Hi, HAProxy 2.3-dev2 was released on 2020/07/31. It added 44 new commits after version 2.3-dev1.
As usual in the early cycle, many of them are fixes that also affect the latest stable branch, but given that there were enough to crash the process in various ways, those starting to play with 2.3-dev will probably express a noticeable preference for this one :-) Aside bugs, we're starting to get more cleanups in the code, doc and CI. Lua 5.4 support was now added (it builds and a few tests were run, we'll see over the long term). The TCP rulesets expiration date didn't mix well with Lua because that last one could have a longer one and cause loops, or a shorter one and cause other issues. Now a dedicated expiration date is used in these rulesets and we might extend this to other places which were abusing the initial ana_timeout field which was originally meant to wait for data having to be analysed, and quickly abused by tarpits and others requiring a timer. A few optimizations at the connection layer were performed to save a few useless syscalls, and a few debugging entries were added to help us better spot abnomalies. We've had some design discussions with a few developers, observing that certain historic designs are still resisting the recent evolutions, namely at the connection layer, and really need to be dismantled and seriously reworked. These are the ones responsible for the bugs that take us ages to figure and fix. Thus, it should be expected that the next few versions will start to be a bit more chaotic. I'd also like to start changing a few defaults next week. We've seen that setting a server's pool-low-conn to roughly twice the number of threads yielded very good performance with high connection reuse rate and low overall connection count. That could become a default. I'd also like to enable edge-triggered epoll by default (it's off for now but I've been running it for a while since it was added in 2.2 and didn't see any issue yet). I'd also like to do more extensive testing on tune.sched.low-latency to see when it improves performance and when it lowers it, and decide if we should enable it by default or not, depending on the more commonly expected case. Another point to discuss is the "log-send-hostname" directive. Historically haproxy has been sending logs without hostnames, until Joe Williams added configurable support for this 10 years ago. Nowadays it seems that all those dealing with logs prefer to centralize them and seeing "localhost" or even nothing in their logs becomes confusing. The "log-send-hostname" directive allows to place the current host name in the logs, where it's expected by the syslog standard. The thing is, this option is not "on"/"off", but it is on when present, and either uses the hostname or the optional argument. So we don't have any elegant way to disable it. Thus I think it would make sense to enable it by default but we need to find a way to disable it (including passing "none" in the optional field normally dedicated to the host if everyone agrees). Or maybe "no log-send-hostname" would work like for many positional options. I'm interested in getting feedback on this so that we can change it before the last minute and we have time to see any issue it could cause. And the last point for today is that this week I took some time to move the wiki to its own repository so that it's now possible to grant access to more contributors (https://github.com/haproxy/wiki/wiki). It was kept as a regular github wiki so that we can benefit from the easy editor in the browser for those less familiar with Git. My view on this tool is that anyone who regularly participates to the project, for example by responding others' questions here or on Discourse, or by maintaining packages for a distro, is trustable enough to have a write access there. The only thing I'm asking for is to take care of not destroying others' contents (and ask for help if it happens by mistake). But it's a wiki so it's expected to be somewhat of a bazaar anyway. If some are interested, just drop me a private e-mail and I'll send you an invite (I haven't found how to simply request an access for a user). Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.3/src/ Git repository : http://git.haproxy.org/git/haproxy.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy.git Changelog : http://www.haproxy.org/download/2.3/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Baruch Siach (1): BUILD: tools: fix build with static only toolchains Christopher Faulet (19): BUG/MAJOR: dns: Make the do-resolve action thread-safe BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed MEDIUM: htx: Add a flag on a HTX message when no more data are expected BUG/MEDIUM: stream-int: Don't set MSG_MORE flag if no more data are expected BUG/MEDIUM: http-ana: Only set CF_EXPECT_MORE flag on data filtering BUG/MINOR: mux-fcgi: Don't url-decode the QUERY_STRING parameter anymore BUG/MINOR: debug: Don't dump the lua stack if it is not initialized MEDIUM: lua: Add support for the Lua 5.4 BUG/MEDIUM: dns: Don't yield in do-resolve action on a final evaluation BUG/MINOR: lua: Abort execution of actions that yield on a final evaluation MINOR: tcp-rules: Return an internal error if an action yields on a final eval BUG/MINOR: tcp-rules: Preserve the right filter analyser on content eval abort BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields MEDIUM: tcp-rules: Use a dedicated expiration date for tcp ruleset MEDIUM: lua: Set the analyse expiration date with smaller wake_time only BUG/MEDIUM: connection: Be sure to always install a mux for sync connect MINOR: connection: Preinstall the mux for non-ssl connect MINOR: stream-int: Be sure to have a mux to do sends and receives BUG/MINOR: lua: Fix a possible null pointer deref on lua ctx Emeric Brun (1): BUG/MEDIUM: resolve: fix init resolving for ring and peers section. Ilya Shipitsin (5): CI : travis-ci : prepare for using stock OpenSSL CI: travis-ci : switch to stock openssl when openssl-1.1.1 is used CI: travis-ci: use better name for Coverity scan job CI: travis-ci: use proper linking flags for SLZ build CLEANUP: assorted typo fixes in the code and comments Jackie Tapia (1): DOC: Use gender neutral language Jerome Magnin (2): BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status BUG/MAJOR: dns: don't treat Authority records as an error Lukas Tribus (1): DOC: ssl: req_ssl_sni needs implicit TLS William Lallemand (1): BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp() Willy Tarreau (13): BUG/MEDIUM: arg: empty args list must be dropped BUG/MAJOR: tasks: don't requeue global tasks into the local queue MINOR: tasks/debug: make the thread affinity BUG_ON check a bit stricter MINOR: tasks/debug: add a few BUG_ON() to detect use of wrong timer queue MINOR: tasks/debug: add a BUG_ON() check to detect requeued task on free CLEANUP: dns: remove 45 "return" statements from dns_validate_dns_response() BUG/MINOR: htx: add two missing HTX_FL_EOI and remove an unexpected one SCRIPTS: announce-release: add the link to the wiki in the announce messages BUG/MEDIUM: backend: always attach the transport before installing the mux BUG/MEDIUM: tcp-checks: always attach the transport before installing the mux MINOR: connection: avoid a useless recvfrom() on outgoing connections MINOR: mux-h1: do not even try to receive if the connection is not fully set up MINOR: mux-h1: do not try to receive on backend before sending a request ---
