Hi, HAProxy 2.7-dev6 was released on 2022/09/17. It added 108 new commits after version 2.7-dev5.
This cycle was mostly focused on debugging improvements to help developers extract information from bug reports: - the "show sess all" output will now dump the mux states; - task profiling will now report call statistics per calling place - the "flags" utility can now decode 8 new fields among which HTX states and different mux flags - more QUIC traces In addition to this, a new anonymizing mechanism was added to help bug reporters share outputs and configs. When anonymized mode is enabled on the CLI, some commands such as "show sess", "show servers" etc will have a number of fields replaced with a small hash (24 bits). This includes identifiers (e.g. proxy/server names), IP addresses and host names. These are the fields that most users waste time redacting in these outputs when asked for extra info. For the config file, a new "-dC" command-line option dumps the config file after tokenizing. With a key in argument it also hashes arguments of a number of commands in a way that allows to easily match them against the dumps, and will drop arguments past the 3rd one, since it looks like most of the time we need options and basic definitions. All of this is still in its early stage and is expected to evolve. For example I'd like "server" and "bind" lines to appear complete, only without addresses and names. We'll see along forthcoming reports how well this works and what needs to be improved but the hope is that it will already lower the effort on the reporter's side and reduce the number of round-trips required to figure a problem's cause. Aside debugging, the HTTP client was improved to support creating specific proxies when non-standard options are needed. Another great news is that support was added for the very latest LibreSSL (still in development), which joined the large band of alternate stacks who adopted the de-facto standard QUIC interface that OpenSSL remains the only one to refuse to integrate. The good news here is that till now only QuicTLS was usable for us, but that's a voluntary effort and nobody knows how long its maintainers will be willing to maintain it, and it's still not packaged in distros. LibreSSL is maintained, mostly compatible with OpenSSL and was/is shipped with certain OS and distros. So until OpenSSL changes their mind and finally accepts to listen to their users, this could constitute an acceptable mid-term solution to enable QUIC with some maintained library. We'll see how all this evolves. And as usual, a bunch of bugs were fixed (but not that many this time). Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.7/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy.git Changelog : https://www.haproxy.org/download/2.7/src/CHANGELOG Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (4): BUG/MEDIUM: mux-quic: fix crash on early app-ops release CLEANUP: mux-quic: remove stconn usage in h3/hq BUG/MINOR: mux-quic: do not remotely close stream too early CLEANUP: exclude udp-perturb with .gitignore Aurelien DARRAGON (7): BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK MINOR: listener: small API change MINOR: proxy/listener: support for additional PAUSED state BUG/MINOR: stats: fixing stat shows disabled frontend status as 'OPEN' CLEANUP: listener: function comment typo in stop_listener() BUG/MINOR: listener: null pointer dereference suspected by coverity BUG/MEDIUM: server: segv when adding server with hostname from CLI Brad Smith (2): MINOR: Revert part of clarifying samples support per os commit BUILD: makefile: enable crypt(3) for NetBSD Christopher Faulet (6): MINOR: http-check: Remove support for headers/body in "option httpchk" version BUG/MINOR: h1: Support headers case adjustment for TCP proxies BUG/MINOR: mux-h1: Increment open_streams counter when H1 stream is created REGTESTS: healthcheckmail: Relax matching on the healthcheck log message REORG: mux-h1: extract flags and enums into mux_h1-t.h MINOR: flags/mux-h1: decode H1C and H1S flags Emeric Brun (1): BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring. Erwan Le Goas (6): MINOR: anon: add new macros and functions to anonymize contents MINOR: anon: store the anonymizing key in the global structure MINOR: anon: store the anonymizing key in the CLI's appctx MINOR: cli: anonymize commands 'show sess' and 'show sess all' MINOR: cli: anonymize 'show servers state' and 'show servers conn' MINOR: config: add command-line -dC to dump the configuration file Frédéric Lécaille (14): BUG/MINOR: quic: Retransmitted frames marked as acknowledged BUG/MINOR: quic: Possible crash with "tls-ticket-keys" on QUIC bind lines BUG/MINOR: quic: Possible crash when verifying certificates MINOR: quic: Add traces about sent or resent TX frames MINOR: quic: No TRACE_LEAVE() in retrieve_qc_conn_from_cid() BUG/MINOR: quic: Wrong connection ID to thread ID association BUG/MINOR: quic: Speed up the handshake completion only one time BUG/MINOR: quic: Trace fix about packet number space information. BUG/MINOR: h3: Crash when h3 trace verbosity is "minimal" MINOR: h3: Add the quic_conn object to h3 traces MINOR: h3: Missing connection argument for a TRACE_LEAVE() argument MINOR: h3: Send the h3 settings with others streams (requests) MINOR: dev/udp: Apply the corruption to both directions BUILD: udp-perturb: Add a make target for udp-perturb tool Ilya Shipitsin (1): CI: cirrus-ci: bump FreeBSD image to 13-1 Mathias Weiersmueller (1): DOC: fix TOC in starter guide for subsection 3.3.8. Statistics Matthias Wirth (1): BUG/MINOR: signals/poller: ensure wakeup from signals William Lallemand (14): BUILD: quic: add some ifdef around the SSL_ERROR_* for libressl BUILD: ssl: fix ssl_sock_switchtx_cbk when no client_hello_cb BUILD: quic: temporarly ignore chacha20_poly1305 for libressl BUILD: quic: enable early data only with >= openssl 1.1.1 BUILD: ssl: fix the ifdef mess in ssl_sock_initial_ctx BUILD: quic: fix the #ifdef in ssl_quic_initial_ctx() MINOR: quic: add QUIC support when no client_hello_cb BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals REGTESTS: log: test the log-forward feature REGTESTS: ssl/log: test the log-forward with SSL MEDIUM: httpclient: httpclient_create_proxy() creates a proxy for httpclient MEDIUM: httpclient: allow to use another proxy MINOR: httpclient: export httpclient_create_proxy() MEDIUM: quic: separate path for rx and tx with set_encryption_secrets Willy Tarreau (50): BUG/MINOR: task: always reset a new tasklet's call date BUG/MINOR: task: make task_instant_wakeup() work on a task not a tasklet MINOR: task: permanently enable latency measurement on tasklets CLEANUP: task: rename ->call_date to ->wake_date BUG/MINOR: sched: properly account for the CPU time of dying tasks MINOR: sched: store the current profile entry in the thread context BUG/MINOR: stream/sched: take into account CPU profiling for the last call MINOR: tasks: do not keep cpu and latency times in struct task MINOR: tools: add generic pointer hashing functions CLEANUP: activity: make memprof use the generic ptr_hash() function CLEANUP: activity: make taskprof use ptr_hash() MINOR: debug: add struct ha_caller to describe a calling location CLEANUP: debug: use struct ha_caller for memstat DEBUG: task: define a series of wakeup types for tasks and tasklets DEBUG: task: use struct ha_caller instead of arrays of file:line DEBUG: applet: instrument appctx_wakeup() to log the caller's location DEBUG: task: simplify the caller recording in DEBUG_TASK CLEANUP: task: move tid and wake_date into the common part CLEANUP: sched: remove duplicate code in run_tasks_from_list() CLEANUP: activity: make the number of sched activity entries more configurable DEBUG: resolvers: unstatify process_resolvers() to make it appear in profiling DEBUG: quic: export the few task handlers that often appear in task dumps MEDIUM: tasks/activity: combine the called function with the caller MINOR: tasks/activity: improve the caller-callee activity hash MINOR: activity/cli: support aggregating task profiling outputs MINOR: activity/cli: support sorting task profiling by total CPU time DEV: flags: fix usage message to reflect available options DEV: flags: add missing CO_FL_FDLESS connection flag MINOR: flags: add a new file to host flag dumping macros MINOR: flags: implement a macro used to dump enums inside masks MINOR: flags/channel: use flag dumping for channel flags and analysers MINOR: flags/connection: use flag dumping for connection flags MINOR: flags/stconn: use flag dumping for stconn and sedesc flags MINOR: flags/stream: use flag dumping for stream error type MINOR: flags/stream: use flag dumping for stream flags MINOR: flags/task: use flag dumping for task state MINOR: flags/http_ana: use flag dumping for txn flags DEV: flags: remove the now unused SHOW_FLAG() definition DEV: flags: remove the now useless intermediary functions MINOR: flags/htx: use flag dumping to show htx and start-line flags MINOR: flags/http_ana: use flag dumping to show http msg states BUILD: flags: fix build warning in some macros used by show_flags BUILD: flags: fix the fallback macros for missing stdio CLEANUP: pollers: remove dead code in the polling loop MINOR: flags/fd: decode FD flags states REORG: mux-h2: extract flags and enums into mux_h2-t.h MINOR: flags/mux-h2: decode H2C and H2S flags BUG/MEDIUM: captures: free() an error capture out of the proxy lock BUILD: fd: fix a build warning on the DWCAS SCRIPTS: announce-release: update some URLs to https cui fliter (1): CLEANUP: quic,ssl: fix tiny typos in C comments ---