Hi,
HAProxy 2.6-dev3 was released on 2022/03/11. It added 119 new commits
after version 2.6-dev2.
A few issues (~25) were fixed at various places in the code. A few of
them will probably warrant new stable versions next week, we'll see; it
was found that there's a risk of connection leaks on TCP backends which
take time to connect if the client gives up before the end. This could
happen with a server whose network access is flaky for example.
- dynamic servers got a small change. The syntax was chosen very close to
the one from the config file but this raised some concerns about long-
term issues since some options are implicit (or work in combination),
and while that's inevitable in a two-decade human-readable file format,
it's not a good idea at all to maintain such problems with commands
that will mostly be set by programs. Typically, setting SSL used to
implicitly turn on SSL for health checks, and the "addr" and "port"
values would implicitly apply both to "check" and "agent". It will
be impossible for a program to try to replicate the internal logic
to adjust such settings, so we preferred to make all of them explicit
(essentially "ssl" vs "check" part above, as the rest was already
correct). The "experimental" status of the option was dropped and
the examples updated in the doc, as the mechanism should be stable
now.
- the HTTP client could loop forever in Lua when reusing an existing
client instance for a second POST request due to a transfer counter
that was not properly reset
- usual bunch of QUIC updates, this time mostly focusing on the outgoing
traffic and overall correctness of internal representation. I've been
pleased to see that the interop tests start to regularly report full-
green status with certain client implementations. It's a bit random due
to loss/corruption tests, and the fact that it's all green doesn't mean
it's prod-ready yet, but a good indication that things are progressing
at a pace that's encouraging for 2.6.
- a new global "no-memory-trimming" setting was added; we've seen a
report of a user running with tens of GB of RAM and for whom the call
to malloc_trim() on reload took so long that it managed to trigger
the watchdog. That was a good enough indication that malloc_trim()
may hurt more than it helps on certain setups, hence the new option
to turn it off.
- some debugging assertions were added at various places in the code
to try to catch certain classes of bugs more easily. Now the
DEBUG_STRICT macro supports a new value (2) to enable checks in the
hot path, which means that value 1 now only enables those which do
not have any measurable performance impact. As such it was turned on
by default, hoping to stop certain bugs earlier. The work of adding
more of these at sensitive places continues.
- a tiny UDP proxy dedicated to fault injection was added to help
testing QUIC. It could be reused for DNS and syslog. For now it
only reorders/loses/duplicates packets, which is sufficient for
datagram-oriented services. More options should be added (truncation
and bit flipping), and if some are interested in having fun playing
with that, they're welcome to have a look.
- some core cleanups that also aim at limiting the risk of introducing
new bugs (e.g. switch to struct ist for a number of config strings).
- a new pair of sample fetch functions "last_rule_file" and
"last_rule_line" which will locate in the config file which tcp/http
rule was the last one to give a final verdict (accept/deny/redirect
etc). They can be added to logs via log-format to help figure which
rule is causing a 403 for example. If there's interest for this, it
should be backportable to 2.5.
- the dark mode of the "socket" rows in the stats page was finally fixed!
- usual lot of build cleanups, CI and doc updates
In addition I'm planning on performing a small change soon in the way
the timeouts are handled in H2, and depending on the difficulty, it may
or may not be backported: Christian described me a situation where an
H2 connection that only gets control traffic will not timeout (this may
be between applications using PING frames for a heartbeat for example).
In this case when there's no stream, only "show fd" will show what is
happening but the timeouts cannot be exploited to force such a connection
to be closed after some time as only client/server are used and there's
periodic traffic. After discussing with him and Christopher, I got
convinced that this is *exactly* the same as what we do in HTTP/1 using
"timeout http-request" and "timeout http-keep-alive". Indeed, the former
is used to indicate how long we'll wait for a full request on a new
connection, and how long we'll let a client send a full request once
a new one is started. The later indicates how long we keep the connection
open after a response was sent, waiting for a new request.
And it totally makes sense to have these in H2. Indeed, some users might
want to close pre-connect early because that takes lots of resources, but
probably don't want to shrink the client timeout. Others might want to
allow a reasonable time for the first request but not after the first
response as they know that most connections perform only one request.
While requests in H2 are sent in parallel, the activity graph of a client
is exactly the same as with H1: periods of activity with 1 or more stream
(only one with H1) and idle periods during which the connection is not
interesting anymore for the client.
The doc from 1.8 states that the http-keep-alive timeout is not used in
H2, to allow users to keep a low keep-alive timeout in H1 and a long one
in H2. But after a second thought, this is absurd and mostly comes from
a technical limitation from 1.8 (and inexperience with H2 back then).
When you configure such a timeout it's in order to preserve precious
resources (connections, memory, file descriptors), and the protocol is
irrelevant here. The proof is that nowadays users do not really decide
what protocol they receive, and it would be nice that the behavior of
a given option is consistent between all protocols.
So unless anyone has extremely good insights about this or wants to
share some return of experience from the field about similar issues,
I'm going to work on this next week, trying to make this backportable
to 2.5 at least.
Another thing I want to do is that we share among the french dev team
a local list of future small items to work on that remained internal as
it's written in french with little description, but that I want to add
to the issue tracker as feature requests with a bit more description;
it's happened quite a few times already that someone asked for things
that I remembered discussing and that were instead in our internal todo
list. As this reached the point of extreme irritation to me, I'll work
on this painful task as time permits but with a high priority in order
to kill that distracting and partially duplicate list.
OK too long chatting already, usual links below, now you know the song,
have a nice week-end :-)
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Wiki : https://github.com/haproxy/wiki/wiki
Sources : http://www.haproxy.org/download/2.6/src/
Git repository : http://git.haproxy.org/git/haproxy.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy.git
Changelog : http://www.haproxy.org/download/2.6/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Amaury Denoyelle (22):
CLEANUP: adjust indentation in bidir STREAM handling function
MINOR: quic: simplify copy of STREAM frames to RX buffer
MINOR: quic: handle partially received buffered stream frame
MINOR: mux-quic: define flag for last received frame
BUG/MINOR: quic: support FIN on Rx-buffered STREAM frames
MEDIUM: quic: rearchitecture Rx path for bidirectional STREAM frames
BUG/MINOR: quic: fix segfault on CC if mux uninitialized
CLEANUP: quic: complete ABORT_NOW with a TODO comment
MINOR: mux-quic: refactor transport parameters init
MINOR: mux-quic: complete functions to detect stream type
MINOR: mux-quic: define new unions for flow-control fields
MEDIUM: mux-quic: use direct send transport API for STREAMs
MINOR: mux-quic: retry send opportunistically for remaining frames
MEDIUM: mux-quic: implement MAX_STREAMS emission for bidir streams
BUG/MEDIUM: quic: do not drop packet on duplicate stream/decoding error
MINOR: mux-quic: prevent push frame for unidir streams
MINOR: mux-quic: improve opportunistic retry sending for STREAM frames
MINOR: quic: implement sending confirmation
MEDIUM: mux-quic: improve bidir STREAM frames sending
MEDIUM: check: do not auto configure SSL/PROXY for dynamic servers
REGTESTS: server: test SSL/PROXY with checks for dynamic servers
MEDIUM: server: remove experimental-mode for dynamic servers
Christopher Faulet (21):
MINOR: conn-stream: Improve API to have safe/unsafe accessors
MEDIUM: tree-wide: Use unsafe conn-stream API when it is relevant
CLEANUP: stream-int: Make si_cs_send() function static
REORG: stream-int: Uninline si_sync_recv() and make si_cs_recv() private
BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI
health-checks
BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks()
REGTESTS: fix the race conditions in normalize_uri.vtc
DEBUG: stream-int: Fix BUG_ON used to test appctx in si_applet_ops
callbacks
REGTESTS: fix the race conditions in secure_memcmp.vtc
CLEANUP: stream: Remove useless tests on conn-stream in stream_dump()
BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of
request
BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request
BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request
BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request
BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request
BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams
DEBUG: cache: Update underlying buffer when loading HTX message in cache
applet
BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse
processing
DEBUG: stream: Add the missing descriptions for stream trace events
DEBUG: stream: Fix stream trace message to print response buffer state
BUG/MAJOR: mux-pt: Always destroy the backend connection on detach
David Carlier (2):
BUILD: fix kFreeBSD build.
BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix
Frédéric Lécaille (29):
MINOR: quic: Ensure PTO timer is not set in the past
MINOR: quic: Post handshake I/O callback switching
MINOR: quic: Drop the packets of discarded packet number spaces
CLEANUP: quic: Useless tests in qc_try_rm_hp()
CLEANUP: quic: Indentation fix in qc_prep_pkts()
MINOR: quic: Assemble QUIC TLS flags at the same level
MINOR: quic: qc_prep_app_pkts() implementation
MINOR: quic: Send short packet from a frame list
MINOR: quic: Make qc_build_frms() build ack-eliciting frames from a list
MINOR: quic: Export qc_send_app_pkts()
MINOR: quic: Retry on qc_build_pkt() failures
BUG/MINOR: quic: Missing recovery start timer reset
CLEANUP: quic: Remove QUIC path manipulations out of the congestion
controller
MINOR: quic: Add a "slow start" callback to congestion controller
MINOR: quic: Persistent congestion detection outside of controllers
CLEANUP: quic: Remove useless definitions from quic_cc_event struct
BUG/MINOR: quic: Confusion betwen "in_flight" and "prep_in_flight" in
quic_path_prep_data()
MINOR: quic: More precise window update calculation
CLEANUP: quic: Remove window redundant variable from NewReno algorithm
state struct
MINOR: quic: Add quic_max_int_by_size() function
BUG/MAJOR: quic: Wrong quic_max_available_room() returned value
MINOR: quic: Add max_idle_timeout advertisement handling
MEDIUM: quic: Remove the QUIC connection reference counter
BUG/MINOR: quic: ACK_REQUIRED and ACK_RECEIVED flag collision
BUG/MINOR: quic: Missing check when setting the anti-amplification limit
as reached
MINOR: quic: Add a function to compute the current PTO
MEDIUM: quic: Implement the idle timeout feature
BUG/MEDIUM: quic: qc_prep_app_pkts() retries on qc_build_pkt() failures
CLEANUP: quic: Comments fix for qc_prep_(app)pkts() functions
Julien Thomas (1):
BUILD: ssl: another build warning on LIBRESSL_VERSION_NUMBER
Marno Krahmer (1):
MINOR: stats: Add dark mode support for socket rows
Tim Duesterhus (9):
CLEANUP: connection: Indicate unreachability to the compiler in
conn_recv_proxy
MINOR: connection: Transform safety check in PROXYv2 parsing into BUG_ON()
MINOR: queue: Replace if() + abort() with BUG_ON()
MINOR: proxy: Store monitor_uri as a `struct ist`
MINOR: proxy: Store fwdfor_hdr_name as a `struct ist`
MINOR: proxy: Store orgto_hdr_name as a `struct ist`
MEDIUM: proxy: Store server_id_hdr_name as a `struct ist`
CLEANUP: fcgi: Replace memcpy() on ist by istcat()
CLEANUP: fcgi: Use `istadv()` in `fcgi_strm_send_params`
William Lallemand (3):
BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST
BUG/MINOR: add missing modes in proxy_mode_str()
BUG/MINOR: cli: shows correct mode in "show sess"
Willy Tarreau (31):
DEBUG: rename WARN_ON_ONCE() to CHECK_IF()
DEBUG: improve BUG_ON output message accuracy
DEBUG: implement 4 levels of choices between warn and crash.
DEBUG: add two new macros to enable debugging in hot paths
DEBUG: buf: replace some sensitive BUG_ON() with BUG_ON_HOT()
DEBUG: buf: add BUG_ON_HOT() to most buffer management functions
MINOR: channel: don't use co_set_data() to decrement output
DEBUG: channel: add consistency checks using BUG_ON_HOT() in some key
functions
BUILD: debug: fix build warning on older compilers around
DEBUG_STRICT_ACTION
DOC: install: it's DEBUG_CFLAGS, not DEBUG, which is set to -g
DOC: install: describe the DEP variable
DOC: install: describe how to choose options used in the DEBUG variable
BUILD: conn_stream: avoid null-deref warnings on gcc 6
BUILD: connection: do not declare register_mux_proto() inline
BUILD: http_rules: do not declare http_*_keywords_registre() inline
BUILD: trace: do not declare trace_registre_source() inline
BUILD: tcpcheck: do not declare tcp_check_keywords_register() inline
DEBUG: reduce the footprint of BUG_ON() calls
BUG/MINOR: pool: always align pool_heads to 64 bytes
DEV: udp: add a tiny UDP proxy for testing
DEV: udp: implement pseudo-random reordering/loss
DEV: udp: add an optional argument to set the prng seed
BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed
CLEANUP: tree-wide: remove a few rare non-ASCII chars
CI: coverity: simplify debugging options
MINOR: pools: add a new global option "no-memory-trimming"
DOC: sample fetch methods: move distcc_* to the right locations
MINOR: rules: record the last http/tcp rule that gave a final verdict
MINOR: stream: add "last_rule_file" and "last_rule_line" samples
BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd()
BUG/MINOR: buffer: fix debugging condition in b_peek_varint()
---
