Changes since version 3.3-dev8 : Amaury Denoyelle (11): CLEANUP: quic: fix typo in quic_tx trace TESTS: quic: add unit-tests for QUIC TX part MINOR: quic: restore QUIC_HP_SAMPLE_LEN constant BUG/MINOR: quic: properly support GSO on backend side BUG/MINOR: hq-interop: adjust parsing/encoding on backend side OPTIM: check: do not delay MUX for ALPN if SSL not active BUG/MEDIUM: checks: fix ALPN inheritance from server BUG/MINOR: check: ensure checks are compatible with QUIC servers MINOR: check: reject invalid check config on a QUIC server MINOR: quic: display build warning for compat layer on recent OpenSSL DOC: quic: clarifies limited-quic support Aurelien DARRAGON (9): BUG/MEDIUM: proxy: fix crash with stop_proxy() called during init MINOR: stats-file: use explicit unsigned integer bitshift for user slots BUG/MEDIUM: http_ana: fix potential NULL deref in http_process_req_common() MEDIUM: log/proxy: store log-steps selection using a bitmask, not an eb tree CLEANUP: log: remove deadcode in px_parse_log_steps() MINOR: counters: document that tg shared counters are tied to shm-stats-file mapping DOC: internals: document the shm-stats-file format/mapping BUG/MEDIUM: sink: fix unexpected double postinit of sink backend MEDIUM: stats: consider that shared stats pointers may be NULL Ben Kallus (2): IMPORT: ebtree: Fix UB from clz(0) IMPORT: ebtree: replace hand-rolled offsetof to avoid UB Christopher Faulet (30): BUG/MINOR: acl: Fix error message about several '-m' parameters MINOR: server: Parse sni and pool-conn-name expressions in a dedicated function BUG/MEDIUM: server: Use sni as pool connection name for SSL server only BUG/MINOR: server: Update healthcheck when server settings are changed via CLI OPTIM: backend: Don't set SNI for non-ssl connections OPTIM: proto_rhttp: Don't set SNI for non-ssl connections OPTIM: tcpcheck: Don't set SNI and ALPN for non-ssl connections BUG/MINOR: tcpcheck: Don't use sni as pool-conn-name for non-SSL connections MEDIUM: server/ssl: Base the SNI value to the HTTP host header by default MEDIUM: httpcheck/ssl: Base the SNI value on the HTTP host header by default OPTIM: tcpcheck: Reorder tcpchek_connect structure fields to fill holes REGTESTS: ssl: Add a script to test the automatic SNI selection REGTESTS: ssl: Fix the script about automatic SNI selection BUG/MINOR: pools: Fix the dump of pools info to deal with buffers limitations MINOR: pools: Don't dump anymore info about pools when purge is forced BUG/MEDIUM: mux-h2: Reset MUX blocking flags when a send error is caught BUG/MEDIUM: mux-h2; Don't block reveives in H2_CS_ERROR and H2_CS_ERROR2 states BUG/MEDIUM: mux-h2: Restart reading when mbuf ring is no longer full BUG/MINOR: mux-h2: Remove H2_CF_DEM_DFULL flags when the demux buffer is reset BUG/MEDIUM: mux-h2: Report RST/error to app-layer stream during 0-copy fwding BUG/MEDIUM: mux-h2: Reinforce conditions to report an error to app-layer stream BUG/MAJOR: stream: Force channel analysis on successful synchronous send BUG/MEDIUM: resolvers: Properly cache do-resolv resolution BUG/MINOR: resolvers: Restore round-robin selection on records in DNS answers BUG/MEDIUM: resolvers: Test for empty tree when getting a record from DNS answer BUG/MEDIUM: resolvers: Make resolution owns its hostname_dn value BUG/MEDIUM: resolvers: Accept to create resolution without hostname BUG/MEDIUM: resolvers: Wake resolver task up whne unlinking a stream requester Revert "BUG/MINOR: ocsp: Crash when updating CA during ocsp updates" BUG/MEDIUM: http-client: Fix the test on the response start-line Collison, Steven (1): DOC: proxy-protocol: Add TLS group and sig scheme TLVs Frederic Lecaille (5): MINOR: quic: add useful trace about padding params values BUG/MINOR: quic: too short PADDING frame for too short packets MINOR: quic: SSL session reuse for QUIC MINOR: quic: get rid of ->target quic_conn struct member MINOR: quic-be: make SSL/QUIC objects use their own indexes (ssl_qc_app_data_index) Olivier Houchard (9): BUG/MEDIUM: ssl: Properly initialize msg_controllen. BUG/MEDIUM: h1: Allow reception if we have early data BUG/MEDIUM: ssl: create the mux immediately on early data MINOR: ssl: Add a flag to let it known we have an ALPN negociated MINOR: ssl: Use the new flag to know when the ALPN has been set. MEDIUM: server: Introduce the concept of path parameters MEDIUM: server: Make use of the stored ALPN stored in the server BUG/MEDIUM: ssl: Fix a crash when using QUIC BUG/MEDIUM: ssl: Fix a crash if we failed to create the mux Remi Tricot-Le Breton (4): BUG/MINOR: ssl: Potential NULL deref in trace macro BUG/MINOR: ssl: Fix potential NULL deref in trace callback BUG/MINOR: ocsp: Crash when updating CA during ocsp updates BUG/MINOR: ocsp: Crash when updating CA during ocsp updates Valentine Krasnobaeva (1): BUG/MINOR: resolvers: always normalize FQDN from response William Lallemand (11): BUG/MINOR: acme: null pointer dereference upon allocation failure BUG/MEDIUM: jws: return size_t in JWS functions BUG/MINOR: ocsp: prototype inconsistency MINOR: ocsp: put internal functions as static ones MINOR: ssl: set functions as static when no protypes in the .h BUILD: ssl: functions defined but not used CI: scripts: add support for git in openssl builds CI: github: add an OpenSSL + ECH job CI: scripts: mkdir BUILDSSL_TMPDIR MINOR: acme: acme-vars allow to pass data to the dpapi sink MINOR: acme: check acme-vars allocation during escaping Willy Tarreau (89): BUG/MINOR: cpu_topo: work around a small bug in musl's CPU_ISSET() MINOR: debug: report the process id in warnings and panics DEBUG: stream: count the number of passes in the connect loop MINOR: debug: report the number of loops and ctxsw for each thread MINOR: debug: report the time since last wakeup and call DEBUG: peers: export functions that use locks MINOR: stick-table: permit stksess_new() to temporarily allocate more entries MEDIUM: stick-tables: relax stktable_trash_oldest() to only purge what is needed MEDIUM: stick-tables: give up on lock contention in process_table_expire() MEDIUM: stick-tables: don't wait indefinitely in stktable_add_pend_updates() MEDIUM: peers: don't even try to process updates under contention CLEANUP: backend: clarify the role of the init_mux variable in connect_server() CLEANUP: backend: invert the condition to start the mux in connect_server() CLEANUP: backend: simplify the complex ifdef related to 0RTT in connect_server() CLEANUP: backend: clarify the cases where we want to use early data BUILD: ssl: address a recent build warning when QUIC is enabled BUG/MINOR: activity: fix reporting of task latency MINOR: activity: indicate the number of calls on "show tasks" MINOR: tools: don't emit "+0" for symbol names which exactly match known ones BUG/MEDIUM: stick-tables: don't loop on non-expirable entries DEBUG: stick-tables: export stktable_add_pend_updates() for better reporting MEDIUM: dns: bind the nameserver sockets to the initiating thread MEDIUM: resolvers: make the process_resolvers() task single-threaded BUG/MINOR: stick-table: make sure never to miss a process_table_expire update MEDIUM: stick-table: move process_table_expire() to a single thread MEDIUM: peers: move process_peer_sync() to a single thread MINOR: activity: don't report the lat_tot column for show profiling tasks MINOR: activity: add a new lkw_avg column to show profiling stats MINOR: activity: collect time spent waiting on a lock for each task MINOR: thread: add a lock level information in the thread_ctx MINOR: activity: add a new lkd_avg column to show profiling stats MINOR: activity: collect time spent with a lock held for each task MINOR: activity: add a new mem_avg column to show profiling stats MINOR: activity: collect CPU time spent on memory allocations for each task MINOR: activity/memory: count allocations performed under a lock BUILD: makefile: implement support for running a command in range IMPORT: cebtree: import version 0.5.0 to support duplicates MEDIUM: migrate the patterns reference to cebs_tree MEDIUM: guid: switch guid to more compact cebuis_tree MEDIUM: server: switch addr_node to cebis_tree MEDIUM: server: switch conf.name to cebis_tree MEDIUM: server: switch the host_dn member to cebis_tree MEDIUM: proxy: switch conf.name to cebis_tree MEDIUM: stktable: index table names using compact trees MINOR: proxy: add proxy_get_next_id() to find next free proxy ID MINOR: listener: add listener_get_next_id() to find next free listener ID MINOR: server: add server_get_next_id() to find next free server ID CLEANUP: server: use server_find_by_id() when looking for already used IDs MINOR: server: add server_index_id() to index a server by its ID MINOR: listener: add listener_index_id() to index a listener by its ID MINOR: proxy: add proxy_index_id() to index a proxy by its ID MEDIUM: proxy: index proxy ID using compact trees MEDIUM: listener: index listener ID using compact trees MEDIUM: server: index server ID using compact trees CLEANUP: server: slightly reorder fields in the struct to plug holes CLEANUP: proxy: slightly reorganize fields to plug some holes CLEANUP: backend: factor the connection lookup loop CLEANUP: server: use eb64_entry() not ebmb_entry() to convert an eb64 MINOR: server: pass the server and thread to srv_migrate_conns_to_remove() CLEANUP: backend: use a single variable for removed in srv_cleanup_idle_conns() MINOR: connection: pass the thread number to conn_delete_from_tree() MEDIUM: connection: move idle connection trees to ceb64 MEDIUM: connection: reintegrate conn_hash_node into connection CLEANUP: tools: use the item API for the file names tree CLEANUP: vars: use the item API for the variables trees BUG/MEDIUM: pattern: fix possible infinite loops on deletion Revert "BUG/MEDIUM: pattern: fix possible infinite loops on deletion" BUG/MEDIUM: pattern: fix possible infinite loops on deletion (try 2) IMPORT: ebtree: delete unusable ebpttree.c IMPORT: eb32/eb64: reorder the lookup loop for modern CPUs IMPORT: eb32/eb64: use a more parallelizable check for lack of common bits IMPORT: eb32: drop the now useless node_bit variable IMPORT: eb32/eb64: place an unlikely() on the leaf test IMPORT: ebmb: optimize the lookup for modern CPUs IMPORT: eb32/64: optimize insert for modern CPUs IMPORT: ebtree: only use __builtin_prefetch() when supported IMPORT: ebst: use prefetching in lookup() and insert() IMPORT: ebtree: add a definition of offsetof() MINOR: listener: add the "cc" bind keyword to set the TCP congestion controller MINOR: server: add the "cc" keyword to set the TCP congestion controller BUG/MEDIUM: ring: invert the length check to avoid an int overflow MINOR: trace: don't call strlen() on the thread-id numeric encoding MINOR: trace: don't call strlen() on the function's name OPTIM: sink: reduce contention on sink_announce_dropped() OPTIM: sink: don't waste time calling sink_announce_dropped() if busy CLEANUP: ring: rearrange the wait loop in ring_write() OPTIM: ring: always relax in the ring lock and leader wait loop OPTIM: ring: check the queue's owner using a CAS on x86 OPTIM: ring: avoid reloading the tail_ofs value before the CAS in ring_write()