This patch addresses #1514, adds the ability to fetch DN of the root
ca that was in the chain when client certificate was verified during SSL
handshake.
Despite the doc not mentionning it, core.{proxies,frontends,backends}
methods are also available from init context.
(through core.register_init() functions)
Updating the documentation to reflect this possibility.
httpclient.resolvers.disabled allow to disable completely the resolvers
of the httpclient, prevents the creation of the "default" resolvers
section, and does not insert the http do-resolve rule in the proxies.
This provides more consistency between the master and the worker. When
"prompt timed" is passed on the master, the timed mode is toggled. When
enabled, for a master it will show the master process' uptime, and for
a worker it will show this worker's uptime. Example:
master> prompt timed
[0:00:00:50] master> show proc
#<PID> <type> <reloads> <uptime> <version>
11940 master 1 [failed: 0] 0d00h02m10s 2.8-dev11-474c14-21
# workers
11955 worker 0 0d00h00m59s 2.8-dev11-474c14-21
# old workers
11942 worker 1 0d00h02m10s 2.8-dev11-474c14-21
# programs
[0:00:00:58] master> @!11955
[0:00:01:03] 11955> @!11942
[0:00:02:17] 11942> @
[0:00:01:10] master>
Entering "prompt timed" toggles reporting of the process' uptime in
the prompt, which will report days, hours, minutes and seconds since
it was started. As discussed with Tim in issue #2145, this can be
convenient to roughly estimate the time between two outputs, as well
as detecting that a process failed to be reloaded for example.
Released version 2.8-dev11 with the following main changes :
- BUILD: debug: do not check the isolated_thread variable in non-threaded builds
- BUILD: quic: fix build warning when threads are disabled
- CI: more granular failure on generating build matrix
- CLEANUP: quic: No more used q_buf structure
- CLEANUP: quic: Rename several <buf> variables in quic_frame.(c|h)
- CLEANUP: quic: Typo fix for quic_connection_id pool
- BUG/MINOR: quic: Wrong key update cipher context initialization for encryption
- BUG/MEDIUM: cache: Don't request more room than the max allowed
- MEDIUM: stconn: Be sure to always be able to unblock a SC that needs room
- EXAMPLES: fix IPV6 support for lua mailers script
- BUILD: ssl: buggy -Werror=dangling-pointer since gcc 13.0
- DOC: stconn: Update comments about ABRT/SHUT for stconn structure
- BUG/MEDIUM: stats: Require more room if buffer is almost full
- DOC: configuration: add info about ssl-engine for 2.6
- BUG/MINOR: mux-quic: fix transport VS app CONNECTION_CLOSE
- BUG/MEDIUM: mux-quic: wakeup tasklet to close on error
- DEV: flags: add a script to decode most flags in the "show sess all" output
- BUG/MINOR: quic: Possible crash when dumping version information
- BUG/MINOR: config: make compression work again in defaults section
- BUG/MEDIUM: stream: Forward shutdowns when unhandled errors are caught
- MEDIUM: stream: Resync analyzers at the end of process_stream() on change
- DEV: flags: add missing stream flags to show-sess-to-flags
- DEV: flags/show-sess-to-flags: only retrieve hex digits from hex fields
- DEV: flags/show-sess-to-flags: add support for color output
- CLEANUP: src/listener.c: remove redundant NULL check
In the announcement of 2.6 is mentioned that the openssl engine
is not enabled by default.
This patch add the information to the configuration.txt.
This is related to GitHub Issue #1752.
Should be back ported to 2.6
Released version 2.8-dev10 with the following main changes :
- BUG/MINOR: stats: fix typo in `TotalSplicedBytesOut` field name
- REGTESTS: add success test, "set server" via fqdn
- MINOR: ssl: disable CRL checks with WolfSSL when no CRL file
- BUG/MINOR: stream/cli: fix stream age calculation in "show sess"
- MINOR: debug: clarify "debug dev stream" help message
- DEBUG: cli: add "debug dev task" to show/wake/expire/kill tasks and tasklets
- BUG/MINOR: ssl/sample: x509_v_err_str converter output when not found
- REGTESTS: ssl: simplify X509_V code check in ssl_client_auth.vtc
- BUILD: cli: fix build on Windows due to isalnum() implemented as a macro
- MINOR: activity: use a single macro to iterate over all fields
- MINOR: activity: show the line header inside the SHOW_VAL macro
- MINOR: activity: iterate over all fields in a main loop for dumping
- MINOR: activity: allow "show activity" to restart dumping on any line
- MINOR: activity: allow "show activity" to restart in the middle of a line
- DEV: haring: automatically disable DEBUG_STRICT
- DEV: haring: update readme to suggest using the same build options for haring
- BUG/MINOR: debug: fix incorrect profiling status reporting in show threads
- MINOR: debug: permit the "debug dev loop" to run under isolation
- BUG/MEDIUM: mux-h2: Properly handle end of request to expect data from server
- BUG/MINOR: mux-quic: prevent quic_conn error code to be overwritten
- MINOR: mux-quic: add trace event for local error
- MINOR: mux-quic: wake up after recv only if avail data
- MINOR: mux-quic: adjust local error API
- MINOR: mux-quic: report local error on stream endpoint asap
- MINOR: mux-quic: close connection asap on local error
- BUG/MINOR: debug: do not emit empty lines in thread dumps
- BUG/MINOR: mux-h2: Also expect data when waiting for a tunnel establishment
- BUG/MINOR: time: fix NS_TO_TV macro
- MEDIUM: debug: simplify the thread dump mechanism
- MINOR: debug: write panic dump to stderr one thread at a time
- MINOR: debug: make "show threads" properly iterate over all threads
- CLEANUP: debug: remove the now unused ha_thread_dump_all_to_trash()
- MINOR: ssl: allow to change the server signature algorithm
- MINOR: ssl: allow to change the signature algorithm for client authentication
- MINOR: cli: Use applet API to write output message
- MINOR: stats: Use the applet API to write data
- MINOR: peers: Use the applet API to send message
- MINOR: stconn: Add a field to specify the room needed by the SC to progress
- MEDIUM: tree-wide: Change sc API to specify required free space to progress
- BUG/MEDIUM: stconn: Unblock SC from stream if there is enough room to progrees
- MEDIUM: applet: Check room needed to unblock opposite SC when data was consumed
- MEDIUM: stconn: Check room needed to unblock SC on fast-forward
- MEDIUM: stconn: Check room needed to unblock opposite SC when data was sent
- MINOR: hlua_fcn: fix Server.is_draining() return type
- MINOR: hlua_fcn: add Server.is_backup()
- MINOR: hlua_fcn: add Server.is_dynamic()
- MINOR: hlua_fcn: add Server.tracking()
- MINOR: hlua_fcn: add Server.get_trackers()
- MINOR: hlua_fcn: add Server.get_proxy()
- MINOR: hlua_fcn: add Server.get_pend_conn() and Server.get_cur_sess()
- MINOR: hlua_fcn: add Proxy.get_srv_act() and Proxy.get_srv_bck()
- DOC: lua/event: add ServerEvent class header
- MINOR: server/event_hdl: publish macro helper
- MINOR: server/event_hdl: add SERVER_STATE event
- OPTIM: server: publish UP/DOWN events from STATE change
- MINOR: hlua: expose SERVER_STATE event
- MINOR: server/event_hdl: add SERVER_ADMIN event
- MINOR: hlua: expose SERVER_ADMIN event
- MINOR: checks/event_hdl: SERVER_CHECK event
- MINOR: hlua/event_hdl: expose SERVER_CHECK event
- MINOR: mailers/hlua: disable email sending from lua
- MINOR: hlua: expose proxy mailers
- EXAMPLES: add lua mailers script to replace tcpcheck mailers
- BUG/MINOR: hlua: spinning loop in hlua_socket_handler()
- MINOR: server: fix message report when IDRAIN is set and MAINT is cleared
- CLEANUP: hlua: hlua_register_task() may longjmp
- REGTESTS: use lua mailer script for mailers tests
- MINOR: hlua: declare hlua_{ref,pushref,unref} functions
- MINOR: hlua: declare hlua_gethlua() function
- MINOR: hlua: declare hlua_yieldk() function
- MINOR: hlua_fcn: add Queue class
- EXAMPLES: mailqueue for lua mailers script
- MINOR: quic: add format argument for "show quic"
- MINOR: quic: implement oneline format for "show quic"
- MINOR: config: allow cpu-map to take commas in lists of ranges
- CLEANUP: fix a few reported typos in code comments
- DOC: fix a few reported typos in the config and install doc
The function that cpu-map uses to parse CPU sets, parse_cpu_set(), was
etended in 2.4 with commit a80823543 ("MINOR: cfgparse: support the
comma separator on parse_cpu_set") to support commas between ranges.
But since it was quite late in the development cycle, by then it was
decided not to add a last-minute surprise and not to magically support
commas in cpu-map, hence the "comma_allowed" argument.
Since then we know that it was not the best choice, because the comma
is silently ignored in the cpu-map syntax, causing all sorts of
surprises in field with threads running on a single node for example.
In addition it's quite common to copy-paste a taskset line and put it
directly into the haproxy configuration.
This commit relaxes this rule an finally allows cpu-map to support
commas between ranges. It simply consists in removing the comma_allowed
argument in the parse_cpu_set() function. The doc was updated to
reflect this.
Add a new output format "oneline" for "show quic" command. This prints
one connection per line with minimal information. The objective is to
have an equivalent of the netstat/ss tools with just enough information
to quickly find connection which are misbehaving.
A legend is printed on the first line to describe the field columns
starting with a dash character.
This should be backported up to 2.7.
Add an extra optional argument for "show quic" to specify desired output
format. Its objective is to control the verbosity per connections. For
the moment, only "full" is supported, which is the already implemented
output with maximum information.
This should be backported up to 2.7.
Adding a new lua class: Queue.
This class provides a generic FIFO storage mechanism that may be shared
between multiple lua contexts to easily pass data between them, as stock
Lua doesn't provide easy methods for passing data between multiple
coroutines.
New Queue object may be obtained using core.queue()
(it works like core.concat() for a concat Class)
Lua documentation was updated (including some usage examples)
Proxy mailers, which are configured using "email-alert" directives
in proxy sections from the configuration, are now being exposed
directly in lua thanks to the proxy:get_mailers() method which
returns a class containing the various mailers settings if email
alerts are configured for the given proxy (else nil is returned).
Both the class and the proxy method were marked as LEGACY since this
feature relies on mailers configuration, and the goal here is to provide
the last missing bits of information to lua scripts in order to make
them capable of sending email alerts instead of relying on the soon-to-
be deprecated mailers implementation based on checks (see src/mailers.c)
Lua documentation was updated accordingly.
Exposing a new hlua function, available from body or init contexts, that
forcefully disables the sending of email alerts even if the mailers are
defined in haproxy configuration.
This will help for sending email directly from lua.
(prevent legacy email sending from intefering with lua)
Exposing SERVER_CHECK event through the lua API.
New lua class named ServerEventCheck was added to provide additional
data for SERVER_CHECK event.
Lua documentation was updated accordingly.
Server.get_pend_conn: number of pending connections to the server
Server.get_cur_sess: number of current sessions handled by the server
Lua documentation was updated accordingly.
This commit introduces the keyword "client-sigalgs" for the bind line,
which does the same as "sigalgs" but for the client authentication.
"ssl-default-bind-client-sigalgs" allows to set the default parameter
for all the bind lines.
This patch should fix issue #2081.
This patch introduces the "sigalgs" keyword for the bind line, which
allows to configure the list of server signature algorithms negociated
during the handshake. Also available as "ssl-default-bind-sigalgs" in
the default section.
This patch was originally written by Bruno Henc.
The x509_v_err_str converter now outputs the numerical value as a string
when the corresponding constant name was not found.
Must be backported as far as 2.7.
Released version 2.8-dev9 with the following main changes :
- MINOR: quic: Move traces at proto level
- BUG/MINOR: quic: Possible memory leak from TX packets
- BUG/MINOR: quic: Possible leak during probing retransmissions
- BUG/MINOR: quic: Useless probing retransmission in draining or killing state
- BUG/MINOR: quic: Useless I/O handler task wakeups (draining, killing state)
- CLEANUP: quic: rename frame types with an explicit prefix
- CLEANUP: quic: rename frame variables
- CLEANUP: quic: Remove useless parameters passes to qc_purge_tx_buf()
- CLEANUP: quic: Rename <buf> variable to <token> in quic_generate_retry_token()
- CLEANUP: quic: Rename <buf> variable into quic_padding_check()
- CLEANUP: quic: Rename <buf> variable into quic_rx_pkt_parse()
- CLEANUP: quic: Rename <buf> variable for several low level functions
- CLEANUP: quic: Make qc_build_pkt() be more readable
- CLEANUP: quic: Rename quic_get_dgram_dcid() <buf> variable
- CLEANUP: quic: Rename several <buf> variables at low level
- CLEANUP: quic: Rename <buf> variable into quic_packet_read_long_header()
- CLEANUP: quic: Rename <buf> variable into qc_parse_hd_form()
- CLEANUP: quic: Rename several <buf> variables into quic_sock.c
- DEBUG: crash using an invalid opcode on x86/x86_64 instead of an invalid access
- DEBUG: crash using an invalid opcode on aarch64 instead of an invalid access
- DEV: h2: add a script "mkhdr" to build h2 frames from scratch
- DEV: h2: support reading frame payload from a file
- MINOR: acme.sh: add the deploy script for acme.sh in admin directory
- BUG/MEDIUM: mux-quic: do not emit RESET_STREAM for unknown length
- BUG/MEDIUM: mux-quic: improve streams fairness to prevent early timeout
- BUG/MINOR: quic: prevent buggy memcpy for empty STREAM
- MINOR: mux-quic: do not set buffer for empty STREAM frame
- MINOR: mux-quic: do not allocate Tx buf for empty STREAM frame
- MINOR: quic: finalize affinity change as soon as possible
- BUG/MINOR: quic: fix race on quic_conns list during affinity rebind
- CI: switch to Fastly CDN to download LibreSSL
- BUILD: ssl: switch LibreSSL to Fastly CDN
- BUG/MINOR: clock: fix a few occurrences of 'now' being used in place of 'date'
- BUG/MINOR: spoe: use "date" not "now" in debug messages
- BUG/MINOR: activity: show wall-clock date, not internal date in show activity
- BUG/MINOR: opentracing: use 'date' instead of 'now' in debug output
- Revert "BUG/MINOR: clock: fix a few occurrences of 'now' being used in place of 'date'"
- BUG/MINOR: calltrace: fix 'now' being used in place of 'date'
- BUG/MINOR: trace: show wall-clock date, not internal date in show activity
- BUG/MINOR: hlua: return wall-clock date, not internal date in core.now()
- BUG/MEDIUM: spoe: Don't start new applet if there are enough idle ones
- BUG/MINOR: stconn: Fix SC flags with same value
- BUG/MINOR: resolvers: Use sc_need_room() to wait more room when dumping stats
- BUG/MEDIUM: tcpcheck: Don't eval custom expect rule on an empty buffer
- BUG/MINOR: stats: report the correct start date in "show info"
- MINOR: time: add conversions to/from nanosecond timestamps
- MINOR: time: replace calls to tv_ms_elapsed() with a linear subtract
- MINOR: spoe: switch the timeval-based timestamps to nanosecond timestamps
- MEDIUM: tree-wide: replace timeval with nanoseconds in tv_accept and tv_request
- MINOR: stats: use nanoseconds, not timeval to compute uptime
- MINOR: activity: use nanoseconds, not timeval to compute uptime
- MINOR: checks: use a nanosecond counters instead of timeval for checks->start
- MINOR: clock: do not use now.tv_sec anymore
- MEDIUM: clock: replace timeval "now" with integer "now_ns"
- MINOR: clock: replace the timeval start_time with start_time_ns
- MINOR: sample: Add bc_rtt and bc_rttvar
- MINOR: quic: use real sending rate measurement
- MINOR: proxy: factorize send rate measurement
Released version 2.8-dev8 with the following main changes :
- BUG/MEDIUM: cli: Set SE_FL_EOI flag for '_getsocks' and 'quit' commands
- BUG/MEDIUM: cli: Eat output data when waiting for appctx shutdown
- BUG/MEDIUM: http-client: Eat output data when waiting for appctx shutdown
- BUG/MEDIUM: stats: Eat output data when waiting for appctx shutdown
- BUG/MEDIUM: log: Eat output data when waiting for appctx shutdown
- BUG/MEDIUM: dns: Kill idle DNS sessions during stopping stage
- BUG/MINOR: resolvers: Wakeup DNS idle task on stopping
- BUG/MEDIUM: resolvers: Force the connect timeout for DNS resolutions
- MINOR: hlua: Stop to check the SC state when executing a hlua cli command
- BUG/MEDIUM: mux-h1: Report EOI when a TCP connection is upgraded to H2
- BUG/MEDIUM: mux-h2: Never set SE_FL_EOS without SE_FL_EOI or SE_FL_ERROR
- MINOR: quic: Trace fix in quic_pto_pktns() (handshaske status)
- BUG/MINOR: quic: Wrong packet number space probing before confirmed handshake
- MINOR: quic: Modify qc_try_rm_hp() traces
- MINOR: quic: Dump more information at proto level when building packets
- MINOR: quic: Add a trace for packet with an ACK frame
- MINOR: activity: add a line reporting the average CPU usage to "show activity"
- BUG/MINOR: stick_table: alert when type len has incorrect characters
- MINOR: thread: keep a bitmask of enabled groups in thread_set
- MINOR: fd: optimize fd_claim_tgid() for use in fd_insert()
- MINOR: fd: add a lock bit with the tgid
- MINOR: fd: implement fd_migrate_on() to migrate on a non-local thread
- MINOR: receiver: reserve special values for "shards"
- MINOR: bind-conf: support a new shards value: "by-group"
- BUG/MEDIUM: fd: don't wait for tmask to stabilize if we're not in it.
- MINOR: quic: Add packet loss and maximum cc window to "show quic"
- BUG/MINOR: quic: Ignored less than 1ms RTTs
- MINOR: quic: Add connection flags to traces
- BUG/MEDIUM: quic: Code sanitization about acknowledgements requirements
- BUG/MINOR: quic: Possible wrapped values used as ACK tree purging limit.
- BUG/MINOR: quic: SIGFPE in quic_cubic_update()
- MINOR: quic: Display the packet number space flags in traces
- MINOR: quic: Remove a useless test about probing in qc_prep_pkts()
- BUG/MINOR: quic: Wrong Application encryption level selection when probing
- CI: bump "actions/checkout" to v3 for cross zoo matrix
- CI: enable monthly test on Fedora Rawhide
- BUG/MINOR: stream: Fix test on SE_FL_ERROR on the wrong entity
- BUG/MEDIUM: stream: Report write timeouts before testing the flags
- BUG/MEDIUM: stconn: Do nothing in sc_conn_recv() when the SC needs more room
- MINOR: stream: Uninline and export sess_set_term_flags() function
- MINOR: filters: Review and simplify errors handling
- REGTESTS: fix the race conditions in log_uri.vtc
- MINOR: channel: Forwad close to other side on abort
- MINOR: stream: Introduce stream_abort() to abort on both sides in same time
- MINOR: stconn: Rename SC_FL_SHUTR_NOW in SC_FL_ABRT_WANTED
- MINOR: channel/stconn: Replace channel_shutr_now() by sc_schedule_abort()
- MINOR: stconn: Rename SC_FL_SHUTW_NOW in SC_FL_SHUT_WANTED
- MINOR: channel/stconn: Replace channel_shutw_now() by sc_schedule_shutdown()
- MINOR: stconn: Rename SC_FL_SHUTR in SC_FL_ABRT_DONE
- MINOR: channel/stconn: Replace sc_shutr() by sc_abort()
- MINOR: stconn: Rename SC_FL_SHUTW in SC_FL_SHUT_DONE
- MINOR: channel/stconn: Replace sc_shutw() by sc_shutdown()
- MINOR: tree-wide: Replace several chn_cons() by the corresponding SC
- MINOR: tree-wide: Replace several chn_prod() by the corresponding SC
- BUG/MINOR: cli: Don't close when SE_FL_ERR_PENDING is set in cli analyzer
- MINOR: stconn: Stop to set SE_FL_ERROR on sending path
- MEDIUM: stconn: Forbid applets with more to deliver if EOI was reached
- MINOR: stconn: Don't clear SE_FL_ERROR when endpoint is reset
- MINOR: stconn: Add a flag to ack endpoint errors at SC level
- MINOR: backend: Set SC_FL_ERROR on connection error
- MINOR: stream: Set SC_FL_ERROR on channels' buffer allocation error
- MINOR: tree-wide: Test SC_FL_ERROR with SE_FL_ERROR from upper layer
- MEDIUM: tree-wide: Stop to set SE_FL_ERROR from upper layer
- MEDIUM: backend: Stop to use SE flags to detect connection errors
- MEDIUM: stream: Stop to use SE flags to detect read errors from analyzers
- MEDIUM: stream: Stop to use SE flags to detect endpoint errors
- MEDIUM: stconn: Rely on SC flags to handle errors instead of SE flags
- BUG/MINOR: stconn: Don't set SE_FL_ERROR at the end of sc_conn_send()
- BUG/MINOR: quic: Do not use ack delay during the handshakes
- CLEANUP: use "offsetof" where appropriate
- MINOR: ssl: remove OpenSSL 1.0.2 mention into certificate loading error
- BUG/MEDIUM: http-ana: Properly switch the request in tunnel mode on upgrade
- BUG/MEDIUM: log: Properly handle client aborts in syslog applet
- MINOR: stconn: Add a flag to report EOS at the stream-connector level
- MINOR: stconn: Propagate EOS from a mux to the attached stream-connector
- MINOR: stconn: Propagate EOS from an applet to the attached stream-connector
- MINOR: mux-h2: make the initial window size configurable per side
- MINOR: mux-h2: make the max number of concurrent streams configurable per side
- BUG/MINOR: task: allow to use tasklet_wakeup_after with tid -1
- CLEANUP: quic: remove unused QUIC_LOCK label
- CLEANUP: quic: remove unused scid_node
- CLEANUP: quic: remove unused qc param on stateless reset token
- CLEANUP: quic: rename quic_connection_id vars
- MINOR: quic: remove uneeded tasklet_wakeup after accept
- MINOR: quic: adjust Rx packet type parsing
- MINOR: quic: adjust quic CID derive API
- MINOR: quic: remove TID ref from quic_conn
- MEDIUM: quic: use a global CID trees list
- MINOR: quic: remove TID encoding in CID
- MEDIUM: quic: handle conn bootstrap/handshake on a random thread
- MINOR: quic: do not proceed to accept for closing conn
- MINOR: protocol: define new callback set_affinity
- MINOR: quic: delay post handshake frames after accept
- MEDIUM: quic: implement thread affinity rebinding
- BUG/MINOR: quic: transform qc_set_timer() as a reentrant function
- MINOR: quic: properly finalize thread rebinding
- MAJOR: quic: support thread balancing on accept
- MINOR: listener: remove unneeded local accept flag
- BUG/MINOR: http-ana: Update analyzers on both sides when switching in TUNNEL mode
- CLEANUP: backend: Remove useless debug message in assign_server()
- CLEANUP: cli: Remove useless debug message in cli_io_handler()
- BUG/MEDIUM: stconn: Propagate error on the SC on sending path
- MINOR: config: add "no-alpn" support for bind lines
- REGTESTS: add a new "ssl_alpn" test to test ALPN negotiation
- DOC: add missing documentation for "no-alpn" on bind lines
- MINOR: ssl: do not set ALPN callback with the empty string
- MINOR: ssl_crtlist: dump "no-alpn" on "show crtlist" when "no-alpn" was set
- MEDIUM: config: set useful ALPN defaults for HTTPS and QUIC
- BUG/MEDIUM: quic: prevent crash on Retry sending
- BUG/MINOR: cfgparse: make sure to include openssl-compat
- MINOR: clock: add now_mono_time_fast() function
- MINOR: clock: add now_cpu_time_fast() function
- MEDIUM: hlua: reliable timeout detection
- MEDIUM: hlua: introduce tune.lua.burst-timeout
- CLEANUP: hlua: avoid confusion between internal timers and tick based timers
- MINOR: hlua: hook yield on known lua state
- MINOR: hlua: safe coroutine.create()
- BUG/MINOR: quic: Stop removing ACK ranges when building packets
- MINOR: quic: Do not allocate too much ack ranges
- BUG/MINOR: quic: Unchecked buffer length when building the token
- BUG/MINOR: quic: Wrong Retry token generation timestamp computing
- BUG/MINOR: mux-quic: fix crash with app ops install failure
- BUG/MINOR: mux-quic: properly handle STREAM frame alloc failure
- BUG/MINOR: h3: fix crash on h3s alloc failure
- BUG/MINOR: quic: prevent crash on qc_new_conn() failure
- BUG/MINOR: quic: consume Rx datagram even on error
- CLEANUP: errors: fix obsolete function comments
- CLEANUP: server: fix update_status() function comment
- MINOR: server/event_hdl: add proxy_uuid to event_hdl_cb_data_server
- MINOR: hlua/event_hdl: rely on proxy_uuid instead of proxy_name for lookups
- MINOR: hlua/event_hdl: expose proxy_uuid variable in server events
- MINOR: hlua/event_hdl: fix return type for hlua_event_hdl_cb_data_push_args
- MINOR: server/event_hdl: prepare for upcoming refactors
- BUG/MINOR: event_hdl: don't waste 1 event subtype slot
- CLEANUP: event_hdl: updating obsolete comment for EVENT_HDL_CB_DATA
- CLEANUP: event_hdl: fix comment typo about _sync assertion
- MINOR: event_hdl: dynamically allocated event data members
- MINOR: event_hdl: provide event->when for advanced handlers
- MINOR: hlua/event_hdl: timestamp for events
- DOC: lua: restore 80 char limitation
- BUG/MINOR: server: incorrect report for tracking servers leaving drain
- MINOR: server: explicitly commit state change in srv_update_status()
- BUG/MINOR: server: don't miss proxy stats update on server state transitions
- BUG/MINOR: server: don't miss server stats update on server state transitions
- BUG/MINOR: server: don't use date when restoring last_change from state file
- MINOR: server: central update for server counters on state change
- MINOR: server: propagate server state change to lb through single function
- MINOR: server: propagate lb changes through srv_lb_propagate()
- MINOR: server: change adm_st_chg_cause storage type
- MINOR: server: srv_append_status refacto
- MINOR: server: change srv_op_st_chg_cause storage type
- CLEANUP: server: remove unused variables in srv_update_status()
- CLEANUP: server: fix srv_set_{running, stopping, stopped} function comment
- MINOR: server: pass adm and op cause to srv_update_status()
- MEDIUM: server: split srv_update_status() in two functions
- MINOR: server/event_hdl: prepare for server event data wrapper
- MINOR: quic: support migrating the listener as well
- MINOR: quic_sock: index li->per_thr[] on local thread id, not global one
- MINOR: listener: support another thread dispatch mode: "fair"
- MINOR: receiver: add a struct shard_info to store info about each shard
- MINOR: receiver: add RX_F_MUST_DUP to indicate that an rx must be duped
- MEDIUM: proto: duplicate receivers marked RX_F_MUST_DUP
- MINOR: proto: skip socket setup for duped FDs
- MEDIUM: config: permit to start a bind on multiple groups at once
- MINOR: listener: make accept_queue index atomic
- MEDIUM: listener: rework thread assignment to consider all groups
- MINOR: listener: use a common thr_idx from the reference listener
- MINOR: listener: resync with the thread index before heavy calculations
- MINOR: listener: make sure to avoid ABA updates in per-thread index
- MINOR: listener: always compare the local thread as well
- MINOR: Make `tasklet_free()` safe to be called with `NULL`
- CLEANUP: Stop checking the pointer before calling `tasklet_free()`
- CLEANUP: Stop checking the pointer before calling `pool_free()`
- CLEANUP: Stop checking the pointer before calling `task_free()`
- CLEANUP: Stop checking the pointer before calling `ring_free()`
- BUG/MINOR: cli: clarify error message about stats bind-process
- CI: cirrus-ci: bump FreeBSD image to 13-1
- REGTESTS: remove unsupported "stats bind-process" keyword
- CI: extend spellchecker whitelist, add "clen" as well
- CLEANUP: assorted typo fixes in the code and comments
- BUG/MINOR: sock_inet: use SO_REUSEPORT_LB where available
- BUG/MINOR: tools: check libssl and libcrypto separately
- BUG/MINOR: config: fix NUMA topology detection on FreeBSD
- BUILD: sock_inet: forward-declare struct receiver
- BUILD: proto_tcp: export the correct names for proto_tcpv[46]
- CLEANUP: protocol: move the l3_addrlen to plug a hole in proto_fam
- CLEANUP: protocol: move the nb_receivers to plug a hole in protocol
- REORG: listener: move the bind_conf's thread setup code to listener.c
- MINOR: proxy: make proxy_type_str() recognize peers sections
- MEDIUM: peers: call bind_complete_thread_setup() to finish the config
- MINOR: protocol: add a flags field to store info about protocols
- MINOR: protocol: move the global reuseport flag to the protocols
- MINOR: listener: automatically adjust shards based on support for SO_REUSEPORT
- MINOR: protocol: add a function to check if some features are supported
- MINOR: sock: add a function to check for SO_REUSEPORT support at runtime
- MINOR: protocol: perform a live check for SO_REUSEPORT support
- MINOR: listener: do not restrict CLI to first group anymore
- MINOR: listener: add a new global tune.listener.default-shards setting
- MEDIUM: listener: switch the default sharding to by-group
Sharding by-group is exactly identical to by-process for a single
group, and will use the same number of file descriptors for more than
one group, while significantly lowering the kernel's locking overhead.
Now that all special listeners (cli, peers) are properly handled, and
that support for SO_REUSEPORT is detected at runtime per protocol, there
should be no more reason for now switching to by-group by default.
That's what this patch does. It does only this and nothing else so that
it's easy to revert, should any issue be raised.
Testing on an AMD EPYC 74F3 featuring 24 cores and 48 threads distributed
into 8 core complexes of 3 cores each, shows that configuring 8 groups
(one per CCX) is sufficient to simply double the forwarded connection
rate from 112k to 214k/s, reducing kernel locking from 71 to 55%.
This new setting accepts "by-process", "by-group" and "by-thread" and
will dictate how listeners will be sharded by default when nothing is
specified. While the default remains "by-process", "by-group" should be
much more efficient with many threads, while not changing anything for
single-group setups.
Now if multiple shards are explicitly requested, and the listener's
protocol doesn't support SO_REUSEPORT, sharding is disabled, which will
result in the socket being automatically duped if needed. A warning is
emitted when this happens. If "shards by-group" or "shards by-thread"
are used, these will automatically be turned down to 1 since we want
this to be possible easily using -dR on the command line without having
to djust the config. For "by-thread", a diag warning will be emitted to
help troubleshoot possible performance issues.
Now it's possible for a bind line to span multiple thread groups. When
this happens, the first one will become the reference and will be entirely
set up, and the subsequent ones will be duplicated from this reference,
so that they can be registered in distinct groups. The reference is
always setup and started first so it is always available when the other
ones are started.
The doc was updated to reflect this new possibility with its limitations
and impacts, and the differences with the "shards" option.
This new algorithm for rebalancing incoming connections to multiple
threads is simpler and instead of considering the threads load, it will
only cycle through all of them, offering a fair share of the traffic to
each thread. It may be well suited for short-lived connections but is
also convenient for very large thread counts where it's not always certain
that the least loaded thread will always be found.
'when' optional argument is provided to lua event handlers.
It is an integer representing the number of seconds elapsed since Epoch
and may be used in conjunction with lua `os.date()` function to provide
a custom format string.
The "burst" execution timeout applies to any Lua handler.
If the handler fails to finish or yield before timeout is reached,
handler will be aborted to prevent thread contention, to prevent
traffic from not being served for too long, and ultimately to prevent
the process from crashing because of the watchdog kicking in.
Default value is 1000ms.
Combined with forced-yield default value of 10000 lua instructions, it
should be high enough to prevent any existing script breakage, while
still being able to catch slow lua converters or sample fetches
doing thread contention and risking the process stability.
Setting value to 0 completely bypasses this check. (not recommended but
could be required to restore original behavior if this feature breaks
existing setups somehow...)
No backport needed, although it could be used to prevent watchdog crashes
due to poorly coded (slow/cpu consuming) lua sample fetches/converters.
This commit makes sure that if three is no "alpn", "npn" nor "no-alpn"
setting on a "bind" line which corresponds to an HTTPS or QUIC frontend,
we automatically turn on "h2,http/1.1" as an ALPN default for an HTTP
listener, and "h3" for a QUIC listener. This simplifies the configuration
for end users since they won't have to explicitly configure the ALPN
string to enable H2, considering that at the time of writing, HTTP/1.1
represents less than 7% of the traffic on large infrastructures. The
doc and regtests were updated. For more info, refer to the following
thread:
https://www.mail-archive.com/haproxy@formilux.org/msg43410.html
For a long time the maximum number of concurrent streams was set once for
both sides (front and back) while the impacts are different. This commit
allows it to be configured separately for each side. The older settings
remains the fallback choice when other ones are not set.
For a long time the initial window size (per-stream size) was set once
for both directions, frontend and backend, resulting in a tradeoff between
upload speed and download fairness. This commit allows it to be configured
separately for each side. The older settings remains the fallback choice
when other ones are not set.
Setting "shards by-group" will create one shard per thread group. This
can often be a reasonable tradeoff between a single one that can be
suboptimal on CPUs with many cores, and too many that will eat a lot
of file descriptors. It was shown to provide good results on a 224
thread machine, with a distribution that was even smoother than the
system's since here it can take into account the number of connections
per thread in the group. Depending on how popular it becomes, it could
even become the default setting in a future version.
Released version 2.8-dev7 with the following main changes :
- BUG/MINOR: stats: Don't replace sc_shutr() by SE_FL_EOS flag yet
- BUG/MEDIUM: mux-h2: Be able to detect connection error during handshake
- BUG/MINOR: quic: Missing padding in very short probe packets
- MINOR: proxy/pool: prevent unnecessary calls to pool_gc()
- CLEANUP: proxy: remove stop_time related dead code
- DOC/MINOR: reformat configuration.txt's "quoting and escaping" table
- MINOR: http_fetch: Add support for empty delim in url_param
- MINOR: http_fetch: add case insensitive support for smp_fetch_url_param
- MINOR: http_fetch: Add case-insensitive argument for url_param/urlp_val
- REGTESTS : Add test support for case insentitive for url_param
- BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop
- BUG/MINOR: backend: make be_usable_srv() consistent when stopping
- BUG/MINOR: ssl: Remove dead code in cli_parse_update_ocsp_response
- BUG/MINOR: ssl: Fix potential leak in cli_parse_update_ocsp_response
- BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in crt-list
- BUG/MINOR: quic: Wrong use of now_ms timestamps (cubic algo)
- MINOR: quic: Add recovery related information to "show quic"
- BUG/MINOR: quic: Wrong use of now_ms timestamps (newreno algo)
- BUG/MINOR: quic: Missing max_idle_timeout initialization for the connection
- MINOR: quic: Implement cubic state trace callback
- MINOR: quic: Adjustments for generic control congestion traces
- MINOR: quic: Traces adjustments at proto level.
- MEDIUM: quic: Ack delay implementation
- BUG/MINOR: quic: Wrong rtt variance computing
- MINOR: cli: support filtering on FD types in "show fd"
- MINOR: quic: Add a fake congestion control algorithm named "nocc"
- CI: run smoke tests on config syntax to check memory related issues
- CLEANUP: assorted typo fixes in the code and comments
- CI: exclude doc/{design-thoughts,internals} from spell check
- BUG/MINOR: quic: Remaining useless statements in cubic slow start callback
- BUG/MINOR: quic: Cubic congestion control window may wrap
- MINOR: quic: Add missing traces in cubic algorithm implementation
- BUG/MAJOR: quic: Congestion algorithms states shared between the connection
- BUG/MINOR: ssl: Undefined reference when building with OPENSSL_NO_DEPRECATED
- BUG/MINOR: quic: Remove useless BUG_ON() in newreno and cubic algo implementation
- MINOR: http-act: emit a warning when a header field name contains forbidden chars
- DOC: config: strict-sni allows to start without certificate
- MINOR: quic: Add trace to debug idle timer task issues
- BUG/MINOR: quic: Unexpected connection closures upon idle timer task execution
- BUG/MINOR: quic: Wrong idle timer expiration (during 20s)
- BUILD: quic: 32bits compilation issue in cli_io_handler_dump_quic()
- BUG/MINOR: quic: Possible wrong PTO computing
- BUG/MINOR: tcpcheck: Be able to expect an empty response
- BUG/MEDIUM: stconn: Add a missing return statement in sc_app_shutr()
- BUG/MINOR: stream: Fix test on channels flags to set clientfin/serverfin touts
- MINOR: applet: Uninline appctx_free()
- MEDIUM: applet/trace: Register a new trace source with its events
- CLEANUP: stconn: Remove remaining debug messages
- BUG/MEDIUM: channel: Improve reports for shut in co_getblk()
- BUG/MEDIUM: dns: Properly handle error when a response consumed
- MINOR: stconn: Remove unecessary test on SE_FL_EOS before receiving data
- MINOR: stconn/channel: Move CF_READ_DONTWAIT into the SC and rename it
- MINOR: stconn/channel: Move CF_SEND_DONTWAIT into the SC and rename it
- MINOR: stconn/channel: Move CF_NEVER_WAIT into the SC and rename it
- MINOR: stconn/channel: Move CF_EXPECT_MORE into the SC and rename it
- MINOR: mux-pt: Report end-of-input with the end-of-stream after a read
- BUG/MINOR: mux-h1: Properly report EOI/ERROR on read0 in h1_rcv_pipe()
- CLEANUP: mux-h1/mux-pt: Remove useless test on SE_FL_SHR/SE_FL_SHW flags
- MINOR: mux-h1: Report an error to the SE descriptor on truncated message
- MINOR: stconn: Always ack EOS at the end of sc_conn_recv()
- MINOR: stconn/applet: Handle EOI in the applet .wake callback function
- MINOR: applet: No longer set EOI on the SC
- MINOR: stconn/applet: Handle EOS in the applet .wake callback function
- MEDIUM: cache: Use the sedesc to report and detect end of processing
- MEDIUM: cli: Use the sedesc to report and detect end of processing
- MINOR: dns: Remove the test on the opposite SC state to send requests
- MEDIUM: dns: Use the sedesc to report and detect end of processing
- MEDIUM: spoe: Use the sedesc to report and detect end of processing
- MEDIUM: hlua/applet: Use the sedesc to report and detect end of processing
- MEDIUM: log: Use the sedesc to report and detect end of processing
- MEDIUM: peers: Use the sedesc to report and detect end of processing
- MINOR: sink: Remove the tests on the opposite SC state to process messages
- MEDIUM: sink: Use the sedesc to report and detect end of processing
- MEDIUM: stats: Use the sedesc to report and detect end of processing
- MEDIUM: promex: Use the sedesc to report and detect end of processing
- MEDIUM: http_client: Use the sedesc to report and detect end of processing
- MINOR: stconn/channel: Move CF_EOI into the SC and rename it
- MEDIUM: tree-wide: Move flags about shut from the channel to the SC
- MINOR: tree-wide: Simplifiy some tests on SHUT flags by accessing SCs directly
- MINOR: stconn/applet: Add BUG_ON_HOT() to be sure SE_FL_EOS is never set alone
- MINOR: server: add SRV_F_DELETED flag
- BUG/MINOR: server/del: fix srv->next pointer consistency
- BUG/MINOR: stats: properly handle server stats dumping resumption
- BUG/MINOR: sink: free forward_px on deinit()
- BUG/MINOR: log: free log forward proxies on deinit()
- MINOR: server: always call ssl->destroy_srv when available
- MINOR: server: correctly free servers on deinit()
- BUG/MINOR: hlua: hook yield does not behave as expected
- MINOR: hlua: properly handle hlua_process_task HLUA_E_ETMOUT
- BUG/MINOR: hlua: enforce proper running context for register_x functions
- MINOR: hlua: Fix two functions that return nothing useful
- MEDIUM: hlua: Dynamic list of frontend/backend in Lua
- MINOR: hlua_fcn: alternative to old proxy and server attributes
- MEDIUM: hlua_fcn: dynamic server iteration and indexing
- MEDIUM: hlua_fcn/api: remove some old server and proxy attributes
- CLEANUP: hlua: fix conflicting comment in hlua_ctx_destroy()
- MINOR: hlua: add simple hlua reference handling API
- MINOR: hlua: fix return type for hlua_checkfunction() and hlua_checktable()
- BUG/MINOR: hlua: fix reference leak in core.register_task()
- BUG/MINOR: hlua: fix reference leak in hlua_post_init_state()
- BUG/MINOR: hlua: prevent function and table reference leaks on errors
- CLEANUP: hlua: use hlua_ref() instead of luaL_ref()
- CLEANUP: hlua: use hlua_pushref() instead of lua_rawgeti()
- CLEANUP: hlua: use hlua_unref() instead of luaL_unref()
- MINOR: hlua: simplify lua locking
- BUG/MEDIUM: hlua: prevent deadlocks with main lua lock
- MINOR: hlua_fcn: add server->get_rid() method
- MINOR: hlua: support for optional arguments to core.register_task()
- DOC: lua: silence "literal block ends without a blank line" Sphinx warnings
- DOC: lua: silence "Unexpected indentation" Sphinx warnings
- BUG/MINOR: event_hdl: fix rid storage type
- BUG/MINOR: event_hdl: make event_hdl_subscribe thread-safe
- MINOR: event_hdl: global sublist management clarification
- BUG/MEDIUM: event_hdl: clean soft-stop handling
- BUG/MEDIUM: event_hdl: fix async data refcount issue
- MINOR: event_hdl: normal tasks support for advanced async mode
- MINOR: event_hdl: add event_hdl_async_equeue_isempty() function
- MINOR: event_hdl: add event_hdl_async_equeue_size() function
- MINOR: event_hdl: pause/resume for subscriptions
- MINOR: proxy: add findserver_unique_id() and findserver_unique_name()
- MEDIUM: hlua/event_hdl: initial support for event handlers
- MINOR: hlua/event_hdl: per-server event subscription
- EXAMPLES: add basic event_hdl lua example script
- MINOR: http-ana: Add a HTTP_MSGF flag to state the Expect header was checked
- BUG/MINOR: http-ana: Don't switch message to DATA when waiting for payload
- BUG/MINOR: quic: Possible crashes in qc_idle_timer_task()
- MINOR: quic: derive first DCID from client ODCID
- MINOR: quic: remove ODCID dedicated tree
- MINOR: quic: remove address concatenation to ODCID
- BUG/MINOR: mworker: unset more internal variables from program section
- BUG/MINOR: errors: invalid use of memprintf in startup_logs_init()
- MINOR: applet: Use unsafe version to get stream from SC in the trace function
- BUG/MUNOR: http-ana: Use an unsigned integer for http_msg flags
- MINOR: compression: Make compression offload a flag
- MINOR: compression: Prepare compression code for request compression
- MINOR: compression: Store algo and type for both request and response
- MINOR: compression: Count separately request and response compression
- MEDIUM: compression: Make it so we can compress requests as well.
- BUG/MINOR: lua: remove incorrect usage of strncat()
- CLEANUP: tcpcheck: remove the only occurrence of sprintf() in the code
- CLEANUP: ocsp: do no use strpcy() to copy a path!
- CLEANUP: tree-wide: remove strpcy() from constant strings
- CLEANUP: opentracing: remove the last two occurrences of strncat()
- BUILD: compiler: fix __equals_1() on older compilers
- MINOR: compiler: define a __attribute__warning() macro
- BUILD: bug.h: add a warning in the base API when unsafe functions are used
- BUG/MEDIUM: listeners: Use the right parameters for strlcpy2().
Add code so that compression can be used for requests as well.
New compression keywords are introduced :
"direction" that specifies what we want to compress. Valid values are
"request", "response", or "both".
"type-req" and "type-res" define content-type to be compressed for
requests and responses, respectively. "type" is kept as an alias for
"type-res" for backward compatibilty.
"algo-req" specifies the compression algorithm to be used for requests.
Only one algorithm can be provided.
"algo-res" provides the list of algorithm that can be used to compress
responses. "algo" is kept as an alias for "algo-res" for backward
compatibility.
