Hi,
HAProxy 2.7-dev5 was released on 2022/09/02. It added 79 new commits
after version 2.7-dev4.
This version contains almost only bug fixes since 2.7-dev4, which seems
to reflect pretty well the team's activity over the last two weeks. The
most visible one for some users is the fix for the regression affecting
the startup in master mode without master CLI after the log-forward fix.
The rest is spread all over the code, but I'll try to mention those most
likely to be met:
- cpu-map was not setting the affinity correctly when thread 1 was
specified
- trying to access a slow site using the CLI httpclient command could
crash if the CLI closed before the site responded
- server-side idle connections were often left in TIME_WAIT due to an
undesired shutdown() being performed before closing them, resulting
in more outgoing ports being used than really necessary.
- aborting pipelined HTTP/1.1 transfers could sometimes result in a high
CPU usage until the timeout stroke.
- reloading peers could compete on the local one and slow down or block
the replication.
- reloading peers could interrupt a resync in progress if the retry timer
triggered before the end.
- in certain cases, a misbehaving SPOA agent in asynchronous mode could
cause some errors not to be correctly processed, and dead connections
not being killed, with new ones being opened to replace them and eating
resources.
- some ca-file elements could leak during "commit ssl ca-file"
- some config parsing error in http-request rules could lead to a segfault
during exit when trying to free a rule that was not fully initialized.
- the http client couldn't perform DNS resolution on URLs having an
explicit port.
- the http client would also always work in http-close mode due to its
server pool size remaining set to zero. Now connection reuse works as
expected.
- quite a number of small QUIC issues were addressed, some of which were
causing crashes, some leaks, and some just being bad behaviors. At
least we could close long-lasting issue #1808. There's still a rare
case that causes some streams not to be closed but the conditions
needed for it to happen are too complicated to understand and the
risk of breaking stuff is high, so we'll wait for Amaury to be back :-)
- the master process could create the "default" resolver when reexecuting,
leading to a warning on startup when resolv.conf is not available.
- using haproxy built with PCRE2_JIT with a lib built without would fail
to match. Now it will fall back to the regular match.
- agent-check could be delayed by ~200ms due to TCP QUICKACK being
disabled by default.
And the improvements:
- the httpclient now enables ALPN for https connections with "h2,http/1.1"
and will thus be able to communicate with servers over HTTP/2 (which
would be nice for APIs and various low-latency services in general).
- a new pair of "host_only" and "port_only" converters can be used to
parse an address and extract the host part or the port part respectively
without having to rely on multiple rules.
- the peers applet will now limit the number of updates sent at once so
as not to cause unbearable latencies when large buffers are configured.
- "http-reuse safe" (the default one) will now support to also use pure
idle connections (i.e. not double-validated ones) if l7 retries are
configured to address the failure case that reuse-safe was designed
for (server closing while sending the request). It should result in
a higher reuse ratio on setups with l7 retries. This was part of the
reason why the HTTP client couldn't support keep-alive.
- some debugging improvements ("show sess all" now dumps the mux state,
more QUIC traces)
There were a few other minor fixes/improvements that I don't remember about
anymore, please check the change log below for more info.
I hope next week will be calmer in terms of bugs so that we can get back
to doing real work. The encouraging point is that most of the issues above
were not specific to 2.7 nor 2.6 so we can hope for calmer times. We'll
produce a new series of stable releases shortly.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Documentation : http://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : http://www.haproxy.org/download/2.7/src/
Git repository : http://git.haproxy.org/git/haproxy.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy.git
Changelog : http://www.haproxy.org/download/2.7/src/CHANGELOG
Pending bugs : http://www.haproxy.org/l/pending-bugs
Reviewed bugs : http://www.haproxy.org/l/reviewed-bugs
Code reports : http://www.haproxy.org/l/code-reports
Latest builds : http://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Brad Smith (1):
BUILD: tcp_sample: fix build of get_tcp_info() on OpenBSD
Christopher Faulet (11):
BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after
connect
REGTESTS: Fix prometheus script to perform HTTP health-checks
BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode
BUG/MEDIUM: peers: Add connect and server timeut to peers proxy
BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress
BUG/MEDIUM: peers: Don't start resync on reload if local peer is not
up-to-date
BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets
BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule)
BUG/MEDIUM: ssl: Fix a UAF when old ckch instances are released
BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support
REGTESTS: http_request_buffer: Add a barrier to not mix up log messages
Emeric Brun (1):
BUG/MAJOR: mworker: fix infinite loop on master with no proxies.
Frédéric Lécaille (22):
BUG/MINOR: mux-quic: Fix memleak on QUIC stream buffer for unacknowledged
data
BUG/MINOR: quix: Memleak for non in flight TX packets
BUG/MINOR: quic: Wrong list_for_each_entry() use when building packets
from qc_do_build_pkt()
BUG/MINOR: quic: Safer QUIC frame builders
MINOR: quic: Replace MT_LISTs by LISTs for RX packets.
Revert "BUG/MINOR: quix: Memleak for non in flight TX packets"
BUG/MINOR: quic: Leak in qc_release_lost_pkts() for non in flight TX
packets
BUG/MINOR: quic: Stalled connections (missing I/O handler wakeup)
CLEANUP: quic: No more use ->rx_list MT_LIST entry point (quic_rx_packet)
CLEANUP: quic: Remove a useless check in qc_lstnr_pkt_rcv()
MINOR: quic: Remove useless traces about references to TX packets
Revert "MINOR: quic: Remove useless traces about references to TX packets"
BUG/MINOR: quic: Null packet dereferencing from qc_dup_pkt_frms() trace
BUG/MINOR: quic: Frames added to packets even if not built.
BUG/MINOR: quic: Missing header protection AES cipher context
initialisations (draft-v2)
MINOR: quic: Add a trace to distinguish the datagram from the packets
inside
MINOR: quic: Move traces about RX/TX bytes from QUIC_EV_CONN_PRSAFRM event
BUG/MINOR: quic: TX frames memleak
BUG/MINOR: quic: Do not ack when probing
MINOR: quic: Add TX frames addresses to traces to several trace events
MINOR: quic: Trace typo fix in qc_release_frm()
BUG/MINOR: quic: Frames leak during retransmissions
William Lallemand (12):
REGTESTS: launch http_reuse_always in mworker mode
BUG/MINOR: resolvers: return the correct value in
resolvers_finalize_config()
BUG/MINOR: mworker: does not create the "default" resolvers in wait mode
MINOR: resolvers: shut the warning when "default" resolvers is implicit
DOC: configuration: do-resolve doesn't work with a port in the string
MINOR: sample: add the host_only and port_only converters
BUG/MINOR: httpclient: fix resolution with port
DOC: configuration.txt: do-resolve must use host_only to remove its port.
BUG/MINOR: ssl: fix deinit of the ca-file tree
BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free()
BUG/MINOR: ssl: revert two wrong fixes with ckhi_link
BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free() v2
Willy Tarreau (32):
BUG/MEDIUM: cpu-map: fix thread 1's affinity affecting all threads
MINOR: cpu-map: remove obsolete diag warning about combined ranges
BUG/MEDIUM: applet: fix incorrect check for abnormal return condition
from handler
BUG/MINOR: applet: make the call_rate only count the no-progress calls
MEDIUM: peers: limit the number of updates sent at once
BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of
input
BUG/MINOR: epoll: do not actively poll for Rx after an error
MINOR: raw-sock: don't try to send if an error was already reported
BUG/MINOR: dev/udp: properly preset the rx address size
BUILD: debug: make sure debug macros are never empty
MINOR: sink/ring: rotate non-empty file-backed contents only
BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools
MINOR: backend: always satisfy the first req reuse rule with l7 retries
BUG/MINOR: h2: properly set the direction flag on HTX response
BUG/MEDIUM: httpclient: always detach the caller before self-killing
BUG/MINOR: httpclient: only ask for more room on failed writes
BUG/MINOR: httpclient: keep-alive was accidentely disabled
MEDIUM: httpclient: enable ALPN support on outgoing https connections
BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber
BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber
BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber
DEBUG: stream: minor rearrangement of a few fields in struct stream.
MINOR: debug: report applet pointer and handler in crashes when known
MINOR: mux-h2: extract the stream dump function out of h2_show_fd()
MINOR: mux-h2: extract the connection dump function out of h2_show_fd()
MINOR: muxes: add a "show_sd" helper to complete "show sess" dumps
MINOR: mux-h2: provide a "show_sd" helper to output stream debugging info
MINOR: mux-h2: insert line breaks in "show sess all" output for legibility
MINOR: mux-quic: provide a "show_sd" helper to output stream debugging
info
MINOR: mux-h1: split "show_fd" into connection and stream
MINOR: mux-h1: provide a "show_sd" helper to output stream debugging info
BUG/MINOR: http-act: initialize http fmt head earlier
---
