Hi, HAProxy 2.7-dev3 was released on 2022/08/07. It added 88 new commits after version 2.7-dev2.
It's visible that it's the vacation period :-) There's not much new stuff here this time, but a number of cleanups and fixes spread about everywhere appeared (threads, quic, master, resolvers, ...) so at least in order to ease testing by early adopters it looks better to provide an update. Most of the recent updates were focused on QUIC, as usual these days. One of the visible changes (among many fixes) is an improvement to the timeout handling (http-request and keep-alive which are now properly handled). Regarding QUIC, we still have pending bugs taking us time, and we need to invest a bit more time on testing and tracing in this area in order to shorten the troubleshooting time and the number of round trips with users. On this point we really owe a big thanks to @Tristan971, @hpn0t0ad for taking the time to run countless tests and report breakage. That's extremely helpful. Given that QUIC users in 2.6 tend to be a bit forced to update to 2.7-dev to improve reporting, we're starting to think about updating the QUIC stack in 2.6 to match 2.7 once we're done with the pending issues. It is isolated enough not to affect other users, and looks like it will eventually be unavoidable for stable production use. Maybe that will be in 2.6.3, maybe in 2.6.4, we'll see once we're more confident in latest fixes. The goal remains to provide as stable operation as possible in 2.6, and at the moment, despite bugs which affect both, 2.7 is more stable than 2.6 for QUIC. Another possibly visible change is the update of the locking code to the latest version that implements the exponential back-off that improves performance a lot on highly contended systems. I've seen performance gains of 2.4 times on dequeuing and 4.5 times on leastconn with this on a 48- thread machine. Those running on large machines and regularly facing high CPU consumption might observe an improvement. Since the HTTP client started to use them, the resolvers and the system's CA files could cause startup errors or warnings if not properly accessible at boot. This was addressed so that this should normally only provoke run time resolution or handshake failures for the client in such cases. I noticed that since dev2, the cpu-map directive doesn't always compute correct masks anymore when using thread groups. It works OK with "all" for the thread specification but not for individual threads. I don't have a more accurate analysis of the trouble yet, that I discovered at the end of the week while already working on another issue. I need to address this quickly as it slows my progress on thread groups, but be aware of this in case you're manually pinning your threads to CPUs. Please find the usual URLs below : Site index : http://www.haproxy.org/ Documentation : http://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/2.7/src/ Git repository : http://git.haproxy.org/git/haproxy.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy.git Changelog : http://www.haproxy.org/download/2.7/src/CHANGELOG Pending bugs : http://www.haproxy.org/l/pending-bugs Reviewed bugs : http://www.haproxy.org/l/reviewed-bugs Code reports : http://www.haproxy.org/l/code-reports Latest builds : http://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (16): BUG/MINOR: quic: do not send CONNECTION_CLOSE_APP in initial/handshake BUG/MEDIUM: mux-quic: fix missing EOI flag to prevent streams leaks BUG/MINOR: mux-quic: prevent crash if conn released during IO callback CLEANUP: mux-quic: remove useless app_ops is_active callback BUG/MINOR: mux-quic: do not free conn if attached streams MINOR: mux-quic: save proxy instance into qcc MINOR: mux-quic: use timeout server for backend conns MEDIUM: mux-quic: adjust timeout refresh MINOR: mux-quic: count in-progress requests MEDIUM: mux-quic: implement http-keep-alive timeout MINOR: h3: support HTTP request framing state MINOR: mux-quic: refresh timeout on frame decoding MINOR: mux-quic: refactor refresh timeout function MEDIUM: mux-quic: implement http-request timeout MINOR: quic: explicitely ignore sendto error BUG/MINOR: quic: adjust errno handling on sendto Brad Smith (1): BUILD: makefile: Fix install(1) handling for OpenBSD/NetBSD/Solaris/AIX Christopher Faulet (15): BUILD: debug: Add braces to if statement calling only CHECK_IF() BUG/MINOR: fd: Properly init the fd state in fd_insert() BUG/MEDIUM: stconn: Only reset connect expiration when processing backend side BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible Revert "BUG/MINOR: peers: set the proxy's name to the peers section name" MINOR: peers: Add a warning about incompatible SSL config for the local peer MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload BUG/MINOR: peers: Use right channel flag to consider the peer as connected BUG/MEDIUM: dns: Properly initialize new DNS session BUG/MINOR: backend: Don't increment conn_retries counter too early MINOR: server: Constify source server to copy its settings REORG: server: Export srv_settings_cpy() function BUG/MEDIUM: proxy: Perform a custom copy for default server settings BUG/MEDIUM: sink: Set the sink ref for forwarders created during ring parsing Frédéric Lécaille (13): BUG/MAJOR: mux_quic: fix invalid PROTOCOL_VIOLATION on POST data overlap MINOR: quic: Congestion control architecture refactoring MEDIUM: quic: Cubic congestion control algorithm implementation MINOR: quic: New "quic-cc-algo" bind keyword BUG/MINOR: quic: loss time limit variable computed but not used MINOR: quic: Stop looking for packet loss asap BUG/MAJOR: quic: Useless resource intensive loop qc_ackrng_pkts() MINOR: quic: Send packets as much as possible from qc_send_app_pkts() BUG/MINOR: quic: Missing in flight ack eliciting packet counter decrement BUG/MEDIUM: quic: Floating point exception in cubic_root() BUG/MINOR: quic: Avoid sending truncated datagrams MINOR: quic: Add two new stats counters for sendto() errors BUG/MINOR: quic: Missing Initial packet dropping case Ilya Shipitsin (7): BUILD: SSL: allow to pass additional configure args to QUICTLS CI: enable weekly "m32" builds on x86_64 CLEANUP: assorted typo fixes in the code and comments BUG/MEDIUM: fix DH length when EC key is used REGTESTS: ssl: adopt tests to OpenSSL-3.0.N REGTESTS: ssl: adopt tests to OpenSSL-3.0.N REGTESTS: ssl: fix grep invocation to use extended regex in ssl_generate_certificate.vtc William Lallemand (15): MINOR: resolvers: resolvers_destroy() deinit and free a resolver BUG/MINOR: resolvers: shut off the warning for the default resolvers BUG/MINOR: ssl: allow duplicate certificates in ca-file directories MINOR: init: load OpenSSL error strings MINOR: ssl: enhance ca-file error emitting BUG/MINOR: mworker/cli: relative pid prefix not validated anymore BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload BUG/MINOR: sockpair: wrong return value for fd_send_uxst() MINOR: sockpair: move send_fd_uxst() error message in caller DEBUG: fd: split the fd check MEDIUM: resolvers: continue startup if network is unavailable MINOR: cli: emit a warning when _getsocks was used more than once BUG/MINOR: mworker: PROC_O_LEAVING used but not updated Revert "MINOR: cli: emit a warning when _getsocks was used more than once" MINOR: cli: warning on _getsocks when socket were closed Willy Tarreau (21): BUG/MEDIUM: tools: avoid calling dlsym() in static builds (try 2) BUG/MINOR: tools: fix statistical_prng_range()'s output range BUG/MEDIUM: fd/threads: fix incorrect thread selection in wakeup broadcast BUILD: add detection for unsupported compiler models BUG/MEDIUM: master: force the thread count earlier BUG/MAJOR: poller: drop FD's tgid when masks don't match DEBUG: fd: detect possibly invalid tgid in fd_insert() BUG/MINOR: fd: always remove late updates when freeing fd_updt[] BUG/MEDIUM: queue/threads: limit the number of entries dequeued at once MAJOR: threads/plock: update the embedded library MINOR: thread: provide an alternative to pthread's rwlock DEBUG: tools: provide a tree dump function for ebmbtrees as well MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups BUG/MEDIUM: pattern: only visit equivalent nodes when skipping versions BUG/MINOR: ring/cli: fix a race condition between the writer and the reader BUG/MINOR: sink: fix a race condition between the writer and the reader BUG/MINOR: quic: do not reject datagrams matching minimum permitted size BUG/MEDIUM: quic: break out of the loop in quic_lstnr_dghdlr MINOR: threads: report the number of thread groups in build options MINOR: config: automatically preset MAX_THREADS based on MAX_TGROUPS BUILD: cfgparse: always defined _GNU_SOURCE for sched.h and crypt.h ---