Hi,

HAProxy 3.1-dev6 was released on 2024/08/21. It added 67 new commits
after version 3.1-dev5.

A few minor bugs were fixed, with the most important one probably be the
recent breakage of command pipeling on the master CLI (commands delimited
by semi-colons passed to a worker). Aside this, the focus was mostly set on
moderately sensitive changes this time:

  - the QUIC buffer allocator was replaced. Previously, up to 30 (or even
    more if needed, as configured by tune.quic.frontend.conn-tx-buffers.limit)
    buffers of 16kB were allocated to send data, regardless of the on-wire
    window. This could often result in up to half a megabyte of data allocated
    on a connection while distillating data to a slow client. It also wasn't
    very efficient in terms of buffer recycling because a full 16kB buffer
    could remain attached for just a few hundred bytes of headers. And it
    wasn't very easy to experiment with the effects of new congestion control
    algorithms. Now this is done diffrently. First, the QUIC mux will allocate
    as many buffers as permitted by the congestion control algorithm's send
    window, and a limit in bytes is set to limit how large we want a window
    to grow. It now becomes easier to tune the maximum per-connection memory
    size, knowing that this size will only be allocated if the link quality
    to the peer is sufficient to keep these bytes in flight with no loss,
    so most of these buffers are quite ephemeral. In addition, there are now
    also small buffers (1kB) for use when small data are needed, typically
    a short response, or just the headers. This should reduce the memory
    usage of the QUIC stack. Since the change is not trivial, there may be
    corner cases (we hope not). We're particularly interested in observations
    such as increased CPU usage (e.g. maybe more frequent wakeups since working
    with a lower latency), or timeouts (none were noticed in tests but we know
    that tests != prod). The old tune.quic.frontend.conn-tx-buffers.limit
    setting is now ignored and will emit a warning directing to the new one.

  - logs: after some discussion around GitHub issue 2642 regarding the recent
    stricter checks for logformat expression, we realized that these checks
    are in fact a thing of the past, an era where sample fetch functions
    ought not be called from a wrong context at all. But this has been
    addressed a bunch of versions ago (2.0 or so) and we don't need to be
    strict anymore (and the proof is that previous versions wouldn't report
    issues and were working, possibly silently reporting an empty field). So
    we decided to relax that painful check and only emit it in diag mode (-dD)
    as a hint that something might possibly not work as expected. Anyway, with
    multiple log points coming, this situation was not sustainable anymore,
    users would start to get crazy trying to create their log formats! This
    will normally be backported to 3.0 as well to apease users facing this
    problem.

  - log: the "option tcplog" now supports the optional "clf" argument, like
    "httplog" and "httpslog", as apparently there are a few users who prefer
    to rely on that format for everything. That definitely makes sense IMHO.
    There's a pending patch to add the corresponding environment variables
    defining the format but I forgot to review it before that release. Will
    do when idle time increases again.

  - config: many of the hard-coded global keywords were moved to a
    proper keyword list. That's the beginning of a serious long-term
    cleanup that is needed anyway to simplify the master process startup
    mechanism. In addition, files loaded from stdin are now limited to
    about 10MB by default. Almost nobody uses stdin to feed files, and
    10MB starts to be quite a serious size. That's an effective way to
    avoid pre-loading a log file, a map file or such a huge thing by
    accident. The limit could be changed if anyone had concerns about
    this.

  - protocols: some super-rare binding failures could be incorrectly
    reported with TCP and unix stream sockets. For TCP this would happen
    on linux with more than 32k listeners on the same ip:port. The error
    output would be freed before being displayed, leaving the user with
    something as verbose as "failed to start listeners" or something in
    that vein.

  - proto: the internal protocol registration mechanism was slightly updated
    to permit to generalize the variants that are sometimes needed (abns,
    mptcp etc) that sometimes need to resort to ugly hacks. We should try
    again to integrate Tristan's past work on abns as, if my memory serves
    me right, the code dealing with the parsing and setting of the addresses
    was correct, and the trouble was on the registration part.

For the rest, it's usual CI updates, doc cleanups, minor changes to the stats
page (apparently some colors were not readable in dark mode). Ah and we've
re-enabled the stable-bot that periodically reminds us how late we are on
the stable releases. Hopefully this will detect we're slipping earlier. In
the recent past, some branches were left a bit forgotten for too long.

And that's about all. There are two concerning pending issues, one
about some POSTs sometimes being blocked when the fast-forwarding is
enabled on 3.0, that I still couldn't reproduce, but one observation
that matches between at least two reports is that it happened with git
as a client. Not sure yet how to reproduce that, but one user kindly
sent me a complete trace privately, so I'll switch to analyse it very
soon. Hopefully the explanation is there. The other one was a case of
crashing appctx reported by Christian Ruppert in issue 2656 affecting
3.0, but Christopher had a tentative patch. Very likely these two ones
also affect 3.1-dev, but as usual, those who help us by running -dev are
used to being a bit more careful.

Please find the usual URLs below :
   Site index       : https://www.haproxy.org/
   Documentation    : https://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : https://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : https://www.haproxy.org/download/3.1/src/
   Git repository   : https://git.haproxy.org/git/haproxy.git/
   Git Web browsing : https://git.haproxy.org/?p=haproxy.git
   Changelog        : https://www.haproxy.org/download/3.1/src/CHANGELOG
   Dataplane API    : 
https://github.com/haproxytech/dataplaneapi/releases/latest
   Pending bugs     : https://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : https://www.haproxy.org/l/reviewed-bugs
   Code reports     : https://www.haproxy.org/l/code-reports
   Latest builds    : https://www.haproxy.org/l/dev-packages

Willy
---
Complete changelog :
Amaury Denoyelle (18):
      BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID
      MINOR: mux-quic: do not trace error in qcc_send_frames() on empty list
      BUG/MINOR: h3: properly reject too long header responses
      DOC: quic: fix default minimal value for max window size
      DOC: quic: document nocc debug congestion algorithm
      MINOR: quic: extract config window-size parsing
      MINOR: quic: define max-window-size config setting
      MINOR: quic: allocate stream txbuf via qc_stream_desc API
      MINOR: mux-quic: account stream txbuf in QCC
      MEDIUM: mux-quic: implement API to ignore txbuf limit for some streams
      MINOR: h3: mark control stream as metadata
      MINOR: mux-quic: define buf_in_flight
      MAJOR: mux-quic: allocate Tx buffers based on congestion window
      MINOR: quic/config: adapt settings to new conn buffer limit
      MINOR: quic: define sbuf pool
      MINOR: quic: support sbuf allocation in quic_stream
      MEDIUM: h3: allocate small buffers for headers frames
      MINOR: mux-quic: retry after small buf alloc failure

Aurelien DARRAGON (2):
      MEDIUM: log: relax some checks and emit diag warnings instead in 
lf_expr_postcheck()
      MINOR: log: "drop" support for log-profile steps

Ilia Shipitsin (4):
      CI: keep logs for failed QIUC Interop jobs
      CI: QUIC Interop LibreSSL: document chacha20 test status
      CI: modernize codespell action, switch to node 16
      CI: QUIC Interop AWS-LC: enable chrome client

Nathan Wehrman (2):
      DOC: config: correct the table for option tcplog
      MINOR: Implements new log format of option tcplog clf

Nicolas CARPi (4):
      DOC: lua: fix incorrect english in lua.txt
      BUG/MINOR: stats: fix color of input elements in dark mode
      CLEANUP: stats: use modern DOCTYPE tag
      BUG/MINOR: stats: add lang attribute to html tag

Valentine Krasnobaeva (19):
      BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails
      BUG/MINOR: proto_tcp: keep error msg if listen() fails
      MINOR: proto_tcp: tcp_bind_listener: copy errno in errmsg
      MINOR: cfgparse: load_cfg_in_mem: fix null ptr dereference reported by 
coverity
      MINOR: startup: fix unused value reported by coverity
      BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails
      BUG/MINOR: cfgparse: parse_cfg: fix null ptr dereference reported by 
coverity
      MINOR: proto_uxst: copy errno in errmsg for syscalls
      BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity
      BUG/MINOR: pattern: pat_ref_set: return 0 if err was found
      MINOR: cfgparse: limit file size loaded via /dev/stdin
      BUG/MINOR: cfgparse-global: fix err msg in mworker keyword parser
      BUG/MINOR: cfgparse-global: clean common_kw_list
      BUG/MINOR: cfgparse-global: remove redundant goto
      MINOR: cfgparse-global: move 'pidfile' in global keywords list
      MINOR: cfgparse-global: move 'expose-*' in global keywords list
      MINOR: cfgparse-global: move tune options in global keywords list
      MINOR: cfgparse-global: move unsupported keywords in global list
      BUG/MINOR: cfgparse-global: remove tune.fast-forward from common_kw_list

William Lallemand (8):
      MINOR: channel: implement ci_insert() function
      BUG/MEDIUM: mworker/cli: fix pipelined modes on master CLI
      REGTESTS: mcli: test the pipelined commands on master CLI
      CLEANUP: mworker/cli: clean up the mode handling
      BUG/MINOR: release-estimator: fix relative scheme in CHANGELOG URL
      MINOR: release-estimator: add requirements.txt
      MINOR: release-estimator: add installation steps in README.md
      MINOR: release-estimator: fix the shebang of the python script

Willy Tarreau (10):
      BUG/MINOR: tools: make fgets_from_mem() stop at the end of the input
      MINOR: quic: store the lost packets counter in the quic_cc_event element
      MINOR: quic: support a tolerance for spurious losses
      MINOR: protocol: properly assign the sock_domain and sock_family
      MINOR: protocol: add a family lookup
      MEDIUM: socket: always properly use the sock_domain for requested families
      MINOR: protocol: add the real address family to the protocol
      MINOR: socket: don't ban all custom families from reuseport
      MINOR: protocol: always initialize the receivers list on registration
      CLEANUP: protocol: no longer initialize .receivers nor .nb_receivers

---


Reply via email to