Hi, HAProxy 2.7-dev4 was released on 2022/08/20. It added 80 new commits after version 2.7-dev3.
Well, it's clearly visible that it's still the vacation period, as there is very few new stuff, almost only bug fixes! The build and bug fixes spread about everywhere and correspond to those that landed into 2.6.3, plus a number of QUIC-related stability issues. Now what's left aside bug fixes: - a new CLI command "add ssl ca-file" allows to append new certificates to an existing ca-file instead of replacing them all at once. This can be used as a workaround for the limited size of what may be uploaded via "set ssl ca-file" (one tune.bufsize max). - the table_expire() and table_idle() converters can return the remaining time before a key will expire in a table, as well as how long ago a given key was last seen. That's useful for rate limiting in order to send a retry-after header, and may also be used to revalidate credentials, present a captcha, or just kick a user session during a version rollover for example. - for debugging purposes, rings can now be backed by a file. Technically speaking, the storage area may now be allocated from an mmapped file instead of using malloc(). This is convenient for post-mortem analysis where traces of last events are sometimes needed, but the traffic makes them problematic to retrieve (and chaining socat to tail just for this eats a lot of resources). Thus in this mode there's nothing to tail nor read, just let the ring accumulate traces, and once the process dies, pass it through a new tool ("haring") that will dump all the events. This *may* be used by experienced admins for advanced debugging, but please do not complain if you back it on an on-disk file and it slows down your traffic due to swapping or disk I/Os. - multiple HTTP/3 cookie headers are now merged, as required by the spec. This was first reported by Gabriel Tzagkarakis in issue #1818, - QUIC traces were significantly reworked to be much more precise (hence more verbose) but they make analysis much more efficient and accurate. - more debugging facilities: now the pool allocations are also tracked by the memory profiler, so that it is easier to spot a leak or some code parts using too much memory. The CPU overhead is not big, roughly 3-5% compared to the profiler before this change, which is nothing compared to the improved observability. The memstats advanced debugger now also reports function names and pool usage as well. - better handling of stream closures and error in QUIC, QPACK and H3 - some early QUIC code that relies on expensive openssl calls was made more efficient by keeping the crypto context to avoid repeated memory allocations. As much as possible some parts using pool_zalloc() were turned to the less expensive pool_alloc(). The application send() path was simplified. Finally some locks in the Rx code that were no longer needed could be removed. So overall the QUIC code should eat a little bit less CPU. Those running development versions on their servers may want to upgrade to this one, because the low amount of changes compared to the high number of fixes should give it a stability level that is above average. Oh, and as a reminder, there are only 2 weeks left to submit a proposal for a talk to the haproxyconf (https://www.haproxyconf.com/). If you think you're having an unusual use case, or if some friends or coworkers said "oh that's smart" when you explained your setup, you should really consider putting your shyness aside and proposing a presentation ;-) Please find the usual URLs below : Site index : http://www.haproxy.org/ Documentation : http://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/2.7/src/ Git repository : http://git.haproxy.org/git/haproxy.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy.git Changelog : http://www.haproxy.org/download/2.7/src/CHANGELOG Pending bugs : http://www.haproxy.org/l/pending-bugs Reviewed bugs : http://www.haproxy.org/l/reviewed-bugs Code reports : http://www.haproxy.org/l/code-reports Latest builds : http://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (26): CLEANUP: mux-quic: remove loop on sending frames MINOR: quic: replace custom buf on Tx by default struct buffer MINOR: quic: release Tx buffer on each send MINOR: quic: refactor datagram commit in Tx buffer MINOR: quic: skip sending if no frame to send in io-cb BUG/MINOR: mux-quic: open stream on STOP_SENDING BUG/MINOR: quic: fix crash on handshake io-cb for null next enc level MINOR: mux-quic: adjust enter/leave traces MINOR: mux-quic: define protocol error traces CLEANUP: mux-quic: adjust traces level MINOR: mux-quic: define new traces BUG/MEDIUM: mux-quic: fix crash due to invalid trace arg BUG/MINOR: mux-quic: fix crash with traces in qc_detach() CLEANUP: exclude haring with .gitignore MINOR: quic: adjust quic_frame flag manipulation MINOR: h3: report error on control stream close MINOR: qpack: report error on enc/dec stream close BUG/MEDIUM: mux-quic: reject uni stream ID exceeding flow control MINOR: mux-quic: adjust traces on stream init MINOR: mux-quic: add missing args on some traces MINOR: quic: refactor application send BUG/MINOR: quic: do not notify MUX on frame retransmit BUG/MEDIUM: quic: fix crash on MUX send notification REORG: h2: extract cookies concat function in http_htx REGTESTS: add test for HTTP/2 cookies concatenation MEDIUM: h3: concatenate multiple cookie headers Emeric Brun (2): BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized BUG/MAJOR: log-forward: Fix ssl layer not initialized on bind even if configured Frédéric Lécaille (21): BUG/MEDIUM: quic: Wrong packet length check in qc_do_rm_hp() MINOR: quic: Too much useless traces in qc_build_frms() BUG/MEDIUM: quic: Missing AEAD TAG check after removing header protection MINOR: quic: Replace pool_zalloc() by pool_malloc() for fake datagrams MEDIUM: quic: xprt traces rework MINOR: quic: Remove useless lock for RX packets BUG/MINOR: quic: Possible infinite loop in quic_build_post_handshake_frames() CLEANUP: quic: Remove trailing spaces BUG/MEDIUM: quic: Possible use of uninitialized <odcid> variable in qc_lstnr_params_init() BUG/MEDIUM: quic: Wrong use of <token_odcid> in qc_lsntr_pkt_rcv() BUG/MINOR: quic: memleak on wrong datagram receipt BUG/MINOR: quic: MIssing check when building TX packets BUG/MINOR: quic: Wrong status returned by qc_pkt_decrypt() MINOR: stick-table: Add table_expire() and table_idle() new converters BUG/MINOR: quic: Missing initializations for ducplicated frames. BUG/MINOR: quic: Possible crashes when dereferencing ->pkt quic_frame struct member MINOR: quic: Add frame addresses to QUIC_EV_CONN_PRSAFRM event traces BUG/MINOR: quic: Wrong splitted duplicated frames handling MINOR: quic: Add the QUIC connection to mux traces MINOR: quic: Trace fix in qc_release_frm() MINOR: quic: Add reusable cipher contexts for header protection Mateusz Malek (1): BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict-req-hdr-names William Lallemand (3): BUG/MINOR: ssl/cli: error when the ca-file is empty MINOR: ssl: handle ca-file appending in cafile_entry MINOR: ssl/cli: implement "add ssl ca-file" Willy Tarreau (27): MINOR: debug: make the mem_stats section aligned to void* MINOR: debug: store and report the pool's name in struct mem_stats MINOR: debug: also store the function name in struct mem_stats MINOR: debug/memstats: automatically determine first column size MINOR: debug/memstats: permit to pass the size to free() BUG/MEDIUM: quic: always remove the connection from the accept list on close BUG/MEDIUM: poller: use fd_delete() to release the poller pipes BUG/MEDIUM: task: relax one thread consistency check in task_unlink_wq() BUILD: stconn: fix build warning at -O3 about possible null sc BUG/MEDIUM: ring: fix too lax 'size' parser BUILD: ring: forward-declare struct appctx to avoid a build warning MINOR: ring: support creating a ring from a linear area MINOR: ring: add support for a backing-file DEV: haring: add a simple utility to read file-backed rings DEV: haring: support remapping LF in contents with CR VT BUILD: sink: replace S_IRUSR, S_IWUSR with their octal value MINOR: ring: archive a previous file-backed ring on startup MINOR: memprof: export the minimum definitions for memory profiling MINOR: pool/memprof: report pool alloc/free in memory profiling MINOR: pools/memprof: store and report the pool's name in each bin MINOR: chunk: inline alloc_trash_chunk() MINOR: applet: add a function to reset the svcctx of an applet BUG/MEDIUM: cli: always reset the service context between commands BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle MINOR: mux-h2/traces: report transition to SETTINGS1 before not after MINOR: mux-h2: make streams know if they need to send more data BUG/MINOR: mux-h2: send a CANCEL instead of ES on truncated writes ---