Hi,
2015-09-29 0:35 GMT+02:00 Willy Tarreau <[email protected]>:
> Hi everyone,
>
> this is the end of a harrassing week! I wanted to issue dev6 last monday
> to have a calm week dedicated to bug fixes and documentation updates only
> and it ended up completely differently with numerous painful bugs rising
> at the same time while Thierry was testing his Lua update which uncovered
> a mess at the applet layer (well, shared between applets and Lua). After
> about 260 e-mails exchanged, thousands of tests and probably a lot of hair
> lost due to head scratching we ended up fixing all the remaining ones last
> night.
>
> So this version comes with a number of important and less important fixes,
> and still a few feature updates that despite the feature freeze were
> desirable to have before the release.
>
> Regarding the bugs first, all reported bugs and all the ones we found
> during the Lua vs applet debugging were fixed in this version, including
> the error on UDP sockets on FreeBSD, the issues causing Lua socket data
> to be truncated, other issues causing the CLI to sometimes ignore client
> disconnect and leak connections, and bugs affecting peers. The complete
> changelog below lists 134 patches among which 35 bug fixes. A few of these
> fixes will be backported to 1.5 as well.
>
> 22 patches concern doc updates, which is in line with our expectations for
> an approaching release. I have still not found the time to write the last
> missing doc piece allowing us to get rid of haproxy-{en,fr}.txt.
>
> Now regarding the last-minute changes that were merged :
>
> - server-state conservation across reload that we've long been talking
> about was finally merged. Please check the backend directive
> load-server-state-from-file in the doc.
>
> - cpu-map is now supported on FreeBSD.
>
> - 51degress device identification changed their API to support last
> version (3.2). I didn't like this last-minute change but I understand
> that sometimes it is better to do that before the release than being
> forced to maintain an older API. The new implementation supports both
> a fetch method (to inspect all headers) and a converter (to inspect
> only a specific one). Please test this as the changes were important!
>
> - DeviceAtlas also updated their module to support both a sample fetch
> function and a converter. Please test this as well, the changes were
> much smaller and I'm less worried though.
>
> - Lua: change in the way actions are registered : instead of calling
> random functions from haproxy, only registered ones may be accessed,
> this is much safer to avoid namespace collisions over the long term
> and to avoid mistakes due to similar looking function names.
>
> - Lua: do not limit socket addresses to IPv4/IPv6, support the same
> address classes as servers (including unix and abstract namespaces).
>
> - Lua: add support for applet registration usable via the new
> "use-service" directive. This allows a script to process contents
> that are not limited to the size of a buffer anymore. It provides
> easy mapping for TCP and HTTP manipulation so that servers are easy
> to write. Thierry showed me that he could reimplement the haproxy
> stats page entirely in Lua using this, so that was definitely something
> to have before the release so that people don't feel limited anymore in
> what they can do in Lua.
>
> - TCP actions: "silent-drop". Finally it got merged as the actions
> registration mechanism made it a no-brainer. It works like a deny except
> that it tries to prevent the TCP RST from reaching the client, so that's
> quite efficient against certain bots and scripts as their connections
> remain established on their side only. It works on Linux and could
> possibly work on other systems (not tested).
I can confirm that silent-drop is not working as expected on FreeBSD
listen drop
bind 80.247.233.40:22222
tcp-request connection silent-drop
08:31:31.324885 IP 82.236.20.129.60620 > 80.247.233.40.22222: Flags
[S], seq 1048805770, win 29200, options [mss 1460,sackOK,TS val
14874937 ecr 0,nop,wscale 7], length 0
08:31:31.324903 IP 80.247.233.40.22222 > 82.236.20.129.60620: Flags
[S.], seq 510555620, ack 1048805771, win 65535, options [mss
1460,nop,wscale 6,sackOK,TS val 1100790208 ecr 14874937], length 0
08:31:31.367359 IP 82.236.20.129.60620 > 80.247.233.40.22222: Flags
[.], ack 1, win 229, options [nop,nop,TS val 14874946 ecr 1100790208],
length 0
08:31:31.367425 IP 80.247.233.40.22222 > 82.236.20.129.60620: Flags
[F.], seq 1, ack 1, win 1040, options [nop,nop,TS val 1100790250 ecr
14874946], length 0
08:31:31.697612 IP 80.247.233.40.22222 > 82.236.20.129.60620: Flags
[F.], seq 1, ack 1, win 1040, options [nop,nop,TS val 1100790581 ecr
14874946], length 0
08:31:32.183981 IP 80.247.233.40.22222 > 82.236.20.129.60620: Flags
[F.], seq 1, ack 1, win 1040, options [nop,nop,TS val 1100791067 ecr
14874946], length 0
08:31:32.923356 IP 80.247.233.40.22222 > 82.236.20.129.60620: Flags
[F.], seq 1, ack 1, win 1040, options [nop,nop,TS val 1100791806 ecr
14874946], length 0
08:31:34.158367 IP 80.247.233.40.22222 > 82.236.20.129.60620: Flags
[F.], seq 1, ack 1, win 1040, options [nop,nop,TS val 1100793041 ecr
14874946], length 0
08:31:36.431438 IP 80.247.233.40.22222 > 82.236.20.129.60620: Flags
[F.], seq 1, ack 1, win 1040, options [nop,nop,TS val 1100795314 ecr
14874946], length 0
08:31:39.704358 IP 80.247.233.40.22222 > 82.236.20.129.60620: Flags
[F.], seq 1, ack 1, win 1040, options [nop,nop,TS val 1100798587 ecr
14874946], length 0
08:31:46.057606 IP 80.247.233.40.22222 > 82.236.20.129.60620: Flags
[F.], seq 1, ack 1, win 1040, options [nop,nop,TS val 1100804941 ecr
14874946], length 0
08:31:58.567355 IP 80.247.233.40.22222 > 82.236.20.129.60620: Flags
[F.], seq 1, ack 1, win 1040, options [nop,nop,TS val 1100817450 ecr
14874946], length 0
08:32:22.886834 IP 82.236.20.129.60620 > 80.247.233.40.22222: Flags
[P.], seq 1:7, ack 1, win 229, options [nop,nop,TS val 14887826 ecr
1100790208], length 6
08:32:22.886850 IP 80.247.233.40.22222 > 82.236.20.129.60620: Flags
[R], seq 510555621, win 0, length 0
Joris
>
> - As discussed today, tune.maxrewrite now defaults to 1024 with an upper
> bound set to tune.bufsize/2. This remains compatible with existing configs
> and wastes less space by default, allowing larger requests or responses to
> be processed by default without using more resources.
>
> - log: support for RFC5424 header format and structured data. The principle
> is that each log server can be individually set to use RFC3164 (the common
> one) or RFC5424 header format (the new one). When using this new format,
> it is possible to pass some key-value pairs in a structed data block,
> which is currently built using a new directive "log-format-sd". That's
> important for people who capture a lot of fields and update them often.
>
> Regarding pending things for the release (but non-critical so they may slip
> a little bit), I've noted :
> - doc updates ; [ Cyril I've just noticed your patch after this release ]
>
> - removal of obsolete examples, write new simpler, clearer ones ;
>
> - possibly minor code cleanups / files renaming to get rid of some
> confusion now that we're not supposed to move large code blocks
> anymore ;
>
> - improvements in the processing of the Lua timeout which strikes after
> 4 seconds of existence instead of 4s of activity (initially these were
> the same but with co-sockets it starts to make a difference).
>
> I'd have loved to issue -final next monday but with Kernel Recipes this
> week I won't have time to spend on the doc. Thus I'd like people to test
> and report bugs if they still find any. If we fix significant bugs this
> week, we issue dev7 early next week with -final the weak after once the
> doc is finished. If there's no need for -dev7, we'll skip it. Conversely,
> if people would like more time to test things or adjust certain parts
> before the release, it's not too late to ask. We don't have a strict
> schedule, it's just that there's no point delaying continuously, so we
> can slip a little bit more if it ends up with greater quality.
>
> Usual URLs below :
> Site index : http://www.haproxy.org/
> Sources : http://www.haproxy.org/download/1.6/src/devel/
> Git repository : http://git.haproxy.org/git/haproxy.git/
> Git Web browsing : http://git.haproxy.org/?p=haproxy.git
> Changelog : http://www.haproxy.org/download/1.6/src/CHANGELOG
> Cyril's HTML doc : http://cbonte.github.com/haproxy-dconv/intro-1.6.html
> Cyril's HTML doc :
> http://cbonte.github.com/haproxy-dconv/configuration-1.6.html
>
> Cheers,
> Willy
>
>
