UDP flags
    - MEDIUM: server: simplify snr_set_srv_down() to prevent confusions
    - MINOR: backend: export get_server_*() functions
    - MINOR: tcpcheck: export proxy_parse_tcpcheck()
    - MEDIUM: udp: allow to retrieve the frontend destination address
    - MINOR: global: export a way to list build options
    - MINOR: debug: add features and build options to "show dev"
    - BUG/MINOR: server: fix server_find_by_name() usage during parsing
    - REGTESTS: check attach-srv out of order declaration
    - CLEANUP: quic: Remaining useless code into server part
    - BUILD: quic: Missing quic_ssl.h header protection
    - BUG/MEDIUM: h3: fix incorrect snd_buf return value
    - MINOR: h3: do not consider missing buf room as error on trailers
    - BUG/MEDIUM: stconn: Forward shutdown on write timeout only if it is forwardable
    - BUG/MEDIUM: stconn: Set fsb date if zero-copy forwarding is blocked during nego
    - BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up
    - MINOR: mux-h2: support limiting the total number of H2 streams per connection
    - CLEANUP: mux-h2: remove the printfs from previous commit on h2 streams limit.
    - DEV: h2: add the ability to emit literals in mkhdr
    - DEV: h2: add the preface as well in supported output types
    - DEV: h2: support passing raw data for a frame
    - IMPORT: ebtree: implement and use flsnz_long() to count bits
    - IMPORT: ebtree: switch the sizes and offsets to size_t and ssize_t
    - IMPORT: ebtree: rework the fls macros to better deal with arch-specific ones
    - IMPORT: ebtree: make string_equal_bits turn back to unsigned char
    - IMPORT: ebtree: use unsigned ints for flznz()
    - IMPORT: ebtree: make string_equal_bits() return an unsigned
2024-01-06 14:09:35 +01:00
Willy Tarreau eb67d63456 [RELEASE] Released version 3.0-dev0
Released version 3.0-dev0 with the following main changes :
    - exact copy of 2.9.0
2023-12-05 16:19:35 +01:00
Willy Tarreau fddb8c13b6 [RELEASE] Released version 2.9.0
Released version 2.9.0 with the following main changes :
    - DOC: config: add missing colon to "bytes_out" sample fetch keyword (2)
    - BUG/MINOR: cfgparse-listen: fix warning being reported as an alert
    - DOC: config: add matrix entry for "max-session-srv-conns"
    - DOC: config: fix monitor-fail typo
    - DOC: config: add context hint for proxy keywords
    - DEBUG: stream: Report lra/fsb values for front end back SC in stream dump
    - REGTESTS: sample: Test the behavior of consecutive delimiters for the field converter
    - BUG/MINOR: sample: Make the `word` converter compatible with `-m found`
    - DOC: Clarify the differences between field() and word()
    - BUG/MINOR: server/event_hdl: properly handle AF_UNSPEC for INETADDR event
    - BUILD: http_htx: silence uninitialized warning on some gcc versions
    - MINOR: acme.sh: don't use '*' in the filename for wildcard domain
    - MINOR: global: Use a dedicated bitfield to customize zero-copy fast-forwarding
    - MINOR: mux-pt: Add global option to enable/disable zero-copy forwarding
    - MINOR: mux-h1: Add global option to enable/disable zero-copy forwarding
    - MINOR: mux-h2: Add global option to enable/disable zero-copy forwarding
    - MINOR: mux-quic: Add global option to enable/disable zero-copy forwarding
    - MINOR: mux-quic: Disable zero-copy forwarding for send by default
    - DOC: config: update the reminder on the HTTP model and add some terminology
    - DOC: config: add a few more differences between HTTP/1 and 2+
    - DOC: config: clarify session vs stream
    - DOC: config: fix typo abandonned -> abandoned
    - DOC: management: fix two latest typos (optionally, exception)
    - BUG/MEDIUM: peers: fix partial message decoding
    - DOC: management: update stream vs session
2023-12-05 16:15:30 +01:00
Willy Tarreau 7ed737d5a7 [RELEASE] Released version 2.9-dev12
Released version 2.9-dev12 with the following main changes :
    - BUG/MINOR: global: Fix tune.disable-(fast-forward/zero-copy-forwarding) options
    - DOC: config: removing "log-balance" references
    - MINOR: server/event_hdl: add SERVER_INETADDR event
    - MINOR: tools: use const for read only pointers in ip{cmp,cpy}
    - MINOR: server/ip: centralize server ip updates
    - MINOR: backend: remove invalid mode test for "hash-balance-factor"
    - Revert "MINOR: cfgparse-listen: warn when use-server rules is used in wrong mode"
    - MINOR: proxy: add free_logformat_list() helper function
    - MINOR: proxy: add free_server_rules() helper function
    - MINOR: log/backend: prevent "use-server" rules use with LOG mode
    - MINOR: log/balance: set lbprm tot_weight on server on queue/dequeue
    - DOC: config: specify supported sections for "max-session-srv-conns"
    - DOC: config: fix timeout check inheritance restrictions
    - REGTESTS: connection: disable http_reuse_be_transparent.vtc if !TPROXY
    - DOC: lua: add sticktable class reference from Proxy.stktable
    - DOC: lua: fix Proxy.get_mode() output
    - DOC: lua: add "syslog" to Proxy.get_mode() output
    - MEDIUM: ssl: implement rsa/ecdsa selection with WolfSSL
    - MINOR: ssl: replace 'trash.area' by 'servername' in ssl_sock_switchctx_cbk()
    - MINOR: ssl: move certificate selection in a dedicate function
    - MEDIUM: ssl: use ssl_sock_chose_sni_ctx() in the clienthello callback
    - MINOR: mworker/cli: implement hard-reload over the master CLI
    - BUG/MEDIUM: mux-h1: Properly ignore trailers when a content-length is announced
    - MINOR: task/profiling: do not record task_drop_running() as a caller
    - OPTIM: pattern: save memory and time using ebst instead of ebis
    - BUILD: map: fix build warning
    - MINOR: trace: define simple -dt argument
    - MINOR: trace: parse level in a function
    - MINOR: trace: parse verbosity in a function
    - MINOR: trace: support -dt optional format
    - OPTIM: mux-h2/zero-copy: don't allocate more buffers per connections than streams
    - BUG/MINOR: quic: fix CONNECTION_CLOSE_APP encoding
    - BUG/MEDIUM: stconn: Don't perform zero-copy FF if opposite SC is blocked
    - BUG/MEDIUM: mux-h2: Remove H2_SF_NOTIFIED flag for H2S blocked on fast-forward
    - CLEANUP: quic: Remove dead definitions/declarations
    - REORG: quic: Move some QUIC CLI code to its C file
    - REORG: quic: Add a new module to handle QUIC connection IDs
    - REORG: quic: QUIC connection types header cleaning
    - BUILD: quic: Missing RX header inclusions
    - REORG: quic: Move CRYPTO data buffer defintions to QUIC TLS module
    - REORG: quic: Move QUIC CRYPTO stream definitions/declarations to QUIC TLS
    - REORG: quic: Move several inlined functions from quic_conn.h
    - REORG: quic: Move QUIC SSL BIO method related functions to quic_ssl.c
    - REORG: quic: Move the QUIC DCID parser to quic_sock.c
    - REORG: quic: Rename some functions used upon ACK receipt
    - REORG: quic: Move QUIC path definitions/declarations to quic_cc module
    - REORG: quic: Move qc_handle_conn_migration() to quic_conn.c
    - REORG: quic: Move quic_build_post_handshake_frames() to quic_conn module
    - REORG: quic: Move qc_may_probe_ipktns() to quic_tls.h
    - REORG: quic: Move qc_pkt_long() to quic_rx.h
    - REORG: quic: Rename some (quic|qc)_conn* objects to quic_conn_closed
    - REORG: quic: Move NEW_CONNECTION_ID frame builder to quic_cid
    - REORG: quic: Move ncbuf related function from quic_rx to quic_conn
    - REORG: quic: Add a new module for QUIC retry
    - BUILD: quic: Several compiler warns fixes after retry module creation
    - REORG: quic: Move qc_notify_send() to quic_conn
    - REORG: quic: Add a new module for retransmissions
    - REORG: quic: Remove qc_pkt_insert() implementation
    - REORG: quic: Move quic_increment_curr_handshake() to quic_sock
    - BUG/MINOR: cache: Remove incomplete entries from the cache when stream is closed
    - MEDIUM: cli: allow custom pattern for payload
    - CLEANUP: mworker/cli: use a label to return errors
    - MINOR: mworker/cli: implements the customized payload pattern for master CLI
    - DOC: management: add documentation about customized payload pattern
    - BUG/MEDIUM: server/event_hdl: memory overrun in _srv_event_hdl_prepare_inetaddr()
    - MINOR: event_hdl: add global tunables
    - BUG/MAJOR: server/addr: fix a race during server addr:svc_port updates
    - MEDIUM: log/balance: support FQDN for UDP log servers
    - BUG/MINOR: compression: possible NULL dereferences in comp_prepare_compress_request()
    - BUG/MEDIUM: master/cli: Properly pin the master CLI on thread 1 / group 1
    - BUG/MEDIUM: mux-quic: Stop zero-copy FF during nego if input is not empty
    - CLEANUP: log: Fix %rc comment in sess_build_logline()
    - BUG/MINOR: h3: fix TRAILERS encoding
    - BUG/MINOR: h3: always reject PUSH_PROMISE
    - MINOR: h3: use correct error code for missing SETTINGS
    - MINOR: http-fetch: Add a sample to retrieve the server status code
    - DOC: config: Improve 'status' sample documentation
    - MINOR: http-fetch: Add a sample to get the transaction status code
    - MEDIUM: http-ana: Set termination state before returning haproxy response
    - MINOR: stream: Expose session terminate state via a new sample fetch
    - MINOR: stream: add a sample fetch to get the number of connection retries
    - MINOR: stream: Expose the stream's uniq_id via a new sample fetch
    - MINOR: muxes: Rename mux_ctl_type values to use MUX_CTL_ prefix
    - MINOR: muxes: Add a callback function to send commands to mux streams
    - MINOR: muxes: Implement ->sctl() callback for muxes and return the stream id
    - MINOR: Add sample fetches to get the frontend and backend stream ID
    - BUG/MEDIUM: cli: Don't look for payload pattern on empty commands
    - DOC: config: Add argument for tune.lua.maxmem
    - DOC: config: fix mention of request slot in http-response capture
    - DOC: config: fix remaining mention of @reverse for attach-srv action
    - DOC: config: fix missing characters in set-spoe-group action
    - DOC: config: reorganize actions into their own section
    - BUG/MINOR: acme.sh: update the deploy script
    - MINOR: rhttp: mark reverse HTTP as experimental
    - CLEANUP: quic_cid: remove unused listener arg
    - BUG/MINOR: quic_tp: fix preferred_address decoding
    - MINOR: quic_tp: use in_addr/in6_addr for preferred_address
    - MINOR: acme.sh: use the master CLI for hot update
    - DOC: config: move the cache-use and cache-store actions to the proper section
    - DOC: config: fix alphabetical ordering of converter keywords
    - DOC: config: add missing colon to "bytes_out" sample fetch keyword
    - DOC: config: add an index of converter keywords
    - DOC: config: add an index of sample fetch keywords
    - BUG/MINOR: config: Stopped parsing upon unmatched environment variables
    - DEBUG: unstatify a few functions that are often present in backtraces
    - BUILD: server: shut a bogus gcc warning on certain ubuntu
2023-11-30 18:07:06 +01:00
Willy Tarreau 2fb1776f5c [RELEASE] Released version 2.9-dev11
Released version 2.9-dev11 with the following main changes :
    - BUG/MINOR: startup: set GTUNE_SOCKET_TRANSFER correctly
    - BUG/MINOR: sock: mark abns sockets as non-suspendable and always unbind them
    - BUILD: cache: fix build error on older compilers
    - BUG/MAJOR: quic: complete thread migration before tcp-rules
    - BUG/MEDIUM: quic: Possible crash for connections to be killed
    - MINOR: quic: remove unneeded QUIC specific stopping function
    - MINOR: acl: define explicit HTTP_3.0
    - DEBUG: connection/flags: update flags for reverse HTTP
    - BUILD: log: silence a build warning when threads are disabled
    - MINOR: quic: Add traces to debug frames handling during retransmissions
    - BUG/MEDIUM: quic: Possible crash during retransmissions and heavy load
    - BUG/MINOR: quic: Possible leak of TX packets under heavy load
    - BUG/MINOR: quic: Possible RX packet memory leak under heavy load
    - BUG/MINOR: server: do not leak default-server in defaults sections
    - DEBUG: tinfo: store the pthread ID and the stack pointer in tinfo
    - MINOR: debug: start to create a new struct post_mortem
    - MINOR: debug: add OS/hardware info to the post_mortem struct
    - MINOR: debug: report in port_mortem whether a container was detected
    - MINOR: debug: report in post_mortem if the container techno used is docker
    - MINOR: debug: detect CPU model and store it in post_mortem
    - MINOR: debug: report any detected hypervisor in post_mortem
    - MINOR: debug: collect some boot-time info related to the process
    - MINOR: debug: copy the thread info into the post_mortem struct
    - MINOR: debug: dump the mapping of the libs into post_mortem
    - MINOR: debug: add the ability to enter components in the post_mortem struct
    - MINOR: init: add info about the main program to the post_mortem struct
    - DOC: management: document "show dev"
    - CLEANUP: assorted typo fixes in the code and comments
    - CI: limit codespell checks to main repo, not forks
    - DOC: 51d: updated 51Degrees repo URL for v3.2.10
    - DOC: install: update the list of openssl versions
    - MINOR: ext-check: add an option to preserve environment variables
    - BUG/MEDIUM: mux-h1: Don't set CO_SFL_MSG_MORE flag on last fast-forward send
    - MINOR: rhttp: rename proto_reverse_connect
    - MINOR: rhttp: large renaming to use rhttp prefix
    - MINOR: rhttp: add count of active conns per thread
    - MEDIUM: rhttp: support multi-thread active connect
    - MINOR: listener: allow thread kw for rhttp bind
    - DOC: rhttp: replace maxconn by nbconn
    - MINOR: log/balance: rename "log-sticky" to "sticky"
    - MEDIUM: mux-quic: Add consumer-side fast-forwarding support
    - MAJOR: h3: Implement zero-copy support to send DATA frame
2023-11-24 08:14:31 +01:00
Willy Tarreau db09cd6ad4 [RELEASE] Released version 2.9-dev10
Released version 2.9-dev10 with the following main changes :
    - CLEANUP: Re-apply xalloc_size.cocci (3)
    - BUG/MEDIUM: stconn: Report send activity during mux-to-mux fast-forward
    - BUG/MEDIUM: stconn: Don't report rcv/snd expiration date if SC cannot epxire
    - MINOR: stconn: Don't queue stream task in past in sc_notify()
    - BUG/MEDIUM: Don't apply a max value on room_needed in sc_need_room()
    - BUG/MINOR: stconn: Sanitize report for read activity
    - CLEANUP: htx: Properly indent htx_reserve_max_data() function
    - DOC: stconn: Improve comments about lra and fsb usage
    - BUG/MEDIUM: quic: fix actconn on quic_conn alloc failure
    - BUG/MEDIUM: quic: fix sslconns on quic_conn alloc failure
    - BUG/MEDIUM: mux-h1: Be sure xprt support splicing to use it during fast-forward
    - MINOR: proto_reverse_connect: use connect timeout
    - BUG/MINOR: mux-h1: Release empty ibuf during data fast-forwarding
    - BUG/MINOR: stick-table/cli: Check for invalid ipv4 key
    - MEDIUM: stktable/cli: simplify entry key handling
    - MINOR: stktable/cli: support v6tov4 and v4tov6 conversions
    - BUG/MINOR: mux-h1: Properly handle http-request and http-keep-alive timeouts
    - BUG/MEDIUM: freq-ctr: Don't report overshoot for long inactivity period
    - BUG/MEDIUM: pool: fix releasable pool calculation when overloaded
    - BUG/MINOR: pool: check one other random bucket on alloc conflict
    - BUG/MEDIUM: pool: try once to allocate from another bucket if empty
    - MEDIUM: stconn/muxes: Loop on data fast-forwarding to forward at least a buffer
    - MINOR: stconn/mux-h2: Use a iobuf flag to report EOI to consumer side during FF
    - MEDIUM: quic: Heavy task mode during handshake
    - MEDIUM: quic: Heavy task mode with non contiguously bufferized CRYPTO data
    - MINOR: quic: release the TLS context asap from quic_conn_release()
    - MINOR: quic: Add idle timer task pointer to traces
    - BUG/MINOR: quic: idle timer task requeued in the past
    - CLEANUP: quic: Indentation fix in qc_do_build_pkt()
    - MINOR: quic: Avoid zeroing frame structures
    - BUG/MEDIUM: quic: Too short Initial packet sent (enc. level allocation failed)
    - BUG/MEDIUM: quic: Avoid trying to send ACK frames from an empty ack ranges tree
    - BUG/MEDIUM: quic: Possible crashes when sending too short Initial packets
    - BUG/MEDIUM: quic: Avoid some crashes upon TX packet allocation failures
    - BUG/MEDIUM: quic: Possible crashes during secrets allocations (heavy load)
    - BUG/MEDIUM: stconn: Don't update stream expiration date if already expired
    - MINOR: errors: ha_alert() and ha_warning() uses warn_exec_path()
    - MINOR: errors: does not check MODE_STARTING for log emission
    - MEDIUM: errors: move the MODE_QUIET test in print_message()
    - DOC: management: -q is quiet all the time
    - MEDIUM: mworker: -W is mandatory when using -S
    - BUG/MEDIUM: mux-h1: Exit early if fast-forward is not supported by opposite SC
    - MEDIUM: quic: adjust address validation
    - MINOR: quic: reduce half open counters scope
    - MEDIUM: quic: limit handshake per listener
    - MEDIUM: quic: define an accept queue limit
    - BUG/MINOR: quic: fix retry token check inconsistency
    - MINOR: task/debug: explicitly support passing a null caller to wakeup functions
    - MINOR: task/debug: make task_queue() and task_schedule() possible callers
    - OPTIM: mux-h2: don't allocate more buffers per connections than streams
    - BUG/MINOR: quic: remove dead code in error path
    - MEDIUM: quic: respect closing state even on soft-stop
    - MEDIUM: quic: release conn socket before using quic_cc_conn
    - DOC: config: use the word 'backend' instead of 'proxy' in 'track' description
    - BUG/MEDIUM: applet: Remove appctx from buffer wait list on release
    - MINOR: tools: make str2sa_range() directly return type hints
    - BUG/MEDIUM: server: invalid address (post)parsing checks
    - BUG/MINOR: sink: don't learn srv port from srv addr
    - CLEANUP: sink: bad indent in sink_new_from_logger()
    - CLEANUP: sink: useless leftover in sink_add_srv()
    - BUG/MINOR: quic: Useless use of non-contiguous buffer for in order CRYPTO data
    - MINOR: server: always initialize pp_tlvs for default servers
    - BUG/MEDIUM: proxy: always initialize the default settings after init
    - MEDIUM: startup: 'haproxy -c' is quiet when valid
    - BUG/MINOR: sample: Fix bytes converter if offset is bigger than sample length
    - BUG/MINOR: log: keep the ref in dup_logger()
    - BUG/MINOR: quic: fix crash on qc_new_conn alloc failure
    - BUG/MINOR: quic: fix decrement of half_open counter on qc alloc failure
    - BUG/MEDIUM: quic: fix FD for quic_cc_conn
    - DOC: config: Fix name for tune.disable-zero-copy-forwarding global param
    - REGTESTS: startup: -conf-OK requires -V with current VTest
    - BUG/MEDIUM: quic: Non initialized CRYPTO data stream deferencing
    - MINOR: quic: Add a max window parameter to congestion control algorithms
    - MINOR: quic: Maximum congestion control window for each algo
    - DOC: quic: Wrong syntax for "quic-cc-algo" keyword.
    - DOC: quic: Maximum congestion control window configuration
    - BUG/MINOR: quic: maximum window limits do not match the doc
    - BUG/MEDIUM: connection: report connection errors even when no mux is installed
    - BUG/MINOR: stconn: Handle abortonclose if backend connection was already set up
    - MINOR: connection: Add a CTL flag to notify mux it should wait for reads again
    - MEDIUM: mux-h1: Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for reads
    - BUG/MEDIUM: stream: Properly handle abortonclose when set on backend only
    - MINOR: stconn: Use SC to detect frontend connections in sc_conn_recv()
    - REGTESTS: http: Improve script testing abortonclose option
    - MINOR: activity: report profiling duration and age in "show profiling"
    - BUG/MEDIUM: mworker: set the master variable earlier
    - BUG/MEDIUM: stream: Don't call mux .ctl() callback if not implemented
    - MINOR: connection: update rhttp flags usage
    - BUG/MINOR: mux_h2: reject passive reverse conn if error on add to idle
    - MINOR: server: force add to idle on reverse
    - MINOR: shctx: Set last_append to NULL when reserving block in hot list
    - MEDIUM: shctx: Move list between hot and avail list in O(1)
    - MEDIUM: shctx: Simplify shctx_row_reserve_hot loop
    - MINOR: shctx: Remove explicit 'from' param from shctx_row_data_append
    - MEDIUM: cache: Use dedicated cache tree lock alongside shctx lock
    - MINOR: cache: Remove expired entry delete in "show cache" command
    - MINOR: cache: Add option to avoid removing expired entries in lookup function
    - MEDIUM: cache: Use rdlock on cache in cache_use
    - MEDIUM: shctx: Remove 'hot' list from shared_context
    - MINOR: cache: Use dedicated trash for "show cache" cli command
    - MEDIUM: cache: Switch shctx spinlock to rwlock and restrict its scope
    - MEDIUM: cache: Add refcount on cache_entry
    - MEDIUM: shctx: Descend shctx_lock calls into the shctx_row_reserve_hot
    - MINOR: shctx: Add new reserve_finish callback call to shctx_row_reserve_hot
    - MAJOR: cache: Delay cache entry delete in reserve_hot function
    - MINOR: shctx: Remove redundant arg from free_block callback
    - MINOR: shctx: Remove 'use_shared_mem' variable
    - DOC: cache: Specify when function expects a cache lock
    - BUG/MEDIUM: stconn: Update fsb date on partial sends
    - MINOR: htx: Use a macro for overhead induced by HTX
    - MINOR: channel: Add functions to get info on buffers and deal with HTX streams
    - BUG/MINOR: stconn: Fix streamer detection for HTX streams
    - BUG/MINOR: stconn: Use HTX-aware channel's functions to get info on buffer
    - BUG/MINOR: stconn/applet: Report send activity only if there was output data
    - BUG/MINOR: stconn: Report read activity on non-indep streams for partial sends
    - BUG/MINOR: shctx: Remove old HA_SPIN_INIT
    - REGTESTS: try to activate again the seamless reload test with the master CLI
    - MINOR: proxy: Add "handshake" new timeout (frontend side)
    - MEDIUM: quic: Add support for "handshake" timeout setting.
    - MINOR: quic: Dump the expiration date of the idle timer task
    - BUG/MINOR: quic: Malformed CONNECTION_CLOSE frame
    - MEDIUM: session: handshake timeout (TCP)
    - DOC: proxy: Add "handshake" timeout documentation.
    - MINOR: quic: Rename "handshake" timeout to "client-hs"
    - CLEANUP: haproxy: remove old comment from 1.1 from the file header
    - BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover()
    - BUG/MEDIUM: mux-h1: fail earlier on malloc in takeover()
    - BUG/MEDIUM: mux-fcgi: fail earlier on malloc in takeover()
    - MINOR: rhttp: remove the unused outgoing connect() function
    - MINOR: backend: without ->connect(), allow to pick another thread's connection
    - BUG/MINOR: stream/cli: report correct stream age in "show sess"
    - MINOR: stream/cli: add an optional "older" filter for "show sess"
    - MINOR: stream/cli: add another filter "susp" to "show sess"
    - MINOR: stktable: add stktable_deinit function
    - BUG/MINOR: proxy/stktable: missing frees on proxy cleanup
    - CLEANUP: backend: removing unused LB param
    - MEDIUM: lbprm: store algo params on 32bits
    - MEDIUM: log/balance: merge tcp/http algo with log ones
    - Revert "MINOR: proxy: report a warning for max_ka_queue in proxy_cfg_ensure_no_http()"
    - Revert "MINOR: tcp_rules: tcp-{request,response} requires TCP or HTTP mode"
    - Revert "MINOR: stktable: "stick" requires TCP or HTTP mode"
    - Revert "MINOR: cfgparse-listen: "http-send-name-header" requires TCP or HTTP mode"
    - Revert "MINOR: cfgparse-listen: "dynamic-cookie-key" requires TCP or HTTP mode"
    - Revert "MINOR: cfgparse-listen: "http-reuse" requires TCP or HTTP mode"
    - Revert "MINOR: fcgi-app: "use-fcgi-app" requires TCP or HTTP mode"
    - Revert "MINOR: http_htx/errors: prevent the use of some keywords when not in tcp/http mode"
    - Revert "MINOR: flt_http_comp: "compression" requires TCP or HTTP mode"
    - Revert "MINOR: filter: "filter" requires TCP or HTTP mode"
    - MINOR: log/backend: ensure log exclusive params are not used in other modes
    - MINOR: log/backend: prevent tcp-{request,response} use with LOG mode
    - MINOR: log/backend: prevent stick table and stick rules with LOG mode
    - MINOR: log/backend: prevent "http-send-name-header" use with LOG mode
    - MINOR: log/backend: prevent "dynamic-cookie-key" use with LOG mode
    - REGTESTS: http: add a test to validate chunked responses delivery
2023-11-18 12:00:37 +01:00
Willy Tarreau ff3dcb20f2 [RELEASE] Released version 2.9-dev9
Released version 2.9-dev9 with the following main changes :
    - DOC: internal: filters: fix reference to entities.pdf
    - BUG/MINOR: ssl: load correctly @system-ca when ca-base is define
    - MINOR: lua: Add flags to configure logging behaviour
    - MINOR: lua: change tune.lua.log.stderr default from 'on' to 'auto'
    - BUG/MINOR: backend: fix wrong BUG_ON for avail conn
    - BUG/MAJOR: backend: fix idle conn crash under low FD
    - MINOR: backend: refactor insertion in avail conns tree
    - DEBUG: mux-h2/flags: fix list of h2c flags used by the flags decoder
    - BUG/MEDIUM: server/log: "mode log" after server keyword causes crash
    - MINOR: connection: add conn_pr_mode_to_proto_mode() helper func
    - BUG/MEDIUM: server: "proto" not working for dynamic servers
    - MINOR: server: add helper function to detach server from proxy list
    - DEBUG: add a tainted flag when ha_panic() is called
    - DEBUG: lua: add tainted flags for stuck Lua contexts
    - DEBUG: pools: detect that malloc_trim() is in progress
    - BUG/MINOR: quic: do not consider idle timeout on CLOSING state
    - MINOR: frontend: implement a dedicated actconn increment function
    - BUG/MINOR: ssl: use a thread-safe sslconns increment
    - MEDIUM: quic: count quic_conn instance for maxconn
    - MEDIUM: quic: count quic_conn for global sslconns
    - BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA
    - REGTESTS: ssl: update the filters test for TLSv1.3 and sigalgs
    - BUG/MINOR: mux-quic: fix early close if unset client timeout
    - BUG/MEDIUM: ssl: segfault when cipher is NULL
    - BUG/MINOR: tcpcheck: Report hexstring instead of binary one on check failure
    - MEDIUM: systemd: be more verbose about the reload
    - MINOR: sample: Add fetcher for getting all cookie names
    - BUG/MINOR: proto_reverse_connect: support SNI on active connect
    - MINOR: proxy/stktable: add resolve_stick_rule helper function
    - BUG/MINOR: stktable: missing free in parse_stick_table()
    - BUG/MINOR: cfgparse/stktable: fix error message on stktable_init() failure
    - MINOR: stktable: stktable_init() sets err_msg on error
    - MINOR: stktable: check if a type should be used as-is
    - MEDIUM: stktable/peers: "write-to" local table on peer updates
    - CI: github: update wolfSSL to 5.6.4
    - DOC: install: update the wolfSSL required version
    - MINOR: server: Add parser support for set-proxy-v2-tlv-fmt
    - MINOR: connection: Send out generic, user-defined server TLVs
    - BUG/MEDIUM: pattern: don't trim pools under lock in pat_ref_purge_range()
    - MINOR: mux-h2: always use h2_send() in h2_done_ff(), not h2_process()
    - OPTIM: mux-h2: call h2_send() directly from h2_snd_buf()
    - BUG/MINOR: server: remove some incorrect free() calls on null elements
2023-11-04 09:38:16 +01:00
Willy Tarreau c1ad57f0de [RELEASE] Released version 2.9-dev8
Released version 2.9-dev8 with the following main changes :
    - MINOR: ssl: add an explicit error when 'ciphersuites' are not supported
    - BUILD: ssl: enable 'ciphersuites' for WolfSSL
    - BUILD: ssl: add 'ssl_c_r_dn' fetch for WolfSSL
    - BUILD: ssl: add 'secure_memcmp' converter for WolfSSL and awslc
    - BUILD: ssl: enable keylog for awslc
    - CLEANUP: ssl: remove compat functions for openssl < 1.0.0
    - BUILD: ssl: enable keylog for WolfSSL
    - REGTESTS: pki: add a pki for SSL tests
    - REGTESTS: ssl: update common.pem with the new pki
    - REGTESTS: ssl: disable ssl_dh.vtc for WolfSSL
    - REGTESTS: wolfssl: temporarly disable some failing reg-tests
    - CI: ssl: add wolfssl to build-ssl.sh
    - CI: ssl: add git id support for wolfssl download
    - CI: github: add a wolfssl entry to the CI
    - CI: github: update wolfssl to git revision d83f2fa
    - CI: github: add awslc 1.16.0 to the push CI
    - BUG/MINOR: quic: Avoid crashing with unsupported cryptographic algos
    - REORG: quic: cleanup traces definition
    - BUG/MINOR: quic: reject packet with no frame
    - BUG/MEDIUM: mux-quic: fix RESET_STREAM on send-only stream
    - BUG/MINOR: mux-quic: support initial 0 max-stream-data
    - BUG/MINOR: h3: strengthen host/authority header parsing
    - CLEANUP: connection: drop an uneeded leftover cast
    - BUG/MAJOR: connection: make sure to always remove a connection from the tree
    - BUG/MINOR: quic: fix qc.cids access on quic-conn fail alloc
    - BUG/MINOR: quic: fix free on quic-conn fail alloc
    - BUG/MINOR: mux-quic: fix free on qcs-new fail alloc
    - BUG/MEDIUM: quic-conn: free unsent frames on retransmit to prevent crash
    - MEDIUM: tree-wide: logsrv struct becomes logger
    - MEDIUM: log: introduce log target
    - DOC: config: log <address> becomes log <target> in "log" related doc
    - MEDIUM: sink/log: stop relying on AF_UNSPEC for rings
    - MINOR: log: support explicit log target as argument in __do_send_log()
    - MINOR: log: remove the logger dependency in do_send_log()
    - MEDIUM: log/sink: simplify log header handling
    - MEDIUM: sink: inherit from caller fmt in ring_write() when rings didn't set one
    - MINOR: sink: add sink_new_from_srv() function
    - MAJOR: log: introduce log backends
    - MINOR: log/balance: support for the "sticky" lb algorithm
    - MINOR: log/balance: support for the "random" lb algorithm
    - MINOR: lbprm: support for the "none" hash-type function
    - MINOR: lbprm: compute the hash avalanche in gen_hash()
    - MINOR: sample: add sample_process_cnv() function
    - MEDIUM: log/balance: support for the "hash" lb algorithm
    - REGTEST: add a test for log-backend used as a log target
    - MINOR: server: introduce "log-bufsize" kw
    - BUG/MEDIUM: stconn: Report a send activity everytime data were sent
    - BUG/MEDIUM: applet: Report a send activity everytime data were sent
    - BUG/MINOR: mux-h1: Send a 400-bad-request on shutdown before the first request
    - MINOR: support for http-response set-timeout
    - BUG/MINOR: mux-h2: make up other blocked streams upon removal from list
    - DEBUG: pool: store the memprof bin on alloc() and update it on free()
    - BUG/MEDIUM: quic_conn: let the scheduler kill the task when needed
    - CLEANUP: hlua: Remove dead-code on error path in hlua_socket_new()
    - BUG/MEDIUM: mux-h1: do not forget TLR/EOT even when no data is sent
    - BUG/MINOR: htpp-ana/stats: Specify that HTX redirect messages have a C-L header
    - BUG/MEDIUM: mux-h2: Don't report an error on shutr if a shutw is pending
    - MEDIUM: stconn/channel: Move pipes used for the splicing in the SE descriptors
    - MINOR: stconn: Start to introduce mux-to-mux fast-forwarding notion
    - MINOR: stconn: Extend iobuf to handle a buffer in addition to a pipe
    - MINOR: connection: Add new mux callbacks to perform data fast-forwarding
    - MINOR: stconn: Temporarily remove kernel splicing support
    - MINOR: mux-pt: Temporarily remove splicing support
    - MINOR: mux-h1: Temporarily remove splicing support
    - MINOR: connection: Remove mux callbacks about splicing
    - MEDIUM: stconn: Add mux-to-mux fast-forward support
    - MINOR: mux-h1: Use HTX extra field only for responses with known length
    - MEDIUM: mux-h1: Properly handle state transitions of chunked outgoing messages
    - MEDIUM: raw-sock: Specifiy amount of data to send via snd_pipe callback
    - MINOR: mux-h1: Add function to add size of a chunk to an outgoind message
    - MEDIUM: mux-h1: Simplify zero-copy on sending path
    - MEDIUM: mux-h1: Simplify payload formatting based on HTX blocks on sending path
    - MEDIUM: mux-h1: Add fast-forwarding support
    - MINOR: h2: Set the BODYLESS_RESP flag on the HTX start-line if necessary
    - MEDIUM: mux-h2: Add consumer-side fast-forwarding support
    - MEDIUM: channel: don't look at iobuf to report an empty channel
    - MINOR: tree-wide: Only rely on co_data() to check channel emptyness
    - REGTESTS: Reenable HTTP tests about splicing
    - CLEAN: mux-h1: Remove useless __maybe_unused attribute on h1_make_chunk()
    - MEDIUM: mux-pt: Add fast-forwarding support
    - MINOR: global: Add an option to disable the zero-copy forwarding
    - BUILD: mux-h1: Fix build without kernel splicing support
    - REORG: stconn/muxes: Rename init step in fast-forwarding
    - MINOR: dgram: allow to set rcv/sndbuf for dgram sockets as well
    - BUG/MINOR: mux-h2: fix http-request and http-keep-alive timeouts again
    - BUG/MINOR: trace: fix trace parser error reporting
    - BUG/MEDIUM: peers: Be sure to always refresh recconnect timer in sync task
    - BUG/MEDIUM: peers: Fix synchro for huge number of tables
    - MINOR: cfgparse: forbid mixing reverse and standard listeners
    - MINOR: listener: add nbconn kw for reverse connect
    - MINOR: server: convert @reverse to rev@ standard format
    - MINOR: cfgparse: rename "rev@" prefix to "rhttp@"
    - REGTESTS: remove maxconn from rhttp bind line
    - MINOR: listener: forbid most keywords for reverse HTTP bind
    - MINOR: sample: Added support for Arrays in sample_conv_json_query in sample.c
    - MINOR: mux-h2/traces: explicitly show the error/refused stream states
    - MINOR: mux-h2/traces: clarify the "rejected H2 request" event
    - BUG/MINOR: mux-h2: commit the current stream ID even on reject
    - BUG/MINOR: mux-h2: update tracked counters with req cnt/req err
2023-10-20 21:36:47 +02:00
Willy Tarreau 7f1a3ee5d7 [RELEASE] Released version 2.9-dev7
Released version 2.9-dev7 with the following main changes :
    - MINOR: support for http-request set-timeout client
    - BUG/MINOR: mux-quic: remove full demux flag on ncbuf release
    - CLEANUP: freq_ctr: make all freq_ctr readers take a const
    - CLEANUP: stream: make the dump code not depend on the CLI appctx
    - MINOR: stream: split stats_dump_full_strm_to_buffer() in two
    - CLEANUP: stream: use const filters in the dump function
    - CLEANUP: stream: make strm_dump_to_buffer() take a const stream
    - MINOR: stream: make strm_dump_to_buffer() take an arbitrary buffer
    - MINOR: stream: make strm_dump_to_buffer() show the list of filters
    - MINOR: stream: make stream_dump() always multi-line
    - MINOR: streams: add support for line prefixes to strm_dump_to_buffer()
    - MEDIUM: stream: now provide full stream dumps in case of loops
    - MINOR: debug: use the more detailed stream dump in panics
    - CLEANUP: stream: remove the now unused stream_dump() function
    - Revert "BUG/MEDIUM: quic: missing check of dcid for init pkt including a token"
    - MINOR: stream: fix output alignment of stuck thread dumps
    - BUG/MINOR: proto_reverse_connect: fix FD leak on connection error
    - BUG/MINOR: tcp_act: fix attach-srv rule ACL parsing
    - MINOR: connection: define error for reverse connect
    - MINOR: connection: define mux flag for reverse support
    - MINOR: tcp_act: remove limitation on protocol for attach-srv
    - BUG/MINOR: proto_reverse_connect: fix FD leak upon connect
    - BUG/MAJOR: plock: fix major bug in pl_take_w() introduced with EBO
    - Revert "MEDIUM: sample: Small fix in function check_operator for eror reporting"
    - DOC: sample: Add a comment in 'check_operator' to explain why 'vars_check_arg' should ignore the 'err' buffer
    - DEV: sslkeylogger: handle file opening error
    - MINOR: quic: define quic-socket bind setting
    - MINOR: quic: handle perm error on bind during runtime
    - MINOR: backend: refactor specific source address allocation
    - MINOR: proto_reverse_connect: support source address setting
    - BUILD: pool: Fix GCC error about potential null pointer dereference
    - MINOR: hlua: Set context's appctx when the lua socket is created
    - MINOR: hlua: Don't preform operations on a not connected socket
    - MINOR: hlua: Save the lua socket's timeout in its context
    - MINOR: hlua: Save the lua socket's server in its context
    - MINOR: hlua: Test the hlua struct first when the lua socket is connecting
    - BUG/MEDIUM: hlua: Initialize appctx used by a lua socket on connect only
    - DEBUG: mux-h1: Fix event label from trace messages about payload formatting
    - BUG/MINOR: mux-h1: Handle read0 in rcv_pipe() only when data receipt was tried
    - BUG/MINOR: mux-h1: Ignore C-L when sending H1 messages if T-E is also set
    - BUG/MEDIUM: h1: Ignore C-L value in the H1 parser if T-E is also set
    - REGTESTS: filters: Don't set C-L header in the successful response to CONNECT
    - MINOR: mux-h1: Add flags if outgoing msg contains a header about its payload
    - MINOR: mux-h1: Rely on H1S_F_HAVE_CHNK to add T-E in outgoing messages
    - BUG/MEDIUM: mux-h1: Add C-L header in outgoing message if it was removed
    - BUG/MEDIUM: mux-h1; Ignore headers modifications about payload representation
    - BUG/MINOR: h1-htx: Keep flags about C-L/T-E during HEAD response parsing
    - MINOR: h1-htx: Declare successful tunnel establishment as bodyless
    - BUILD: quic: allow USE_QUIC to work with AWSLC
    - CI: github: add USE_QUIC=1 to aws-lc build
    - BUG/MINOR: hq-interop: simplify parser requirement
    - MEDIUM: cache: Add "Origin" header to secondary cache key
    - MINOR: haproxy: permit to register features during boot
    - MINOR: tcp_rules: tcp-{request,response} requires TCP or HTTP mode
    - MINOR: stktable: "stick" requires TCP or HTTP mode
    - MINOR: filter: "filter" requires TCP or HTTP mode
    - MINOR: backend/balance: "balance" requires TCP or HTTP mode
    - MINOR: flt_http_comp: "compression" requires TCP or HTTP mode
    - MINOR: http_htx/errors: prevent the use of some keywords when not in tcp/http mode
    - MINOR: fcgi-app: "use-fcgi-app" requires TCP or HTTP mode
    - MINOR: cfgparse-listen: "http-send-name-header" requires TCP or HTTP mode
    - MINOR: cfgparse-listen: "dynamic-cookie-key" requires TCP or HTTP mode
    - MINOR: proxy: dynamic-cookie CLIs require TCP or HTTP mode
    - MINOR: cfgparse-listen: "http-reuse" requires TCP or HTTP mode
    - MINOR: proxy: report a warning for max_ka_queue in proxy_cfg_ensure_no_http()
    - MINOR: cfgparse-listen: warn when use-server rules is used in wrong mode
    - DOC: config: unify "log" directive doc
    - MINOR: sink/log: fix some typos around postparsing logic
    - MINOR: sink: remove useless check after sink creation
    - MINOR: sink: don't rely on p->parent in sink appctx
    - MINOR: sink: don't rely on forward_px to init sink forwarding
    - MINOR: sink: refine forward_px usage
    - MINOR: sink: function to add new sink servers
    - BUG/MEDIUM: stconn: Fix comparison sign in sc_need_room()
    - BUG/MEDIUM: actions: always apply a longest match on prefix lookup
2023-10-06 22:03:17 +02:00
Willy Tarreau f75a369009 [RELEASE] Released version 2.9-dev6
Released version 2.9-dev6 with the following main changes :
    - BUG/MINOR: quic: fdtab array underflow access
    - DEBUG: pools: always record the caller for uncached allocs as well
    - DEBUG: pools: pass the caller pointer to the check functions and macros
    - DEBUG: pools: make pool_check_pattern() take a pointer to the pool
    - DEBUG: pools: inspect pools on fatal error and dump information found
    - BUG/MEDIUM: quic: quic_cc_conn ->cntrs counters unreachable
    - DEBUG: pools: also print the item's pointer when crashing
    - DEBUG: pools: also print the value of the tag when it doesn't match
    - DEBUG: pools: print the contents surrounding the expected tag location
    - MEDIUM: pools: refine pool size rounding
    - BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume()
    - BUG/MINOR: hlua/init: coroutine may not resume itself
    - BUG/MEDIUM: mux-fcgi: Don't swap trash and dbuf when handling STDERR records
    - BUG/MINOR: promex: fix backend_agg_check_status
    - BUG/MEDIUM: master/cli: Pin the master CLI on the first thread of the group 1
    - MAJOR: import: update mt_list to support exponential back-off
    - CLEANUP: pools: simplify the pool expression when no pool was matched in dump
    - MINOR: samples: implement bytes_in and bytes_out samples
    - DOC: configuration: add %[req.ver] sample to %HV
    - BUG/MINOR: quic: Leak of frames to send.
    - DOC: configuration: add %[query] to %HQ
    - BUG/MINOR: freq_ctr: fix possible negative rate with the scaled API
    - BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before headers
    - BUILD: quic: fix build on centos 8 and USE_QUIC_OPENSSL_COMPAT
    - Revert "MAJOR: import: update mt_list to support exponential back-off"
    - BUG/MINOR: server: add missing free for server->rdr_pfx
    - REGTESTS: ssl: skip OCSP test w/ WolfSSL
    - REGTESTS: ssl: skip generate-certificates test w/ wolfSSL
    - MINOR: logs: clarify the check of the log range
    - MINOR: log: remove the unused curr_idx in struct smp_log_range
    - CLEANUP: logs: rename a confusing local variable "curr_rg" to "smp_rg"
    - MINOR: logs: use a single index to store the current range and index
    - MEDIUM: logs: atomically check and update the log sample index
    - CLEANUP: ring: rename the ring lock "RING_LOCK" instead of "LOGSRV_LOCK"
    - BUG/MEDIUM: http-ana: Try to handle response before handling server abort
    - MEDIUM: tools/ip: v4tov6() and v6tov4() rework
    - MINOR: pattern/ip: offload ip conversion logic to helper functions
    - MINOR: pattern: fix pat_{parse,match}_ip() function comments
    - MINOR: pattern/ip: simplify pat_match_ip() function
    - BUG/MEDIUM: server/cli: don't delete a dynamic server that has streams
    - MINOR: hlua: Add support for the "http-after-res" action
    - BUG/MINOR: proto_reverse_connect: fix preconnect with startup name resolution
    - MINOR: proto_reverse_connect: prevent transparent server for pre-connect
    - CI: cirrus-ci: display gdb bt if any
    - MEDIUM: sample: Enhances converter "bytes" to take variable names as arguments
    - MEDIUM: sample: Small fix in function check_operator for eror reporting
    - MINOR: quic: handle external extra CIDs generator.
    - BUG/MINOR: proto_reverse_connect: set default maxconn
    - MINOR: proto_reverse_connect: refactor preconnect failure
    - MINOR: proto_reverse_connect: remove unneeded wakeup
    - MINOR: proto_reverse_connect: emit log for preconnect
2023-09-22 23:11:31 +02:00
Willy Tarreau 8b7841ff7a [RELEASE] Released version 2.9-dev5
Released version 2.9-dev5 with the following main changes :
    - BUG/MEDIUM: mux-h2: fix crash when checking for reverse connection after error
    - BUILD: import: guard plock.h against multiple inclusion
    - BUILD: pools: import plock.h to build even without thread support
    - BUG/MINOR: ssl/cli: can't find ".crt" files when replacing a certificate
    - BUG/MINOR: stream: protect stream_dump() against incomplete streams
    - DOC: config: mention uid dependency on the tune.quic.socket-owner option
    - MEDIUM: capabilities: enable support for Linux capabilities
    - CLEANUP/MINOR: connection: Improve consistency of PPv2 related constants
    - MEDIUM: connection: Generic, list-based allocation and look-up of PPv2 TLVs
    - MEDIUM: sample: Add fetch for arbitrary TLVs
    - MINOR: sample: Refactor fc_pp_authority by wrapping the generic TLV fetch
    - MINOR: sample: Refactor fc_pp_unique_id by wrapping the generic TLV fetch
    - MINOR: sample: Add common TLV types as constants for fc_pp_tlv
    - MINOR: ssl_sock: avoid iterating realloc(+1) on stored context
    - DOC: ssl: add some comments about the non-obvious session allocation stuff
    - CLEANUP: ssl: keep a pointer to the server in ssl_sock_init()
    - MEDIUM: ssl_sock: always use the SSL's server name, not the one from the tid
    - MEDIUM: server/ssl: place an rwlock in the per-thread ssl server session
    - MINOR: server/ssl: maintain an index of the last known valid SSL session
    - MINOR: server/ssl: clear the shared good session index on failure
    - MEDIUM: server/ssl: pick another thread's session when we have none yet
    - MINOR: activity: report the current run queue size
    - BUG/MINOR: checks: do not queue/wake a bounced check
    - MINOR: checks: start the checks in sleeping state
    - MINOR: checks: pin the check to its thread upon wakeup
    - MINOR: check: remember when we migrate a check
    - MINOR: check/activity: collect some per-thread check activity stats
    - MINOR: checks: maintain counters of active checks per thread
    - MINOR: check: also consider the random other thread's active checks
    - MEDIUM: checks: search more aggressively for another thread on overload
    - MEDIUM: checks: implement a queue in order to limit concurrent checks
    - MINOR: checks: also consider the thread's queue for rebalancing
    - DEBUG: applet: Properly report opposite SC expiration dates in traces
    - BUG/MEDIUM: stconn: Update stream expiration date on blocked sends
    - BUG/MINOR: stconn: Don't report blocked sends during connection establishment
    - BUG/MEDIUM: stconn: Wake applets on sending path if there is a pending shutdown
    - BUG/MEDIUM: stconn: Don't block sends if there is a pending shutdown
    - BUG/MINOR: quic: Possible skipped RTT sampling
    - MINOR: quic: Add a trace to quic_release_frm()
    - BUG/MAJOR: quic: Really ignore malformed ACK frames.
    - BUG/MINOR: quic: Unchecked pointer to packet number space dereferenced
    - BUG/MEDIUM: connection: fix pool free regression with recent ppv2 TLV patches
    - BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer
    - BUG/MINOR: stream: further protect stream_dump() against incomplete sessions
    - DOC: configuration: update examples for req.ver
    - MINOR: properly mark the end of the CLI command in error messages
    - BUILD: ssl: Build with new cryptographic library AWS-LC
    - REGTESTS: ssl: skip ssl_dh test with AWS-LC
    - BUILD: bug: make BUG_ON() void to avoid a rare warning
    - BUILD: checks: shut up yet another stupid gcc warning
    - MINOR: cpuset: add ha_cpuset_isset() to check for the presence of a CPU in a set
    - MINOR: cpuset: add ha_cpuset_or() to bitwise-OR two CPU sets
    - MINOR: cpuset: centralize a reliable bound cpu detection
    - MEDIUM: threads: detect incomplete CPU bindings
    - MEDIUM: threads: detect excessive thread counts vs cpu-map
    - BUILD: quic: Compilation issue on 32-bits systems with quic_may_send_bytes()
    - BUG/MINOR: quic: Unchecked pointer to Handshake packet number space
    - MINOR: global: export the display_version() symbol
    - MEDIUM: mworker: display a more accessible message when a worker crash
    - MINOR: httpclient: allow to configure the retries
    - MINOR: httpclient: allow to configure the timeout.connect
    - BUG/MINOR: quic: Wrong RTT adjusments
    - BUG/MINOR: quic: Wrong RTT computation (srtt and rrt_var)
    - BUG/MINOR: stconn: Don't inhibit shutdown on connection on error
    - BUG/MEDIUM: applet: Fix API for function to push new data in channels buffer
    - BUG/MEDIUM: stconn: Report read activity when a stream is attached to front SC
    - BUG/MEDIUM: applet: Report an error if applet request more room on aborted SC
    - BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout
    - NUG/MEDIUM: stconn: Always update stream's expiration date after I/O
    - BUG/MINOR: applet: Always expect data when CLI is waiting for a new command
    - BUG/MINOR: ring/cli: Don't expect input data when showing events
    - BUG/MINOR: quic: Dereferenced unchecked pointer to Handshke packet number space
    - BUG/MINOR: hlua/action: incorrect message on E_YIELD error
    - MINOR: http_ana: position the FINAL flag for http_after_res execution
    - CI: scripts: add support to build-ssl.sh to download and build AWS-LC
    - CI: add support to matrix.py to determine the latest AWS-LC release
    - CI: Update matrix.py so all code is contained in functions.
    - CI: github: Add a weekly CI run building with AWS-LC
    - MINOR: ring: add a function to compute max ring payload
    - BUG/MEDIUM: ring: adjust maxlen consistency check
    - MINOR: sink: simplify post_sink_resolve function
    - MINOR: log/sink: detect when log maxlen exceeds sink size
    - MINOR: sink: inform the user when logs will be implicitly truncated
    - MEDIUM: sink: don't perform implicit truncations when maxlen is not set
    - MINOR: log: move log-forwarders cleanup in log.c
    - MEDIUM: httpclient/logs: rely on per-proxy post-check instead of global one
    - MINOR: log: add dup_logsrv() helper function
    - MEDIUM: log/sink: make logsrv postparsing more generic
    - MEDIUM: fcgi-app: properly postresolve logsrvs
    - MEDIUM: spoe-agent: properly postresolve log rings
    - MINOR: sink: add helper function to deallocate sink struct
    - MEDIUM: sink/ring: introduce high level ring creation helper function
    - MEDIUM: sink: add sink_finalize() function
    - CLEANUP: log: remove unnecessary trim in __do_send_log
    - MINOR: cache: Change hash function in default normalizer used in case of "vary"
    - MINOR: tasks/stats: report the number of niced tasks in "show info"
    - CI: Update to actions/checkout@v4
    - MINOR: ssl: add support for 'curves' keyword on server lines
    - BUG/MINOR: quic: Wrong cluster secret initialization
    - CLEANUP: quic: Remove useless free_quic_tx_pkts() function.
    - MEDIUM: init: initialize the trash earlier
    - MINOR: tools: add function read_line_to_trash() to read a line of a file
    - MINOR: cfgparse: use read_line_from_trash() to read from /sys
    - MEDIUM: cfgparse: assign NUMA affinity to cpu-maps
    - MINOR: cpuset: dynamically allocate cpu_map
    - REORG: cpuset: move parse_cpu_set() and parse_cpumap() to cpuset.c
    - CI: musl: highlight section if there are coredumps
    - CI: musl: drop shopt in workflow invocation
2023-09-08 19:21:45 +02:00
Willy Tarreau 518349f08a [RELEASE] Released version 2.9-dev4
Released version 2.9-dev4 with the following main changes :
    - DEV: flags/show-sess-to-flags: properly decode fd.state
    - BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection
    - BUG/MINOR: stktable: allow sc-add-gpc from tcp-request connection
    - DOC: typo: fix sc-set-gpt references
    - SCRIPTS: git-show-backports: automatic ref and base detection with -m
    - REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (3)
    - DOC: jwt: Add explicit list of supported algorithms
    - BUILD: Makefile: add the USE_QUIC option to make help
    - BUILD: Makefile: add USE_QUIC_OPENSSL_COMPAT to make help
    - BUILD: Makefile: realigned USE_* options in make help
    - DEV: makefile: fix POSIX compatibility for "range" target
    - IMPORT: plock: also support inlining the int code
    - IMPORT: plock: always expose the inline version of the lock wait function
    - IMPORT: lorw: support inlining the wait call
    - MINOR: threads: inline the wait function for pthread_rwlock emulation
    - MINOR: atomic: make sure to always relax after a failed CAS
    - MINOR: pools: use EBO to wait for unlock during pool_flush()
    - BUILD/IMPORT: fix compilation with PLOCK_DISABLE_EBO=1
    - MINOR: quic+openssl_compat: Do not start without "limited-quic"
    - MINOR: quic+openssl_compat: Emit an alert for "allow-0rtt" option
    - BUG/MINOR: quic: allow-0rtt warning must only be emitted with quic bind
    - BUG/MINOR: quic: ssl_quic_initial_ctx() uses error count not error code
    - MINOR: pattern: do not needlessly lookup the LRU cache for empty lists
    - IMPORT: xxhash: update xxHash to version 0.8.2
    - MINOR: proxy: simplify parsing 'backend/server'
    - MINOR: connection: centralize init/deinit of backend elements
    - MEDIUM: connection: implement passive reverse
    - MEDIUM: h2: reverse connection after SETTINGS reception
    - MINOR: server: define reverse-connect server
    - MINOR: backend: only allow reuse for reverse server
    - MINOR: tcp-act: parse 'tcp-request attach-srv' session rule
    - REGTESTS: provide a reverse-server test
    - MINOR: tcp-act: define optional arg name for attach-srv
    - MINOR: connection: use attach-srv name as SNI reuse parameter on reverse
    - REGTESTS: provide a reverse-server test with name argument
    - MINOR: proto: define dedicated protocol for active reverse connect
    - MINOR: connection: extend conn_reverse() for active reverse
    - MINOR: proto_reverse_connect: parse rev@ addresses for bind
    - MINOR: connection: prepare init code paths for active reverse
    - MEDIUM: proto_reverse_connect: bootstrap active reverse connection
    - MINOR: proto_reverse_connect: handle early error before reversal
    - MEDIUM: h2: implement active connection reversal
    - MEDIUM: h2: prevent stream opening before connection reverse completed
    - REGTESTS: write a full reverse regtest
    - BUG/MINOR: h2: fix reverse if no timeout defined
    - CI: fedora: fix "dnf" invocation syntax
    - BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage
    - DOC: lua: fix Sphinx warning from core.get_var()
    - DOC: lua: fix core.register_action typo
    - BUG/MINOR: ssl_sock: fix possible memory leak on OOM
    - MEDIUM: map/acl: Improve pat_ref_set() efficiency (for "set-map", "add-acl" action perfs)
    - MEDIUM: map/acl: Improve pat_ref_set_elt() efficiency (for "set-map", "add-acl"action perfs)
    - MEDIUM: map/acl: Accelerate several functions using pat_ref_elt struct ->head list
    - MEDIUM: map/acl: Replace map/acl spin lock by a read/write lock.
    - DOC: map/acl: Remove the comments about map/acl performance issue
    - DOC: Explanation of be_name and be_id fetches
    - MINOR: connection: simplify removal of idle conns from their trees
    - MINOR: server: move idle tree insert in a dedicated function
    - MAJOR: connection: purge idle conn by last usage
2023-08-25 17:57:22 +02:00
Willy Tarreau 75028bcba6 [RELEASE] Released version 2.9-dev3
Released version 2.9-dev3 with the following main changes :
    - BUG/MINOR: ssl: OCSP callback only registered for first SSL_CTX
    - BUG/MEDIUM: h3: Properly report a C-L header was found to the HTX start-line
    - MINOR: sample: add pid sample
    - MINOR: sample: implement act_conn sample fetch
    - MINOR: sample: accept_date / request_date return %Ts / %tr timestamp values
    - MEDIUM: sample: implement us and ms variant of utime and ltime
    - BUG/MINOR: sample: check alloc_trash_chunk() in conv_time_common()
    - DOC: configuration: describe Td in Timing events
    - MINOR: sample: implement the T* timer tags from the log-format as fetches
    - DOC: configuration: add sample fetches for timing events
    - BUG/MINOR: quic: Possible crash when acknowledging Initial v2 packets
    - MINOR: quic: Export QUIC traces code from quic_conn.c
    - MINOR: quic: Export QUIC CLI code from quic_conn.c
    - MINOR: quic: Move TLS related code to quic_tls.c
    - MINOR: quic: Add new "QUIC over SSL" C module.
    - MINOR: quic: Add a new quic_ack.c C module for QUIC acknowledgements
    - CLEANUP: quic: Defined but no more used function (quic_get_tls_enc_levels())
    - MINOR: quic: Split QUIC connection code into three parts
    - CLEANUP: quic: quic_conn struct cleanup
    - MINOR: quic; Move the QUIC frame pool to its proper location
    - BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full
    - BUG/MEDIUM: h3: Be sure to handle fin bit on the last DATA frame
    - DOC: configuration: rework the custom log format table
    - BUG/MINOR: quic+openssl_compat: Non initialized TLS encryption levels
    - CLEANUP: acl: remove cache_idx from acl struct
    - REORG: cfgparse: extract curproxy as a global variable
    - MINOR: acl: add acl() sample fetch
    - BUILD: cfgparse: keep a single "curproxy"
    - BUG/MEDIUM: bwlim: Reset analyse expiration date when then channel analyse ends
    - MEDIUM: stream: Reset response analyse expiration date if there is no analyzer
    - BUG/MINOR: htx/mux-h1: Properly handle bodyless responses when splicing is used
    - BUG/MEDIUM: quic: consume contig space on requeue datagram
    - BUG/MINOR: http-client: Don't forget to commit changes on HTX message
    - CLEANUP: stconn: Move comment about sedesc fields on the field line
    - REGTESTS: http: Create a dedicated script to test spliced bodyless responses
    - REGTESTS: Test SPLICE feature is enabled to execute script about splicing
    - BUG/MINOR: quic: reappend rxbuf buffer on fake dgram alloc error
    - BUILD: quic: fix wrong potential NULL dereference
    - MINOR: h3: abort request if not completed before full response
    - BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value replacement
    - CLEANUP: quic: Remove quic_path_room().
    - MINOR: quic: Amplification limit handling sanitization.
    - MINOR: quic: Move some counters from [rt]x quic_conn anonymous struct
    - MEDIUM: quic: Send CONNECTION_CLOSE packets from a dedicated buffer.
    - MINOR: quic: Use a pool for the connection ID tree.
    - MEDIUM: quic: Allow the quic_conn memory to be asap released.
    - MINOR: quic: Release asap quic_conn memory (application level)
    - MINOR: quic: Release asap quic_conn memory from ->close() xprt callback.
    - MINOR: quic: Warning for OpenSSL wrapper QUIC bindings without "limited-quic"
    - REORG: http: move has_forbidden_char() from h2.c to http.h
    - BUG/MAJOR: h3: reject header values containing invalid chars
    - MINOR: mux-h2/traces: also suggest invalid header upon parsing error
    - MINOR: ist: add new function ist_find_range() to find a character range
    - MINOR: http: add new function http_path_has_forbidden_char()
    - MINOR: h2: pass accept-invalid-http-request down the request parser
    - REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri tests
    - BUG/MINOR: h1: do not accept '#' as part of the URI component
    - BUG/MINOR: h2: reject more chars from the :path pseudo header
    - BUG/MINOR: h3: reject more chars from the :path pseudo header
    - REGTESTS: http-rules: verify that we block '#' by default for normalize-uri
    - DOC: clarify the handling of URL fragments in requests
    - BUG/MAJOR: http: reject any empty content-length header value
    - BUG/MINOR: http: skip leading zeroes in content-length values
    - BUG/MEDIUM: mux-h1: fix incorrect state checking in h1_process_mux()
    - BUG/MEDIUM: mux-h1: do not forget EOH even when no header is sent
    - BUILD: mux-h1: shut a build warning on clang from previous commit
    - DEV: makefile: add a new "range" target to iteratively build all commits
    - CI: do not use "groupinstall" for Fedora Rawhide builds
    - CI: get rid of travis-ci wrapper for Coverity scan
    - BUG/MINOR: quic: mux started when releasing quic_conn
    - BUG/MINOR: quic: Possible crash in quic_cc_conn_io_cb() traces.
    - MINOR: quic: Add a trace for QUIC conn fd ready for receive
    - BUG/MINOR: quic: Possible crash when issuing "show fd/sess" CLI commands
    - BUG/MINOR: quic: Missing tasklet (quic_cc_conn_io_cb) memory release (leak)
    - BUG/MEDIUM: quic: fix tasklet_wakeup loop on connection closing
    - BUG/MINOR: hlua: fix invalid use of lua_pop on error paths
    - MINOR: hlua: add hlua_stream_ctx_prepare helper function
    - BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread
    - MAJOR: threads/plock: update the embedded library again
    - MINOR: stick-table: move the task_queue() call outside of the lock
    - MINOR: stick-table: move the task_wakeup() call outside of the lock
    - MEDIUM: stick-table: change the ref_cnt atomically
    - MINOR: stick-table: better organize the struct stktable
    - MEDIUM: peers: update ->commitupdate out of the lock using a CAS
    - MEDIUM: peers: drop then re-acquire the wrlock in peer_send_teachmsgs()
    - MEDIUM: peers: only read-lock peer_send_teachmsgs()
    - MEDIUM: stick-table: use a distinct lock for the updates tree
    - MEDIUM: stick-table: touch updates under an upgradable read lock
    - MEDIUM: peers: drop the stick-table lock before entering peer_send_teachmsgs()
    - MINOR: stick-table: move the update lock into its own cache line
    - CLEANUP: stick-table: slightly reorder the stktable struct
    - BUILD: defaults: use __WORDSIZE not LONGBITS for MAX_THREADS_PER_GROUP
    - MINOR: tools: make ptr_hash() support 0-bit outputs
    - MINOR: tools: improve ptr hash distribution on 64 bits
    - OPTIM: tools: improve hash distribution using a better prime seed
    - OPTIM: pools: use exponential back-off on shared pool allocation/release
    - OPTIM: pools: make pool_get_from_os() / pool_put_to_os() not update ->allocated
    - MINOR: pools: introduce the use of multiple buckets
    - MEDIUM: pools: spread the allocated counter over a few buckets
    - MEDIUM: pools: move the used counter over a few buckets
    - MEDIUM: pools: move the needed_avg counter over a few buckets
    - MINOR: pools: move the failed allocation counter over a few buckets
    - MAJOR: pools: move the shared pool's free_list over multiple buckets
    - MINOR: pools: make pool_evict_last_items() use pool_put_to_os_no_dec()
    - BUILD: pools: fix build error on clang with inline vs forceinline
2023-08-12 19:59:27 +02:00
Willy Tarreau 80cef0c02d [RELEASE] Released version 2.9-dev2
Released version 2.9-dev2 with the following main changes :
    - BUG/MINOR: quic: Possible leak when allocating an encryption level
    - BUG/MINOR: quic: Missing QUIC connection path member initialization
    - BUILD: quic: Compilation fixes for some gcc warnings with -O1
    - DOC: ssl: Fix typo in 'ocsp-update' option
    - DOC: ssl: Add ocsp-update troubleshooting clues and emphasize on crt-list only aspect
    - BUG/MINOR: tcp_sample: bc_{dst,src} return IP not INT
    - MEDIUM: acl/sample: unify sample conv parsing in a single function
    - MINOR: sample: introduce c_pseudo() conv function
    - MEDIUM: sample: add missing ADDR=>? compatibility matrix entries
    - MINOR: sample: fix ipmask sample definition
    - MEDIUM: tree-wide: fetches that may return IPV4+IPV6 now return ADDR
    - MEDIUM: sample: introduce 'same' output type
    - BUG/MINOR: quic: Possible crash in "show quic" dumping packet number spaces
    - BUG/MINOR: cache: A 'max-age=0' cache-control directive can be overriden by a s-maxage
    - BUG/MEDIUM: sink: invalid server list in sink_new_from_logsrv()
    - BUG/MINOR: http_ext: unhandled ERR_ABORT in proxy_http_parse_7239()
    - BUG/MINOR: sink: missing sft free in sink_deinit()
    - BUG/MINOR: ring: size warning incorrectly reported as fatal error
    - BUG/MINOR: ring: maxlen warning reported as alert
    - BUG/MINOR: log: LF upsets maxlen for UDP targets
    - MINOR: sink/api: pass explicit maxlen parameter to sink_write()
    - BUG/MEDIUM: log: improper use of logsrv->maxlen for buffer targets
    - BUG/MINOR: log: fix missing name error message in cfg_parse_log_forward()
    - BUG/MINOR: log: fix multiple error paths in cfg_parse_log_forward()
    - BUG/MINOR: log: free errmsg on error in cfg_parse_log_forward()
    - BUG/MINOR: sink: invalid sft free in sink_deinit()
    - BUG/MINOR: sink: fix errors handling in cfg_post_parse_ring()
    - BUG/MINOR: server: set rid default value in new_server()
    - MINOR: hlua_fcn/mailers: handle timeout mail from mailers section
    - BUG/MINOR: sink/log: properly deinit srv in sink_new_from_logsrv()
    - EXAMPLES: maintain haproxy 2.8 retrocompatibility for lua mailers script
    - BUG/MINOR: hlua_fcn/queue: use atomic load to fetch queue size
    - BUG/MINOR: config: Remove final '\n' in error messages
    - BUG/MINOR: config: Lenient port configuration parsing
    - BUG/MEDIUM: quic: token IV was not computed using a strong secret
    - BUG/MINOR: quic: retry token remove one useless intermediate expand
    - BUG/MEDIUM: quic: missing check of dcid for init pkt including a token
    - BUG/MEDIUM: quic: timestamp shared in token was using internal time clock
    - CLEANUP: quic: remove useless parameter 'key' from quic_packet_encrypt
    - BUG/MINOR: hlua: hlua_yieldk ctx argument should support pointers
    - BUG/MEDIUM: hlua_fcn/queue: bad pop_wait sequencing
    - DOC: config: Fix fc_src description to state the source address is returned
    - BUG/MINOR: sample: Fix wrong overflow detection in add/sub conveters
    - BUG/MINOR: http: Return the right reason for 302
    - MEDIUM: ssl: new sample fetch method to get curve name
    - CI: add naming convention documentation
    - CI: explicitely highlight VTest result section if there's something
    - BUG/MINOR: quic: Unckecked encryption levels availability
    - BUILD: quic: fix warning during compilation using gcc-6.5
    - BUG/MINOR: hlua: add check for lua_newstate
    - BUG/MINOR: h1-htx: Return the right reason for 302 FCGI responses
    - MINOR: lua: Allow reading "proc." scoped vars from LUA core.
    - MINOR: cpuset: add cpu_map_configured() to know if a cpu-map was found
    - BUG/MINOR: config: do not detect NUMA topology when cpu-map is configured
    - BUG/MINOR: cpuset: remove the bogus "proc" from the cpu_map struct
    - BUG/MINOR: init: set process' affinity even in foreground
    - CLEANUP: cpuset: remove the unused proc_t1 field in cpu_map
    - CLEANUP: config: make parse_cpu_set() return documented values
    - BUG/MINOR: server: Don't warn on server resolution failure with init-addr none
    - MINOR: peers: add peers keyword registration
    - MINOR: quic: Stop storing the TX encoded transport parameters
    - MINOR: quic: Dynamic allocation for negotiated Initial TLS cipher context.
    - MINOR: quic: Release asap the negotiated Initial TLS context.
    - MINOR: quic: Add traces to qc_may_build_pkt()
    - MEDIUM: quic: Packet building rework.
    - CLEANUP: quic: Remove a useless TLS related variable from quic_conn_io_cb().
    - MEDIUM: quic: Handshake I/O handler rework.
    - MINOR: quic: Add traces for qc_frm_free()
    - MINOR: quic: add trace about pktns packet/frames releasing
    - BUG/MINOR: quic: Missing parentheses around PTO probe variable.
    - MINOR: quic: Ping from Initial pktns before reaching anti-amplification limit
    - BUG/MINOR: server-state: Ignore empty files
    - BUG/MINOR: server-state: Avoid warning on 'file not found'
    - BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary
    - MINOR: quic: QUIC openssl wrapper implementation
    - MINOR: quic: Include QUIC opensssl wrapper header from TLS stacks compatibility header
    - MINOR: quic: Do not enable O-RTT with USE_QUIC_OPENSSL_COMPAT
    - MINOR: quic: Set the QUIC connection as extra data before calling SSL_set_quic_method()
    - MINOR: quic: Do not enable 0RTT with SSL_set_quic_early_data_enabled()
    - MINOR: quic: Add a compilation option for the QUIC OpenSSL wrapper
    - MINOR: quic: Export some KDF functions (QUIC-TLS)
    - MINOR: quic: Make ->set_encryption_secrets() be callable two times
    - MINOR: quic: Initialize TLS contexts for QUIC openssl wrapper
    - MINOR: quic: Call the keylog callback for QUIC openssl wrapper from SSL_CTX_keylog()
    - MINOR: quic: Add a quic_openssl_compat struct to quic_conn struct
    - MINOR: quic: Useless call to SSL_CTX_set_quic_method()
    - MINOR: quic: SSL context initialization with QUIC OpenSSL wrapper.
    - MINOR: quic: Missing encoded transport parameters for QUIC OpenSSL wrapper
    - MINOR: quic: Add "limited-quic" new tuning setting
    - DOC: quic: Add "limited-quic" new tuning setting
    - DOC: install: Document how to build a limited support for QUIC
2023-07-21 20:29:42 +02:00
Willy Tarreau fdc57c4021 [RELEASE] Released version 2.9-dev1
Released version 2.9-dev1 with the following main changes :
    - BUG/MINOR: stats: Fix Lua's `get_stats` function
    - MINOR: stats: protect against future stats fields omissions
    - BUG/MINOR: stream: do not use client-fin/server-fin with HTX
    - BUG/MINOR: quic: Possible crash when SSL session init fails
    - CONTRIB: Add vi file extensions to .gitignore
    - BUG/MINOR: spoe: Only skip sending new frame after a receive attempt
    - BUG/MINOR: peers: Improve detection of config errors in peers sections
    - REG-TESTS: stickiness: Delay haproxys start to properly resolv variables
    - DOC: quic: fix misspelled tune.quic.socket-owner
    - DOC: config: fix jwt_verify() example using var()
    - DOC: config: fix rfc7239 converter examples (again)
    - BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line
    - BUG/MINOR: proxy: add missing interface bind free in free_proxy
    - BUG/MINOR: proxy/server: free default-server on deinit
    - BUG/MEDIUM: hlua: Use front SC to detect EOI in HTTP applets' receive functions
    - BUG/MINOR: ssl: log message non thread safe in SSL Hanshake failure
    - BUG/MINOR: quic: Wrong encryption level flags checking
    - BUG/MINOR: quic: Address inversion in "show quic full"
    - BUG/MINOR: server: inherit from netns in srv_settings_cpy()
    - BUG/MINOR: namespace: missing free in netns_sig_stop()
    - BUG/MINOR: quic: Missing initialization (packet number space probing)
    - BUG/MINOR: quic: Possible crash in quic_conn_prx_cntrs_update()
    - BUG/MINOR: quic: Possible endless loop in quic_lstnr_dghdlr()
    - MINOR: quic: Remove pool_zalloc() from qc_new_conn()
    - MINOR: quic: Remove pool_zalloc() from qc_conn_alloc_ssl_ctx()
    - MINOR: quic: Remove pool_zalloc() from quic_dgram_parse()
    - BUG/MINOR: quic: Missing transport parameters initializations
    - BUG/MEDIUM: mworker: increase maxsock with each new worker
    - BUG/MINOR: quic: ticks comparison without ticks API use
    - BUG/MINOR: quic: Missing TLS secret context initialization
    - DOC: Add tune.h2.be.* and tune.h2.fe.* options to table of contents
    - DOC: Add tune.h2.max-frame-size option to table of contents
    - DOC: Attempt to fix dconv parsing error for tune.h2.fe.initial-window-size
    - REGTESTS: h1_host_normalization : Add a barrier to not mix up log messages
    - MEDIUM: mux-h1: Split h1_process_mux() to make code more readable
    - REORG: mux-h1: Rename functions to emit chunk size/crlf in the output buffer
    - MINOR: mux-h1: Add function to append the chunk size to the output buffer
    - MINOR: mux-h1: Add function to prepend the chunk crlf to the output buffer
    - MEDIUM: filters/htx: Don't rely on HTX extra field if payload is filtered
    - MEDIIM: mux-h1: Add splicing support for chunked messages
    - REGTESTS: Add a script to test the kernel splicing with chunked messages
    - CLEANUP: mux-h1: Remove useless __maybe_unused statement
    - BUG/MINOR: http_ext: fix if-none regression in forwardfor option
    - REGTEST: add an extra testcase for ifnone-forwardfor
    - BUG/MINOR: mworker: leak of a socketpair during startup failure
    - BUG/MINOR: quic: Prevent deadlock with CID tree lock
    - MEDIUM: ssl: handle the SSL_ERROR_ZERO_RETURN during the handshake
    - BUG/MINOR: ssl: SSL_ERROR_ZERO_RETURN returns CO_ER_SSL_EMPTY
    - BUILD: mux-h1: silence a harmless fallthrough warning
    - BUG/MEDIUM: quic: error checking buffer large enought to receive the retry tag
    - MINOR: ssl: allow to change the server signature algorithm on server lines
    - MINOR: ssl: allow to change the client-sigalgs on server lines
    - BUG/MINOR: config: fix stick table duplicate name check
    - BUG/MINOR: quic: Missing random bits in Retry packet header
    - BUG/MINOR: quic: Wrong Retry paquet version field endianess
    - BUG/MINOR: quic: Wrong endianess for version field in Retry token
    - IMPORT: slz: implement a synchronous flush() operation
    - MINOR: compression/slz: add support for a pure flush of pending bytes
    - MINOR: quic: Move QUIC TLS encryption level related code (quic_conn_enc_level_init())
    - MINOR: quic: Move QUIC encryption level structure definition
    - MINOR: quic: Implement a packet number space identification function
    - MINOR: quic: Move packet number space related functions
    - MEDIUM: quic: Dynamic allocations of packet number spaces
    - CLEANUP: quic: Remove qc_list_all_rx_pkts() defined but not used
    - MINOR: quic: Add a pool for the QUIC TLS encryption levels
    - MEDIUM: quic: Dynamic allocations of QUIC TLS encryption levels
    - MINOR: quic: Reduce the maximum length of TLS secrets
    - CLEANUP: quic: Remove two useless pools a low QUIC connection level
    - MEDIUM: quic: Handle the RX in one pass
    - MINOR: quic: Remove call to qc_rm_hp_pkts() from I/O callback
    - CLEANUP: quic: Remove server specific about Initial packet number space
    - MEDIUM: quic: Release encryption levels and packet number spaces asap
    - CLEANUP: quic: Remove a useless test about discarded pktns (qc_handle_crypto_frm())
    - MINOR: quic: Move the packet number space status at quic_conn level
    - MINOR: quic: Drop packet with type for discarded packet number space.
    - BUILD: quic: Add a DISGUISE() to please some compiler to qc_prep_hpkts() 1st parameter
    - BUILD: debug: avoid a build warning related to epoll_wait() in debug code
2023-07-02 11:13:42 +02:00
Willy Tarreau cb6a35fdc1 [RELEASE] Released version 2.9-dev0
Released version 2.9-dev0 with the following main changes :
    - MINOR: version: mention that it's development again
2023-05-31 16:29:19 +02:00
Willy Tarreau fdd8154ed3 [RELEASE] Released version 2.8.0
Released version 2.8.0 with the following main changes :
    - MINOR: compression: Improve the way Vary header is added
    - BUILD: makefile: search for SSL_INC/wolfssl before SSL_INC
    - MINOR: init: pre-allocate kernel data structures on init
    - DOC: install: add details about WolfSSL
    - BUG/MINOR: ssl_sock: add check for ha_meth
    - BUG/MINOR: thread: add a check for pthread_create
    - BUILD: init: print rlim_cur as regular integer
    - DOC: install: specify the minimum openssl version recommended
    - CLEANUP: mux-quic: remove unneeded fields in qcc
    - MINOR: mux-quic: remove nb_streams from qcc
    - MINOR: quic: fix stats naming for flow control BLOCKED frames
    - BUG/MEDIUM: mux-quic: only set EOI on FIN
    - BUG/MEDIUM: threads: fix a tiny race in thread_isolate()
    - DOC: config: fix rfc7239 converter examples
    - DOC: quic: remove experimental status for QUIC
    - CLEANUP: mux-quic: rename functions for mux_ops
    - CLEANUP: mux-quic: rename internal functions
    - BUG/MINOR: mux-h2: refresh the idle_timer when the mux is empty
    - DOC: config: Fix bind/server/peer documentation in the peers section
    - BUILD: Makefile: use -pthread not -lpthread when threads are enabled
    - CLEANUP: doc: remove 21 totally obsolete docs
    - DOC: install: mention the common strict-aliasing warning on older compilers
    - DOC: install: clarify a few points on the wolfSSL build method
    - MINOR: quic: Add QUIC connection statistical counters values to "show quic"
    - EXAMPLES: update the basic-config-edge file for 2.8
    - MINOR: quic/cli: clarify the "show quic" help message
    - MINOR: version: mention that it's LTS now.
2023-05-31 16:24:38 +02:00
Willy Tarreau c8bb9aeb07 [RELEASE] Released version 2.8-dev13
Released version 2.8-dev13 with the following main changes :
    - DOC: add size format section to manual
    - CLEANUP: mux-quic/h3: complete BUG_ON with comments
    - MINOR: quic: remove return val of quic_aead_iv_build()
    - MINOR: quic: use WARN_ON for encrypt failures
    - BUG/MINOR: quic: handle Tx packet allocation failure properly
    - MINOR: quic: fix alignment of oneline show quic
    - MEDIUM: stconn/applet: Allow SF_SL_EOS flag alone
    - MEDIUM: stconn: make the SE_FL_ERR_PENDING to ERROR transition systematic
    - DOC: internal: add a bit of documentation for the stconn closing conditions
    - DOC/MINOR: config: Fix typo in description for `ssl_bc` in configuration.txt
    - BUILD: quic: re-enable chacha20_poly1305 for libressl
    - MINOR: mux-quic: set both EOI EOS for stream fin
    - MINOR: mux-quic: only set EOS on RESET_STREAM recv
    - MINOR: mux-quic: report error on stream-endpoint earlier
    - BUILD: makefile: fix build issue on GNU make < 3.82
    - BUG/MINOR: mux-h2: Check H2_SF_BODY_TUNNEL on H2S flags and not demux frame ones
    - MINOR: mux-h2: Set H2_SF_ES_RCVD flag when decoding the HEADERS frame
    - MINOR: mux-h2: Add a function to propagate termination flags from h2s to SE
    - BUG/MEDIUM: mux-h2: Propagate termination flags when frontend SC is created
    - DEV: add a Lua helper script for SSL keys logging
    - CLEANUP: makefile: don't display a dummy features list without a target
    - BUILD: makefile: do not erase build options for some build options
    - MINOR: quic: Add low level traces (addresses, DCID)
    - BUG/MINOR: quic: Wrong token length check (quic_generate_retry_token())
    - BUG/MINOR: quic: Missing Retry token length on receipt
    - MINOR: quic: Align "show quic" command help information
    - CLEANUP: quic: Indentation fix quic_rx_pkt_retrieve_conn()
    - CLEANUP: quic: Useless tests in qc_rx_pkt_handle()
    - MINOR: quic: Add some counters at QUIC connection level
    - MINOR: quic: Add a counter for sent packets
    - MINOR: hlua: hlua_smp2lua_str() may LJMP
    - MINOR: hlua: hlua_smp2lua() may LJMP
    - MINOR: hlua: hlua_arg2lua() may LJMP
    - DOC: hlua: document hlua_lua2arg() function
    - DOC: hlua: document hlua_lua2smp() function
    - BUG/MINOR: hlua: unsafe hlua_lua2smp() usage
    - BUILD: makefile: commit the tiny FreeBSD makefile stub
    - BUILD: makefile: fix build options when building tools first
    - BUILD: ist: do not put a cast in an array declaration
    - BUILD: ist: use the literal declaration for ist_lc/ist_uc under TCC
    - BUILD: compiler: systematically set USE_OBSOLETE_LINKER with TCC
    - DOC: install: update reference to known supported versions
    - SCRIPTS: publish-release: update the umask to keep group write access
2023-05-24 22:53:55 +02:00
Christopher Faulet f48b23f5da [RELEASE] Released version 2.8-dev12
Released version 2.8-dev12 with the following main changes :
    - BUILD: mjson: Fix warning about unused variables
    - MINOR: spoe: Don't stop disabled proxies
    - BUG/MEDIUM: filters: Don't deinit filters for disabled proxies during startup
    - BUG/MINOR: hlua_fcn/queue: fix broken pop_wait()
    - BUG/MINOR: hlua_fcn/queue: fix reference leak
    - CLEANUP: hlua_fcn/queue: make queue:push() easier to read
    - BUG/MINOR: quic: Buggy acknowlegments of acknowlegments function
    - DEBUG: list: add DEBUG_LIST to purposely corrupt list heads after delete
    - MINOR: stats: report the total number of warnings issued
    - MINOR: stats: report the number of times the global maxconn was reached
    - BUG/MINOR: mux-quic: do not prevent shutw on error
    - BUG/MINOR: mux-quic: do not free frame already released by quic-conn
    - BUG/MINOR: mux-quic: no need to subscribe for detach streams
    - MINOR: mux-quic: add traces for stream wake
    - MINOR: mux-quic: do not send STREAM frames if already subscribe
    - MINOR: mux-quic: factorize send subscribing
    - MINOR: mux-quic: simplify return path of qc_send()
    - MEDIUM: quic: streamline error notification
    - MEDIUM: mux-quic: adjust transport layer error handling
    - MINOR: stats: report the listener's protocol along with the address in stats
    - BUG/MEDIUM: mux-fcgi: Never set SE_FL_EOS without SE_FL_EOI or SE_FL_ERROR
    - BUG/MEDIUM: mux-fcgi: Don't request more room if mux is waiting for more data
    - MINOR: stconn: Add a cross-reference between SE descriptor
    - BUG/MINOR: proxy: missing free in free_proxy for redirect rules
    - MINOR: proxy: add http_free_redirect_rule() function
    - BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule()
    - CLEANUP: http_act: use http_free_redirect_rule() to clean redirect act
    - MINOR: tree-wide: use free_acl_cond() where relevant
    - CLEANUP: acl: discard prune_acl_cond() function
    - BUG/MINOR: cli: don't complain about empty command on empty lines
    - MINOR: cli: add an option to display the uptime in the CLI's prompt
    - MINOR: master/cli: also implement the timed prompt on the master CLI
    - MINOR: cli: make "show fd" identify QUIC connections and listeners
    - MINOR: httpclient: allow to disable the DNS resolvers of the httpclient
    - BUILD: debug: fix build issue on 32-bit platforms in "debug dev task"
    - MINOR: ncbuf: missing malloc checks in standalone code
    - DOC: lua: fix core.{proxies,frontends,backends} visibility
    - EXAMPLES: fix race condition in lua mailers script
    - BUG/MINOR: errors: handle malloc failure in usermsgs_put()
    - BUG/MINOR: log: fix memory error handling in parse_logsrv()
    - BUG/MINOR: quic: Wrong redispatch for external data on connection socket
    - MINOR: htx: add function to set EOM reliably
    - MINOR: mux-quic: remove dedicated function to handle standalone FIN
    - BUG/MINOR: mux-quic: properly handle buf alloc failure
    - BUG/MINOR: mux-quic: handle properly recv ncbuf alloc failure
    - BUG/MINOR: quic: do not alloc buf count on alloc failure
    - BUG/MINOR: mux-quic: differentiate failure on qc_stream_desc alloc
    - BUG/MINOR: mux-quic: free task on qc_init() app ops failure
    - MEDIUM: session/ssl: return the SSL error string during a SSL handshake error
    - CI: enable monthly Fedora Rawhide clang builds
    - MEDIUM: mworker/cli: does not disconnect the master CLI upon error
    - MINOR: stconn: Remove useless test on sedesc on detach to release the xref
    - MEDIUM: proxy: stop emitting logs for internal proxies when stopping
    - MINOR: ssl: add new sample ssl_c_r_dn
    - BUG/MEDIUM: mux-h2: make sure control frames do not refresh the idle timeout
    - BUILD: ssl: ssl_c_r_dn fetches uses  functiosn only available since 1.1.1
    - BUG/MINOR: mux-quic: handle properly Tx buf exhaustion
    - BUG/MINOR: h3: missing goto on buf alloc failure
    - BUILD: ssl: get0_verified chain is available on libreSSL
    - BUG/MINOR: makefile: use USE_LIBATOMIC instead of USE_ATOMIC
    - MINOR: mux-quic: add trace to stream rcv_buf operation
    - MINOR: mux-quic: properly report end-of-stream on recv
    - MINOR: mux-quic: uninline qc_attach_sc()
    - BUG/MEDIUM: mux-quic: fix EOI for request without payload
    - MINOR: checks: make sure spread-checks is used also at boot time
    - BUG/MINOR: tcp-rules: Don't shortened the inspect-delay when EOI is set
    - REGTESTS: log: Reduce response inspect-delay for last_rule.vtc
    - DOC: config: Clarify conditions to shorten the inspect-delay for TCP rules
    - CLEANUP: server: remove useless tmptrash assigments in srv_update_status()
    - BUG/MINOR: server: memory leak in _srv_update_status_op() on server DOWN
    - CLEANUP: check; Remove some useless assignments to NULL
    - CLEANUP: stats: update the trash chunk where it's used
    - MINOR: clock: measure the total boot time
    - MINOR: stats: report the boot time in "show info"
    - BUG/MINOR: checks: postpone the startup of health checks by the boot time
    - MINOR: clock: provide a function to automatically adjust now_offset
    - BUG/MINOR: clock: automatically adjust the internal clock with the boot time
    - CLEANUP: fcgi-app; Remove useless assignment to NULL
    - REGTESTS: log: Reduce again response inspect-delay for last_rule.vtc
    - CI: drop Fedora m32 pipeline in favour of cross matrix
    - MEDIUM: checks: Stop scheduling healthchecks during stopping stage
    - MEDIUM: resolvers: Stop scheduling resolution during stopping stage
    - BUG/MINOR: hlua: SET_SAFE_LJMP misuse in hlua_event_runner()
    - BUG/MINOR: debug: fix pointer check in debug_parse_cli_task()
2023-05-17 17:10:12 +02:00
Willy Tarreau f0e8e79b3b [RELEASE] Released version 2.8-dev11
Released version 2.8-dev11 with the following main changes :
    - BUILD: debug: do not check the isolated_thread variable in non-threaded builds
    - BUILD: quic: fix build warning when threads are disabled
    - CI: more granular failure on generating build matrix
    - CLEANUP: quic: No more used q_buf structure
    - CLEANUP: quic: Rename several <buf> variables in quic_frame.(c|h)
    - CLEANUP: quic: Typo fix for quic_connection_id pool
    - BUG/MINOR: quic: Wrong key update cipher context initialization for encryption
    - BUG/MEDIUM: cache: Don't request more room than the max allowed
    - MEDIUM: stconn: Be sure to always be able to unblock a SC that needs room
    - EXAMPLES: fix IPV6 support for lua mailers script
    - BUILD: ssl: buggy -Werror=dangling-pointer since gcc 13.0
    - DOC: stconn: Update comments about ABRT/SHUT for stconn structure
    - BUG/MEDIUM: stats: Require more room if buffer is almost full
    - DOC: configuration: add info about ssl-engine for 2.6
    - BUG/MINOR: mux-quic: fix transport VS app CONNECTION_CLOSE
    - BUG/MEDIUM: mux-quic: wakeup tasklet to close on error
    - DEV: flags: add a script to decode most flags in the "show sess all" output
    - BUG/MINOR: quic: Possible crash when dumping version information
    - BUG/MINOR: config: make compression work again in defaults section
    - BUG/MEDIUM: stream: Forward shutdowns when unhandled errors are caught
    - MEDIUM: stream: Resync analyzers at the end of process_stream() on change
    - DEV: flags: add missing stream flags to show-sess-to-flags
    - DEV: flags/show-sess-to-flags: only retrieve hex digits from hex fields
    - DEV: flags/show-sess-to-flags: add support for color output
    - CLEANUP: src/listener.c: remove redundant NULL check
2023-05-11 05:33:21 +02:00
Willy Tarreau d8cbfa5ad5 [RELEASE] Released version 2.8-dev10
Released version 2.8-dev10 with the following main changes :
    - BUG/MINOR: stats: fix typo in `TotalSplicedBytesOut` field name
    - REGTESTS: add success test, "set server" via fqdn
    - MINOR: ssl: disable CRL checks with WolfSSL when no CRL file
    - BUG/MINOR: stream/cli: fix stream age calculation in "show sess"
    - MINOR: debug: clarify "debug dev stream" help message
    - DEBUG: cli: add "debug dev task" to show/wake/expire/kill tasks and tasklets
    - BUG/MINOR: ssl/sample: x509_v_err_str converter output when not found
    - REGTESTS: ssl: simplify X509_V code check in ssl_client_auth.vtc
    - BUILD: cli: fix build on Windows due to isalnum() implemented as a macro
    - MINOR: activity: use a single macro to iterate over all fields
    - MINOR: activity: show the line header inside the SHOW_VAL macro
    - MINOR: activity: iterate over all fields in a main loop for dumping
    - MINOR: activity: allow "show activity" to restart dumping on any line
    - MINOR: activity: allow "show activity" to restart in the middle of a line
    - DEV: haring: automatically disable DEBUG_STRICT
    - DEV: haring: update readme to suggest using the same build options for haring
    - BUG/MINOR: debug: fix incorrect profiling status reporting in show threads
    - MINOR: debug: permit the "debug dev loop" to run under isolation
    - BUG/MEDIUM: mux-h2: Properly handle end of request to expect data from server
    - BUG/MINOR: mux-quic: prevent quic_conn error code to be overwritten
    - MINOR: mux-quic: add trace event for local error
    - MINOR: mux-quic: wake up after recv only if avail data
    - MINOR: mux-quic: adjust local error API
    - MINOR: mux-quic: report local error on stream endpoint asap
    - MINOR: mux-quic: close connection asap on local error
    - BUG/MINOR: debug: do not emit empty lines in thread dumps
    - BUG/MINOR: mux-h2: Also expect data when waiting for a tunnel establishment
    - BUG/MINOR: time: fix NS_TO_TV macro
    - MEDIUM: debug: simplify the thread dump mechanism
    - MINOR: debug: write panic dump to stderr one thread at a time
    - MINOR: debug: make "show threads" properly iterate over all threads
    - CLEANUP: debug: remove the now unused ha_thread_dump_all_to_trash()
    - MINOR: ssl: allow to change the server signature algorithm
    - MINOR: ssl: allow to change the signature algorithm for client authentication
    - MINOR: cli: Use applet API to write output message
    - MINOR: stats: Use the applet API to write data
    - MINOR: peers: Use the applet API to send message
    - MINOR: stconn: Add a field to specify the room needed by the SC to progress
    - MEDIUM: tree-wide: Change sc API to specify required free space to progress
    - BUG/MEDIUM: stconn: Unblock SC from stream if there is enough room to progrees
    - MEDIUM: applet: Check room needed to unblock opposite SC when data was consumed
    - MEDIUM: stconn: Check room needed to unblock SC on fast-forward
    - MEDIUM: stconn: Check room needed to unblock opposite SC when data was sent
    - MINOR: hlua_fcn: fix Server.is_draining() return type
    - MINOR: hlua_fcn: add Server.is_backup()
    - MINOR: hlua_fcn: add Server.is_dynamic()
    - MINOR: hlua_fcn: add Server.tracking()
    - MINOR: hlua_fcn: add Server.get_trackers()
    - MINOR: hlua_fcn: add Server.get_proxy()
    - MINOR: hlua_fcn: add Server.get_pend_conn() and Server.get_cur_sess()
    - MINOR: hlua_fcn: add Proxy.get_srv_act() and Proxy.get_srv_bck()
    - DOC: lua/event: add ServerEvent class header
    - MINOR: server/event_hdl: publish macro helper
    - MINOR: server/event_hdl: add SERVER_STATE event
    - OPTIM: server: publish UP/DOWN events from STATE change
    - MINOR: hlua: expose SERVER_STATE event
    - MINOR: server/event_hdl: add SERVER_ADMIN event
    - MINOR: hlua: expose SERVER_ADMIN event
    - MINOR: checks/event_hdl: SERVER_CHECK event
    - MINOR: hlua/event_hdl: expose SERVER_CHECK event
    - MINOR: mailers/hlua: disable email sending from lua
    - MINOR: hlua: expose proxy mailers
    - EXAMPLES: add lua mailers script to replace tcpcheck mailers
    - BUG/MINOR: hlua: spinning loop in hlua_socket_handler()
    - MINOR: server: fix message report when IDRAIN is set and MAINT is cleared
    - CLEANUP: hlua: hlua_register_task() may longjmp
    - REGTESTS: use lua mailer script for mailers tests
    - MINOR: hlua: declare hlua_{ref,pushref,unref} functions
    - MINOR: hlua: declare hlua_gethlua() function
    - MINOR: hlua: declare hlua_yieldk() function
    - MINOR: hlua_fcn: add Queue class
    - EXAMPLES: mailqueue for lua mailers script
    - MINOR: quic: add format argument for "show quic"
    - MINOR: quic: implement oneline format for "show quic"
    - MINOR: config: allow cpu-map to take commas in lists of ranges
    - CLEANUP: fix a few reported typos in code comments
    - DOC: fix a few reported typos in the config and install doc
2023-05-07 07:31:54 +02:00
Willy Tarreau 9de10ce478 [RELEASE] Released version 2.8-dev9
Released version 2.8-dev9 with the following main changes :
    - MINOR: quic: Move traces at proto level
    - BUG/MINOR: quic: Possible memory leak from TX packets
    - BUG/MINOR: quic: Possible leak during probing retransmissions
    - BUG/MINOR: quic: Useless probing retransmission in draining or killing state
    - BUG/MINOR: quic: Useless I/O handler task wakeups (draining, killing state)
    - CLEANUP: quic: rename frame types with an explicit prefix
    - CLEANUP: quic: rename frame variables
    - CLEANUP: quic: Remove useless parameters passes to qc_purge_tx_buf()
    - CLEANUP: quic: Rename <buf> variable to <token> in quic_generate_retry_token()
    - CLEANUP: quic: Rename <buf> variable into quic_padding_check()
    - CLEANUP: quic: Rename <buf> variable into quic_rx_pkt_parse()
    - CLEANUP: quic: Rename <buf> variable for several low level functions
    - CLEANUP: quic: Make qc_build_pkt() be more readable
    - CLEANUP: quic: Rename quic_get_dgram_dcid() <buf> variable
    - CLEANUP: quic: Rename several <buf> variables at low level
    - CLEANUP: quic: Rename <buf> variable into quic_packet_read_long_header()
    - CLEANUP: quic: Rename <buf> variable into qc_parse_hd_form()
    - CLEANUP: quic: Rename several <buf> variables into quic_sock.c
    - DEBUG: crash using an invalid opcode on x86/x86_64 instead of an invalid access
    - DEBUG: crash using an invalid opcode on aarch64 instead of an invalid access
    - DEV: h2: add a script "mkhdr" to build h2 frames from scratch
    - DEV: h2: support reading frame payload from a file
    - MINOR: acme.sh: add the deploy script for acme.sh in admin directory
    - BUG/MEDIUM: mux-quic: do not emit RESET_STREAM for unknown length
    - BUG/MEDIUM: mux-quic: improve streams fairness to prevent early timeout
    - BUG/MINOR: quic: prevent buggy memcpy for empty STREAM
    - MINOR: mux-quic: do not set buffer for empty STREAM frame
    - MINOR: mux-quic: do not allocate Tx buf for empty STREAM frame
    - MINOR: quic: finalize affinity change as soon as possible
    - BUG/MINOR: quic: fix race on quic_conns list during affinity rebind
    - CI: switch to Fastly CDN to download LibreSSL
    - BUILD: ssl: switch LibreSSL to Fastly CDN
    - BUG/MINOR: clock: fix a few occurrences of 'now' being used in place of 'date'
    - BUG/MINOR: spoe: use "date" not "now" in debug messages
    - BUG/MINOR: activity: show wall-clock date, not internal date in show activity
    - BUG/MINOR: opentracing: use 'date' instead of 'now' in debug output
    - Revert "BUG/MINOR: clock: fix a few occurrences of 'now' being used in place of 'date'"
    - BUG/MINOR: calltrace: fix 'now' being used in place of 'date'
    - BUG/MINOR: trace: show wall-clock date, not internal date in show activity
    - BUG/MINOR: hlua: return wall-clock date, not internal date in core.now()
    - BUG/MEDIUM: spoe: Don't start new applet if there are enough idle ones
    - BUG/MINOR: stconn: Fix SC flags with same value
    - BUG/MINOR: resolvers: Use sc_need_room() to wait more room when dumping stats
    - BUG/MEDIUM: tcpcheck: Don't eval custom expect rule on an empty buffer
    - BUG/MINOR: stats: report the correct start date in "show info"
    - MINOR: time: add conversions to/from nanosecond timestamps
    - MINOR: time: replace calls to tv_ms_elapsed() with a linear subtract
    - MINOR: spoe: switch the timeval-based timestamps to nanosecond timestamps
    - MEDIUM: tree-wide: replace timeval with nanoseconds in tv_accept and tv_request
    - MINOR: stats: use nanoseconds, not timeval to compute uptime
    - MINOR: activity: use nanoseconds, not timeval to compute uptime
    - MINOR: checks: use a nanosecond counters instead of timeval for checks->start
    - MINOR: clock: do not use now.tv_sec anymore
    - MEDIUM: clock: replace timeval "now" with integer "now_ns"
    - MINOR: clock: replace the timeval start_time with start_time_ns
    - MINOR: sample: Add bc_rtt and bc_rttvar
    - MINOR: quic: use real sending rate measurement
    - MINOR: proxy: factorize send rate measurement
2023-04-28 21:52:13 +02:00