Hi, HAProxy 2.8-dev3 was released on 2023/02/04. It added 98 new commits after version 2.8-dev2.
As usual, there were quite a bunch of QUIC fixes and improvements in this version, most particularly one fix for a possible crash when dealing with 1-RTT packets during 0-RTT, or when dealing with heavy retransmissions, and a number of less visible issues. There's also a new config setting "tune.quic.max-frame-loss" to set the limit on the number of failed retransmits of a frame (10 by default). Full support for RFC7239 ("Forwarded" header) was added via "option forwarded", as an alternative for "option forwardfor" which sets the non-standard but universally accepted "x-forwarded-for" header. It allows to adjust which sub-fields will be present in the output header (proto, host, by, for) and to decide whether to pick the default ones or to set them from an expression. One benefit of the Forwarded header is that it is non-ambiguous when multiple elements are added (e.g. protocol and source) since all the elements are added together for one header field entry, so there's no risk of mis-association between one iteration of the x-forwarded-proto header and the x-forwarded-for one for example. The H2 and H3 traces were improved; the H2 traces are finally able to report received and sent headers. Speaking about traces, some traces could occasionally be lost on exit due to munmap() being done without msync(); this was now addressed. The "thread" directive on "bind" lines now supports larger ranges and multiple thread groups, though it is not possible to bind a single listener to multiple groups yet (but we're making progress on this). It's however possible using shards to have a single "bind" line run on multiple groups at once (i.e. "shards by-thread" will now be sufficient). Finally the stats will report the distribution of h1/h2/h3 requests and connections. And that's about all. Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.8/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy.git Changelog : https://www.haproxy.org/download/2.8/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (19): MINOR: mux-quic/h3: send SETTINGS as soon as transport is ready BUG/MINOR: h3: fix GOAWAY emission BUG/MEDIUM: mux-quic: fix crash on H3 SETTINGS emission BUG/MEDIUM: h3: do not crash if no buf space for trailers OPTIM: h3: skip buf realign if no trailer to encode MINOR: mux-quic/h3: define stream close callback BUG/MEDIUM: h3: handle STOP_SENDING on control stream BUG/MINOR: h3: reject RESET_STREAM received for control stream MINOR: h3: add missing traces on closure BUG/MINOR: h3: fix crash due to h3 traces BUG/MINOR: h3: fix crash due to h3 traces BUILD: makefile: fix PCRE overriding specific lib path MINOR: quic: remove fin from quic_stream frame type MINOR: quic: ensure offset is properly set for STREAM frames MINOR: quic: define new functions for frame alloc MINOR: quic: refactor frame deallocation MEDIUM: quic: implement a retransmit limit per frame MINOR: quic: add config for retransmit limit BUG/MEDIUM: quic: do not split STREAM frames if no space Aurelien DARRAGON (25): DEV: hpack: fix `trash` build regression MINOR: http_htx: add http_append_header() to append value to header MINOR: http_htx: add http_prepend_header() to prepend value to header MINOR: sample: add ARGC_OPT MINOR: proxy: introduce http only options MINOR: proxy/http_ext: introduce proxy forwarded option REGTEST: add ifnone-forwardfor test MINOR: proxy: move 'forwardfor' option to http_ext MINOR: proxy: move 'originalto' option to http_ext MINOR: http_ext: introduce http ext converters MINOR: http_ext: add rfc7239_is_valid converter MINOR: http_ext: add rfc7239_field converter MINOR: http_ext: add rfc7239_n2nn converter MINOR: http_ext: add rfc7239_n2np converter REGTEST: add RFC7239 forwarded header tests OPTIM: http_ext/7239: introduce c_mode to save some space MINOR: http_ext/7239: warn the user when fetch is not available MEDIUM: proxy/http_ext: implement dynamic http_ext MINOR: cfgparse/http_ext: move post-parsing http_ext steps to http_ext DOC: config: fix option spop-check proxy compatibility BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section DOC: config: 'http-send-name-header' option may be used in default section BUG/MINOR: http_ext/7239: ipv6 dumping relies on out of scope variables BUG/MEDIUM: thread: consider secondary threads as idle+harmless during boot BUG/MINOR: stats: use proper buffer size for http dump Christopher Faulet (1): BUG/MINOR: mux-h2: Fix possible null pointer deref on h2c in _h2_trace_header() Frédéric Lécaille (9): MINOR: stats: add by HTTP version cumulated number of sessions and requests BUG/MINOR: quic: Possible stream truncations under heavy loss BUG/MINOR: quic: Too big PTO during handshakes MINOR: quic: Add a trace about variable states in qc_prep_fast_retrans() BUG/MINOR: quic: Do not ignore coalesced packets in qc_prep_fast_retrans() MINOR: quic: When probing Handshake packet number space, also probe the Initial one BUG/MAJOR: quic: Possible crash when processing 1-RTT during 0-RTT session MEDIUM: quic: Remove qc_conn_finalize() from the ClientHello TLS callbacks BUG/MINOR: quic: Unchecked source connection ID Olivier Houchard (1): MINOR: connection: add a BUG_ON() to detect destroying connection in idle list Remi Tricot-Le Breton (2): BUG/MINOR: ssl: Fix leaks in 'update ssl ocsp-response' CLI command MINOR: ssl: Remove debug fprintf in 'update ssl ocsp-response' cli command William Lallemand (1): BUG/MEDIUM: ssl: wrong eviction from the session cache tree Willy Tarreau (40): BUG/MINOR: sink: make sure to always properly unmap a file-backed ring DEV: haring: add a new option "-r" to automatically repair broken files BUG/MEDIUM: hpack: fix incorrect huffman decoding of some control chars BUG/MINOR: log: release global log servers on exit BUG/MINOR: ring: release the backing store name on exit BUG/MINOR: sink: free the forwarding task on exit CLEANUP: trace: remove the QUIC-specific ifdefs MINOR: trace: add a TRACE_ENABLED() macro to determine if a trace is active MINOR: trace: add a trace_no_cb() dummy callback for when to use no callback MINOR: trace: add the long awaited TRACE_PRINTF() MINOR: h2: add h2_phdr_to_ist() to make ISTs from pseudo headers MEDIUM: mux-h2/trace: add tracing support for headers CLEANUP: mux-h2/trace: shorten the name of the header enc/dec functions OPTIM: htx: inline the most common memcpy(8) CLEANUP: quic: no need for atomics on packet refcnt MEDIUM: listener: move the analysers mask to the bind_conf MINOR: listener: move maxseg and tcp_ut to bind_conf MINOR: listener: move maxaccept from listener to bind_conf MINOR: listener: move the backlog setting from listener to bind_conf MINOR: listener: move the maxconn parameter to the bind_conf MINOR: listener: move the ->accept callback to the bind_conf MINOR: listener: remove the useless ->default_target field MINOR: listener: move the nice field to the bind_conf MINOR: listener: move the NOLINGER option to the bind_conf MINOR: listener: move the NOQUICKACK option to the bind_conf MINOR: listener: move the DEF_ACCEPT option to the bind_conf MINOR: listener: move TCP_FO to bind_conf MINOR: listener: move the ACC_PROXY and ACC_CIP options to bind_conf MINOR: listener: move LI_O_UNLIMITED and LI_O_NOSTOP to bind_conf MINOR: listener: get rid of LI_O_TCP_L4_RULES and LI_O_TCP_L5_RULES CLEANUP: listener: remove the now unused options field MINOR: listener: remove the now useless LI_F_QUIC_LISTENER flag CLEANUP: config: remove test for impossible case regarding bind thread mask MINOR: thread: add a simple thread_set API MEDIUM: listener/config: make the "thread" parser rely on thread_sets CLEANUP: config: stop using bind_tgroup and bind_thread CLEANUP: listener/thread: remove now unused bind_conf's bind_tgroup/bind_thread CLEANUP: listener/config: remove the special case for shards==1 MEDIUM: config: restrict shards, not bind_conf to one group each BUILD: thread: fix build warnings with older gcc compilers ---