Hi, HAProxy 2.7.11 was released on 2023/12/07. It added 160 new commits after version 2.7.10.
Once again, a huge release. This one is more or less equivalent to the 2.8.3, 2.8.4 and 2.8.5, except the wrapper for QUIC over OpenSSL was not backported to 2.7. More details can be found into 2.8 announcement messages. I will only quickly sum up main changes here. About QUIC, an important change is that now QUIC connections are accounted against maxconn since their allocation. Previously, this was only done once the handshake succeeded and the MUX layer was allocated. This is important as it should ensure that haproxy ressources remains under control even regarding QUIC handshakes. Along this change, QUIC connections are also accounted in SSL connections which was never the case before. Another noticeable change concerns connections on CLOSING or DRAINING state. These states are used when a CONNECTION_CLOSE was sent or received. When entering it, a connection must cease all transmission, except resending of a CONNECTION_CLOSE frame. This could be compared in some way to TCP FIN_WAIT. Before this release, idle timeout was used to kept the connection longer than necessary. Now, recommandations from RFC 9000 are followed more strictly and the RTT estimation is used to release the connection earlier. This should improve haproxy ressources consumption if CONNECTION_CLOSE frames are exchanged frequently. Several fixes on QUIC as usual. Some of them related to QUIC Retry mechanism. Crashes occurrences which could happened under memory exhaustion and memory leaks under heavy load were prevented. An incompatibility with L4 tcp-rules was fixed. A possible crash was fixed on QUIC connections waiting to be killed if some retransmissions were still to be processed. The CONNECTION_CLOSE_APP encoding was fixed (but it is harmless for the 2.7). Malformed ACK frames are now properly ignored. A possible wakeup loop on client connection closure was also fixed. RTT sampling might be ignored is some rare cases, when now_ms wraps. It is now fixed. And RTT computation was also fixed to be more accurate. On H3 side, the trailers encoding was fixed. It was never working as intended. And PUSH_PROMISE are now always rejected. It is stated in the RFC that PUSH_PROMISE are never sent by a client. Thus, it can be rejected in any case until HTTP/3 will be implemented on the backend side. On H2 side, a possible crash was fixed when processing a response containing a DATA frame after an 1xx response (or more generally before final headers). When a congested H2 connection is shut done, we now take care to wait to send the final empty DATA frame with the ES flag, if necessary, instead of sending a RST_STREAM. Handling of http-request and http-keep-alive timeouts was fixed. H2 streams waiting in the send_list or the fctl_list are now properly woken up, improving performance on constraint environments. Finally, the stream ID is now committed even if the stream is rejected. In the H1 multiplexer, handling of http-request and http-keep-alive timeouts was fixed. A bug prevented sending of 400-bad-request response on shutdown before the first request was fixed. Some sanitizing was performed on headers during parsing when Content-Length and Transfer-Encoding headers were both present. Related to H1 but at the applicative level, the abortonclose option handling was fixed. It was not properly handled when set on the backend only. It was only usable on defaults section. Finally, an issue in the H1 chunked payload parsing was fixed by Chris Staite. The takeover mechanism, used by H1, H2 and FCGI multiplexers, to allow thread migration of idle connections on server side, was fixed. In case of memory allocation failure, the connection was released synchronously, which was unexpected. Now, allocations are performed first. Thus on error, the migration is just cancelled and the connection remains untouched. A race in the Lua co-socket connect code was addressed, by which if it's interrupted by the Lua scheduler in the middle of the operation, it would fail and not be able to recover. Now it will be able to reconnect. It is now possible to mix lua actions loaded from 'lua-load' and 'lua-load-per-thread' directives within a single http/tcp session. An annoying issue was met when testing the reverse-http mechanism on the 2.9, by which failed connection attempts would apparently not be attempted again when there was no connect timeout. It turned out to be more generalized than the rhttp system, and actually affects all outgoing connections relying on NPN or ALPN to choose the mux, on which no mux is installed and for which the subscriber (ssl_sock) must be notified instead. The issue appeared during 2.2-dev1 development. Incomplete cache entries when streams are interrupted by the clients are now properly removed from the cache, instead of waiting their expiration. The "word" converter was fixed to properly work with "-m found" operator. The configuration parser was fixed to properly handle lines with an unmatched environment variables instead of stopping the line parsing. A memory leak was fixed when parsing a "default-server" directive in defaults sections. proxy initialization was fixed to also initialize all default settings. It is especially useful to prevent crashes for internal proxies, such as sinks and log forwarders. A possible case where deleting a server from the CLI was possible if the server didn't have any streams anymore but was being retried on by one stream. I.e. that stream still had a reference to it and could possibly end up on it again after the retry. We now make sure not to interrupt HTTP responses that are delivered before requests when the server terminates with a reset. That's particularly visible in H2 with gRPC. A possible crash in fcgi with stderr records due to a zero-copy operation that should not be allowed in this case. Streamers detection, used to perform SSL sends bigger than tune.ssl.maxrecord, was no longer working for HTX streams. The "proto" keyword was not working for dynamic servers. Matching of action's arguments was not working as expected because the parser stopped on the first match instead of looking for the longest matching name. Some huge pauses were erroneously imposed by the bandwidth limitation filter because of an overflow on the overshoot computation after a long inactivity period. Crashes were possible if an applet was released while it was waiting for a buffer. It was not properly removed from the list of entities waiting for a buffer. It only happened if the memory was limited. On reload, it was possible to exit the master on bind error because distinction between the master process and children ones was made too late. Identifying the master process earlier fixed the issue. It was possible to enter into a deadlock when purging a pattern because pools were trimmed while the operation was under a lock. Thus during a clearing of a map, if another thread tried to access or update an entry in the same map, it had to wait for the pattern lock to be released, while the pools trimming function was waiting for all threads to be harmless, thus causing a deadlock. To fix the issue, the pools are now trimmed by the caller. On peers, it was no longer possible to perform a full resync if the number of tables exceeded the number of updates allowed at once. The loop responsible to send updates to other peers was always interrupted after the end. To fix the issue, restart conditions for a teaching loop were changed. The method used to decide how many pool entries could be released at once was buggy. Comparaison between the allocated count and the used count was inverted. In some cases, this led to very small batches to be released, increasing the memory consumption. Not really a memory leak however. @system-ca was not properly loaded because the ca-base directory was still added. With TLSv1.3, the certificate selection favored RSA certificated over ECDSA when both were available for a domain while it should be the opposite. sc-add-gpc and sc-set-gpt(0) actions are now allowed from tcp-request connection. According to the documentation, this was supposed to be supported. The SSL certificates replacement was broken in 2.6 when the ".crt" extension was handled as a default extension for a certificate. Without "ssl-load-extra-del-ext" option, the lookup for certificates with a ".crt" failed. This was fixed by removing ".crt" extension from default ones. It is now possible to configure the connect timeout and the number of retries for httpclients. To do so, two new global options were added: "httpclient.timeout.connect" and "httpclient.retries". Finally, xxhash was update to version 0.8.2 and some updates was also performed on plock. At the end of the month, we will enter in the last quarter before the 2.7 end-of-life. If you are still running a 2.7, you should update to 2.7.11 of course. But you are also encouraged to evaluate the 2.8, the 2.8.5 was just released. Thanks everyone for your help and your contributions ! Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.7/src/ Git repository : https://git.haproxy.org/git/haproxy-2.7.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy-2.7.git Changelog : https://www.haproxy.org/download/2.7/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages --- Complete changelog : Aleksandar Lazic (1): DOC: internal: filters: fix reference to entities.pdf Amaury Denoyelle (23): BUG/MEDIUM: quic: fix tasklet_wakeup loop on connection closing BUG/MINOR: mux-quic: remove full demux flag on ncbuf release BUG/MINOR: hq-interop: simplify parser requirement BUG/MINOR: quic: reject packet with no frame BUG/MEDIUM: mux-quic: fix RESET_STREAM on send-only stream BUG/MINOR: mux-quic: support initial 0 max-stream-data BUG/MINOR: h3: strengthen host/authority header parsing BUG/MINOR: mux-quic: fix free on qcs-new fail alloc BUG/MEDIUM: quic-conn: free unsent frames on retransmit to prevent crash BUG/MINOR: quic: do not consider idle timeout on CLOSING state BUG/MINOR: ssl: use a thread-safe sslconns increment MINOR: frontend: implement a dedicated actconn increment function BUG/MINOR: mux-quic: fix early close if unset client timeout BUG/MINOR: quic: fix retry token check inconsistency MEDIUM: quic: count quic_conn instance for maxconn MEDIUM: quic: count quic_conn for global sslconns BUG/MEDIUM: quic: fix actconn on quic_conn alloc failure BUG/MEDIUM: quic: fix sslconns on quic_conn alloc failure BUG/MAJOR: quic: complete thread migration before tcp-rules BUG/MINOR: quic: fix CONNECTION_CLOSE_APP encoding BUG/MINOR: h3: fix TRAILERS encoding BUG/MINOR: h3: always reject PUSH_PROMISE BUG/MINOR: quic_tp: fix preferred_address decoding Aurelien DARRAGON (28): BUG/MINOR: hlua: fix invalid use of lua_pop on error paths BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage DOC: lua: fix core.register_action typo BUG/MINOR: hlua/action: incorrect message on E_YIELD error MINOR: hlua: add hlua_stream_ctx_prepare helper function BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume() BUG/MINOR: hlua/init: coroutine may not resume itself BUG/MINOR: server: add missing free for server->rdr_pfx MINOR: pattern: fix pat_{parse,match}_ip() function comments BUG/MEDIUM: server/cli: don't delete a dynamic server that has streams MINOR: connection: add conn_pr_mode_to_proto_mode() helper func BUG/MEDIUM: server: "proto" not working for dynamic servers BUG/MINOR: stktable: missing free in parse_stick_table() BUG/MINOR: cfgparse/stktable: fix error message on stktable_init() failure BUG/MINOR: stick-table/cli: Check for invalid ipv4 key BUG/MINOR: sink: don't learn srv port from srv addr MINOR: stktable: add stktable_deinit function BUG/MINOR: proxy/stktable: missing frees on proxy cleanup DOC: config: fix timeout check inheritance restrictions REGTESTS: connection: disable http_reuse_be_transparent.vtc if !TPROXY DOC: lua: add sticktable class reference from Proxy.stktable DOC: lua: fix Proxy.get_mode() output BUG/MINOR: cfgparse-listen: fix warning being reported as an alert DOC: config: specify supported sections for "max-session-srv-conns" DOC: config: add matrix entry for "max-session-srv-conns" DOC: config: fix monitor-fail typo Cedric Paillet (1): BUG/MINOR: promex: fix backend_agg_check_status Chris Staite (1): BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer Christopher Faulet (35): BUG/MEDIUM: stconn: Wake applets on sending path if there is a pending shutdown BUG/MEDIUM: stconn: Don't block sends if there is a pending shutdown BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout BUG/MEDIUM: mux-fcgi: Don't swap trash and dbuf when handling STDERR records BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before headers BUG/MEDIUM: http-ana: Try to handle response before handling server abort MINOR: hlua: Set context's appctx when the lua socket is created MINOR: hlua: Don't preform operations on a not connected socket MINOR: hlua: Save the lua socket's timeout in its context MINOR: hlua: Save the lua socket's server in its context MINOR: hlua: Test the hlua struct first when the lua socket is connecting BUG/MEDIUM: hlua: Initialize appctx used by a lua socket on connect only BUG/MINOR: mux-h1: Handle read0 in rcv_pipe() only when data receipt was tried BUG/MINOR: mux-h1: Ignore C-L when sending H1 messages if T-E is also set BUG/MEDIUM: h1: Ignore C-L value in the H1 parser if T-E is also set BUG/MINOR: mux-h1: Send a 400-bad-request on shutdown before the first request BUG/MEDIUM: mux-h2: Don't report an error on shutr if a shutw is pending BUG/MEDIUM: peers: Be sure to always refresh recconnect timer in sync task BUG/MEDIUM: peers: Fix synchro for huge number of tables BUG/MINOR: tcpcheck: Report hexstring instead of binary one on check failure CLEANUP: htx: Properly indent htx_reserve_max_data() function BUG/MINOR: mux-h1: Properly handle http-request and http-keep-alive timeouts BUG/MEDIUM: freq-ctr: Don't report overshoot for long inactivity period BUG/MEDIUM: applet: Remove appctx from buffer wait list on release BUG/MINOR: stconn: Handle abortonclose if backend connection was already set up MINOR: connection: Add a CTL flag to notify mux it should wait for reads again MEDIUM: mux-h1: Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for reads BUG/MEDIUM: stream: Properly handle abortonclose when set on backend only REGTESTS: http: Improve script testing abortonclose option BUG/MINOR: http-client: Don't forget to commit changes on HTX message BUG/MEDIUM: stream: Don't call mux .ctl() callback if not implemented MINOR: htx: Use a macro for overhead induced by HTX MINOR: channel: Add functions to get info on buffers and deal with HTX streams BUG/MINOR: stconn: Fix streamer detection for HTX streams BUG/MINOR: stconn: Use HTX-aware channel's functions to get info on buffer Emeric Brun (1): Revert "BUG/MEDIUM: quic: missing check of dcid for init pkt including a token" Eugene Dorfman (1): DOC: 51d: updated 51Degrees repo URL for v3.2.10 Frédéric Lécaille (17): BUG/MINOR: quic: Possible skipped RTT sampling BUG/MAJOR: quic: Really ignore malformed ACK frames. BUG/MINOR: quic: Wrong RTT adjusments BUG/MINOR: quic: Wrong RTT computation (srtt and rrt_var) BUG/MINOR: quic: Leak of frames to send. BUG/MINOR: quic: Wrong cluster secret initialization BUG/MINOR: quic: Avoid crashing with unsupported cryptographic algos BUG/MINOR: quic: idle timer task requeued in the past BUG/MEDIUM: quic: Avoid trying to send ACK frames from an empty ack ranges tree BUG/MEDIUM: quic: Possible crashes when sending too short Initial packets BUG/MEDIUM: quic: Avoid some crashes upon TX packet allocation failures DOC: quic: Wrong syntax for "quic-cc-algo" keyword. BUG/MEDIUM: quic: Possible crash for connections to be killed BUG/MINOR: quic: Possible RX packet memory leak under heavy load BUG/MINOR: config: Stopped parsing upon unmatched environment variables BUG/MEDIUM: quic: Possible crash during retransmissions and heavy load BUG/MINOR: quic: Possible leak of TX packets under heavy load Ilya Shipitsin (3): CI: get rid of travis-ci wrapper for Coverity scan CI: musl: highlight section if there are coredumps CI: musl: drop shopt in workflow invocation Johannes Naab (1): DOC: typo: fix sc-set-gpt references Remi Tricot-Le Breton (1): BUG/MINOR: cache: Remove incomplete entries from the cache when stream is closed Tim Duesterhus (4): CI: Update to actions/checkout@v4 REGTESTS: sample: Test the behavior of consecutive delimiters for the field converter BUG/MINOR: sample: Make the `word` converter compatible with `-m found` DOC: Clarify the differences between field() and word() William Lallemand (11): BUILD: Makefile: add the USE_QUIC option to make help BUG/MINOR: ssl/cli: can't find ".crt" files when replacing a certificate DOC: configuration: update examples for req.ver MINOR: httpclient: allow to configure the retries MINOR: httpclient: allow to configure the timeout.connect BUG/MINOR: ssl: load correctly @system-ca when ca-base is define BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA BUG/MEDIUM: ssl: segfault when cipher is NULL DOC: management: -q is quiet all the time BUG/MEDIUM: mworker: set the master variable earlier BUG/MINOR: startup: set GTUNE_SOCKET_TRANSFER correctly Willy Tarreau (32): DEV: flags/show-sess-to-flags: properly decode fd.state SCRIPTS: git-show-backports: automatic ref and base detection with -m IMPORT: plock: also support inlining the int code MINOR: threads: inline the wait function for pthread_rwlock emulation MINOR: atomic: make sure to always relax after a failed CAS IMPORT: xxhash: update xxHash to version 0.8.2 BUG/MINOR: ssl_sock: fix possible memory leak on OOM BUILD: import: guard plock.h against multiple inclusion BUG/MINOR: checks: do not queue/wake a bounced check BUILD: bug: make BUG_ON() void to avoid a rare warning BUG/MINOR: freq_ctr: fix possible negative rate with the scaled API BUG/MEDIUM: actions: always apply a longest match on prefix lookup BUG/MEDIUM: quic_conn: let the scheduler kill the task when needed BUG/MINOR: mux-h2: make up other blocked streams upon removal from list BUG/MINOR: mux-h2: fix http-request and http-keep-alive timeouts again BUG/MINOR: trace: fix trace parser error reporting BUG/MINOR: mux-h2: commit the current stream ID even on reject BUG/MINOR: mux-h2: update tracked counters with req cnt/req err DEBUG: mux-h2/flags: fix list of h2c flags used by the flags decoder BUG/MEDIUM: pattern: don't trim pools under lock in pat_ref_purge_range() BUG/MEDIUM: pool: fix releasable pool calculation when overloaded DOC: config: use the word 'backend' instead of 'proxy' in 'track' description BUG/MEDIUM: connection: report connection errors even when no mux is installed BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover() BUG/MEDIUM: mux-h1: fail earlier on malloc in takeover() BUG/MEDIUM: mux-fcgi: fail earlier on malloc in takeover() BUG/MINOR: stream/cli: report correct stream age in "show sess" REGTESTS: http: add a test to validate chunked responses delivery BUG/MINOR: sock: mark abns sockets as non-suspendable and always unbind them BUG/MINOR: server: do not leak default-server in defaults sections DOC: config: fix missing characters in set-spoe-group action BUG/MEDIUM: proxy: always initialize the default settings after init -- Christopher Faulet
