Hi,

HAProxy 3.0-dev1 was released on 2024/01/06. It added 136 new commits
after version 3.0-dev0. I figured we're already one month after 2.9 was
released, so it was about time to issue a first -dev release, even if
the period is usually calm due to vacation.

This version mostly contains fixes for early bugs affecting 2.9 (about
35), most of which in the area of end-of-stream detection during fast
forwarding combined with corner cases There were also a few issues
involving incorrect locking (QUIC CID tree), and pattern ordering in
maps due to the recent optimizations.

There are also a few add-ons and improvements:

- support for the fast forwarding mechanism in applets. This will
  ultimately result in lower memory and higher performance for some
  applets such as the cache by carefully avoiding to queue more data
  when the mux buffer is already full. This can still be disabled by
  unsetting tune.cache.zero-copy-forwarding.

- new support for virtual and optional files for patterns. Some users
  had to create empty files in order to use maps internally. Now by
  prefixing a map file name with "virt@", it will just be an internal
  name that will not be looked up on the file system. However all
  operations remain supported (adding entries etc). In addition, the
  "opt@" prefix supports loading files only if they exist, falling
  back to an empty map. This can be useful for per-customer routing
  or exceptions lists for example, without having to deal with them on
  a case by case basis.

- certain warnings about the presence of HTTP rules in TCP frontends
  that are going to be upgraded to HTTP when switching to a backend
  will now no longer be reported when it is certain that they will work
  as expected. Something partially related is that it happens that stats
  configured in a TCP frontend with an explicit upgrade rule would
  previously cause a segfault and are now fixed.

- a new set of converters, map_*_key, will report the matching part of
  the key itself instead of the associated pattern. This was requested
  several times to know what address mask an address did match, or what
  regex a pattern did match. Till now the only way to do this was to
  build a special map with two strictly identical columns, but now this
  becomes simpler.

- the HTTP/2 mux now supports limiting the total number of streams per
  connection. There are situations where a client periodically performs
  a request (crawlers, API clients etc) and where because of this, it's
  difficult to cleanly stop the process, or to force some clients to
  reconnect to another node just to maintain a better balance between
  multiple frontend nodes, etc. One of the issue is directly related to
  the current lack of ability to force to close a connection from HTTP
  rules, but even without rules, it makes sense to be able to say that
  one wants a connection to be renewed after 1000 requests for example.
  Nothing is changed by default, of course, but now at least those who
  need this will be able to configure it ("tune.h2.fe-max-total-streams").

- QUIC and HTTP/3 added some traces and refined some error reporting.

- ebtree backports that improve performance on non-x86 machines
  (~+3% task switching rate and ~2% faster string lookups on ARM)

- some of the remaining server name lookups that were still linear moved
  to use the tree instead, speeding up certain operations or config
  parsing.

- Prometheus supports exporting a few more per-server metrics.

- The new certificate selection callback for WolfSSL was now enabled
  since it's finally available in the upstream project.

- show/set/clear table now supports a "ptr" argument to directly use the
  pointer retrieved from a previous "show" command.

As usual, numerous cleanups all over the code and various doc updates
were merged, and I think that's about all. There's a pending patch from
on the list to update ssl_fc_curve()/ssl_bc_curve() for newer openssl
versions but I prefer to let one of the SSL maintaines check it next
week when they're back (it's not lost Mariam :-)).

By the way some of the fixes mentioned above were already backported to
2.9 and we expect to produce another one soon, probably next week, in
order to help those facing issues. If you've faced a regression from
2.8 to 2.9, please try latest maintenance snapshot and voice in if it
persists.

Please find the usual URLs below :
   Site index       : https://www.haproxy.org/
   Documentation    : https://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : https://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : https://www.haproxy.org/download/3.0/src/
   Git repository   : https://git.haproxy.org/git/haproxy.git/
   Git Web browsing : https://git.haproxy.org/?p=haproxy.git
   Changelog        : https://www.haproxy.org/download/3.0/src/CHANGELOG
   Dataplane API    : 
https://github.com/haproxytech/dataplaneapi/releases/latest
   Pending bugs     : https://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : https://www.haproxy.org/l/reviewed-bugs
   Code reports     : https://www.haproxy.org/l/code-reports
   Latest builds    : https://www.haproxy.org/l/dev-packages

Willy
---
Complete changelog :
Amaury Denoyelle (32):
      MINOR: hq-interop: add fastfwd support
      CLEANUP: mux_quic: rename ffwd function with prefix qmux_strm_
      MINOR: mux-quic: add traces for 0-copy/fast-forward
      CLEANUP: mux-quic: remove unused prototype
      MINOR: mux-quic: clean up qcs Rx buffer allocation API
      MINOR: mux-quic: clean up qcs Tx buffer allocation API
      CLEANUP: mux-quic: clean up app ops callback definitions
      MINOR: mux-quic: factorize QC_SF_UNKNOWN_PL_LENGTH set
      MINOR: h3: complete traces for sending
      MINOR: h3: adjust zero-copy sending related code
      MINOR: hq-interop: use zero-copy to transfer single HTX data block
      BUG/MEDIUM: mux-quic: report early error on stream
      MINOR: h3: remove quic_conn only reference
      MINOR: mux-quic: remove qcc_shutdown() from qcc_release()
      MINOR: mux-quic: use qcc_release in case of init failure
      MINOR: mux-quic: adjust error code in init failure
      MINOR: h3: add traces for connection init stage
      BUG/MINOR: h3: properly handle alloc failure on finalize
      MINOR: h3: use INTERNAL_ERROR code for init failure
      DOC: fix typo for fastfwd QUIC option
      BUG/MINOR: mux-quic: always report error to SC on RESET_STREAM emission
      MEDIUM: mux-quic: add BUG_ON if sending on locally closed QCS
      BUG/MINOR: mux-quic: disable fast-fwd if connection on error
      MINOR: h3: check connection error during sending
      BUG/MINOR: h3: close connection on header list too big
      BUG/MINOR: h3: close connection on sending alloc errors
      BUG/MINOR: h3: disable fast-forward on buffer alloc failure
      Revert "MINOR: mux-quic: Disable zero-copy forwarding for send by default"
      BUG/MINOR: server: fix server_find_by_name() usage during parsing
      REGTESTS: check attach-srv out of order declaration
      BUG/MEDIUM: h3: fix incorrect snd_buf return value
      MINOR: h3: do not consider missing buf room as error on trailers

Aurelien DARRAGON (36):
      BUG/MEDIUM: map/acl: pat_ref_{set,delete}_by_id regressions
      BUG/MINOR: ext-check: cannot use without preserve-env
      MINOR: stats: store the parent proxy in stats ctx (http)
      BUG/MEDIUM: stats: unhandled switching rules with TCP frontend
      MEDIUM: proxy: set PR_O_HTTP_UPG on implicit upgrades
      MINOR: proxy: monitor-uri works with tcp->http upgrades
      OPTIM: server: eb lookup for server_find_by_name()
      OPTIM: server: ebtree lookups for findserver_unique_* functions
      MINOR: server/event_hdl: add server_inetaddr struct to facilitate event 
data usage
      MINOR: server/event_hdl: update _srv_event_hdl_prepare_inetaddr prototype
      BUG/MINOR: server/event_hdl: propagate map port info through inetaddr 
event
      MINOR: server: ensure connection cleanup on server addr changes
      CLEANUP: server/event_hdl: remove purge_conn hint in INETADDR event
      MEDIUM: server: merge srv_update_addr() and srv_update_addr_port() logic
      CLEANUP: server: remove unused server_parse_addr_change_request() function
      CLEANUP: resolvers: remove duplicate func prototype
      MINOR: resolvers: add unique numeric id to nameservers
      MEDIUM: server: make server_set_inetaddr() updater serializable
      MINOR: server/event_hdl: expose updater info through INETADDR event
      MINOR: server: add dns hint in server_inetaddr_updater struct
      MEDIUM: server/dns: clear RMAINT when addr resolves again
      BUG/MINOR: server/dns: use server_set_inetaddr() to unset srv addr from 
DNS
      BUG/MEDIUM: server/dns: perform svc_port updates atomically from SRV 
records
      MEDIUM: peers: use server as stream target
      CLEANUP: peers: remove unused sock_init_arg struct member
      CLEANUP: peers: remove unused "proto" and "xprt" struct members
      MINOR: peers: rely on srv->addr and remove peer->addr
      DOC: config: add context hint for server keywords
      MINOR: stktable: add table_process_entry helper function
      MINOR: stktable: use {show,set,clear} table with ptr
      MINOR: map: add map_*_key converters to provide the matching key
      MINOR: stktable: stktable_data_ptr() cannot fail in table_process_entry()
      CLEANUP: server: remove ambiguous check in srv_update_addr_port()
      CLEANUP: resolvers: remove unused RSLV_UPD_OBSOLETE_IP flag
      CLEANUP: resolvers: remove some more unused RSLV_UDP flags
      MEDIUM: server: simplify snr_set_srv_down() to prevent confusions

Christopher Faulet (27):
      MINOR: channel: Use dedicated functions to deal with STREAMER flags
      MEDIUM: applet: Handle channel's STREAMER flags on applets size
      MINOR: applets: Use channel's field to compute amount of data received
      MEDIUM: cache: Save body size of cached objects and track it on delivery
      MEDIUM: cache: Add support for endp-to-endp fast-forwarding
      MINOR: cache: Add global option to enable/disable zero-copy forwarding
      MINOR: pattern: Use reference name as filename to read patterns from a 
file
      MEDIUM: pattern: Add support for virtual and optional files for patterns
      DOC: config: Add section about name format for maps and ACLs
      DOC: management/lua: Update commands about map and acl
      MINOR: promex: Add support for specialized front/back/li/srv metric names
      MINOR: promex: Export active/backup metrics per-server
      BUG/MEDIUM: stconn: Block zero-copy forwarding if EOS/ERROR on consumer 
side
      BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding
      BUG/MEDIUM: mux-h1: Explicitly skip request's C-L header if not set 
originally
      CLEANUP: mux-h1: Fix a trace message about C-L header addition
      BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is 
empty
      BUG/MEDIUM: mux-h2: Switch pending error to error if demux buffer is empty
      BUG/MEDIUM: mux-h2: Only Report H2C error on read error if demux buffer 
is empty
      BUG/MEDIUM: mux-h2: Don't report error on SE if error is only pending on 
H2C
      BUG/MEDIUM: mux-h2: Don't report error on SE for closed H2 streams
      DOC: config: Update documentation about local haproxy response
      BUG/MINOR: server: Use the configured address family for the initial 
resolution
      BUG/MAJOR: stconn: Disable zero-copy forwarding if consumer is shut or in 
error
      BUG/MEDIUM: stconn: Forward shutdown on write timeout only if it is 
forwardable
      BUG/MEDIUM: stconn: Set fsb date if zero-copy forwarding is blocked 
during nego
      BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up

Dragan Dosen (3):
      MINOR: backend: export get_server_*() functions
      MINOR: tcpcheck: export proxy_parse_tcpcheck()
      MEDIUM: udp: allow to retrieve the frontend destination address

Frédéric Lécaille (10):
      BUG/MINOR: ssl: Double free of OCSP Certificate ID
      MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback
      BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate
      BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA)
      BUG/MEDIUM: quic: Possible buffer overflow when building TLS records
      BUG/MEDIUM: quic: QUIC CID removed from tree without locking
      BUG/MINOR: quic: Wrong keylog callback setting.
      BUG/MINOR: quic: Missing call to TLS message callbacks
      CLEANUP: quic: Remaining useless code into server part
      BUILD: quic: Missing quic_ssl.h header protection

Ilya Shipitsin (2):
      CLEANUP: assorted typo fixes in the code and comments
      CI: use semantic version compare for determing "latest" OpenSSL

William Lallemand (7):
      DOC: configuration: typo req.ssl_hello_type
      BUG/MINOR: mworker/cli: fix set severity-output support
      CLEANUP: mworker/cli: add comments about pcli_find_and_exec_kw()
      BUILD: ssl: update types in wolfssl cert selection callback
      MINOR: ssl: activate the certificate selection callback for WolfSSL
      CI: github: switch to wolfssl git-c4b77ad for new PR
      BUG/MINOR: resolvers: default resolvers fails when network not configured

Willy Tarreau (19):
      DOC: config: add arguments to sample fetch methods in the table
      DOC: config: also add arguments to the converters in the table
      SCRIPTS: mk-patch-list: produce a list of patches
      DEV: patchbot: add the AI-based bot to pre-select candidate patches to 
backport
      DEV: patchbot: use checked buttons as reference instead of internal table
      DEV: patchbot: allow to show/hide backported patches
      MINOR: global: export a way to list build options
      MINOR: debug: add features and build options to "show dev"
      MINOR: mux-h2: support limiting the total number of H2 streams per 
connection
      CLEANUP: mux-h2: remove the printfs from previous commit on h2 streams 
limit.
      DEV: h2: add the ability to emit literals in mkhdr
      DEV: h2: add the preface as well in supported output types
      DEV: h2: support passing raw data for a frame
      IMPORT: ebtree: implement and use flsnz_long() to count bits
      IMPORT: ebtree: switch the sizes and offsets to size_t and ssize_t
      IMPORT: ebtree: rework the fls macros to better deal with arch-specific 
ones
      IMPORT: ebtree: make string_equal_bits turn back to unsigned char
      IMPORT: ebtree: use unsigned ints for flznz()
      IMPORT: ebtree: make string_equal_bits() return an unsigned

---

Reply via email to