Hi, HAProxy 3.1-dev6 was released on 2024/08/21. It added 67 new commits after version 3.1-dev5.
A few minor bugs were fixed, with the most important one probably be the recent breakage of command pipeling on the master CLI (commands delimited by semi-colons passed to a worker). Aside this, the focus was mostly set on moderately sensitive changes this time: - the QUIC buffer allocator was replaced. Previously, up to 30 (or even more if needed, as configured by tune.quic.frontend.conn-tx-buffers.limit) buffers of 16kB were allocated to send data, regardless of the on-wire window. This could often result in up to half a megabyte of data allocated on a connection while distillating data to a slow client. It also wasn't very efficient in terms of buffer recycling because a full 16kB buffer could remain attached for just a few hundred bytes of headers. And it wasn't very easy to experiment with the effects of new congestion control algorithms. Now this is done diffrently. First, the QUIC mux will allocate as many buffers as permitted by the congestion control algorithm's send window, and a limit in bytes is set to limit how large we want a window to grow. It now becomes easier to tune the maximum per-connection memory size, knowing that this size will only be allocated if the link quality to the peer is sufficient to keep these bytes in flight with no loss, so most of these buffers are quite ephemeral. In addition, there are now also small buffers (1kB) for use when small data are needed, typically a short response, or just the headers. This should reduce the memory usage of the QUIC stack. Since the change is not trivial, there may be corner cases (we hope not). We're particularly interested in observations such as increased CPU usage (e.g. maybe more frequent wakeups since working with a lower latency), or timeouts (none were noticed in tests but we know that tests != prod). The old tune.quic.frontend.conn-tx-buffers.limit setting is now ignored and will emit a warning directing to the new one. - logs: after some discussion around GitHub issue 2642 regarding the recent stricter checks for logformat expression, we realized that these checks are in fact a thing of the past, an era where sample fetch functions ought not be called from a wrong context at all. But this has been addressed a bunch of versions ago (2.0 or so) and we don't need to be strict anymore (and the proof is that previous versions wouldn't report issues and were working, possibly silently reporting an empty field). So we decided to relax that painful check and only emit it in diag mode (-dD) as a hint that something might possibly not work as expected. Anyway, with multiple log points coming, this situation was not sustainable anymore, users would start to get crazy trying to create their log formats! This will normally be backported to 3.0 as well to apease users facing this problem. - log: the "option tcplog" now supports the optional "clf" argument, like "httplog" and "httpslog", as apparently there are a few users who prefer to rely on that format for everything. That definitely makes sense IMHO. There's a pending patch to add the corresponding environment variables defining the format but I forgot to review it before that release. Will do when idle time increases again. - config: many of the hard-coded global keywords were moved to a proper keyword list. That's the beginning of a serious long-term cleanup that is needed anyway to simplify the master process startup mechanism. In addition, files loaded from stdin are now limited to about 10MB by default. Almost nobody uses stdin to feed files, and 10MB starts to be quite a serious size. That's an effective way to avoid pre-loading a log file, a map file or such a huge thing by accident. The limit could be changed if anyone had concerns about this. - protocols: some super-rare binding failures could be incorrectly reported with TCP and unix stream sockets. For TCP this would happen on linux with more than 32k listeners on the same ip:port. The error output would be freed before being displayed, leaving the user with something as verbose as "failed to start listeners" or something in that vein. - proto: the internal protocol registration mechanism was slightly updated to permit to generalize the variants that are sometimes needed (abns, mptcp etc) that sometimes need to resort to ugly hacks. We should try again to integrate Tristan's past work on abns as, if my memory serves me right, the code dealing with the parsing and setting of the addresses was correct, and the trouble was on the registration part. For the rest, it's usual CI updates, doc cleanups, minor changes to the stats page (apparently some colors were not readable in dark mode). Ah and we've re-enabled the stable-bot that periodically reminds us how late we are on the stable releases. Hopefully this will detect we're slipping earlier. In the recent past, some branches were left a bit forgotten for too long. And that's about all. There are two concerning pending issues, one about some POSTs sometimes being blocked when the fast-forwarding is enabled on 3.0, that I still couldn't reproduce, but one observation that matches between at least two reports is that it happened with git as a client. Not sure yet how to reproduce that, but one user kindly sent me a complete trace privately, so I'll switch to analyse it very soon. Hopefully the explanation is there. The other one was a case of crashing appctx reported by Christian Ruppert in issue 2656 affecting 3.0, but Christopher had a tentative patch. Very likely these two ones also affect 3.1-dev, but as usual, those who help us by running -dev are used to being a bit more careful. Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/3.1/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy.git Changelog : https://www.haproxy.org/download/3.1/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (18): BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID MINOR: mux-quic: do not trace error in qcc_send_frames() on empty list BUG/MINOR: h3: properly reject too long header responses DOC: quic: fix default minimal value for max window size DOC: quic: document nocc debug congestion algorithm MINOR: quic: extract config window-size parsing MINOR: quic: define max-window-size config setting MINOR: quic: allocate stream txbuf via qc_stream_desc API MINOR: mux-quic: account stream txbuf in QCC MEDIUM: mux-quic: implement API to ignore txbuf limit for some streams MINOR: h3: mark control stream as metadata MINOR: mux-quic: define buf_in_flight MAJOR: mux-quic: allocate Tx buffers based on congestion window MINOR: quic/config: adapt settings to new conn buffer limit MINOR: quic: define sbuf pool MINOR: quic: support sbuf allocation in quic_stream MEDIUM: h3: allocate small buffers for headers frames MINOR: mux-quic: retry after small buf alloc failure Aurelien DARRAGON (2): MEDIUM: log: relax some checks and emit diag warnings instead in lf_expr_postcheck() MINOR: log: "drop" support for log-profile steps Ilia Shipitsin (4): CI: keep logs for failed QIUC Interop jobs CI: QUIC Interop LibreSSL: document chacha20 test status CI: modernize codespell action, switch to node 16 CI: QUIC Interop AWS-LC: enable chrome client Nathan Wehrman (2): DOC: config: correct the table for option tcplog MINOR: Implements new log format of option tcplog clf Nicolas CARPi (4): DOC: lua: fix incorrect english in lua.txt BUG/MINOR: stats: fix color of input elements in dark mode CLEANUP: stats: use modern DOCTYPE tag BUG/MINOR: stats: add lang attribute to html tag Valentine Krasnobaeva (19): BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails BUG/MINOR: proto_tcp: keep error msg if listen() fails MINOR: proto_tcp: tcp_bind_listener: copy errno in errmsg MINOR: cfgparse: load_cfg_in_mem: fix null ptr dereference reported by coverity MINOR: startup: fix unused value reported by coverity BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails BUG/MINOR: cfgparse: parse_cfg: fix null ptr dereference reported by coverity MINOR: proto_uxst: copy errno in errmsg for syscalls BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity BUG/MINOR: pattern: pat_ref_set: return 0 if err was found MINOR: cfgparse: limit file size loaded via /dev/stdin BUG/MINOR: cfgparse-global: fix err msg in mworker keyword parser BUG/MINOR: cfgparse-global: clean common_kw_list BUG/MINOR: cfgparse-global: remove redundant goto MINOR: cfgparse-global: move 'pidfile' in global keywords list MINOR: cfgparse-global: move 'expose-*' in global keywords list MINOR: cfgparse-global: move tune options in global keywords list MINOR: cfgparse-global: move unsupported keywords in global list BUG/MINOR: cfgparse-global: remove tune.fast-forward from common_kw_list William Lallemand (8): MINOR: channel: implement ci_insert() function BUG/MEDIUM: mworker/cli: fix pipelined modes on master CLI REGTESTS: mcli: test the pipelined commands on master CLI CLEANUP: mworker/cli: clean up the mode handling BUG/MINOR: release-estimator: fix relative scheme in CHANGELOG URL MINOR: release-estimator: add requirements.txt MINOR: release-estimator: add installation steps in README.md MINOR: release-estimator: fix the shebang of the python script Willy Tarreau (10): BUG/MINOR: tools: make fgets_from_mem() stop at the end of the input MINOR: quic: store the lost packets counter in the quic_cc_event element MINOR: quic: support a tolerance for spurious losses MINOR: protocol: properly assign the sock_domain and sock_family MINOR: protocol: add a family lookup MEDIUM: socket: always properly use the sock_domain for requested families MINOR: protocol: add the real address family to the protocol MINOR: socket: don't ban all custom families from reuseport MINOR: protocol: always initialize the receivers list on registration CLEANUP: protocol: no longer initialize .receivers nor .nb_receivers ---