Hi, HAProxy 2.9-dev12 was released on 2023/11/30. It added 106 new commits after version 2.9-dev11.
It looks like we're getting good for the release. That's a last -dev to help testers rebase and get all the fixes but quite frankly we could very well have released this one. Let's first get rid of the fixes: - there was an issue when running in master-worker mode with more than one thread group that was fixed - a bug in the zero-copy fast-forwarding code for QUIC that could corrupt responses (oops!) - a case where fast-forward with H2 could seldom block if other streams were also blocked waiting for a condition to start emitting again - an issue where H1 could crash trying to emit trailers received from H2 while not in chunk mode - a theoretically possible race between code setting a server's address and the code using it - some cases where zero-copy fast-forward would wake the other side up when it's blocked, causing excessive CPU usage - a case where an aborted transfer from a cache miss could leave the truncated object unusable in the cache until it expired - the acme.sh script was updated to reflect the pending pull-request (fixes empty lines, now can use the master socket) - and a few minor h3/quic fixes. Most of these (aside zero-copy stuff) were pre-2.9 in fact. Now let's have a look at the small improvements that were still waiting for some developers time to be completed, essentially supposed to make users' lives easier (and developers' as well during debugging): - support for a custom end pattern on the CLI to send payload to ease emission of payloads containing empty lines (this saves you from having to trim empty lines from certificates) - a few remaining sample fetch functions to explicitly retrieve the server's status code vs the one returned to the user (e.g. during redirects or errors they can differ), as well as the termination codes and retries counts. This makes it possible for example to adjust the returned code based on certain abnormal termination codes. - the frontend and backend stream IDs can be retrieved, that will ease debugging when these are added in logs, particularly when comparing with traces. - servers in log backends apparnetly did not properly support FQDN, that's now done. - the SSL cert selection callback to choose between RSA/ECDSA is now operational with WolfSSL. - the master CLI now features a "hard-reload" command that does the same as "-st", i.e. it reloads without preserving old connections. - the reverse-http stuff now depends on "expose-experimental-directives" (we forgot to do it previously while it's definitely experimental at least until the similar draft is adopted). The error at boot mentions it if it's missing. - the command line now supports "-dt" to enable traces to stderr without having to modify the configuration; by default all traces are enabled at the error level but this is customizable. - the memory usage of H2 connections was bounded to the number of streams for zero-copy as well, it was forgotten previously. - the pattern reference lookup was improved to save 32 bytes per loaded pattern (store the string in-place, not via strdup) so that the tree based lookup code is now about as efficient as the older list code. - some rare build warnings were addressed - some doc was updated, with a notable change which is the move of the action keywords to their own section, as well as the introduction of summary tables to ease lookups of sample fetch methods and converters. Despite the new tables the doc lost around 500 lines in deduplication. - some QUIC functions were moved between files to be easier to find (and thanks to the QUIC team for doing that before the release not after, to limit backporting efforts). I've seen a few parts in the doc that could deserve a bit of polishing, such as speaking about streams instead of sessions at certain old places, etc. I do expect a few such small changes to appear in the next few days, but that should not change what's running. So I'm deploying this and as usual I anticipate that this last -dev will be running for a while on haproxy.org since it will essentially be the same as the final one. In other words, you can deploy it now as if it were the final 2.9. Given that there's nothing left in sight, we can stick to next Tuesday for the final release. The week-end will be sufficient to possibly spot a few last-minute glitches and possibly test it on other less common platforms. Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.9/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy.git Changelog : https://www.haproxy.org/download/2.9/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (13): BUILD: map: fix build warning MINOR: trace: define simple -dt argument MINOR: trace: parse level in a function MINOR: trace: parse verbosity in a function MINOR: trace: support -dt optional format BUG/MINOR: quic: fix CONNECTION_CLOSE_APP encoding BUG/MINOR: h3: fix TRAILERS encoding BUG/MINOR: h3: always reject PUSH_PROMISE MINOR: h3: use correct error code for missing SETTINGS MINOR: rhttp: mark reverse HTTP as experimental CLEANUP: quic_cid: remove unused listener arg BUG/MINOR: quic_tp: fix preferred_address decoding MINOR: quic_tp: use in_addr/in6_addr for preferred_address Aurelien DARRAGON (21): DOC: config: removing "log-balance" references MINOR: server/event_hdl: add SERVER_INETADDR event MINOR: tools: use const for read only pointers in ip{cmp,cpy} MINOR: server/ip: centralize server ip updates MINOR: backend: remove invalid mode test for "hash-balance-factor" Revert "MINOR: cfgparse-listen: warn when use-server rules is used in wrong mode" MINOR: proxy: add free_logformat_list() helper function MINOR: proxy: add free_server_rules() helper function MINOR: log/backend: prevent "use-server" rules use with LOG mode MINOR: log/balance: set lbprm tot_weight on server on queue/dequeue DOC: config: specify supported sections for "max-session-srv-conns" DOC: config: fix timeout check inheritance restrictions REGTESTS: connection: disable http_reuse_be_transparent.vtc if !TPROXY DOC: lua: add sticktable class reference from Proxy.stktable DOC: lua: fix Proxy.get_mode() output DOC: lua: add "syslog" to Proxy.get_mode() output BUG/MEDIUM: server/event_hdl: memory overrun in _srv_event_hdl_prepare_inetaddr() MINOR: event_hdl: add global tunables BUG/MAJOR: server/addr: fix a race during server addr:svc_port updates MEDIUM: log/balance: support FQDN for UDP log servers BUG/MINOR: compression: possible NULL dereferences in comp_prepare_compress_request() Christopher Faulet (19): BUG/MINOR: global: Fix tune.disable-(fast-forward/zero-copy-forwarding) options BUG/MEDIUM: mux-h1: Properly ignore trailers when a content-length is announced BUG/MEDIUM: stconn: Don't perform zero-copy FF if opposite SC is blocked BUG/MEDIUM: mux-h2: Remove H2_SF_NOTIFIED flag for H2S blocked on fast-forward BUG/MEDIUM: master/cli: Properly pin the master CLI on thread 1 / group 1 BUG/MEDIUM: mux-quic: Stop zero-copy FF during nego if input is not empty CLEANUP: log: Fix %rc comment in sess_build_logline() MINOR: http-fetch: Add a sample to retrieve the server status code DOC: config: Improve 'status' sample documentation MINOR: http-fetch: Add a sample to get the transaction status code MEDIUM: http-ana: Set termination state before returning haproxy response MINOR: stream: Expose session terminate state via a new sample fetch MINOR: stream: add a sample fetch to get the number of connection retries MINOR: stream: Expose the stream's uniq_id via a new sample fetch MINOR: muxes: Rename mux_ctl_type values to use MUX_CTL_ prefix MINOR: muxes: Add a callback function to send commands to mux streams MINOR: muxes: Implement ->sctl() callback for muxes and return the stream id MINOR: Add sample fetches to get the frontend and backend stream ID BUG/MEDIUM: cli: Don't look for payload pattern on empty commands Frédéric Lécaille (26): CLEANUP: quic: Remove dead definitions/declarations REORG: quic: Move some QUIC CLI code to its C file REORG: quic: Add a new module to handle QUIC connection IDs REORG: quic: QUIC connection types header cleaning BUILD: quic: Missing RX header inclusions REORG: quic: Move CRYPTO data buffer defintions to QUIC TLS module REORG: quic: Move QUIC CRYPTO stream definitions/declarations to QUIC TLS REORG: quic: Move several inlined functions from quic_conn.h REORG: quic: Move QUIC SSL BIO method related functions to quic_ssl.c REORG: quic: Move the QUIC DCID parser to quic_sock.c REORG: quic: Rename some functions used upon ACK receipt REORG: quic: Move QUIC path definitions/declarations to quic_cc module REORG: quic: Move qc_handle_conn_migration() to quic_conn.c REORG: quic: Move quic_build_post_handshake_frames() to quic_conn module REORG: quic: Move qc_may_probe_ipktns() to quic_tls.h REORG: quic: Move qc_pkt_long() to quic_rx.h REORG: quic: Rename some (quic|qc)_conn* objects to quic_conn_closed REORG: quic: Move NEW_CONNECTION_ID frame builder to quic_cid REORG: quic: Move ncbuf related function from quic_rx to quic_conn REORG: quic: Add a new module for QUIC retry BUILD: quic: Several compiler warns fixes after retry module creation REORG: quic: Move qc_notify_send() to quic_conn REORG: quic: Add a new module for retransmissions REORG: quic: Remove qc_pkt_insert() implementation REORG: quic: Move quic_increment_curr_handshake() to quic_sock BUG/MINOR: config: Stopped parsing upon unmatched environment variables Olivier Duclos (1): DOC: config: Add argument for tune.lua.maxmem Remi Tricot-Le Breton (1): BUG/MINOR: cache: Remove incomplete entries from the cache when stream is closed William Lallemand (11): MEDIUM: ssl: implement rsa/ecdsa selection with WolfSSL MINOR: ssl: replace 'trash.area' by 'servername' in ssl_sock_switchctx_cbk() MINOR: ssl: move certificate selection in a dedicate function MEDIUM: ssl: use ssl_sock_chose_sni_ctx() in the clienthello callback MINOR: mworker/cli: implement hard-reload over the master CLI MEDIUM: cli: allow custom pattern for payload CLEANUP: mworker/cli: use a label to return errors MINOR: mworker/cli: implements the customized payload pattern for master CLI DOC: management: add documentation about customized payload pattern BUG/MINOR: acme.sh: update the deploy script MINOR: acme.sh: use the master CLI for hot update Willy Tarreau (14): MINOR: task/profiling: do not record task_drop_running() as a caller OPTIM: pattern: save memory and time using ebst instead of ebis OPTIM: mux-h2/zero-copy: don't allocate more buffers per connections than streams DOC: config: fix mention of request slot in http-response capture DOC: config: fix remaining mention of @reverse for attach-srv action DOC: config: fix missing characters in set-spoe-group action DOC: config: reorganize actions into their own section DOC: config: move the cache-use and cache-store actions to the proper section DOC: config: fix alphabetical ordering of converter keywords DOC: config: add missing colon to "bytes_out" sample fetch keyword DOC: config: add an index of converter keywords DOC: config: add an index of sample fetch keywords DEBUG: unstatify a few functions that are often present in backtraces BUILD: server: shut a bogus gcc warning on certain ubuntu ---