Hi, HAProxy 3.0-dev7 was released on 2024/04/06. It added 73 new commits after version 3.0-dev6.
Among the changes that stand out in this version, here's what I'm seeing: - improvements to the CLI internal API so that the various keyword handlers now have their own buffers. This might possibly uncover a few long-lasting bugs but over time will improve the reliability and avoid the occasional bugs with connections never closing or spinning loops. - we no longer depend on libsystemd. Not only this will avoid pulling in tons of questionable dependencies, this also allows to enable USE_SYSTEMD by default (it's only done on linux-glibc though), thus reducing config combinations. - log load-balancing internals were simplified. The very first version (never merged) didn't rely on backends, thus used to implement its own servers and load-balancing. It was finally remapped to backends and real servers, but the LB algorithms had remained specific, with some exceptions at various places in the setup code to handle them. Now the backends have switched to regular LB algorithms, which not only helps for code maintenance, but also exposes all table-based algorithms to the log backends with support for weights, and also exposed the "sticky" algorithm to TCP and HTTP backends. It's one of these changes which remove code while adding features :-) - Linux capabilities are now properly checked so that haproxy won't complain about permissions for example when used in transparent mode, if capabilities are sufficient. In addition, file-system capabilities set on the binary are also supported now. - stick-tables are now sharded over multiple tree heads each with their own locks. This significantly reduces locking contention on systems with many threads (gains of ~6x measured on a 80-thread systems). In addition, the locking could be reduced even with low thread counts, particulary when using peers, where the performance could be doubled. - cookies are now permitted for dynamically added servers. The only reason they were not previously was that it required to audit the whole cookie initialization/release code to figure whether it had corner cases or not. With that audit now done, the cookies could be allowed. In addition, dynamic cookies were supported a bit by accident with a small defect (one had to set the address again to index the server), and are now properly supported. - the "enabled" keyword used to be silently ignored when adding a dynamic server. Now it's properly rejected to avoid confusing scripts. We don't know yet if it will be supported later or not, so better stay safe. - the key used by consistent hash to map to a server used to always be the server's id (either explicit or implicit, position-based). Now the "hash-key" directive will also allow to use the server's address or address+port for this. The benefit is that multiple LBs with servers in a different order will still send the same hashes to the same servers. - a new "guid" keyword was added for servers, listeners and proxies. The purpose will be to make it possible for external APIs to assign a globally unique object identifier to each of them in stats dumps or CLI accesses, and to later reliably recognize a server upon reloads. For now the identifier is not exploited. - QUIC now supports the HyStart++ (RFC9406) alternative to slowstart with the Cubic algorithm. It's supposed to show better recovery patterns. More testing is needed before enabling it by default. - a few bug fixes (truncated responses when splicing, QUIC crashes on strict-alignment platforms, redispatch 0 didn't work, more OCSP update fixes, proper reporting of too big CLI payload, etc). - some build fixes, code cleanups, CI updates, doc updates, and cleanups of regtests. I think that's all. It's currently up and running on haproxy.org. I'd suspect that with the many stable updates yesterday, we may see less test reports on 3.0-dev7, but please don't forget to test it if you can, that helps a lot ;-) Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/3.0/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy.git Changelog : https://www.haproxy.org/download/3.0/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (8): BUG/MINOR: server: reject enabled for dynamic server MINOR: server: allow cookie for dynamic servers BUG/BUILD: debug: fix unused variable error MINOR: guid: introduce global UID module MINOR: guid: restrict guid format MINOR: proxy: implement GUID support MINOR: server: implement GUID support MINOR: listener: implement GUID support Anthony Deschamps (1): MEDIUM: lb-chash: Deterministic node hashes based on server address Aurelien DARRAGON (14): DOC: config: balance 'first' not usable in LOG mode BUG/MINOR: log/balance: detect if user tries to use unsupported algo MINOR: lbprm: implement true "sticky" balance algo MEDIUM: log/balance: leverage lbprm api for log load-balancing BUG/MEDIUM: server/lbprm: fix crash in _srv_set_inetaddr_port() BUG/MINOR: proxy: fix logformat expression leak in use_backend rules MEDIUM: log: rename logformat var to logformat tag MINOR: log: expose logformat_tag struct MEDIUM: log: carry tag context in logformat node MEDIUM: tree-wide: add logformat expressions wrapper MINOR: proxy: add PR_FL_CHECKED flag MAJOR: log: implement proper postparsing for logformat expressions MEDIUM: log: add compiling logic to logformat expressions MEDIUM: proxy/log: leverage lf_expr API for logformat preparsing Christopher Faulet (14): REGTESTS: Fix script about OCSP update compatibility tests BUG/MINOR: cli: Report an error to user if command or payload is too big MINOR: sc_strm: Add generic version to perform sync receives and sends MEDIUM: stream: Use generic version to perform sync receives and sends MEDIUM: buf: Add b_getline() and b_getdelim() functions MEDIUM: applet: Handle applets with their own buffers in put functions MEDIUM: cli/applet: Stop to test opposite SC in I/O handler of CLI commands MINOR: applet: Always use applet API to set appctx flags BUG/MEDIUM: applet: State appctx have more data if its EOI/EOS/ERROR flag is set MAJOR: cli: Update the CLI applet to handle its own buffers MINOR: applet: Let's applets .snd_buf function deal with full input buffers MINOR: stconn: Add a connection flag to notify sending data are the last ones MAJOR: cli: Use a custom .snd_buf function to only copy the current command BUG/MEDIUM: stconn: Don't forward shutdown to SE if iobuf is not empty Damien Claisse (1): BUG/MINOR: server: fix persistence cookie for dynamic servers Frederic Lecaille (3): MINOR: quic: HyStart++ implementation (RFC 9406) BUILD: quic: 32 bits compilation issue (QUIC_MIN() usage) BUG/MINOR: stick-tables: Missing stick-table key nullity check Ilya Shipitsin (2): CI: vtest: show coredumps if any CI: extend Fedora Rawhide, add m32 mode Nicolas CARPi (1): DOC: configuration: grammar fixes for strict-sni Remi Tricot-Le Breton (5): BUG/MINOR: ssl: Wrong ocsp-update "incompatibility" error message BUG/MINOR: ssl: Detect more 'ocsp-update' incompatibilities MEDIUM: ssl: Add 'tune.ssl.ocsp-update.mode' global option REGTESTS: ssl: Add OCSP update compatibility tests REGTESTS: ssl: Add functional test for global ocsp-update option Tim Duesterhus (7): REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (4) REGTESTS: Remove REQUIRE_VERSION=1.9 from all tests (2) CLEANUP: Reapply ist.cocci (3) CLEANUP: Reapply strcmp.cocci (2) CLEANUP: Reapply xalloc_cast.cocci CLEANUP: Reapply ha_free.cocci MINOR: systemd: Include MONOTONIC_USEC field in RELOADING=1 message Valentine Krasnobaeva (3): BUG/MINOR: init: relax LSTCHK_NETADM checks for non root MEDIUM: capabilities: check process capabilities sets CLEANUP: global: remove LSTCHK_CAP_BIND William Lallemand (3): REGTESTS: ssl: disable ssl/ocsp_auto_update.vtc MEDIUM: mworker: get rid of libsystemd BUILD: systemd: enable USE_SYSTEMD by default with TARGET=linux-glibc Willy Tarreau (11): BUG/MEDIUM: stick-tables: fix a small remaining race in expiration task BUG/MINOR: backend: properly handle redispatch 0 BUG/MEDIUM: stick-table: use the update lock when reading tables from peers BUG/MAJOR: applet: fix a MIN vs MAX usage in appctx_raw_rcv_buf() OPTIM: peers: avoid the locking dance around peer_send_teach_process_msgs() BUILD: systemd: fix build error on non-systemd systems with USE_SYSTEMD=1 BUG/MINOR: bwlim/config: fix missing '\n' after error messages MINOR: stick-tables: mark the seen stksess with a flag "seen" OPTIM: stick-tables: check the stksess without taking the read lock MAJOR: stktable: split the keys across multiple shards to reduce contention BUG/MEDIUM: quic: don't blindly rely on unaligned accesses ---