Hi,
HAProxy 2.6-dev5 was released on 2022/04/09. It added 120 new commits
after version 2.6-dev4.
It's visible that we're progressively getting closer to the end of a
development cycle, updates are arriving faster and cleanups and small
improvements are becoming more numerous.
Aside the usual bug fixes, this version brings:
- a new converter, add_item(), developed by Nikola Sale, which eases
the concatenation of values in headers by automatically prepending
delimiters only when the previous value and the added value are not
empty. It can typically cut in half the number of "set-var" rules
in complex configs.
- httpclient improvements and fixes: now the HTTP client can correctly
buffer a request body and enable L7 retries to transparently deal
with connection errors and torn down keep-alive connections. A final
touch on automatic name resolution is currently being worked on to
complete the whole thing.
- QUIC updates: QUIC was deployed a week ago on https://haproxy.org/
and even if there's little HTTPS traffic there, it already helped
identify minor issues, most of which were addressed. One of them
limits the performance due to the way buffers are handled down the
transmission chain, but this is currently being addressed. I was
very pleased to see that it worked without trouble for 6.5 days,
after which it was restarted for an update. Those interested in
duplicating the experiment can read the latest news on haproxy.org
where the main steps are explained. If there's some demand, maybe
we could write a more detailed howto, but for now I'd rather see
the experts spending their time on polishing the code ;-)
- Opentracing updates: in 2.5 we had to disable the use of variables
between the plugin and the haproxy core because the code was relying
on an original misfeature of the variables which was that they
would never disappear after being created, and this misfeature was
fixed in 2.5, breaking that part of Opentracing. Miroslav finally
found the time to address this and rework it in an elegant way so
that the module is fully functional again. It is technically possible
to backport his work to 2.5 if there is some demand but at this stage
I prefer not to, until there's demand (i.e. some 2.4 users who are
blocked on 2.4 only because of this). If you're using opentracing
and are missing this in 2.5, please voice in. And similarly if you're
using it in 2.5 and would prefer this not to change, feel free to
voice in as well.
- the automatic frontend connection closing mechanism on reload that
was brought into 2.5 caused some concerns to some users, leading
to an option to disable it. Now there's a new global setting,
"close-spread-time", which can be used to indicate that the closure
of idle connections should be randomly spread over that interval, so
that reconnecting clients don't all rush at the same time on the new
process. This applies both to passive close ("connection: close" on
responses), and to active close of idle connections. For best
efficiency, the interval should obviously be shorter than the one
used in "hard-stop-after" if any. We'll also see how to extend the
mechanism to allow never to close at all as there's also some demand
for this.
- the "ca-file" SSL directive now supports a special "@system-ca" name
that requests that the CA provided by default on the operating system
are used. This is convenient for outgoing connections to servers that
use standard certificates emitted by standard CAs. This way you know
that you don't have to maintain your own copy of these CAs and that
your system updates will bring you fresh new ones from time to time.
- for those who have to produce or parse configs (typically ingress
controllers, and the dataplane API), a new set of debug options on
the boot command line was added, "-dK", to dump registered keywords
per category (config, actions, CLI, samples, etc). This applies
after the config loads so that it's also possible to enumerate
keywords brought by a Lua module. If there's no config it will work
by just running a config check on an empty file or /dev/null. The
goal essentially is to compare outputs between versions to detect
syntax changes. Note that many old keywords (those parsed by strcmp)
are not listed.
Regarding what's left to be done before the release, as I mentioned
above, host name resolution for the httpclient will be nice and seems
within reach. There's still quite some QUIC work to be done (improved
buffer management, improved traces, some reliability fixes, cleanups).
There are some pending reworks of some of relation between streams,
connections and applets, to make them more straightforward and help to
avoid a number of bugs in the future, as well as to help fixing issues.
I'll recheck with Björn if we can finish the MPTCP patchset (it was
almost finished for 2.5, but none of us had time to polish it), and
we need to see with Christopher if we can unblock the stream creation
on a different thread so that Maciej can optimize the thread usage on
peers. There were a few tunables I wanted to add for H2, maybe they'll
be added late in the cycle.
Aside this, with Cyril and Tim we've been working on integrating the
doc generation in the CI so that it's automated. That's why there's a
new "docs" repository on the github account. No need to go there for
now, that's not finished but we're working on it, and will announce
the updated URLs once it looks complete.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Wiki : https://github.com/haproxy/wiki/wiki
Sources : http://www.haproxy.org/download/2.6/src/
Git repository : http://git.haproxy.org/git/haproxy.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy.git
Changelog : http://www.haproxy.org/download/2.6/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Aleksandar Lazic (1):
DOC: remove double blanks in configuration.txt
Amaury Denoyelle (23):
BUG/MEDIUM: quic: do not use qcs from quic_stream on ACK parsing
MINOR: mux-quic: return qcs instance from qcc_get_qcs
MINOR: mux-quic: reorganize qcs free
MINOR: mux-quic: define release app-ops
BUG/MINOR: h3: release resources on close
BUG/MINOR: mux-quic: ensure to free all qcs on MUX release
CLEANUP: quic: complete comment on qcs_try_to_consume
MINOR: quic: implement stream descriptor for transport layer
MEDIUM: quic: move transport fields from qcs to qc_conn_stream
MEDIUM: mux-quic: remove qcs tree node
BUG/MEDIUM: quic: ensure quic-conn survives to the MUX
CLEANUP: quic: use static qualifer on quic_close
CLEANUP: mux-quic: remove unused QC_CF_CC_RECV
BUG/MINOR: fix memleak on quic-conn streams cleaning
MINOR: mux-quic: factorize conn-stream attach
MINOR: mux-quic: adjust timeout to accelerate closing
MINOR: mux-quic: define is_active app-ops
MINOR: mux-quic: centralize send operations in qc_send
MEDIUM: mux-quic: report CO_FL_ERROR on send
MEDIUM: mux-quic: report errors on conn-streams
MEDIUM: quic: report closing state for the MUX
CLEANUP: mux-quic: remove uneeded TODO in qc_detach
BUG/MEDIUM: mux-quic: properly release conn-stream on detach
Christopher Faulet (11):
BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers
parsing
BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message
parsing
BUG/MINOR: log: Initialize the list element when allocating a new log
server
BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests
BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message
BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP
applet
BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message
BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is
reached
BUG/MINOR: http_client: Don't add input data on an empty request buffer
BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples
BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid
Frédéric Lécaille (24):
BUG/MEDIUM: quic: Possible crash in ha_quic_set_encryption_secrets()
CLEANUP: quic: Remove all atomic operations on quic_conn struct
CLEANUP: quic: Remove all atomic operations on packet number spaces
MEDIUM: quic: Send ACK frames asap
BUG/MINOR: quic: Missing probing packets when coalescing
BUG/MINOR: quic: Discard Initial packet number space only one time
MINOR: quic: Do not display any timer value from process_timer()
BUG/MINOR: quic: Do not probe from an already probing packet number space
BUG/MINOR: quic: Non duplicated frames upon fast retransmission
BUG/MINOR: quic: Too much prepared retransmissions due to
anti-amplification
MINOR: quic: Useless call to SSL_CTX_set_default_verify_paths()
MINOR: quic: Add traces about list of frames
BUG/MINOR: h3: Missing wait event struct field initialization
BUG/MINOR: quic: QUIC TLS secrets memory leak
BUG/MINOR: quic: Missing ACK range deallocations
BUG/MINOR: quic: Missing TX packet deallocations
MINOR: quic: Add draining connection state.
MINOR: quic: Add closing connection state
BUG/MEDIUM: quic: Possible crash from quic_free_arngs()
MINOR: quic_tls: Add reusable cipher contexts to QUIC TLS contexts
MINOR: quic_tls: Stop hardcoding cipher IV lengths
CLEANUP: quic: Do not set any cipher/group from ssl_quic_initial_ctx()
MINOR: quic: Add short packet key phase bit values to traces
MINOR: quic_tls: Make key update use of reusable cipher contexts
Ilya Shipitsin (1):
CI: github actions: update OpenSSL to 3.0.2
Lukas Tribus (1):
DOC: reflect H2 timeout changes
Miroslav Zagorac (16):
BUG/MINOR: opentracing: setting the return value in function
flt_ot_var_set()
BUG/BUILD: opentracing: fixed OT_DEFINE variable setting
EXAMPLES: opentracing: refined shell scripts for testing filter
performance
DOC: opentracing: corrected comments in function descriptions
CLEANUP: opentracing: removed unused function flt_ot_var_unset()
CLEANUP: opentracing: removed unused function flt_ot_var_get()
Revert "MINOR: opentracing: change the scope of the variable 'ot.uuid'
from 'sess' to 'txn'"
MINOR: opentracing: only takes the variables lock on shared entries
CLEANUP: opentracing: added flt_ot_smp_init() function
CLEANUP: opentracing: added variable to store variable length
MINOR: opentracing: improved normalization of context variable names
DEBUG: opentracing: show return values of all functions in the debug
output
CLEANUP: opentracing: added FLT_OT_PARSE_INVALID_enum enum
DEBUG: opentracing: display the contents of the err variable after setting
MAJOR: opentracing: reenable usage of vars to transmit opentracing context
Revert "BUILD: opentracing: display warning in case of using OT_USE_VARS
at compile time"
Nikola Sale (1):
MINOR: sample: converter: Add add_item convertor
Remi Tricot-Le Breton (2):
BUG/MINOR: ssl/cli: Remove empty lines from CLI output
MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on
time window
William Lallemand (18):
MEDIUM: httpclient/lua: be stricter with httpclient parameters
MINOR: ssl: split the cert commit io handler
MINOR: ssl: move the cert_exts and the CERT_TYPE enum
MINOR: ssl: simplify the certificate extensions array
MINOR: ssl: export ckch_inst_rebuild()
MINOR: ssl: add "crt" in the cert_exts array
MINOR: ssl/lua: CertCache.set() allows to update an SSL certificate file
BUILD: ssl/lua: CacheCert needs OpenSSL
DOC: lua: CertCache class documentation
DOC: management: add missing dot in 9.4.1
MEDIUM: ssl: allow loading of a directory with the ca-file directive
BUG/MINOR: ssl: continue upon error when opening a directory w/ ca-file
MINOR: ssl: ca-file @system-ca loads the system trusted CA
DOC: configuration: add the ca-file changes
BUG/MINOR: ssl: handle X509_get_default_cert_dir() returning NULL
MINOR: httpclient: enable request buffering
MEDIUM: httpclient: enable l7-retry
BUG/MINOR: httpclient: end callback in applet release
Willy Tarreau (22):
BUG/MINOR: samples: add missing context names for sample fetch functions
MINOR: management: add some basic keyword dump infrastructure
MINOR: config: add a function to dump all known config keywords
MINOR: filters: extend flt_dump_kws() to dump to stdout
MINOR: services: extend list_services() to dump to stdout
MINOR: cli: add a new keyword dump function
MINOR: acl: add a function to dump the list of known ACL keywords
MINOR: samples: add a function to list register sample fetch keywords
MINOR: sample: list registered sample converter functions
MINOR: tools: add strordered() to check whether strings are ordered
MINOR: action: add a function to dump the list of actions for a ruleset
MINOR: config: alphanumerically sort config keywords output
MINOR: sample: alphanumerically sort sample & conv keyword dumps
MINOR: acl: alphanumerically sort the ACL dump
MINOR: cli: alphanumerically sort the dump of supported commands
MINOR: filters: alphabetically sort the list of filter names
MINOR: services: alphabetically sort service names
BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads
BUG/MAJOR: mux_pt: always report the connection error to the conn_stream
CLEANUP: hpack: be careful about integer promotion from uint8_t
OPTIM: hpack: read 32 bits at once when possible.
BUG/MINOR: quic: set the source not the destination address on accept()
---
