Gcc 6 and above support placing an attribute on an enum's value. This
is convenient for marking some values as deprecated. We just need the
macro because older versions fail to parse __attribute__() there.
The CRL file CLI update code was strongly based off the CA one and some
copy-paste issues were then introduced.
This patch fixes GitHub issue #1685.
It should be backported to 2.5.
Released version 2.6-dev9 with the following main changes :
- MINOR: mux-quic: support full request channel buffer
- BUG/MINOR: h3: fix parsing of unknown frame type with null length
- CLEANUP: backend: make alloc_{bind,dst}_address() idempotent
- MEDIUM: stream: remove the confusing SF_ADDR_SET flag
- MINOR: conn_stream: remove the now unused CS_FL_ADDR_*_SET flags
- CLEANUP: protocol: make sure the connect_* functions always receive a dst
- MINOR: connection: get rid of the CO_FL_ADDR_*_SET flags
- MINOR: session: get rid of the now unused SESS_FL_ADDR_*_SET flags
- CLEANUP: mux: Useless xprt_quic-t.h inclusion
- MINOR: quic: Make the quic_conn be aware of the number of streams
- BUG/MINOR: quic: Dropped retransmitted STREAM frames
- BUG/MINOR: mux_quic: Dropped packet upon retransmission for closed streams
- MEDIUM: httpclient: remove url2sa to use a more flexible parser
- MEDIUM: httpclient: http-request rules for resolving
- MEDIUM: httpclient: allow address and port change for resolving
- CLEANUP: httpclient: remove the comment about resolving
- MINOR: httpclient: handle unix and other socket types in dst
- MINOR: httpclient: rename dash by dot in global option
- MINOR: init: exit() after pre-check upon error
- MINOR: httpclient: cleanup the error handling in init
- MEDIUM: httpclient: hard-error when SSL is configured
- MINOR: httpclient: allow to configure the ca-file
- MINOR: httpclient: configure the resolvers section to use
- MINOR: httpclient: allow ipv4 or ipv6 preference for resolving
- DOC: configuration: httpclient global option
- MINOR: conn-stream: Add mask from flags set by endpoint or app layer
- BUG/MEDIUM: conn-stream: Only keep app layer flags of the endpoint on reset
- BUG/MEDIUM: mux-fcgi: Be sure to never set EOM flag on an empty HTX message
- BUG/MEDIUM: mux-h1: Be able to handle trailers when C-L header was specified
- DOC: config: Update doc for PR/PH session states to warn about rewrite failures
- MINOR: resolvers: cleanup alert/warning in parse-resolve-conf
- MINOR: resolvers: move the resolv.conf parser in parse_resolv_conf()
- MINOR: resolvers: resolvers_new() create a resolvers with default values
- BUILD: debug: unify the definition of ha_backtrace_to_stderr()
- BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port]
- MEDIUM: resolvers: create a "default" resolvers section at startup
- DOC: resolvers: default resolvers section
- BUG/MINOR: startup: usage() when no -cc arguments
- BUG/MEDIUM: resolvers: make "show resolvers" properly yield
- BUG/MEDIUM: cli: make "show cli sockets" really yield
- BUG/MINOR: proxy/cli: don't enumerate internal proxies on "show backend"
- BUG/MINOR: map/cli: protect the backref list during "show map" errors
- BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init
- BUG/MINOR: ssl/cli: fix "show ssl ca-file/crl-file" not to mix cli+ssl contexts
- BUG/MINOR: ssl/cli: fix "show ssl ca-file <name>" not to mix cli+ssl contexts
- BUG/MINOR: ssl/cli: fix "show ssl crl-file" not to mix cli+ssl contexts
- BUG/MINOR: ssl/cli: fix "show ssl cert" not to mix cli+ssl contexts
- CLEANUP: ssl/cli: do not loop on unknown states in "add ssl crt-list" handler
- MINOR: applet: reserve some generic storage in the applet's context
- CLEANUP: applet: make appctx_new() initialize the whole appctx
- CLEANUP: stream/cli: take the "show sess" context definition out of the appctx
- CLEANUP: stream/cli: stop using appctx->st2 for the dump state
- CLEANUP: stream/cli: remove the unneeded init state from "show sess"
- CLEANUP: stream/cli: remove the unneeded STATE_FIN state from "show sess"
- CLEANUP: stream/cli: remove the now unneeded dump state from "show sess"
- CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx
- CLEANUP: stick-table/cli: take the "show table" context definition out of the appctx
- CLEANUP: stick-table/cli: stop using appctx->st2 for the dump state
- CLEANUP: stick-table/cli: remove the unneeded STATE_INIT for "show table"
- CLEANUP: map/cli: take the "show map" context definition out of the appctx
- CLEANUP: map/cli: stop using cli.i0/i1 to store the generation numbers
- CLEANUP: map/cli: stop using appctx->st2 for the dump state
- CLEANUP: map/cli: always detach the backref from the list after "show map"
- CLEANUP: peers/cli: take the "show peers" context definition out of the appctx
- CLEANUP: peers/cli: stop using appctx->st2 for the dump state
- CLEANUP: peers/cli: remove unneeded state STATE_INIT
- CLEANUP: cli: initialize the whole appctx->ctx, not just the stats part
- CLEANUP: promex: make the applet use its own context
- CLEANUP: promex: stop using appctx->st2
- CLEANUP: stats/cli: take the "show stat" context definition out of the appctx
- CLEANUP: stats/cli: stop using appctx->st2
- CLEANUP: hlua/cli: take the hlua_cli context definition out of the appctx
- CLEANUP: ssl/cli: use a local context for "show cafile"
- CLEANUP: ssl/cli: use a local context for "show crlfile"
- CLEANUP: ssl/cli: use a local context for "show ssl cert"
- CLEANUP: ssl/cli: use a local context for "commit ssl cert"
- CLEANUP: ssl/cli: stop using appctx->st2 for "commit ssl cert"
- CLEANUP: ssl/cli: use a local context for "set ssl cert"
- CLEANUP: ssl/cli: use a local context for "set ssl cafile"
- CLEANUP: ssl/cli: use a local context for "set ssl crlfile"
- CLEANUP: ssl/cli: use a local context for "commit ssl {ca|crl}file"
- CLEANUP: ssl/cli: stop using appctx->st2 for "commit ssl ca/crl"
- CLEANUP: ssl/cli: stop using ctx.cli.i0/i1/p0 for "show tls-keys"
- CLEANUP: ssl/cli: add a new "dump_entries" field to "show_keys_ref"
- CLEANUP: ssl/cli: make "show tlskeys" not use appctx->st2 anymore
- CLEANUP: ssl/cli: make "show ssl ocsp-response" not use cli.p0 anymore
- CLEANUP: ssl/cli: make "{show|dump} ssl crtlist" use its own context
- CLEANUP: ssl/cli: make "add ssl crtlist" use its own context
- CLEANUP: ssl/cli: make "add ssl crtlist" not use st2 anymore
- CLEANUP: dns: stop abusing the sink forwarder's context
- CLEANUP: sink: use the generic context to store the forwarder's context
- CLEANUP: activity/cli: make "show profiling" not use ctx.cli anymore
- CLEANUP: debug/cli: make "debug dev fd" not use ctx.cli anymore
- CLEANUP: debug/cli: make "debug dev memstats" not use ctx.cli anymore
- CLEANUP: ring: pass the ring watch flags to ring_attach_cli(), not in ctx.cli
- CLEANUP: ring/cli: use a locally-defined context instead of using ctx.cli
- CLEANUP: resolvers/cli: make "show resolvers" use a locally-defined context
- CLEANUP: resolvers/cli: remove the unneeded appctx->st2 from "show resolvers"
- CLEANUP: cache/cli: make use of a locally defined context for "show cache"
- CLEANUP: proxy/cli: make use of a locally defined context for "show servers"
- CLEANUP: proxy/cli: get rid of appctx->st2 in "show servers"
- CLEANUP: proxy/cli: make "show backend" only use the generic context
- CLEANUP: cli: make "show fd" use its own context
- CLEANUP: cli: make "show env" use its own context
- CLEANUP: cli: simplify the "show cli sockets" I/O handler
- CLEANUP: cli: make "show cli sockets" use its own context
- CLEANUP: httpclient/cli: use a locally-defined context instead of ctx.cli
- CLEANUP: httpclient: do not use the appctx.ctx anymore
- CLEANUP: peers: do not use appctx.ctx anymore
- CLEANUP: spoe: do not use appctx.ctx anymore
- BUILD: applet: mark the CLI's generic variables as deprecated
- BUILD: applet: mark the appctx's st2 variable as deprecated
- CLEANUP: cache: take the context out of appctx.ctx
- MEDIUM: lua: move the cosocket storage outside of appctx.ctx
- MINOR: lua: move the tcp service storage outside of appctx.ctx
- MINOR: lua: move the http service context out of appctx.ctx
- CLEANUP: cli: move the status print context into its own context
- CLEANUP: stats: rename the stats state values an mark the old ones deprecated
- DOC: internal: document the new cleaner approach to the appctx
- MINOR: tcp: socket translate TCP_KEEPIDLE for macOs equivalent
- DOC: fix typo "ant" for "and" in INSTALL
- CI: dynamically determine actual version of h2spec
On Linux the interval before starting to send TCP keep-alive packets
is defined by TCP_KEEPIDLE. MacOS has an equivalent with TCP_KEEPIDLE,
which also uses seconds as a unit, so it's possible to simply remap the
definition of TCP_KEEPIDLE to TCP_KEEPALIVE there and get it to seamlessly
work. The other settings (interval and count) are not present, though.
The STAT_ST_* values have been abused by virtually every applet and CLI
keyword handler, and this must not continue as it's a source of bugs and
of overly complicated code.
This patch renames the states to STAT_STATE_*, and keeps the previous
enum while marking each entry as deprecated. This should be sufficient to
catch out-of-tree code that might rely on them and to let them know what
to do with that.
Now that the CLI's print context is alone in the appctx, it's possible
to refine the appctx's ctx layout so that the cli part matches exactly
a regular svcctx, and as such move the CLI context into an svcctx like
other applets. External code will still build and work because the
struct cli perfectly maps onto the struct cli_print_ctx that's located
into svc.storage. This is of course only to make a smooth transition
during 2.6 and will disappear immediately after.
A tiny change had to be applied to the opentracing addon which performs
direct accesses to the CLI's err pointer in its own print function. The
rest uses the standard cli_print_* which were the only ones that needed
a small change.
The whole "ctx.cli" struct could be tagged as deprecated so that any
possibly existing external code that relies on it will get build
warnings, and the comments in the struct are pretty clear about the
way to fix it, and the lack of future of this old API.
Just like for the TCP service, let's move the context away from
appctx.ctx. A new struct hlua_http_ctx was defined, reserved in
hlua_applet_http_init() and used everywhere else. Similarly, the
task dump code will no more report decoded stack traces in case
these services would be involved. That may be solved later.
The use-service mechanism for Lua in TCP mode relies on the
hlua_tcp storage in appctx->ctx. We can move its definition to
hlua.c and simply use appctx_reserve_svcctx() to reserve and access
the stoage. One tiny side effect is that the task dump used in panics
will not show anymore the Lua call stack in its trace. For this a
better API is needed from the Lua code to expose a function that does
the job from an appctx.
The Lua cosockets were using appctx.ctx.hlua_cosocket. Let's move this
to a local definition of "hlua_csk_ctx" in hlua.c, which is allocated
from the appctx by hlua_socket_new(). There's a notable change which is
that, while previously the xref link with the peer was established with
the appctx, it's now in the hlua_csk_ctx. This one must then hold a
pointer to the appctx. The code was adjusted accordingly, and now that
part of the code doesn't use the appctx.ctx anymore.
The context was moved to a local definition in the cache code, and
there's nothing specific to the cache anymore in the appctx. The
struct is stored into the appctx's storage area via the svcctx.
This one has been misused for a while as well, it's time to deprecate it
since we don't use it anymore. It will be removed in 2.7 and for now is
only marked as deprecated. Since we need to guarantee that it's zeroed
before starting any applet or CLI command, it was moved into an anonymous
union where its sibling is not marked as deprecated so that we can
continue to initialize it without triggering a warning.
If you found this commit after a bisect session you initiated to figure
why you got some build warnings and don't know what to do, have a look
at the code that deals with the "show fd", "show sess" or "show servers"
commands, as it's supposed to be self-explanatory about the tiny changes
to apply to your code to port it. If you find APPLET_MAX_SVCCTX to be
too small for your use case, either kindly ask for a tiny extension
(and try to get your code merged), or just use a pool.
The generic context variables p0/p1/p2, i0/i1, o0/o1 have been abused
and causing trouble for too long, it's time to remove them now that
they are not used anymore.
However the risk that external code still uses them is not nul and we
had not warned before about their removal. Let's mark them deprecated
in 2.6 and removed in 2.7. This will let external code continue to work
(as well as it could if it misuses them), with a strong encouragement
on updating it.
If you found this commit after a bisect session you initiated to figure
why you got some build warnings and don't know what to do, have a look
at the code that deals with the "show fd", "show env" or "show servers"
commands, as it's supposed to be self-explanatory about the tiny changes
to apply to your code to port it. If you find APPLET_MAX_SVCCTX to be
too small for your use case, either kindly ask for a tiny extension
(and try to get your code merged), or just use a pool.
The httpclient already uses its own pointer and only used to store this
single pointer into the appctx.ctx field. Let's just move it to the
svcctx and remove this entry from the appctx union.
The httpclient's CLI uses ctx.cli.i0 for its flags and .p0 for the client
instance. Let's have a locally defined structure for this so that we don't
need the generic cli variables anymore.
Let's create a show_sock_ctx to store the bind_conf and the listener.
The entry is reserved when entering the I/O handler since there's no
parser here. That's fine because the function doesn't touch the area.
The code is was a bit convoluted by the use of a state machine around
st2 that is not used since only the STAT_ST_LIST state was used, and
the test of global.cli_fe inside the loop while it ought better be
tested before entering there. Let's get rid of this unneded state and
simplify the code. There's no more need for ->st2 now. The code looks
more changed than it really is due to the reindent caused by the
removal of the switch statement, but "git show -b" shows what really
changed.
There is the variable to start from (or environ) and an option to stop
after dumping the first one, just like "show fd". Let's have a small
locally-defined context with these two fields.
The "show fd" command used to rely on cli.i0 for the fd, and st2 just
to decide whether to stop after the first value or not. It could have
been possible to decide to use just a negative integer to dump a single
value, but it's as easy and more durable to declare a two-field struct
show_fd_ctx for this.
The command uses a pointer to the current proxy being dumped, one to the
current server being dumped, an optional ID of the only proxy to dump
(which is in fact used as a boolean), and a flag indicating if we're
doing a "show servers conn" or a "show servers state". Let's move all
this to a struct show_srv_ctx.
The command uses a pointer to a cache instance and the next key to dump,
they were in cli.p0/i0 respectively, let's move them to a struct
show_cache_ctx.
The command uses this state but _INIT immediately turns to _LIST, which
turns to _FIN at the end without doing anything in that state, thus the
only existing state is _LIST so we don't need to store a state. Let's
just get rid of it.
The command was using cli.p0/p1/p2 to select which section to dump, the
current section and the current ns. Let's instead have a locally defined
"show_resolvers_ctx" section for this.
The ring code was using ctx.cli.i0/p0/o0 to store its context during CLI
dumps via "show events" or "show errors". Let's use a locally defined
context and drop that.
The ring watch flags (wait, seek end) were dangerously passed via ctx.cli.i0
from "show buf" in sink.c:cli_parse_show_events(), or implicitly reset in
"show errors". That's very unconvenient, difficult to follow, and prone to
short-term breakage.
Let's pass an extra argument to ring_attach_cli() to take these flags, now
defined in ring-t.h as RING_WF_*, and let the function set them itself
where appropriate (still ctx.cli.i0 for now).
The command only requires to store an int, but it will be useful later
to have a struct to pass extra info such as an "all" flag to dump all
FDs. The new context is now a struct dev_fd_ctx stored in svcctx.
Instead of having a struct that contains a single pointer in the appctx
context, let's directly use the generic context pointer and get rid of
the now unused sft.ptr entry.
Several steps are used during the addition of a crtlist to yield during
long operations, and states are used for this. Let's just not use the
st2 anymore and place the state inside the add_crtlist_ctx struct instead.
These commands were using cli.i0/p0/p1 and in a not very clean way since
they use the same parser but with different types depending on the I/O
handler. Given there was no explanation about what the variables were
supposed to be, they were named based on best guess and placed into a
new "show_crtlist_ctx" structure.
These two commands use distinct parse/release functions but a common
iohandler, thus they need to keep the same context. It was created
under the name "commit_cacrlfile_ctx" and holds a large part of the
pointers (6) and the ca_type field that helps distinguish between
the two commands for the I/O handler. It looks like some of these
fields could have been merged since apparently the CA part only
uses *cafile* and the CRL part *crlfile*, while both old and new
are of type cafile_entry and set only for each type. This could
probably even simplify some parts of the code that tries to use
the correct field.
These fields were the last ones to be migrated thus the appctx's
ssl context could finally be removed.
Just like for "set ssl cafile", the command doesn't really need this
context which doesn't outlive the parsing function but it was there
for a purpose so it's maintained. Only 3 fields were used from the
appctx's ssl context: old_crlfile_entry, new_crlfile_entry, and path.
These ones were reinstantiated into a new "set_crlfile_ctx" struct.
It could have been merged with the one used in "set cafile" if the
fields had been renamed since cafile and crlfile are of the same
type (probably one of them ought to be renamed?).
None of these fields could be dropped as they are still shared with
other commands.
Just like for "set ssl cert", the command doesn't really need this
context which doesn't outlive the parsing function but it was there
for a purpose so it's maintained. Only 3 fields were used from the
appctx's ssl context: old_cafile_entry, new_cafile_entry, and path.
These ones were reinstantiated into a new "set_cafile_ctx" struct.
None of them could be dropped as they are still shared with other
commands.
The command doesn't really need any storage since there's only a parser,
but since it used this context, there might have been plans for extension,
so better continue with a persistent one. Only old_ckchs, new_ckchs, and
path were being used from the appctx's ssl context. There ones moved to
the local definition, and the two former ones were removed from the appctx
since not used anymore.
