Hi, HAProxy 3.0-dev10 was released on 2024/05/04. It added 47 new commits after version 3.0-dev9.
This week was short, with days off explaining the reduced number of commits, but there are still interesting ones that made it worth producing another release. Last week's log updates caused a few small regressions in the log format production (e.g. when dealing with empty fields surrounded by spaces), and these are now fixed here. That just reminds us that the expectations between logs and other uses of log formats is probably starting to diverge quite a bit, between logs, headers, health checks, http-return, error files etc, and that probably at some point we should start to think about specifying variations depending on the use case, or maybe even think about performing some unifying changes that could cause tiny differences that might require some to slightly adjust their log formats. The offender here is the %hr log format which can be empty and cause the following space to be dropped, or non-empty and respect the space. That doesn't fit well with the principle of concatenating fields as they are, e.g. when building a header, check or body. That's just some food for later anyway. Oh, and speaking about logs, the tiny performance drop I spoke about last week was now recovered. Another point is that historically, "bind" and "server" lines would silently ignore the "namespace" argument for UNIX sockets, just because code paths were different, UNIX sockets had their own socket() call, and when namespaces were introduced, UNIX sockets simply did not support them. But this changed long ago and it could be surprising for someone genuinely configuring that to see the namespace being ignored. Now the code paths were refactored so that the same code is used to create all sockets and UNIX sockets can now naturally make use of namespaces when configured. Another point regarding namespaces is that it's one of the cases where capabilitiy cap_sys_admin is required but it wasn't reported then. Now this is properly checked for, it is reported if missing, and a new "cap_sys_admin" capability was added to enable them without running as root. Finally, when the capability is missing, instead of saying "failed to create socket", the error will explicitly state the permission issue when facing EPERM; this should help users spot where the problem is. The HTTP client now has an option to use either origin or absolute URIs. This should make it easier to configure to talk to old servers which are not spec-compliant and do not support absolute URIs. This is being used now by the ocsp_update agent via a new setting "ocsp-update.httpproxy". Concerning the reloadable stats counters, the support for the rate counters and the age types were added. For example a server's last state change should now be transferred correctly. The rest is some cleanups, spelling fixes in doc and code, CI updates (test on NetBSD 10), and a few more reg tests (including one for the recently fixed Vary header processing). Last week I mentioned my intent to try to fix the buffer_wait infrastructure that deals with low-memory condition. I thought I had something really about to work until I noticed a bug which, once fixed, got me back to the original situation. Maybe it's just a matter of re-studying the situation and it could now be quick, or it's more subtle. So in any case for now I'm not merging anything until I understand the root cause of all this. I haven't completely lost hope yet ;-) It's just that it takes time away from a lot of other things... Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/3.0/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy.git Changelog : https://www.haproxy.org/download/3.0/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (14): BUG/MINOR: stats: replace objt_* by __objt_* macros MINOR: stats: fix visual alignment for stat_cols_px definition MINOR: stats: convert req_tot as generic column MINOR: stats: prepare stats-file support for values other than FN_COUNTER MINOR: counters: move freq-ctr from proxy/server into counters struct MINOR: stats: support rate in stats-file MINOR: stats: convert rate as generic column for proxy stats MINOR: counters: move last_change into counters struct MINOR: stats: support age in stats-file MINOR: stats: convert age as generic column for proxy stat REORG: stats: define stats-proxy source module MINOR: stats: extract proxy clear-counter in a dedicated function REGTESTS: stats: add test stats-file counters preload REGTESTS: replace REQUIRE_VERSION by version_atleast Aurelien DARRAGON (15): CLEANUP: tools/cbor: rename cbor_encode_ctx struct members MINOR: log/cbor: _lf_cbor_encode_byte() explicitly requires non-NULL ctx BUG/MINOR: log: fix global lf_expr node options behavior CLEANUP: log: add a macro to know if a lf_node is configurable BUG/MINOR: log/encode: consider global options for key encoding BUG/MINOR: log/encode: fix potential NULL-dereference in LOGCHAR() BUG/MINOR: log: fix global lf_expr node options behavior (2nd try) MINOR: log/cbor: _lf_cbor_encode_byte() explicitly requires non-NULL ctx (again) BUG/MEDIUM: log: don't ignore disabled node's options MEDIUM: log: optimizing tmp->type handling in sess_build_logline() BUG/MINOR: log: prevent double spaces emission in sess_build_logline() OPTIM: log: declare empty buffer as global variable OPTIM: log: use thread local lf_buildctx to stop pushing it on the stack OPTIM: log: use lf_buildctx's buffer instead of temporary stack buffers OPTIM: log: speedup date printing in sess_build_logline() when no encoding is used Ilia Shipitsin (2): CI: netbsd: adjust packages after NetBSD-10 released CLEANUP: assorted typo fixes in the code and comments Remi Tricot-Le Breton (2): BUG/MEDIUM: cache: Vary not working properly on anything other than accept-encoding REGTESTS: cache: Add test on 'vary' other than accept-encoding Valentine Krasnobaeva (7): MINOR: sock: rename sock to sock_fd in sock_create_server_socket MEDIUM: proto_uxst: take in account server namespace MEIDUM: unix sock: use my_socketat to create bind socket MINOR: sock_set_mark: take sock family in account MEDIUM: proto: make common fd checks in sock_create_server_socket MINOR: sock: add EPERM case in sock_handle_system_err MINOR: capabilities: add cap_sys_admin support William Lallemand (6): MINOR: httpclient: allow to use absolute URI with new flag HC_F_HTTPROXY MINOR: ssl: introduce ocsp_update.http_proxy for ocsp-update keyword CLEANUP: ssl: clean the includes in ssl_ocsp.c CLEANUP: ssl: move the global ocsp-update options parsing to ssl_ocsp.c CLEANUP: ssl: rename new_ckch_store_load_files_path() to ckch_store_new_load_files_path() MINOR: ssl: rename ocsp_update.http_proxy into ocsp-update.httpproxy Willy Tarreau (1): BUG/MINOR: stconn: don't wake up an applet waiting on buffer allocation ---
