Hi, HAProxy 2.6-dev7 was released on 2022/04/23. It added 40 new commits after version 2.6-dev6.
This version addresses the stability issue that was affecting dev6, and chasing this bug gave the opportunity to simplify and clean up a few parts that remained needlessly complicated after the modification of the connection layer. A bug was found in the idle connections management code and it also affects 2.5, but it's extremely hard to hit (we couldn't reproduce it). It could randomly crash the process under high contention on the server side due to a missing lock. It's very unlikely anyone will meet it but as we're used to see reports after bugs are fixed, I prefer to warn upfront :-) The fix will be backported next week anyway. On the QUIC front, the multi-buffer output window is now effective so that the download bandwidth will not be limited by bufsize divided by RTT anymore, and POST should work better (there used to be truncated uploads and stalled transfers before this version, all of which have been addressed). More generally the retransmit code was improved. As requested in github issue #1604 by our SSL experts, DHE based ciphers are now disabled by default, and the DH params now default to those of RFC7919 instead of our locally-generated ones. The http-client now supports server certificate verification. Finally, the server queue management was made way more scalable with threads. Till now dequeuing would wake up next pending entry which could run on a different thread, resulting in a lot of entries in the shared run queue when many threads were running, causing a lot of contention on the scheduler's lock, thus slowing down the dequeuing and adding in turn contention on the queue's lock, to the point that a few users were seeing similar performance with N threads as with a single thread when queues were highly sollicitated. A small change was made both in the scheduler and in the dequeuing code to bypass this locking and completely address this issue. My tests showed performance gains from 4 to 10 on extreme workloads with 16 threads. I will likely apply yet another tiny update to improve fairness but as it is I consider the limitation addressed. I intend to eventually backport this to 2.5 and 2.4, given that I managed to trigger the watchdog during my initial tests. If some users are facing high CPU usages with deep backend queues reported in the stats, I would appreciate it if they could test 2.6-dev7 and share their experience. Please find the usual URLs below : Site index : http://www.haproxy.org/ Documentation : http://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/2.6/src/ Git repository : http://git.haproxy.org/git/haproxy.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy.git Changelog : http://www.haproxy.org/download/2.6/src/CHANGELOG Pending bugs : http://www.haproxy.org/l/pending-bugs Reviewed bugs : http://www.haproxy.org/l/reviewed-bugs Code reports : http://www.haproxy.org/l/code-reports Latest builds : http://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (14): MINOR: mux-quic: split xfer and STREAM frames build REORG: quic: use a dedicated module for qc_stream_desc MINOR: quic-stream: use distinct tree nodes for quic stream and qcs MINOR: quic-stream: add qc field MEDIUM: quic: implement multi-buffered Tx streams MINOR: quic-stream: refactor ack management MINOR: quic: limit total stream buffers per connection MINOR: mux-quic: implement immediate send retry MINOR: cfg-quic: define tune.quic.conn-buf-limit BUG/MINOR: mux-quic: unsubscribe on release BUG/MINOR: mux-quic: handle null timeout BUG/MINOR: mux-quic: remove dead code in qcs_xfer_data() BUG/MEDIUM: mux-quic: fix stalled POST requets BUG/MINOR: mux-quic: fix POST with abortonclose Christopher Faulet (10): DEV: stream: Fix conn-streams dump in full stream message CLEANUP: conn-stream: Rename cs_conn_close() and cs_conn_drain_and_close() CLEANUP: conn-stream: Rename cs_applet_release() MINOR: conn-stream: Rely on endpoint shutdown flags to shutdown an applet BUG/MINOR: cache: Disable cache if applet creation fails BUG/MINOR: backend: Don't allow to change backend applet BUG/MEDIUM: conn-stream: Set back CS to RDY state when the appctx is created MINOR: stream: Don't needlessly detach server endpoint on early client abort MINOR: conn-stream: Make cs_detach_* private and use cs_destroy() from outside BUG/MAJOR: connection: Never remove connection from idle lists outside the lock Frédéric Lécaille (1): BUG/MEDIUM: quic: Possible crash with released mux Remi Tricot-Le Breton (5): MINOR: ssl: Use DH parameters defined in RFC7919 instead of hard coded ones MEDIUM: ssl: Disable DHE ciphers by default BUILD: ssl: Fix compilation with OpenSSL 1.0.2 MINOR: ssl: Add 'show ssl providers' cli command and providers list in -vv option REGTESTS: ssl: Update error messages that changed with OpenSSLv3.1.0-dev William Lallemand (5): MINOR: init: add the pre-check callback MEDIUM: httpclient: change the init sequence MEDIUM: httpclient/ssl: verify required MINOR: httpclient/mworker: disable in the master process MEDIUM: httpclient/ssl: verify is configurable and disabled by default Willy Tarreau (5): BUILD: calltrace: fix wrong include when building with TRACE=1 BUG/MEDIUM: logs: fix http-client's log srv initialization MINOR: task: add a new task_instant_wakeup() function MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks DOC: remove my name from the config doc ---
