HAProxy 1.9-dev4 was released on 2018/10/21. It added 97 new commits
after version 1.9-dev3.

There's not much user-visible here, it's mostly another merge of some
pending infrastructure changes. The most sensitive changes consist in
the finalization of the connection reorientation from top to bottom,
so that we don't need the conn_want_* tricks from the upper layers nor
the update_poll() calls anymore. Everything is attempted directly and
a subscription to the lower layer is made in case of failure. The perf
is slightly better than with dev3, but more importantly the code becomes
much cleaner and straightforward. An optimization was made in the
scheduler regarding the wait queues, most of which are lockfree now.
Another one concerns the FD lock which is taken less often as well.
All in all the overall multi-thread performance has increased quite
a bit. I measured a gain of 60% over 1.8 using only H2 on 4 threads.

A number of bugs in various areas were addressed (master-worker, rdv
point, h2, streams).

Some preliminary changes to the HTTP/1 engine were made. One of them
concerns the connection header processing which revealed that some
absurd cases were supported in the configuration, and were possibly
working as expected for some users... depending on what they were
expecting. These ones involved "option http-pretend-keepalive" in
frontends and "option http-tunnel" in backends, both of which make
no sense. These ones will now be ignored and will emit a warning if

The support for TLS 1.3 ciphersuites was merged. If you play with it,
please report successes or failures, as this was backported to 1.8.
Regarding TLS, certificates can now be generated on the fly on
BoringSSL as well.

Build reports about warnings were all handled, and we tried to address
all of them on gcc 3.4, 4.4, 4.7, 5.3, 6.4, 7.2, 8.1, as well as Clang
3.4, 3.8 and a very recent one that I forgot. The build now looks OK
both on Linux and FreeBSD so that it's possible to add -Werror. By the
way I wanted to add a Makefile option to enable -Werror easily and I
forgot, it will be for later. Again, if you get some warnings, feel
free to pass them on.

Ah, I almost forgot, on systems featuring clock_gettime() with both
maybe other OSes), "show activity" will indicate the number of
milliseconds of CPU that were stolen to each thread by other processes
or threads running on the machine. Normally this indicates improperly
bound threads being parasited by something else. This is expected to
help when some users observe very abnormal performance patterns when
using threads.

Regarding the next steps, we're not that bad in the end, thanks to
the efforts of all participants. From what I've seen hopefully that
next week we'll be able to take a first round of the new native HTTP
representation in experimental state with some limitations. We should
probably have a nice update on the master-worker model, and some
updates on the cache. If we manage to get all this in good shape and
merged soon, I'm willing to push the release date a bit further and
have a longer stabilization phase so that we release 1.9 in better
shape than 1.8, hoping that post-release bugs will have less impact
and will not require as much energy to address.

As usual, this development version is mostly aimed at developers, but
I'm starting to be tempted to deploy it just to test it further, though
I'll possibly do it with dev5 next week. Please don't put it on sensitive
production yet if you want to play with it, as the finalization of the
connection changes have already uncovered some old nasty corner cases,
it could likely trigger a few other ones.

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Sources          : http://www.haproxy.org/download/1.9/src/
   Git repository   : http://git.haproxy.org/git/haproxy.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy.git
   Changelog        : http://www.haproxy.org/download/1.9/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Have fun,
Complete changelog :
Bertrand Jacquin (1):
      DOC: Fix a few typos

Christopher Faulet (10):
      MINOR: http: Move comment about some HTTP macros in the right header file
      MINOR: stats: Add missing include
      MINOR: http: Export some functions and do cleanup to prepare HTTP 
      MEDIUM: http: Ignore http-pretend-keepalive option on frontend
      MEDIUM: http: Ignore http-tunnel option on backend
      MINOR: http: Use same flag for httpclose and forceclose options
      MINOR: h1: Add EOH marker during headers parsing
      MINOR: conn-stream: Add CL_FL_NOT_FIRST flag
      MINOR: h1: Change the union h1_sl to use indirect strings to store infos
      MINOR: h1: Add the flag H1_MF_NO_PHDR to not add pseudo-headers during 

Dirkjan Bussink (4):
      MEDIUM: ssl: add support for ciphersuites option for TLSv1.3
      CLEANUP: haproxy: Remove unused variable
      CLEANUP: h1: Fix debug warnings for h1 headers
      CLEANUP: stick-tables: Remove unneeded double (()) around conditional 

Emeric Brun (2):
      BUG/MEDIUM: Cur/CumSslConns counters not threadsafe.
      BUG/MEDIUM: mworker: segfault receiving SIGUSR1 followed by SIGTERM.

Emmanuel Hocdet (2):
      MINOR: ssl: cleanup old openssl API call
      MINOR: ssl: generate-certificates for BoringSSL

Fabrice Fontaine (1):
      BUILD: Allow configuration of pcre-config path

Ilya Shipitsin (1):
      BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2

Lukas Tribus (2):
      DOC: clarify force-private-cache is an option
      DOC: fix reference to map files in MAINTAINERS

Olivier Houchard (19):
      BUG/MEDIUM: buffers: Make sure we don't wrap in ci_insert_line2/b_rep_blk.
      MINOR: connections: Introduce an unsubscribe method.
      MEDIUM: connections: Change struct wait_list to wait_event.
      BUG/MEDIUM: h2: Make sure we're not in the send list on flow control.
      BUG/MEDIUM: stream: Make sure to unsubscribe before si_release_endpoint.
      MINOR: server: Use memcpy() instead of strncpy().
      MINOR: build: Disable -Wstringop-overflow.
      MINOR: cfgparse: Write 130 as 128 as 0x82 and 0x80.
      MINOR: peers: use defines instead of enums to appease clang.
      BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF.
      BUILD: memory: fix free_list pointer declaration again for atomic CAS
      BUG/MEDIUM: h2: Close connection if no stream is left an GOAWAY was sent.
      BUG/MEDIUM: connections: Remove subscription if going in idle mode.
      BUG/MEDIUM: stream: Make sure polling is right on retry.
      MINOR: h2: Make sure to return 1 in h2_recv() when needed.
      MEDIUM: connections: Don't directly mess with the polling from the upper 
      MINOR: streams: Call tasklet_free() after si_release_endpoint().
      MINOR: connection: Add a SUB_CALL_UNSUBSCRIBE event.
      MINOR: h2: Don't run tasks that are waiting to send if mux in full.

PiBa-NL (1):
      REGTEST/MINOR: compatibility: use unix@ instead of abns@ sockets

William Lallemand (1):
      BUG/MEDIUM: mworker: don't poll on LI_O_INHERITED listeners

Willy Tarreau (51):
      REORG: http: move the code to different files
      REORG: http: move HTTP rules parsing to http_rules.c
      CLEANUP: http: remove some leftovers from recent cleanups
      BUILD: Makefile: add a "make opts" target to simply show the build options
      BUILD: Makefile: speed up compiler options detection
      BUG/MINOR: backend: check that the mux installed properly
      BUG/MEDIUM: h2: check that the connection is still valid at the end of 
      BUG/MEDIUM: h2: make h2_stream_new() return an error on memory allocation 
      MEDIUM: task: perform a single tree lookup per run queue batch
      BUG/MINOR: threads: move declaration of capabilities to config.h
      OPTIM: tools: optimize my_ffsl() for x86_64
      MINOR: log: make sess_log() support sess=NULL
      MINOR: chunk: add chunk_cpy() and chunk_cat()
      MEDIUM: h2: stop relying on H2_SS_IDLE / H2_SS_CLOSED
      CLEANUP: h2: rename h2c_snd_settings() to h2c_send_settings()
      MINOR: h2: don't try to send data before preface
      MINOR: h2: unify the mux init function
      MINOR: h2: retrieve the front proxy from the caller instead of the session
      MINOR: h2: split h2c_stream_new() into h2s_new() + h2c_frt_stream_new()
      MINOR: h2: add a new flag to quickly distinguish front vs back connection
      BUG/MEDIUM: stream: don't crash on out-of-memory
      BUILD: compiler: add a new statement "__unreachable()"
      BUILD: lua: silence some compiler warnings about potential null derefs
      BUILD: ssl: fix null-deref warning in ssl_fc_cipherlist_str sample fetch
      BUILD: ssl: fix another null-deref warning in ssl_sock_switchctx_cbk()
      BUILD: stick-table: make sure not to fail on task_new() during 
      BUILD: peers: check allocation error during peers_init_sync()
      MINOR: tools: add a new function atleast2() to test masks for more than 1 
      MINOR: config: use atleast2() instead of my_popcountl() where relevant
      MEDIUM: fd/threads: only grab the fd's lock if the FD has more than one 
      MAJOR: tasks: create per-thread wait queues
      OPTIM: tasks: group all tree roots per cache line
      MINOR: pools: allocate most memory pools from an array
      MINOR: pools: split pool_free() in the lockfree variant
      MEDIUM: pools: implement a thread-local cache for pool entries
      BUG/MEDIUM: threads: fix thread_release() at the end of the rendez-vous 
      Revert "BUILD: lua: silence some compiler warnings about potential null 
      BUILD: lua: silence some compiler warnings about potential null derefs 
      MINOR: lua: all functions calling lua_yieldk() may return
      BUILD: lua: silence some compiler warnings after WILL_LJMP
      BUILD: Makefile: silence an option conflict warning with clang
      CLEANUP: state-file: make the path concatenation code a bit more 
      MINOR: fd: centralize poll timeout computation in compute_poll_timeout()
      MINOR: poller: move time and date computation out of the pollers
      BUILD: memory: fix pointer declaration for atomic CAS
      BUILD: Makefile: add USE_RT to pass -lrt for clock_gettime() and friends
      MINOR: time: add now_mono_time() and now_cpu_time()
      MEDIUM: time: measure the time stolen by other threads
      BUILD: memory: fix free_list pointer declaration again for atomic CAS
      BUILD: compiler: rename __unreachable() to my_unreachable()
      MINOR: ebtree: save 8 bytes in struct eb32sc_node

mildis (2):
      BUG/MINOR: h2: null-deref
      BUG/MINOR: checks: queues null-deref


Reply via email to