Hi, HAProxy 3.1-dev13 was released on 2024/11/15. It added 28 new commits after version 3.1-dev12.
Things have been so calm that I was *really* wondering if we shouldn't release next week. Then I was reminded that it's often too late for various cleanups that end up being postponed and that it would be great this time if we could do a bit of them. That argument alone was sufficient to convince me, so we'll focus next week on polishing what's left to be polished (including some reorganization in the doc) and if all goes well we could release early the week after (e.g. 25-26 or so). A few old bugs were addressed again (risk of infinite loop in resolvers, missed timeouts that may happen during a 1ms window every 49 days, possible breakage of outgoing H2 connections in case of very early stream abort, fix the sockets advertised in HAPROXY_CLI/HAPROXY_MASTER_CLI, deinit cleanups to name a few). In addition, a few small changes: - deprecation of the "program" section that will now trigger a warning when used, to encourage switching to a more reliable approach. I'm just noticing that the warning is not subject to "expose-deprecated-directives", which we should add as a condition to emit the warning. - the uri_auth cleanup mechanism was cleaned up to involve a refcount instead of some fragile hacks (there was even such a leftover comment in the code suggesting this). - the glitches counters can optionally update a per-declaration counter when haproxy is built with -DDEBUG_GLITCHES. It can allow to detect which test trigger a lot and figure what attack you're under. It's still under a debug condition because I'm not yet 100% sure that it would make sense from a performance perspective to keep this active all the time, or maybe we should revisit the approach to make this more dynamic (some food for 3.2 likely). - since the debug counters become more exposed to users, their access was moved away from the purposely undocumented "debug dev" set of commands to "debug" where it was now properly documented. - as requested by several users in issue #1531, the prometheus exporter now exposes the proxies description in the metrics. Apparently it helps classify metrics along various criteria (I'm not surprised). - the LRU cache was reportedly expensive for some users. It was found that performing lookups in it with lots of misses was more expensive than evaluating a few patterns. So now the LRU cache will be skipped for very low cardinality patterns (<5 for regex, <20 for others). This can save 5-15% of CPU depending on the setups. Another point that we need to discuss quickly concerns opentracing. It's been reported for a while that the project is no longer maintained, the Github repository has been archived in January this year, and in issue #1640, some users reported it no longer builds sanely since at least 2022, may be no longer at all or being a nightmare to build. I have no opinion on this and do not know if anyone still uses it at all. I'm not opposed to keeping it alive if it's still useful to some as it doesn't cost much (some fixes from Miroslav from time to time), but if there's consensus on the fact that nobody *can* use it anymore it could also constitute a cleanup to get rid of it. I'm interested in opinions, particularly the "don't remove it I'm still using it". Otherwise we'll see. Note that I'm not interested in discussing the alternatives here, I have zero knowledge in these areas, better continue to share these on the aforementioned issue. A discussion with Tristan and Amaury this week lead to a nice idea which I might give a look at next week. Apparently the "when" converter starts to get some love because it allows to extend logs on abnormal situations that deserve more analysis, but its conditions are still limited. If we could reference an ACL there, it sounds like mostly any condition could be built to decide whether or not to extend the log. That might be a few lines or more complex, I don't know yet but if it looks simple, it could be a great help to all of us. Finally, we figured that the work on QUIC pacing that was started weeks ago, that significantly improves Cubic performance, and is mandatory for BBR could be useful to merge as experimental **if it doesn't affect the existing code path**. And it looks like it should be possible after all. So that means that next week we may merge pacing + cubic-pacing + bbr in experimental status to ease experimentation by QUIC users who can't all the time build and deploy development versions. We'll see how it goes. In anyway, being experimental means these will only be opt-in. Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/3.1/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy.git Changelog : https://www.haproxy.org/download/3.1/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Aurelien DARRAGON (3): BUG/MINOR: deinit: release uri_auth admin rules MINOR: uri_auth: add stats_uri_auth_free helper MEDIUM: uri_auth: implement clean uri_auth cleaning Christopher Faulet (6): BUG/MEDIUM: stconn: Don't forward shut for SC in connecting state BUG/MEDIUM: resolvers: Insert a non-executed resulution in front of the wait list BUG/MEDIUM: mux-h2: Don't send RST_STREAM frame for streams with no ID BUG/MINOR: Don't report early srv aborts on request forwarding in DONE state MINOR: promex: Expose the global node and description in process metrics MINOR: promex: Add global and proxies description as labels to all metrics Miroslav Zagorac (1): BUILD: ot: use a cebtree instead of a list for variable names Valentine Krasnobaeva (3): MINOR: startup: replace HAPROXY_LOAD_SUCCESS with global load_status BUG/MINOR: startup: set HAPROXY_CFGFILES in read_cfg BUG/MINOR: cli: don't show sockpairs in HAPROXY_CLI and HAPROXY_MASTER_CLI William Lallemand (2): MEDIUM: mworker: depreciate the 'program' section MINOR: chunk: add a BUG_ON upon the next init_trash_buffer() Willy Tarreau (13): MINOR: debug: explicitly permit the counter condition to be empty MINOR: debug: add a new counter type for glitches MINOR: mux-h2: count glitches when they're reported MINOR: mux-quic/h3: count glitches when they're reported OPTIM: pattern: only apply LRU cache for large enough lists BUG/MEDIUM: checks: make sure to always apply offsets to now_ms in expiration BUG/MINOR: debug: do not set task expiration to TICK_ETERNITY BUG/MEDIUM: mailers: make sure to always apply offsets to now_ms in expiration BUG/MINOR: mux_quic: make sure to always apply offsets to now_ms in expiration BUG/MINOR: peers: make sure to always apply offsets to now_ms in expiration BUG/MEDIUM: clock: make sure now_ms cannot be TICK_ETERNITY MINOR: debug/cli: replace "debug dev counters" with "debug counters" DOC: config: add tune.h2.{be,fe}.rxbuf to the global keywords index ---