Hi, HAProxy 3.1.1 was released on 2024/12/11. It added 42 new commits after version 3.1.0.
Almost all of these are fixes for the 3.1 branch, in the following areas: - startup: despite rigorous testing on the startup changes and almost 2 months in prod, a few side effects were found and reported. The most visible one was that -c which checks the config, didn't prevent the process from forking when in daemon mode. The implication is that the config could be reported as valid even when not because the process started, forked a child which parsed the config, then immediately exited. And similarly, working in daemon mode would not wait for the child to confirm (or deny) the validity of the config. That's more visible with large or slow configs with warnings or errors, that would print the warnings or errors after the shell's prompt. The problem here is that the daemon would also report a success for faulty setups. Also, when starting in foreground, it was visible that Ctrl-C wouldn't always be delivered to the process depending on the shell/OS this was started from, with "^C" being printed instead (due to SIGINT being disabled by the shell and HAProxy systematically doing a setsid() instead of reserving it to daemon mode). Finally, "-c" would have the nasty side effect of overriding the pidfile if it was defined. All of this has been fixed, now both the checker or the daemon correctly wait for their child's report, Ctrl-C is working fine again, and -c doesn't touch the pidfile anymore. This alone is a good reason for updating. - QUIC: some cases of streams freezing in the send path when pacing is enabled were addressed. One of them could theoretically even crash, though this was not reproduced. Some alerts on old systems not supporting UDO GSO or socket-owner were removed since that's only a status that the user cannot do anything about, and it doesn't prevent from starting up. A calculation bug was addressed in BBR. - analysers: a rare circumstances, L7 retries could cause a crash because the request was dropped before the retry took effect. - H2: the changes to support a larger Rx window for faster uploads required a change in how the stream position is counted. But applying these changes to (read-only) closed streams definitely causes crashes. The timing seems very tight since we never got any single one on haproxy.org for a few months of exposure. - core: the issue we've been chasing for 2 months now was in fact a reply of the same we've worked on for 4 months 18 months ago, and only happens on Ubuntu kernels 5.4 and 5.15, where for a totally unknown reason, epoll_wait() may occasionally report an error during a pending connect(), but once it finishes in success, everything works, except that this error is reported as a server error (which it technically is as seen from the code). We've put in place a detection and workaround for this case which has already wasted 6 months of painful investigation in 2 years. Note: that doens't mean that all 502 were caused by this, but the few for which we got strace outputs definitely were. - dynamic servers: deleting a server that's currently about to be displayed in stats but interrupted leaves a dangling pointer in the stats dumper thread that most often will crash when it resumes dumping. The mechanism was changed for a more reliable (albeit a bit more complex) one. - the accept-invalid-http-{request,response} would be ignored if declared before "mode http" due to another warning being emitted in this case. - H1: an HTTP reason wouldn't automatically be set on an HTTP/1 response if none was present in the server's response (e.g. if coming from an H2 server). - H2: the glitches description was added so that "debug counters" doesn't only report cryptic line numbers anymore. - Lua: deleting more than one server at once between two calls to the Lua interpreter could leave the list of servers in an inconsistent state. - QUIC/BBR: timers were inaccurate on very fast links (e.g. loopback) due to a quick wraparound of nanosecond-based timers resulting in some incorrect calculations. The result was a low performance in this case. And the support for 421-misdirected in "retry-on" was backported. Lots of thanks to all those who were quick at reporting the issues they faced. That was efficient since most of the affected areas are still fresh in the developers' heads. Overall I'm pretty satisfied with the low impact of the vast majority of these issues. In any case if you're currently evaluating 3.1.0, please just skip to 3.1.1. Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/3.1/src/ Git repository : https://git.haproxy.org/git/haproxy-3.1.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy-3.1.git Changelog : https://www.haproxy.org/download/3.1/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (7): BUG/MEDIUM: quic: prevent stream freeze on pacing BUG/MEDIUM: mux-quic: remove pacing status when everything is sent BUG/MINOR: quic: remove startup alert if conn socket-owner unsupported BUG/MINOR: quic: remove startup alert if GSO unsupported BUG/MINOR: stats: decrement srv refcount on stats-file release MINOR: list: define a watcher type BUG/MEDIUM: stats/server: use watcher to track server during stats dump Aurelien DARRAGON (4): BUG/MINOR: log: fix lf_text() behavior with empty string BUG/MEDIUM: event_hdl: fix uninitialized value in async mode when no data is provided DOC: config: fix confusing init-state examples BUG/MINOR: hlua_fcn: restore server pairs iterator pointer consistency Christopher Faulet (7): BUG/MEDIUM: sock: Remove FD_POLL_HUP during connect() if FD_POLL_ERR is not set MINOR: proxy: Add support of 421-Misdirected-Request in retry-on status BUG/MEDIUM: http-ana: Reset request flag about data sent to perform a L7 retry BUG/MINOR: h1-htx: Use default reason if not set when formatting the response BUG/MINOR: config: Fix parsing of accept-invalid-http-{request,response} BUG/MINOR: http-fetch: Ignore empty argument string for query() BUG/MINOR: server-state: Fix expiration date of srvrq_check tasks Frederic Lecaille (3): BUG/MINOR: improve BBR throughput on very fast links BUILD: quic: fix a build error about an non initialized timestamp BUG/MINOR: quic: fix bbr_inflight() calls with wrong gain value Ilia Shipitsin (3): BUG/MINOR: namespace: handle a possible strdup() failure BUG/MINOR: ssl_crtlist: handle a possible strdup() failure BUG/MINOR: resolvers: handle a possible strdup() failure Valentine Krasnobaeva (9): BUG/MINOR: signal: register default handler for SIGINT in signal_init() BUG/MINOR: startup: close pidfd and free global.pidfile in handle_pidfile() BUG/MINOR: startup: fix pidfile creation BUG/MINOR: mworker: don't save program PIDs in oldpids BUG/MINOR: mworker: fix -D -W -sf/-st modes BUG/MINOR: startup: fix error path for master, if can't open pidfile BUG/MEDIUM: startup: don't daemonize if started with -c BUG/MEDIUM: startup: report status if daemonized process fails BUG/MEDIUM: mworker: report status, if daemonized master fails Willy Tarreau (9): BUG/MEDIUM: init: make sure only daemonized processes change their session BUG/MINOR: init: do not call fork_poller() for non-forked processes BUG/MEDIUM: mux-h2: make sure not to touch dummy streams when sending WU BUG/MINOR: debug: COUNT_IF() should return true/false BUILD: debug: fix build issues in COUNT_IF() with -Wunused-value MINOR: mux-h2/traces: add a missing trace on negative initial window size CLEANUP: mux-h2/traces: reword certain ambiguous traces MINOR: mux-h2/glitches: add a description to the H2 glitches BUG/MINOR: mux-h2: fix expression when detecting excess of CONTINUATION frames ---