Hi,
HAProxy 2.0.7 was released on 2019/09/27. It added 20 new commits
after version 2.0.6.
This release fixes several issues in the H2 multiplexer, among which 2 major
bugs about the way received frames are handled on the error path. The first one
comes from the first age of the H2 multiplexer. During frames demultiplexing,
when an error is reported on a stream, payload of the current frame must be
drained to allow parsing of the following frames. This part was buggy. All the
announced frame length was systematically drained and not only the available
part of it. For frames partially received, too many data were drained from the
demux buffer, leaving it in a buggy state and thus corrupting the memory on the
next receives. This old bug is certainly responsible of many hardly
reproducible and unresolved issues and also crashes. The second major bug is
about a desync of the HPACK decoder. HEADERS frames received for an unknown or
already closed stream were simply ignored. As stated in RFC7540#5.1, those
frames must be skipped. But because they carry a compression state they must
still be processed before being dropped to keep the HPACK decoder synchronized.
Because those HEADERS frame were not decoded, the HPACK decoder was able to be
out of sync. It is a major bug because it led to a mix-up of headers for the
following streams.
A regression on the checks was fixed. In the 2.0.6, when default checks was
enabled (not "option *-check"), some failures on connect were erroneously
reported, making checks failed. What was valid for the 2.1 proved wrong for the
2.0 because of the FD cache, still here in 2.0 and earlier. Other checks are not
concerned. And an issue about the thread-safety of external checks was also
fixed.
A bug in the SPOE was fixed by Kevin Zhu. The same engine-id was used when
nbproc was more than 1. So, in async mode, an agent receiving a NOTIFY frame
from a process was able to send the ACK to another process. So thanks to Kevin,
now a different engine-id is generated for each process. In addition, a similar
change was made when several threads are started, making the SPOE async mode
compatible with multithreaded configuration.
Krisztián Kovács fixed 2 issues about the namespaces. First, he fixed a FD leak
in master-worker mode. The FDs opened during namespaces configuration parsing
were not closed when the master process was re-executing itself, effectively
leaking the fds and preventing destruction of namespaces no longer present in
the configuration. Then, he fixed a bug during the soft shutdown, introducing a
cleanup function that closes all namespace file descriptors by iterating over
the namespace ebtree.
Finally, the usual bunch of bug fixes here and there. The CLI command "show
table" was fixed to properly handle the data type argument. The implicit h2
upgrade from an h1 connection is now really performed on the first request
only. The H2 multiplexer was slightly improved, avoiding the wake up of streams
before the mux is ready. In the Prometheus exporter, average times (QTIME,
CTIME, RTIME and TTIME) are now returned in seconds using a float representation
instead of in milliseconds, making those metrics consistent with their announced
type.
As usual, all users of the 2.0 are encouraged to upgrade. But if you are using
HTTP/2, you must upgrade as soon as possible.
---
Complete changelog :
Christopher Faulet (13):
BUG/MEDIUM: stick-table: Properly handle "show table" with a data type
argument
BUG/MINOR: mux-h2: Be sure to have a connection to unsubcribe
BUG/MAJOR: mux-h2: Handle HEADERS frames received after a RST_STREAM frame
BUG/MINOR: stream-int: Process connection/CS errors first in si_cs_send()
BUG/MEDIUM: stream-int: Process connection/CS errors during synchronous
sends
BUG/MINOR: mux-h2: Use the dummy error when decoding headers for a closed
stream
BUG/MAJOR: mux_h2: Don't consume more payload than received for skipped
frames
BUG/MINOR: mux-h1: Do h2 upgrade only on the first request
MINOR: spoe: Improve generation of the engine-id
MINOR: spoe: Support the async mode with several threads
MINOR: stats: Add the support of float fields in stats
BUG/MINOR: contrib/prometheus-exporter: Return the time averages in
seconds
DOC: Fix documentation about the cli command to get resolver stats
Kevin Zhu (1):
BUG/MEDIUM: spoe: Use a different engine-id per process
Krisztian Kovacs (1):
BUG/MEDIUM: namespace: close open namespaces during soft shutdown
Krisztián Kovács (kkovacs) (1):
BUG/MEDIUM: namespace: fix fd leak in master-worker mode
Willy Tarreau (4):
BUG/MEDIUM: check/threads: make external checks run exclusively on thread
1
BUG/MEDIUM: checks: make sure the connection is ready before trying to
recv
BUG/MINOR: mux-h2: do not wake up blocked streams before the mux is ready
BUG/MEDIUM: mux-h2: don't reject valid frames on closed streams
--
Christopher Faulet
