Hi,
HAProxy 2.5-dev3 was released on 2021/08/01. It added 48 new commits
after version 2.5-dev2.
There are not that many new features this time due to quite some time being
spent dealing with old bugs (new stable releases should be emitted soon
with backports). The main issues that were addressed in this release are a
remaining case where the H2 mux could fail to consider an early close, some
issues with the master's internal variables being unexpectedly exposed to
sub-programs and used even when checking config, a faint but possible race
condition in the FD takeover code that's used by the idle connections pool,
pollers "poll" and "evport" ignoring inter-thread wakeups since 2.1 (which
proves that nobody uses them in thread configurations).
Leaving bugs aside, this version still improves a few points:
- since the introduction of threads in 1.8, memory barriers used to be
overly conservative on x86. These were relaxed to compiler barriers
only, and resulted in a 2-2.5% performance increase on a 16-thread
test. It would theoretically be possible to even remove these
compiler barriers but this would require that the rest of the code
using them is carefully cleaned up to always use atomic load/store
operations, which is not the case right now.
- a new option "httpslog" was added to complement "httplog". It aims at
providing some info about the TLS frontend connection by default, such
as the ciphers used and errors met etc. It is also possible to disable
low-level SSL error reports to only use these ones (and this should be
the long-term direction to take). A few sample fetch functions were
added to extract the SSL-level info. I'm aware that the thread on this
subject is still active, and any feedback is welcome if that helps to
further improve the situation for users.
- the long-broken "option http_proxy" was removed. It has never worked
in HTX mode (it broke in 1.9) indicating that nobody uses it anymore,
has never supported anything but raw IPv4 addresses. Nowadays using a
few http-request rules it's possible to do much more, support IPv6
and even DNS-based resolution.
- an internal proxy status flag PR_CAP_INT indicates that a proxy is
for internal use only and must not appear in the stats. This allowed
to further refine the previous solution that allows to dump stats in
a stopping process.
- a few small and hopefully harmless changes were made to the polling
layers to prepare the introduction of thread groups
>From what I'm hearing about code pieces being cleaned up, next version
should have more goodies. I'm personally still trying to figure how to
safely integrate the notion of thread groups at the file descriptor layer,
and I hope I'll have that sorted out for next version. This probably is
the trickiest part when it comes to thread groups because FDs are process
wide and need to be carefully isolated. But I'm not yet discouraged :-)
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Wiki : https://github.com/haproxy/wiki/wiki
Sources : http://www.haproxy.org/download/2.5/src/
Git repository : http://git.haproxy.org/git/haproxy.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy.git
Changelog : http://www.haproxy.org/download/2.5/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Amaury Denoyelle (2):
BUG/MEDIUM: ssl_sample: fix segfault for srv samples on invalid request
MINOR: ssl: use __objt_* variant when retrieving counters
Christopher Faulet (7):
CLEANUP: http_ana: Remove now unused label from http_process_request()
BUG/MINOR: stats: Add missing agent stats on servers
BUG/MINOR: resolvers: Use a null-terminated string to lookup in servers
tree
BUG/MINOR: mux-h1: Obey dontlognull option for empty requests
BUG/MINOR: mux-h2: Obey dontlognull option during the preface
BUG/MINOR: mux-h1: Be sure to swap H1C to splice mode when rcv_pipe() is
called
BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames
David CARLIER (1):
BUILD/MINOR: memprof fix macOs build.
Miroslav Zagorac (1):
BUILD: opentracing: fixed build when using pkg-config utility
Remi Tricot-Le Breton (7):
BUG/MINOR: connection: Add missing error labels to conn_err_code_str
MINOR: connection: Add a connection error code sample fetch
MINOR: ssl: Enable error fetches in case of handshake error
MINOR: ssl: Add new ssl_fc_hsk_err sample fetch
MINOR: ssl: Define a default https log format
MEDIUM: connection: Add option to disable legacy error log
REGTESTS: ssl: Add tests for the connection and SSL error fetches
William Lallemand (7):
BUG/MINOR: systemd: must check the configuration using -Ws
MINOR: proxy: rename PR_CAP_LUA to PR_CAP_INT
MINOR: mworker: the mworker CLI proxy is internal
MINOR: stats: don't output internal proxies (PR_CAP_INT)
CLEANUP: mworker: use the proxy helper functions in
mworker_cli_proxy_create()
CLEANUP: mworker: PR_CAP already initialized with alloc_new_proxy()
REGTESTS: ssl: ssl_errors.vtc does not work with old openssl version
Willy Tarreau (22):
BUG/MINOR: arg: free all args on make_arg_list()'s error path
BUG/MINOR: cfgcond: revisit the condition freeing mechanism to avoid a
leak
MEDIUM: proxy: remove long-broken 'option http_proxy'
BUG/MEDIUM: cfgcond: limit recursion level in the condition expression
parser
BUG/MEDIUM: mworker: do not register an exit handler if exit is expected
BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs
BUG/MINOR: check: fix the condition to validate a port-less server
BUILD: threads: fix pthread_mutex_unlock when !USE_THREAD
BUG/MEDIUM: connection: close a rare race between idle conn close and
takeover
BUG/MEDIUM: pollers: clear the sleeping bit after waking up, not before
BUG/MINOR: select: fix excess number of dead/skip reported
BUG/MINOR: poll: fix abnormally high skip_fd counter
BUG/MINOR: pollers: always program an update for migrated FDs
BUG/MINOR: fd: protect fd state harder against a concurrent takeover
DOC: internals: document the FD takeover process
MINOR: fd: update flags only once in fd_update_events()
MINOR: poll/epoll: move detection of RDHUP support earlier
REORG: fd: uninline fd_update_events()
MEDIUM: fd: rely more on fd_update_events() to detect changes
BUG/MINOR: freq_ctr: use stricter barriers between updates and readings
MEDIUM: atomic: simplify the atomic load/store/exchange operations
MEDIUM: atomic: relax the load/store barriers on x86_64
jenny-cheung (1):
MINOR: deinit: always deinit the init_mutex on failed initialization
---
