Hi,
dev14 was quite calm but we got exactly 3 reports of users experiencing
some high CPU usage patterns caused by the poll loop spinning with an
unprocessed Jvent. This bug was very timing dependant and mostly affects
TCP-based proxies, though in theory it could also affect HTTP with an even
lower probability (it took days to find the proper machine combination to
reproduce it).
With the continued help from Bryan Berry and Baptiste Assmann, we could
finally isolate the bug, understand it and fix it, which was confirmed
yesterday by Bryan.
Another annoying bug that was fixed was a file descriptor leak when
logging SSL protocol and/or cipher (%sslv/%sslc) since dev14.
Among the other interesting bugs fixed, most of us have been experiencing
for years some occasional "SD" flags in their logs and "resp errors" in
the stats page that were never explained. This was in fact an error on the
client propagated to the server that was diagnosed as a server fault, but
the fault really is the client's. This has been fixed and now the haproxy
demo page does not report any server error at all anymore. This bug also
affects 1.4 and maybe 1.3, I'll have to check.
The gzip compression is not applied anymore to responses with a status
different from 200 nor to multipart responses. Byte-ranges are not
compatible with compression, and 200 is where almost all the compressible
traffic is, so let's stay on the safe side of affairs! Some stats were
added on the compression in the stats page.
SSL to the server was failing the first connection when presenting a
certificate. This has been fixed. SSL and PROXY protocol handshake
errors are now logged. The logs are still not very detailed but they
clearly help spotting what is not working during debug. The SSL cache
was also improved to take less space by default and to support larger
entries for large client certs. This has been done by managing fragmented
blocks.
Some build errors on Solaris were fixed thanks to the tests and reports
from Benjamin Polidore.
Pattern conversion in stick-tables was broken in dev13 and was fixed now.
A much requested feature is the support for L7 information in track-counters.
In practice, this only works for content tracking and is a bit tricky, but
with some efforts it is possible to stick on an IP address that was extracted
from the X-Forwarded-For header passed with the request for example. Some
"base32" and "base32+src" fetch methods were added to provide a 32-bit hash
of the base URL (host+uri) and to concatenate it with the source address to
have per-url and per-ip short tracking keys.
That's about all for the main changes, for more details, please check the
changelog.
The usual links follow, and I'm appending the small changelog at the end
of this e-mail.
Site index : http://haproxy.1wt.eu/
Sources : http://haproxy.1wt.eu/download/1.5/src/devel/
Changelog : http://haproxy.1wt.eu/download/1.5/src/CHANGELOG
Cyril's HTML doc :
http://cbonte.github.com/haproxy-dconv/configuration-1.5.html
I know I have already said this twice, but given the small number of
changes and fixes, I do trust this version even more than previous ones.
Thanks again to all participants.
Willy
------ Changelog from 1.5-dev14 to 1.5-dev15 :
- DOC: add a few precisions on compression
- BUG/MEDIUM: ssl: Fix handshake failure on session resumption with client
cert.
- BUG/MINOR: ssl: One free session in cache remains unused.
- BUG/MEDIUM: ssl: first outgoing connection would fail with
{ca,crt}-ignore-err
- MEDIUM: ssl: manage shared cache by blocks for huge sessions.
- MINOR: acl: add fetch for server session rate
- BUG/MINOR: compression: Content-Type is case insensitive
- MINOR: compression: disable on multipart or status != 200
- BUG/MINOR: http: don't report client aborts as server errors
- MINOR: stats: compute the ratio of compressed response based on 2xx
responses
- MINOR: http: factor out the content-type checks
- BUG/MAJOR: stats: correctly check for a possible divide error when
showing compression ratios
- BUILD: ssl: OpenSSL 0.9.6 has no renegociation
- BUG/MINOR: http: disable compression when message has no body
- MINOR: compression: make the stats a bit more robust
- BUG/MEDIUM: comp: DEFAULT_MAXZLIBMEM was expressed in bytes and not
megabytes
- MINOR: connection: don't remove failed handshake flags
- MEDIUM: connection: add an error code in connections
- MEDIUM: connection: add minimal error reporting in logs for incomplete
connections
- MEDIUM: connection: add error reporting for the PROXY protocol header
- MEDIUM: connection: add error reporting for the SSL
- DOC: document the connection error format in logs
- BUG/MINOR: http: don't log a 503 on client errors while waiting for
requests
- BUILD: stdbool is not portable
- BUILD: ssl: NAME_MAX is not portable, use MAXPATHLEN instead
- BUG/MAJOR: raw_sock: must check error code on hangup
- BUG/MAJOR: polling: do not set speculative events on ERR nor HUP
- BUG/MEDIUM: session: fix FD leak when transport layer logging is enabled
- MINOR: stats: add a few more information on session dump
- BUG/MINOR: tcp: set the ADDR_TO_SET flag on outgoing connections
- CLEANUP: connection: remove unused server/proxy/task/si_applet
declarations
- BUG/MEDIUM: tcp: process could theorically crash on lack of source ports
- MINOR: cfgparse: mention "interface" in the list of allowed "source"
options
- MEDIUM: connection: introduce "struct conn_src" for servers and proxies
- CLEANUP: proto_tcp: use the same code to bind servers and backends
- CLEANUP: backend: use the same tproxy address selection code for servers
and backends
- BUG/MEDIUM: stick-tables: conversions to strings were broken in dev13
- MEDIUM: proto_tcp: add support for tracking L7 information
- MEDIUM: counters: add sc1_trackers/sc2_trackers
- MINOR: http: add the "base32" pattern fetch function
- MINOR: http: add the "base32+src" fetch method.
- CLEANUP: session: use an array for the stick counters
- BUG/MINOR: proto_tcp: fix parsing of "table" in track-sc1/2
- BUG/MINOR: proto_tcp: bidirectional fetches not supported anymore in
track-sc1/2
- BUG/MAJOR: connection: always recompute polling status upon I/O
- BUG/MINOR: connection: remove a few synchronous calls to polling updates
- MINOR: config: improve error checking on TCP stick-table tracking
- DOC: add some clarifications to the readme
------
