Commit Graph

1158 Commits

Author SHA1 Message Date
Michael Prokop
4438c6061d DOC: fix typos
s/accidently/accidentally/
s/any ot these messages/any of theses messages/
s/catched/caught/
s/completly/completely/
s/convertor/converter/
s/desribing/describing/
s/developper/developer/
s/eventhough/even though/
s/exectution/execution/
s/functionnality/functionality/
s/If it receive a/If it receives a/
s/In can even/It can even/
s/informations/information/
s/it will be remove /it will be removed /
s/langage/language/
s/mentionned/mentioned/
s/negociated/negotiated/
s/Optionnaly/Optionally/
s/ouputs/outputs/
s/outweights/outweighs/
s/ressources/resources/
2019-05-25 07:34:24 +02:00
Willy Tarreau
567406949b [RELEASE] Released version 2.0-dev4
Released version 2.0-dev4 with the following main changes :
    - BUILD: enable freebsd builds on cirrus-ci
    - BUG/MINOR: http_fetch: Rely on the smp direction for "cookie()" and "hdr()"
    - MEDIUM: Make 'option forceclose' actually warn
    - MEDIUM: Make 'resolution_pool_size' directive fatal
    - DOC: management: place "show activity" at the right place
    - MINOR: cli/activity: show the dumping thread ID starting at 1
    - MINOR: task: export global_task_mask
    - MINOR: cli/debug: add a thread dump function
    - BUG/MEDIUM: streams: Don't use CF_EOI to decide if the request is complete.
    - BUG/MEDIUM: streams: Try to L7 retry before aborting the connection.
    - BUG/MINOR: debug: make ha_task_dump() always check the task before dumping it
    - BUG/MINOR: debug: make ha_task_dump() actually dump the requested task
    - MINOR: debug: make ha_thread_dump() and ha_task_dump() take a buffer
    - BUG/MINOR: debug: don't check the call date on tasklets
    - MINOR: thread: implement ha_thread_relax()
    - MINOR: task: put barriers after each write to curr_task
    - MINOR: task: always reset curr_task when freeing a task or tasklet
    - MINOR: stream: detach the stream from its own task on stream_free()
    - MEDIUM: debug/threads: implement an advanced thread dump system
    - REGTEST: extend the check duration on tls_health_checks and mark it slow
    - DOC: fix "successful" typo
    - MINOR: init: setenv HAPROXY_CFGFILES
    - MINOR: threads/init: synchronize the threads startup
    - MEDIUM: init/mworker: make the pipe register function a regular initcall
    - CLEANUP: memory: make the fault injection code use the OTHER_LOCK label
    - CLEANUP: threads: remove the now unused START_LOCK label
    - MINOR: init/threads: make the global threads an array of structs
    - MINOR: threads: add each thread's clockid into the global thread_info
    - CLEANUP: stream: remove an obsolete debugging test
    - MINOR: tools: add dump_hex()
    - MINOR: debug: implement ha_panic()
    - MINOR: debug/cli: add some debugging commands for developers
    - MINOR: tools: provide a may_access() function and make dump_hex() use it
    - MINOR: debug: make ha_panic() report threads starting at 1
    - REORG: compat: move some integer limit definitions from standard.h to compat.h
    - REORG: threads: move the struct thread_info from global.h to hathreads.h
    - MINOR: compat: make sure to always define clockid_t
    - MINOR: threads: always place the clockid in the struct thread_info
    - MINOR: threads: add a thread-local thread_info pointer "ti"
    - MINOR: time: move the cpu, mono, and idle time to thread_info
    - MINOR: time: add a function to retrieve another thread's cputime
    - MINOR: debug: report each thread's cpu usage in "show thread"
    - BUILD: threads: only assign the clock_id when supported
    - BUILD: makefile: use USE_OBSOLETE_LINKER for solaris
    - BUILD: makefile: remove -fomit-frame-pointer optimisation (solaris)
    - MAJOR: polling: add event ports support (Solaris)
    - BUG/MEDIUM: streams: Don't switch from SI_ST_CON to SI_ST_DIS on read0.
    - CLEANUP: time: refine the test on _POSIX_TIMERS
    - MINOR: compat: define a new empty type empty_t for non-implemented fields
    - CLEANUP: time: switch clockid_t to empty_t when not available
    - BUG/MINOR: mworker: Fix memory leak of mworker_proc members
    - CLEANUP: objtype: make obj_type() and obj_type_name() take consts
    - MINOR: debug: switch to SIGURG for thread dumps
    - CLEANUP: threads: really move thread_info to hathreads.c
    - MINOR: threads: make threads_{harmless|want_rdv}_mask constant 0 without threads
    - CLEANUP: debug: always report harmless/want_rdv even without threads
    - MINOR: threads: implement ha_tkill() and ha_tkillall()
    - CLEANUP: debug: make use of ha_tkill() and remove ifdefs
    - MINOR: stream: introduce a stream_dump() function and use it in stream_dump_and_crash()
    - MINOR: debug: dump streams when an applet, iocb or stream is known
    - MINOR: threads: add a "stuck" flag to the thread_info struct
    - MINOR: threads: add a timer_t per thread in thread_info
    - MAJOR: watchdog: implement a thread lockup detection mechanism
    - MINOR: stream: remove the cpu time detection from process_stream()
    - MINOR: connection: report the mux names in "haproxy -vv"
    - CLEANUP: mux-h1: use "H1" and not "h1" as the mux's name
    - BUG/MEDIUM: WURFL: segfault in wurfl-get() with missing info.
    - MINOR: WURFL: call header_retireve_callback() in dummy library
    - MINOR: WURFL: fixed Engine load failed error when wurfl-information-list contains wurfl_root_id
    - MINOR: WURFL: shows log messages during module initialization
    - MINOR: WURFL: removes heading wurfl-information-separator from wurfl-get-all() and wurfl-get() results
    - MINOR: WURFL: wurfl_get() and wurfl_get_all() now return an empty string if device detection fails
    - MEDIUM: WURFL: HTX awareness.
    - MINOR: WURFL: module version bump to 2.0
    - MINOR: WURFL: do not emit warnings when not configured
    - CONTRIB: wurfl: address 3 build issues in the wurfl dummy library
    - BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks
    - BUILD: travis: add sanitizers to travis-ci builds
    - BUILD: time: remove the test on _POSIX_C_SOURCE
    - CLEANUP: build: rename some build macros to use the USE_* ones
    - CLEANUP: raw_sock: remove support for very old linux splice bug workaround
    - BUG/MEDIUM: dns: make the port numbers unsigned
    - MEDIUM: config: deprecate the antique req* and rsp* commands
2019-05-22 20:48:33 +02:00
Willy Tarreau
96d5195862 MEDIUM: config: deprecate the antique req* and rsp* commands
These commands don't follow the same flow as the rest of the commands,
each of them iterates over all header lines before switching to the
next directive. In addition they make no distinction between start
line and headers and can lead to unparsable rewrites which are very
difficult to deal with internally.

Most of them are still occasionally found in configurations, mainly
because of the usual "we've always done this way". By marking them
deprecated and emitting a warning and recommendation on first use of
each of them, we will raise users' awareness of users regarding the
cleaner, faster and more reliable alternatives.

Some use cases of "reqrep" still appear from time to time for URL
rewriting that is not so convenient with other rules. But at least
users facing this requirement will explain their use case so that we
can best serve them. Some discussion started on this subject in a
thread linked to from github issue #100.

The goal is to remove them in 2.1 since they require to reparse the
result before indexing it and we don't want this hack to live long.
The following directives were marked deprecated :

  -reqadd
  -reqallow
  -reqdel
  -reqdeny
  -reqiallow
  -reqidel
  -reqideny
  -reqipass
  -reqirep
  -reqitarpit
  -reqpass
  -reqrep
  -reqtarpit
  -rspadd
  -rspdel
  -rspdeny
  -rspidel
  -rspideny
  -rspirep
  -rsprep
2019-05-22 20:43:45 +02:00
Emmanuel Hocdet
0ba4f483d2 MAJOR: polling: add event ports support (Solaris)
Event ports are kqueue/epoll polling class for Solaris. Code is based
on https://github.com/joyent/haproxy-1.8/tree/joyent/dev-v1.8.8.
Event ports are available only on SunOS systems derived from
Solaris 10 and later (including illumos systems).
2019-05-21 15:16:45 +02:00
Tim Duesterhus
3506dae342 MEDIUM: Make 'resolution_pool_size' directive fatal
This directive never appeared in a stable release and instead was
introduced and deprecated within 1.8-dev. While it technically could
be outright removed we detect it and error out for good measure.
2019-05-16 18:02:03 +02:00
Tim Duesterhus
10c6c16cde MEDIUM: Make 'option forceclose' actually warn
It is deprecated since 315b39c391 (1.9-dev),
but only was deprecated in the docs.

Make it warn when being used and remove it from the docs.
2019-05-16 18:02:03 +02:00
Willy Tarreau
a257a9b015 [RELEASE] Released version 2.0-dev3
Released version 2.0-dev3 with the following main changes :
    - BUG/MINOR: peers: Really close the sessions with no heartbeat.
    - CLEANUP: peers: remove useless annoying tabulations.
    - CLEANUP: peers: replace timeout constants by macros.
    - REGTEST: Enable again reg tests with HEAD HTTP method usage.
    - DOC: The option httplog is no longer valid in a backend.
    - DOC: peers: Peers protocol documentation update.
    - REGTEST: remove unexpected "nbthread" statement from Lua test cases
    - BUILD: Makefile: remove 11-years old workarounds for deprecated options
    - BUILD: remove 10-years old error message for obsolete option USE_TCPSPLICE
    - BUILD: Makefile: remove outdated support for dlmalloc
    - BUILD: Makefile: consider a variable's origin and not its value for the options list
    - BUILD: Makefile: also report disabled options in the BUILD_OPTIONS variable
    - BUILD: Makefile: shorten default settings declaration
    - BUILD: Makefile: clean up the target declarations
    - BUILD: report the whole feature set with their status in haproxy -vv
    - BUILD: pass all "USE_*" variables as -DUSE_* to the compiler
    - REGTEST: script: make the script use the new features list
    - REGTEST: script: remove platform-specific assigments of OPTIONS
    - BUG/MINOR: peers: Missing initializations after peer session shutdown.
    - BUG/MINOR: contrib/prometheus-exporter: Fix applet accordingly to recent changes
    - BUILD/MINOR: listener: Silent a few signedness warnings.
    - BUG/MINOR: mux-h1: Only skip invalid C-L headers on output
    - BUG/MEDIUM: mworker: don't free the wrong child when not found
    - BUG/MEDIUM: checks: Don't bother subscribing if we have a connection error.
    - BUG/MAJOR: checks: segfault during tcpcheck_main
    - BUILD: makefile: work around an old bug in GNU make-3.80
    - BUILD: makefile: work around another bug in make 3.80
    - BUILD: http: properly mark some struct as extern
    - BUILD: chunk: properly declare pool_head_trash as extern
    - BUILD: cache: avoid a build warning with some compilers/linkers
    - MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf()
    - MINOR: tools: add an unsetenv() implementation
    - BUILD: re-implement an initcall variant without using executable sections
    - BUILD: use inttypes.h instead of stdint.h
    - BUILD: connection: fix naming of ip_v field
    - BUILD: makefile: fix build of IPv6 header on aix51
    - BUILD: makefile: add _LINUX_SOURCE_COMPAT to build on AIX-51
    - BUILD: define unsetenv on AIX 5.1
    - BUILD: Makefile: disable shared cache on AIX 5.1
    - MINOR: ssl: Add aes_gcm_dec converter
    - REORG: mworker: move serializing functions to mworker.c
    - REORG: mworker: move signals functions to mworker.c
    - REORG: mworker: move IPC functions to mworker.c
    - REORG: mworker: move signal handlers and related functions
    - REORG: mworker: move mworker_cleanlisteners to mworker.c
    - MINOR: mworker: calloc mworker_proc structures
    - MINOR: mworker: don't use children variable anymore
    - MINOR: cli: export cli_parse_default() definition in cli.h
    - REORG: mworker/cli: move CLI functions to mworker.c
    - MEDIUM: mworker-prog: implement program for master-worker
    - MINOR: mworker/cli: show programs in 'show proc'
    - BUG/MINOR: cli: correctly handle abns in 'show cli sockets'
    - MINOR: cli: start addresses by a prefix in 'show cli sockets'
    - MINOR: cli: export HAPROXY_CLI environment variable
    - BUG/MINOR: htx: Preserve empty HTX messages with an unprocessed parsing error
    - BUG/MINOR: proto_htx: Reset to_forward value when a message is set to DONE
    - REGTEST: http-capture/h00000: Relax a regex matching the log message
    - REGTEST: http-messaging/h00000: Fix the test when the HTX is enabled
    - REGTEST: http-rules/h00003: Use a different client for requests expecting a 301
    - REGTEST: log/b00000: Be sure the client always hits its timeout
    - REGTEST: lua/b00003: Relax the regex matching the log message
    - REGTEST: lua/b00003: Specify the HAProxy pid when the command ss is executed
    - BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on release.
    - BUG/MEDIUM: h2: Don't attempt to recv from h2_process_demux if we subscribed.
    - BUG/MEDIUM: htx: fix random premature abort of data transfers
    - BUG/MEDIUM: streams: Don't remove the SI_FL_ERR flag in si_update_both().
    - BUG/MEDIUM: streams: Store prev_state before calling si_update_both().
    - BUG/MEDIUM: stream: Don't clear the stream_interface flags in si_update_both.
    - MINOR: initcall: Don't forget to define the __start/stop_init_##stg symbols.
    - MINOR: threads: Implement thread_cpus_enabled() for FreeBSD.
    - BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity
    - MINOR: skip get_gmtime where tm is unused
    - MINOR: ssl: Activate aes_gcm_dec converter for BoringSSL
    - BUG/MEDIUM: streams: Only re-run process_stream if we're in a connected state.
    - BUG/MEDIUM: stream_interface: Don't bother doing chk_rcv/snd if not connected.
    - BUG/MEDIUM: task/threads: address a fairness issue between local and global tasks
    - BUG/MINOR: tasks: make sure the first task to be queued keeps its nice value
    - BUG/MINOR: listener: renice the accept ring processing task
    - MINOR: cli/listener: report the number of accepts on "show activity"
    - MINOR: cli/activity: report the accept queue sizes in "show activity"
    - BUG/MEDIUM: spoe: Queue message only if no SPOE applet is attached to the stream
    - BUG/MEDIUM: spoe: Return an error if nothing is encoded for fragmented messages
    - BUG/MINOR: spoe: Be sure to set tv_request when each message fragment is encoded
    - BUG/MEDIUM: htx: Defrag if blocks position is changed and the payloads wrap
    - BUG/MEDIUM: htx: Don't crush blocks payload when append is done on a data block
    - MEDIUM: htx: Deprecate the option 'http-tunnel' and ignore it in HTX
    - MINOR: proto_htx: Don't adjust transaction mode anymore in HTX analyzers
    - BUG/MEDIUM: htx: Fix the process of HTTP CONNECT with h2 connections
    - MINOR: mux-h1: Simplify handling of 1xx responses
    - MINOR: stats/htx: Don't add "Connection: close" header anymore in stats responses
    - MEDIUM: h1: Add an option to sanitize connection headers during parsing
    - MEDIUM: mux-h1: Simplify the connection mode management by sanitizing headers
    - MINOR: mux-h1: Don't release the conn_stream anymore when h1s is destroyed
    - BUG/MINOR: mux-h1: Handle the flag CS_FL_KILL_CONN during a shutdown read/write
    - MINOR: mux-h2: Add a mux_ops dedicated to the HTX mode
    - MINOR: muxes: Add a flag to specify a multiplexer uses the HTX
    - MINOR: stream: Set a flag when the stream uses the HTX
    - MINOR: http: update the macro IS_HTX_STRM() to check the stream flag SF_HTX
    - MINOR: http_fetch/htx: Use stream flags instead of px mode in smp_prefetch_htx
    - MINOR: filters/htx: Use stream flags instead of px mode to instanciate a filter
    - MINOR: muxes: Rely on conn_is_back() during init to handle front/back conn
    - MEDIUM: muxes: Add an optional input buffer during mux initialization
    - MINOR: muxes: Pass the context of the mux to destroy() instead of the connection
    - MEDIUM: muxes: Be prepared to don't own connection during the release
    - MEDIUM: connection: Add conn_upgrade_mux_fe() to handle mux upgrades
    - MEDIUM: htx: Allow the option http-use-htx to be used on TCP proxies too
    - MAJOR: proxy/htx: Handle mux upgrades from TCP to HTTP in HTX mode
    - MAJOR: muxes/htx: Handle inplicit upgrades from h1 to h2
    - MAJOR: htx: Enable the HTX mode by default for all proxies
    - REGTEST: Use HTX by default and add '--no-htx' option to disable it
    - BUG/MEDIUM: muxes: Don't dereference mux context if null in release functions
    - CLEANUP: task: do not export rq_next anymore
    - MEDIUM: tasks: improve fairness between the local and global queues
    - MEDIUM: tasks: only base the nice offset on the run queue depth
    - MINOR: tasks: restore the lower latency scheduling when niced tasks are present
    - BUG/MEDIUM: map: Fix memory leak in the map converter
    - BUG/MINOR: ssl: Fix 48 byte TLS ticket key rotation
    - BUILD: task/thread: fix single-threaded build of task.c
    - BUILD: cli/threads: fix build in single-threaded mode
    - BUG/MEDIUM: muxes: Make sure we unsubcribed when destroying mux ctx.
    - BUG/MEDIUM: h2: Make sure we're not already in the send_list in h2_subscribe().
    - BUG/MEDIUM: h2: Revamp the way send subscriptions works.
    - MINOR: connections: Remove the SUB_CALL_UNSUBSCRIBE flag.
    - BUG/MEDIUM: Threads: Only use the gcc >= 4.7 builtins when using gcc >= 4.7.
    - BUILD: address a few cases of "static <type> inline foo()"
    - BUILD: do not specify "const" on functions returning structs or scalars
    - BUILD: htx: fix a used uninitialized warning on is_cookie2
    - MINOR: peers: Add a new command to the CLI for peers.
    - DOC: update for "show peers" CLI command.
    - BUG/MAJOR: lb/threads: fix insufficient locking on round-robin LB
    - MEDIUM: mworker: store the leaving state of a process
    - MEDIUM: mworker-prog: implements 'option start-on-reload'
    - CLEANUP: mworker: remove the type field in mworker_proc
    - MEDIUM: mworker/cli: export the HAPROXY_MASTER_CLI variable
    - MINOR: cli: don't add a semicolon at the end of HAPROXY_CLI
    - MINOR: mworker: export HAPROXY_MWORKER=1 when running in mworker mode
    - MINOR: init: add a "set-dumpable" global directive to enable core dumps
    - BUG/MINOR: listener/mq: correctly scan all bound threads under low load
    - BUG/MINOR: mworker: mworker_kill should apply on every children
    - BUG/MINOR: mworker: don't exit with an ambiguous value
    - BUG/MINOR: mworker: ensure that we still quits with SIGINT
    - REGTESTS: exclude tests that require ssl, pcre if no such feature is enabled
    - BUG/MINOR: mux-h1: Process input even if the input buffer is empty
    - BUG/MINOR: mux-h1: Don't switch the parser in busy mode if other side has done
    - BUG/MEDIUM: mux-h1: Notify the stream waiting for TCP splicing if ibuf is empty
    - BUG/MEDIUM: mux-h1: Enable TCP splicing to exchange data only
    - MINOR: mux-h1: Handle read0 during TCP splicing
    - BUG/MEDIUM: htx: Don't return the start-line if the HTX message is empty
    - BUG/MAJOR: http_fetch: Get the channel depending on the keyword used
    - BUG/MINOR: http_fetch/htx: Allow permissive sample prefetch for the HTX
    - BUG/MINOR: http_fetch/htx: Use HTX versions if the proxy enables the HTX mode
    - BUG/MEDIUM: tasks: Make sure we set TASK_QUEUED before adding a task to the rq.
    - BUG/MEDIUM: tasks: Make sure we modify global_tasks_mask with the rq_lock.
    - MINOR: tasks: Don't consider we can wake task with tasklet_wakeup().
    - MEDIUM: tasks: No longer use rq.node.leaf_p as a lock.
    - MINOR: tasks: Don't set the TASK_RUNNING flag when adding in the tasklet list.
    - BUG/MEDIUM: applets: Don't use task_in_rq().
    - BUG/MAJOR: task: make sure never to delete a queued task
    - MINOR: task/thread: factor out a wake-up condition
    - CLEANUP: task: remain consistent when using the task's handler
    - MEDIUM: tasks: Merge task_delete() and task_free() into task_destroy().
    - MEDIUM: tasks: Don't account a destroyed task as a runned task.
    - BUG/MINOR: contrib/prometheus-exporter: Fix a typo in the run-queue metric type
    - MINOR: contrib/prometheus-exporter: Remove usless rate metrics
    - MINOR: contrib/prometheus-exporter: Rename some metrics to be more usable
    - MINOR: contrib/prometheus-exporter: Follow best practices about metrics type
    - BUG/MINOR: mworker: disable busy polling in the master process
    - MEDIUM: tasks: Use __ha_barrier_store after modifying global_tasks_mask.
    - MEDIUM: ssl: Give ssl_sock its own context.
    - MEDIUM: connections: Move some fields from struct connection to ssl_sock_ctx.
    - MEDIUM: ssl: provide its own subscribe/unsubscribe function.
    - MEDIUM: connections: Provide a xprt_ctx for each xprt method.
    - MEDIUM: ssl: provide our own BIO.
    - BUILD/medium: ssl: Fix build with OpenSSL < 1.1.0
    - MINOR: peers: adds counters on show peers about tasks calls.
    - MEDIUM: enable travis-ci builds
    - MINOR: fd: Add a counter of used fds.
    - MEDIUM: connections: Add a way to control the number of idling connections.
    - BUG/MEDIUM: maps: only try to parse the default value when it's present
    - BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR
    - REGTEST: Missing REQUIRE_VERSION declarations.
    - MINOR: proto_tcp: tcp-request content: enable set-dst and set-dst-var
    - BUG/MEDIUM: h1: Don't parse chunks CRLF if not enough data are available
    - BUG/MEDIUM: thread/http: Add missing locks in set-map and add-acl HTTP rules
    - BUG/MEDIUM: stream: Don't request a server connection if a shutw was scheduled
    - BUG/MINOR: 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
    - BUG/MINOR: da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
    - MINOR: gcc: Fix a silly gcc warning in connect_server()
    - MINOR: ssl/cli: async fd io-handlers printable on show fd
    - Revert "CLEANUP: wurfl: remove dead, broken and unmaintained code"
    - BUILD: add USE_WURFL to the list of known build options
    - MINOR: wurfl: indicate in haproxy -vv the wurfl version in use
    - BUILD: wurfl: build fix for 1.9/2.0 code base
    - CLEANUP: wurfl: removed deprecated methods
    - DOC: wurfl: added point of contact in MAINTAINERS file
    - MINOR: wurfl: enabled multithreading mode
    - MINOR: contrib: dummy wurfl library
    - MINOR: dns: dns_requester structures are now in a memory pool
    - MINOR: dns: move callback affection in dns_link_resolution()
    - MINOR: obj_type: new object type for struct stream
    - MINOR: action: new '(http-request|tcp-request content) do-resolve' action
    - MINOR: log: Extract some code to send syslog messages.
    - REGTEST: replace LEVEL option by a more human readable one.
    - REGTEST: rename the reg test files.
    - REGTEST: adapt some reg tests after renaming.
    - REGTEST: make the "run-regtests" script search for tests in reg-tests by default
    - BUG/MAJOR: stream: Missing DNS context initializations.
    - BUG/MEDIUM: stream: Fix the way early aborts on the client side are handled
    - BUG/MINOR: spoe: Don't systematically wakeup SPOE stream in the applet handler
    - BUG/MEDIUM: ssl: Return -1 on recv/send if we got EAGAIN.
    - BUG/MAJOR: lb/threads: fix AB/BA locking issue in round-robin LB
    - BUG/MAJOR: muxes: Use the HTX mode to find the best mux for HTTP proxies only
    - BUG/MINOR: htx: Exclude TCP proxies when the HTX mode is handled during startup
    - CLEANUP: task: report calls as unsigned in show sess
    - MINOR: tasks/activity: report the context switch and task wakeup rates
    - MINOR: stream: measure and report a stream's call rate in "show sess"
    - MINOR: applet: measure and report an appctx's call rate in "show sess"
    - BUILD: extend Travis CI config to support more platforms
    - REGTEST: exclude osx and generic targets for 40be_2srv_odd_health_checks
    - REGTEST: relax the IPv6 address format checks in converters_ipmask_concat_strcmp_field_word
    - REGTEST: exclude OSX and generic targets from abns_socket.vtc
    - BUILD: travis: remove the "allow_failures" entry
    - BUG/MINOR: activity: always initialize the profiling variable
    - MINOR: activity: make the profiling status per thread and not global
    - MINOR: activity: enable automatic profiling turn on/off
    - CLEANUP: standard: use proper const to addr_to_str() and port_to_str()
    - BUG/MINOR: proto_http: properly reset the stream's call rate on keep-alive
    - MINOR: connection: make the debugging helper functions safer
    - MINOR: stream/debug: make a stream dump and crash function
    - MEDIUM: appctx/debug: force a crash if an appctx spins over itself forever
    - MEDIUM: stream/debug: force a crash if a stream spins over itself forever
    - MEDIUM: streams: measure processing time and abort when detecting bugs
    - BUILD/MEDIUM: contrib: Dummy DeviceAtlas API.
    - MEDIUM: da: HTX mode support.
    - BUG/MEDIUM: mux-h2: properly deal with too large headers frames
    - BUG/MINOR: http: Call stream_inc_be_http_req_ctr() only one time per request
    - BUG/MEDIUM: spoe: arg len encoded in previous frag frame but len changed
    - MINOR: spoe: Use the sample context to pass frag_ctx info during encoding
    - DOC: contrib/modsecurity: Typos and fix the reject example
    - BUG/MEDIUM: contrib/modsecurity: If host header is NULL, don't try to strdup it
    - MINOR: log: Add "sample" new keyword to "log" lines.
    - MINOR: log: Enable the log sampling and load-balancing feature.
    - DOC: log: Document the sampling and load-balancing logging feature.
    - REGTEST: Add a new reg test for log load-balancing feature.
    - BUG/MAJOR: map/acl: real fix segfault during show map/acl on CLI
    - REGTEST: Make this reg test be Linux specific.
    - CLEANUP: task: move the task_per_thread definition to task.h
    - MINOR: activity: report context switch counts instead of rates
    - MINOR: threads: Implement HA_ATOMIC_LOAD().
    - BUG/MEDIUM: port_range: Make the ring buffer lock-free.
    - BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled
    - MINOR: config: Test validity of tune.maxaccept during the config parsing
    - CLEANUP: config: Don't alter listener->maxaccept when nbproc is set to 1
    - BUG/MEDIUM: servers: fix typo "src" instead of "srv"
    - BUG/MEDIUM: ssl: Don't pretend we can retry a recv/send if we got a shutr/w.
    - BUG/MINOR: haproxy: fix rule->file memory leak
    - BUG/MINOR: log: properly free memory on logformat parse error and deinit()
    - BUG/MINOR: checks: free memory allocated for tasklets
    - BUG/MEDIUM: pattern: fix memory leak in regex pattern functions
    - BUG/MEDIUM: channels: Don't forget to reset output in channel_erase().
    - BUG/MEDIUM: connections: Make sure we remove CO_FL_SESS_IDLE on disown.
    - MINOR: threads: flatten the per-thread cpu-map
    - MINOR: init/threads: remove the useless tids[] array
    - MINOR: init/threads: make the threads array global
    - BUG/MEDIUM: ssl: Use the early_data API the right way.
    - BUG/MEDIUM: streams: Don't add CF_WRITE_ERROR if early data were rejected.
    - MEDIUM: streams: Add the ability to retry a request on L7 failure.
    - MEDIUM: streams: Add a way to replay failed 0rtt requests.
    - MEDIUM: streams: Add a new keyword for retry-on, "junk-response"
    - BUG/MINOR: stream: also increment the retry stats counter on L7 retries
    - BUG/MEDIUM: checks: make sure the warmup task takes the server lock
    - BUG/MINOR: logs/threads: properly split the log area upon startup
    - BUILD: extend travis-ci matrix
    - CLEANUP: Remove appsession documentation
    - DOC: Fix typo in keyword matrix
    - BUILD: remove "build_libressl" duplicate declaration
    - BUILD: travis-ci: get back to osx without openssl support
    - BUILD: enable several LibreSSL hacks, including
    - BUILD: temporarily mark LibreSSL builds as allowed to fail
    - BUILD: travis: TMPDIR replacement.
    - BUG/MEDIUM: ssl: Don't attempt to use early data with libressl.
    - MINOR: doc: Document allow-0rtt on the server line.
    - MINOR: doc: Document the interaction of allow-0rtt and retry-on 0rtt-rejected.
    - MEDIUM: proto: Change the prototype of the connect() method.
    - MEDIUM: tcp: add the "tfo" option to support TCP fastopen on the server
    - MINOR: config: Extract the code of "stick-table" line parsing.
    - BUILD/MINOR: stick-table: Compilation fix.
    - MEDIUM: stick-table: Stop handling stick-tables as proxies.
    - MINOR: stick-tables: Add peers process binding computing.
    - MINOR: stick-table: Add prefixes to stick-table names.
    - MINOR: peers: Do not emit global stick-table names.
    - DOC: Update for "table" lines in "peers" section.
    - REGTEST: Add reg tests for "table" lines in "peers" sections.
    - MEDIUM: regex: modify regex_comp() to atomically allocate/free the my_regex struct
    - REGTEST: make the tls_health_checks test much faster
    - REGTEST: make the "table in peers" test require v2.0
    - BUG/MINOR: mux-h2: rely on trailers output not input to turn them to empty data
    - BUG/MEDIUM: h2/htx: always fail on too large trailers
    - MEDIUM: mux-h2: discard contents that are to be sent after a shutdown
    - BUG/MEDIUM: mux-h2/htx: never wait for EOM when processing trailers
    - BUG/MEDIUM: h2/htx: never leave a trailers block alone with no EOM block
    - REGTEST: Flag some slow reg tests.
    - REGTEST: Reg tests file renaming.
    - REGTEST: Wrong renaming for one reg test.
    - REGTEST: Wrong assumption in IP:port logging test.
    - BUG/MINOR: mworker/ssl: close OpenSSL FDs on reload
    - MINOR: systemd: Use the variables from /etc/default/haproxy
    - MINOR: systemd: Make use of master socket in systemd unit
    - MINOR: systemd: support /etc/sysconfig/ for redhat based distrib
    - BUG/MEDIUM: stick-table: fix regression caused by a change in proxy struct
    - BUG/MEDIUM: tasks: fix possible segfault on task_destroy()
    - CLEANUP: task: remove unneeded tests before task_destroy()
    - MINOR: mworker: support a configurable maximum number of reloads
    - BUG/MINOR: mux-h2: fix the condition to close a cs-less h2s on the backend
    - BUG/MEDIUM: spoe: Be sure the sample is found before setting its context
    - BUG/MINOR: mux-h1: Fix the parsing of trailers
    - BUG/MINOR: htx: Never transfer more than expected in htx_xfer_blks()
    - MINOR: htx: Split on DATA blocks only when blocks are moved to an HTX message
    - MINOR: htx: Don't try to append a trailer block with the previous one
    - MINOR: htx: Remove support for unused OOB HTX blocks
    - BUILD: travis-ci bugfixes and improvements
    - BUG/MEDIUM: servers: Don't use the same srv flag for cookie-set and TFO.
    - BUG/MEDIUM: h2: Make sure we set send_list to NULL in h2_detach().
    - BUILD: ssl: fix again a libressl build failure after the openssl FD leak fix
    - CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER instead of OPENSSL_VERSION_NUMBER
    - BUILD: ssl: make libressl use its own version numbers
    - CLEANUP: ssl: remove 57 occurrences of useless tests on LIBRESSL_VERSION_NUMBER
    - MINOR: ssl: enable aes_gcm_dec on LibreSSL
    - BUILD: ssl: fix libressl build again after aes-gcm-enc
    - REORG: ssl: move openssl-compat from proto to common
    - REORG: ssl: move some OpenSSL defines from ssl_sock to openssl-compat
    - CLEANUP: ssl: never include openssl/*.h outside of openssl-compat.h anymore
    - CLEANUP: ssl: make inclusion of openssl headers safe
    - BUILD: add BoringSSL to travis-ci build matrix
    - BUILD: threads: Add __ha_cas_dw fallback for single threaded builds
    - BUG/MINOR: stream: Attach the read side on the response as soon as possible
    - BUG/MEDIUM: http: Use pointer to the begining of input to parse message headers
    - BUG/MEDIUM: h2: Don't check send_wait to know if we're in the send_list.
    - BUG/MEDIUM: streams: Make sur SI_FL_L7_RETRY is set before attempting a retry.
    - MEDIUM: streams: Add a new http action, disable-l7-retry.
    - MINOR: streams: Introduce a new retry-on keyword, all-retryable-errors.
    - BUG/MINOR: vars: Fix memory leak in vars_check_arg
    - BUILD: travis-ci: make TMPDIR global variable in travis-ci
    - CLEANUP: ssl: move the SSL_OP_* and SSL_MODE_* definitions to openssl-compat
    - CLEANUP: ssl: remove ifdef around SSL_CTX_get_extra_chain_certs()
    - CLEANUP: ssl: move all BIO_* definitions to openssl-compat
    - BUILD: threads: fix again the __ha_cas_dw() definition
    - BUG/MAJOR: mux-h2: do not add a stream twice to the send list
    - Revert "BUG/MINOR: vars: Fix memory leak in vars_check_arg"
    - BUG/MINOR: peers: Fix memory leak in cfg_parse_peers
    - BUG/MINOR: htx: make sure to always initialize the HTTP method when parsing a buffer
    - REGTEST: fix tls_health_checks random failures on MacOS in Travis-CI
    - MINOR: spoe: Set the argument chunk size to 0 when SPOE variables are checked
    - BUG/MINOR: vars: Fix memory leak in vars_check_arg
    - BUG/MAJOR: ssl: segfault upon an heartbeat request
    - MINOR: spoa-server: Clone the v1.7 spoa-example project
    - MINOR: spoa-server: move some definition from spoa_server.c to spoa_server.h
    - MINOR: spoa-server: Externalise debug functions
    - MINOR: spoe-server: rename "worker" functions
    - MINOR: spoa-server: Replace the thread init system by processes
    - MINOR: spoa-server: With debug mode, start only one process
    - MINOR: spoa-server: Allow registering external processes
    - MINOR: spoa-server: Allow registering message processors
    - MINOR: spoa-server: Load files
    - MINOR: spoa-server: Prepare responses
    - MINOR: spoa-server: Execute registered callbacks
    - MINOR: spoa-server: Add Lua processing
    - MINOR: spoa-server: Add python
    - MINOR/DOC: spoe-server: Add documentation
    - BUG/MEDIUM: connections: Don't forget to set xprt_ctx to NULL on close.
    - MINOR: lists: add LIST_ADDED() to check if an element belongs to a list
    - CLEANUP: mux-h2: use LIST_ADDED() instead of LIST_ISEMPTY() where relevant
    - MINOR: mux-h2: add two H2S flags to report the need for shutr/shutw
    - CLEANUP: mux-h2: simply use h2s->flags instead of ret in h2_deferred_shut()
    - CLEANUP: connection: remove the handle field from the wait_event struct
    - BUG/MINOR: log: Wrong log format initialization.
    - BUG/MINOR: mux-h2: make the do_shut{r,w} functions more robust against retries
    - BUG/MINOR: mworker: use after free when the PID not assigned
    - MINOR: mux-h2: remove useless test on stream ID vs last in wake function
    - MINOR: mux-h2: make h2_wake_some_streams() not depend on the CS flags
    - MINOR: mux-h2: make h2s_wake_one_stream() the only function to deal with CS
    - MINOR: mux-h2: make h2s_wake_one_stream() not depend on temporary CS flags
    - BUG/MINOR: mux-h2: make sure to honor KILL_CONN in do_shut{r,w}
    - CLEANUP: mux-h2: don't test for impossible CS_FL_REOS conditions
    - MINOR: mux-h2: add macros to check multiple stream states at once
    - MINOR: mux-h2: stop relying on CS_FL_REOS
    - BUG/MEDIUM: mux-h2: Set EOI on the conn_stream during h2_rcv_buf()
    - BUILD: debug: make gcc not complain on the ABORT_NOW() macro
    - MINOR: debug: add a new BUG_ON macro
    - MINOR: h2: Use BUG_ON() to enforce rules in subscribe/unsubscribe.
    - MINOR: h1: Use BUG_ON() to enforce rules in subscribe/unsubscribe.
    - MINOR: connections: Use BUG_ON() to enforce rules in subscribe/unsubscribe.
    - BUILD: ist: turn the lower/upper case tables to literal on obsolete linkers
2019-05-15 16:51:48 +02:00
Olivier Houchard
ddf0e03585 MINOR: streams: Introduce a new retry-on keyword, all-retryable-errors.
Add a new retry-on keyword, "all-retryable-errors", that activates retry
for all errors that are considered retryable.
This currently activates retry for "conn-failure", "empty-response",
"junk-respones", "response-timeout", "0rtt-rejected", "500", "502", "503" and
"504".
2019-05-10 18:05:35 +02:00
Olivier Houchard
602bf7d2ea MEDIUM: streams: Add a new http action, disable-l7-retry.
Add a new action for http-request, disable-l7-retry, that can be used to
disable any attempt at retry requests (see retry-on) if it fails for any
reason other than a connection failure.
This is useful for example to make sure POST requests aren't retried.
2019-05-10 17:49:09 +02:00
William Lallemand
27edc4b915 MINOR: mworker: support a configurable maximum number of reloads
This patch implements a new global parameter for the master-worker mode.
When setting the mworker-max-reloads value, a worker receive a SIGTERM
if its number of reloads is greater than this value.
2019-05-07 19:09:01 +02:00
Frédéric Lécaille
4f5b77c57c DOC: Update for "table" lines in "peers" section. 2019-05-07 06:54:07 +02:00
Willy Tarreau
034c88cf03 MEDIUM: tcp: add the "tfo" option to support TCP fastopen on the server
This implements support for the new API which relies on a call to
setsockopt().
On systems that support it (currently, only Linux >= 4.11), this enables
using TCP fast open when connecting to server.
Please note that you should use the retry-on "conn-failure", "empty-response"
and "response-timeout" keywords, or the request won't be able to be retried
on failure.

Co-authored-by: Olivier Houchard <ohouchard@haproxy.com>
2019-05-06 22:29:39 +02:00
Olivier Houchard
22c9b440dc MINOR: doc: Document the interaction of allow-0rtt and retry-on 0rtt-rejected.
Document that haproxy will try to use early data when connecting to the
server if we have retry-on 0rtt-rejected, as well.
2019-05-06 19:01:19 +02:00
Olivier Houchard
8cb2d2e941 MINOR: doc: Document allow-0rtt on the server line.
Briefly document allow-0rtt on the server line, and only the part that apply
to 1.8 and 1.9.

This should be backported to 1.8 and 1.9.
2019-05-06 19:01:14 +02:00
Tim Duesterhus
44864ac7b0 DOC: Fix typo in keyword matrix
It should read 'deprecated' instead of 'deprectated'.
2019-05-06 07:15:08 +02:00
Tim Duesterhus
473c283d95 CLEANUP: Remove appsession documentation
I was about to partly revert 294d0f08b3,
because there were no 'X' for 'appsession' in the keyword matrix until
I checked the blame, realizing that the feature does not exist any more.

Clearly the documentation is confusing here, the removal note is only
listed *below* the old documentation and the supported sections still
show 'backend' and 'listen'.

It's been 3.5 years and 4 releases (1.6, 1.7, 1.8 and 1.9), I guess
this can be removed from the documentation of future versions.
2019-05-06 07:15:08 +02:00
Olivier Houchard
e3249a98e2 MEDIUM: streams: Add a new keyword for retry-on, "junk-response"
Add a way to retry requests if we got a junk response from the server, ie
an incomplete response, or something that is not valid HTTP.
To do so, one can use the new "junk-response" keyword for retry-on.
2019-05-04 10:20:24 +02:00
Olivier Houchard
865d8392bb MEDIUM: streams: Add a way to replay failed 0rtt requests.
Add a new keyword for retry-on, 0rtt-rejected. If set, we will try to
replay requests for which we sent early data that got rejected by the
server.
If that option is set, we will attempt to use 0rtt if "allow-0rtt" is set
on the server line even if the client didn't send early data.
2019-05-04 10:20:24 +02:00
Olivier Houchard
a254a37ad7 MEDIUM: streams: Add the ability to retry a request on L7 failure.
When running in HTX mode, if we sent the request, but failed to get the
answer, either because the server just closed its socket, we hit a server
timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error,
attempt to retry the request, exactly as if we just failed to connect to
the server.

To do so, add a new backend keyword, "retry-on".

It accepts a list of keywords, which can be "none" (never retry),
"conn-failure" (we failed to connect, or to do the SSL handshake),
"empty-response" (the server closed the connection without answering),
"response-timeout" (we timed out while waiting for the server response),
or "404", "408", "425", "500", "501", "502", "503" and "504".

The default is "conn-failure".
2019-05-04 10:19:56 +02:00
Frédéric Lécaille
d690dfac1d DOC: log: Document the sampling and load-balancing logging feature.
This document should come with these commits:
  'MINOR: log: Enable the log sampling and load-balancing feature'
  'MINOR: log: Add "sample" new keyword to "log" lines.'
2019-04-30 09:25:09 +02:00
Willy Tarreau
d2d3348acb MINOR: activity: enable automatic profiling turn on/off
Instead of having to manually turn task profiling on/off in the
configuration, by default it will work in "auto" mode, which
automatically turns on on any thread experiencing sustained loop
latencies over one millisecond averaged over the last 1024 samples.

This may happen with configs using lots of regex (thing map_reg for
example, which is the lazy way to convert Apache's rewrite rules but
must not be abused), and such high latencies affect all the process
and the problem is most often intermittent (e.g. hitting a map which
is only used for certain host names).

Thus now by default, with profiling set to "auto", it remains off all
the time until something bad happens. This also helps better focus on
the issues when looking at the logs as well as in "show sess" output.
It automatically turns off when the average loop latency over the last
1024 calls goes below 990 microseconds (which typically takes a while
when in idle).

This patch could be backported to stable versions after a bit more
exposure, as it definitely improves observability and the ability to
quickly spot the culprit. In this case, previous patch ("MINOR:
activity: make the profiling status per thread and not global") must
also be taken.
2019-04-25 17:26:46 +02:00
Baptiste Assmann
333939c2ee MINOR: action: new '(http-request|tcp-request content) do-resolve' action
The 'do-resolve' action is an http-request or tcp-request content action
which allows to run DNS resolution at run time in HAProxy.
The name to be resolved can be picked up in the request sent by the
client and the result of the resolution is stored in a variable.
The time the resolution is being performed, the request is on pause.
If the resolution can't provide a suitable result, then the variable
will be empty. It's up to the admin to take decisions based on this
statement (return 503 to prevent loops).

Read carefully the documentation concerning this feature, to ensure your
setup is secure and safe to be used in production.

This patch creates a global counter to track various errors reported by
the action 'do-resolve'.
2019-04-23 11:41:52 +02:00
paulborile
bad132c384 CLEANUP: wurfl: removed deprecated methods
last 2 major releases of libwurfl included a complete review of engine options with
the result of deprecating many features. The patch removes unecessary code and fixes
the documentation.
Can be backported on any version of haproxy.

[wt: must not be backported since it removes config keywords and would
 thus break existing configurations]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2019-04-23 11:00:23 +02:00
Willy Tarreau
b3cc9f2887 Revert "CLEANUP: wurfl: remove dead, broken and unmaintained code"
This reverts commit 8e5e1e7bf0.

The following patches will fix this code and may be backported.
2019-04-23 10:34:43 +02:00
Baptiste Assmann
e1afd4fec6 MINOR: proto_tcp: tcp-request content: enable set-dst and set-dst-var
The set-dst and set dst-var are available at both 'tcp-request
connection' and 'http-request' but not at the layer in the middle.
This patch fixes this miss and enables both set-dst and set-dst-var at
'tcp-request content' layer.
2019-04-19 15:50:06 +02:00
Olivier Houchard
88698d966d MEDIUM: connections: Add a way to control the number of idling connections.
As by default we add all keepalive connections to the idle pool, if we run
into a pathological case, where all client don't do keepalive, but the server
does, and haproxy is configured to only reuse "safe" connections, we will
soon find ourself having lots of idling, unusable for new sessions, connections,
while we won't have any file descriptors available to create new connections.

To fix this, add 2 new global settings, "pool_low_ratio" and "pool_high_ratio".
pool-low-fd-ratio  is the % of fds we're allowed to use (against the maximum
number of fds available to haproxy) before we stop adding connections to the
idle pool, and destroy them instead. The default is 20. pool-high-fd-ratio is
the % of fds we're allowed to use (against the maximum number of fds available
to haproxy) before we start killing idling connection in the event we have to
create a new outgoing connection, and no reuse is possible. The default is 25.
2019-04-18 19:52:03 +02:00
Willy Tarreau
636848aa86 MINOR: init: add a "set-dumpable" global directive to enable core dumps
It's always a pain to get a core dump when enabling user/group setting
(which disables the dumpable flag on Linux), when using a chroot and/or
when haproxy is started by a service management tool which requires
complex operations to just raise the core dump limit.

This patch introduces a new "set-dumpable" global directive to work
around these troubles by doing the following :

  - remove file size limits     (equivalent of ulimit -f unlimited)
  - remove core size limits     (equivalent of ulimit -c unlimited)
  - mark the process dumpable again (equivalent of suid_dumpable=1)

Some of these will depend on the operating system. This way it becomes
much easier to retrieve a core file. Temporarily moving the chroot to
a user-writable place generally enough.
2019-04-16 14:31:23 +02:00
Christopher Faulet
1d2b586cdd MAJOR: htx: Enable the HTX mode by default for all proxies
The legacy HTTP mode is no more the default one. So now, by default, without any
option in your configuration, all proxies will use the HTX mode. The line
"option http-use-htx" in proxy sections are now useless, except to cancel the
legacy HTTP mode. To fallback on legacy HTTP mode, you should use the line "no
option http-use-htx" explicitly.

Note that the reg-tests still work by default on legacy HTTP mode. The HTX will
be enabled by default in a futur commit.
2019-04-12 22:06:53 +02:00
Christopher Faulet
6c9bbb2265 MEDIUM: htx: Deprecate the option 'http-tunnel' and ignore it in HTX
The option http-tunnel disables any HTTP processing past the first
transaction. In HTX, it works for full h1 transactions. As for the legacy HTTP,
it is a workaround, but it works. But it is impossible to make it works with an
h2 connection. In such case, it has no effect, the stream is closed at the end
of the transaction. So to avoid any inconsistancies between h1 and h2
connections, this option is now always ignored when the HTX is enabled. It is
also a good opportinity to deprecate an old and ugly option. A warning is
emitted during HAProxy startup to encourage users to remove this option.

Note that in legacy HTTP, this option only works with full h1 transactions
too. If an h2 connection is established on a frontend with this option enabled,
it will have no effect at all. But we keep it for the legacy HTTP for
compatibility purpose. It will be removed with the legacy HTTP.

So to be short, if you have to really (REALLY) use it, it will only work for
legacy HTTP frontends with H1 clients.

The documentation has been updated accordingly.

This patch must be backported to 1.9. It is not strictly speaking required but
it will ease futur backports.
2019-04-12 22:06:53 +02:00
Nenad Merdanovic
c31499d747 MINOR: ssl: Add aes_gcm_dec converter
The converter can be used to decrypt the raw byte input using the
AES-GCM algorithm, using provided nonce, key and AEAD tag. This can
be useful to decrypt encrypted cookies for example and make decisions
based on the content.
2019-04-01 13:33:31 +02:00
Freddy Spierenburg
e88b77351b DOC: The option httplog is no longer valid in a backend.
This can be backported to 1.9 and 1.8.
2019-03-26 12:00:06 +01:00
Willy Tarreau
6e893b9931 [RELEASE] Released version 2.0-dev2
Released version 2.0-dev2 with the following main changes :
    - CLEANUP: http: Remove unreachable code in parse_http_req_capture
    - CLEANUP: stream: Remove bogus loop in conn_si_send_proxy
    - MINOR: lists: Implement locked variations.
    - MEDIUM: servers: Used a locked list for idle_orphan_conns.
    - MEDIUM: servers: Reorganize the way idle connections are cleaned.
    - BUG/MEDIUM: lists: Properly handle the case we're removing the first elt.
    - MINOR: cfgparse: Add a cast to make gcc happier.
    - BUG/MEDIUM: standard: Wrong reallocation size.
    - BUG/MINOR: listener: keep accept rate counters accurate under saturation
    - DOC: fix alphabetic ordering for "tune.fail-alloc" setting
    - MAJOR: config: disable support for nbproc and nbthread in parallel
    - MEDIUM: listener: keep a single thread-mask and warn on "process" misuse
    - MAJOR: listener: do not hold the listener lock in listener_accept()
    - MINOR: listener: maintain a per-thread count of the number of connections on a listener
    - MINOR: tools: implement functions to look up the nth bit set in a mask
    - MINOR: listener: pre-compute some thread counts per bind_conf
    - MINOR: listener: implement multi-queue accept for threads
    - MAJOR: listener: use the multi-queue for multi-thread listeners
    - MINOR: activity: add accept queue counters for pushed and overflows
    - MINOR: config: add global tune.listener.multi-queue setting
    - MAJOR: threads: enable one thread per CPU by default
    - DOC: update management.txt to reflect that threads are used by default
    - BUG/MINOR: config: don't over-count the global maxsock value
    - BUG/MEDIUM: list: fix the rollback on addq in the locked liss
    - BUG/MEDIUM: list: fix LIST_POP_LOCKED's removal of the last pointer
    - BUG/MEDIUM: list: add missing store barriers when updating elements and head
    - MINOR: list: make the delete and pop operations idempotent
    - MINOR: server: remove a few unneeded LIST_INIT calls after LIST_DEL_LOCKED
    - BUG/MEDIUM: listener: use a self-locked list for the dequeue lists
    - BUG/MEDIUM: listener: make sure the listener never accepts too many conns
    - BUG/MEDIUM: list: correct fix for LIST_POP_LOCKED's removal of last element
    - MINOR: listener: introduce listener_backlog() to report the backlog value
    - MINOR: listener: do not needlessly set l->maxconn
    - MINOR: proxy: do not change the listeners' maxconn when updating the frontend's
    - MEDIUM: config: don't enforce a low frontend maxconn value anymore
    - MINOR: peers: Add a message for heartbeat.
    - MINOR: global: keep a copy of the initial rlim_fd_cur and rlim_fd_max values
    - BUG/MINOR: init: never lower rlim_fd_max
    - BUG/MINOR: checks: make external-checks restore the original rlim_fd_cur/max
    - BUG/MINOR: mworker: be careful to restore the original rlim_fd_cur/max on reload
    - MINOR: init: make the maxpipe computation more accurate
    - MINOR: init: move some maxsock updates earlier
    - MEDIUM: init: make the global maxconn default to what rlim_fd_cur permits
    - REGTEST: fix a spurious "nbthread 4" in the connection test
    - DOC: update the text related to the global maxconn value
    - BUG/MAJOR: mux-h2: fix race condition between close on both ends
    - MINOR: sample: Replace "req.ungrpc" smp fetch by a "ungrpc" converter.
    - BUG/MEDIUM: list: fix again LIST_ADDQ_LOCKED
    - MINOR: htx: unconditionally handle parsing errors in requests or responses
    - MINOR: mux-h2: always pass HTX_FL_PARSING_ERROR between h2s and buf on RX
    - BUG/MEDIUM: h2/htx: verify that :path doesn't contain invalid chars
    - MINOR: sample: Code factorization "ungrpc" converter.
    - MINOR: sample: Rework gRPC converter code.
    - CLEANUP: wurfl: remove dead, broken and unmaintained code
    - MINOR: config: relax the range checks on cpu-map
    - BUG/MINOR: ssl: fix warning about ssl-min/max-ver support
    - MINOR: sample: Extract some protocol buffers specific code.
    - DOC: Remove tabs and fixed punctuation.
    - MINOR: sample: Add a protocol buffers specific converter.
    - REGTEST: Peers reg tests.
    - REGTEST: Enable reg tests with HEAD HTTP method usage.
    - MINOR: lists: add a LIST_DEL_INIT() macro
    - MINOR: task: use LIST_DEL_INIT() to remove a task from the queue
    - MINOR: listener: improve incoming traffic distribution
    - MINOR: tools: implement my_flsl()
    - MEDIUM: listener: change the LB algorithm again to use two round robins instead
    - CLEANUP: listener: remove old thread bit mapping
    - MINOR: listener: move thr_idx from the bind_conf to the listener
    - BUG/MEDIUM: logs: Only attempt to free startup_logs once.
    - BUG/MAJOR: config: Wrong maxconn adjustment.
    - BUG/MEDIUM: 51d: fix possible segfault on deinit_51degrees()
    - OPTIM: task: limit the impact of memory barriers in taks_remove_from_task_list()
    - MINOR: fd: Remove debugging code.
    - BUG/MEDIUM: listeners: Don't call fd_stop_recv() if fd_updt is NULL.
    - MINOR: threads: Implement __ha_barrier_atomic*.
    - MEDIUM: threads: Use __ATOMIC_SEQ_CST when using the newer atomic API.
    - MINOR: threads: Add macros to do atomic operation with no memory barrier.
    - MEDIUM: various: Use __ha_barrier_atomic* when relevant.
    - MEDIUM: applets: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: xref: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: fd: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: freq_ctr: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: proxy: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: server: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: task: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: activity: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: backend: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: cache: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: checks: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: pollers: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: compression: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: spoe: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: threads: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: http: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: lb/threads: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: listeners: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: logs: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: memory: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: peers: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: proto_tcp: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: queues: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: sessions: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: ssl: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: stream: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: tcp_rules: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: time: Use the new _HA_ATOMIC_* macros.
    - MEDIUM: vars: Use the new _HA_ATOMIC_* macros.
    - MINOR: config: remove obsolete use of DEFAULT_MAXCONN at various places
    - MINOR: config: continue to rely on DEFAULT_MAXCONN to set the minimum maxconn
    - BUG/MEDIUM: list: fix incorrect pointer unlocking in LIST_DEL_LOCKED()
    - BUG/MEDIUM: listener: make sure we don't pick stopped threads
    - MEDIUM: list: Remove useless barriers.
    - MEDIUM: list: Use _HA_ATOMIC_*
    - MEDIUM: connections: Use _HA_ATOMIC_*
    - BUG/MAJOR: tasks: Use the TASK_GLOBAL flag to know if we're in the global rq.
    - BUG/MEDIUM: threads/fd: do not forget to take into account epoll_fd/pipes
    - BUG/MEDIUM: init/threads: consider epoll_fd/pipes for automatic maxconn calculation
    - BUG/MEDIUM: tasks: Make sure we wake sleeping threads if needed.
    - BUG/MINOR: mux-h1: Don't report an error on EOS if no message was received
    - BUG/MINOR: stats/htx: Call channel_add_input() when response headers are sent
    - BUG/MINOR: lua/htx: Use channel_add_input() when response data are added
    - BUG/MINOR: lua/htx: Don't forget to call htx_to_buf() when appropriate
    - MINOR: stats: Add the status code STAT_STATUS_IVAL to handle invalid requests
    - MINOR: stats: Move stuff about the stats status codes in stats files
    - BUG/MINOR: stats: Be more strict on what is a valid request to the stats applet
    - Revert "REGTEST: Enable reg tests with HEAD HTTP method usage."
    - BUILD: listener: shut up a build warning when threads are disabled
    - BUILD: Makefile: allow the reg-tests target to be verbose
    - BUILD: Makefile: resolve LEVEL before calling run-regtests
    - BUG/MAJOR: spoe: Fix initialization of thread-dependent fields
    - BUG/MAJOR: stats: Fix how huge POST data are read from the channel
    - BUG/MINOR: http/counters: fix missing increment of fe->srv_aborts
    - BUG/MEDIUM: mux-h2: Always wakeup streams with no id to avoid frozen streams
    - MINOR: mux-h2: Set REFUSED_STREAM error to reset a stream if no data was never sent
    - MINOR: muxes: Report the Last read with a dedicated flag
    - MINOR: proto-http/proto-htx: Make error handling clearer during data forwarding
    - BUILD: tools: fix a build warning on some 32-bit archs
    - MINOR: init: report the list of optionally available services
    - MEDIUM: proto_htx: Switch to infinite forwarding if there is no data filter
    - BUG/MINOR: cache: Fully consume large requests in the cache applet
    - BUG/MINOR: stats: Fully consume large requests in the stats applet
    - BUG/MEDIUM: lua: Fully consume large requests when an HTTP applet ends
    - MINOR: proto_http: Add function to handle the header "Expect: 100-continue"
    - MINOR: proto_htx: Add function to handle the header "Expect: 100-continue"
    - MINOR: stats/cache: Handle the header Expect when applets are registered
    - MINOR: http/applets: Handle all applets intercepting HTTP requests the same way
    - CLEANUP: cache: don't export http_cache_applet anymore
    - MINOR: lua: Don't handle the header Expect in lua HTTP applets anymore
    - BUG/MINOR: doc: Be accurate on the behavior on pool-purge-delay.
    - Revert "MEDIUM: proto_htx: Switch to infinite forwarding if there is no data filter"
    - BUG/MEDIUM: mux-h2: Make sure we destroyed the h2s once shutr/shutw is done.
    - BUG/MEDIUM: mux-h2: Don't bother keeping the h2s if detaching and nothing to send.
    - BUG/MEDIUM: mux-h2: Use the right list in h2_stop_senders().
    - MINOR: mux-h2: copy small data blocks more often and reduce the number of pauses
    - CLEANUP: mux-h2: add some comments to help understand the code
    - BUG/MEDIUM: ssl: ability to set TLS 1.3 ciphers using ssl-default-server-ciphersuites
    - BUG/MINOR: log: properly format IPv6 address when LOG_OPT_HEXA modifier is used.
    - BUG/MEDIUM: h2: Try to be fair when sending data.
    - BUG/MINOR: proto-http: Don't forward request body anymore on error
    - MINOR: mux-h2: Remove useless test on ES flag in h2_frt_transfer_data()
    - MINOR: connection: and new flag to mark end of input (EOI)
    - MINOR: channel: Report EOI on the input channel if it was reached in the mux
    - MEDIUM: mux-h2: Don't mix the end of the message with the end of stream
    - MINOR: mux-h1: Set CS_FL_EOI the end of the message is reached
    - BUG/MEDIUM: http/htx: Fix handling of the option abortonclose
    - CLEANUP: muxes/stream-int: Remove flags CS_FL_READ_NULL and SI_FL_READ_NULL
    - MEDIUM: proto_htx: Reintroduce the infinite forwarding on data
    - BUG/MEDIUM: h2: only destroy the h2s if h2s->cs is NULL.
    - BUG/MEDIUM: h2: Use the new sending_list in h2s_notify_send().
    - BUG/MEDIUM: h2: Follow the same logic in h2_deferred_shut than in h2_snd_buf.
    - BUG/MEDIUM: h2: Remove the tasklet from the task list if unsubscribing.
    - BUG/MEDIUM: task/h2: add an idempotent task removal fucntion
    - CLEANUP: task: only perform a LIST_DEL() when the list is not empty
    - BUG/MEDIUM: mux-h2: make sure to always notify streams of EOS condition
    - CONTRIB: debug: report the CS and CF's EOI flags
    - MINOR: channel: don't unset CF_SHUTR_NOW after shutting down.
2019-03-26 05:40:51 +01:00
Olivier Houchard
a56eebfa5d BUG/MINOR: doc: Be accurate on the behavior on pool-purge-delay.
Setting pool-purge-delay to 0 disables the pool, it doesn't keep the
connection forever, so correctly states this.

This should be backported to 1.9.
2019-03-19 16:44:02 +01:00
Frédéric Lécaille
bfe6138150 MINOR: sample: Add a protocol buffers specific converter.
This patch adds "protobuf" protocol buffers specific converter wich
may used in combination with "ungrpc" as first converter to extract
a protocol buffers field value. It is simply implemented reusing
protobuf_field_lookup() which is the protocol buffers specific parser already
used by "ungrpc" converter which only parse a gRPC header in addition of
parsing protocol buffers message.

Update the documentation for this new "protobuf" converter.
2019-03-06 15:36:02 +01:00
Frédéric Lécaille
93d33168e2 DOC: Remove tabs and fixed punctuation. 2019-03-06 15:36:02 +01:00
Willy Tarreau
8e5e1e7bf0 CLEANUP: wurfl: remove dead, broken and unmaintained code
Since the "wurfl" device detection engine was merged slightly more than
two years ago (2016-11-04), it never received a single fix nor update.
For almost two years it didn't receive even the minimal review or changes
needed to be compatible with threads, and it's remained build-broken for
about the last 9 months, consecutive to the last buffer API changes,
without anyone ever noticing! When asked on the list, nobody confirmed
using it :

   https://www.mail-archive.com/haproxy@formilux.org/msg32516.html

And obviously nobody even cared to verify that it did still build. So we
are left with this broken code with no user and no maintainer. It might
even suffer from remotely exploitable vulnerabilities without anyone
being able to check if it presents any risk. It's a pain to update each
time there is an API change because it doesn't build as it depends on
external libraries that are not publicly accessible, leading to careful
blind changes. It slows down the whole project. This situation is not
acceptable at all.

It's time to cure the problem where it is. This patch removes all this
dead, non-buildable, non-working code. If anyone ever decides to use it,
which I seriously doubt based on history, it could be reintegrated, but
this time the following guarantees will be required :
  - someone has to step up as a maintainer and have his name listed in
    the MAINTAINERS file (I should have been more careful last time).
    This person will take the sole blame for all issues and will be
    responsible for fixing the bugs and incompatibilities affecting
    this code, and for making it evolve to follow regular internal API
    updates.

  - support building on a standard distro with automated tools (i.e. no
    more "click on this site, register your e-mail and download an
    archive then figure how to place this into your build system").
    Dummy libs are OK though as long as they allow the mainline code to
    build and start.

  - multi-threaded support must be fixed. I mean seriously, not worked
    around with a check saying "please disable threads, we've been busy
    fishing for the last two years".

This may be backported to 1.9 given that the code has never worked there
either, thus at least we're certain nobody will miss it.
2019-03-05 13:46:12 +01:00
Frédéric Lécaille
756d97f205 MINOR: sample: Rework gRPC converter code.
For now on, "ungrpc" may take a second optional argument to provide
the protocol buffers types used to encode the field value to be extracted.
When absent the field value is extracted as a binary sample which may then
followed by others converters like "hex" which takes binary as input sample.
When this second argument is a type which does not match the one found by "ungrpc",
this field is considered as not found even if present.

With this patch we also remove the useless "varint" and "svarint" converters.

Update the documentation about "ungrpc" converters.
2019-03-05 11:04:23 +01:00
Frédéric Lécaille
50290fbb42 MINOR: sample: Replace "req.ungrpc" smp fetch by a "ungrpc" converter.
This patch simply extracts the code of smp_fetch_req_ungrpc() for "req.ungrpc"
from http_fetch.c to move it to sample.c with very few modifications.
Furthermore smp_fetch_body_buf() used to fetch the body contents is no more needed.

Update the documentation for gRPC.
2019-03-04 08:28:42 +01:00
Willy Tarreau
b28f3446e5 DOC: update the text related to the global maxconn value
Maxconn is now automatically calculated, mention this in the doc.
2019-03-04 08:17:12 +01:00
Willy Tarreau
c8d5b95e6d MEDIUM: config: don't enforce a low frontend maxconn value anymore
Historically the default frontend's maxconn used to be quite low (2000),
which was sufficient two decades ago but often proved to be a problem
when users had purposely set the global maxconn value but forgot to set
the frontend's.

There is no point in keeping this arbitrary limit for frontends : when
the global maxconn is lower, it's already too high and when the global
maxconn is much higher, it becomes a limiting factor which causes trouble
in production.

This commit allows the value to be set to zero, which becomes the new
default value, to mean it's not directly limited, or in fact it's set
to the global maxconn. Since this operation used to be performed before
computing a possibly automatic global maxconn based on memory limits,
the calculation of the maxconn value and its propagation to the backends'
fullconn has now moved to a dedicated function, proxy_adjust_all_maxconn(),
which is called once the global maxconn is stabilized.

This comes with two benefits :
  1) a configuration missing "maxconn" in the defaults section will not
     limit itself to a magically hardcoded value but will scale up to the
     global maxconn ;

  2) when the global maxconn is not set and memory limits are used instead,
     the frontends' maxconn automatically adapts, and the backends' fullconn
     as well.
2019-02-28 17:05:32 +01:00
Willy Tarreau
e2711c7bd6 MINOR: listener: introduce listener_backlog() to report the backlog value
In an attempt to try to provide automatic maxconn settings, we need to
decorrelate a listner's backlog and maxconn so that these values can be
independent. This introduces a listener_backlog() function which retrieves
the backlog value from the listener's backlog, the frontend's, the
listener's maxconn, the frontend's or falls back to 1024. This
corresponds to what was done in cfgparse.c to force a value there except
the last fallback which was not set since the frontend's maxconn is always
known.
2019-02-28 17:05:29 +01:00
Willy Tarreau
149ab779cc MAJOR: threads: enable one thread per CPU by default
Threads have long matured by now, still for most users their usage is
not trivial. It's about time to enable them by default on platforms
where we know the number of CPUs bound. This patch does this, it counts
the number of CPUs the process is bound to upon startup, and enables as
many threads by default. Of course, "nbthread" still overrides this, but
if it's not set the default behaviour is to start one thread per CPU.

The default number of threads is reported in "haproxy -vv". Simply using
"taskset -c" is now enough to adjust this number of threads so that there
is no more need for playing with cpu-map. And thanks to the previous
patches on the listener, the vast majority of configurations will not
need to duplicate "bind" lines with the "process x/y" statement anymore
either, so a simple config will automatically adapt to the number of
processors available.
2019-02-27 14:51:50 +01:00
Willy Tarreau
7ac908bf8c MINOR: config: add global tune.listener.multi-queue setting
tune.listener.multi-queue { on | off }
  Enables ('on') or disables ('off') the listener's multi-queue accept which
  spreads the incoming traffic to all threads a "bind" line is allowed to run
  on instead of taking them for itself. This provides a smoother traffic
  distribution and scales much better, especially in environments where threads
  may be unevenly loaded due to external activity (network interrupts colliding
  with one thread for example). This option is enabled by default, but it may
  be forcefully disabled for troubleshooting or for situations where it is
  estimated that the operating system already provides a good enough
  distribution and connections are extremely short-lived.
2019-02-27 14:27:07 +01:00
Willy Tarreau
a36b324777 MEDIUM: listener: keep a single thread-mask and warn on "process" misuse
Now that nbproc and nbthread are exclusive, we can still provide more
detailed explanations about what we've found in the config when a bind
line appears on multiple threads and processes at the same time, then
ignore the setting.

This patch reduces the listener's thread mask to a single mask instead
of an array of masks per process. Now we have only one thread mask and
one process mask per bind-conf. This removes ~504 bytes of RAM per
bind-conf and will simplify handling of thread masks.

If a "bind" line only refers to process numbers not found by its parent
frontend or not covered by the global nbproc directive, or to a thread
not covered by the global nbthread directive, a warning is emitted saying
what will be used instead.
2019-02-27 14:27:07 +01:00
Willy Tarreau
26f6ae12c0 MAJOR: config: disable support for nbproc and nbthread in parallel
When 1.8 was released, we wanted to support both nbthread and nbproc to
observe how things would go. Since then it appeared obvious that the two
are never used together because of the pain to configure affinity in this
case, and instead of bringing benefits, it brings the limitations of both
models, and causes multiple threads to compete for the same CPU. In
addition, it costs a lot to support both in parallel, so let's get rid
of this once for all.
2019-02-27 14:27:04 +01:00
Willy Tarreau
c299e1e027 DOC: fix alphabetic ordering for "tune.fail-alloc" setting
Last time I verified, the "f" letter was not between the "l" and the
"m", but between the "e" and the "g", so let's move this entry to the
right place.
2019-02-27 14:18:51 +01:00
Willy Tarreau
6c1b667e57 [RELEASE] Released version 2.0-dev1
Released version 2.0-dev1 with the following main changes :
    - MINOR: mux-h2: only increase the connection window with the first update
    - REGTESTS: remove the expected window updates from H2 handshakes
    - BUG/MINOR: mux-h2: make empty HEADERS frame return a connection error
    - BUG/MEDIUM: mux-h2: mark that we have too many CS once we have more than the max
    - MEDIUM: mux-h2: remove padlen during headers phase
    - MINOR: h2: add a bit-based frame type representation
    - MINOR: mux-h2: remove useless check for empty frame length in h2s_decode_headers()
    - MEDIUM: mux-h2: decode HEADERS frames before allocating the stream
    - MINOR: mux-h2: make h2c_send_rst_stream() use the dummy stream's error code
    - MINOR: mux-h2: add a new dummy stream for the REFUSED_STREAM error code
    - MINOR: mux-h2: fail stream creation more cleanly using RST_STREAM
    - MINOR: buffers: add a new b_move() function
    - MINOR: mux-h2: make h2_peek_frame_hdr() support an offset
    - MEDIUM: mux-h2: handle decoding of CONTINUATION frames
    - CLEANUP: mux-h2: remove misleading comments about CONTINUATION
    - BUG/MEDIUM: servers: Don't try to reuse connection if we switched server.
    - BUG/MEDIUM: tasks: Decrement tasks_run_queue in tasklet_free().
    - BUG/MINOR: htx: send the proper authenticate header when using http-request auth
    - BUG/MEDIUM: mux_h2: Don't add to the idle list if we're full.
    - BUG/MEDIUM: servers: Fail if we fail to allocate a conn_stream.
    - BUG/MAJOR: servers: Use the list api correctly to avoid crashes.
    - BUG/MAJOR: servers: Correctly use LIST_ELEM().
    - BUG/MAJOR: sessions: Use an unlimited number of servers for the conn list.
    - BUG/MEDIUM: servers: Flag the stream_interface on handshake error.
    - MEDIUM: servers: Be smarter when switching connections.
    - MEDIUM: sessions: Keep track of which connections are idle.
    - MINOR: payload: add sample fetch for TLS ALPN
    - BUG/MEDIUM: log: don't mark log FDs as non-blocking on terminals
    - MINOR: channel: Add the function channel_add_input
    - MINOR: stats/htx: Call channel_add_input instead of updating channel state by hand
    - BUG/MEDIUM: cache: Be sure to end the forwarding when XFER length is unknown
    - BUG/MAJOR: htx: Return the good block address after a defrag
    - MINOR: lb: allow redispatch when using consistent hash
    - CLEANUP: mux-h2: fix end-of-stream flag name when processing headers
    - BUG/MEDIUM: mux-h2: always restart reading if data are available
    - BUG/MINOR: mux-h2: set the stream-full flag when leaving h2c_decode_headers()
    - BUG/MINOR: mux-h2: don't check the CS count in h2c_bck_handle_headers()
    - BUG/MINOR: mux-h2: mark end-of-stream after processing response HEADERS, not before
    - BUG/MINOR: mux-h2: only update rxbuf's length for H1 headers
    - BUG/MEDIUM: mux-h1: use per-direction flags to indicate transitions
    - BUG/MEDIUM: mux-h1: make HTX chunking consistent with H2
    - BUG/MAJOR: stream-int: Update the stream expiration date in stream_int_notify()
    - BUG/MEDIUM: proto-htx: Set SI_FL_NOHALF on server side when request is done
    - BUG/MEDIUM: mux-h1: Add a task to handle connection timeouts
    - MINOR: mux-h2: make h2c_decode_headers() return a status, not a count
    - MINOR: mux-h2: add a new dummy stream : h2_error_stream
    - MEDIUM: mux-h2: make h2c_decode_headers() support recoverable errors
    - BUG/MINOR: mux-h2: detect when the HTX EOM block cannot be added after headers
    - MINOR: mux-h2: remove a misleading and impossible test
    - CLEANUP: mux-h2: clean the stream error path on HEADERS frame processing
    - MINOR: mux-h2: check for too many streams only for idle streams
    - MINOR: mux-h2: set H2_SF_HEADERS_RCVD when a HEADERS frame was decoded
    - BUG/MEDIUM: mux-h2: decode trailers in HEADERS frames
    - MINOR: h2: add h2_make_h1_trailers to turn H2 headers to H1 trailers
    - MEDIUM: mux-h2: pass trailers to H1 (legacy mode)
    - MINOR: htx: add a new function to add a block without filling it
    - MINOR: h2: add h2_make_htx_trailers to turn H2 headers to HTX trailers
    - MEDIUM: mux-h2: pass trailers to HTX
    - MINOR: mux-h1: parse the content-length header on output and set H1_MF_CLEN
    - BUG/MEDIUM: mux-h1: don't enforce chunked encoding on requests
    - MINOR: mux-h2: make HTX_BLK_EOM processing idempotent
    - MINOR: h1: make the H1 headers block parser able to parse headers only
    - MEDIUM: mux-h2: emit HEADERS frames when facing HTX trailers blocks
    - MINOR: stream/htx: Add info about the HTX structs in "show sess all" command
    - MINOR: stream: Add the subscription events of SIs in "show sess all" command
    - MINOR: mux-h1: Add the subscription events in "show fd" command
    - BUG/MEDIUM: h1: Get the h1m state when restarting the headers parsing
    - BUG/MINOR: cache/htx: Be sure to count partial trailers
    - BUG/MEDIUM: h1: In h1_init(), wake the tasklet instead of calling h1_recv().
    - BUG/MEDIUM: server: Defer the mux init until after xprt has been initialized.
    - MINOR: connections: Remove a stall comment.
    - BUG/MEDIUM: cli: make "show sess" really thread-safe
    - BUILD: add a new file "version.c" to carry version updates
    - MINOR: stream/htx: add the HTX flags output in "show sess all"
    - MINOR: stream/cli: fix the location of the waiting flag in "show sess all"
    - MINOR: stream/cli: report more info about the HTTP messages on "show sess all"
    - BUG/MINOR: lua: bad args are returned for Lua actions
    - BUG/MEDIUM: lua: dead lock when Lua tasks are trigerred
    - MINOR: htx: Add an helper function to get the max space usable for a block
    - MINOR: channel/htx: Add HTX version for some helper functions
    - BUG/MEDIUM: cache/htx: Respect the reserve when cached objects are served
    - BUG/MINOR: stats/htx: Respect the reserve when the stats page is dumped
    - DOC: regtest: make it clearer what the purpose of the "broken" series is
    - REGTEST: mailers: add new test for 'mailers' section
    - REGTEST: Add a reg test for health-checks over SSL/TLS.
    - BUG/MINOR: mux-h1: Close connection on shutr only when shutw was really done
    - MEDIUM: mux-h1: Clarify how shutr/shutw are handled
    - BUG/MINOR: compression: Disable it if another one is already in progress
    - BUG/MINOR: filters: Detect cache+compression config on legacy HTTP streams
    - BUG/MINOR: cache: Disable the cache if any compression filter precedes it
    - REGTEST: Add some informatoin to test results.
    - MINOR: htx: Add a function to truncate all blocks after a specific offset
    - MINOR: channel/htx: Add the HTX version of channel_truncate/erase
    - BUG/MINOR: proto_htx: Use HTX versions to truncate or erase a buffer
    - BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used
    - DOC: Fix typo in req.ssl_alpn example (commit 4afdd138424ab...)
    - DOC: http-request cache-use / http-response cache-store expects cache name
    - REGTEST: "capture (request|response)" regtest.
    - BUG/MINOR: lua/htx: Respect the reserve when data are send from an HTX applet
    - REGTEST: filters: add compression test
    - BUG/MEDIUM: init: Initialize idle_orphan_conns for first server in server-template
    - BUG/MEDIUM: ssl: Disable anti-replay protection and set max data with 0RTT.
    - DOC: Be a bit more explicit about allow-0rtt security implications.
    - MINOR: mux-h1: make the mux_h1_ops struct static
    - BUILD: makefile: add an EXTRA_OBJS variable to help build optional code
    - BUG/MEDIUM: connection: properly unregister the mux on failed initialization
    - BUG/MAJOR: cache: fix confusion between zero and uninitialized cache key
    - REGTESTS: test case for map_regm commit 271022150d
    - REGTESTS: Basic tests for concat,strcmp,word,field,ipmask converters
    - REGTESTS: Basic tests for using maps to redirect requests / select backend
    - DOC: REGTESTS README varnishtest -Dno-htx= define.
    - MINOR: spoe: Make the SPOE filter compatible with HTX proxies
    - MINOR: checks: Store the proxy in checks.
    - BUG/MEDIUM: checks: Avoid having an associated server for email checks.
    - REGTEST: Switch to vtest.
    - REGTEST: Adapt reg test doc files to vtest.
    - BUG/MEDIUM: h1: Make sure we destroy an inactive connectin that did shutw.
    - BUG/MINOR: base64: dec func ignores padding for output size checking
    - BUG/MEDIUM: ssl: missing allocation failure checks loading tls key file
    - MINOR: ssl: add support of aes256 bits ticket keys on file and cli.
    - BUG/MINOR: backend: don't use url_param_name as a hint for BE_LB_ALGO_PH
    - BUG/MINOR: backend: balance uri specific options were lost across defaults
    - BUG/MINOR: backend: BE_LB_LKUP_CHTREE is a value, not a bit
    - MINOR: backend: move url_param_name/len to lbprm.arg_str/len
    - MINOR: backend: make headers and RDP cookie also use arg_str/len
    - MINOR: backend: add new fields in lbprm to store more LB options
    - MINOR: backend: make the header hash use arg_opt1 for use_domain_only
    - MINOR: backend: remap the balance uri settings to lbprm.arg_opt{1,2,3}
    - MINOR: backend: move hash_balance_factor out of chash
    - MEDIUM: backend: move all LB algo parameters into an union
    - MINOR: backend: make the random algorithm support a number of draws
    - BUILD/MEDIUM: da: Necessary code changes for new buffer API.
    - BUG/MINOR: stick_table: Prevent conn_cur from underflowing
    - BUG: 51d: Changes to the buffer API in 1.9 were not applied to the 51Degrees code.
    - BUG/MEDIUM: stats: Get the right scope pointer depending on HTX is used or not
    - DOC: add a missing space in the documentation for bc_http_major
    - REGTEST: checks basic stats webpage functionality
    - BUG/MEDIUM: servers: Make assign_tproxy_address work when ALPN is set.
    - BUG/MEDIUM: connections: Add the CO_FL_CONNECTED flag if a send succeeded.
    - DOC: add github issue templates
    - MINOR: cfgparse: Extract some code to be re-used.
    - CLEANUP: cfgparse: Return asap from cfg_parse_peers().
    - CLEANUP: cfgparse: Code reindentation.
    - MINOR: cfgparse: Useless frontend initialization in "peers" sections.
    - MINOR: cfgparse: Rework peers frontend init.
    - MINOR: cfgparse: Simplication.
    - MINOR: cfgparse: Make "peer" lines be parsed as "server" lines.
    - MINOR: peers: Make outgoing connection to SSL/TLS peers work.
    - MINOR: cfgparse: SSL/TLS binding in "peers" sections.
    - DOC: peers: SSL/TLS documentation for "peers"
    - BUG/MINOR: startup: certain goto paths in init_pollers fail to free
    - BUG/MEDIUM: checks: fix recent regression on agent-check making it crash
    - BUG/MINOR: server: don't always trust srv_check_health when loading a server state
    - BUG/MINOR: check: Wake the check task if the check is finished in wake_srv_chk()
    - BUG/MEDIUM: ssl: Fix handling of TLS 1.3 KeyUpdate messages
    - DOC: mention the effect of nf_conntrack_tcp_loose on src/dst
    - BUG/MINOR: proto-htx: Return an error if all headers cannot be received at once
    - BUG/MEDIUM: mux-h2/htx: Respect the channel's reserve
    - BUG/MINOR: mux-h1: Apply the reserve on the channel's buffer only
    - BUG/MINOR: mux-h1: avoid copying output over itself in zero-copy
    - BUG/MAJOR: mux-h2: don't destroy the stream on failed allocation in h2_snd_buf()
    - BUG/MEDIUM: backend: also remove from idle list muxes that have no more room
    - BUG/MEDIUM: mux-h2: properly abort on trailers decoding errors
    - MINOR: h2: declare new sets of frame types
    - BUG/MINOR: mux-h2: CONTINUATION in closed state must always return GOAWAY
    - BUG/MINOR: mux-h2: headers-type frames in HREM are always a connection error
    - BUG/MINOR: mux-h2: make it possible to set the error code on an already closed stream
    - BUG/MINOR: hpack: return a compression error on invalid table size updates
    - MINOR: server: make sure pool-max-conn is >= -1
    - BUG/MINOR: stream: take care of synchronous errors when trying to send
    - CLEANUP: server: fix indentation mess on idle connections
    - BUG/MINOR: mux-h2: always check the stream ID limit in h2_avail_streams()
    - BUG/MINOR: mux-h2: refuse to allocate a stream with too high an ID
    - BUG/MEDIUM: backend: never try to attach to a mux having no more stream available
    - MINOR: server: add a max-reuse parameter
    - MINOR: mux-h2: always consider a server's max-reuse parameter
    - MEDIUM: stream-int: always mark pending outgoing SI_ST_CON
    - MINOR: stream: don't wait before retrying after a failed connection reuse
    - MEDIUM: h2: always parse and deduplicate the content-length header
    - BUG/MINOR: mux-h2: always compare content-length to the sum of DATA frames
    - CLEANUP: h2: Remove debug printf in mux_h2.c
    - MINOR: cfgparse: make the process/thread parser support a maximum value
    - MINOR: threads: make MAX_THREADS configurable at build time
    - DOC: nbthread is no longer experimental.
    - BUG/MINOR: listener: always fill the source address for accepted socketpairs
    - BUG/MINOR: mux-h2: do not report available outgoing streams after GOAWAY
    - BUG/MINOR: spoe: corrected fragmentation string size
    - BUG/MINOR: task: fix possibly missed event in inter-thread wakeups
    - BUG/MEDIUM: servers: Attempt to reuse an unfinished connection on retry.
    - BUG/MEDIUM: backend: always call si_detach_endpoint() on async connection failure
    - SCRIPTS: add the issue tracker URL to the announce script
    - MINOR: peers: Extract some code to be reused.
    - CLEANUP: peers: Indentation fixes.
    - MINOR: peers: send code factorization.
    - MINOR: peers: Add new functions to send code and reduce the I/O handler.
    - MEDIUM: peers: synchronizaiton code factorization to reduce the size of the I/O handler.
    - MINOR: peers: Move update receive code to reduce the size of the I/O handler.
    - MINOR: peers: Move ack, switch and definition receive code to reduce the size of the I/O handler.
    - MINOR: peers: Move high level receive code to reduce the size of I/O handler.
    - CLEANUP: peers: Be more generic.
    - MINOR: peers: move error handling to reduce the size of the I/O handler.
    - MINOR: peers: move messages treatment code to reduce the size of the I/O handler.
    - MINOR: peers: move send code to reduce the size of the I/O handler.
    - CLEANUP: peers: Remove useless statements.
    - MINOR: peers: move "hello" message treatment code to reduce the size of the I/O handler.
    - MINOR: peers: move peer initializations code to reduce the size of the I/O handler.
    - CLEANUP: peers: factor the error handling code in peer_treet_updatemsg()
    - CLEANUP: peers: factor error handling in peer_treat_definedmsg()
    - BUILD/MINOR: peers: shut up a build warning introduced during last cleanup
    - BUG/MEDIUM: mux-h2: only close connection on request frames on closed streams
    - CLEANUP: mux-h2: remove two useless but misleading assignments
    - BUG/MEDIUM: checks: Check that conn_install_mux succeeded.
    - BUG/MEDIUM: servers: Only destroy a conn_stream we just allocated.
    - BUG/MEDIUM: servers: Don't add an incomplete conn to the server idle list.
    - BUG/MEDIUM: checks: Don't try to set ALPN if connection failed.
    - BUG/MEDIUM: h2: In h2_send(), stop the loop if we failed to alloc a buf.
    - BUG/MEDIUM: peers: Handle mux creation failure.
    - BUG/MEDIUM: servers: Close the connection if we failed to install the mux.
    - BUG/MEDIUM: compression: Rewrite strong ETags
    - BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit
    - CLEANUP: mux-h2: remove misleading leftover test on h2s' nullity
    - BUG/MEDIUM: mux-h2: wake up flow-controlled streams on initial window update
    - BUG/MEDIUM: mux-h2: fix two half-closed to closed transitions
    - BUG/MEDIUM: mux-h2: make sure never to send GOAWAY on too old streams
    - BUG/MEDIUM: mux-h2: do not abort HEADERS frame before decoding them
    - BUG/MINOR: mux-h2: make sure response HEADERS are not received in other states than OPEN and HLOC
    - MINOR: h2: add a generic frame checker
    - MEDIUM: mux-h2: check the frame validity before considering the stream state
    - CLEANUP: mux-h2: remove stream ID and frame length checks from the frame parsers
    - BUG/MINOR: mux-h2: make sure request trailers on aborted streams don't break the connection
    - DOC: compression: Update the reasons for disabled compression
    - BUG/MEDIUM: buffer: Make sure b_is_null handles buffers waiting for allocation.
    - DOC: htx: make it clear that htxbuf() and htx_from_buf() always return valid pointers
    - MINOR: htx: never check for null htx pointer in htx_is_{,not_}empty()
    - MINOR: mux-h2: consistently rely on the htx variable to detect the mode
    - BUG/MEDIUM: peers: Peer addresses parsing broken.
    - BUG/MEDIUM: mux-h1: Don't add "transfer-encoding" if message-body is forbidden
    - BUG/MEDIUM: connections: Don't forget to remove CO_FL_SESS_IDLE.
    - BUG/MINOR: stream: don't close the front connection when facing a backend error
    - BUG/MEDIUM: mux-h2: wait for the mux buffer to be empty before closing the connection
    - MINOR: stream-int: add a new flag to mention that we want the connection to be killed
    - MINOR: connstream: have a new flag CS_FL_KILL_CONN to kill a connection
    - BUG/MEDIUM: mux-h2: do not close the connection on aborted streams
    - BUG/MINOR: server: fix logic flaw in idle connection list management
    - MINOR: mux-h2: max-concurrent-streams should be unsigned
    - MINOR: mux-h2: make sure to only check concurrency limit on the frontend
    - MINOR: mux-h2: learn and store the peer's advertised MAX_CONCURRENT_STREAMS setting
    - BUG/MEDIUM: mux-h2: properly consider the peer's advertised max-concurrent-streams
    - MINOR: xref: Add missing barriers.
    - MINOR: muxes: Don't bother to LIST_DEL(&conn->list) before calling conn_free().
    - MINOR: debug: Add an option that causes random allocation failures.
    - BUG/MEDIUM: backend: always release the previous connection into its own target srv_list
    - BUG/MEDIUM: htx: check the HTX compatibility in dynamic use-backend rules
    - BUG/MINOR: tune.fail-alloc: Don't forget to initialize ret.
    - BUG/MINOR: backend: check srv_conn before dereferencing it
    - BUG/MEDIUM: mux-h2: always omit :scheme and :path for the CONNECT method
    - BUG/MEDIUM: mux-h2: always set :authority on request output
    - BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free().
    - BUG/MINOR: threads: fix the process range of thread masks
    - BUG/MINOR: config: fix bind line thread mask validation
    - CLEANUP: threads: fix misleading comment about all_threads_mask
    - CLEANUP: threads: use nbits to calculate the thread mask
    - OPTIM: listener: optimize cache-line packing for struct listener
    - MINOR: tools: improve the popcount() operation
    - MINOR: config: keep an all_proc_mask like we have all_threads_mask
    - MINOR: global: add proc_mask() and thread_mask()
    - MINOR: config: simplify bind_proc processing using proc_mask()
    - MINOR: threads: make use of thread_mask() to simplify some thread calculations
    - BUG/MINOR: compression: properly report compression stats in HTX mode
    - BUG/MINOR: task: close a tiny race in the inter-thread wakeup
    - BUG/MAJOR: config: verify that targets of track-sc and stick rules are present
    - BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes
    - BUG/MAJOR: htx/backend: Make all tests on HTTP messages compatible with HTX
    - BUG/MINOR: config: make sure to count the error on incorrect track-sc/stick rules
    - DOC: ssl: Clarify when pre TLSv1.3 cipher can be used
    - DOC: ssl: Stop documenting ciphers example to use
    - BUG/MINOR: spoe: do not assume agent->rt is valid on exit
    - BUG/MINOR: lua: initialize the correct idle conn lists for the SSL sockets
    - BUG/MEDIUM: spoe: initialization depending on nbthread must be done last
    - BUG/MEDIUM: server: initialize the idle conns list after parsing the config
    - BUG/MEDIUM: server: initialize the orphaned conns lists and tasks at the end
    - MINOR: config: make MAX_PROCS configurable at build time
    - BUG/MAJOR: spoe: Don't try to get agent config during SPOP healthcheck
    - BUG/MINOR: config: Reinforce validity check when a process number is parsed
    - BUG/MEDIUM: peers: check that p->srv actually exists before using p->srv->use_ssl
    - CONTRIB: contrib/prometheus-exporter: Add a Prometheus exporter for HAProxy
    - BUG/MINOR: mux-h1: verify the request's version before dropping connection: keep-alive
    - BUG: 51d: In Hash Trie, multi header matching was affected by the header names stored globaly.
    - MEDIUM: 51d: Enabled multi threaded operation in the 51Degrees module.
    - BUG/MAJOR: stream: avoid double free on unique_id
    - BUILD/MINOR: stream: avoid a build warning with threads disabled
    - BUILD/MINOR: tools: fix build warning in the date conversion functions
    - BUILD/MINOR: peers: remove an impossible null test in intencode()
    - BUILD/MINOR: htx: fix some potential null-deref warnings with http_find_stline
    - BUG/MEDIUM: peers: Missing peer initializations.
    - BUG/MEDIUM: http_fetch: fix the "base" and "base32" fetch methods in HTX mode
    - BUG/MEDIUM: proto_htx: Fix data size update if end of the cookie is removed
    - BUG/MEDIUM: http_fetch: fix "req.body_len" and "req.body_size" fetch methods in HTX mode
    - BUILD/MEDIUM: initcall: Fix build on MacOS.
    - BUG/MEDIUM: mux-h2/htx: Always set CS flags before exiting h2_rcv_buf()
    - MINOR: h2/htx: Set the flag HTX_SL_F_BODYLESS for messages without body
    - BUG/MINOR: mux-h1: Add "transfer-encoding" header on outgoing requests if needed
    - BUG/MINOR: mux-h2: Don't add ":status" pseudo-header on trailers
    - BUG/MINOR: proto-htx: Consider a XFER_LEN message as chunked by default
    - BUG/MEDIUM: h2/htx: Correctly handle interim responses when HTX is enabled
    - MINOR: mux-h2: Set HTX extra value when possible
    - BUG/MEDIUM: htx: count the amount of copied data towards the final count
    - MINOR: mux-h2: make the H2 MAX_FRAME_SIZE setting configurable
    - BUG/MEDIUM: mux-h2/htx: send an empty DATA frame on empty HTX trailers
    - BUG/MEDIUM: servers: Use atomic operations when handling curr_idle_conns.
    - BUG/MEDIUM: servers: Add a per-thread counter of idle connections.
    - MINOR: fd: add a new my_closefrom() function to close all FDs
    - MINOR: checks: use my_closefrom() to close all FDs
    - MINOR: fd: implement an optimised my_closefrom() function
    - BUG/MINOR: fd: make sure my_closefrom() doesn't miss some FDs
    - BUG/MAJOR: fd/threads, task/threads: ensure all spin locks are unlocked
    - BUG/MAJOR: listener: Make sure the listener exist before using it.
    - MINOR: fd: Use closefrom() as my_closefrom() if supported.
    - BUG/MEDIUM: mux-h1: Report the right amount of data xferred in h1_rcv_buf()
    - BUG/MINOR: channel: Set CF_WROTE_DATA when outgoing data are skipped
    - MINOR: htx: Add function to drain data from an HTX message
    - MINOR: channel/htx: Add function to skips output bytes from an HTX channel
    - BUG/MAJOR: cache/htx: Set the start-line offset when a cached object is served
    - BUG/MEDIUM: cache: Get objects from the cache only for GET and HEAD requests
    - BUG/MINOR: cache/htx: Return only the headers of cached objects to HEAD requests
    - BUG/MINOR: mux-h1: Always initilize h1m variable in h1_process_input()
    - BUG/MEDIUM: proto_htx: Fix functions applying regex filters on HTX messages
    - BUG/MEDIUM: h2: advertise to servers that we don't support push
    - MINOR: standard: Add a function to parse uints (dotted notation).
    - MINOR: arg: Add support for ARGT_PBUF_FNUM arg type.
    - MINOR: http_fetch: add "req.ungrpc" sample fetch for gRPC.
    - MINOR: sample: Add two sample converters for protocol buffers.
    - DOC: sample: Add gRPC related documentation.
2019-02-26 16:43:49 +01:00
Frédéric Lécaille
ec891195d9 DOC: sample: Add gRPC related documentation.
Add documentation for "req.ungrpc" sample fetch method and "varint"
and "svarint" two new protocol buffers specific converters.
2019-02-26 16:27:05 +01:00
Willy Tarreau
a24b35ca18 MINOR: mux-h2: make the H2 MAX_FRAME_SIZE setting configurable
This creates a new tunable "tune.h2.max-frame-size" to adjust the
advertised max frame size. When not set it still defaults to the buffer
size. It is convenient to advertise sizes lower than the buffer size,
for example when using very large buffers.
2019-02-21 17:30:59 +01:00
Bertrand Jacquin
4f03ab06a9 DOC: ssl: Stop documenting ciphers example to use
Since TLS ciphers are not well understand, it is very common pratice to
copy and paste parameters from documentation and use them as-is. Since RC4
should not be used anymore, it is wiser to link users to up to date
documnetation from Mozilla to avoid unsafe configuration in the wild.

Clarify the location of man pages for OpenSSL when missing.
2019-02-06 23:03:40 +01:00