Hi, HAProxy 3.1-dev14 was released on 2024/11/21. It added 132 new commits after version 3.1-dev13.
OK that's basically the end of the cleanups, fixes, tests and last minute merges. So far so good. - various reg-tests were cleaned up and fixed; they now all run at -dW meaning that we can also catch config warnings. - a nasty bug in the watchdog was detected thanks to the shorter warning time and it could kill earlier than expected if a task was stuck twice for a short time with a pause in between. It could also be sped up by issuing "show threads" in case the last time slot expired at the exact moment a thread was being dumped (something I already experienced once or twice in the past without understanding). - some fixes for memory profiling which used to report incorrect aggregate values for the per-DSO summary. Also we can now also monitor strdup() calls as well as a few non-portable ones (strndup, valloc, memalign etc). This should fix some rare occurrences were the delta appeared negative (more free than alloc). - for the master-worker mode, expose-deprecated-directives now correctly silences the warning about the "programs" section being deprecated. Also, since the code related to the systemd mode does no longer rely on an external lib, it's now always enabled and the USE_SYSTEMD build option was now removed. This also simplifies the tests since the latest vtest can provide and monitor the systemd socket and this allows to test it on all platforms (note that for a yet unknown reason, it's being constantly failing on OSX so these tests were not enabled there). - a use-after-free on startup when using "log-tag" was fixed, and the use of the various HAPROXY_* variables was clarified, uniformized between master and worker processes, and they were finely documented so that it's now easier to know which one can be used/modified/exported etc. - the "chroot" command now benefits from a parse-time test that can report inconsistent directories or permissions in a way that is compatible with -c. However since -c is supposed to work from basically anywhere and with minimal permissions, this is only reported as a diag warning (-dD), which allows those who care about this to see the report without annoying other ones. - the traditional makefile reordering was done to save a few seconds on multi-core systems. Usually this is a sign we're getting closer ;-) Also, ERR=1 will now also catch the makefile's warnings (e.g. misspelled USE_* variables or outdated flags being ignored). - the previously suggested warning on unit-less small timeouts was finally applied to those with only two digits (e.g. "timeout client 30"), because such small values tend to raise implicit expectations that these are expressed in seconds. I've had to deal at least with this twice over the last year. The warning suggests how to change that ("timeout client 30s"). I've found one occurrence of these only once in my test configs so only those at risk should notice it. - the HTTP/1 mux can now report a 414 or 431 when the request is too large to fit in a buffer or the URI is too long. - the "when" converter now supports "acl,<acl_name>" as arguments, to condition passing the input based on more dynamic rules. The first use case that comes to mind and was suggested by Tristan is to only log details of requests resulting in long transfer times. But others might work as well (checking certain statuses, termination codes etc). - the tasklet_wakeup() family of functions now support an optional argument to pass a flag like for the tasks. It's not used yet but will maintain better uniformity with future code for backports and might be necessary later to backport some fixes. - the stats-file now ignores comment lines starting with '//' like in the regtest examples. - the "localpeer" keyword is now processed in discovery mode so that both master and worker agree on it, and more importantly that config elements relying on the HAPROXY_LOCALPEER variable continue to work like in 3.0. - a number of config directives that expect a size (tune.bufsize, ring sizes etc) now accept a suffix. Previously the suffix was silently ignored so that when writing, say, "tune.pipesize 512k", one would end up with a configured pipe of 512 only! There are still many places with such old atol() code that is progressively being replaced, but it takes time. - "show env" on the master CLI no longer requires debug mode. - warnings and indications about misplaced TCP rules will now report the whole directive name, not just "tcp-request" which was ambiguous. - redirect rules now support "keep-query" to reuse the original request's query string, and "set-cookie-fmt" to pass a cookie while redirecting. Also, the "query()" sample fetch function now takes an optional argument "with_qm" to request that the question mark is preserved if it exists (this simplifies writing redirections). - "show sess" now has a "show-uri" option to show the captured URI. - the "core.set_map()" lookup in Lua is now more efficient by no longer performing the lookup twice (that was already done everywhere else in 2.9 and that one was overlooked). - agent-checks now support passing an absolute weight. - the logged server status is now correct after an L7 retry. Previously it used to report only the first code that triggered the retry. - an interesting overlook in the H2 mux would possibly cause client-side failures when too many headers came from the server over H2 as well, because the receive side was more permissive than the send side (it had a 100% margin on the number of headers to be able to swallow split cookie headers, but the send side would choke at the default limit). Now the real limit is controlled at the moment the headers are deduped and indexed so tha both sides have the same vision. - and the nice part (still experimental but will significantly help backport fixes and even continue to progress) concerns QUIC. The pacing code was finally merged in experimental state (opt-in, not active by default), and the long-awaited BBR congestion controller which needs pacing was also merged. Interestingly the pacing when used tends to magnify certain races in the code, which we could confirm were already there without it. At the moment, enabling it significantly reduces losses and shows much higher bit rates (up to 16x on one of my machine when the client runs on a small core), but also shows some variations in the bit rate that are caused by some delays that we're still trying to figure and seem to be present without the pacing as well. You may want to experiment a bit with it but be aware that this is experimental, and it consumes much more CPU (having to make sub-millisecond pauses is expensive). However it already works so much better that I suspect that we'll gather some feedback allowing to polish the rough edges. And according to Fred, BBR now delivers performance that is on par with TCP+BBR. I guess that 3.2 will have a much faster QUIC stack and that most likely after a few stable releases, 3.1 as well. Time will tell. - and the rest is essentially code cleanups and doc updates (14 commits just for this one). Many build+run+vtest checks were run in using configs options on different systems, versions, compilers and libcs (linux + glibc/musl from gcc-4.8 to 13.2 on x86_64, armv7, armv8, FreeBSD x86-64 with clang, OpenBSD 7.5 on mips64, more to come). BTW I've just noticed a build warning in activity.c on gcc-4.8 when using memory profiling while I was typing, I'll fix that tomorrow. Overall that was lots of nice small goodies, which again will take me a while to summarize in the annouce! Given how everything's getting good, barring any problematic report till then, I intend to release this next Tuesday. That doesn't mean that you should skip this one, because if nobody tests, the bugs of this last dev version will be those of the first stable one! Thanks for continuing to test and report problems! Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/3.1/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy.git Changelog : https://www.haproxy.org/download/3.1/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (21): DOC: quic: rename max-window-size as with default prefix MINOR: mux-quic: add missing values for show flags MINOR: quic: simplify qc_prep_pkts() exit path MINOR: quic: support a max number of built packet per send iteration MINOR: quic: extend qc_send_mux() return type with a dedicated enum MINOR: quic: define quic_pacing module MINOR: quic/pacing: implement quic_pacer engine MINOR: quic/pacing: support pacing emission on quic_conn layer MINOR: quic/pacing: add burst support MINOR: mux-quic: define a tx STREAM frame list member MINOR: mux-quic: encapsulate QCC tasklet wakeup MAJOR: mux-quic: support pacing emission MINOR: quic: use dynamic cc_algo on bind_conf MINOR: quic: extend quic-cc-algo optional parameters MEDIUM: quic: define cubic-pacing congestion algorithm MINOR: mux_quic/pacing: display pacing info on show quic BUG/MINOR: cfgparse-quic: fix renaming of max-window-size BUG/MINOR: cfgparse-quic: fix bbr initialization MINOR: cfgparse-quic: activate pacing only via burst argument BUG/MINOR: cfgparse-quic: fix warning for cc-aglo with 0 burst MINOR: quic: support pacing for newreno and nocc Aurelien DARRAGON (2): DOC: lua: fix yield-dependent methods expected contexts OPTION: map/hlua: make core.set_map() lookup more efficient Christopher Faulet (24): MINOR: http-ana: Add option to keep query-string on a localtion-based redirect MINOR: http-ana: Add support for "set-cookie-fmt" option to redirect rules MINOR: agent-check: Be able to set absolute weight via an agent MINOR: stream: Add an option to "show sess" command to dump the captured URI DOC: config: A a space before ':' for {bs,fs}.aborted and {bs,fs}.rst_code DOC: config: Fix a typo in "1.3.1. The Request line" MINOR: http: Add support for HTTP 414/431 status codes DEV: phash: Update 414 and 431 status codes to phash MINIR: mux-h1: Return 414 or 431 when appropriate BUG/MINOR: http_ana: Report -1 for %Tr for invalid response only DOC: config: Slightly improve the %Tr documentation DOC: config: Move wait_end in section about internal samples DOC: config: Move fs.* and bs.* in section about L5 samples BUG/MINOR: http-ana: Adjust the server status before the L7 retries MINOR: http-fetch: Add an option to 'query" to get the QS with the '?' BUG/MEDIUM: mux-h2: Increase max number of headers when encoding HEADERS frames BUG/MEDIUM: mux-h2: Check the number of headers in HEADERS frame after decoding BUG/MEDIUM: h3: Properly limit the number of headers received BUG/MEDIUM: h3: Increase max number of headers when sending headers DOC: config: Improve documentation of tune.http.maxhdr directive DOC: management: Clearly state "show errors" only reports malformed H1 messages MINOR: config: Improve warnings on misplaced rules by adding an optional arg CLEANUP: cfgparse: Add direction in functions name that warn on misplaced rules MINOR: cfgparse: Emit a warning for misplaced "tcp-response content" rules Frederic Lecaille (11): MINOR: quic: Add the congestion window initial value to QUIC path MINOR: window_filter: Implement windowed filter (only max) MINOR: quic: implement delivery rate sampling algorithm MINOR: quic: implement BBR congestion control algorithm for QUIC MINOR: quic: quic_cc modifications to support BBR MINOR: quic: quic_loss modifications to support BBR MINOR: quic: RX part modifications to support BBR MINOR: quic: TX part modifications to support BBR. MINOR: quic: add "bbr" new "quic-cc-algo" option MINOR: quic: Useless rate sample member initialization BUG/MINOR: quic: Missing application limitations tracking for BBR Valentine Krasnobaeva (14): MINOR: cfgparse-global: parse options to allow non std keywords in discovery mode BUG/MINOR: mworker-prog: don't warn about deprecated section with expose-deprecated-directives MINOR: cli: make "show env" accessible via master CLI without enabling debug MINOR: config: show HAPROXY_BRANCH in "show env" output MINOR: startup: set HAPROXY_LOCALPEER only once DOC: configuration: update "Environment variables" chapter MINOR: cfgparse-global: add cfg_parse_global_chroot MINOR: cfgparse-global: add more checks for "chroot" argument BUG/MINOR: startup: fix UAF when set the default for log_tag MINOR: capabilities: rename program_name argument to progname MINOR: startup: use global progname variable MINOR: cfgparse-global: add cfg_parse_global_localpeer BUG/MINOR: config: allow to check HAPROXY_LOCALPEER in config BUG/MINOR: startup: init_early: remove obsolete comment William Lallemand (9): MINOR: stats-file: add the filename in the warning MEDIUM: stats-file: explicitely ignore comments starting by // MEDIUM: stats-file: silently ignore be/fe mistmatch REGTESTS: use -dW by default on every reg-tests MEDIUM: mworker: remove USE_SYSTEMD requirement for -Ws CI: vtest: temporarily build from the sd-notify PR MINOR: systemd: replace SOCK_CLOEXEC by fcntl call to FD_CLOEXEC REGTESTS: switch to -Ws for master-worker reg-tests REGTESTS: disable temporarly mworker test on OSX Willy Tarreau (51): MINOR: acl: export find_acl_default() MINOR: sample: extend the "when" converter to support an ACL MINOR: cfgparse: parse tune.{rcvbuf,sndbuf}.{client,server} as sizes MINOR: cfgparse: parse tune.{rcvbuf,sndbuf}.{frontend,backend} as sizes MINOR: cfgparse: parse tune.pipesize as a size MINOR: cfgparse: parse tune.recv_enough as a size MINOR: cfgparse: parse tune.bufsize as a size MINOR: cfgparse: parse tune.bufsize.small as a size REGTESTS: silence the "log format ignored" warnings REGTESTS: silence warning "previous 'http-response' action is final" REGTESTS: make the unit explicit for very short timeouts REGTESTS: silence warnings about content-type being ignored REGTESTS: remove a duplicate "option httpslog" in the defaults section REGTESTS: silence warning "L6 sample fetches ignored" in cond_set_var REGTESTS: add missing timeouts to 30 tests REGTESTS: only use tune.ssl.default-dh-param when not using AWS-LC REGTESTS: enable -dW on almost all tests to fail on warnings MEDIUM: config: warn on unitless timeouts < 100 ms MINOR: tools: make parse_size_err() support 32/64 bits MINOR: ring: support unit suffixes in the size DOC: sched: add missing scheduler API documentation for tasklet_wakeup_after() DOC: sched: document the missing TASK_F_UEVT* flags CLEANUP: tinfo: move sched_*_date/*_mono_time to the thread-local area MINOR: stream: don't update s->lat_time when the wakeup date is not set MINOR: tinfo/clock: turn sched_call_date to 64-bits MINOR: sched: add TASK_F_WANTS_TIME to make the scheduler update the call date MINOR: tools: add new macro DEFZERO to provide a default zero argument MINOR: tasklet: make the low-level tasklet API take a flag MINOR: tasklet: support an optional set of wakeup flags to tasklet_wakeup_on() DOC: configuration: explain the rules regarding spaces in arguments DOC: configuration: explain quotes and spaces in conditional blocks DOC: configuration: wrap long line for "strstr()" conditional expression BUILD: makefile: make ERR apply to build options as well DOC: config: indent the list of environment variables BUILD: makefile: build flags.c before haproxy to speed up the build BUILD: makefile: reorder object files by build time BUG/MEDIUM: debug: don't set the STUCK flag from debug_handler() BUG/MEDIUM: wdt: fix the stuck detection for warnings BUG/MINOR: activity/memprofile: reinitialize the free calls on DSO summary MINOR: activity/memprofile: offer a function to unregister stale info BUG/MEDIUM: pools/memprofile: always clean stale pool info on pool_destroy() MINOR: activity: better report nil than ffff in unknown callers CLEANUP: activity: better use a mask to tests freeing methods MINOR: activity/memprofile: also monitor strdup() activity MINOR: activity/memprofile: monitor non-portable calls as well MINOR: activity: interrupt the show profile dump more often MINOR: tools: resolve main() only once in resolve_sym_name() MINOR: tools: add a new function "resolve_dso_name" to find a symbol's DSO MINOR: activity/memprofile: use resolve_dso_name() for the DSO summary REGTESTS: relax strerror matching to avoid a failure on libmusl REGTESTS: don't rely on the base64 utility when openssl base64 is already used ---