Hi, HAProxy 3.1-dev4 was released on 2024/07/24. It added 113 new commits after version 3.1-dev3.
Some nice goodies came in this version: - QUIC now has support for sending frames using GSO, which can save quite some significant CPU cycles since a single syscall will be used for multiple datagrams. We found that there are restrictions to this such as certain network interfaces not supporting it (veth for example) so the mechanism implements an automatic fallback when the failure is detected. - SPOE: the old applet-based architecture was replaced with the new mux-based one which allows idle connections sharing between threads, as well as queuing, load balancing, stickiness etc per request instead of per-connection and adds a lot of flexibility to the engine. We'd appreciate it a lot if SPOE users would take some time to verify that it works at least as well for them as before (and hopefully even better). Some good ideas may spark. Please check Christopher's response to the SPOE thread for more info. - rings: the outgoing connections to a log server are now balanced over multiple threads, not just the first one, and the "max-reuse" server parameter is honored to force connections to be broken and recreated after a given number of messages in order to improve rebalancing as well as allow to gracefully renew backend connections (e.g. in case another layer of LB sits there). - ocsp: some processing was refined to better handle a corner case where the issuer chain is not in the same PEM file, though it also slightly changes how this is handled on the CLI. - variables: new "parent" scopes (psess, ptxn, preq, pres) to access the parent stream's sess/txn/req/res variables. For now, only used with SPOE to access the parent stream, but might be usable for other things later. - more info collected in post_mortem for "show dev" (e.g. process' boot and current limits etc). - speedup of startup with very high maxconn and thread counts by only scanning the known used FD range. We also fixed a few bugs, a very difficult to reproduce one which can make the H2 mux loop on certain truncated frames, needlessly wasting CPU until a restart, an issue with the bwlim filter which could cause wakeup loops due to a timeout in the past, a bug where "show threads" can crash the process on setups with less than 16 threads, a missing unlock in SSL OCSP code's error path, some late boot-time warnings that were not properly accounted regarding the zero-warning restriction, and a few other minor issues. And as usual there were some code cleanups (e.g. some "global" keywords parsers started to move to their own functions), cleanup of FD limits handling code, some doc updates (e.g. dedicated section about variables, OCSP and http-keep-alive section), and regtests. Even though it contains significant changes it's not expected to be broken (and it's already running on haproxy.org). SPOE is a big change that might have affect some of its users in case there would be an uncaught issue there (which is one extra reason for testing now), so please watch when testing it. Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/3.1/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy.git Changelog : https://www.haproxy.org/download/3.1/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (12): CLEANUP: quic: remove obsolete comment on send MINOR: quic: extend detection of UDP API OS features MINOR: quic: activate UDP GSO for QUIC if supported MINOR: quic: define quic_cc_path MTU as constant MINOR: quic: add GSO parameter on quic_sock send API MAJOR: quic: support GSO when encoding datagrams MEDIUM: quic: implement GSO fallback mechanism MINOR: quic: add counters of sent bytes with and without GSO CLEANUP: proto: rename TID affinity callbacks CLEANUP: quic: rename TID affinity elements BUG/MINOR: do not close uninit FD in quic_test_socketops() BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter Aurelien DARRAGON (15): MINOR: server: better mt_list usage for node migration (prev_deleted handling) MEDIUM: sink: start applets asynchronously OPTIM: sink: balance applets accross threads BUILD: tree-wide: cast arguments to tolower/toupper to unsigned char (2) BUG/MEDIUM: sink: properly init applet under sft lock MINOR: sink: unify and sink_forward_io_handler() and sink_forward_oc_io_handler() MINOR: sink: Remove useless test on SE_FL_SHR/SHW flags MINOR: sink: merge sink_forward_io_handler() with sink_forward_oc_io_handler() MINOR: sink: add some comments about sft->appctx usage in applet handlers MINOR: sink: distinguish between hard and soft close in _sink_forward_io_handler() MEDIUM: sink: don't set NOLINGER flag on the outgoing stream interface MINOR: ring: count processed messages in ring_dispatch_messages() MINOR: sink: add processed events counter in sft MEDIUM: sink: "max-reuse" support for sink servers OPTIM: sink: consider threads' current load when rebalancing applets Christopher Faulet (53): BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in past BUG/MINOR: session: Eval L4/L5 rules defined in the default section CLEANUP: stconn: Fix a typo in comments for SE_ABRT_SRC_* MEDIUM: spoe: Remove fragmentation support MEDIUM: spoe: Remove async mode support MINOR: spoe: Use only a global engine-id per agent MINOR: spoe: Remove debugging MAJOR: spoe: Remove idle applets and pipelining support MINOR: spoe: Remove the dedicated SPOE applet task MEDIUM: proxy/spoe: Add a SPOP mode MEDIUM: applet: Add a .shut callback function for applets MINOR: connection: No longer include stconn type header in connection-t.h MINOR: stconn: Use a dedicated function to get the opposite sedesc MINOR: spoe: Rename some flags and constant to use SPOP prefix MINOR: spoe: Dynamically alloc the message list per event of an agent MINOR: spoe: Move all stuff regarding the filter/applet in the C file MINOR: spoe: Move spoe_str_to_vsn() into the header file MEDIUM: mux-spop: Introduce the SPOP multiplexer MEDIUM: check/spoe: Use SPOP multiplexer to perform SPOP health-checks MAJOR: spoe: Rewrite SPOE applet to use the SPOP mux CLEANUP: spoe: Uniformize function definitions MINOR: spoe: Add internal sample fetch to retrieve the SPOE engine ID MEDIUM: spoe: Set a specific name for the connection pool of SPOP servers MINOR: backend: Remove test on HTX streams to reuse idle connections on connect MEDIUM: spoe: Force the reuse 'always' mode for SPOP backends MINOR: mux-spop: Use a dedicated function to update the SPOP connection timeout MAJOR: mux-spop: Make the SPOP connections reusable MINOR: stats-html: Display reuse ratio for spop connections MEDIUM: spoe: Directly xfer NOTIFY frame when SPOE applet is created MEDIUM: spoe: Directly receive ACK frame in the SPOE context buffer MEDIUM: mux-spop/spoe: Save negociated max-frame-size value in the mux MINOR: spoe: Remove the spop version from the SPOE appctx context MEDIUM: mux-spop: Add checks on received frames MEDIUM: mux-spop: Announce the pipeling support if possible MEDIUM: spoe: Forward SPOE context error to the SPOE applet MEDIUM: spoe: Make the SPOE applet use its own buffers DOC: spoe: Update SPOE documentation to reflect recent refactoring BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution BUG/MINOR: cli: Atomically inc the global request counter between CLI commands MINOR: stream: Add a pointer to set the parent stream MINOR: vars: Fill a description instead of hash and scope when a name is parsed MINOR: vars: Use a description to set/unset a variable instead of its hash and scope MEDIUM: vars: Be able to parse parent scopes for variables MINOR: vars: Use a variable description to get variables of a specific scope MEDIUM: vars: Be able to retrieve variable of the parent stream, if any MEDIUM: spoe: Set the parent stream for SPOE streams DOC: config: Add a dedicated section about variables DOC: config: Add info about variable scopes referencing the parent stream DOC: config: Explicitly state the SPOE streams have a usable parent stream MINOR: spoe: Add a function to validate a version is supported MINOR: spoe: export the list of SPOP error reasons MEDIUM: spoe/tcpcheck: Reintroduce SPOP check as a customized tcp-check REGTESTS: check/spoe: Re-enable the script performing SPOP health-checks Frederic Lecaille (2): BUG/MINOR: quic: Non optimal first datagram. MINOR: quic: Avoid cc priv buffer overflow. Lukas Tribus (1): DOC: install: don't reference removed CPU arg Valentine Krasnobaeva (20): MINOR: limits: prepare to keep limits in one place REORG: fd: move raise_rlim_nofile to limits CLEANUP: fd: rm struct rlimit definition REORG: global: move rlim_fd_*_at_boot in limits MINOR: haproxy: prepare to move limits-related code REORG: haproxy: move limits handlers to limits MINOR: limits: add is_any_limit_configured BUG/MINOR: limits: fix license type in limits.h MINOR: debug: prepare feed_post_mortem_late CLEANUP: debug: fix indents in debug_parse_cli_show_dev MINOR: debug: store runtime uid/gid in postmortem MINOR: debug: keep runtime capabilities in post_mortem MINOR: debug: use LIM2A to show limits MINOR: debug: prepare to show runtime limits MINOR: debug: keep runtime limits in postmortem BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path MEDIUM: ocsp: fix ocsp when the chain is loaded from 'issuers-chain-path' BUG/MEDIUM: startup: fix zero-warning mode MINOR: cfgparse-global: move mode's keywords in cfg_kw_list MINOR: cfgparse-global: move no<poller_name> in cfg_kw_list William Lallemand (5): MEDIUM: ssl: add extra_chain to ckch_data MINOR: ssl: change issuers-chain for show_cert_detail() REGTESTS: ssl: test the issuers-chain-path keyword DOC: configuration: issuers-chain-path not compatible with OCSP DOC: configuration: issuers-chain-path is compatible with OCSP Willy Tarreau (5): BUILD: mux-spop: fix build failure on gcc 4-10 and clang MINOR: fd: don't scan the full fdtab on all threads BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts BUG/MAJOR: mux-h2: force a hard error upon short read with pending error DOC: config: improve the http-keep-alive section ---