From 5d46fbddb186f01db01c86c4937775342fd144a6 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Fri, 5 Feb 2021 15:17:33 +0100 Subject: [PATCH] [RELEASE] Released version 2.4-dev7 Released version 2.4-dev7 with the following main changes : - BUG/MINOR: stats: Continue to fill frontend stats on unimplemented metric - BUILD: ssl: guard Client Hello callbacks with HAVE_SSL_CLIENT_HELLO_CB macro instead of openssl version - BUG/MINOR: stats: Init the metric variable when frontend stats are filled - MINOR: contrib/prometheus-exporter: better output of Not-a-Number - CLEANUP: stats: improve field selection for frontend http fields - CLEANUP: assorted typo fixes in the code and comments - DOC: Improve documentation of the various hdr() fetches - MEDIUM: stats: allow to select one field in `stats_fill_be_stats` - MINOR: contrib/prometheus-exporter: use fill_be_stats for backend dump - MEDIUM: stats: allow to select one field in `stats_fill_sv_stats` - MINOR: contrib/prometheus-exporter: use fill_sv_stats for server dump - MINOR: abort() on my_unreachable() when DEBUG_USE_ABORT is set. - BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown - BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name - MINOR: reg-tests: add http-reuse test - CLEANUP: srv: fix comment for pool-max-conn - CLEANUP: backend: remove an obsolete comment on conn_backend_get - REORG: backend: simplify conn_backend_get - MINOR: ssl: Server ssl context prepare function refactoring - MINOR: ssl: Certificate chain loading refactorization - MEDIUM: ssl: Load client certificates in a ckch for backend servers - MEDIUM: ssl: Enable backend certificate hot update - MINOR: ssl: Remove client_crt member of the server's ssl context - CLEANUP: ssl/cli: rework free in cli_io_handler_commit_cert() - CLEANUP: ssl: remove SSL_CTX function parameter - CLEANUP: ssl: make load_srv_{ckchs,cert} match their bind counterpart - BUILD: Include stdlib.h in compiler.h if DEBUG_USE_ABORT is set - CI: Fix DEBUG_STRICT definition for Coverity - BUG/MINOR: stats: Remove a break preventing ST_F_QCUR to be set for servers - BUG/MINOR: stats: Add a break after filling ST_F_MODE field for servers - CLEANUP: ssl: remove dead code in ckch_inst_new_load_srv_store() - BUG/MINOR: ssl: init tmp chunk correctly in ssl_sock_load_sctl_from_file() - BUG/MEDIUM: session: only retrieve ready idle conn from session - BUG/MEDIUM: backend: never reuse a connection for tcp mode - REGTESTS: set_ssl_server_cert.vtc: remove the abort command - REGTESTS: set_ssl_server_cert.vtc: check the Sha1 Fingerprint - REGTESTS: set_ssl_server_cert.vtc: check the sha1 from the server - MEDIUM: stream-int: Take care of EOS if the SI wake callback function - MINOR: mux-h1: Try to wake up data layer first before calling its wake callback - MINOR: mux-h1: Wake up H1C after its creation if input buffer is not empty - MEDIUM: mux-h1: Add ST_READY state for the H1 connections - MINOR: stream: Add a function to validate TCP to H1 upgrades - MEDIUM: http-ana: Do nothing in wait-for-request analyzer if not htx - BUG/MEDIUM: stream: Don't immediatly ack the TCP to H1 upgrades - BUG/MAJOR: mux-h1: Properly handle TCP to H1 upgrades - MINOR: htx/http-ana: Save info about Upgrade option in the Connection header - MEDIUM: http-ana: Refuse invalid 101-switching-protocols responses - BUG/MINOR: h2/mux-h2: Reject 101 responses with a PROTOCOL_ERROR h2s error - MINOR: mux-h1/mux-fcgi: Don't set TUNNEL mode if payload length is unknown - MINOR: mux-h1: Split H1C_F_WAIT_OPPOSITE flag to separate input/output sides - MINOR: mux-h2: Add 2 flags to help to properly handle tunnel mode - MEDIUM: mux-h2: Block client data on server side waiting tunnel establishment - MEDIUM: mux-h2: Close streams when processing data for an aborted tunnel - MEDIUM: mux-h1: Properly handle tunnel establishments and aborts - BUG/MAJOR: mux-h1/mux-h2/htx: Fix HTTP tunnel management at the mux level - MINOR: htx: Rename HTX_FL_EOI flag into HTX_FL_EOM - REGTESTS: Don't run http_msg_full_on_eom script on the 2.4 anymore - MINOR: htx: Add a function to know if a block is the only one in a message - MAJOR: htx: Remove the EOM block type and use HTX_FL_EOM instead - MINOR: mux-h1: Add a flag on H1 streams with a response known to be bodyless - MEDIUM: mux-h1: Don't emit any payload for bodyless responses - MINOR: mux-h1: Don't emit C-L and T-E headers for 204 and 1xx responses - MINOR: mux-h1: Don't add Connection close/keep-alive header for 1xx messages - MINOR: h2/mux-h2: Add flags to notify the response is known to have no body - MEDIUM: mux-h2: Don't emit DATA frame for bodyless responses - MEDIUM: http-ana: Deal with L7 retries in HTTP analysers - MINOR: h1: reject websocket handshake if missing key - MEDIUM: h1: generate WebSocket key on response if needed - MINOR: mux_h2: define H2_SF_EXT_CONNECT_SENT stream flag - MEDIUM: h2: parse Extended CONNECT reponse to htx - MEDIUM: mux_h2: generate Extended CONNECT from htx upgrade - MEDIUM: h1: add a WebSocket key on handshake if needed - MEDIUM: mux_h2: generate Extended CONNECT response - MEDIUM: h2: parse Extended CONNECT request to htx - MEDIUM: h2: send connect protocol h2 settings - MINOR: vtc: add test for h1/h2 protocol upgrade translation - MINOR: vtc: add websocket test - REGTESTS: Fix required versions for several scripts - REGTEST: Don't use the websocket to validate http-check - MINOR: mux-h1/trace: add traces at level ERROR for all kind of errors - MINOR: mux-fcgi/trace: add traces at level ERROR for all kind of errors - MINOR: h1: Raise the chunk size limit up to (2^52 - 1) - BUG/MEDIUM: listener: do not accept connections faster than we can process them - REGTESTS: set_ssl_server_cert.vtc: set as broken - Revert "BUG/MEDIUM: listener: do not accept connections faster than we can process them" - BUG/MINOR: backend: check available list allocation for reuse - CI: Fix the coverity builds - DOC: management: fix "show resolvers" alphabetical ordering - MINOR: tools: add print_time_short() to print a condensed duration value - MINOR: activity: make profiling more manageable - MINOR: activity: declare a new structure to collect per-function activity - MEDIUM: tasks/activity: collect per-task statistics when profiling is enabled - MINOR: activity: also report collected tasks stats in "show profiling" - MINOR: activity: flush scheduler stats on "set profiling tasks on" - MINOR: activity: add a new "show tasks" command to list currently active tasks - MINOR: listener: export accept_queue_process - MINOR: session: export session_expire_embryonic() - MINOR: muxes: export the timeout and shutr task handlers - MINOR: checks: export a few functions that appear often in trace dumps - MINOR: peers: export process_peer_sync() to improve traces - MINOR: stick-tables: export process_table_expire() - MINOR: mux-h1: Remove first useless test on count in h1_process_output() - BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list - MINOR: http-fetch: Don't check if argument list is set in sample fetches - MINOR: http-conv: Don't check if argument list is set in sample converters - MINOR: sample: Don't check if argument list is set in sample fetches - MINOR: ssl-sample: Don't check if argument list is set in sample fetches - MINOR: mux-h2: Don't tests the start-line when sending HEADERS frame - MINOR: mux-h2: Slightly improve request HEADERS frames sending - MINOR: contrib/prometheus-exporter: declare states for objects - MAJOR: contrib/prometheus-exporter: move ftd/bkd/srv states to labels - MEDIUM: contrib/prometheus-exporter: Use dynamic labels instead of static ones - MINOR: listener: export manage_global_listener_queue() - BUG/MINOR: activity: take care of late wakeups in "show tasks" - REGTESTS: set_ssl_server_cert.vtc: remove SSL caching and set as working - REGTESTS: set_ssl_server_cert: cleanup the SSL caching option - MINOR: checks: Add function to get the result code corresponding to a status - MAJOR: contrib/prometheus-exporter: move health check status to labels - MINOR: contrib/prometheus-exporter: improve service status description field - MINOR: stats: improve pending connections description - MINOR: stats: improve max stats descriptions - MINOR: contrib/prometheus-exporter: use stats desc when possible - MINOR: contrib/prometheus-exporter: add uweight field - MINOR: contrib/prometheus-exporter: add recv logs_logs_total field - CLEANUP: contrib/prometheus-exporter: remove unused includes - CLEANUP: contrib/prometheus-exporter: align and reorder fields - CLEANUP: contrib/prometheus-exporter: remove description in README - DOC: contrib/prometheus-exporter: Add missing metrics in README - BUG/MINOR: contrib/prometheus-exporter: Add missing label for ST_F_HRSP_1XX - BUG/MINOR: contrib/prometheus-exporter: Restart labels dump at the right pos - BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store - BUG/MEDIUM: ssl: check a connection's status before computing a handshake - BUG/MINOR: mux_h2: fix incorrect stat titles - MINOR: ssl/cli: flush the server session cache upon 'commit ssl cert' - BUG/MINOR: cli: fix set server addr/port coherency with health checks - MINOR: server: Don't set the check port during the update from a state file - MINOR: dns: Don't set the check port during a server dns resolution - MEDIUM: check: remove checkport checkaddr flag - MEDIUM: server: adding support for check_port in server state - BUG/MINOR: check: consitent way to set agentaddr - MEDIUM: check: align agentaddr and agentport behaviour - DOC: server: Add missing params in comment of the server state line parsing - BUG/MINOR: xxhash: make sure armv6 uses memcpy() - REGTESTS: mark http-check-send.vtc as 2.4-only - REGTESTS: mark sample_fetches/hashes.vtc as 2.4-only - BUG/MINOR: ssl: do not try to use early data if not configured - REGTESTS: unbreak http-check-send.vtc - MINOR: cli/show_fd: report local and report ports when known - BUILD: Makefile: move REGTESTST_TYPE default setting - BUG/MEDIUM: mux-h2: handle remaining read0 cases - CLEANUP: http-htx: Set buffer area to NULL instead of malloc(0) - BUG/MINOR: sock: Unclosed fd in case of connection allocation failure - BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED --- CHANGELOG | 155 ++++++++++++++++++++++++++++++++++++++++++ VERDATE | 2 +- VERSION | 2 +- doc/configuration.txt | 2 +- 4 files changed, 158 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 9c93e47bd..c921adf08 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,161 @@ ChangeLog : =========== +2021/02/05 : 2.4-dev7 + - BUG/MINOR: stats: Continue to fill frontend stats on unimplemented metric + - BUILD: ssl: guard Client Hello callbacks with HAVE_SSL_CLIENT_HELLO_CB macro instead of openssl version + - BUG/MINOR: stats: Init the metric variable when frontend stats are filled + - MINOR: contrib/prometheus-exporter: better output of Not-a-Number + - CLEANUP: stats: improve field selection for frontend http fields + - CLEANUP: assorted typo fixes in the code and comments + - DOC: Improve documentation of the various hdr() fetches + - MEDIUM: stats: allow to select one field in `stats_fill_be_stats` + - MINOR: contrib/prometheus-exporter: use fill_be_stats for backend dump + - MEDIUM: stats: allow to select one field in `stats_fill_sv_stats` + - MINOR: contrib/prometheus-exporter: use fill_sv_stats for server dump + - MINOR: abort() on my_unreachable() when DEBUG_USE_ABORT is set. + - BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown + - BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name + - MINOR: reg-tests: add http-reuse test + - CLEANUP: srv: fix comment for pool-max-conn + - CLEANUP: backend: remove an obsolete comment on conn_backend_get + - REORG: backend: simplify conn_backend_get + - MINOR: ssl: Server ssl context prepare function refactoring + - MINOR: ssl: Certificate chain loading refactorization + - MEDIUM: ssl: Load client certificates in a ckch for backend servers + - MEDIUM: ssl: Enable backend certificate hot update + - MINOR: ssl: Remove client_crt member of the server's ssl context + - CLEANUP: ssl/cli: rework free in cli_io_handler_commit_cert() + - CLEANUP: ssl: remove SSL_CTX function parameter + - CLEANUP: ssl: make load_srv_{ckchs,cert} match their bind counterpart + - BUILD: Include stdlib.h in compiler.h if DEBUG_USE_ABORT is set + - CI: Fix DEBUG_STRICT definition for Coverity + - BUG/MINOR: stats: Remove a break preventing ST_F_QCUR to be set for servers + - BUG/MINOR: stats: Add a break after filling ST_F_MODE field for servers + - CLEANUP: ssl: remove dead code in ckch_inst_new_load_srv_store() + - BUG/MINOR: ssl: init tmp chunk correctly in ssl_sock_load_sctl_from_file() + - BUG/MEDIUM: session: only retrieve ready idle conn from session + - BUG/MEDIUM: backend: never reuse a connection for tcp mode + - REGTESTS: set_ssl_server_cert.vtc: remove the abort command + - REGTESTS: set_ssl_server_cert.vtc: check the Sha1 Fingerprint + - REGTESTS: set_ssl_server_cert.vtc: check the sha1 from the server + - MEDIUM: stream-int: Take care of EOS if the SI wake callback function + - MINOR: mux-h1: Try to wake up data layer first before calling its wake callback + - MINOR: mux-h1: Wake up H1C after its creation if input buffer is not empty + - MEDIUM: mux-h1: Add ST_READY state for the H1 connections + - MINOR: stream: Add a function to validate TCP to H1 upgrades + - MEDIUM: http-ana: Do nothing in wait-for-request analyzer if not htx + - BUG/MEDIUM: stream: Don't immediatly ack the TCP to H1 upgrades + - BUG/MAJOR: mux-h1: Properly handle TCP to H1 upgrades + - MINOR: htx/http-ana: Save info about Upgrade option in the Connection header + - MEDIUM: http-ana: Refuse invalid 101-switching-protocols responses + - BUG/MINOR: h2/mux-h2: Reject 101 responses with a PROTOCOL_ERROR h2s error + - MINOR: mux-h1/mux-fcgi: Don't set TUNNEL mode if payload length is unknown + - MINOR: mux-h1: Split H1C_F_WAIT_OPPOSITE flag to separate input/output sides + - MINOR: mux-h2: Add 2 flags to help to properly handle tunnel mode + - MEDIUM: mux-h2: Block client data on server side waiting tunnel establishment + - MEDIUM: mux-h2: Close streams when processing data for an aborted tunnel + - MEDIUM: mux-h1: Properly handle tunnel establishments and aborts + - BUG/MAJOR: mux-h1/mux-h2/htx: Fix HTTP tunnel management at the mux level + - MINOR: htx: Rename HTX_FL_EOI flag into HTX_FL_EOM + - REGTESTS: Don't run http_msg_full_on_eom script on the 2.4 anymore + - MINOR: htx: Add a function to know if a block is the only one in a message + - MAJOR: htx: Remove the EOM block type and use HTX_FL_EOM instead + - MINOR: mux-h1: Add a flag on H1 streams with a response known to be bodyless + - MEDIUM: mux-h1: Don't emit any payload for bodyless responses + - MINOR: mux-h1: Don't emit C-L and T-E headers for 204 and 1xx responses + - MINOR: mux-h1: Don't add Connection close/keep-alive header for 1xx messages + - MINOR: h2/mux-h2: Add flags to notify the response is known to have no body + - MEDIUM: mux-h2: Don't emit DATA frame for bodyless responses + - MEDIUM: http-ana: Deal with L7 retries in HTTP analysers + - MINOR: h1: reject websocket handshake if missing key + - MEDIUM: h1: generate WebSocket key on response if needed + - MINOR: mux_h2: define H2_SF_EXT_CONNECT_SENT stream flag + - MEDIUM: h2: parse Extended CONNECT reponse to htx + - MEDIUM: mux_h2: generate Extended CONNECT from htx upgrade + - MEDIUM: h1: add a WebSocket key on handshake if needed + - MEDIUM: mux_h2: generate Extended CONNECT response + - MEDIUM: h2: parse Extended CONNECT request to htx + - MEDIUM: h2: send connect protocol h2 settings + - MINOR: vtc: add test for h1/h2 protocol upgrade translation + - MINOR: vtc: add websocket test + - REGTESTS: Fix required versions for several scripts + - REGTEST: Don't use the websocket to validate http-check + - MINOR: mux-h1/trace: add traces at level ERROR for all kind of errors + - MINOR: mux-fcgi/trace: add traces at level ERROR for all kind of errors + - MINOR: h1: Raise the chunk size limit up to (2^52 - 1) + - BUG/MEDIUM: listener: do not accept connections faster than we can process them + - REGTESTS: set_ssl_server_cert.vtc: set as broken + - Revert "BUG/MEDIUM: listener: do not accept connections faster than we can process them" + - BUG/MINOR: backend: check available list allocation for reuse + - CI: Fix the coverity builds + - DOC: management: fix "show resolvers" alphabetical ordering + - MINOR: tools: add print_time_short() to print a condensed duration value + - MINOR: activity: make profiling more manageable + - MINOR: activity: declare a new structure to collect per-function activity + - MEDIUM: tasks/activity: collect per-task statistics when profiling is enabled + - MINOR: activity: also report collected tasks stats in "show profiling" + - MINOR: activity: flush scheduler stats on "set profiling tasks on" + - MINOR: activity: add a new "show tasks" command to list currently active tasks + - MINOR: listener: export accept_queue_process + - MINOR: session: export session_expire_embryonic() + - MINOR: muxes: export the timeout and shutr task handlers + - MINOR: checks: export a few functions that appear often in trace dumps + - MINOR: peers: export process_peer_sync() to improve traces + - MINOR: stick-tables: export process_table_expire() + - MINOR: mux-h1: Remove first useless test on count in h1_process_output() + - BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list + - MINOR: http-fetch: Don't check if argument list is set in sample fetches + - MINOR: http-conv: Don't check if argument list is set in sample converters + - MINOR: sample: Don't check if argument list is set in sample fetches + - MINOR: ssl-sample: Don't check if argument list is set in sample fetches + - MINOR: mux-h2: Don't tests the start-line when sending HEADERS frame + - MINOR: mux-h2: Slightly improve request HEADERS frames sending + - MINOR: contrib/prometheus-exporter: declare states for objects + - MAJOR: contrib/prometheus-exporter: move ftd/bkd/srv states to labels + - MEDIUM: contrib/prometheus-exporter: Use dynamic labels instead of static ones + - MINOR: listener: export manage_global_listener_queue() + - BUG/MINOR: activity: take care of late wakeups in "show tasks" + - REGTESTS: set_ssl_server_cert.vtc: remove SSL caching and set as working + - REGTESTS: set_ssl_server_cert: cleanup the SSL caching option + - MINOR: checks: Add function to get the result code corresponding to a status + - MAJOR: contrib/prometheus-exporter: move health check status to labels + - MINOR: contrib/prometheus-exporter: improve service status description field + - MINOR: stats: improve pending connections description + - MINOR: stats: improve max stats descriptions + - MINOR: contrib/prometheus-exporter: use stats desc when possible + - MINOR: contrib/prometheus-exporter: add uweight field + - MINOR: contrib/prometheus-exporter: add recv logs_logs_total field + - CLEANUP: contrib/prometheus-exporter: remove unused includes + - CLEANUP: contrib/prometheus-exporter: align and reorder fields + - CLEANUP: contrib/prometheus-exporter: remove description in README + - DOC: contrib/prometheus-exporter: Add missing metrics in README + - BUG/MINOR: contrib/prometheus-exporter: Add missing label for ST_F_HRSP_1XX + - BUG/MINOR: contrib/prometheus-exporter: Restart labels dump at the right pos + - BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store + - BUG/MEDIUM: ssl: check a connection's status before computing a handshake + - BUG/MINOR: mux_h2: fix incorrect stat titles + - MINOR: ssl/cli: flush the server session cache upon 'commit ssl cert' + - BUG/MINOR: cli: fix set server addr/port coherency with health checks + - MINOR: server: Don't set the check port during the update from a state file + - MINOR: dns: Don't set the check port during a server dns resolution + - MEDIUM: check: remove checkport checkaddr flag + - MEDIUM: server: adding support for check_port in server state + - BUG/MINOR: check: consitent way to set agentaddr + - MEDIUM: check: align agentaddr and agentport behaviour + - DOC: server: Add missing params in comment of the server state line parsing + - BUG/MINOR: xxhash: make sure armv6 uses memcpy() + - REGTESTS: mark http-check-send.vtc as 2.4-only + - REGTESTS: mark sample_fetches/hashes.vtc as 2.4-only + - BUG/MINOR: ssl: do not try to use early data if not configured + - REGTESTS: unbreak http-check-send.vtc + - MINOR: cli/show_fd: report local and report ports when known + - BUILD: Makefile: move REGTESTST_TYPE default setting + - BUG/MEDIUM: mux-h2: handle remaining read0 cases + - CLEANUP: http-htx: Set buffer area to NULL instead of malloc(0) + - BUG/MINOR: sock: Unclosed fd in case of connection allocation failure + - BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED + 2021/01/22 : 2.4-dev6 - MINOR: converter: adding support for url_enc - BUILD: SSL: guard TLS13 ciphersuites with HAVE_SSL_CTX_SET_CIPHERSUITES diff --git a/VERDATE b/VERDATE index a8dbdd115..044a00e02 100644 --- a/VERDATE +++ b/VERDATE @@ -1,2 +1,2 @@ $Format:%ci$ -2021/01/22 +2021/02/05 diff --git a/VERSION b/VERSION index 5cbed91ea..86b3298b5 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-dev6 +2.4-dev7 diff --git a/doc/configuration.txt b/doc/configuration.txt index eb685785d..f8b1e9336 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -4,7 +4,7 @@ ---------------------- version 2.4 willy tarreau - 2021/01/22 + 2021/02/05 This document covers the configuration language as implemented in the version