Hi,

HAProxy 3.1-dev13 was released on 2024/11/15. It added 28 new commits
after version 3.1-dev12.

Things have been so calm that I was *really* wondering if we shouldn't
release next week. Then I was reminded that it's often too late for
various cleanups that end up being postponed and that it would be great
this time if we could do a bit of them. That argument alone was sufficient
to convince me, so we'll focus next week on polishing what's left to be
polished (including some reorganization in the doc) and if all goes well
we could release early the week after (e.g. 25-26 or so).

A few old bugs were addressed again (risk of infinite loop in resolvers,
missed timeouts that may happen during a 1ms window every 49 days, possible
breakage of outgoing H2 connections in case of very early stream abort, fix
the sockets advertised in HAPROXY_CLI/HAPROXY_MASTER_CLI, deinit cleanups
to name a few). In addition, a few small changes:

- deprecation of the "program" section that will now trigger a warning
  when used, to encourage switching to a more reliable approach. I'm just
  noticing that the warning is not subject to "expose-deprecated-directives",
  which we should add as a condition to emit the warning.

- the uri_auth cleanup mechanism was cleaned up to involve a refcount
  instead of some fragile hacks (there was even such a leftover comment
  in the code suggesting this).

- the glitches counters can optionally update a per-declaration counter
  when haproxy is built with -DDEBUG_GLITCHES. It can allow to detect
  which test trigger a lot and figure what attack you're under. It's
  still under a debug condition because I'm not yet 100% sure that it
  would make sense from a performance perspective to keep this active
  all the time, or maybe we should revisit the approach to make this
  more dynamic (some food for 3.2 likely).

- since the debug counters become more exposed to users, their access
  was moved away from the purposely undocumented "debug dev" set of
  commands to "debug" where it was now properly documented.

- as requested by several users in issue #1531, the prometheus exporter
  now exposes the proxies description in the metrics. Apparently it
  helps classify metrics along various criteria (I'm not surprised).

- the LRU cache was reportedly expensive for some users. It was found
  that performing lookups in it with lots of misses was more expensive
  than evaluating a few patterns. So now the LRU cache will be skipped
  for very low cardinality patterns (<5 for regex, <20 for others). This
  can save 5-15% of CPU depending on the setups.

Another point that we need to discuss quickly concerns opentracing. It's
been reported for a while that the project is no longer maintained, the
Github repository has been archived in January this year, and in issue
#1640, some users reported it no longer builds sanely since at least 2022,
may be no longer at all or being a nightmare to build. I have no opinion
on this and do not know if anyone still uses it at all. I'm not opposed
to keeping it alive if it's still useful to some as it doesn't cost much
(some fixes from Miroslav from time to time), but if there's consensus
on the fact that nobody *can* use it anymore it could also constitute a
cleanup to get rid of it. I'm interested in opinions, particularly the
"don't remove it I'm still using it". Otherwise we'll see. Note that I'm
not interested in discussing the alternatives here, I have zero knowledge
in these areas, better continue to share these on the aforementioned issue.

A discussion with Tristan and Amaury this week lead to a nice idea which
I might give a look at next week. Apparently the "when" converter starts
to get some love because it allows to extend logs on abnormal situations
that deserve more analysis, but its conditions are still limited. If we
could reference an ACL there, it sounds like mostly any condition could
be built to decide whether or not to extend the log. That might be a few
lines or more complex, I don't know yet but if it looks simple, it could
be a great help to all of us.

Finally, we figured that the work on QUIC pacing that was started weeks
ago, that significantly improves Cubic performance, and is mandatory for
BBR could be useful to merge as experimental **if it doesn't affect the
existing code path**. And it looks like it should be possible after all.
So that means that next week we may merge pacing + cubic-pacing + bbr
in experimental status to ease experimentation by QUIC users who can't
all the time build and deploy development versions. We'll see how it
goes. In anyway, being experimental means these will only be opt-in.

Please find the usual URLs below :
   Site index       : https://www.haproxy.org/
   Documentation    : https://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : https://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : https://www.haproxy.org/download/3.1/src/
   Git repository   : https://git.haproxy.org/git/haproxy.git/
   Git Web browsing : https://git.haproxy.org/?p=haproxy.git
   Changelog        : https://www.haproxy.org/download/3.1/src/CHANGELOG
   Dataplane API    : 
https://github.com/haproxytech/dataplaneapi/releases/latest
   Pending bugs     : https://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : https://www.haproxy.org/l/reviewed-bugs
   Code reports     : https://www.haproxy.org/l/code-reports
   Latest builds    : https://www.haproxy.org/l/dev-packages

Willy
---
Complete changelog :
Aurelien DARRAGON (3):
      BUG/MINOR: deinit: release uri_auth admin rules
      MINOR: uri_auth: add stats_uri_auth_free helper
      MEDIUM: uri_auth: implement clean uri_auth cleaning

Christopher Faulet (6):
      BUG/MEDIUM: stconn: Don't forward shut for SC in connecting state
      BUG/MEDIUM: resolvers: Insert a non-executed resulution in front of the 
wait list
      BUG/MEDIUM: mux-h2: Don't send RST_STREAM frame for streams with no ID
      BUG/MINOR: Don't report early srv aborts on request forwarding in DONE 
state
      MINOR: promex: Expose the global node and description in process metrics
      MINOR: promex: Add global and proxies description as labels to all metrics

Miroslav Zagorac (1):
      BUILD: ot: use a cebtree instead of a list for variable names

Valentine Krasnobaeva (3):
      MINOR: startup: replace HAPROXY_LOAD_SUCCESS with global load_status
      BUG/MINOR: startup: set HAPROXY_CFGFILES in read_cfg
      BUG/MINOR: cli: don't show sockpairs in HAPROXY_CLI and HAPROXY_MASTER_CLI

William Lallemand (2):
      MEDIUM: mworker: depreciate the 'program' section
      MINOR: chunk: add a BUG_ON upon the next init_trash_buffer()

Willy Tarreau (13):
      MINOR: debug: explicitly permit the counter condition to be empty
      MINOR: debug: add a new counter type for glitches
      MINOR: mux-h2: count glitches when they're reported
      MINOR: mux-quic/h3: count glitches when they're reported
      OPTIM: pattern: only apply LRU cache for large enough lists
      BUG/MEDIUM: checks: make sure to always apply offsets to now_ms in 
expiration
      BUG/MINOR: debug: do not set task expiration to TICK_ETERNITY
      BUG/MEDIUM: mailers: make sure to always apply offsets to now_ms in 
expiration
      BUG/MINOR: mux_quic: make sure to always apply offsets to now_ms in 
expiration
      BUG/MINOR: peers: make sure to always apply offsets to now_ms in 
expiration
      BUG/MEDIUM: clock: make sure now_ms cannot be TICK_ETERNITY
      MINOR: debug/cli: replace "debug dev counters" with "debug counters"
      DOC: config: add tune.h2.{be,fe}.rxbuf to the global keywords index

---


Reply via email to