Hi,
HAProxy 2.6.5 was released on 2022/09/03. It added 182 new commits
after version 2.6.4.
This series may look large but it's not. As previously announced, the QUIC
code was updated to match the latest and most stable one in 2.7, and this
represents 131 patches. One known defect in QUIC remains that we have not
yet clearly identified, based on certain error conditions, some connections
may never close and will as such leak, as described in issue #1801. That's
roughly 0.01% so it's not dramatic but may definitely be observed.
For the rest, it's roughly the same as the fixes that went into 2.7-dev5,
that I'm mostly copy-pasting here:
- trying to access a slow site using the CLI httpclient command could
crash if the CLI closed before the site responded
- server-side idle connections were often left in TIME_WAIT due to an
undesired shutdown() being performed before closing them, resulting
in more outgoing ports being used than really necessary.
- aborting pipelined HTTP/1.1 transfers could sometimes result in a high
CPU usage until the timeout stroke.
- reloading peers could compete on the local one and slow down or block
the replication.
- reloading peers could interrupt a resync in progress if the retry timer
triggered before the end.
- in certain cases, a misbehaving SPOA agent in asynchronous mode could
cause some errors not to be correctly processed, and dead connections
not being killed, with new ones being opened to replace them and eating
resources.
- some ca-file elements could leak during "commit ssl ca-file"
- some config parsing error in http-request rules could lead to a segfault
during exit when trying to free a rule that was not fully initialized.
- the http client couldn't perform DNS resolution on URLs having an
explicit port.
- the http client would also always work in http-close mode due to its
server pool size remaining set to zero. Now connection reuse works as
expected.
- the master process could create the "default" resolver when reexecuting,
leading to a warning on startup when resolv.conf is not available.
- using haproxy built with PCRE2_JIT with a lib built without would fail
to match. Now it will fall back to the regular match.
- agent-check could be delayed by ~200ms due to TCP QUICKACK being
disabled by default.
- build on OpenBSD would fail due to get_tcp_info()
- the warning about unreachable resolvers is now properly shut for the
default resolvers when its use is implicit (e.g. created on the fly
by the httpclient).
The following improvements were also backported:
- a new pair of "host_only" and "port_only" converters can be used to
parse an address and extract the host part or the port part respectively
without having to rely on multiple rules.
=> that's required to fix the DNS host vs port resolution used by the
http client
- "http-reuse safe" (the default one) will now support to also use pure
idle connections (i.e. not double-validated ones) if l7 retries are
configured to address the failure case that reuse-safe was designed
for (server closing while sending the request). It should result in
a higher reuse ratio on setups with l7 retries. This was part of the
reason why the HTTP client couldn't support keep-alive.
=> required to fix the http client's keepalive
- ring: file-backed support was backported. It's trivial and well
isolated, and has already proved to be extremely effective at
collecting traces of a dying process. Thanks to this there's no more
burden of piping socat to tail in the background, nor the CPU
consumption and losses that came with it.
We've kept a few more debugging improvements for a later version, once
they've baked long enough in 2.7. In general, anything that helps bug
reporter provide detailed info with limited effort, or helps developers
spot a problem without asking for more info is an improvement as it
reduces the time spent addressing issues.
We'll soon emit 2.5 and 2.4 at least since some of the issues fixed above
also affect them.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Documentation : http://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : http://www.haproxy.org/download/2.6/src/
Git repository : http://git.haproxy.org/git/haproxy-2.6.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-2.6.git
Changelog : http://www.haproxy.org/download/2.6/src/CHANGELOG
Pending bugs : http://www.haproxy.org/l/pending-bugs
Reviewed bugs : http://www.haproxy.org/l/reviewed-bugs
Code reports : http://www.haproxy.org/l/code-reports
Latest builds : http://www.haproxy.org/l/dev-packages
Thanks to all participants!
Willy
---
Complete changelog :
Amaury Denoyelle (75):
MINOR: connection: support HTTP/3.0 for smp_*_http_major fetch
MINOR: mux-quic: simplify decode_qcs API
MINOR: mux-quic/h3: adjust demuxing function return values
BUG/MINOR: h3: fix return value on decode_qcs on error
BUG/MINOR: h3: fix incorrect BUG_ON assert on SETTINGS parsing
BUG/MEDIUM: h3: fix SETTINGS parsing
MINOR: mux-quic: complete BUG_ON on TX flow-control enforcing
MINOR: qpack: reduce dependencies on other modules
MINOR: qpack: add ABORT_NOW on unimplemented decoding
MINOR: qpack: improve decoding function
BUG/MINOR: qpack: abort on dynamic index field line decoding
BUG/MINOR: qpack: fix build with QPACK_DEBUG
BUG/MINOR: qpack: abort on dynamic index field line decoding
CLEANUP: mux-quic: adjust comment on qcs_consume()
CLEANUP: mux-quic: do not export qc_get_ncbuf
REORG: mux-quic: reorganize flow-control fields
MINOR: mux-quic: implement accessor for sedesc
MEDIUM: mux-quic: refactor streams opening
MINOR: mux-quic: rename qcs flag FIN_RECV to SIZE_KNOWN
MINOR: mux-quic: emit FINAL_SIZE_ERROR on invalid STREAM size
REORG: mux-quic: rename stream initialization function
MINOR: mux-quic: rename stream purge function
MINOR: mux-quic: add traces on frame parsing functions
MINOR: mux-quic: implement qcs_alert()
MINOR: mux-quic: filter send/receive-only streams on frame parsing
MINOR: mux-quic: do not ack STREAM frames on unrecoverable error
MINOR: mux-quic: support stream opening via MAX_STREAM_DATA
MINOR: mux-quic: define basic stream states
MINOR: mux-quic: use stream states to mark as detached
MEDIUM: mux-quic: implement RESET_STREAM emission
MEDIUM: mux-quic: implement STOP_SENDING handling
CLEANUP: quic: clean up include on quic_frame-t.h
MINOR: quic: define a generic QUIC error type
MINOR: mux-quic: support app graceful shutdown
MINOR: mux-quic/h3: prepare CONNECTION_CLOSE on release
MEDIUM: quic: send CONNECTION_CLOSE on released MUX
CLEANUP: mux-quic: move qc_release()
MINOR: mux-quic: send one last time before release
MINOR: h3: store control stream in h3c
MINOR: h3: implement graceful shutdown with GOAWAY
MINOR: mux-quic: save proxy instance into qcc
MINOR: mux-quic: use timeout server for backend conns
MEDIUM: mux-quic: adjust timeout refresh
MINOR: mux-quic: count in-progress requests
MEDIUM: mux-quic: implement http-keep-alive timeout
MINOR: h3: support HTTP request framing state
MINOR: mux-quic: refresh timeout on frame decoding
MINOR: mux-quic: refactor refresh timeout function
MEDIUM: mux-quic: implement http-request timeout
BUG/MINOR: quic: adjust errno handling on sendto
MINOR: quic: replace custom buf on Tx by default struct buffer
MINOR: quic: release Tx buffer on each send
MINOR: quic: refactor datagram commit in Tx buffer
MINOR: quic: skip sending if no frame to send in io-cb
BUG/MINOR: mux-quic: open stream on STOP_SENDING
BUG/MINOR: quic: fix crash on handshake io-cb for null next enc level
MINOR: mux-quic: adjust enter/leave traces
MINOR: mux-quic: define protocol error traces
CLEANUP: mux-quic: adjust traces level
MINOR: mux-quic: define new traces
BUG/MEDIUM: mux-quic: fix crash due to invalid trace arg
BUG/MINOR: mux-quic: fix crash with traces in qc_detach()
MINOR: quic: adjust quic_frame flag manipulation
MINOR: h3: report error on control stream close
MINOR: qpack: report error on enc/dec stream close
BUG/MEDIUM: mux-quic: reject uni stream ID exceeding flow control
MINOR: mux-quic: adjust traces on stream init
MINOR: mux-quic: add missing args on some traces
MINOR: quic: refactor application send
BUG/MINOR: quic: do not notify MUX on frame retransmit
BUG/MEDIUM: quic: fix crash on MUX send notification
REORG: h2: extract cookies concat function in http_htx
REGTESTS: add test for HTTP/2 cookies concatenation
MEDIUM: h3: concatenate multiple cookie headers
CLEANUP: exclude haring with .gitignore
Brad Smith (1):
BUILD: tcp_sample: fix build of get_tcp_info() on OpenBSD
Christopher Faulet (12):
BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after
connect
REGTESTS: Fix prometheus script to perform HTTP health-checks
BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode
BUG/MEDIUM: peers: Add connect and server timeut to peers proxy
BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress
BUG/MEDIUM: peers: Don't start resync on reload if local peer is not
up-to-date
BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets
BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule)
BUG/MEDIUM: ssl: Fix a UAF when old ckch instances are released
MINOR: quic: Revert recent QUIC commits
BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support
REGTESTS: http_request_buffer: Add a barrier to not mix up log messages
Frédéric Lécaille (56):
BUG/MINOR: quic: Wrong list_for_each_entry() use when building packets
from qc_do_build_pkt()
BUG/MINOR: quic: Safer QUIC frame builders
BUG/MINOR: quic: Leak in qc_release_lost_pkts() for non in flight TX
packets
BUG/MINOR: quic: Stalled connections (missing I/O handler wakeup)
CLEANUP: quic: No more use ->rx_list MT_LIST entry point (quic_rx_packet)
CLEANUP: quic: Remove a useless check in qc_lstnr_pkt_rcv()
BUG/MINOR: quic: Frames added to packets even if not built.
MINOR: quic: Replace MT_LISTs by LISTs for RX packets.
MINOR: quic: Add a trace to distinguish the datagram from the packets
inside
MINOR: quic: Add several nonce and key definitions for Retry tag
MINOR: quic: Parse long packet version from qc_parse_hd_form()
CLEANUP: quid: QUIC draft-28 no more supported
MEDIUM: quic: Add QUIC v2 draft support
MINOR: quic: Released QUIC TLS extension for QUIC v2 draft
MEDIUM: quic: Compatible version negotiation implementation (draft-08)
CLEANUP: quic: Remove any reference to boringssl
BUILD: quic: Wrong HKDF label constant variable initializations
MINOR: quic: Dump version_information transport parameter
MINOR: quic: Add two new stats counters for sendto() errors
MINOR: quic: Replace pool_zalloc() by pool_malloc() for fake datagrams
MEDIUM: quic: xprt traces rework
MINOR: quic: Remove useless lock for RX packets
CLEANUP: quic: Remove trailing spaces
BUG/MEDIUM: quic: Possible use of uninitialized <odcid> variable in
qc_lstnr_params_init()
BUG/MEDIUM: quic: Wrong use of <token_odcid> in qc_lsntr_pkt_rcv()
BUG/MINOR: quic: MIssing check when building TX packets
BUG/MINOR: quic: Wrong status returned by qc_pkt_decrypt()
BUG/MINOR: quic: Missing initializations for ducplicated frames.
BUG/MINOR: quic: Possible crashes when dereferencing ->pkt quic_frame
struct member
MINOR: quic: Add frame addresses to QUIC_EV_CONN_PRSAFRM event traces
BUG/MINOR: quic: Wrong splitted duplicated frames handling
MINOR: quic: Add the QUIC connection to mux traces
MINOR: quic: Trace fix in qc_release_frm()
MINOR: quic: Add reusable cipher contexts for header protection
BUG/MINOR: mux-quic: Fix memleak on QUIC stream buffer for unacknowledged
data
BUG/MINOR: quix: Memleak for non in flight TX packets
BUG/MINOR: quic: Wrong list_for_each_entry() use when building packets
from qc_do_build_pkt()
BUG/MINOR: quic: Safer QUIC frame builders
MINOR: quic: Replace MT_LISTs by LISTs for RX packets.
Revert "BUG/MINOR: quix: Memleak for non in flight TX packets"
BUG/MINOR: quic: Leak in qc_release_lost_pkts() for non in flight TX
packets
BUG/MINOR: quic: Stalled connections (missing I/O handler wakeup)
CLEANUP: quic: No more use ->rx_list MT_LIST entry point (quic_rx_packet)
CLEANUP: quic: Remove a useless check in qc_lstnr_pkt_rcv()
MINOR: quic: Remove useless traces about references to TX packets
Revert "MINOR: quic: Remove useless traces about references to TX packets"
BUG/MINOR: quic: Null packet dereferencing from qc_dup_pkt_frms() trace
BUG/MINOR: quic: Frames added to packets even if not built.
BUG/MINOR: quic: Missing header protection AES cipher context
initialisations (draft-v2)
MINOR: quic: Add a trace to distinguish the datagram from the packets
inside
MINOR: quic: Move traces about RX/TX bytes from QUIC_EV_CONN_PRSAFRM event
BUG/MINOR: quic: TX frames memleak
BUG/MINOR: quic: Do not ack when probing
MINOR: quic: Add TX frames addresses to traces to several trace events
MINOR: quic: Trace typo fix in qc_release_frm()
BUG/MINOR: quic: Frames leak during retransmissions
Tim Duesterhus (1):
CLEANUP: Re-apply xalloc_size.cocci (2)
William Lallemand (11):
BUG/MINOR: resolvers: return the correct value in
resolvers_finalize_config()
BUG/MINOR: mworker: does not create the "default" resolvers in wait mode
MINOR: resolvers: shut the warning when "default" resolvers is implicit
DOC: configuration: do-resolve doesn't work with a port in the string
MINOR: sample: add the host_only and port_only converters
BUG/MINOR: httpclient: fix resolution with port
DOC: configuration.txt: do-resolve must use host_only to remove its port.
BUG/MINOR: ssl: fix deinit of the ca-file tree
BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free()
BUG/MINOR: ssl: revert two wrong fixes with ckhi_link
BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free() v2
Willy Tarreau (26):
BUG/MEDIUM: applet: fix incorrect check for abnormal return condition
from handler
BUG/MINOR: applet: make the call_rate only count the no-progress calls
BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of
input
BUG/MINOR: dev/udp: properly preset the rx address size
CLEANUP: quic: use task_new_on() for single-threaded tasks
CLEANUP: pool/quic: remove suffix "_pool" from certain pool names
BUILD: ring: forward-declare struct appctx to avoid a build warning
MINOR: ring: support creating a ring from a linear area
MINOR: ring: add support for a backing-file
BUILD: sink: replace S_IRUSR, S_IWUSR with their octal value
MINOR: ring: archive a previous file-backed ring on startup
MINOR: sink/ring: rotate non-empty file-backed contents only
DEV: haring: add a simple utility to read file-backed rings
DEV: haring: support remapping LF in contents with CR VT
BUILD: debug: make sure debug macros are never empty
BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools
MINOR: backend: always satisfy the first req reuse rule with l7 retries
BUG/MINOR: h2: properly set the direction flag on HTX response
BUG/MEDIUM: httpclient: always detach the caller before self-killing
BUG/MINOR: httpclient: keep-alive was accidentely disabled
BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber
BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber
BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber
DEBUG: stream: minor rearrangement of a few fields in struct stream.
MINOR: debug: report applet pointer and handler in crashes when known
BUG/MINOR: http-act: initialize http fmt head earlier
---
