Changes since version 2.6-dev0 : Amaury Denoyelle (61): MINOR: quic: do not reject PADDING followed by other frames REORG: quic: add comment on rare thread concurrence during CID alloc CLEANUP: quic: add comments on CID code MEDIUM: quic: handle CIDs to rattach received packets to connection MINOR: qpack: support litteral field line with non-huff name MINOR: quic: activate QUIC traces at compilation MINOR: quic: use more verbose QUIC traces set at compile-time MINOR: quic: fix segfault on CONNECTION_CLOSE parsing MINOR: h3: add BUG_ON on control receive function MEDIUM: xprt-quic: finalize app layer initialization after ALPN nego MINOR: h3: remove duplicated FIN flag position MAJOR: mux-quic: implement a simplified mux version MEDIUM: mux-quic: implement release mux operation MEDIUM: quic: detect the stream FIN MINOR: mux-quic: implement subscribe on stream MEDIUM: mux-quic: subscribe on xprt if remaining data after send MEDIUM: mux-quic: wake up xprt on data transferred MEDIUM: mux-quic: handle when sending buffer is full MINOR: hq-interop: fix tx buffering MINOR: mux-quic: remove uneeded code to check fin on TX MINOR: quic: add HTX EOM on request end BUILD: mux-quic: fix compilation with DEBUG_MEM_STATS MINOR: mux-quic: do not release qcs if there is remaining data to send MINOR: quic: notify the mux on CONNECTION_CLOSE BUG/MINOR: mux-quic: properly initialize flow control MINOR: h3: fix possible invalid dereference on htx parsing MINOR: hq-interop: refix tx buffering CLEANUP: cfgparse: modify preprocessor guards around numa detection code MINOR: mux-quic: fix trace on stream creation CLEANUP: quic: fix spelling mistake in a trace CLEANUP: quic: rename quic_conn conn to qc in quic_conn_free MINOR: quic: add missing lock on cid tree MINOR: quic: rename constant for haproxy CIDs length MINOR: quic: refactor concat DCID with address for Initial packets MINOR: quic: compare coalesced packets by DCID MINOR: quic: refactor DCID lookup MINOR: quic: simplify the removal from ODCID tree CLEANUP: quic: rename quic_conn instances to qc REORG: quic: move mux function outside of xprt MINOR: quic: add reference to quic_conn in ssl context MINOR: quic: add const qualifier for traces function MINOR: trace: add quic_conn argument definition MINOR: quic: use quic_conn as argument to traces MINOR: quic: add quic_conn instance in traces for qc_new_conn REORG: quic: remove qc_ prefix on functions which not used it directly BUG/MINOR: quic: upgrade rdlock to wrlock for ODCID removal MINOR: quic: remove unnecessary call to free_quic_conn_cids() MINOR: quic: store ssl_sock_ctx reference into quic_conn MINOR: quic: remove unnecessary if in qc_pkt_may_rm_hp() MINOR: quic: replace usage of ssl_sock_ctx by quic_conn MINOR: quic: delete timer task on quic_close() MEDIUM: quic: implement refcount for quic_conn BUG/MINOR: quic: fix potential null dereference BUG/MINOR: quic: fix potential use of uninit pointer MINOR: quic: fix return of quic_dgram_read MINOR: quic: add config parse source file MINOR: quic: implement Retry TLS AEAD tag generation MEDIUM: quic: implement Initial token parsing MINOR: quic: define retry_source_connection_id TP MEDIUM: quic: implement Retry emission MINOR: quic: free xprt tasklet on its thread Bertrand Jacquin (1): BUG/MINOR: lua: remove loop initial declarations Christopher Faulet (24): BUG/MINOR: cache: Fix loop on cache entries in "show cache" BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message BUG/MINOR: mux-h1: Fix splicing for messages with unknown length MINOR: mux-h1: Improve H1 traces by adding info about http parsers MINOR: mux-h1: register a stats module MINOR: mux-h1: add counters instance to h1c MINOR: mux-h1: count open connections/streams on stats MINOR: mux-h1: add stat for total count of connections/streams MINOR: mux-h1: add stat for total amount of bytes received and sent REGTESTS: h1: Add a script to validate H1 splicing support BUG/MINOR: server: Don't rely on last default-server to init server SSL context BUG/MEDIUM: resolvers: Detach query item on response error MEDIUM: resolvers: No longer store query items in a list into the response BUG/MEDIUM: h1: Properly reset h1m flags when headers parsing is restarted BUG/MINOR: resolvers: Don't overwrite the error for invalid query domain name BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH DOC: spoe: Clarify use of the event directive in spoe-message section DOC: config: Specify %Ta is only available in HTTP mode MINOR: http-rules: Add capture action to http-after-response ruleset BUG/MINOR: cli/server: Don't crash when a server is added with a custom id BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer Daniel Jakots (1): BUILD: ssl: unbreak the build with newer libressl David CARLIER (5): MEDIUM: pool: Following up on previous pool trimming update. MEDIUM: cfgparse: numa detect topology on FreeBSD. BUILD/MINOR: cpuset FreeBSD 14 build fix. MINOR: cpuset: switch to sched_setaffinity for FreeBSD 14 and above. BUILD: cpuset: fix build issue on macos introduced by previous change David Carlier (3): MEDIUM: pool: refactor malloc_trim/glibc and jemalloc api addition detections. MEDIUM: pool: support purging jemalloc arenas in trim_all_pools() BUILD/MINOR: tools: solaris build fix on dladdr. Emeric Brun (1): BUG/MAJOR: segfault using multiple log forward sections. Frédéric Lécaille (77): MINOR: quic: Set "no_application_protocol" alert MINOR: quic: More accurate immediately close. MINOR: quic: Immediately close if no transport parameters extension found MINOR: quic: Rename qc_prep_hdshk_pkts() to qc_prep_pkts() MINOR: quic: Possible crash when inspecting the xprt context MINOR: quic: Dynamically allocate the secrete keys MINOR: quic: Add a function to derive the key update secrets MINOR: quic: Add structures to maintain key phase information MINOR: quic: Optional header protection key for quic_tls_derive_keys() MINOR: quic: Add quic_tls_key_update() function for Key Update MINOR: quic: Enable the Key Update process MINOR: quic: Delete the ODCIDs asap MINOR: quic: RX buffer full due to wrong CRYPTO data handling MINOR: quic: Race issue when consuming RX packets buffer MINOR: quic: QUIC encryption level RX packets race issue MINOR: quic: Delete remaining RX handshake packets MINOR: quic: Remove QUIC TX packet length evaluation function MINOR: quic: Compilation fix for quic_rx_packet_refinc() MINOR: quic: Attach timer task to thread for the connection. CLEANUP: quic_frame: Remove a useless suffix to STOP_SENDING MINOR: quic: Add traces for STOP_SENDING frame and modify others CLEANUP: quic: Remove cdata_len from quic_tx_packet struct MINOR: quic: Enable TLS 0-RTT if needed MINOR: quic: No TX secret at EARLY_DATA encryption level MINOR: quic: Add quic_set_app_ops() function MINOR: ssl_sock: Set the QUIC application from ssl_sock_advertise_alpn_protos. MINOR: quic: Make xprt support 0-RTT. MINOR: qpack: Missing check for truncated QPACK fields CLEANUP: quic: Comment fix for qc_strm_cpy() MINOR: hq_interop: Stop BUG_ON() truncated streams MINOR: quic: Do not mix packet number space and connection flags CLEANUP: quic: Shorten a litte bit the traces in lstnr_rcv_pkt() MINOR: quic: Increase the RX buffer for each connection MINOR: quic: Add a function to list remaining RX packets by encryption level MINOR: quic: Stop emptying the RX buffer asap. MINOR: quic: Do not expect to receive only one O-RTT packet MINOR: quic: Do not forget STREAM frames received in disorder MINOR: quic: Wrong packet refcount handling in qc_pkt_insert() MINOR: quic: Add stream IDs to qcs_push_frame() traces MINOR: quic: unchecked qc_retrieve_conn_from_cid() returned value MINOR: quic: Wrong dropped packet skipping MINOR: quic: Handle the cases of overlapping STREAM frames MINOR: quic: xprt traces fixes MINOR: quic: Drop asap Retry or Version Negotiation packets MINOR: quic: Add traces for RX frames (flow control related) MINOR: quic: Add CONNECTION_CLOSE phrase to trace MINOR: quic: Wrong traces after rework MINOR: quic: Add trace about in flight bytes by packet number space MINOR: quic: Wrong first packet number space computation MINOR: quic: Wrong packet number space computation for PTO MINOR: quic: Wrong loss time computation in qc_packet_loss_lookup() MINOR: quic: Wrong ack_delay compution before calling quic_loss_srtt_update() MINOR: quic: Remove nb_pto_dgrams quic_conn struct member MINOR: quic: Wrong packet number space trace in qc_prep_pkts() MINOR: quic: Useless test in qc_prep_pkts() MINOR: quic: qc_prep_pkts() code moving MINOR: quic: Speeding up Handshake Completion MINOR: quic: Probe Initial packet number space more often MINOR: quic: Probe several packet number space upon timer expiration MINOR: quic: Comment fix. MINOR: quic: Improve qc_prep_pkts() flexibility MINOR: quic: Do not drop secret key but drop the CRYPTO data MINOR: quic: Prepare Handshake packets asap after completed handshake MINOR: quic: Flag asap the connection having reached the anti-amplification limit MINOR: quic: PTO timer too often reset MINOR: quic: Re-arm the PTO timer upon datagram receipt MINOR: quic: Only one CRYPTO frame by encryption level MINOR: quic: Missing retransmission from qc_prep_fast_retrans() MINOR: quic: Non-optimal use of a TX buffer MINOR: quic: Remaining TRACEs with connection as firt arg MINOR: quic: Reset ->conn quic_conn struct member when calling qc_release() MINOR: quic: Flag the connection as being attached to a listener MINOR: quic: Wrong CRYPTO frame concatenation MINOR: quid: Add traces quic_close() and quic_conn_io_cb() MINOR: quic: Do not dereference ->conn quic_conn struct member MINOR: quic: As server, skip 0-RTT packet number space MINOR: quic: Do not wakeup the I/O handler before the mux is started Ilya Shipitsin (8): REGTESTS: ssl: use X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY for cert check CI: Github Actions: do not show VTest failures if build failed CLEANUP: assorted typo fixes in the code and comments This is 29th iteration of typo fixes CI: github actions: update OpenSSL to 3.0.1 CI: refactor spelling check CLEANUP: assorted typo fixes in the code and comments CI: github actions: clean default step conditions CI: github actions: use cache for OpenTracing Lukas Tribus (2): DOC: config: retry-on list is space-delimited DOC: config: fix error-log-format example Miroslav Zagorac (1): BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time Remi Tricot-Le Breton (13): BUG/MINOR: vars: Fix the set-var and unset-var converters MINOR: vars: Move UPDATEONLY flag test to vars_set_ifexist MINOR: vars: Set variable type to ANY upon creation MINOR: vars: Delay variable content freeing in var_set function MINOR: vars: Parse optional conditions passed to the set-var converter MINOR: vars: Parse optional conditions passed to the set-var actions MEDIUM: vars: Enable optional conditions to set-var converter and actions DOC: vars: Add documentation about the set-var conditions REGTESTS: vars: Add new test for conditional set-var REGTESTS: vars: Remove useless ssl tunes from conditional set-var test MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2 Thierry Fournier (1): DOC: fix misspelled keyword "resolve_retries" in resolvers Tim Duesterhus (1): BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query William Dauchy (1): MINOR: proxy: add option idle-close-on-response William Lallemand (18): BUG/MINOR: httpclient: allow to replace the host header BUG/MINOR: lua: don't expose internal proxies MEDIUM: mworker: seamless reload use the internal sockpairs BUG/MINOR: mworker: does not add the -sf in wait mode BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode BUG/MINOR: mworker: deinit of thread poller was called when not initialized BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode MINOR: cli: "show version" displays the current process version BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server REGTESTS: ssl: fix ssl_default_server.vtc BUG/MINOR: ssl: free the fields in srv->ssl_ctx BUG/MEDIUM: ssl: free the ckch instance linked to a server REGTESTS: ssl: update of a crt with server deletion BUG/MINOR: cli: fix _getsocks with musl libc BUG/MEDIUM: mworker: don't use _getsocks in wait mode BUG/MINOR: httpclient: don't send an empty body BUG/MINOR: httpclient: set default Accept and User-Agent headers BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers Willy Tarreau (34): BUILD: pools: only detect link-time jemalloc on ELF platforms CI: github actions: add the output of $CC -dM -E- BUILD: evports: remove a leftover from the dead_fd cleanup BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode MINOR: pools: work around possibly slow malloc_trim() during gc DEBUG: ssl: make sure we never change a servername on established connections BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch BUG/MEDIUM: peers: properly skip conn_cur from incoming messages MINOR: compat: detect support for dl_iterate_phdr() MINOR: debug: add ability to dump loaded shared libraries MINOR: debug: add support for -dL to dump library names at boot MINOR: pools: always evict oldest objects first in pool_evict_from_local_cache() DOC: pool: document the purpose of various structures in the code CLEANUP: pools: do not use the extra pointer to link shared elements CLEANUP: pools: get rid of the POOL_LINK macro MINOR: pool: allocate from the shared cache through the local caches CLEANUP: pools: group list updates in pool_get_from_cache() MINOR: pool: rely on pool_free_nocache() in pool_put_to_shared_cache() MINOR: pool: make pool_is_crowded() always true when no shared pools are used MINOR: pool: check for pool's fullness outside of pool_put_to_shared_cache() MINOR: pool: introduce pool_item to represent shared pool items MINOR: pool: add a function to estimate how many may be released at once MEDIUM: pool: compute the number of evictable entries once per pool MINOR: pools: prepare pool_item to support chained clusters MINOR: pools: pass the objects count to pool_put_to_shared_cache() MEDIUM: pools: centralize cache eviction in a common function MEDIUM: pools: start to batch eviction from local caches MEDIUM: pools: release cached objects in batches OPTIM: pools: reduce local pool cache size to 512kB BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning DOC: internals: document the pools architecture and API BUG/MEDIUM: connection: properly leave stopping list on error MINOR: pools: enable pools with DEBUG_FAIL_ALLOC as well