Hi,
HAProxy 2.4.23 was released on 2023/06/09. It added 83 new commits
after version 2.4.22.
As you can imagine, after 4 months since the last release, this one brings
several fixes. To sum up:
* The SPOE was fixed to limit the number of idle applets on edge cases. On
sporadic bursts, it was possible to systematically start new applets
because the SPOE processing frequency was lower than the messages rate,
and this independently on the number of idle applets. The idle applets
tracking was improved to be able to properly reuse them.
This fix revealed a flaw in the way synchronous frames were handled,
leading to a raise of the message processing latency. To fix this issue,
in synchronous mode, a SPOE applet will now systematically try to send a
frame when it is woken up, except if it is still waiting for a ACK frame
after a receive attempt.
Finally, a crash for engines configured on disabled proxies was
fixed. SPOE engines must not be released for such proxies during the
startup because some resources may be shared with other engines, for
instance the ACLs.
* The total boot time is now measured. It is used to postpone the startup
of health checks. It is pretty useful for very large configurations
taking up few seconds to start, to not schedule some servers' checks in
past. This also helps to have a better distribution of health-checks
when "spread-checks" option is used. In addition, the spread-checks is
also used at boot time, making the load much smoother from the start.
* We now force the connect timeout for the DNS resolution. The "resolve"
timeout is used to set its value. Have no connect timeout was an issue
for resolution over TCP. Connection failures might take quite long to
report, leading to an excess of unusable DNS sessions in connecting
state. It was especially visible on soft-stop because this prevented the
process to quickly exit. Still on the DNS, errors are now properly
handled when a response is consumed. This was an issue for truncated
responses followed by an abort. The applet could ignore the abort and
loop waiting for more data until a timeout is triggered. A similar issue
was fixed in the syslog applet.
* A lua bug was fixed. Except for lua tasks, it is no longer possible to
register functions at runtime. It was clearly stated in the
documentation, but nothing forbidden it in the code. An error is now
triggered if this happens, preventing potential segfaults.
* Aurélien fixed wrong report for tracking servers leaving drain state. He
also centralized proxy and server stats updates on server state
transition to be sure to not miss an update on some transitions.
* The idle connections detection was improved to not consider connections
waiting to be removed as idle.
* The pool_gc() calls that were made a bit too often on stopping proxies
were relaxed. Sometimes they were causing excess memory contention and
were even competing against malloc_trim().
* It was possible to trigger the watchdog purging stick-tables on
soft-stop. To not spend too much time purging expired entries, we now
enforce a budget limitation and the purge is performed in several
steps. In addition, memory is reclaimed only when entries are
released. Indeed, this operation involves a call to malloc_trim() on
glibc, which is rather expensive.
* ssl-min-ver and ss-max-ver parameters are now duplicated for bundles
in crt-list.
* The read expiration date is now updated on synchronous sends for all
streams except independent ones. This fixed an old bug when a filter
is configured. Write activities on synchronous sends were lost. With
slow clients uploading large object, it was possible to reach the
server timeout.
* An error is now reported during configuration parsing when the "len"
argument of a stick table type contains incorrect characters.
* The strict-sni documentation was updated to state it is possible to
start without certificate on a bind line.
* a section about size format was added in the configuration manual.
* The cache failed to cache a response for a request that had the
"no-cache" directive (typically a forced reload). This prevented from
refreshing the cache this way, this is now fixed.
* Layer7 retries did not work anymore on the "empty-response" condition
due to a change that was made in 2.4.
* Some rare bind errors on UNIX sockets were not correctly reported on
startup.
* an issue affecting the H1 multiplexer was fixed. If the reponse was
fully transferred before the whole request is read, there was a risk
that the channel is left open without any further processing. In the
end, this caused the stream to enter a spinning loop which triggered an
assertion failure crash.
There are other minor fixes but I can't remember the context. Check the
changelog above for the full list of changes.
Thanks everyone for your contributions and you hepl !
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/2.4/src/
Git repository : https://git.haproxy.org/git/haproxy-2.4.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-2.4.git
Changelog : https://www.haproxy.org/download/2.4/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
---
Complete changelog :
Aurelien DARRAGON (22):
DEV: hpack: fix `trash` build regression
BUG/MINOR: proto_ux: report correct error when bind_listener fails
BUG/MINOR: protocol: fix minor memory leak in protocol_bind_all()
BUG/MINOR: sock_unix: match finalname with tempname in sock_unix_addrcmp()
MINOR: proxy/pool: prevent unnecessary calls to pool_gc()
BUG/MINOR: sink: free forward_px on deinit()
BUG/MINOR: log: free log forward proxies on deinit()
BUG/MINOR: hlua: enforce proper running context for register_x functions
CLEANUP: hlua: fix conflicting comment in hlua_ctx_destroy()
BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop
BUG/MINOR: hlua: unsafe hlua_lua2smp() usage
BUG/MINOR: log: fix memory error handling in parse_logsrv()
BUG/MINOR: proxy: missing free in free_proxy for redirect rules
BUG/MINOR: server: incorrect report for tracking servers leaving drain
MINOR: server: explicitly commit state change in srv_update_status()
BUG/MINOR: server: don't miss proxy stats update on server state
transitions
BUG/MINOR: server: don't miss server stats update on server state
transitions
BUG/MINOR: server: don't use date when restoring last_change from state
file
MINOR: proxy: add http_free_redirect_rule() function
BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule()
BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line
BUG/MINOR: proxy: add missing interface bind free in free_proxy
Christopher Faulet (25):
DOC: config: Fix description of options about HTTP connection modes
DOC: config: Add the missing tune.fail-alloc option from global listing
DOC: config: Clarify the meaning of 'hold' in the 'resolvers' section
BUG/MINOR: http-check: Don't set HTX_SL_F_BODYLESS flag with a log-format
body
BUG/MINOR: http-check: Skip C-L header for empty body when it's not
mandatory
BUG/MINOR: http-ana: Do a L7 retry on read error if there is no response
BUG/MEDIUM: spoe: Don't set the default traget for the SPOE agent frontend
BUG/MEDIUM: connection: Clear flags when a conn is removed from an idle
list
BUG/MEDIUM: connection: Preserve flags when a conn is removed from an
idle list
BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription
BUG/MEDIUM: channel: Improve reports for shut in co_getblk()
BUG/MEDIUM: dns: Properly handle error when a response consumed
BUG/MEDIUM: resolvers: Force the connect timeout for DNS resolutions
REGTESTS: fix the race conditions in log_uri.vtc
BUG/MEDIUM: log: Properly handle client aborts in syslog applet
CLEANUP: backend: Remove useless debug message in assign_server()
BUG/MEDIUM: Update read expiration date on synchronous send
BUG/MINOR: tcp-rules: Don't shortened the inspect-delay when EOI is set
DOC: config: Clarify conditions to shorten the inspect-delay for TCP rules
MINOR: spoe: Don't stop disabled proxies
BUILD: mjson: Fix warning about unused variables
BUG/MEDIUM: spoe: Don't start new applet if there are enough idle ones
BUG/MEDIUM: filters: Don't deinit filters for disabled proxies during
startup
DOC: config: Fix bind/server/peer documentation in the peers section
BUG/MINOR: spoe: Only skip sending new frame after a receive attempt
Daniel Epperson (1):
DOC: add size format section to manual
David Carlier (1):
BUILD: da: extends CFLAGS to support API v3 from 3.1.7 and onwards.
Frédéric Lécaille (1):
CONTRIB: Add vi file extensions to .gitignore
Ilia Shipitsin (2):
CI: switch to Fastly CDN to download LibreSSL
BUILD: ssl: switch LibreSSL to Fastly CDN
Ilya Shipitsin (2):
CI: bump "actions/checkout" to v3 for cross zoo matrix
CI: cirrus-ci: bump FreeBSD image to 13-1
Mariam John (1):
DOC/MINOR: config: Fix typo in description for `ssl_bc` in
configuration.txt
Michael Prokop (1):
DOC/CLEANUP: fix typos
Remi Tricot-Le Breton (4):
BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in
crt-list
BUG/MINOR: cache: Cache response even if request has "no-cache" directive
BUG/MINOR: cache: Check cache entry is complete in case of Vary
BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback
William Lallemand (7):
BUG/MINOR: mworker: stop doing strtok directly from the env
BUG/MEDIUM: mworker: don't register mworker_accept_wrapper() when master
FD is wrong
MINOR: startup: HAPROXY_STARTUP_VERSION contains the version used to start
BUG/MINOR: mworker: prevent incorrect values in uptime
DOC: config: strict-sni allows to start without certificate
MINOR: proxy: check if p is NULL in free_proxy()
BUG/MINOR: stick_table: alert when type len has incorrect characters
Willy Tarreau (16):
BUG/MINOR: sched: properly report long_rq when tasks remain in the queue
BUG/MEDIUM: sched: allow a bit more TASK_HEAVY to be processed when needed
BUG/MINOR: ring: do not realign ring contents on resize
BUG/MINOR: init: properly detect NUMA bindings on large systems
BUG/MINOR: init: make sure to always limit the total number of threads
BUG/MINOR: mux-h2: make sure the h2c task exists before refreshing it
BUG/MEDIUM: listener: duplicate inherited FDs if needed
BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path
BUG/MINOR: cfgparse: make sure to include openssl-compat
BUG/MINOR: mux-h2: make sure to produce a log on invalid requests
MINOR: checks: make sure spread-checks is used also at boot time
MINOR: clock: measure the total boot time
BUG/MINOR: checks: postpone the startup of health checks by the boot time
BUG/MINOR: clock: fix the boot time measurement method for 2.6 and older
SCRIPTS: publish-release: update the umask to keep group write access
BUG/MINOR: debug: do not emit empty lines in thread dumps
--
Christopher Faulet
