Hi,
HAProxy 2.4-dev5 was released on 2021/01/06. It added 91 new commits
after version 2.4-dev4.
This version was mostly focused on new features, but a few bugs were
also addressed:
- Fred's experimental QUIC code made its entrance! OK OK OK please calm
down, it's just a part of the code that's needed to get merged to
continue the required infrastructure changes and there is absolutely
nothing functional at this step. I think at best it will handle a
handshake. But these elements are terribly important to continue the
parallel work on connections and muxes so they're better here than
out-of-tree.
- Rémi fixed the early issues reported by Tim on the handling of
accept-encoding and Vary and improved the performance of the header
processing. In addition, the header normalization should mechanically
result in an increased cache hit ratio for those for whom this is an
important factor. Finally responses using unknown encodings are not
cached anymore (the list of supported ones is already wide and easy
to extend).
- Thayne McCombs implemented the ability to configure stickiness on the
servers' addresses instead of just their ID or name, which will allow
to persist connections over clusters even when DNS is involved and
dynamic cookies are not usable for whatever reason.
- Christopher finally found the cause of the corrupted stats output that
a few already noticed and reported (there was a non-thread-safe variable
in use in the middle of the chain, which indicates that those suffering
from this issue are dumping stats from multiple points at the same time,
possibly from various bots).
- a build error triggered by gcc 11 was worked around by slightly changing
the code (this way there's no pressure and the issue can be discussed
calmly with the gcc team)
- a significant amount of tree-wide code and doc cleanups was contributed
by Tim and Ilya
- Dragan upgraded XXHash to v0.8.0 to use the faster and even better XXH3.
All exposed occurrences continue to use XXH2 however (e.g. converters,
dynamic cookies etc).
- Tim improved the makefile's help message to try to give more hints to
the user about suggested build options. We've indeed seen a few times
some users forgetting to enable SSL and admittedly it's not trivial to
guess when you don't know where to start from.
- Olivier fixed an interesting issue on the MacOS assembler which uses
the semi-colon as a comment starter (like the old DOS-based assemblers)
while other forms tend to use it as an instruction delimiter (which I
used to ignore). This caused some recent issues on the new Macs with
the M1 CPU where the double-word CAS was causing an endless loop.
- Amaury allowed http-checks to set the Connection header so that it
becomes possible to send WebSocket health checks now, and fixed two
recently issues (crash with pool-max-conn 0 and disabled backends).
- Another small change for those often debugging using strace, a very
very long time ago, before the dinosaurs' fate, we used to force the
poller to wake up every second to check the proxies state. This is
long gone but the wake up every second remained. When running haproxy
under "strace -f" with 20 threads, it was quite annoying to see plenty
of lines scroll all over the screen. And probably that in some VMs it
would cause a small but measurable CPU usage for a totally idle
system. This could have been completely removed but this frequent
wakeup is also used to better detect and correct time drift in VMs.
So the maximum sleep delay was increased to 60 seconds. This will
still allow to correct serious time drifts and drastically reduce the
unneeded wakeups on idle systems.
- and a long tail of janitor stuff
It's fun to see that during this end-of-year period, while the usual
suspects were almost absent from the changelog, the usually more discrete
ones were very active, with Fred being far ahead with 36 patches! My
obvious conclusion is that we should take vacation more often :-)
Jokes aside, a few of us are currently busy eliminating recently reported
problems and backporting the missing fixes to issue a new set of stable
releases. I got a private report of at least one isolated issue still
affecting 2.2 which doesn't look like a recently fixed one but overall
it's rather clean.
As soon as I find enough time I'll do another set of 1.7 and 1.6 versions
with pending important fixes and close 1.6 as planned since 2020-Q4 is
behind us (and is encouraged to stay far away). I've heard plenty of times
from various people that 1.6 used to be "the best one". Let's allow it to
end its life in peace with all the fixes it deserves. As usual I don't
count on any of the rare users to upgrade that late, but sometimes it can
help a few to smoothen an upgrade.
Ah, last minute report, Christopher noticed that some of the recent changes
in mux-h1 that went into 2.4-dev3 broke setups in which a TCP frontend
connects to an HTTP backend. Thus if you're before 2.4-dev3 with such an
unusual setup, better wait a bit before upgrading.
Now I'm going to deploy on haproxy.org and see if this version works as
well as the previous one (it should).
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Wiki : https://github.com/haproxy/wiki/wiki
Sources : http://www.haproxy.org/download/2.4/src/
Git repository : http://git.haproxy.org/git/haproxy.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy.git
Changelog : http://www.haproxy.org/download/2.4/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Amaury Denoyelle (4):
MINOR: check: do not ignore a connection header for http-check send
REGTESTS: complete http-check test
BUG/MINOR: srv: do not init address if backend is disabled
BUG/MINOR: srv: do not cleanup idle conns if pool max is null
Christian Ruppert (1):
BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h
Christopher Faulet (2):
BUG/MINOR: tcpcheck: Report a L7OK if the last evaluated rule is a send
rule
BUG/MINOR: stats: Make stat_l variable used to dump a stat line thread
local
Dragan Dosen (6):
IMPORT: xxhash: update to v0.8.0 that introduces stable XXH3 variant
MEDIUM: xxhash: use the XXH3 functions to generate 64-bit hashes
MEDIUM: xxhash: use the XXH_INLINE_ALL macro to inline all functions
CLEANUP: xxhash: remove the unused src/xxhash.c
MINOR: sample: add the xxh3 converter
REGTESTS: add tests for the xxh3 converter
Frédéric Lécaille (36):
MINOR: protocol: Create proto_quic QUIC protocol layer.
MINOR: connection: Attach a "quic_conn" struct to "connection" struct.
MINOR: quic: Redefine control layer callbacks which are QUIC specific.
MINOR: ssl_sock: Initialize BIO and SSL objects outside of ssl_sock_init()
MINOR: connection: Add a new xprt to connection.
MINOR: ssl: Export definitions required by QUIC.
MINOR: cfgparse: Do not modify the QUIC xprt when parsing "ssl".
MINOR: tools: Add support for QUIC addresses parsing.
MINOR: quic: Add definitions for QUIC protocol.
MINOR: quic: Import C source code files for QUIC protocol.
MINOR: listener: Add QUIC info to listeners and receivers.
MINOR: server: Add QUIC definitions to servers.
MINOR: ssl: SSL CTX initialization modifications for QUIC.
MINOR: ssl: QUIC transport parameters parsing.
MINOR: quic: QUIC socket management finalization.
MINOR: cfgparse: QUIC default server transport parameters init.
MINOR: quic: Enable the compilation of QUIC modules.
MAJOR: quic: Make usage of ebtrees to store QUIC ACK ranges.
MINOR: quic: Attempt to make trace more readable
MINOR: quic: Make usage of the congestion control window.
MINOR: quic: Flag RX packet as ack-eliciting from the generic parser.
MINOR: quic: Code reordering to help in reviewing/modifying.
MINOR: quic: Add traces to congestion avoidance NewReno callback.
MINOR: quic: Display the SSL alert in ->ssl_send_alert() callback.
MINOR: quic: Update the initial salt to that of draft-29.
MINOR: quic: Add traces for in flght ack-eliciting packet counter.
MINOR: quic: make a packet build fails when qc_build_frm() fails.
MINOR: quic: Add traces for quic_packet_encrypt().
MINOR: qpack: Add static header table definitions for QPACK.
CLEANUP: qpack: Wrong comment about the draft for QPACK static header
table.
CLEANUP: quic: Remove useless QUIC event trace definitions.
BUG/MINOR: quic: Possible CRYPTO frame building errors.
MINOR: quic: Pass quic_conn struct to frame parsers.
BUG/MINOR: quic: Wrong STREAM frames parsing.
MINOR: quic: Drop packets with STREAM frames with wrong direction.
BUG/MINOR: quic: NULL pointer dereferences when building post handshake
frames.
Ilya Shipitsin (4):
CI: travis-ci: drop coverity scan builds
CI: GitHub Actions: enable daily Coverity scan
CI: github actions: build several popular "contrib" tools
CLEANUP: assorted typo fixes in the code and comments
Olivier Houchard (1):
MINOR: atomic: don't use ; to separate instruction on aarch64.
Remi Tricot-Le Breton (10):
MINOR: cache: Refactoring of secondary_key building functions
MINOR: cache: Avoid storing responses whose secondary key was not
correctly calculated
BUG/MINOR: cache: Manage multiple headers in accept-encoding normalization
MINOR: cache: Add specific secondary key comparison mechanism
MINOR: http: Add helper functions to trim spaces and tabs
MEDIUM: cache: Manage a subset of encodings in accept-encoding normalizer
REGTESTS: cache: Simplify vary.vtc file
REGTESTS: cache: Add a specific test for the accept-encoding normalizer
MINOR: cache: Remove redundant test in http_action_req_cache_use
MINOR: cache: Replace the "process-vary" option's expected values
Thayne McCombs (3):
MEDIUM: stick-tables: Add srvkey option to stick-table
REGTESTS: add test for stickiness using "srvkey addr"
BUG/MEDIUM: server: srv_set_addr_desc() crashes when a server has no
address
Tim Duesterhus (14):
BUG/MEDIUM: mux_h2: Add missing braces in h2_snd_buf()around trace+wakeup
BUG/MEDIUM: cache: Fix hash collision in `accept-encoding` handling for
`Vary`
BUG/MINOR: sink: Return an allocation failure in __sink_new if strdup()
fails
BUG/MINOR: lua: Fix memory leak error cases in hlua_config_prepend_path
MINOR: lua: Use consistent error message 'memory allocation failed'
CLEANUP: Compare the return value of `XXXcmp()` functions with zero
CLEANUP: Apply the coccinelle patch for `XXXcmp()` on include/
CLEANUP: Apply the coccinelle patch for `XXXcmp()` on contrib/
CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next()
CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next()
BUG/MINOR: cfgparse: Fail if the strdup() for `rule->be.name` for
`use_backend` fails
CLEANUP: Reduce scope of `header_name` in http_action_store_cache()
CLEANUP: Reduce scope of `hdr_age` in http_action_store_cache()
DOC: Improve the message printed when running `make` w/o `TARGET`
William Dauchy (1):
CLEANUP: spoe: fix typo on `var_check_arg` comment
Willy Tarreau (8):
MINOR: time: increase the minimum wakeup interval to 60s
BUILD: Makefile: disable -Warray-bounds until it's fixed in gcc 11
MINOR: ssl: make tlskeys_list_get_next() take a list element
Revert "BUILD: Makefile: disable -Warray-bounds until it's fixed in gcc
11"
CLEANUP: mworker: remove duplicate pointer tests in cfg_parse_program()
REGTESTS: add unresolvable servers to srvkey-addr
SCRIPTS: improve announce-release to support different tag and versions
SCRIPTS: make announce release support preparing announces before tag
exists
---
