Hi,
HAProxy 3.1-dev6 was released on 2024/08/21. It added 67 new commits
after version 3.1-dev5.
A few minor bugs were fixed, with the most important one probably be the
recent breakage of command pipeling on the master CLI (commands delimited
by semi-colons passed to a worker). Aside this, the focus was mostly set on
moderately sensitive changes this time:
- the QUIC buffer allocator was replaced. Previously, up to 30 (or even
more if needed, as configured by tune.quic.frontend.conn-tx-buffers.limit)
buffers of 16kB were allocated to send data, regardless of the on-wire
window. This could often result in up to half a megabyte of data allocated
on a connection while distillating data to a slow client. It also wasn't
very efficient in terms of buffer recycling because a full 16kB buffer
could remain attached for just a few hundred bytes of headers. And it
wasn't very easy to experiment with the effects of new congestion control
algorithms. Now this is done diffrently. First, the QUIC mux will allocate
as many buffers as permitted by the congestion control algorithm's send
window, and a limit in bytes is set to limit how large we want a window
to grow. It now becomes easier to tune the maximum per-connection memory
size, knowing that this size will only be allocated if the link quality
to the peer is sufficient to keep these bytes in flight with no loss,
so most of these buffers are quite ephemeral. In addition, there are now
also small buffers (1kB) for use when small data are needed, typically
a short response, or just the headers. This should reduce the memory
usage of the QUIC stack. Since the change is not trivial, there may be
corner cases (we hope not). We're particularly interested in observations
such as increased CPU usage (e.g. maybe more frequent wakeups since working
with a lower latency), or timeouts (none were noticed in tests but we know
that tests != prod). The old tune.quic.frontend.conn-tx-buffers.limit
setting is now ignored and will emit a warning directing to the new one.
- logs: after some discussion around GitHub issue 2642 regarding the recent
stricter checks for logformat expression, we realized that these checks
are in fact a thing of the past, an era where sample fetch functions
ought not be called from a wrong context at all. But this has been
addressed a bunch of versions ago (2.0 or so) and we don't need to be
strict anymore (and the proof is that previous versions wouldn't report
issues and were working, possibly silently reporting an empty field). So
we decided to relax that painful check and only emit it in diag mode (-dD)
as a hint that something might possibly not work as expected. Anyway, with
multiple log points coming, this situation was not sustainable anymore,
users would start to get crazy trying to create their log formats! This
will normally be backported to 3.0 as well to apease users facing this
problem.
- log: the "option tcplog" now supports the optional "clf" argument, like
"httplog" and "httpslog", as apparently there are a few users who prefer
to rely on that format for everything. That definitely makes sense IMHO.
There's a pending patch to add the corresponding environment variables
defining the format but I forgot to review it before that release. Will
do when idle time increases again.
- config: many of the hard-coded global keywords were moved to a
proper keyword list. That's the beginning of a serious long-term
cleanup that is needed anyway to simplify the master process startup
mechanism. In addition, files loaded from stdin are now limited to
about 10MB by default. Almost nobody uses stdin to feed files, and
10MB starts to be quite a serious size. That's an effective way to
avoid pre-loading a log file, a map file or such a huge thing by
accident. The limit could be changed if anyone had concerns about
this.
- protocols: some super-rare binding failures could be incorrectly
reported with TCP and unix stream sockets. For TCP this would happen
on linux with more than 32k listeners on the same ip:port. The error
output would be freed before being displayed, leaving the user with
something as verbose as "failed to start listeners" or something in
that vein.
- proto: the internal protocol registration mechanism was slightly updated
to permit to generalize the variants that are sometimes needed (abns,
mptcp etc) that sometimes need to resort to ugly hacks. We should try
again to integrate Tristan's past work on abns as, if my memory serves
me right, the code dealing with the parsing and setting of the addresses
was correct, and the trouble was on the registration part.
For the rest, it's usual CI updates, doc cleanups, minor changes to the stats
page (apparently some colors were not readable in dark mode). Ah and we've
re-enabled the stable-bot that periodically reminds us how late we are on
the stable releases. Hopefully this will detect we're slipping earlier. In
the recent past, some branches were left a bit forgotten for too long.
And that's about all. There are two concerning pending issues, one
about some POSTs sometimes being blocked when the fast-forwarding is
enabled on 3.0, that I still couldn't reproduce, but one observation
that matches between at least two reports is that it happened with git
as a client. Not sure yet how to reproduce that, but one user kindly
sent me a complete trace privately, so I'll switch to analyse it very
soon. Hopefully the explanation is there. The other one was a case of
crashing appctx reported by Christian Ruppert in issue 2656 affecting
3.0, but Christopher had a tentative patch. Very likely these two ones
also affect 3.1-dev, but as usual, those who help us by running -dev are
used to being a bit more careful.
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/3.1/src/
Git repository : https://git.haproxy.org/git/haproxy.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy.git
Changelog : https://www.haproxy.org/download/3.1/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Amaury Denoyelle (18):
BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID
MINOR: mux-quic: do not trace error in qcc_send_frames() on empty list
BUG/MINOR: h3: properly reject too long header responses
DOC: quic: fix default minimal value for max window size
DOC: quic: document nocc debug congestion algorithm
MINOR: quic: extract config window-size parsing
MINOR: quic: define max-window-size config setting
MINOR: quic: allocate stream txbuf via qc_stream_desc API
MINOR: mux-quic: account stream txbuf in QCC
MEDIUM: mux-quic: implement API to ignore txbuf limit for some streams
MINOR: h3: mark control stream as metadata
MINOR: mux-quic: define buf_in_flight
MAJOR: mux-quic: allocate Tx buffers based on congestion window
MINOR: quic/config: adapt settings to new conn buffer limit
MINOR: quic: define sbuf pool
MINOR: quic: support sbuf allocation in quic_stream
MEDIUM: h3: allocate small buffers for headers frames
MINOR: mux-quic: retry after small buf alloc failure
Aurelien DARRAGON (2):
MEDIUM: log: relax some checks and emit diag warnings instead in
lf_expr_postcheck()
MINOR: log: "drop" support for log-profile steps
Ilia Shipitsin (4):
CI: keep logs for failed QIUC Interop jobs
CI: QUIC Interop LibreSSL: document chacha20 test status
CI: modernize codespell action, switch to node 16
CI: QUIC Interop AWS-LC: enable chrome client
Nathan Wehrman (2):
DOC: config: correct the table for option tcplog
MINOR: Implements new log format of option tcplog clf
Nicolas CARPi (4):
DOC: lua: fix incorrect english in lua.txt
BUG/MINOR: stats: fix color of input elements in dark mode
CLEANUP: stats: use modern DOCTYPE tag
BUG/MINOR: stats: add lang attribute to html tag
Valentine Krasnobaeva (19):
BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails
BUG/MINOR: proto_tcp: keep error msg if listen() fails
MINOR: proto_tcp: tcp_bind_listener: copy errno in errmsg
MINOR: cfgparse: load_cfg_in_mem: fix null ptr dereference reported by
coverity
MINOR: startup: fix unused value reported by coverity
BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails
BUG/MINOR: cfgparse: parse_cfg: fix null ptr dereference reported by
coverity
MINOR: proto_uxst: copy errno in errmsg for syscalls
BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity
BUG/MINOR: pattern: pat_ref_set: return 0 if err was found
MINOR: cfgparse: limit file size loaded via /dev/stdin
BUG/MINOR: cfgparse-global: fix err msg in mworker keyword parser
BUG/MINOR: cfgparse-global: clean common_kw_list
BUG/MINOR: cfgparse-global: remove redundant goto
MINOR: cfgparse-global: move 'pidfile' in global keywords list
MINOR: cfgparse-global: move 'expose-*' in global keywords list
MINOR: cfgparse-global: move tune options in global keywords list
MINOR: cfgparse-global: move unsupported keywords in global list
BUG/MINOR: cfgparse-global: remove tune.fast-forward from common_kw_list
William Lallemand (8):
MINOR: channel: implement ci_insert() function
BUG/MEDIUM: mworker/cli: fix pipelined modes on master CLI
REGTESTS: mcli: test the pipelined commands on master CLI
CLEANUP: mworker/cli: clean up the mode handling
BUG/MINOR: release-estimator: fix relative scheme in CHANGELOG URL
MINOR: release-estimator: add requirements.txt
MINOR: release-estimator: add installation steps in README.md
MINOR: release-estimator: fix the shebang of the python script
Willy Tarreau (10):
BUG/MINOR: tools: make fgets_from_mem() stop at the end of the input
MINOR: quic: store the lost packets counter in the quic_cc_event element
MINOR: quic: support a tolerance for spurious losses
MINOR: protocol: properly assign the sock_domain and sock_family
MINOR: protocol: add a family lookup
MEDIUM: socket: always properly use the sock_domain for requested families
MINOR: protocol: add the real address family to the protocol
MINOR: socket: don't ban all custom families from reuseport
MINOR: protocol: always initialize the receivers list on registration
CLEANUP: protocol: no longer initialize .receivers nor .nb_receivers
---
