Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 1 | HOW TO GET YOUR CODE ACCEPTED IN HAPROXY |
| 2 | READ THIS CAREFULLY BEFORE SUBMITTING CODE |
| 3 | |
| 4 | THIS DOCUMENT PROVIDES SOME RULES TO FOLLOW WHEN SENDING CONTRIBUTIONS. PATCHES |
| 5 | NOT FOLLOWING THESE RULES WILL SIMPLY BE REJECTED IN ORDER TO PROTECT ALL OTHER |
| 6 | RESPECTFUL CONTRIBUTORS' VALUABLE TIME. |
| 7 | |
| 8 | |
| 9 | Background |
| 10 | ---------- |
| 11 | |
| 12 | During the development cycle of version 1.6, much more time was spent reviewing |
| 13 | poor quality submissions, fixing them and troubleshooting the bugs they |
| 14 | introduced than doing any development work. This is not acceptable as it ends |
| 15 | up with people actually slowing down the project for the features they're the |
| 16 | only ones interested in. On the other end of the scale, there are people who |
| 17 | make the effort of polishing their work to contribute excellent quality work |
| 18 | which doesn't even require a review. Contrary to what newcomers may think, it's |
| 19 | very easy to reach that level of quality and get your changes accepted quickly, |
| 20 | even late in the development cycle. It only requires that you make your homework |
| 21 | and not rely on others to do it for you. The most important point is that |
| 22 | HAProxy is a community-driven project, all involved participants must respect |
| 23 | all other ones' time and work. |
| 24 | |
| 25 | |
| 26 | Preparation |
| 27 | ----------- |
| 28 | |
| 29 | It is possible that you'll want to add a specific feature to satisfy your needs |
| 30 | or one of your customers'. Contributions are welcome, however maintainers are |
| 31 | often very picky about changes. Patches that change massive parts of the code, |
| 32 | or that touch the core parts without any good reason will generally be rejected |
| 33 | if those changes have not been discussed first. |
| 34 | |
| 35 | The proper place to discuss your changes is the HAProxy Mailing List. There are |
| 36 | enough skilled readers to catch hazardous mistakes and to suggest improvements. |
| 37 | There is no other place where you'll find as many skilled people on the project, |
| 38 | and these people can help you get your code integrated quickly. You can |
| 39 | subscribe to it by sending an empty e-mail at the following address : |
| 40 | |
| 41 | haproxy+subscribe@formilux.org |
| 42 | |
| 43 | If you have an idea about something to implement, *please* discuss it on the |
| 44 | list first. It has already happened several times that two persons did the same |
| 45 | thing simultaneously. This is a waste of time for both of them. It's also very |
| 46 | common to see some changes rejected because they're done in a way that will |
| 47 | conflict with future evolutions, or that does not leave a good feeling. It's |
| 48 | always unpleasant for the person who did the work, and it is unpleasant in |
| 49 | general because value people's time and efforts are valuable and would be better |
| 50 | spent working on something else. That would not happen if these were discussed |
| 51 | first. There is no problem posting work in progress to the list, it happens |
| 52 | quite often in fact. Also, don't waste your time with the doc when submitting |
| 53 | patches for review, only add the doc with the patch you consider ready to merge. |
| 54 | |
| 55 | Another important point concerns code portability. Haproxy requires gcc as the |
| 56 | C compiler, and may or may not work with other compilers. However it's known to |
| 57 | build using gcc 2.95 or any later version. As such, it is important to keep in |
| 58 | mind that certain facilities offered by recent versions must not be used in the |
| 59 | code : |
| 60 | |
| 61 | - declarations mixed in the code (requires gcc >= 3.x and is a bad practice) |
| 62 | - GCC builtins without checking for their availability based on version and |
| 63 | architecture ; |
| 64 | - assembly code without any alternate portable form for other platforms |
| 65 | - use of stdbool.h, "bool", "false", "true" : simply use "int", "0", "1" |
| 66 | - in general, anything which requires C99 (such as declaring variables in |
| 67 | "for" statements) |
| 68 | |
| 69 | Since most of these restrictions are just a matter of coding style, it is |
| 70 | normally not a problem to comply. |
| 71 | |
| 72 | If your work is very confidential and you can't publicly discuss it, you can |
| 73 | also mail willy@haproxy.org directly about it, but your mail may be waiting |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 74 | several days in the queue before you get a response, if you get a response at |
| 75 | all. Retransmit if you don't get a response by one week. Please note that |
| 76 | direct sent e-mails to this address for non-confidential subjects may simply |
| 77 | be forwarded to the list or be deleted without notification. |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 78 | |
| 79 | If you'd like a feature to be added but you think you don't have the skills to |
| 80 | implement it yourself, you should follow these steps : |
| 81 | |
| 82 | 1. discuss the feature on the mailing list. It is possible that someone |
| 83 | else has already implemented it, or that someone will tell you how to |
| 84 | proceed without it, or even why not to do it. It is also possible that |
| 85 | in fact it's quite easy to implement and people will guide you through |
| 86 | the process. That way you'll finally have YOUR patch merged, providing |
| 87 | the feature YOU need. |
| 88 | |
| 89 | 2. if you really can't code it yourself after discussing it, then you may |
| 90 | consider contacting someone to do the job for you. Some people on the |
| 91 | list might sometimes be OK with trying to do it. |
| 92 | |
| 93 | |
| 94 | Rules : the 12 laws of patch contribution |
| 95 | ----------------------------------------- |
| 96 | |
| 97 | People contributing patches must apply the following rules. That may sound heavy |
| 98 | at the beginning but it's common sense more than anything else and contributors |
| 99 | do not think about them anymore after a few patches. |
| 100 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 101 | 1) Comply with the license |
| 102 | |
| 103 | Before modifying some code, you have read the LICENSE file ("main license") |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 104 | coming with the sources, and all the files this file references. Certain |
| 105 | files may be covered by different licenses, in which case it will be |
| 106 | indicated in the files themselves. In any case, you agree to respect these |
| 107 | licenses and to contribute your changes under the same licenses. If you want |
| 108 | to create new files, they will be under the main license, or any license of |
| 109 | your choice that you have verified to be compatible with the main license, |
Tim Düsterhus | 4896c44 | 2016-11-29 02:15:19 +0100 | [diff] [blame] | 110 | and that will be explicitly mentioned in the affected files. The project's |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 111 | maintainers are free to reject contributions proposing license changes they |
| 112 | feel are not appropriate or could cause future trouble. |
| 113 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 114 | 2) Develop on development branch, not stable ones |
| 115 | |
| 116 | Your work may only be based on the latest development version. No development |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 117 | is made on a stable branch. If your work needs to be applied to a stable |
| 118 | branch, it will first be applied to the development branch and only then will |
| 119 | be backported to the stable branch. You are responsible for ensuring that |
| 120 | your work correctly applies to the development version. If at any moment you |
| 121 | are going to work on restructuring something important which may impact other |
| 122 | contributors, the rule that applies is that the first sent is the first |
| 123 | served. However it is considered good practice and politeness to warn others |
| 124 | in advance if you know you're going to make changes that may force them to |
| 125 | re-adapt their code, because they did probably not expect to have to spend |
| 126 | more time discovering your changes and rebasing their work. |
| 127 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 128 | 3) Read and respect the coding style |
| 129 | |
| 130 | You have read and understood "doc/coding-style.txt", and you're actively |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 131 | determined to respect it and to enforce it on your coworkers if you're going |
| 132 | to submit a team's work. We don't care what text editor you use, whether it's |
| 133 | an hex editor, cat, vi, emacs, Notepad, Word, or even Eclipse. The editor is |
| 134 | only the interface between you and the text file. What matters is what is in |
| 135 | the text file in the end. The editor is not an excuse for submitting poorly |
| 136 | indented code, which only proves that the person has no consideration for |
| 137 | quality and/or has done it in a hurry (probably worse). Please note that most |
| 138 | bugs were found in low-quality code. Reviewers know this and tend to be much |
| 139 | more reluctant to accept poorly formated code because by experience they |
| 140 | won't trust their author's ability to write correct code. It is also worth |
| 141 | noting that poor quality code is painful to read and may result in nobody |
| 142 | willing to waste their time even reviewing your work. |
| 143 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 144 | 4) Present clean work |
| 145 | |
| 146 | The time it takes for you to polish your code is always much smaller than the |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 147 | time it takes others to do it for you, because they always have to wonder if |
| 148 | what they see is intended (meaning they didn't understand something) or if it |
| 149 | is a mistake that needs to be fixed. And since there are less reviewers than |
| 150 | submitters, it is vital to spread the effort closer to where the code is |
| 151 | written and not closer to where it gets merged. For example if you have to |
| 152 | write a report for a customer that your boss wants to review before you send |
| 153 | it to the customer, will you throw on his desk a pile of paper with stains, |
| 154 | typos and copy-pastes everywhere ? Will you say "come on, OK I made a mistake |
| 155 | in the company's name but they will find it by themselves, it's obvious it |
| 156 | comes from us" ? No. When in doubt, simply ask for help on the mailing list. |
| 157 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 158 | 5) Documentation is very important |
| 159 | |
| 160 | There are four levels of importance of quality in the project : |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 161 | |
| 162 | - The most important one, and by far, is the quality of the user-facing |
| 163 | documentation. This is the first contact for most users and it immediately |
| 164 | gives them an accurate idea of how the project is maintained. Dirty docs |
| 165 | necessarily belong to a dirty project. Be careful to the way the text you |
| 166 | add is presented and indented. Be very careful about typos, usual mistakes |
| 167 | such as double consonants when only one is needed or "it's" instead of |
| 168 | "its", don't mix US english and UK english in the same paragraph, etc. |
| 169 | When in doubt, check in a dictionary. Fixes for existing typos in the doc |
| 170 | are always welcome and chasing them is a good way to become familiar with |
| 171 | the project and to get other participants' respect and consideration. |
| 172 | |
| 173 | - The second most important level is user-facing messages emitted by the |
| 174 | code. You must try to see all the messages your code produces to ensure |
| 175 | they are understandable outside of the context where you wrote them, |
| 176 | because the user often doesn't expect them. That's true for warnings, and |
| 177 | that's even more important for errors which prevent the program from |
| 178 | working and which require an immediate and well understood fix in the |
| 179 | configuration. It's much better to say "line 35: compression level must be |
| 180 | an integer between 1 and 9" than "invalid argument at line 35". In HAProxy, |
| 181 | error handling roughly represents half of the code, and that's about 3/4 of |
| 182 | the configuration parser. Take the time to do something you're proud of. A |
| 183 | good rule of thumb is to keep in mind that your code talks to a human and |
| 184 | tries to teach him/her how to proceed. It must then speak like a human. |
| 185 | |
| 186 | - The third most important level is the code and its accompanying comments, |
| 187 | including the commit message which is a complement to your code and |
| 188 | comments. It's important for all other contributors that the code is |
| 189 | readable, fluid, understandable and that the commit message describes what |
| 190 | was done, the choices made, the possible alternatives you thought about, |
| 191 | the reason for picking this one and its limits if any. Comments should be |
| 192 | written where it's easy to have a doubt or after some error cases have been |
| 193 | wiped out and you want to explain what possibilities remain. All functions |
| 194 | must have a comment indicating what they take on input and what they |
| 195 | provide on output. Please adjust the comments when you copy-paste a |
| 196 | function or change its prototype, this type of lazy mistake is too common |
| 197 | and very confusing when reading code later to debug an issue. Do not forget |
| 198 | that others will feel really angry at you when they have to dig into your |
| 199 | code for a bug that your code caused and they feel like this code is dirty |
| 200 | or confusing, that the commit message doesn't explain anything useful and |
| 201 | that the patch should never have been accepted in the first place. That |
| 202 | will strongly impact your reputation and will definitely affect your |
| 203 | chances to contribute again! |
| 204 | |
| 205 | - The fourth level of importance is in the technical documentation that you |
| 206 | may want to add with your code. Technical documentation is always welcome |
| 207 | as it helps others make the best use of your work and to go exactly in the |
| 208 | direction you thought about during the design. This is also what reduces |
| 209 | the risk that your design gets changed in the near future due to a misuse |
| 210 | and/or a poor understanding. All such documentation is actually considered |
| 211 | as a bonus. It is more important that this documentation exists than that |
| 212 | it looks clean. Sometimes just copy-pasting your draft notes in a file to |
| 213 | keep a record of design ideas is better than losing them. Please do your |
| 214 | best so that other ones can read your doc. If these docs require a special |
| 215 | tool such as a graphics utility, ensure that the file name makes it |
| 216 | unambiguous how to process it. So there are no rules here for the contents, |
| 217 | except one. Please write the date in your file. Design docs tend to stay |
| 218 | forever and to remain long after they become obsolete. At this point that |
| 219 | can cause harm more than it can help. Writing the date in the document |
| 220 | helps developers guess the degree of validity and/or compare them with the |
| 221 | date of certain commits touching the same area. |
| 222 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 223 | 6) US-ASCII only! |
| 224 | |
| 225 | All text files and commit messages are written using the US-ASCII charset. |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 226 | Please be careful that your contributions do not contain any character not |
| 227 | printable using this charset, as they will render differently in different |
| 228 | editors and/or terminals. Avoid latin1 and more importantly UTF-8 which some |
| 229 | editors tend to abuse to replace some US-ASCII characters with their |
| 230 | typographic equivalent which aren't readable anymore in other editors. The |
| 231 | only place where alternative charsets are tolerated is in your name in the |
| 232 | commit message, but it's at your own risk as it can be mangled during the |
| 233 | merge. Anyway if you have an e-mail address, you probably have a valid |
| 234 | US-ASCII representation for it as well. |
| 235 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 236 | 7) Comments |
| 237 | |
| 238 | Be careful about comments when you move code around. It's not acceptable that |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 239 | a block of code is moved to another place leaving irrelevant comments at the |
| 240 | old place, just like it's not acceptable that a function is duplicated without |
| 241 | the comments being adjusted. The example below started to become quite common |
| 242 | during the 1.6 cycle, it is not acceptable and wastes everyone's time : |
| 243 | |
| 244 | /* Parse switching <str> to build rule <rule>. Returns 0 on error. */ |
| 245 | int parse_switching_rule(const char *str, struct rule *rule) |
| 246 | { |
| 247 | ... |
| 248 | } |
| 249 | |
| 250 | /* Parse switching <str> to build rule <rule>. Returns 0 on error. */ |
| 251 | void execute_switching_rule(struct rule *rule) |
| 252 | { |
| 253 | ... |
| 254 | } |
| 255 | |
| 256 | This patch is not acceptable either (and it's unfortunately not that rare) : |
| 257 | |
| 258 | + if (!session || !arg || list_is_empty(&session->rules->head)) |
| 259 | + return 0; |
| 260 | + |
| 261 | /* Check if session->rules is valid before dereferencing it */ |
| 262 | if (!session->rules_allocated) |
| 263 | return 0; |
| 264 | |
| 265 | - if (!arg || list_is_empty(&session->rules->head)) |
| 266 | - return 0; |
| 267 | - |
| 268 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 269 | 8) Short, readable identifiers |
| 270 | |
| 271 | Limit the length of your identifiers in the code. When your identifiers start |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 272 | to sound like sentences, it's very hard for the reader to keep on track with |
| 273 | what operation they are observing. Also long names force expressions to fit |
| 274 | on several lines which also cause some difficulties to the reader. See the |
| 275 | example below : |
| 276 | |
| 277 | int file_name_len_including_global_path; |
| 278 | int file_name_len_without_global_path; |
| 279 | int global_path_len_or_zero_if_default; |
| 280 | |
| 281 | if (global_path) |
| 282 | global_path_len_or_zero_if_default = strlen(global_path); |
| 283 | else |
| 284 | global_path_len_or_zero_if_default = 0; |
| 285 | |
| 286 | file_name_len_without_global_path = strlen(file_name); |
| 287 | file_name_len_including_global_path = |
| 288 | file_name_len_without_global_path + 1 + /* for '/' */ |
| 289 | global_path_len_or_zero_if_default ? |
| 290 | global_path_len_or_zero_if_default : default_path_len; |
| 291 | |
| 292 | Compare it to this one : |
| 293 | |
| 294 | int f, p; |
| 295 | |
| 296 | p = global_path ? strlen(global_path) : default_path_len; |
| 297 | f = p + 1 + strlen(file_name); /* 1 for '/' */ |
| 298 | |
| 299 | A good rule of thumb is that if your identifiers start to contain more than |
| 300 | 3 words or more than 15 characters, they can become confusing. For function |
| 301 | names it's less important especially if these functions are rarely used or |
| 302 | are used in a complex context where it is important to differenciate between |
| 303 | their multiple variants. |
| 304 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 305 | 9) Unified diff only |
| 306 | |
| 307 | The best way to build your patches is to use "git format-patch". This means |
| 308 | that you have committed your patch to a local branch, with an appropriate |
| 309 | subject line and a useful commit message explaining what the patch attempts |
| 310 | to do. It is not strictly required to use git, but what is strictly required |
| 311 | is to have all these elements in the same mail, easily distinguishible, and |
| 312 | a patch in "diff -up" format (which is also the format used by Git). This |
| 313 | means the "unified" diff format must be used exclusively, and with the |
| 314 | function name printed in the diff header of each block. That significantly |
| 315 | helps during reviews. Keep in mind that most reviews are done on the patch |
| 316 | and not on the code after applying the patch. Your diff must keep some |
| 317 | context (3 lines above and 3 lines below) so that there's no doubt where the |
| 318 | code has to be applied. Don't change code outside of the context of your |
| 319 | patch (eg: take care of not adding/removing empty lines once you remove |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 320 | your debugging code). If you are using Git (which is strongly recommended), |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 321 | always use "git show" after doing a commit to ensure it looks good, and |
| 322 | enable syntax coloring that will automatically report in red the trailing |
| 323 | spaces or tabs that your patch added to the code and that must absolutely be |
| 324 | removed. These ones cause a real pain to apply patches later because they |
| 325 | mangle the context in an invisible way. Such patches with trailing spaces at |
| 326 | end of lines will be rejected. |
| 327 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 328 | 10) One patch per feature |
| 329 | |
| 330 | Please cut your work in series of patches that can be independently reviewed |
| 331 | and merged. Each patch must do something on its own that you can explain to |
| 332 | someone without being ashamed of what you did. For example, you must not say |
| 333 | "This is the patch that implements SSL, it was tricky". There's clearly |
| 334 | something wrong there, your patch will be huge, will definitely break things |
| 335 | and nobody will be able to figure what exactly introduced the bug. However |
| 336 | it's much better to say "I needed to add some fields in the session to store |
| 337 | the SSL context so this patch does this and doesn't touch anything else, so |
| 338 | it's safe". Also when dealing with series, you will sometimes fix a bug that |
| 339 | one of your patches introduced. Please do merge these fixes (eg: using git |
| 340 | rebase -i and squash or fixup), as it is not acceptable to see patches which |
| 341 | introduce known bugs even if they're fixed later. Another benefit of cleanly |
| 342 | splitting patches is that if some of your patches need to be reworked after |
| 343 | a review, the other ones can still be merged so that you don't need to care |
| 344 | about them anymore. When sending multiple patches for review, prefer to send |
| 345 | one e-mail per patch than all patches in a single e-mail. The reason is that |
| 346 | not everyone is skilled in all areas nor has the time to review everything |
| 347 | at once. With one patch per e-mail, it's easy to comment on a single patch |
| 348 | without giving an opinion on the other ones, especially if a long thread |
| 349 | starts about one specific patch on the mailing list. "git send-email" does |
| 350 | that for you though it requires a few trials before getting it right. |
| 351 | |
| 352 | If you can, please always put all the bug fixes at the beginning of the |
| 353 | series. This often makes it easier to backport them because they will not |
| 354 | depend on context that your other patches changed. |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 355 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 356 | 11) Real commit messages please! |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 357 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 358 | Please properly format your commit messages. To get an idea, just run |
| 359 | "git log" on the file you've just modified. Patches always have the format |
| 360 | of an e-mail made of a subject, a description and the actual patch. If you |
| 361 | are sending a patch as an e-mail formatted this way, it can quickly be |
| 362 | applied with limited effort so that's acceptable : |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 363 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 364 | - A subject line (may wrap to the next line, but please read below) |
| 365 | - an empty line (subject delimiter) |
| 366 | - a non-empty description (the body of the e-mail) |
| 367 | - the patch itself |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 368 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 369 | The subject describes the "What" of the change ; the description explains |
| 370 | the "why", the "how" and sometimes "what next". For example a commit message |
| 371 | looking like this will be rejected : |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 372 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 373 | | From: Mr Foobar <foobar@example.com> |
| 374 | | Subject: BUG: fix typo in ssl_sock |
| 375 | | |
| 376 | |
| 377 | This one as well (too long subject, not the right place for the details) : |
| 378 | |
| 379 | | From: Mr Foobar <foobar@example.com> |
| 380 | | Subject: BUG/MEDIUM: ssl: use an error flag to prevent ssl_read() from |
| 381 | | returning 0 when dealing with large buffers because that can cause |
| 382 | | an infinite loop |
| 383 | | |
| 384 | |
| 385 | This one ought to be used instead : |
| 386 | |
| 387 | | From: Mr Foobar <foobar@example.com> |
| 388 | | Subject: BUG/MEDIUM: ssl: fix risk of infinite loop in ssl_sock |
| 389 | | |
| 390 | | ssl_read() must not return 0 on error or the caller may loop forever. |
| 391 | | Instead we add a flag to the connection to notify about the error and |
| 392 | | check it at all call places. This situation can only happen with large |
| 393 | | buffers so a workaround is to limit buffer sizes. Another option would |
| 394 | | have been to return -1 but it required to use signed ints everywhere |
| 395 | | and would have made the patch larger and riskier. This fix should be |
| 396 | | backported to versions 1.2 and upper. |
| 397 | |
| 398 | It is important to understand that for any reader to guess the text above |
| 399 | when it's absent, it will take a huge amount of time. If you made the |
| 400 | analysis leading to your patch, you must explain it, including the ideas |
| 401 | you dropped if you had a good reason for this. |
| 402 | |
| 403 | While it's not strictly required to use Git, it is strongly recommended |
| 404 | because it helps you do the cleanest job with the least effort. But if you |
| 405 | are comfortable with writing clean e-mails and inserting your patches, you |
| 406 | don't need to use Git. |
| 407 | |
| 408 | But in any case, it is important that there is a clean description of what |
| 409 | the patch does, the motivation for what it does, why it's the best way to do |
| 410 | it, its impacts, and what it does not yet cover. Also, in HAProxy, like many |
| 411 | projects which take a great care of maintaining stable branches, patches are |
| 412 | reviewed later so that some of them can be backported to stable releases. |
| 413 | |
| 414 | While reviewing hundreds of patches can seem cumbersome, with a proper |
| 415 | formatting of the subject line it actually becomes very easy. For example, |
| 416 | here's how one can find patches that need to be reviewed for backports (bugs |
| 417 | and doc) between since commit ID 827752e : |
| 418 | |
| 419 | $ git log --oneline 827752e.. | grep 'BUG\|DOC' |
| 420 | 0d79cf6 DOC: fix function name |
| 421 | bc96534 DOC: ssl: missing LF |
| 422 | 10ec214 BUG/MEDIUM: lua: the lua fucntion Channel:close() causes a segf |
| 423 | bdc97a8 BUG/MEDIUM: lua: outgoing connection was broken since 1.6-dev2 |
| 424 | ba56d9c DOC: mention support for RFC 5077 TLS Ticket extension in start |
| 425 | f1650a8 DOC: clarify some points about SSL and the proxy protocol |
| 426 | b157d73 BUG/MAJOR: peers: fix current table pointer not re-initialized |
| 427 | e1ab808 BUG/MEDIUM: peers: fix wrong message id on stick table updates |
| 428 | cc79b00 BUG/MINOR: ssl: TLS Ticket Key rotation broken via socket comma |
| 429 | d8e42b6 DOC: add new file intro.txt |
| 430 | c7d7607 BUG/MEDIUM: lua: bad error processing |
| 431 | 386a127 DOC: match several lua configuration option names to those impl |
| 432 | 0f4eadd BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 creates a |
| 433 | |
| 434 | It is made possible by the fact that subject lines are properly formatted and |
| 435 | always respect the same principle : one part indicating the nature and |
| 436 | severity of the patch, another one to indicate which subsystem is affected, |
| 437 | and the last one is a succinct description of the change, with the important |
| 438 | part at the beginning so that it's obvious what it does even when lines are |
| 439 | truncated like above. The whole stable maintenance process relies on this. |
| 440 | For this reason, it is mandatory to respect some easy rules regarding the |
| 441 | way the subject is built. Please see the section below for more information |
| 442 | regarding this formatting. |
| 443 | |
| 444 | As a rule of thumb, your patch must never be made only of a subject line, |
| 445 | it *must* contain a description. Even one or two lines, or indicating |
| 446 | whether a backport is desired or not. It turns out that single-line commits |
| 447 | are so rare in the Git world that they require special manual (hence |
| 448 | painful) handling when they are backported, and at least for this reason |
| 449 | it's important to keep this in mind. |
| 450 | |
| 451 | 12) Discuss on the mailing list |
| 452 | |
| 453 | When submitting changes, please always CC the mailing list address so that |
| 454 | everyone gets a chance to spot any issue in your code. It will also serve |
| 455 | as an advertisement for your work, you'll get more testers quicker and |
| 456 | you'll feel better knowing that people really use your work. It's often |
| 457 | convenient to prepend "[PATCH]" in front of your mail's subject to mention |
| 458 | that this e-mail contains a patch (or a series of patches), because it will |
| 459 | easily catch reviewer's attention. It's automatically done by tools such as |
| 460 | "git format-patch" and "git send-email". If you don't want your patch to be |
| 461 | merged yet and prefer to show it for discussion, better tag it as "[RFC]" |
| 462 | (stands for "Request For Comments") and it will be reviewed but not merged |
| 463 | without your approval. It is also important to CC any author mentioned in |
| 464 | the file you change, or a subsystem maintainers whose address is mentioned |
| 465 | in a MAINTAINERS file. Not everyone reads the list on a daily basis so it's |
| 466 | very easy to miss some changes. Don't consider it as a failure when a |
| 467 | reviewer tells you you have to modify your patch, actually it's a success |
| 468 | because now you know what is missing for your work to get accepted. That's |
| 469 | why you should not hesitate to CC enough people. Don't copy people who have |
| 470 | no deal with your work area just because you found their address on the |
| 471 | list. That's the best way to appear careless about their time and make them |
| 472 | reject your changes in the future. |
| 473 | |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 474 | |
| 475 | Patch classifying rules |
| 476 | ----------------------- |
| 477 | |
| 478 | There are 3 criteria of particular importance in any patch : |
| 479 | - its nature (is it a fix for a bug, a new feature, an optimization, ...) |
| 480 | - its importance, which generally reflects the risk of merging/not merging it |
| 481 | - what area it applies to (eg: http, stats, startup, config, doc, ...) |
| 482 | |
| 483 | It's important to make these 3 criteria easy to spot in the patch's subject, |
| 484 | because it's the first (and sometimes the only) thing which is read when |
| 485 | reviewing patches to find which ones need to be backported to older versions. |
| 486 | It also helps when trying to find which patch is the most likely to have caused |
| 487 | a regression. |
| 488 | |
| 489 | Specifically, bugs must be clearly easy to spot so that they're never missed. |
| 490 | Any patch fixing a bug must have the "BUG" tag in its subject. Most common |
| 491 | patch types include : |
| 492 | |
| 493 | - BUG fix for a bug. The severity of the bug should also be indicated |
| 494 | when known. Similarly, if a backport is needed to older versions, |
| 495 | it should be indicated on the last line of the commit message. If |
| 496 | the bug has been identified as a regression brought by a specific |
| 497 | patch or version, this indication will be appreciated too. New |
| 498 | maintenance releases are generally emitted when a few of these |
| 499 | patches are merged. If the bug is a vulnerability for which a CVE |
| 500 | identifier was assigned before you publish the fix, you can mention |
| 501 | it in the commit message, it will help distro maintainers. |
| 502 | |
Tim Düsterhus | 4896c44 | 2016-11-29 02:15:19 +0100 | [diff] [blame] | 503 | - CLEANUP code cleanup, silence of warnings, etc... theoretically no impact. |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 504 | These patches will rarely be seen in stable branches, though they |
| 505 | may appear when they remove some annoyance or when they make |
| 506 | backporting easier. By nature, a cleanup is always of minor |
| 507 | importance and it's not needed to mention it. |
| 508 | |
| 509 | - DOC updates to any of the documentation files, including README. Many |
| 510 | documentation updates are backported since they don't impact the |
| 511 | product's stability and may help users avoid bugs. So please |
| 512 | indicate in the commit message if a backport is desired. When a |
| 513 | feature gets documented, it's preferred that the doc patch appears |
| 514 | in the same patch or after the feature patch, but not before, as it |
| 515 | becomes confusing when someone working on a code base including |
| 516 | only the doc patch won't understand why a documented feature does |
| 517 | not work as documented. |
| 518 | |
| 519 | - REORG code reorganization. Some blocks may be moved to other places, |
| 520 | some important checks might be swapped, etc... These changes |
| 521 | always present a risk of regression. For this reason, they should |
| 522 | never be mixed with any bug fix nor functional change. Code is |
| 523 | only moved as-is. Indicating the risk of breakage is highly |
| 524 | recommended. Minor breakage is tolerated in such patches if trying |
| 525 | to fix it at once makes the whole change even more confusing. That |
| 526 | may happen for example when some #ifdefs need to be propagated in |
| 527 | every file consecutive to the change. |
| 528 | |
| 529 | - BUILD updates or fixes for build issues. Changes to makefiles also fall |
| 530 | into this category. The risk of breakage should be indicated if |
| 531 | known. It is also appreciated to indicate what platforms and/or |
| 532 | configurations were tested after the change. |
| 533 | |
| 534 | - OPTIM some code was optimised. Sometimes if the regression risk is very |
| 535 | low and the gains significant, such patches may be merged in the |
| 536 | stable branch. Depending on the amount of code changed or replaced |
| 537 | and the level of trust the author has in the change, the risk of |
| 538 | regression should be indicated. |
| 539 | |
| 540 | - RELEASE release of a new version (development or stable). |
| 541 | |
| 542 | - LICENSE licensing updates (may impact distro packagers). |
| 543 | |
| 544 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 545 | When the patch cannot be categorized, it's best not to put any type tag, and to |
| 546 | only use a risk or complexity information only as below. This is commonly the |
| 547 | case for new features, which development versions are mostly made of. |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 548 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 549 | The importance, complexity of the patch, or severity of the bug it fixes must |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 550 | be indicated when relevant. A single upper-case word is preferred, among : |
| 551 | |
| 552 | - MINOR minor change, very low risk of impact. It is often the case for |
| 553 | code additions that don't touch live code. As a rule of thumb, a |
| 554 | patch tagged "MINOR" is safe enough to be backported to stable |
| 555 | branches. For a bug, it generally indicates an annoyance, nothing |
| 556 | more. |
| 557 | |
| 558 | - MEDIUM medium risk, may cause unexpected regressions of low importance or |
| 559 | which may quickly be discovered. In short, the patch is safe but |
| 560 | touches working areas and it is always possible that you missed |
| 561 | something you didn't know existed (eg: adding a "case" entry or |
| 562 | an error message after adding an error code to an enum). For a bug, |
| 563 | it generally indicates something odd which requires changing the |
| 564 | configuration in an undesired way to work around the issue. |
| 565 | |
| 566 | - MAJOR major risk of hidden regression. This happens when large parts of |
| 567 | the code are rearranged, when new timeouts are introduced, when |
| 568 | sensitive parts of the session scheduling are touched, etc... We |
| 569 | should only exceptionally find such patches in stable branches when |
| 570 | there is no other option to fix a design issue. For a bug, it |
| 571 | indicates severe reliability issues for which workarounds are |
| 572 | identified with or without performance impacts. |
| 573 | |
| 574 | - CRITICAL medium-term reliability or security is at risk and workarounds, |
| 575 | if they exist, might not always be acceptable. An upgrade is |
| 576 | absolutely required. A maintenance release may be emitted even if |
| 577 | only one of these bugs are fixed. Note that this tag is only used |
| 578 | with bugs. Such patches must indicate what is the first version |
| 579 | affected, and if known, the commit ID which introduced the issue. |
| 580 | |
| 581 | The expected length of the commit message grows with the importance of the |
| 582 | change. While a MINOR patch may sometimes be described in 1 or 2 lines, MAJOR |
| 583 | or CRITICAL patches cannot have less than 10-15 lines to describe exactly the |
| 584 | impacts otherwise the submitter's work will be considered as rough sabotage. |
| 585 | |
| 586 | For BUILD, DOC and CLEANUP types, this tag is not always relevant and may be |
| 587 | omitted. |
| 588 | |
| 589 | The area the patch applies to is quite important, because some areas are known |
| 590 | to be similar in older versions, suggesting a backport might be desirable, and |
| 591 | conversely, some areas are known to be specific to one version. The area is a |
| 592 | single-word lowercase name the contributor find clear enough to describe what |
| 593 | part is being touched. The following tags are suggested but not limitative : |
| 594 | |
| 595 | - examples example files. Be careful, sometimes these files are packaged. |
| 596 | |
| 597 | - tests regression test files. No code is affected, no need to upgrade. |
| 598 | |
| 599 | - init initialization code, arguments parsing, etc... |
| 600 | |
| 601 | - config configuration parser, mostly used when adding new config keywords |
| 602 | |
| 603 | - http the HTTP engine |
| 604 | |
| 605 | - stats the stats reporting engine |
| 606 | |
| 607 | - cli the stats socket CLI |
| 608 | |
| 609 | - checks the health checks engine (eg: when adding new checks) |
| 610 | |
| 611 | - sample the sample fetch system (new fetch or converter functions) |
| 612 | |
| 613 | - acl the ACL processing core or some ACLs from other areas |
| 614 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 615 | - filters everything related to the filters core |
| 616 | |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 617 | - peers the peer synchronization engine |
| 618 | |
| 619 | - lua the Lua scripting engine |
| 620 | |
| 621 | - listeners everything related to incoming connection settings |
| 622 | |
| 623 | - frontend everything related to incoming connection processing |
| 624 | |
| 625 | - backend everything related to LB algorithms and server farm |
| 626 | |
| 627 | - session session processing and flags (very sensible, be careful) |
| 628 | |
| 629 | - server server connection management, queueing |
| 630 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 631 | - spoe SPOE code |
| 632 | |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 633 | - ssl the SSL/TLS interface |
| 634 | |
| 635 | - proxy proxy maintenance (start/stop) |
| 636 | |
| 637 | - log log management |
| 638 | |
| 639 | - poll any of the pollers |
| 640 | |
| 641 | - halog the halog sub-component in the contrib directory |
| 642 | |
| 643 | - contrib any addition to the contrib directory |
| 644 | |
| 645 | Other names may be invented when more precise indications are meaningful, for |
| 646 | instance : "cookie" which indicates cookie processing in the HTTP core. Last, |
| 647 | indicating the name of the affected file is also a good way to quickly spot |
| 648 | changes. Many commits were already tagged with "stream_sock" or "cfgparse" for |
| 649 | instance. |
| 650 | |
| 651 | It is required that the type of change and the severity when relevant are |
| 652 | indicated, as well as the touched area when relevant as well in the patch |
| 653 | subject. Normally, we would have the 3 most often. The two first criteria should |
| 654 | be present before a first colon (':'). If both are present, then they should be |
| 655 | delimited with a slash ('/'). The 3rd criterion (area) should appear next, also |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 656 | followed by a colon. Thus, all of the following subject lines are valid : |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 657 | |
Willy Tarreau | 138544f | 2017-03-31 16:24:44 +0200 | [diff] [blame^] | 658 | Examples of subject lines : |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 659 | - DOC: document options forwardfor to logasap |
| 660 | - DOC/MAJOR: reorganize the whole document and change indenting |
| 661 | - BUG: stats: connection reset counters must be plain ascii, not HTML |
| 662 | - BUG/MINOR: stats: connection reset counters must be plain ascii, not HTML |
| 663 | - MEDIUM: checks: support multi-packet health check responses |
| 664 | - RELEASE: Released version 1.4.2 |
| 665 | - BUILD: stats: stdint is not present on solaris |
| 666 | - OPTIM/MINOR: halog: make fgets parse more bytes by blocks |
| 667 | - REORG/MEDIUM: move syscall redefinition to specific places |
| 668 | |
| 669 | Please do not use square brackets anymore around the tags, because they induce |
| 670 | more work when merging patches, which need to be hand-edited not to lose the |
| 671 | enclosed part. |
| 672 | |
| 673 | In fact, one of the only square bracket tags that still makes sense is '[RFC]' |
| 674 | at the beginning of the subject, when you're asking for someone to review your |
| 675 | change before getting it merged. If the patch is OK to be merged, then it can |
| 676 | be merge as-is and the '[RFC]' tag will automatically be removed. If you don't |
| 677 | want it to be merged at all, you can simply state it in the message, or use an |
| 678 | alternate 'WIP/' prefix in front of your tag tag ("work in progress"). |
| 679 | |
| 680 | The tags are not rigid, follow your intuition first, and they may be readjusted |
| 681 | when your patch is merged. It may happen that a same patch has a different tag |
| 682 | in two distinct branches. The reason is that a bug in one branch may just be a |
| 683 | cleanup or safety measure in the other one because the code cannot be triggered. |
| 684 | |
| 685 | |
| 686 | Working with Git |
| 687 | ---------------- |
| 688 | |
| 689 | For a more efficient interaction between the mainline code and your code, you |
| 690 | are strongly encouraged to try the Git version control system : |
| 691 | |
| 692 | http://git-scm.com/ |
| 693 | |
| 694 | It's very fast, lightweight and lets you undo/redo your work as often as you |
| 695 | want, without making your mistakes visible to the rest of the world. It will |
| 696 | definitely help you contribute quality code and take other people's feedback |
| 697 | in consideration. In order to clone the HAProxy Git repository : |
| 698 | |
| 699 | $ git clone http://git.haproxy.org/git/haproxy.git/ (development) |
| 700 | |
| 701 | If you decide to use Git for your developments, then your commit messages will |
| 702 | have the subject line in the format described above, then the whole description |
| 703 | of your work (mainly why you did it) will be in the body. You can directly send |
| 704 | your commits to the mailing list, the format is convenient to read and process. |
| 705 | |
| 706 | It is recommended to create a branch for your work that is based on the master |
| 707 | branch : |
| 708 | |
| 709 | $ git checkout -b 20150920-fix-stats master |
| 710 | |
| 711 | You can then do your work and even experiment with multiple alternatives if you |
| 712 | are not completely sure that your solution is the best one : |
| 713 | |
| 714 | $ git checkout -b 20150920-fix-stats-v2 |
| 715 | |
| 716 | Then reorder/merge/edit your patches : |
| 717 | |
| 718 | $ git rebase -i master |
| 719 | |
| 720 | When you think you're ready, reread your whole patchset to ensure there is no |
Tim Düsterhus | 4896c44 | 2016-11-29 02:15:19 +0100 | [diff] [blame] | 721 | formatting or style issue : |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 722 | |
| 723 | $ git show master.. |
| 724 | |
| 725 | And once you're satisfied, you should update your master branch to be sure that |
Thiago Farina | 9f72a39 | 2016-04-01 16:43:50 -0300 | [diff] [blame] | 726 | nothing changed during your work (only needed if you left it unattended for days |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 727 | or weeks) : |
| 728 | |
| 729 | $ git checkout -b 20150920-fix-stats-rebased |
| 730 | $ git fetch origin master:master |
| 731 | $ git rebase master |
| 732 | |
Thiago Farina | 9f72a39 | 2016-04-01 16:43:50 -0300 | [diff] [blame] | 733 | You can build a list of patches ready for submission like this : |
Willy Tarreau | 11e334d9 | 2015-09-20 22:31:42 +0200 | [diff] [blame] | 734 | |
| 735 | $ git format-patch master |
| 736 | |
| 737 | The output files are the patches ready to be sent over e-mail, either via a |
| 738 | regular e-mail or via git send-email (carefully check the man page). Don't |
| 739 | destroy your other work branches until your patches get merged, it may happen |
| 740 | that earlier designs will be preferred for various reasons. Patches should be |
| 741 | sent to the mailing list : haproxy@formilux.org and CCed to relevant subsystem |
| 742 | maintainers or authors of the modified files if their address appears at the |
| 743 | top of the file. |
| 744 | |
| 745 | Please don't send pull-requests, they are really unconvenient. First, a pull |
| 746 | implies a merge operation and the code doesn't move fast enough to justify the |
| 747 | use of merges. Second, pull requests are not easily commented on by the |
| 748 | project's participants, contrary to e-mails where anyone is allowed to have an |
| 749 | opinion and to express it. |
| 750 | |
| 751 | -- end |