Hi,
HAProxy 2.5-dev12 was released on 2021/11/02. It added 65 new commits
after version 2.5-dev11. It comes a bit later than I would have liked
but we've been struggling on another remaining bug in the resolvers
that required some fair amount of analysis to knock down, and I didn't
feel like releasing saying "resolvers still bogus".
Overall, I'm observing the expected cool down in the complexity and risk
of the stuff that's getting merged, so thanks for that! Most of them were
bug fixes, build fixes, doc updates and code cleanups. Aside these, I'm
seeing:
- merge of the work on splitting the src/dst info from the connection so
there there's finally one set of each per layer (connection, session,
stream). Thus now an http-request set-src will no longer mistakenly
affect all other streams sharing the same connection, but only the
request itself. However if done at the TCP session or connection level,
all streams will see the update. With this also come a few new sample
fetch functions to retrieve source and destinations at various levels
(e.g. fc_src for the connection) so that it's now possible to retrieve
the original source address of an incoming proxy that connects using
the proxy protocol. The "set-src" and "set-src-port" actions were also
added to the "tcp-request content" rulesets.
- the "tcp-request connection" rules now support "set-var-fmt" and
"set-var", which can act on "proc." and "sess." scoped variables.
- merged the one-liner output type change of the var() sample fetch
function to stop pretending to be a string when it isn't (and fixed
our faulty regtest accordingly, given that we weren't immune to the
risk of bugs ourselves)
- added a few output filtering options to halog to extract query string
parameters and HTTP headers
- httpclient: finish the streaming part for the body: it's now possible
to send a body larger than an internal buffer, and the Lua binding also
supports it. More methods are also supported now by default (GET, HEAD,
PUT, POST, DELETE), and an immediate error can now be generated when
the request couldn't be generated. I personally think that we now have
everything needed to much more easily interact with external HTTP-based
services or APIs.
Regarding the remaining stuff I'm aware of:
- I've reviewed Björn's current MPTCP patches which need to be polished,
but it looks like it's simply a matter of rebasing them, adding commit
messages and writing a few extra lines of doc, which is basically all
that kept me from merging almost half of it that's just pure cleanups.
I'm obviously not going to pressure him, but what I've seen left is so
trivial now that I will probably not object to a late merge.
- Jaroslaw's interest in having one set of map_*() converters return the
matching key instead of a value is quite interesting, and could turn
out to be 10 isolated lines, or could be trickier, I really don't know.
I think it's worth checking at least. We're getting close to a release
but on the other hand, if that's really trivial, why not have it ?
- Jaroslaw's leastconn improvements raised some difficulties between
allocating inside locks (not desirable especially in such high-speed
areas) or using a lot more RAM (not desirable either). We've discussed
ways to improve this but these add some complexity to the solution,
so for me it's getting too tight now and I'd rather postpone to 2.6.
- William is checking what's required to always let the master process
enter the wait mode after a successful start and not just after a failed
one. Similarly if it ends up being simple enough, better have it now so
that we stop eating twice the amount of RAM once for all.
- Christopher is currently trying to make a unified converter from Tim's
normalize-uri actions, so that we could us it in a safe way (e.g. path
normalization) and apply it to other areas (query string parameters,
HTTP headers etc). If that works fine, I'd rather mark the normalize-uri
one deprecated since it was introduced late in 2.4 so as to warn users
early enough. No rush on this one anyway.
- Amaury has some patches to address the WebSocket-over-H2 fun on the
server side (the problem of reusing connections which possibly do not
support it, and to tag them appropriately). We're going to review this
tomorrow, and a part of it will have to be backported anyway.
- a few low-hanging fruits like adding some options to some converters
etc.
And I think that's approximately all for this release. Some issues that have
kept us busy for some time are now resolved. SSL renegotiation was finally
caused by the muxes: H2 was fixed by accident and H1 was fixed in this
release, a case of CPU loop was just addressed, and resolvers are hopefully
well-behaved now.
If all goes well, we could have dev13 this week-end with the pending stuff
from above, leave another week of tests and final fixes, and maybe issue
2.5-final on the week-end, after. If we face issues, that might easily
postpone by two more weeks as there's the HAProxyConf on 16-17, and I don't
expect much bug-chasing from those finishing to prepare their talks, which
would be quite fair :-)
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Wiki : https://github.com/haproxy/wiki/wiki
Sources : http://www.haproxy.org/download/2.5/src/
Git repository : http://git.haproxy.org/git/haproxy.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy.git
Changelog : http://www.haproxy.org/download/2.5/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Anubhav (1):
DOC: Typo fixed "it" should be "is"
Christopher Faulet (32):
CLEANUP: lua: Remove any ambiguities about lua txn execution context flags
CLEANUP: connection: No longer export make_proxy_line_v1/v2 functions
CLEANUP: tools: Use const address for get_net_port() and get_host_port()
CLEANUP: lua: Use a const address to retrieve info about a connection
MINOR: connection: Add function to get src/dst without updating the
connection
MINOR: session: Add src and dst addresses to the session
MINOR: stream-int: Add src and dst addresses to the stream-interface
MINOR: frontend: Rely on client src and dst addresses at stream level
MINOR: log: Rely on client addresses at the appropriate level to log
messages
MINOR: session: Rely on client source address at session level to log
error
MINOR: http-ana: Rely on addresses at stream level to set xff and xot
headers
MINOR: http-fetch: Rely on addresses at stream level in HTTP sample
fetches
MINOR: mux-fcgi: Rely on client addresses at stream level to set default
params
MEDIUM: tcp-sample: Rely on addresses at the appropriate level in tcp
samples
MEDIUM: connection: Rely on addresses at stream level to make proxy line
MEDIUM: backend: Rely on addresses at stream level to init server
connection
MEDIUM: connection: Assign session addresses when PROXY line is received
MEDIUM: connection: Assign session addresses when NetScaler CIP proto is
parsed
MEDIUM: tcp-act: Set addresses at the apprioriate level in set-(src/dst)
actions
MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules
DOC: config: Fix alphabetical order of fc_* samples
MINOR: tcp-sample: Add samples to get original info about client
connection
REGTESTS: Add script to test client src/dst manipulation at different
levels
MINOR: stream: Use backend stream-interface dst address instead of
target_addr
BUILD: log: Fix compilation without SSL support
BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed
BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released
BUG/MEDIUM: resolvers: Don't recursively perform requester unlink
BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout
expiration
BUG/MEDIUM: stream-int: Block reads if channel cannot receive more data
BUG/MEDIUM: resolvers: Track api calls with a counter to free resolutions
MINOR: stream: Improve dump of bogus streams
David Carlier (2):
BUILD: atomic: fix build on mac/arm64
BUILD/MINOR: cpuset freebsd build fix
Jaroslaw Rzeszótko (1):
MINOR: vars: add "set-var" for "tcp-request connection" rules.
John Roesler (1):
DOC/peers: some grammar fixes for peers 2.1 spec
Remi Tricot-Le Breton (2):
BUG/MINOR: http: Authorization value can have multiple spaces after the
scheme
BUG/MINOR: http: http_auth_bearer fetch does not work on custom header
name
Tim Duesterhus (10):
MINOR: halog: Add -qry parameter allowing to preserve the query string in
-uX
CLEANUP: jwt: Remove the use of a trash buffer in jwt_jwsverify_hmac()
CLEANUP: jwt: Remove the use of a trash buffer in
jwt_jwsverify_rsa_ecdsa()
DEV: coccinelle: Add realloc_leak.cocci
CLEANUP: hlua: Remove obsolete branch in `hlua_alloc()`
DOC: halog: Move the `-qry` parameter into the correct section in help
text
MINOR: halog: Rename -qry to -query
CLEANUP: halog: Use consistent indentation in help()
BUG/MINOR: halog: Add missing newlines in die() messages
MINOR: halog: Add support for extracting captures using -hdr
William Lallemand (8):
MINOR: httpclient: support payload within a buffer
MINOR: httpclient/lua: support more HTTP methods
MINOR: httpclient/lua: return an error when it can't generate the request
MINOR: httpclient: request streaming with a callback
MINOR: httpclient/lua: handle the streaming into the lua applet
REGTESTS: lua: test httpclient with body streaming
BUG/MINOR: httpclient/lua: misplaced luaL_buffinit()
BUG/MINOR: httpclient: use a placeholder value for Host header
Willy Tarreau (7):
DEBUG: protocol: yell loudly during registration of invalid sock_domain
MINOR: protocols: add a new protocol type selector
MINOR: protocols: make use of the protocol type to select the protocol
MINOR: protocols: replace protocol_by_family() with protocol_lookup()
BUILD: atomic: prefer __atomic_compare_exchange_n() for __ha_cas_dw()
MINOR: atomic: remove the memcpy() call and dependency on string.h
MEDIUM: vars: make the var() sample fetch function really return type ANY
vishnu (1):
BUG/MEDIUM: lua: fix invalid return types in hlua_http_msg_get_body
---
