Hi, HAProxy 2.5-dev3 was released on 2021/08/01. It added 48 new commits after version 2.5-dev2.
There are not that many new features this time due to quite some time being spent dealing with old bugs (new stable releases should be emitted soon with backports). The main issues that were addressed in this release are a remaining case where the H2 mux could fail to consider an early close, some issues with the master's internal variables being unexpectedly exposed to sub-programs and used even when checking config, a faint but possible race condition in the FD takeover code that's used by the idle connections pool, pollers "poll" and "evport" ignoring inter-thread wakeups since 2.1 (which proves that nobody uses them in thread configurations). Leaving bugs aside, this version still improves a few points: - since the introduction of threads in 1.8, memory barriers used to be overly conservative on x86. These were relaxed to compiler barriers only, and resulted in a 2-2.5% performance increase on a 16-thread test. It would theoretically be possible to even remove these compiler barriers but this would require that the rest of the code using them is carefully cleaned up to always use atomic load/store operations, which is not the case right now. - a new option "httpslog" was added to complement "httplog". It aims at providing some info about the TLS frontend connection by default, such as the ciphers used and errors met etc. It is also possible to disable low-level SSL error reports to only use these ones (and this should be the long-term direction to take). A few sample fetch functions were added to extract the SSL-level info. I'm aware that the thread on this subject is still active, and any feedback is welcome if that helps to further improve the situation for users. - the long-broken "option http_proxy" was removed. It has never worked in HTX mode (it broke in 1.9) indicating that nobody uses it anymore, has never supported anything but raw IPv4 addresses. Nowadays using a few http-request rules it's possible to do much more, support IPv6 and even DNS-based resolution. - an internal proxy status flag PR_CAP_INT indicates that a proxy is for internal use only and must not appear in the stats. This allowed to further refine the previous solution that allows to dump stats in a stopping process. - a few small and hopefully harmless changes were made to the polling layers to prepare the introduction of thread groups >From what I'm hearing about code pieces being cleaned up, next version should have more goodies. I'm personally still trying to figure how to safely integrate the notion of thread groups at the file descriptor layer, and I hope I'll have that sorted out for next version. This probably is the trickiest part when it comes to thread groups because FDs are process wide and need to be carefully isolated. But I'm not yet discouraged :-) Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.5/src/ Git repository : http://git.haproxy.org/git/haproxy.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy.git Changelog : http://www.haproxy.org/download/2.5/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Amaury Denoyelle (2): BUG/MEDIUM: ssl_sample: fix segfault for srv samples on invalid request MINOR: ssl: use __objt_* variant when retrieving counters Christopher Faulet (7): CLEANUP: http_ana: Remove now unused label from http_process_request() BUG/MINOR: stats: Add missing agent stats on servers BUG/MINOR: resolvers: Use a null-terminated string to lookup in servers tree BUG/MINOR: mux-h1: Obey dontlognull option for empty requests BUG/MINOR: mux-h2: Obey dontlognull option during the preface BUG/MINOR: mux-h1: Be sure to swap H1C to splice mode when rcv_pipe() is called BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames David CARLIER (1): BUILD/MINOR: memprof fix macOs build. Miroslav Zagorac (1): BUILD: opentracing: fixed build when using pkg-config utility Remi Tricot-Le Breton (7): BUG/MINOR: connection: Add missing error labels to conn_err_code_str MINOR: connection: Add a connection error code sample fetch MINOR: ssl: Enable error fetches in case of handshake error MINOR: ssl: Add new ssl_fc_hsk_err sample fetch MINOR: ssl: Define a default https log format MEDIUM: connection: Add option to disable legacy error log REGTESTS: ssl: Add tests for the connection and SSL error fetches William Lallemand (7): BUG/MINOR: systemd: must check the configuration using -Ws MINOR: proxy: rename PR_CAP_LUA to PR_CAP_INT MINOR: mworker: the mworker CLI proxy is internal MINOR: stats: don't output internal proxies (PR_CAP_INT) CLEANUP: mworker: use the proxy helper functions in mworker_cli_proxy_create() CLEANUP: mworker: PR_CAP already initialized with alloc_new_proxy() REGTESTS: ssl: ssl_errors.vtc does not work with old openssl version Willy Tarreau (22): BUG/MINOR: arg: free all args on make_arg_list()'s error path BUG/MINOR: cfgcond: revisit the condition freeing mechanism to avoid a leak MEDIUM: proxy: remove long-broken 'option http_proxy' BUG/MEDIUM: cfgcond: limit recursion level in the condition expression parser BUG/MEDIUM: mworker: do not register an exit handler if exit is expected BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs BUG/MINOR: check: fix the condition to validate a port-less server BUILD: threads: fix pthread_mutex_unlock when !USE_THREAD BUG/MEDIUM: connection: close a rare race between idle conn close and takeover BUG/MEDIUM: pollers: clear the sleeping bit after waking up, not before BUG/MINOR: select: fix excess number of dead/skip reported BUG/MINOR: poll: fix abnormally high skip_fd counter BUG/MINOR: pollers: always program an update for migrated FDs BUG/MINOR: fd: protect fd state harder against a concurrent takeover DOC: internals: document the FD takeover process MINOR: fd: update flags only once in fd_update_events() MINOR: poll/epoll: move detection of RDHUP support earlier REORG: fd: uninline fd_update_events() MEDIUM: fd: rely more on fd_update_events() to detect changes BUG/MINOR: freq_ctr: use stricter barriers between updates and readings MEDIUM: atomic: simplify the atomic load/store/exchange operations MEDIUM: atomic: relax the load/store barriers on x86_64 jenny-cheung (1): MINOR: deinit: always deinit the init_mutex on failed initialization ---