Commit Graph

2253 Commits

Author SHA1 Message Date
William Lallemand
c33df2e524 DOC: resolvers: default resolvers section
Add a paragraph about the default resolvers section generated by
HAProxy.
2022-05-06 17:16:23 +02:00
Christopher Faulet
24dda9403a DOC: config: Update doc for PR/PH session states to warn about rewrite failures
When an HTTP header rewrite failure is triggered, and 500-internal-error
response is returned. A "PR" termination state is logged if the error
occurred on the request and "PH" if the error is reported for the response.

The documentation was updated accordingly.

This patch is related to issue #1597.
2022-05-05 12:27:08 +02:00
William Lallemand
de1803f8a9 DOC: configuration: httpclient global option
Documentation about the 4 options in the global section for the
httpclient:

- httpclient.ssl.verify
- httpclient.ssl.ca-file
- httpclient.resolvers.id
- httpclient.resolvers.prefer
2022-05-04 18:14:25 +02:00
Willy Tarreau
026fef98a0 [RELEASE] Released version 2.6-dev8
Released version 2.6-dev8 with the following main changes :
    - BUG/MINOR: quic: fix use-after-free with trace on ACK consume
    - BUG/MINOR: rules: Forbid captures in defaults section if used by a backend
    - BUG/MEDIUM: rules: Be able to use captures defined in defaults section
    - BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments
    - BUG/MINOR: http-act: make release_http_redir() more robust
    - BUG/MINOR: sample: add missing use_backend/use-server contexts in smp_resolve_args
    - MINOR: sample: don't needlessly call c_none() in sample_fetch_as_type()
    - MINOR: sample: make the bool type cast to bin
    - MEDIUM: backend: add new "balance hash <expr>" algorithm
    - MINOR: init: add global setting "fd-hard-limit" to bound system limits
    - BUILD: pollers: use an initcall to register the pollers
    - BUILD: xprt: use an initcall to register the transport layers
    - BUILD: thread: use initcall instead of a constructor
    - BUILD: http: remove the two unused constructors in rules and ana
    - CLEANUP: compression: move the default setting of maxzlibmem to defaults
    - MINOR: tree-wide: always consider EWOULDBLOCK in addition to EAGAIN
    - BUG/MINOR: connection: "connection:close" header added despite 'close-spread-time'
    - MINOR: fd: add functions to set O_NONBLOCK and FD_CLOEXEC
    - CLEANUP: tree-wide: use fd_set_nonblock() and fd_set_cloexec()
    - CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h
    - REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc
    - REGTESTS: webstats: remove unused stats socket in /tmp
    - MEDIUM: httpclient: disable SSL when the ca-file couldn't be loaded
    - BUG/MINOR: httpclient/lua: error when the httpclient_start() fails
    - BUG/MINOR: ssl: free the cafile entries on deinit
    - BUG/MINOR: ssl: memory leak when trying to load a directory with ca-file
    - MEDIUM: httpclient: re-enable the verify by default
    - BUG/MEDIUM: ssl/cli: fix yielding in show_cafile_detail
    - BUILD: compiler: properly distinguish weak and global symbols
    - MINOR: connection: Add way to disable active connection closing during soft-stop
    - BUG/MEDIUM: http-ana: Fix memleak in redirect rules with ignore-empty option
    - CLEANUP: Destroy `http_err_chunks` members during deinit
    - BUG/MINOR: resolvers: Fix memory leak in resolvers_deinit()
    - MINOR: Call deinit_and_exit(0) for `haproxy -vv`
    - BUILD: fd: disguise the fd_set_nonblock/cloexec result
    - BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all()
    - MINOR: ssl: add a new global option "tune.ssl.hard-maxrecord"
    - CLEANUP: errors: also call deinit_errors_buffers() on deinit()
    - CLEANUP: chunks: release trash also in deinit
    - CLEANUP: deinit: release the pre-check callbacks
    - CLEANUP: deinit: release the config postparsers
    - CLEANUP: listeners/deinit: release accept queue tasklets on deinit
    - CLEANUP: connections/deinit: destroy the idle_conns tasks
    - BUG/MINOR: mux-quic: fix build in release mode
    - MINOR: mux-quic: adjust comment on emission function
    - MINOR: mux-quic: remove unused bogus qcc_get_stream()
    - BUG/MINOR: mux-quic: fix leak if cs alloc failure
    - MINOR: mux-quic: count local flow-control stream limit on reception
    - BUG/MINOR: h3: fix incomplete POST requests
    - BUG/MEDIUM: h3: fix use-after-free on mux Rx buffer wrapping
    - MINOR: mux-quic: partially copy Rx frame if almost full buf
    - MINOR: h3: change frame demuxing API
    - MINOR: mux-quic: add a app-layer context in qcs
    - MINOR: h3: implement h3 stream context
    - MINOR: h3: support DATA demux if buffer full
    - MINOR: quic: decode as much STREAM as possible
    - MINOR: quic: Improve qc_prep_pkts() flexibility
    - MINOR: quic: Prepare quic_frame struct duplication
    - MINOR: quic: Do not retransmit frames from coalesced packets
    - MINOR: quic: Add traces about TX frame memory releasing
    - MINOR: quic: process_timer() rework
    - MEDIUM: quic: New functions for probing rework
    - MEDIUM: quic: Retransmission functions rework
    - MEDIUM: quic: qc_requeue_nacked_pkt_tx_frms() rework
    - MINOR: quic: old data distinction for qc_send_app_pkt()
    - MINOR: quic: Mark packets as probing with old data
    - MEDIUM: quic: Mark copies of acknowledged frames as acknowledged
    - MEDIUM: quic: Enable the new datagram probing process
    - MINOR: quic: Do not send ACK frames when probing
    - BUG/MINOR: quic: Wrong returned status by qc_build_frms()
    - BUG/MINOR: quic: Avoid sending useless PADDING frame
    - BUG/MINOR: quic: Traces fix about remaining frames upon packet build failure
    - MINOR: quic: Wake up the mux to probe with new data
    - BUG/MEDIUM: quic: Possible crash on STREAM frame loss
    - BUG/MINOR: quic: Missing Initial packet length check
    - CLEANUP: quic: Rely on the packet length set by qc_lstnr_pkt_rcv()
    - MINOR: quic: Drop 0-RTT packets if not allowed
    - BUG/MINOR: httpclient/ssl: use the correct verify constant
    - BUG/MEDIUM: conn-stream: Don't erase endpoint flags on reset
    - BUG/MEDIUM: httpclient: Fix loop consuming HTX blocks from the response channel
    - BUG/MINOR: httpclient: Count metadata in size to transfer via htx_xfer_blks()
    - MINOR: httpclient: Don't use co_set_data() to decrement output
    - BUG/MINOR: conn_stream: do not confirm a connection from the frontend path
    - MEDIUM: quic: do not ACK packet with STREAM if MUX not present
    - MEDIUM: quic: do not ack packet with invalid STREAM
    - MINOR: quic: Drop 0-RTT packets without secrets
    - CLEANUP: quic: Remaining fprintf() debug trace
    - MINOR: quic: moving code for QUIC loss detection
    - BUG/MINOR: quic: Missing time threshold multiplifier for loss delay computation
    - CI: github actions: update LibreSSL to 3.5.2
    - SCRIPTS: announce-release: add URL of dev packages
2022-04-30 14:17:51 +02:00
Thomas Prückl
10243938db MINOR: ssl: add a new global option "tune.ssl.hard-maxrecord"
Low footprint client machines may not have enough memory to download a
complete 16KB TLS record at once. With the new option the maximum
record size can be defined on the server side.

Note: Before limiting the the record size on the server side, a client should
consider using the TLS Maximum Fragment Length Negotiation Extension defined
in RFC6066.

This patch fixes GitHub issue #1679.
2022-04-27 16:53:43 +02:00
Remi Tricot-Le Breton
4d7fdc65d4 MINOR: connection: Add way to disable active connection closing during soft-stop
If the "close-spread-time" option is set to "infinite", active
connection closing during a soft-stop can be disabled. The 'connection:
close' header or the GOAWAY frame will not be added anymore to the
server's response and active connections will only be closed once the
clients disconnect. Idle connections will not be closed all at once when
the soft-stop starts anymore, and each idle connection will follow its
own timeout based on the multiple timeouts set in the configuration (as
is the case during regular execution).

This feature request was described in GitHub issue #1614.
This patch should be backported to 2.5. It depends on 'MEDIUM: global:
Add a "close-spread-time" option to spread soft-stop on time window'.
2022-04-26 19:56:47 +02:00
Willy Tarreau
2df1fbf816 MINOR: init: add global setting "fd-hard-limit" to bound system limits
On some systems, the hard limit for ulimit -n may be huge, in the order
of 1 billion, and using this to automatically compute maxconn doesn't
work as it requires way too much memory. Users tend to hard-code maxconn
but that's not convenient to manage deployments on heterogenous systems,
nor when porting configs to developers' machines. The ulimit-n parameter
doesn't work either because it forces the limit. What most users seem to
want (and it makes sense) is to respect the system imposed limits up to
a certain value and cap this value. This is exactly what fd-hard-limit
does.

This addresses github issue #1622.
2022-04-25 18:04:49 +02:00
Willy Tarreau
7c9a0fe2a6 MEDIUM: backend: add new "balance hash <expr>" algorithm
Almost all of our hash-based LB algorithms are implemented as special
cases of something that can now be achieved using sample expressions,
and some of them have adopted some options to adapt their behavior in
ways that could also be achieved using converters.

There are users who want to hash other parameters that are combined
into variables, and who set headers from these values and use
"balance hdr(name)" for this.

Instead of constantly implementing specific options and having users
hack around when they want a real hash, let's implement a native hash
mode that applies to a standard sample expression. This way, any
fetchable element (including variables) may be used to construct the
hash, even modified by any converter if desired.
2022-04-25 16:09:26 +02:00
Willy Tarreau
3e69fcc240 [RELEASE] Released version 2.6-dev7
Released version 2.6-dev7 with the following main changes :
    - BUILD: calltrace: fix wrong include when building with TRACE=1
    - MINOR: ssl: Use DH parameters defined in RFC7919 instead of hard coded ones
    - MEDIUM: ssl: Disable DHE ciphers by default
    - BUILD: ssl: Fix compilation with OpenSSL 1.0.2
    - MINOR: mux-quic: split xfer and STREAM frames build
    - REORG: quic: use a dedicated module for qc_stream_desc
    - MINOR: quic-stream: use distinct tree nodes for quic stream and qcs
    - MINOR: quic-stream: add qc field
    - MEDIUM: quic: implement multi-buffered Tx streams
    - MINOR: quic-stream: refactor ack management
    - MINOR: quic: limit total stream buffers per connection
    - MINOR: mux-quic: implement immediate send retry
    - MINOR: cfg-quic: define tune.quic.conn-buf-limit
    - MINOR: ssl: Add 'show ssl providers' cli command and providers list in -vv option
    - REGTESTS: ssl: Update error messages that changed with OpenSSLv3.1.0-dev
    - BUG/MEDIUM: quic: Possible crash with released mux
    - BUG/MINOR: mux-quic: unsubscribe on release
    - BUG/MINOR: mux-quic: handle null timeout
    - BUG/MEDIUM: logs: fix http-client's log srv initialization
    - BUG/MINOR: mux-quic: remove dead code in qcs_xfer_data()
    - DEV: stream: Fix conn-streams dump in full stream message
    - CLEANUP: conn-stream: Rename cs_conn_close() and cs_conn_drain_and_close()
    - CLEANUP: conn-stream: Rename cs_applet_release()
    - MINOR: conn-stream: Rely on endpoint shutdown flags to shutdown an applet
    - BUG/MINOR: cache: Disable cache if applet creation fails
    - BUG/MINOR: backend: Don't allow to change backend applet
    - BUG/MEDIUM: conn-stream: Set back CS to RDY state when the appctx is created
    - MINOR: stream: Don't needlessly detach server endpoint on early client abort
    - MINOR: conn-stream: Make cs_detach_* private and use cs_destroy() from outside
    - MINOR: init: add the pre-check callback
    - MEDIUM: httpclient: change the init sequence
    - MEDIUM: httpclient/ssl: verify required
    - MINOR: httpclient/mworker: disable in the master process
    - MEDIUM: httpclient/ssl: verify is configurable and disabled by default
    - BUG/MAJOR: connection: Never remove connection from idle lists outside the lock
    - BUG/MEDIUM: mux-quic: fix stalled POST requets
    - BUG/MINOR: mux-quic: fix POST with abortonclose
    - MINOR: task: add a new task_instant_wakeup() function
    - MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks
    - DOC: remove my name from the config doc
2022-04-23 04:38:36 +02:00
Willy Tarreau
1401b9cd3a DOC: remove my name from the config doc
I was surprised to notice that my name was still present as the author
at the top of the config manual. It turns out that this line and a few
other ones in this file remained unchanged since commit 6a06a40501 that
added this doc 15 years ago! It's long been time to get rid of this!
2022-04-23 04:32:43 +02:00
William Lallemand
b53eb8790e MINOR: init: add the pre-check callback
This adds a call to function <fct> to the list of functions to be called at
the step just before the configuration validity checks. This is useful when you
need to create things like it would have been done during the configuration
parsing and where the initialization should continue in the configuration
check.
It could be used for example to generate a proxy with multiple servers using
the configuration parser itself. At this step the trash buffers are allocated.
Threads are not yet started so no protection is required. The function is
expected to return non-zero on success, or zero on failure. A failure will make
the process emit a succinct error message and immediately exit.
2022-04-22 15:45:47 +02:00
Remi Tricot-Le Breton
f87c67e5e4 MINOR: ssl: Add 'show ssl providers' cli command and providers list in -vv option
Starting from OpenSSLv3, providers are at the core of cryptography
functions. Depending on the provider used, the way the SSL
functionalities work could change. This new 'show ssl providers' CLI
command allows to show what providers were loaded by the SSL library.
This is required because the provider configuration is exclusively done
in the OpenSSL configuration file (/usr/local/ssl/openssl.cnf for
instance).
A new line is also added to the 'haproxy -vv' output containing the same
information.
2022-04-21 14:54:45 +02:00
Amaury Denoyelle
97e84c6c69 MINOR: cfg-quic: define tune.quic.conn-buf-limit
Add a new global configuration option to set the limit of buffers per
QUIC connection. By default, this value is set to 30.
2022-04-21 12:04:04 +02:00
Remi Tricot-Le Breton
1d6338ea96 MEDIUM: ssl: Disable DHE ciphers by default
DHE ciphers do not present a security risk if the key is big enough but
they are slow and mostly obsoleted by ECDHE. This patch removes any
default DH parameters. This will effectively disable all DHE ciphers
unless a global ssl-dh-param-file is defined, or
tune.ssl.default-dh-param is set, or a frontend has DH parameters
included in its PEM certificate. In this latter case, only the frontends
that have DH parameters will have DHE ciphers enabled.
Adding explicitely a DHE ciphers in a "bind" line will not be enough to
actually enable DHE. We would still need to know which DH parameters to
use so one of the three conditions described above must be met.

This request was described in GitHub issue #1604.
2022-04-20 17:30:55 +02:00
Willy Tarreau
a8b1065b6b [RELEASE] Released version 2.6-dev6
Released version 2.6-dev6 with the following main changes :
    - CLEANUP: connection: reduce the with of the mux dump output
    - CI: Update to actions/checkout@v3
    - CI: Update to actions/cache@v3
    - DOC: adjust QUIC instruction in INSTALL
    - BUG/MINOR: stats: define the description' background color in dark color scheme
    - BUILD: ssl: add USE_ENGINE and disable the openssl engine by default
    - BUILD: makefile: pass USE_ENGINE to cflags
    - BUILD: xprt-quic: replace ERR_func_error_string() with ERR_peek_error_func()
    - DOC: install: document the fact that SSL engines are not enabled by default
    - CI: github actions: disable -Wno-deprecated
    - BUILD: makefile: silence unbearable OpenSSL deprecation warnings
    - MINOR: sock: check configured limits at the sock layer, not the listener's
    - MINOR: connection: add a new flag CO_FL_FDLESS on fd-less connections
    - MINOR: connection: add conn_fd() to retrieve the FD only when it exists
    - MINOR: stream: only dump connections' FDs when they are valid
    - MINOR: connection: use conn_fd() when displaying connection errors
    - MINOR: connection: skip FD-based syscalls for FD-less connections
    - MEDIUM: connection: panic when calling FD-specific functions on FD-less conns
    - MINOR: mux-quic: properly set the flags and name fields
    - MINOR: connection: rearrange conn_get_src/dst to be a bit more extensible
    - MINOR: protocol: add get_src() and get_dst() at the protocol level
    - MINOR: quic-sock: provide a pair of get_src/get_dst functions
    - MEDIUM: ssl: improve retrieval of ssl_sock_ctx and SSL detection
    - MEDIUM: ssl: stop using conn->xprt_ctx to access the ssl_sock_ctx
    - MEDIUM: xprt-quic: implement get_ssl_sock_ctx()
    - MEDIUM: quic: move conn->qc into conn->handle
    - BUILD: ssl: fix build warning with previous changes to ssl_sock_ctx
    - BUILD: ssl: add an unchecked version of __conn_get_ssl_sock_ctx()
    - MINOR: ssl: refine the error testing for fc_err and fc_err_str
    - BUG/MINOR: sock: do not double-close the accepted socket on the error path
    - CI: cirrus: switch to FreeBSD-13.0
    - MINOR: log: add '~' to frontend when the transport layer provides SSL
    - BUILD/DEBUG: lru: fix printf format in debug code
    - BUILD: peers: adjust some printf format to silence cppcheck
    - BUILD/DEBUG: hpack-tbl: fix format string in standalone debug code
    - BUILD/DEBUG: hpack: use unsigned int in printf format in debug code
    - BUILD: halog: fix some incorrect signs in printf formats for integers
    - BUG/MINOR: h3: fix build with DEBUG_H3
    - BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent
    - BUG/MINOR: cache: do not display expired entries in "show cache"
    - BUG/MINOR: mux-h1: Don't release unallocated CS on error path
    - MINOR: applet: Make .init callback more generic
    - MINOR: conn-stream: Add flags to set the type of the endpoint
    - MEDIUM: applet: Set the appctx owner during allocation
    - MAJOR: conn-stream: Invert conn-stream endpoint and its context
    - REORG: Initialize the conn-stream by hand in cs_init()
    - MEDIUM: conn-stream: Add an endpoint structure in the conn-stream
    - MINOR: conn-stream: Move some CS flags to the endpoint
    - MEDIUM: conn-stream: Be able to pass endpoint to create a conn-stream
    - MEDIUM: conn-stream: Pre-allocate endpoint to create CS from muxes and applets
    - REORG: applet: Uninline appctx_new function
    - MAJOR: conn-stream: Share endpoint struct between the CS and the mux/applet
    - MEDIUM: conn-stream: Move remaning flags from CS to endpoint
    - MINOR: mux-pt: Rely on the endpoint instead of the conn-stream when possible
    - MINOR: conn-stream: Add ISBACK conn-stream flag
    - MINOR: conn-stream: Add header file with util functions related to conn-streams
    - MEDIUM: tree-wide: Use CS util functions instead of SI ones
    - MINOR: stream-int/txn: Move buffer for L7 retries in the HTTP transaction
    - CLEANUP: http-ana: Remove http_alloc_txn() function
    - MINOR: stream-int/stream: Move conn_retries counter in the stream
    - MINOR: stream: Simplify retries counter calculation
    - MEDIUM: stream-int/conn-stream: Move src/dst addresses in the conn-stream
    - MINOR: stream-int/conn-stream: Move half-close timeout in the conn-stream
    - MEDIUM: stream-int/stream: Use connect expiration instead of SI expiration
    - MINOR: stream-int/conn-stream: Report error to the CS instead of the SI
    - MEDIUM: conn-stream: Use endpoint error instead of conn-stream error
    - MINOR: channel: Use conn-streams as channel producer and consumer
    - MINOR: stream-int: Remove SI_FL_KILL_CON to rely on conn-stream endpoint only
    - MINOR: mux-h2/mux-fcgi: Fully rely on CS_EP_KILL_CONN
    - MINOR: stream-int: Remove SI_FL_NOLINGER/NOHALF to rely on CS flags instead
    - MINOR: stream-int: Remove SI_FL_DONT_WAKE to rely on CS flags instead
    - MINOR: stream-int: Remove SI_FL_INDEP_STR to rely on CS flags instead
    - MINOR: stream-int: Remove SI_FL_SRC_ADDR to rely on stream flags instead
    - CLEANUP: stream-int: Remove unused SI_FL_CLEAN_ABRT flag
    - MINOR: stream: Only save previous connection state for the server side
    - MEDIUM: stream-int: Move SI err_type in the stream
    - MEDIUM: stream-int/conn-stream: Move stream-interface state in the conn-stream
    - MINOR: stream-int/stream: Move si_retnclose() in the stream scope
    - MINOR: stream-int/backend: Move si_connect() in the backend scope
    - MINOR: stream-int/conn-stream: Move si_conn_ready() in the conn-stream scope
    - MINOR: conn-stream/connection: Move SHR/SHW modes in the connection scope
    - MEDIUM: conn-stream: Be prepared to fail to attach a cs to a mux
    - MEDIUM: stream-int/conn-stream: Handle I/O subscriptions in the conn-stream
    - MINOR: conn-stream: Rename CS functions dedicated to connections
    - MINOR: stream-int/conn-stream: Move si_shut* and si_chk* in conn-stream scope
    - MEDIUM: stream-int/conn-stream: Move si_ops in the conn-stream scope
    - MINOR: applet: Use the CS to register and release applets instead of SI
    - MINOR: connection: unconst mux's get_fist_cs() callback function
    - MINOR: stream-int/connection: Move conn_si_send_proxy() in the connection scope
    - REORG: stream-int: Export si_cs_recv(), si_cs_send() and si_cs_process()
    - REORG: stream-int: Move si_is_conn_error() in the header file
    - REORG: conn-stream: Move cs_shut* and cs_chk* in cs_utils
    - REORG: conn-stream: Move cs_app_ops in conn_stream.c
    - MINOR: stream-int-conn-stream: Move si_update_* in conn-stream scope
    - MINOR: stream-int/stream: Move si_update_both in stream scope
    - MEDIUM: conn-stream/applet: Add a data callback for applets
    - MINOR: stream-int/conn-stream: Move stream_int_read0() in the conn-stream scope
    - MINOR: stream-int/conn-stream: Move stream_int_notify() in the conn-stream scope
    - MINOR: stream-int/conn-stream: Move si_cs_io_cb() in the conn-stream scope
    - MINOR: stream-int/conn-stream: Move si_sync_recv/send() in conn-stream scope
    - MINOR: conn-stream: Move si_conn_cb in the conn-stream scope
    - MINOR: stream-int/conn-stream Move si_is_conn_error() in the conn-stream scope
    - MINOR: stream-int/conn-stream: Move si_alloc_ibuf() in the conn-stream scope
    - CLEANUP: stream-int:  Remove unused SI functions
    - MEDIUM: stream-int/conn-stream: Move blocking flags from SI to CS
    - MEDIUM: stream-int/conn-stream: Move I/O functions to conn-stream
    - REORG: stream-int/conn-stream: Move remaining functions to conn-stream
    - MINOR: stream: Use conn-stream to report server error
    - MINOR: http-ana: Use CS to perform L7 retries
    - MEDIUM: stream: Don't use the stream-int anymore in process_stream()
    - MINOR: conn-stream: Remove the stream-interface from the conn-stream
    - DEV: flags: No longer dump SI flags
    - CLEANUP: tree-wide: Remove any ref to stream-interfaces
    - CLEANUP: conn-stream: Don't export internal functions
    - DOC: conn-stream: Add comments on functions of the new CS api
    - MEDIUM: check: Use a new conn-stream for each health-check run
    - CLEANUP: muxes: Remove MX_FL_CLEAN_ABRT flag
    - MINOR: conn-stream: Use a dedicated function to conditionally remove a CS
    - CLEANUP: conn-stream: rename cs_register_applet() to cs_applet_create()
    - MINOR: muxes: Improve show_fd callbacks to dump endpoint flags
    - MINOR: mux-h1: Rely on the endpoint instead of the conn-stream when possible
    - BUG/MINOR: quic: Avoid starting the mux if no ALPN sent by the client
    - BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak
    - BUILD: initcall: mark the __start_i_* symbols as weak, not global
    - BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side
    - BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive
    - MINOR: muxes: Don't expect to have a mux without connection in destroy callback
    - MINOR: muxes: Don't handle proto upgrade for muxes not supporting it
    - MINOR: muxes: Don't expect to call release function with no mux defined
    - MINOR: conn-stream: Use unsafe functions to get conn/appctx in cs_detach_endp
    - BUG/MEDIUM: mux-h1: Don't request more room on partial trailers
    - BUILD: http-client: Avoid dead code when compiled without SSL support
    - BUG/MINOR: mux-quic: prevent a crash in session_free on mux.destroy
    - BUG/MINOR: quic-sock: do not double free session on conn init failure
    - BUG/MINOR: quic: fix return value for error in start
    - MINOR: quic: emit CONNECTION_CLOSE on app init error
    - BUILD: sched: workaround crazy and dangerous warning in Clang 14
    - BUILD: compiler: use a more portable set of asm(".weak") statements
    - BUG/MEDIUM: stream: do not abort connection setup too early
    - CLEANUP: extcheck: do not needlessly preset the server's address/port
    - MINOR: extcheck: fill in the server's UNIX socket address when known
    - BUG/MEDIUM: connection: Don't crush context pointer location if it is a CS
    - BUG/MEDIUM: quic: properly clean frames on stream free
    - BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added
    - BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags
    - MINOR: tcp_sample: clarifying samples support per os, for further expansion.
    - MINOR: tcp_sample: extend support for get_tcp_info to macOs.
    - SCRIPTS: announce-release: update the doc's URL
    - DOC: lua: update a few doc URLs
    - SCRIPTS: announce-release: add shortened links to pending issues
2022-04-16 12:15:47 +02:00
Willy Tarreau
77ec462670 DOC: lua: update a few doc URLs
The HAProxy doc was updated to point to docs.haproxy.org.
The HAProxy API doc was returning a 404, let's point to version 2.6.
This should be backported with 1.9dev modified to match the respective
versions.
2022-04-16 07:58:19 +02:00
Christopher Faulet
a97ccedf6f CLEANUP: muxes: Remove MX_FL_CLEAN_ABRT flag
This flag is unused. Thus, it may be removed. No reason to still set it. It
also cleans up "haproxy -vv" output.
2022-04-13 15:10:16 +02:00
Willy Tarreau
d3b4cd11f7 [RELEASE] Released version 2.6-dev5
Released version 2.6-dev5 with the following main changes :
    - DOC: reflect H2 timeout changes
    - BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing
    - BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing
    - BUG/MINOR: log: Initialize the list element when allocating a new log server
    - BUG/MINOR: samples: add missing context names for sample fetch functions
    - MINOR: management: add some basic keyword dump infrastructure
    - MINOR: config: add a function to dump all known config keywords
    - MINOR: filters: extend flt_dump_kws() to dump to stdout
    - MINOR: services: extend list_services() to dump to stdout
    - MINOR: cli: add a new keyword dump function
    - MINOR: acl: add a function to dump the list of known ACL keywords
    - MINOR: samples: add a function to list register sample fetch keywords
    - MINOR: sample: list registered sample converter functions
    - MINOR: tools: add strordered() to check whether strings are ordered
    - MINOR: action: add a function to dump the list of actions for a ruleset
    - MINOR: config: alphanumerically sort config keywords output
    - MINOR: sample: alphanumerically sort sample & conv keyword dumps
    - MINOR: acl: alphanumerically sort the ACL dump
    - MINOR: cli: alphanumerically sort the dump of supported commands
    - MINOR: filters: alphabetically sort the list of filter names
    - MINOR: services: alphabetically sort service names
    - MEDIUM: httpclient/lua: be stricter with httpclient parameters
    - MINOR: ssl: split the cert commit io handler
    - MINOR: ssl: move the cert_exts and the CERT_TYPE enum
    - MINOR: ssl: simplify the certificate extensions array
    - MINOR: ssl: export ckch_inst_rebuild()
    - MINOR: ssl: add "crt" in the cert_exts array
    - MINOR: ssl/lua: CertCache.set() allows to update an SSL certificate file
    - BUILD: ssl/lua: CacheCert needs OpenSSL
    - DOC: lua: CertCache class documentation
    - BUG/MEDIUM: quic: do not use qcs from quic_stream on ACK parsing
    - MINOR: mux-quic: return qcs instance from qcc_get_qcs
    - MINOR: mux-quic: reorganize qcs free
    - MINOR: mux-quic: define release app-ops
    - BUG/MINOR: h3: release resources on close
    - BUG/MINOR: mux-quic: ensure to free all qcs on MUX release
    - CLEANUP: quic: complete comment on qcs_try_to_consume
    - MINOR: quic: implement stream descriptor for transport layer
    - MEDIUM: quic: move transport fields from qcs to qc_conn_stream
    - MEDIUM: mux-quic: remove qcs tree node
    - BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads
    - DOC: management: add missing dot in 9.4.1
    - BUG/MAJOR: mux_pt: always report the connection error to the conn_stream
    - DOC: remove double blanks in configuration.txt
    - CI: github actions: update OpenSSL to 3.0.2
    - BUG/MEDIUM: quic: Possible crash in ha_quic_set_encryption_secrets()
    - CLEANUP: quic: Remove all atomic operations on quic_conn struct
    - CLEANUP: quic: Remove all atomic operations on packet number spaces
    - MEDIUM: quic: Send ACK frames asap
    - BUG/MINOR: quic: Missing probing packets when coalescing
    - BUG/MINOR: quic: Discard Initial packet number space only one time
    - MINOR: quic: Do not display any timer value from process_timer()
    - BUG/MINOR: quic: Do not probe from an already probing packet number space
    - BUG/MINOR: quic: Non duplicated frames upon fast retransmission
    - BUG/MINOR: quic: Too much prepared retransmissions due to anti-amplification
    - MINOR: quic: Useless call to SSL_CTX_set_default_verify_paths()
    - MINOR: quic: Add traces about list of frames
    - BUG/MINOR: h3: Missing wait event struct field initialization
    - BUG/MINOR: quic: QUIC TLS secrets memory leak
    - BUG/MINOR: quic: Missing ACK range deallocations
    - BUG/MINOR: quic: Missing TX packet deallocations
    - CLEANUP: hpack: be careful about integer promotion from uint8_t
    - OPTIM: hpack: read 32 bits at once when possible.
    - MEDIUM: ssl: allow loading of a directory with the ca-file directive
    - BUG/MINOR: ssl: continue upon error when opening a directory w/ ca-file
    - MINOR: ssl: ca-file @system-ca loads the system trusted CA
    - DOC: configuration: add the ca-file changes
    - MINOR: sample: converter: Add add_item convertor
    - BUG/MINOR: ssl: handle X509_get_default_cert_dir() returning NULL
    - BUG/MINOR: ssl/cli: Remove empty lines from CLI output
    - MINOR: httpclient: enable request buffering
    - MEDIUM: httpclient: enable l7-retry
    - BUG/MINOR: httpclient: end callback in applet release
    - MINOR: quic: Add draining connection state.
    - MINOR: quic: Add closing connection state
    - BUG/MEDIUM: quic: ensure quic-conn survives to the MUX
    - CLEANUP: quic: use static qualifer on quic_close
    - CLEANUP: mux-quic: remove unused QC_CF_CC_RECV
    - BUG/MINOR: fix memleak on quic-conn streams cleaning
    - MINOR: mux-quic: factorize conn-stream attach
    - MINOR: mux-quic: adjust timeout to accelerate closing
    - MINOR: mux-quic: define is_active app-ops
    - MINOR: mux-quic: centralize send operations in qc_send
    - MEDIUM: mux-quic: report CO_FL_ERROR on send
    - MEDIUM: mux-quic: report errors on conn-streams
    - MEDIUM: quic: report closing state for the MUX
    - BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests
    - BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message
    - BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP applet
    - BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message
    - BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is reached
    - BUG/MINOR: http_client: Don't add input data on an empty request buffer
    - BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples
    - BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid
    - CLEANUP: mux-quic: remove uneeded TODO in qc_detach
    - BUG/MEDIUM: mux-quic: properly release conn-stream on detach
    - BUG/MINOR: quic: set the source not the destination address on accept()
    - BUG/MEDIUM: quic: Possible crash from quic_free_arngs()
    - MINOR: quic_tls: Add reusable cipher contexts to QUIC TLS contexts
    - MINOR: quic_tls: Stop hardcoding cipher IV lengths
    - CLEANUP: quic: Do not set any cipher/group from ssl_quic_initial_ctx()
    - MINOR: quic: Add short packet key phase bit values to traces
    - MINOR: quic_tls: Make key update use of reusable cipher contexts
    - BUG/MINOR: opentracing: setting the return value in function flt_ot_var_set()
    - BUG/BUILD: opentracing: fixed OT_DEFINE variable setting
    - EXAMPLES: opentracing: refined shell scripts for testing filter performance
    - DOC: opentracing: corrected comments in function descriptions
    - CLEANUP: opentracing: removed unused function flt_ot_var_unset()
    - CLEANUP: opentracing: removed unused function flt_ot_var_get()
    - Revert "MINOR: opentracing: change the scope of the variable 'ot.uuid' from 'sess' to 'txn'"
    - MINOR: opentracing: only takes the variables lock on shared entries
    - CLEANUP: opentracing: added flt_ot_smp_init() function
    - CLEANUP: opentracing: added variable to store variable length
    - MINOR: opentracing: improved normalization of context variable names
    - DEBUG: opentracing: show return values of all functions in the debug output
    - CLEANUP: opentracing: added FLT_OT_PARSE_INVALID_enum enum
    - DEBUG: opentracing: display the contents of the err variable after setting
    - MAJOR: opentracing: reenable usage of vars to transmit opentracing context
    - Revert "BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time"
    - MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window
2022-04-09 11:31:40 +02:00
Remi Tricot-Le Breton
b5d968d9b2 MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window
The new 'close-spread-time' global option can be used to spread idle and
active HTTP connction closing after a SIGUSR1 signal is received. This
allows to limit bursts of reconnections when too many idle connections
are closed at once. Indeed, without this new mechanism, in case of
soft-stop, all the idle connections would be closed at once (after the
grace period is over), and all active HTTP connections would be closed
by appending a "Connection: close" header to the next response that goes
over it (or via a GOAWAY frame in case of HTTP2).

This patch adds the support of this new option for HTTP as well as HTTP2
connections. It works differently on active and idle connections.

On active connections, instead of sending systematically the GOAWAY
frame or adding the 'Connection: close' header like before once the
soft-stop has started, a random based on the remainder of the close
window is calculated, and depending on its result we could decide to
keep the connection alive. The random will be recalculated for any
subsequent request/response on this connection so the GOAWAY will still
end up being sent, but we might wait a few more round trips. This will
ensure that goaways are distributed along a longer time window than
before.

On idle connections, a random factor is used when determining the expire
field of the connection's task, which should naturally spread connection
closings on the time window (see h2c_update_timeout).

This feature request was described in GitHub issue #1614.
This patch should be backported to 2.5. It depends on "BUG/MEDIUM:
mux-h2: make use of http-request and keep-alive timeouts" which
refactorized the timeout management of HTTP2 connections.
2022-04-08 18:15:21 +02:00
Nikola Sale
0dbf03871f MINOR: sample: converter: Add add_item convertor
This new converter is similar to the concat converter and can be used to
build new variables made of a succession of other variables but the main
difference is that it does the checks if adding a delimiter makes sense as
wouldn't be the case if e.g the current input sample is empty. That
situation would require 2 separate rules using concat converter where the
first rule would have to check if the current sample string is empty before
adding a delimiter. This resolves GitHub Issue #1621.
2022-04-04 07:30:58 +02:00
William Lallemand
34107800dd DOC: configuration: add the ca-file changes
Add the documentation about the directory support and @system-ca for the
"ca-file" directive.
2022-04-01 23:52:50 +02:00
Aleksandar Lazic
332258a778 DOC: remove double blanks in configuration.txt
Double blanks in keywords are not good for the html documentation parser.
This commit fixes the double blanks for tcp-request content use-service.
2022-03-31 16:58:52 +02:00
William Lallemand
a662275e84 DOC: management: add missing dot in 9.4.1
The 9.4.1 chapter is missing the dot at the end of the chapter numbers.
Which broke the haproxy-dconv html generation.

No backport needed, 2.6 only.
2022-03-31 15:28:42 +02:00
William Lallemand
10cea5cd6d DOC: lua: CertCache class documentation
Document the CertCache API which is used to update a certificate file in
memory using lua.
2022-03-30 16:02:43 +02:00
Willy Tarreau
76871a4f8c MINOR: management: add some basic keyword dump infrastructure
It's difficult from outside haproxy to detect the supported keywords
and syntax. Interestingly, many of our modern keywords are enumerated
since they're registered from constructors, so it's not very hard to
enumerate most of them.

This patch creates some basic infrastructure to support dumping existing
keywords from different classes on stdout. The format will differ depending
on the classes, but the idea is that the output could easily be passed to
a script that generates some simple syntax highlighting rules, completion
rules for editors, syntax checkers or config parsers.

The principle chosen here is that if "-dK" is passed on the command-line,
at the end of the parsing the registered keywords will be dumped for the
requested classes passed after "-dK". Special name "help" will show known
classes, while "all" will execute all of them. The reason for doing that
after the end of the config processor is that it will also enumerate
internally-generated keywords, Lua or even those loaded from external
code (e.g. if an add-on is loaded using LD_PRELOAD). A typical way to
call this with a valid config would be:

    ./haproxy -dKall -q -c -f /path/to/config

If there's no config available, feeding /dev/null will also do the job,
though it will not be able to detect dynamically created keywords, of
course.

This patch also updates the management doc.

For now nothing but the help is listed, various subsystems will follow
in subsequent patches.
2022-03-29 17:55:54 +02:00
Lukas Tribus
4646e9c9cb DOC: reflect H2 timeout changes
Reverts 75df9d7a7 ("DOC: explain HTTP2 timeout behavior") since H2
connections now respect "timeout http-keep-alive".

If commit 15a4733d5d ("BUG/MEDIUM: mux-h2: make use of http-request
and keep-alive timeouts") is backported, this DOC change needs to
be backported along with it.
2022-03-26 22:46:44 +01:00
Willy Tarreau
0541c2b978 [RELEASE] Released version 2.6-dev4
Released version 2.6-dev4 with the following main changes :
    - BUG/MEDIUM: httpclient: don't consume data before it was analyzed
    - CLEANUP: htx: remove unused co_htx_remove_blk()
    - BUG/MINOR: httpclient: consume partly the blocks when necessary
    - BUG/MINOR: httpclient: remove the UNUSED block when parsing headers
    - BUG/MEDIUM: httpclient: must manipulate head, not first
    - REGTESTS: fix the race conditions in be2hex.vtc
    - BUG/MEDIUM: quic: Blocked STREAM when retransmitted
    - BUG/MAJOR: quic: Possible crash with full congestion control window
    - BUG/MINOR: httpclient/lua: stuck when closing without data
    - BUG/MEDIUM: applet: Don't call .release callback function twice
    - BUG/MEDIUM: cli/debug: Properly get the stream-int in all debug I/O handlers
    - BUG/MEDIUM: sink: Properly get the stream-int in appctx callback functions
    - DEV: udp: switch parser to getopt() instead of positional arguments
    - DEV: udp: add support for random packet corruption
    - MINOR: server: export server_parse_sni_expr() function
    - BUG/MINOR: httpclient: send the SNI using the host header
    - BUILD: httpclient: fix build without SSL
    - BUG/MINOR: server/ssl: free the SNI sample expression
    - BUG/MINOR: logs: fix logsrv leaks on clean exit
    - MINOR: actions: add new function free_act_rule() to free a single rule
    - BUG/MINOR: tcp-rules: completely free incorrect TCP rules on error
    - BUG/MINOR: http-rules: completely free incorrect TCP rules on error
    - BUG/MINOR: httpclient: only check co_data() instead of HTTP_MSG_DATA
    - BUG/MINOR: httpclient: process the response when received before the end of the request
    - BUG/MINOR: httpclient: CF_SHUTW_NOW should be tested with channel_is_empty()
    - CI: github actions: switch to LibreSSL-3.5.1
    - BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf
    - BUG/MEDIUM: stream-int: do not rely on the connection error once established
    - BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner
    - MEDIUM: mux-h2: slightly relax timeout management rules
    - BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts
    - BUG/MINOR: rules: Initialize the list element when allocating a new rule
    - BUG/MINOR: http-rules: Don't free new rule on allocation failure
    - DEV: coccinelle: Fix incorrect replacement in ist.cocci
    - CLEANUP: Reapply ist.cocci with `--include-headers-for-types --recursive-includes`
    - DEV: coccinelle: Add a new pattern to ist.cocci
    - CLEANUP: Reapply ist.cocci
    - REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+
    - MINOR: quic: Code factorization (TX buffer reuse)
    - CLEANUP: quic: "largest_acked_pn" pktns struc member moving
    - MEDIUM: quic: Limit the number of ACK ranges
    - MEDIUM: quic: Rework of the TX packets memory handling
    - BUG/MINOR: quic: Possible crash in parse_retry_token()
    - BUG/MINOR: quic: Possible leak in quic_build_post_handshake_frames()
    - BUG/MINOR: quic: Unsent frame because of qc_build_frms()
    - BUG/MINOR: mux-quic: Access to empty frame list from qc_send_frames()
    - BUG/MINOR: mux-quic: Missing I/O handler events initialization
    - BUG/MINOR: quic: Missing TX packet initializations
    - BUG/MINOR: quic: 1RTT packets ignored after mux was released
    - BUG/MINOR: quic: Incorrect peer address validation
    - BUG/MINOR: quic: Non initialized variable in quic_build_post_handshake_frames()
    - BUG/MINOR: quic: Wrong TX packet related counters handling
    - MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1
    - DOC: config: Explictly add supported MQTT versions
    - MINOR: quic: Add traces about stream TX buffer consumption
    - MINOR: quic: Add traces in qc_set_timer() (scheduling)
    - CLEANUP: mux-quic: change comment style to not mess with git conflict
    - CLEANUP: mux-quic: adjust comment for coding-style
    - MINOR: mux-quic: complete trace when stream is not found
    - MINOR: mux-quic: add comments for send functions
    - MINOR: mux-quic: use shorter name for flow-control fields
    - MEDIUM: mux-quic: respect peer bidirectional stream data limit
    - MEDIUM: mux-quic: respect peer connection data limit
    - MINOR: mux-quic: support MAX_STREAM_DATA frame parsing
    - MINOR: mux-quic: support MAX_DATA frame parsing
    - BUILD: stream-int: avoid a build warning when DEBUG is empty
    - BUG/MINOR: quic: Wrong buffer length passed to generate_retry_token()
    - BUG/MINOR: tools: fix url2sa return value with IPv4
    - MINOR: mux-quic: convert fin on push-frame as boolean
    - BUILD: quic: add missing includes
    - REORG: quic: use a dedicated quic_loss.c
    - MINOR: mux-quic: declare the qmux trace module
    - MINOR: mux-quic: replace printfs by traces
    - MINOR: mux-quic: add trace event for frame sending
    - MINOR: mux-quic: add trace event for qcs_push_frame
    - MINOR: mux-quic: activate qmux traces on stdout via macro
    - BUILD: qpack: fix unused value when not using DEBUG_HPACK
    - CLEANUP: qpack: suppress by default stdout traces
    - CLEANUP: h3: suppress by default stdout traces
    - BUG/MINOR: tools: url2sa reads too far when no port nor path
2022-03-26 08:31:33 +01:00
Christopher Faulet
140a357660 DOC: config: Explictly add supported MQTT versions
This avoids any ambiguities on supported versions. This patch depends on
129579813 ("MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value
converters for MQTTv3.1").

It must be backported with the above commit.
2022-03-22 09:41:13 +01:00
Willy Tarreau
bc8b7a14ff [RELEASE] Released version 2.6-dev3
Released version 2.6-dev3 with the following main changes :
    - DEBUG: rename WARN_ON_ONCE() to CHECK_IF()
    - DEBUG: improve BUG_ON output message accuracy
    - DEBUG: implement 4 levels of choices between warn and crash.
    - DEBUG: add two new macros to enable debugging in hot paths
    - DEBUG: buf: replace some sensitive BUG_ON() with BUG_ON_HOT()
    - DEBUG: buf: add BUG_ON_HOT() to most buffer management functions
    - MINOR: channel: don't use co_set_data() to decrement output
    - DEBUG: channel: add consistency checks using BUG_ON_HOT() in some key functions
    - MINOR: conn-stream: Improve API to have safe/unsafe accessors
    - MEDIUM: tree-wide: Use unsafe conn-stream API when it is relevant
    - CLEANUP: stream-int: Make si_cs_send() function static
    - REORG: stream-int: Uninline si_sync_recv() and make si_cs_recv() private
    - BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks
    - BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks()
    - REGTESTS: fix the race conditions in normalize_uri.vtc
    - DEBUG: stream-int: Fix BUG_ON used to test appctx in si_applet_ops callbacks
    - BUILD: debug: fix build warning on older compilers around DEBUG_STRICT_ACTION
    - CLEANUP: connection: Indicate unreachability to the compiler in conn_recv_proxy
    - MINOR: connection: Transform safety check in PROXYv2 parsing into BUG_ON()
    - DOC: install: it's DEBUG_CFLAGS, not DEBUG, which is set to -g
    - DOC: install: describe the DEP variable
    - DOC: install: describe how to choose options used in the DEBUG variable
    - MINOR: queue: Replace if() + abort() with BUG_ON()
    - CLEANUP: adjust indentation in bidir STREAM handling function
    - MINOR: quic: simplify copy of STREAM frames to RX buffer
    - MINOR: quic: handle partially received buffered stream frame
    - MINOR: mux-quic: define flag for last received frame
    - BUG/MINOR: quic: support FIN on Rx-buffered STREAM frames
    - MEDIUM: quic: rearchitecture Rx path for bidirectional STREAM frames
    - REGTESTS: fix the race conditions in secure_memcmp.vtc
    - CLEANUP: stream: Remove useless tests on conn-stream in stream_dump()
    - BUILD: ssl: another build warning on LIBRESSL_VERSION_NUMBER
    - MINOR: quic: Ensure PTO timer is not set in the past
    - MINOR: quic: Post handshake I/O callback switching
    - MINOR: quic: Drop the packets of discarded packet number spaces
    - CLEANUP: quic: Useless tests in qc_try_rm_hp()
    - CLEANUP: quic: Indentation fix in qc_prep_pkts()
    - MINOR: quic: Assemble QUIC TLS flags at the same level
    - BUILD: conn_stream: avoid null-deref warnings on gcc 6
    - BUILD: connection: do not declare register_mux_proto() inline
    - BUILD: http_rules: do not declare http_*_keywords_registre() inline
    - BUILD: trace: do not declare trace_registre_source() inline
    - BUILD: tcpcheck: do not declare tcp_check_keywords_register() inline
    - DEBUG: reduce the footprint of BUG_ON() calls
    - BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST
    - BUG/MINOR: pool: always align pool_heads to 64 bytes
    - DEV: udp: add a tiny UDP proxy for testing
    - DEV: udp: implement pseudo-random reordering/loss
    - DEV: udp: add an optional argument to set the prng seed
    - BUG/MINOR: quic: fix segfault on CC if mux uninitialized
    - BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed
    - CLEANUP: tree-wide: remove a few rare non-ASCII chars
    - CI: coverity: simplify debugging options
    - CLEANUP: quic: complete ABORT_NOW with a TODO comment
    - MINOR: quic: qc_prep_app_pkts() implementation
    - MINOR: quic: Send short packet from a frame list
    - MINOR: quic: Make qc_build_frms() build ack-eliciting frames from a list
    - MINOR: quic: Export qc_send_app_pkts()
    - MINOR: mux-quic: refactor transport parameters init
    - MINOR: mux-quic: complete functions to detect stream type
    - MINOR: mux-quic: define new unions for flow-control fields
    - MEDIUM: mux-quic: use direct send transport API for STREAMs
    - MINOR: mux-quic: retry send opportunistically for remaining frames
    - MEDIUM: mux-quic: implement MAX_STREAMS emission for bidir streams
    - BUILD: fix kFreeBSD build.
    - MINOR: quic: Retry on qc_build_pkt() failures
    - BUG/MINOR: quic: Missing recovery start timer reset
    - CLEANUP: quic: Remove QUIC path manipulations out of the congestion controller
    - MINOR: quic: Add a "slow start" callback to congestion controller
    - MINOR: quic: Persistent congestion detection outside of controllers
    - CLEANUP: quic: Remove useless definitions from quic_cc_event struct
    - BUG/MINOR: quic: Confusion betwen "in_flight" and "prep_in_flight" in quic_path_prep_data()
    - MINOR: quic: More precise window update calculation
    - CLEANUP: quic: Remove window redundant variable from NewReno algorithm state struct
    - MINOR: quic: Add quic_max_int_by_size() function
    - BUG/MAJOR: quic: Wrong quic_max_available_room() returned value
    - MINOR: pools: add a new global option "no-memory-trimming"
    - BUG/MINOR: add missing modes in proxy_mode_str()
    - BUG/MINOR: cli: shows correct mode in "show sess"
    - BUG/MEDIUM: quic: do not drop packet on duplicate stream/decoding error
    - MINOR: stats: Add dark mode support for socket rows
    - BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix
    - BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of request
    - BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request
    - BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request
    - BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request
    - BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request
    - BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams
    - DEBUG: cache: Update underlying buffer when loading HTX message in cache applet
    - BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing
    - DEBUG: stream: Add the missing descriptions for stream trace events
    - DEBUG: stream: Fix stream trace message to print response buffer state
    - MINOR: proxy: Store monitor_uri as a `struct ist`
    - MINOR: proxy: Store fwdfor_hdr_name as a `struct ist`
    - MINOR: proxy: Store orgto_hdr_name as a `struct ist`
    - MEDIUM: proxy: Store server_id_hdr_name as a `struct ist`
    - CLEANUP: fcgi: Replace memcpy() on ist by istcat()
    - CLEANUP: fcgi: Use `istadv()` in `fcgi_strm_send_params`
    - BUG/MAJOR: mux-pt: Always destroy the backend connection on detach
    - DOC: sample fetch methods: move distcc_* to the right locations
    - MINOR: rules: record the last http/tcp rule that gave a final verdict
    - MINOR: stream: add "last_rule_file" and "last_rule_line" samples
    - BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd()
    - MINOR: quic: Add max_idle_timeout advertisement handling
    - MEDIUM: quic: Remove the QUIC connection reference counter
    - BUG/MINOR: quic: ACK_REQUIRED and ACK_RECEIVED flag collision
    - BUG/MINOR: quic: Missing check when setting the anti-amplification limit as reached
    - MINOR: quic: Add a function to compute the current PTO
    - MEDIUM: quic: Implement the idle timeout feature
    - BUG/MEDIUM: quic: qc_prep_app_pkts() retries on qc_build_pkt() failures
    - CLEANUP: quic: Comments fix for qc_prep_(app)pkts() functions
    - MINOR: mux-quic: prevent push frame for unidir streams
    - MINOR: mux-quic: improve opportunistic retry sending for STREAM frames
    - MINOR: quic: implement sending confirmation
    - MEDIUM: mux-quic: improve bidir STREAM frames sending
    - MEDIUM: check: do not auto configure SSL/PROXY for dynamic servers
    - REGTESTS: server: test SSL/PROXY with checks for dynamic servers
    - MEDIUM: server: remove experimental-mode for dynamic servers
    - BUG/MINOR: buffer: fix debugging condition in b_peek_varint()
2022-03-11 18:09:24 +01:00
Amaury Denoyelle
76e8b70e43 MEDIUM: server: remove experimental-mode for dynamic servers
Dynamic servers feature is now judged to be stable enough. Remove the
experimental-mode requirement for "add/del server" commands. This should
facilitate dynamic servers adoption.
2022-03-11 14:28:28 +01:00
Amaury Denoyelle
7d098bea2b MEDIUM: check: do not auto configure SSL/PROXY for dynamic servers
For server checks, SSL and PROXY is automatically inherited from the
server settings if no specific check port is specified. Change this
behavior for dynamic servers : explicit "check-ssl"/"check-send-proxy"
are required for them.

Without this change, it is impossible to add a dynamic server with
SSL/PROXY settings and checks without, if the check port is not
explicit. This is because "no-check-ssl"/"no-check-send-proxy" keywords
are not available for dynamic servers.

This change respects the principle that dynamic servers on the CLI
should not reuse the same shortcuts used during the config file parsing.
Mostly because we expect this feature to be manipulated by automated
tools, contrary to the config file which should aim to be the shortest
possible for human readability.

Update the documentation of the "check" keyword to reflect this change.
2022-03-11 14:28:28 +01:00
Willy Tarreau
0657b93385 MINOR: stream: add "last_rule_file" and "last_rule_line" samples
These two sample fetch methods report respectively the file name and the
line number where was located the last rule that was final. This is aimed
at being used on log-format lines to help admins figure what rule in the
configuration gave a final verdict, and help understand the condition
that led to the action.

For example, it's now possible to log the last matched rule by adding
this to the log-format:

  ... lr=%[last_rule_file]:%[last_rule_line]

A regtest is provided to test various combinations of final rules, some
even on top of each other from different rulesets.
2022-03-10 11:51:34 +01:00
Willy Tarreau
3ec1461b03 DOC: sample fetch methods: move distcc_* to the right locations
The distcc* sample fetch methods were surprisingly located within the
"internal state" section, while they in fact depend on L6 contents.
This can be backported to all versions where they appear.
2022-03-10 11:51:34 +01:00
Willy Tarreau
c4e56dc58c MINOR: pools: add a new global option "no-memory-trimming"
Some users with very large numbers of connections have been facing
extremely long malloc_trim() calls on reload that managed to trigger
the watchdog! That's a bit counter-productive. It's even possible
that some implementations are not perfectly reliable or that their
trimming time grows quadratically with the memory used. Instead of
constantly trying to work around these issues, let's offer an option
to disable this mechanism, since nobody had been complaining in the
past, and this was only meant to be an improvement.

This should be backported to 2.4 where trimming on reload started to
appear.
2022-03-08 10:45:03 +01:00
Willy Tarreau
3b1d190831 [RELEASE] Released version 2.6-dev2
Released version 2.6-dev2 with the following main changes :
    - DOC: management: rework the Master CLI section
    - DOC: management: add expert and experimental mode in 9.4.1
    - CLEANUP: cleanup a commentary in pcli_parse_request()
    - BUG/MINOR: mworker/cli: don't display help on master applet
    - MINOR: mworker/cli: mcli-debug-mode enables every command
    - MINOR: mworker/cli: add flags in the prompt
    - BUG/MINOR: httpclient: Revisit HC request and response buffers allocation
    - BUG/MEDIUM: httpclient: Xfer the request when the stream is created
    - MINOR: httpclient: Don't limit data transfer to 1024 bytes
    - BUILD: ssl: adjust guard for X509_get_X509_PUBKEY(x)
    - REGTESTS: ssl: skip show_ssl_ocspresponse.vtc when BoringSSL is used
    - MINOR: quic: Do not modify a marked as consumed datagram
    - MINOR: quic: Wrong datagram buffer passed to quic_lstnr_dgram_dispatch()
    - MINOR: quic: Remove a useless test in quic_get_dgram_dcid()
    - BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output
    - CLEANUP: ssl: Remove unused ssl_sock_create_cert function
    - MINOR: ssl: Use high level OpenSSL APIs in sha2 converter
    - MINOR: ssl: Remove EC_KEY related calls when preparing SSL context
    - REGTESTS: ssl: Add test for "curves" and "ecdhe" SSL options
    - MINOR: ssl: Remove EC_KEY related calls when creating a certificate
    - REGTESTS: ssl: Add test for "generate-certificates" SSL option
    - MINOR: ssl: Remove call to SSL_CTX_set_tlsext_ticket_key_cb with OpenSSLv3
    - MINOR: ssl: Remove call to HMAC_Init_ex with OpenSSLv3
    - MINOR: h3: hardcode the stream id of control stream
    - MINOR: mux-quic: remove quic_transport_params_update
    - MINOR: quic: rename local tid variable
    - MINOR: quic: remove unused xprt rcv_buf operation
    - MINOR: quic: take out xprt snd_buf operation
    - CI: enable QUIC for Coverity scan
    - BUG/MINOR: mworker: does not erase the pidfile upon reload
    - MINOR: ssl: Remove call to ERR_func_error_string with OpenSSLv3
    - MINOR: ssl: Remove call to ERR_load_SSL_strings with OpenSSLv3
    - REGTESTS: ssl: Add tests for DH related options
    - MINOR: ssl: Create HASSL_DH wrapper structure
    - MINOR: ssl: Add ssl_sock_get_dh_from_bio helper function
    - MINOR: ssl: Factorize ssl_get_tmp_dh and append a cbk to its name
    - MINOR: ssl: Add ssl_sock_set_tmp_dh helper function
    - MINOR: ssl: Add ssl_sock_set_tmp_dh_from_pkey helper function
    - MINOR: ssl: Add ssl_new_dh_fromdata helper function
    - MINOR: ssl: Build local DH of right size when needed
    - MINOR: ssl: Set default dh size to 2048
    - MEDIUM: ssl: Replace all DH objects by EVP_PKEY on OpenSSLv3 (via HASSL_DH type)
    - MINOR: ssl: Remove calls to SSL_CTX_set_tmp_dh_callback on OpenSSLv3
    - MINOR: quic: Remove an RX buffer useless lock
    - MINOR: quic: Variable used before being checked in ha_quic_add_handshake_data()
    - MINOR: quic: EINTR error ignored
    - MINOR: quic: Potential overflow expression in qc_parse_frm()
    - MINOR: quic: Possible overflow in qpack_get_varint()
    - CLEANUP: h3: Unreachable target in h3_uqs_init()
    - MINOR: quic: Possible memleak in qc_new_conn()
    - MINOR: quic: Useless statement in quic_crypto_data_cpy()
    - BUG/MEDIUM: pools: ensure items are always large enough for the pool_cache_item
    - BUG/MINOR: pools: always flush pools about to be destroyed
    - CLEANUP: pools: don't needlessly set a call mark during refilling of caches
    - DEBUG: pools: add extra sanity checks when picking objects from a local cache
    - DEBUG: pools: let's add reverse mapping from cache heads to thread and pool
    - DEBUG: pools: replace the link pointer with the caller's address on pool_free()
    - BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks
    - MINOR: quic: use a global dghlrs for each thread
    - BUG/MEDIUM: quic: fix crash on CC if mux not present
    - MINOR: qpack: fix typo in trace
    - BUG/MINOR: quic: fix FIN stream signaling
    - BUG/MINOR: h3: fix the header length for QPACK decoding
    - MINOR: h3: remove transfer-encoding header
    - MINOR: h3: add documentation on h3_decode_qcs
    - MINOR: h3: set properly HTX EOM/BODYLESS on HEADERS parsing
    - MINOR: mux-quic: implement rcv_buf
    - MINOR: mux-quic: set EOS on rcv_buf
    - MINOR: h3: set CS_FL_NOT_FIRST
    - MINOR: h3: report frames bigger than rx buffer
    - MINOR: h3: extract HEADERS parsing in a dedicated function
    - MINOR: h3: implement DATA parsing
    - MINOR: quic: Wrong smoothed rtt initialization
    - MINOR: quic: Wrong loss delay computation
    - MINOR: quic: Code never reached in qc_ssl_sess_init()
    - MINOR: quic: ha_quic_set_encryption_secrets without server specific code
    - MINOR: quic: Avoid warning about NULL pointer dereferences
    - MINOR: quic: Useless test in quic_lstnr_dghdlr()
    - MINOR: quic: Non checked returned value for cs_new() in hq_interop_decode_qcs()
    - MINOR: h3: Dead code in h3_uqs_init()
    - MINOR: quic: Non checked returned value for cs_new() in h3_decode_qcs()
    - MINOR: quic: Possible frame parsers array overrun
    - MINOR: quic: Do not retransmit too much packets.
    - MINOR: quic: Move quic_rxbuf_pool pool out of xprt part
    - MINOR: h3: report error on HEADERS/DATA parsing
    - BUG/MINOR: jwt: Double free in deinit function
    - BUG/MINOR: jwt: Missing pkey free during cleanup
    - BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls
    - BUG/MINOR: httpclient/cli: display junk characters in vsn
    - MINOR: h3: remove unused return value on decode_qcs
    - BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies
    - BUG/MAJOR: spoe: properly detach all agents when releasing the applet
    - REGTESTS: server: close an occasional race on dynamic_server_ssl.vtc
    - REGTESTS: peers: leave a bit more time to peers to synchronize
    - BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change
    - BUG/MINOR: mux-h2: update the session's idle delay before creating the stream
    - BUG/MINOR: httpclient: reinit flags in httpclient_start()
    - BUG/MINOR: mailers: negotiate SMTP, not ESMTP
    - MINOR: httpclient: sets an alternative destination
    - MINOR: httpclient/lua: add 'dst' optionnal field
    - BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print
    - BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command
    - BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print
    - CLEANUP: httpclient/cli: fix indentation alignment of the help message
    - BUG/MINOR: tools: url2sa reads ipv4 too far
    - BUG/MEDIUM: httpclient: limit transfers to the maximum available room
    - DEBUG: buffer: check in __b_put_blk() whether the buffer room is respected
    - MINOR: mux-quic: fix a possible null dereference in qc_timeout_task
    - BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message
    - BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer
    - BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer
    - DEBUG: stream-int: Check CS_FL_WANT_ROOM is not set with an empty input buffer
    - MINOR: quic: do not modify offset node if quic_rx_strm_frm in tree
    - MINOR: h3: fix compiler warning variable set but not used
    - MINOR: mux-quic: fix uninitialized return on qc_send
    - MINOR: quic: fix handling of out-of-order received STREAM frames
    - MINOR: pools: mark most static pool configuration variables as read-mostly
    - CLEANUP: pools: remove the now unused pool_is_crowded()
    - REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks
    - BUG/MEDIUM: stream: Abort processing if response buffer allocation fails
    - MINOR: httpclient/lua: ability to set a server timeout
    - BUG/MINOR: httpclient/lua: missing pop for new timeout parameter
    - DOC: httpclient/lua: fix the type of the dst parameter
    - CLEANUP: httpclient: initialize the client in stage INIT not REGISTER
    - CLEANUP: muxes: do not use a dynamic trash in list_mux_protos()
    - CLEANUP: vars: move the per-process variables initialization to vars.c
    - CLEANUP: init: remove the ifdef on HAPROXY_MEMMAX
    - MINOR: pools: disable redundant poisonning on pool_free()
    - MINOR: pools: introduce a new pool_debugging global variable
    - MINOR: pools: switch the fail-alloc test to runtime only
    - MINOR: pools: switch DEBUG_DONT_SHARE_POOLS to runtime
    - MINOR: pools: add a new debugging flag POOL_DBG_COLD_FIRST
    - MINOR: pools: add a new debugging flag POOL_DBG_INTEGRITY
    - MINOR: pools: make the global pools a runtime option.
    - MEDIUM: pools: replace CONFIG_HAP_POOLS with a runtime "NO_CACHE" flag.
    - MINOR: pools: store the allocated size for each pool
    - MINOR: pools: get rid of POOL_EXTRA
    - MINOR: pools: replace DEBUG_POOL_TRACING with runtime POOL_DBG_CALLER
    - MINOR: pools: replace DEBUG_MEMORY_POOLS with runtime POOL_DBG_TAG
    - MINOR: pools: add a debugging flag for memory poisonning option
    - MEDIUM: initcall: move STG_REGISTER earlier
    - MEDIUM: init: split the early initialization in its own function
    - MINOR: init: extract args parsing to their own function
    - MEDIUM: init: handle arguments earlier
    - MINOR: pools: delegate parsing of command line option -dM to a new function
    - MINOR: pools: support setting debugging options using -dM
    - BUILD: makefile: enable both DEBUG_STRICT and DEBUG_MEMORY_POOLS by default
    - CI: github: enable pool debugging by default
    - DOC: Fix usage/examples of deprecated ACLs
    - DOC: internal: update the pools API to mention boot-time settings
    - DOC: design: add design thoughts for later simplification of the pools
    - DOC: design: commit the temporary design notes on thread groups
    - MINOR: stream-int: Handle appctx case first when releasing the endpoint
    - MINOR: connection: Be prepared to handle conn-stream with no connection
    - MINOR: stream: Handle appctx case first when creating a new stream
    - MINOR: connection: Add a function to detach a conn-stream from the connection
    - MINOR: stream-int: Add function to reset a SI endpoint
    - MINOR: stream-int: Add function to attach a connection to a SI
    - MINOR: stream-int: Be able to allocate a CS without connection
    - MEDIUM: stream: No longer release backend conn-stream on connection retry
    - MEDIUM: stream: Allocate backend CS when the stream is created
    - REORG: conn_stream: move conn-stream stuff in dedicated files
    - MEDIUM: conn-stream: No longer access connection field directly
    - MEDIUM: conn-stream: Be prepared to use an appctx as conn-stream endpoint
    - MAJOR: conn_stream/stream-int: move the appctx to the conn-stream
    - MEDIUM: applet: Set the conn-stream as appctx owner instead of the stream-int
    - MEDIUM: conn_stream: Add a pointer to the app object into the conn-stream
    - MINOR: stream: Add pointer to front/back conn-streams into stream struct
    - MINOR: stream: Slightly rework stream_new to separate CS/SI initialization
    - MINOR: stream-int: Always access the stream-int via the conn-stream
    - MINOR: backend: Always access the stream-int via the conn-stream
    - MINOR: stream: Always access the stream-int via the conn-stream
    - MINOR: http-ana: Always access the stream-int via the conn-stream
    - MINOR: cli: Always access the stream-int via the conn-stream
    - MINOR: log: Always access the stream-int via the conn-stream
    - MINOR: frontend: Always access the stream-int via the conn-stream
    - MINOR: proxy: Always access the stream-int via the conn-stream
    - MINOR: peers: Always access the stream-int via the conn-stream
    - MINOR: debug: Always access the stream-int via the conn-stream
    - MINOR: hlua: Always access the stream-int via the conn-stream
    - MINOR: cache: Always access the stream-int via the conn-stream
    - MINOR: dns: Always access the stream-int via the conn-stream
    - MINOR: http-act: Always access the stream-int via the conn-stream
    - MINOR: httpclient: Always access the stream-int via the conn-stream
    - MINOR: tcp-act: Always access the stream-int via the conn-stream
    - MINOR: sink: Always access the stream-int via the conn-stream
    - MINOR: conn-stream: Rename cs_detach() to cs_detach_endp()
    - CLEANUP: conn-stream: Don't export conn-stream pool
    - MAJOR: stream/conn_stream: Move the stream-interface into the conn-stream
    - CLEANUP: stream-int: rename si_reset() to si_init()
    - MINOR: conn-stream: Release a CS when both app and endp are detached
    - MINOR: stream: Don't destroy conn-streams but detach app and endp
    - MAJOR: check: Use a persistent conn-stream for health-checks
    - CLEANUP: conn-stream: Remove cs_destroy()
    - CLEANUP: backend: Don't export connect_server anymore
    - BUG/MINOR: h3/hq_interop: Fix CS and stream creation
    - BUILD: tree-wide: Avoid warnings about undefined entities retrieved from a CS
    - BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy()
    - BUG/MEDIUM: quic: fix received ACK stream calculation
    - BUILD: stream: fix build warning with older compilers
    - BUG/MINOR: debug: fix get_tainted() to properly read an atomic value
    - DEBUG: move the tainted stuff to bug.h for easier inclusion
    - DEBUG: cleanup back trace generation
    - DEBUG: cleanup BUG_ON() configuration
    - DEBUG: mark ABORT_NOW() as unreachable
    - DBEUG: add a new WARN_ON() macro
    - DEBUG: make the _BUG_ON() macro return the condition
    - DEBUG: add a new WARN_ON_ONCE() macro
    - DEBUG: report BUG_ON() and WARN_ON() in the tainted flags
    - MINOR: quic: adjust buffer handling for STREAM transmission
    - MINOR: quic: liberate the TX stream buffer after ACK processing
    - MINOR: quic: add a TODO for a memleak frame on ACK consume
2022-02-25 17:12:11 +01:00
Willy Tarreau
274716262b DOC: design: commit the temporary design notes on thread groups
these one are starting to grow and short-term progress doesn't seem to
be happening, let's not lose the notes.
2022-02-24 09:06:37 +01:00
Willy Tarreau
f4016df91a DOC: design: add design thoughts for later simplification of the pools
The pools currently have plenty of options (and some usefull ones were
even lost with the modern design), but most of them could be categorized
along a few use cases, namely, performance, reliability, debuggability.
This document explores various ways to try to combine them and their
effect in a less complex way for the long term.
2022-02-24 09:01:59 +01:00
Willy Tarreau
0722d5d58e DOC: internal: update the pools API to mention boot-time settings
These ones are useful for debugging and must be mentionned in the
API doc.
2022-02-24 08:58:04 +01:00
Christian Ruppert
59e66e30c2 DOC: Fix usage/examples of deprecated ACLs
Some examples or references were still using deprecated ACL variants.

Signed-off-by: Christian Ruppert <idl0r@qasl.de>
2022-02-23 18:36:45 +01:00
Willy Tarreau
f4b79c4a01 MINOR: pools: support setting debugging options using -dM
The 9 currently available debugging options may now be checked, set, or
cleared using -dM. The directive now takes a comma-delimited list of
options after the optional poisonning byte. With "help", the list of
available options is displayed with a short help and their current
status.

The management doc was updated.
2022-02-23 17:28:41 +01:00
Willy Tarreau
3ebe4d989c MEDIUM: initcall: move STG_REGISTER earlier
The STG_REGISTER init level is used to register known keywords and
protocol stacks. It must be called earlier because some of the init
code already relies on it to be known. For example, "haproxy -vv"
for now is constrained to start very late only because of this.

This patch moves it between STG_LOCK and STG_ALLOC, which is fine as
it's used for static registration.
2022-02-23 17:11:33 +01:00
Willy Tarreau
af580f659c MINOR: pools: disable redundant poisonning on pool_free()
The poisonning performed on pool_free() used to help a little bit with
use-after-free detection, but usually did more harm than good in that
it was never possible to perform post-mortem analysis on released
objects once poisonning was enabled on allocation. Now that there is
a dedicated DEBUG_POOL_INTEGRITY, let's get rid of this annoyance
which is not even documented in the management manual.
2022-02-23 17:11:33 +01:00
William Lallemand
18340300da DOC: httpclient/lua: fix the type of the dst parameter
"dst" is of string type.
2022-02-23 15:57:45 +01:00
William Lallemand
b4a4ef6a29 MINOR: httpclient/lua: ability to set a server timeout
Add the ability to set a "server timeout" on the httpclient with either
the httpclient_set_timeout() API or the timeout argument in a request.

Issue #1470.
2022-02-23 15:11:11 +01:00
William Lallemand
4f4f2b7b5f MINOR: httpclient/lua: add 'dst' optionnal field
The 'dst' optionnal field on a httpclient request can be used to set an
alternative server address in the haproxy address format. Which means it
could be use with unix@, ipv6@ etc.

Should fix issue #1471.
2022-02-17 20:07:00 +01:00
William Lallemand
dae12c7553 MINOR: mworker/cli: add flags in the prompt
The master CLI prompt is now able to show flags in its prompt depending
on the mode used: experimental (x), expert (e), mcli-debug (d).
2022-02-02 15:51:24 +01:00
William Lallemand
2a17191e91 MINOR: mworker/cli: mcli-debug-mode enables every command
"mcli-debug-mode on" enables every command that were meant for a worker,
on the CLI of the master. Which mean you can issue, "show fd", show
stat" in order to debug the MASTER proxy.

You can also combine it with "expert-mode on" or "experimental-mode on"
to access to more commands.
2022-02-02 15:51:24 +01:00
William Lallemand
a5ce28ba7c DOC: management: add expert and experimental mode in 9.4.1
Add the expert and experimental mode in the Master CLI commands section.
2022-02-02 15:43:14 +01:00
William Lallemand
af140ab2f5 DOC: management: rework the Master CLI section
Rework the master CLI section the same way the "Unix Socket commands"
section is made, ordering the available keywords in the section.
2022-02-02 15:43:14 +01:00
Willy Tarreau
2454d6ef5b [RELEASE] Released version 2.6-dev1
Released version 2.6-dev1 with the following main changes :
    - BUG/MINOR: cache: Fix loop on cache entries in "show cache"
    - BUG/MINOR: httpclient: allow to replace the host header
    - BUG/MINOR: lua: don't expose internal proxies
    - MEDIUM: mworker: seamless reload use the internal sockpairs
    - BUG/MINOR: lua: remove loop initial declarations
    - BUG/MINOR: mworker: does not add the -sf in wait mode
    - BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode
    - MINOR: quic: do not reject PADDING followed by other frames
    - REORG: quic: add comment on rare thread concurrence during CID alloc
    - CLEANUP: quic: add comments on CID code
    - MEDIUM: quic: handle CIDs to rattach received packets to connection
    - MINOR: qpack: support litteral field line with non-huff name
    - MINOR: quic: activate QUIC traces at compilation
    - MINOR: quic: use more verbose QUIC traces set at compile-time
    - MEDIUM: pool: refactor malloc_trim/glibc and jemalloc api addition detections.
    - MEDIUM: pool: support purging jemalloc arenas in trim_all_pools()
    - BUG/MINOR: mworker: deinit of thread poller was called when not initialized
    - BUILD: pools: only detect link-time jemalloc on ELF platforms
    - CI: github actions: add the output of $CC -dM -E-
    - BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time
    - BUILD: evports: remove a leftover from the dead_fd cleanup
    - MINOR: quic: Set "no_application_protocol" alert
    - MINOR: quic: More accurate immediately close.
    - MINOR: quic: Immediately close if no transport parameters extension found
    - MINOR: quic: Rename qc_prep_hdshk_pkts() to qc_prep_pkts()
    - MINOR: quic: Possible crash when inspecting the xprt context
    - MINOR: quic: Dynamically allocate the secrete keys
    - MINOR: quic: Add a function to derive the key update secrets
    - MINOR: quic: Add structures to maintain key phase information
    - MINOR: quic: Optional header protection key for quic_tls_derive_keys()
    - MINOR: quic: Add quic_tls_key_update() function for Key Update
    - MINOR: quic: Enable the Key Update process
    - MINOR: quic: Delete the ODCIDs asap
    - BUG/MINOR: vars: Fix the set-var and unset-var converters
    - MEDIUM: pool: Following up on previous pool trimming update.
    - BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message
    - BUG/MINOR: mux-h1: Fix splicing for messages with unknown length
    - MINOR: mux-h1: Improve H1 traces by adding info about http parsers
    - MINOR: mux-h1: register a stats module
    - MINOR: mux-h1: add counters instance to h1c
    - MINOR: mux-h1: count open connections/streams on stats
    - MINOR: mux-h1: add stat for total count of connections/streams
    - MINOR: mux-h1: add stat for total amount of bytes received and sent
    - REGTESTS: h1: Add a script to validate H1 splicing support
    - BUG/MINOR: server: Don't rely on last default-server to init server SSL context
    - BUG/MEDIUM: resolvers: Detach query item on response error
    - MEDIUM: resolvers: No longer store query items in a list into the response
    - BUG/MAJOR: segfault using multiple log forward sections.
    - BUG/MEDIUM: h1: Properly reset h1m flags when headers parsing is restarted
    - BUG/MINOR: resolvers: Don't overwrite the error for invalid query domain name
    - BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH
    - BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query
    - DOC: spoe: Clarify use of the event directive in spoe-message section
    - DOC: config: Specify %Ta is only available in HTTP mode
    - BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types
    - IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode
    - MINOR: quic: fix segfault on CONNECTION_CLOSE parsing
    - MINOR: h3: add BUG_ON on control receive function
    - MEDIUM: xprt-quic: finalize app layer initialization after ALPN nego
    - MINOR: h3: remove duplicated FIN flag position
    - MAJOR: mux-quic: implement a simplified mux version
    - MEDIUM: mux-quic: implement release mux operation
    - MEDIUM: quic: detect the stream FIN
    - MINOR: mux-quic: implement subscribe on stream
    - MEDIUM: mux-quic: subscribe on xprt if remaining data after send
    - MEDIUM: mux-quic: wake up xprt on data transferred
    - MEDIUM: mux-quic: handle when sending buffer is full
    - MINOR: quic: RX buffer full due to wrong CRYPTO data handling
    - MINOR: quic: Race issue when consuming RX packets buffer
    - MINOR: quic: QUIC encryption level RX packets race issue
    - MINOR: quic: Delete remaining RX handshake packets
    - MINOR: quic: Remove QUIC TX packet length evaluation function
    - MINOR: hq-interop: fix tx buffering
    - MINOR: mux-quic: remove uneeded code to check fin on TX
    - MINOR: quic: add HTX EOM on request end
    - BUILD: mux-quic: fix compilation with DEBUG_MEM_STATS
    - MINOR: http-rules: Add capture action to http-after-response ruleset
    - BUG/MINOR: cli/server: Don't crash when a server is added with a custom id
    - MINOR: mux-quic: do not release qcs if there is remaining data to send
    - MINOR: quic: notify the mux on CONNECTION_CLOSE
    - BUG/MINOR: mux-quic: properly initialize flow control
    - MINOR: quic: Compilation fix for quic_rx_packet_refinc()
    - MINOR: h3: fix possible invalid dereference on htx parsing
    - DOC: config: retry-on list is space-delimited
    - DOC: config: fix error-log-format example
    - BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode
    - MINOR: hq-interop: refix tx buffering
    - REGTESTS: ssl: use X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY for cert check
    - MINOR: cli: "show version" displays the current process version
    - CLEANUP: cfgparse: modify preprocessor guards around numa detection code
    - MEDIUM: cfgparse: numa detect topology on FreeBSD.
    - BUILD: ssl: unbreak the build with newer libressl
    - MINOR: vars: Move UPDATEONLY flag test to vars_set_ifexist
    - MINOR: vars: Set variable type to ANY upon creation
    - MINOR: vars: Delay variable content freeing in var_set function
    - MINOR: vars: Parse optional conditions passed to the set-var converter
    - MINOR: vars: Parse optional conditions passed to the set-var actions
    - MEDIUM: vars: Enable optional conditions to set-var converter and actions
    - DOC: vars: Add documentation about the set-var conditions
    - REGTESTS: vars: Add new test for conditional set-var
    - MINOR: quic: Attach timer task to thread for the connection.
    - CLEANUP: quic_frame: Remove a useless suffix to STOP_SENDING
    - MINOR: quic: Add traces for STOP_SENDING frame and modify others
    - CLEANUP: quic: Remove cdata_len from quic_tx_packet struct
    - MINOR: quic: Enable TLS 0-RTT if needed
    - MINOR: quic: No TX secret at EARLY_DATA encryption level
    - MINOR: quic: Add quic_set_app_ops() function
    - MINOR: ssl_sock: Set the QUIC application from ssl_sock_advertise_alpn_protos.
    - MINOR: quic: Make xprt support 0-RTT.
    - MINOR: qpack: Missing check for truncated QPACK fields
    - CLEANUP: quic: Comment fix for qc_strm_cpy()
    - MINOR: hq_interop: Stop BUG_ON() truncated streams
    - MINOR: quic: Do not mix packet number space and connection flags
    - CLEANUP: quic: Shorten a litte bit the traces in lstnr_rcv_pkt()
    - MINOR: mux-quic: fix trace on stream creation
    - CLEANUP: quic: fix spelling mistake in a trace
    - CLEANUP: quic: rename quic_conn conn to qc in quic_conn_free
    - MINOR: quic: add missing lock on cid tree
    - MINOR: quic: rename constant for haproxy CIDs length
    - MINOR: quic: refactor concat DCID with address for Initial packets
    - MINOR: quic: compare coalesced packets by DCID
    - MINOR: quic: refactor DCID lookup
    - MINOR: quic: simplify the removal from ODCID tree
    - REGTESTS: vars: Remove useless ssl tunes from conditional set-var test
    - MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output
    - MINOR: quic: Increase the RX buffer for each connection
    - MINOR: quic: Add a function to list remaining RX packets by encryption level
    - MINOR: quic: Stop emptying the RX buffer asap.
    - MINOR: quic: Do not expect to receive only one O-RTT packet
    - MINOR: quic: Do not forget STREAM frames received in disorder
    - MINOR: quic: Wrong packet refcount handling in qc_pkt_insert()
    - DOC: fix misspelled keyword "resolve_retries" in resolvers
    - CLEANUP: quic: rename quic_conn instances to qc
    - REORG: quic: move mux function outside of xprt
    - MINOR: quic: add reference to quic_conn in ssl context
    - MINOR: quic: add const qualifier for traces function
    - MINOR: trace: add quic_conn argument definition
    - MINOR: quic: use quic_conn as argument to traces
    - MINOR: quic: add quic_conn instance in traces for qc_new_conn
    - MINOR: quic: Add stream IDs to qcs_push_frame() traces
    - MINOR: quic: unchecked qc_retrieve_conn_from_cid() returned value
    - MINOR: quic: Wrong dropped packet skipping
    - MINOR: quic: Handle the cases of overlapping STREAM frames
    - MINOR: quic: xprt traces fixes
    - MINOR: quic: Drop asap Retry or Version Negotiation packets
    - MINOR: pools: work around possibly slow malloc_trim() during gc
    - DEBUG: ssl: make sure we never change a servername on established connections
    - MINOR: quic: Add traces for RX frames (flow control related)
    - MINOR: quic: Add CONNECTION_CLOSE phrase to trace
    - REORG: quic: remove qc_ prefix on functions which not used it directly
    - BUG/MINOR: quic: upgrade rdlock to wrlock for ODCID removal
    - MINOR: quic: remove unnecessary call to free_quic_conn_cids()
    - MINOR: quic: store ssl_sock_ctx reference into quic_conn
    - MINOR: quic: remove unnecessary if in qc_pkt_may_rm_hp()
    - MINOR: quic: replace usage of ssl_sock_ctx by quic_conn
    - MINOR: quic: delete timer task on quic_close()
    - MEDIUM: quic: implement refcount for quic_conn
    - BUG/MINOR: quic: fix potential null dereference
    - BUG/MINOR: quic: fix potential use of uninit pointer
    - BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch
    - BUG/MEDIUM: peers: properly skip conn_cur from incoming messages
    - CI: Github Actions: do not show VTest failures if build failed
    - BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time
    - MINOR: compat: detect support for dl_iterate_phdr()
    - MINOR: debug: add ability to dump loaded shared libraries
    - MINOR: debug: add support for -dL to dump library names at boot
    - BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server
    - REGTESTS: ssl: fix ssl_default_server.vtc
    - BUG/MINOR: ssl: free the fields in srv->ssl_ctx
    - BUG/MEDIUM: ssl: free the ckch instance linked to a server
    - REGTESTS: ssl: update of a crt with server deletion
    - BUILD/MINOR: cpuset FreeBSD 14 build fix.
    - MINOR: pools: always evict oldest objects first in pool_evict_from_local_cache()
    - DOC: pool: document the purpose of various structures in the code
    - CLEANUP: pools: do not use the extra pointer to link shared elements
    - CLEANUP: pools: get rid of the POOL_LINK macro
    - MINOR: pool: allocate from the shared cache through the local caches
    - CLEANUP: pools: group list updates in pool_get_from_cache()
    - MINOR: pool: rely on pool_free_nocache() in pool_put_to_shared_cache()
    - MINOR: pool: make pool_is_crowded() always true when no shared pools are used
    - MINOR: pool: check for pool's fullness outside of pool_put_to_shared_cache()
    - MINOR: pool: introduce pool_item to represent shared pool items
    - MINOR: pool: add a function to estimate how many may be released at once
    - MEDIUM: pool: compute the number of evictable entries once per pool
    - MINOR: pools: prepare pool_item to support chained clusters
    - MINOR: pools: pass the objects count to pool_put_to_shared_cache()
    - MEDIUM: pools: centralize cache eviction in a common function
    - MEDIUM: pools: start to batch eviction from local caches
    - MEDIUM: pools: release cached objects in batches
    - OPTIM: pools: reduce local pool cache size to 512kB
    - CLEANUP: assorted typo fixes in the code and comments This is 29th iteration of typo fixes
    - CI: github actions: update OpenSSL to 3.0.1
    - BUILD/MINOR: tools: solaris build fix on dladdr.
    - BUG/MINOR: cli: fix _getsocks with musl libc
    - BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry
    - MINOR: quic: Wrong traces after rework
    - MINOR: quic: Add trace about in flight bytes by packet number space
    - MINOR: quic: Wrong first packet number space computation
    - MINOR: quic: Wrong packet number space computation for PTO
    - MINOR: quic: Wrong loss time computation in qc_packet_loss_lookup()
    - MINOR: quic: Wrong ack_delay compution before calling quic_loss_srtt_update()
    - MINOR: quic: Remove nb_pto_dgrams quic_conn struct member
    - MINOR: quic: Wrong packet number space trace in qc_prep_pkts()
    - MINOR: quic: Useless test in qc_prep_pkts()
    - MINOR: quic: qc_prep_pkts() code moving
    - MINOR: quic: Speeding up Handshake Completion
    - MINOR: quic: Probe Initial packet number space more often
    - MINOR: quic: Probe several packet number space upon timer expiration
    - MINOR: quic: Comment fix.
    - MINOR: quic: Improve qc_prep_pkts() flexibility
    - MINOR: quic: Do not drop secret key but drop the CRYPTO data
    - MINOR: quic: Prepare Handshake packets asap after completed handshake
    - MINOR: quic: Flag asap the connection having reached the anti-amplification limit
    - MINOR: quic: PTO timer too often reset
    - MINOR: quic: Re-arm the PTO timer upon datagram receipt
    - MINOR: proxy: add option idle-close-on-response
    - MINOR: cpuset: switch to sched_setaffinity for FreeBSD 14 and above.
    - CI: refactor spelling check
    - CLEANUP: assorted typo fixes in the code and comments
    - BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning
    - MINOR: quic: Only one CRYPTO frame by encryption level
    - MINOR: quic: Missing retransmission from qc_prep_fast_retrans()
    - MINOR: quic: Non-optimal use of a TX buffer
    - BUG/MEDIUM: mworker: don't use _getsocks in wait mode
    - BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error
    - BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data
    - DOC: internals: document the pools architecture and API
    - CI: github actions: clean default step conditions
    - BUILD: cpuset: fix build issue on macos introduced by previous change
    - MINOR: quic: Remaining TRACEs with connection as firt arg
    - MINOR: quic: Reset ->conn quic_conn struct member when calling qc_release()
    - MINOR: quic: Flag the connection as being attached to a listener
    - MINOR: quic: Wrong CRYPTO frame concatenation
    - MINOR: quid: Add traces quic_close() and quic_conn_io_cb()
    - REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2
    - MINOR: quic: Do not dereference ->conn quic_conn struct member
    - MINOR: quic: fix return of quic_dgram_read
    - MINOR: quic: add config parse source file
    - MINOR: quic: implement Retry TLS AEAD tag generation
    - MEDIUM: quic: implement Initial token parsing
    - MINOR: quic: define retry_source_connection_id TP
    - MEDIUM: quic: implement Retry emission
    - MINOR: quic: free xprt tasklet on its thread
    - BUG/MEDIUM: connection: properly leave stopping list on error
    - MINOR: pools: enable pools with DEBUG_FAIL_ALLOC as well
    - MINOR: quic: As server, skip 0-RTT packet number space
    - MINOR: quic: Do not wakeup the I/O handler before the mux is started
    - BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer
    - CI: github actions: use cache for OpenTracing
    - BUG/MINOR: httpclient: don't send an empty body
    - BUG/MINOR: httpclient: set default Accept and User-Agent headers
    - BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers
    - BUILD/MINOR: fix solaris build with clang.
    - BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl
    - CI: refactor OpenTracing build script
    - DOC: management: mark "set server ssl" as deprecated
    - MEDIUM: cli: yield between each pipelined command
    - MINOR: channel: add new function co_getdelim() to support multiple delimiters
    - BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands
    - MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change
    - MINOR: quic: Retransmit the TX frames in the same order
    - MINOR: quic: Remove the packet number space TX MT_LIST
    - MINOR: quic: Splice the frames which could not be added to packets
    - MINOR: quic: Add the number of TX bytes to traces
    - CLEANUP: quic: Replace <nb_pto_dgrams> by <probe>
    - MINOR: quic: Send two ack-eliciting packets when probing packet number spaces
    - MINOR: quic: Probe regardless of the congestion control
    - MINOR: quic: Speeding up handshake completion
    - MINOR: quic: Release RX Initial packets asap
    - MINOR: quic: Release asap TX frames to be transmitted
    - MINOR: quic: Probe even if coalescing
    - BUG/MEDIUM: cli: Never wait for more data on client shutdown
    - BUG/MEDIUM: mcli: do not try to parse empty buffers
    - BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them
    - BUG/MINOR: stream: make the call_rate only count the no-progress calls
    - MINOR: quic: do not use quic_conn after dropping it
    - MINOR: quic: adjust quic_conn refcount decrement
    - MINOR: quic: fix race-condition on xprt tasklet free
    - MINOR: quic: free SSL context on quic_conn free
    - MINOR: quic: Add QUIC_FT_RETIRE_CONNECTION_ID parsing case
    - MINOR: quic: Wrong packet number space selection
    - DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY
    - MINOR: quic: add missing include in quic_sock
    - MINOR: quic: fix indentation in qc_send_ppkts
    - MINOR: quic: remove dereferencement of connection when possible
    - MINOR: quic: set listener accept cb on parsing
    - MEDIUM: quic/ssl: add new ex data for quic_conn
    - MINOR: quic: initialize ssl_sock_ctx alongside the quic_conn
    - MINOR: ssl: fix build in release mode
    - MINOR: pools: partially uninline pool_free()
    - MINOR: pools: partially uninline pool_alloc()
    - MINOR: pools: prepare POOL_EXTRA to be split into multiple extra fields
    - MINOR: pools: extend pool_cache API to pass a pointer to a caller
    - DEBUG: pools: add new build option DEBUG_POOL_TRACING
    - DEBUG: cli: add a new "debug dev fd" expert command
    - MINOR: fd: register the write side of the poller pipe as well
    - CI: github actions: use cache for SSL libs
    - BUILD: debug/cli: condition test of O_ASYNC to its existence
    - BUILD: pools: fix build error on DEBUG_POOL_TRACING
    - MINOR: quic: refactor header protection removal
    - MINOR: quic: handle app data according to mux/connection layer status
    - MINOR: quic: refactor app-ops initialization
    - MINOR: receiver: define a flag for local accept
    - MEDIUM: quic: flag listener for local accept
    - MINOR: quic: do not manage connection in xprt snd_buf
    - MINOR: quic: remove wait handshake/L6 flags on init connection
    - MINOR: listener: add flags field
    - MINOR: quic: define QUIC flag on listener
    - MINOR: quic: create accept queue for QUIC connections
    - MINOR: listener: define per-thr struct
    - MAJOR: quic: implement accept queue
    - CLEANUP: mworker: simplify mworker_free_child()
    - BUILD/DEBUG: lru: update the standalone code to support the revision
    - DEBUG: lru: use a xorshift generator in the testing code
    - BUG/MAJOR: compiler: relax alignment constraints on certain structures
    - BUG/MEDIUM: fd: always align fdtab[] to 64 bytes
    - MINOR: quic: No DCID length for datagram context
    - MINOR: quic: Comment fix about the token found in Initial packets
    - MINOR: quic: Get rid of a struct buffer in quic_lstnr_dgram_read()
    - MINOR: quic: Remove the QUIC haproxy server packet parser
    - MINOR: quic: Add new defintion about DCIDs offsets
    - MINOR: quic: Add a list to QUIC sock I/O handler RX buffer
    - MINOR: quic: Allocate QUIC datagrams from sock I/O handler
    - MINOR: proto_quic: Allocate datagram handlers
    - MINOR: quic: Pass CID as a buffer to quic_get_cid_tid()
    - MINOR: quic: Convert quic_dgram_read() into a task
    - CLEANUP: quic: Remove useless definition
    - MINOR: proto_quic: Wrong allocations for TX rings and RX bufs
    - MINOR: quic: Do not consume the RX buffer on QUIC sock i/o handler side
    - MINOR: quic: Do not reset a full RX buffer
    - MINOR: quic: Attach all the CIDs to the same connection
    - MINOR: quic: Make usage of by datagram handler trees
    - MEDIUM: da: new optional data file download scheduler service.
    - MEDIUM: da: update doc and build for new scheduler mode service.
    - MEDIUM: da: update module to handle schedule mode.
    - MINOR: quic: Drop Initial packets with wrong ODCID
    - MINOR: quic: Wrong RX buffer tail handling when no more contiguous data
    - MINOR: quic: Iterate over all received datagrams
    - MINOR: quic: refactor quic CID association with threads
    - BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names
    - DEV: flags: Add missing flags
    - BUG/MINOR: sink: Use the right field in appctx context in release callback
    - MINOR: sock: move the unused socket cleaning code into its own function
    - BUG/MEDIUM: mworker: close unused transferred FDs on load failure
    - BUILD: atomic: make the old HA_ATOMIC_LOAD() support const pointers
    - BUILD: cpuset: do not use const on the source of CPU_AND/CPU_ASSIGN
    - BUILD: checks: fix inlining issue on set_srv_agent_[addr,port}
    - BUILD: vars: avoid overlapping field initialization
    - BUILD: server-state: avoid using not-so-portable isblank()
    - BUILD: mux_fcgi: avoid aliasing of a const struct in traces
    - BUILD: tree-wide: mark a few numeric constants as explicitly long long
    - BUILD: tools: fix warning about incorrect cast with dladdr1()
    - BUILD: task: use list_to_mt_list() instead of casting list to mt_list
    - BUILD: mworker: include tools.h for platforms without unsetenv()
    - BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload
    - MINOR: mworker: set the master side of ipc_fd in the worker to -1
    - MINOR: mworker: allocate and initialize a mworker_proc
    - CI: Consistently use actions/checkout@v2
    - REGTESTS: Remove REQUIRE_VERSION=1.8 from all tests
    - MINOR: mworker: sets used or closed worker FDs to -1
    - MINOR: quic: Try to accept 0-RTT connections
    - MINOR: quic: Do not try to treat 0-RTT packets without started mux
    - MINOR: quic: Do not try to accept a connection more than one time
    - MINOR: quic: Initialize the connection timer asap
    - MINOR: quic: Do not use connection struct xprt_ctx too soon
    - Revert "MINOR: mworker: sets used or closed worker FDs to -1"
    - BUILD: makefile: avoid testing all -Wno-* options when not needed
    - BUILD: makefile: validate support for extra warnings by batches
    - BUILD: makefile: only compute alternative options if required
    - DEBUG: fd: make sure we never try to insert/delete an impossible FD number
    - MINOR: mux-quic: add comment
    - MINOR: mux-quic: properly initialize qcc flags
    - MINOR: mux-quic: do not consider CONNECTION_CLOSE for the moment
    - MINOR: mux-quic: create a timeout task
    - MEDIUM: mux-quic: delay the closing with the timeout
    - MINOR: mux-quic: release idle conns on process stopping
    - MINOR: listener: replace the listener's spinlock with an rwlock
    - BUG/MEDIUM: listener: read-lock the listener during accept()
    - MINOR: mworker/cli: set expert/experimental mode from the CLI
2022-02-01 18:06:59 +01:00