Hi, HAProxy 2.4-dev5 was released on 2021/01/06. It added 91 new commits after version 2.4-dev4.
This version was mostly focused on new features, but a few bugs were also addressed: - Fred's experimental QUIC code made its entrance! OK OK OK please calm down, it's just a part of the code that's needed to get merged to continue the required infrastructure changes and there is absolutely nothing functional at this step. I think at best it will handle a handshake. But these elements are terribly important to continue the parallel work on connections and muxes so they're better here than out-of-tree. - Rémi fixed the early issues reported by Tim on the handling of accept-encoding and Vary and improved the performance of the header processing. In addition, the header normalization should mechanically result in an increased cache hit ratio for those for whom this is an important factor. Finally responses using unknown encodings are not cached anymore (the list of supported ones is already wide and easy to extend). - Thayne McCombs implemented the ability to configure stickiness on the servers' addresses instead of just their ID or name, which will allow to persist connections over clusters even when DNS is involved and dynamic cookies are not usable for whatever reason. - Christopher finally found the cause of the corrupted stats output that a few already noticed and reported (there was a non-thread-safe variable in use in the middle of the chain, which indicates that those suffering from this issue are dumping stats from multiple points at the same time, possibly from various bots). - a build error triggered by gcc 11 was worked around by slightly changing the code (this way there's no pressure and the issue can be discussed calmly with the gcc team) - a significant amount of tree-wide code and doc cleanups was contributed by Tim and Ilya - Dragan upgraded XXHash to v0.8.0 to use the faster and even better XXH3. All exposed occurrences continue to use XXH2 however (e.g. converters, dynamic cookies etc). - Tim improved the makefile's help message to try to give more hints to the user about suggested build options. We've indeed seen a few times some users forgetting to enable SSL and admittedly it's not trivial to guess when you don't know where to start from. - Olivier fixed an interesting issue on the MacOS assembler which uses the semi-colon as a comment starter (like the old DOS-based assemblers) while other forms tend to use it as an instruction delimiter (which I used to ignore). This caused some recent issues on the new Macs with the M1 CPU where the double-word CAS was causing an endless loop. - Amaury allowed http-checks to set the Connection header so that it becomes possible to send WebSocket health checks now, and fixed two recently issues (crash with pool-max-conn 0 and disabled backends). - Another small change for those often debugging using strace, a very very long time ago, before the dinosaurs' fate, we used to force the poller to wake up every second to check the proxies state. This is long gone but the wake up every second remained. When running haproxy under "strace -f" with 20 threads, it was quite annoying to see plenty of lines scroll all over the screen. And probably that in some VMs it would cause a small but measurable CPU usage for a totally idle system. This could have been completely removed but this frequent wakeup is also used to better detect and correct time drift in VMs. So the maximum sleep delay was increased to 60 seconds. This will still allow to correct serious time drifts and drastically reduce the unneeded wakeups on idle systems. - and a long tail of janitor stuff It's fun to see that during this end-of-year period, while the usual suspects were almost absent from the changelog, the usually more discrete ones were very active, with Fred being far ahead with 36 patches! My obvious conclusion is that we should take vacation more often :-) Jokes aside, a few of us are currently busy eliminating recently reported problems and backporting the missing fixes to issue a new set of stable releases. I got a private report of at least one isolated issue still affecting 2.2 which doesn't look like a recently fixed one but overall it's rather clean. As soon as I find enough time I'll do another set of 1.7 and 1.6 versions with pending important fixes and close 1.6 as planned since 2020-Q4 is behind us (and is encouraged to stay far away). I've heard plenty of times from various people that 1.6 used to be "the best one". Let's allow it to end its life in peace with all the fixes it deserves. As usual I don't count on any of the rare users to upgrade that late, but sometimes it can help a few to smoothen an upgrade. Ah, last minute report, Christopher noticed that some of the recent changes in mux-h1 that went into 2.4-dev3 broke setups in which a TCP frontend connects to an HTTP backend. Thus if you're before 2.4-dev3 with such an unusual setup, better wait a bit before upgrading. Now I'm going to deploy on haproxy.org and see if this version works as well as the previous one (it should). Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.4/src/ Git repository : http://git.haproxy.org/git/haproxy.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy.git Changelog : http://www.haproxy.org/download/2.4/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Amaury Denoyelle (4): MINOR: check: do not ignore a connection header for http-check send REGTESTS: complete http-check test BUG/MINOR: srv: do not init address if backend is disabled BUG/MINOR: srv: do not cleanup idle conns if pool max is null Christian Ruppert (1): BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h Christopher Faulet (2): BUG/MINOR: tcpcheck: Report a L7OK if the last evaluated rule is a send rule BUG/MINOR: stats: Make stat_l variable used to dump a stat line thread local Dragan Dosen (6): IMPORT: xxhash: update to v0.8.0 that introduces stable XXH3 variant MEDIUM: xxhash: use the XXH3 functions to generate 64-bit hashes MEDIUM: xxhash: use the XXH_INLINE_ALL macro to inline all functions CLEANUP: xxhash: remove the unused src/xxhash.c MINOR: sample: add the xxh3 converter REGTESTS: add tests for the xxh3 converter Frédéric Lécaille (36): MINOR: protocol: Create proto_quic QUIC protocol layer. MINOR: connection: Attach a "quic_conn" struct to "connection" struct. MINOR: quic: Redefine control layer callbacks which are QUIC specific. MINOR: ssl_sock: Initialize BIO and SSL objects outside of ssl_sock_init() MINOR: connection: Add a new xprt to connection. MINOR: ssl: Export definitions required by QUIC. MINOR: cfgparse: Do not modify the QUIC xprt when parsing "ssl". MINOR: tools: Add support for QUIC addresses parsing. MINOR: quic: Add definitions for QUIC protocol. MINOR: quic: Import C source code files for QUIC protocol. MINOR: listener: Add QUIC info to listeners and receivers. MINOR: server: Add QUIC definitions to servers. MINOR: ssl: SSL CTX initialization modifications for QUIC. MINOR: ssl: QUIC transport parameters parsing. MINOR: quic: QUIC socket management finalization. MINOR: cfgparse: QUIC default server transport parameters init. MINOR: quic: Enable the compilation of QUIC modules. MAJOR: quic: Make usage of ebtrees to store QUIC ACK ranges. MINOR: quic: Attempt to make trace more readable MINOR: quic: Make usage of the congestion control window. MINOR: quic: Flag RX packet as ack-eliciting from the generic parser. MINOR: quic: Code reordering to help in reviewing/modifying. MINOR: quic: Add traces to congestion avoidance NewReno callback. MINOR: quic: Display the SSL alert in ->ssl_send_alert() callback. MINOR: quic: Update the initial salt to that of draft-29. MINOR: quic: Add traces for in flght ack-eliciting packet counter. MINOR: quic: make a packet build fails when qc_build_frm() fails. MINOR: quic: Add traces for quic_packet_encrypt(). MINOR: qpack: Add static header table definitions for QPACK. CLEANUP: qpack: Wrong comment about the draft for QPACK static header table. CLEANUP: quic: Remove useless QUIC event trace definitions. BUG/MINOR: quic: Possible CRYPTO frame building errors. MINOR: quic: Pass quic_conn struct to frame parsers. BUG/MINOR: quic: Wrong STREAM frames parsing. MINOR: quic: Drop packets with STREAM frames with wrong direction. BUG/MINOR: quic: NULL pointer dereferences when building post handshake frames. Ilya Shipitsin (4): CI: travis-ci: drop coverity scan builds CI: GitHub Actions: enable daily Coverity scan CI: github actions: build several popular "contrib" tools CLEANUP: assorted typo fixes in the code and comments Olivier Houchard (1): MINOR: atomic: don't use ; to separate instruction on aarch64. Remi Tricot-Le Breton (10): MINOR: cache: Refactoring of secondary_key building functions MINOR: cache: Avoid storing responses whose secondary key was not correctly calculated BUG/MINOR: cache: Manage multiple headers in accept-encoding normalization MINOR: cache: Add specific secondary key comparison mechanism MINOR: http: Add helper functions to trim spaces and tabs MEDIUM: cache: Manage a subset of encodings in accept-encoding normalizer REGTESTS: cache: Simplify vary.vtc file REGTESTS: cache: Add a specific test for the accept-encoding normalizer MINOR: cache: Remove redundant test in http_action_req_cache_use MINOR: cache: Replace the "process-vary" option's expected values Thayne McCombs (3): MEDIUM: stick-tables: Add srvkey option to stick-table REGTESTS: add test for stickiness using "srvkey addr" BUG/MEDIUM: server: srv_set_addr_desc() crashes when a server has no address Tim Duesterhus (14): BUG/MEDIUM: mux_h2: Add missing braces in h2_snd_buf()around trace+wakeup BUG/MEDIUM: cache: Fix hash collision in `accept-encoding` handling for `Vary` BUG/MINOR: sink: Return an allocation failure in __sink_new if strdup() fails BUG/MINOR: lua: Fix memory leak error cases in hlua_config_prepend_path MINOR: lua: Use consistent error message 'memory allocation failed' CLEANUP: Compare the return value of `XXXcmp()` functions with zero CLEANUP: Apply the coccinelle patch for `XXXcmp()` on include/ CLEANUP: Apply the coccinelle patch for `XXXcmp()` on contrib/ CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next() CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next() BUG/MINOR: cfgparse: Fail if the strdup() for `rule->be.name` for `use_backend` fails CLEANUP: Reduce scope of `header_name` in http_action_store_cache() CLEANUP: Reduce scope of `hdr_age` in http_action_store_cache() DOC: Improve the message printed when running `make` w/o `TARGET` William Dauchy (1): CLEANUP: spoe: fix typo on `var_check_arg` comment Willy Tarreau (8): MINOR: time: increase the minimum wakeup interval to 60s BUILD: Makefile: disable -Warray-bounds until it's fixed in gcc 11 MINOR: ssl: make tlskeys_list_get_next() take a list element Revert "BUILD: Makefile: disable -Warray-bounds until it's fixed in gcc 11" CLEANUP: mworker: remove duplicate pointer tests in cfg_parse_program() REGTESTS: add unresolvable servers to srvkey-addr SCRIPTS: improve announce-release to support different tag and versions SCRIPTS: make announce release support preparing announces before tag exists ---