Hi,
HAProxy 3.1-dev4 was released on 2024/07/24. It added 113 new commits
after version 3.1-dev3.
Some nice goodies came in this version:
- QUIC now has support for sending frames using GSO, which can save
quite some significant CPU cycles since a single syscall will be used
for multiple datagrams. We found that there are restrictions to this
such as certain network interfaces not supporting it (veth for example)
so the mechanism implements an automatic fallback when the failure is
detected.
- SPOE: the old applet-based architecture was replaced with the new
mux-based one which allows idle connections sharing between threads,
as well as queuing, load balancing, stickiness etc per request instead
of per-connection and adds a lot of flexibility to the engine. We'd
appreciate it a lot if SPOE users would take some time to verify that
it works at least as well for them as before (and hopefully even
better). Some good ideas may spark. Please check Christopher's
response to the SPOE thread for more info.
- rings: the outgoing connections to a log server are now balanced over
multiple threads, not just the first one, and the "max-reuse" server
parameter is honored to force connections to be broken and recreated
after a given number of messages in order to improve rebalancing as
well as allow to gracefully renew backend connections (e.g. in case
another layer of LB sits there).
- ocsp: some processing was refined to better handle a corner case where
the issuer chain is not in the same PEM file, though it also slightly
changes how this is handled on the CLI.
- variables: new "parent" scopes (psess, ptxn, preq, pres) to access the
parent stream's sess/txn/req/res variables. For now, only used with
SPOE to access the parent stream, but might be usable for other things
later.
- more info collected in post_mortem for "show dev" (e.g. process'
boot and current limits etc).
- speedup of startup with very high maxconn and thread counts by only
scanning the known used FD range.
We also fixed a few bugs, a very difficult to reproduce one which can make
the H2 mux loop on certain truncated frames, needlessly wasting CPU until
a restart, an issue with the bwlim filter which could cause wakeup loops
due to a timeout in the past, a bug where "show threads" can crash the
process on setups with less than 16 threads, a missing unlock in SSL OCSP
code's error path, some late boot-time warnings that were not properly
accounted regarding the zero-warning restriction, and a few other minor
issues.
And as usual there were some code cleanups (e.g. some "global" keywords
parsers started to move to their own functions), cleanup of FD limits
handling code, some doc updates (e.g. dedicated section about variables,
OCSP and http-keep-alive section), and regtests.
Even though it contains significant changes it's not expected to be
broken (and it's already running on haproxy.org). SPOE is a big change
that might have affect some of its users in case there would be an
uncaught issue there (which is one extra reason for testing now), so
please watch when testing it.
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/3.1/src/
Git repository : https://git.haproxy.org/git/haproxy.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy.git
Changelog : https://www.haproxy.org/download/3.1/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Amaury Denoyelle (12):
CLEANUP: quic: remove obsolete comment on send
MINOR: quic: extend detection of UDP API OS features
MINOR: quic: activate UDP GSO for QUIC if supported
MINOR: quic: define quic_cc_path MTU as constant
MINOR: quic: add GSO parameter on quic_sock send API
MAJOR: quic: support GSO when encoding datagrams
MEDIUM: quic: implement GSO fallback mechanism
MINOR: quic: add counters of sent bytes with and without GSO
CLEANUP: proto: rename TID affinity callbacks
CLEANUP: quic: rename TID affinity elements
BUG/MINOR: do not close uninit FD in quic_test_socketops()
BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter
Aurelien DARRAGON (15):
MINOR: server: better mt_list usage for node migration (prev_deleted
handling)
MEDIUM: sink: start applets asynchronously
OPTIM: sink: balance applets accross threads
BUILD: tree-wide: cast arguments to tolower/toupper to unsigned char (2)
BUG/MEDIUM: sink: properly init applet under sft lock
MINOR: sink: unify and sink_forward_io_handler() and
sink_forward_oc_io_handler()
MINOR: sink: Remove useless test on SE_FL_SHR/SHW flags
MINOR: sink: merge sink_forward_io_handler() with
sink_forward_oc_io_handler()
MINOR: sink: add some comments about sft->appctx usage in applet handlers
MINOR: sink: distinguish between hard and soft close in
_sink_forward_io_handler()
MEDIUM: sink: don't set NOLINGER flag on the outgoing stream interface
MINOR: ring: count processed messages in ring_dispatch_messages()
MINOR: sink: add processed events counter in sft
MEDIUM: sink: "max-reuse" support for sink servers
OPTIM: sink: consider threads' current load when rebalancing applets
Christopher Faulet (53):
BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in
past
BUG/MINOR: session: Eval L4/L5 rules defined in the default section
CLEANUP: stconn: Fix a typo in comments for SE_ABRT_SRC_*
MEDIUM: spoe: Remove fragmentation support
MEDIUM: spoe: Remove async mode support
MINOR: spoe: Use only a global engine-id per agent
MINOR: spoe: Remove debugging
MAJOR: spoe: Remove idle applets and pipelining support
MINOR: spoe: Remove the dedicated SPOE applet task
MEDIUM: proxy/spoe: Add a SPOP mode
MEDIUM: applet: Add a .shut callback function for applets
MINOR: connection: No longer include stconn type header in connection-t.h
MINOR: stconn: Use a dedicated function to get the opposite sedesc
MINOR: spoe: Rename some flags and constant to use SPOP prefix
MINOR: spoe: Dynamically alloc the message list per event of an agent
MINOR: spoe: Move all stuff regarding the filter/applet in the C file
MINOR: spoe: Move spoe_str_to_vsn() into the header file
MEDIUM: mux-spop: Introduce the SPOP multiplexer
MEDIUM: check/spoe: Use SPOP multiplexer to perform SPOP health-checks
MAJOR: spoe: Rewrite SPOE applet to use the SPOP mux
CLEANUP: spoe: Uniformize function definitions
MINOR: spoe: Add internal sample fetch to retrieve the SPOE engine ID
MEDIUM: spoe: Set a specific name for the connection pool of SPOP servers
MINOR: backend: Remove test on HTX streams to reuse idle connections on
connect
MEDIUM: spoe: Force the reuse 'always' mode for SPOP backends
MINOR: mux-spop: Use a dedicated function to update the SPOP connection
timeout
MAJOR: mux-spop: Make the SPOP connections reusable
MINOR: stats-html: Display reuse ratio for spop connections
MEDIUM: spoe: Directly xfer NOTIFY frame when SPOE applet is created
MEDIUM: spoe: Directly receive ACK frame in the SPOE context buffer
MEDIUM: mux-spop/spoe: Save negociated max-frame-size value in the mux
MINOR: spoe: Remove the spop version from the SPOE appctx context
MEDIUM: mux-spop: Add checks on received frames
MEDIUM: mux-spop: Announce the pipeling support if possible
MEDIUM: spoe: Forward SPOE context error to the SPOE applet
MEDIUM: spoe: Make the SPOE applet use its own buffers
DOC: spoe: Update SPOE documentation to reflect recent refactoring
BUG/MINOR: server: Don't warn fallback IP is used during init-addr
resolution
BUG/MINOR: cli: Atomically inc the global request counter between CLI
commands
MINOR: stream: Add a pointer to set the parent stream
MINOR: vars: Fill a description instead of hash and scope when a name is
parsed
MINOR: vars: Use a description to set/unset a variable instead of its
hash and scope
MEDIUM: vars: Be able to parse parent scopes for variables
MINOR: vars: Use a variable description to get variables of a specific
scope
MEDIUM: vars: Be able to retrieve variable of the parent stream, if any
MEDIUM: spoe: Set the parent stream for SPOE streams
DOC: config: Add a dedicated section about variables
DOC: config: Add info about variable scopes referencing the parent stream
DOC: config: Explicitly state the SPOE streams have a usable parent stream
MINOR: spoe: Add a function to validate a version is supported
MINOR: spoe: export the list of SPOP error reasons
MEDIUM: spoe/tcpcheck: Reintroduce SPOP check as a customized tcp-check
REGTESTS: check/spoe: Re-enable the script performing SPOP health-checks
Frederic Lecaille (2):
BUG/MINOR: quic: Non optimal first datagram.
MINOR: quic: Avoid cc priv buffer overflow.
Lukas Tribus (1):
DOC: install: don't reference removed CPU arg
Valentine Krasnobaeva (20):
MINOR: limits: prepare to keep limits in one place
REORG: fd: move raise_rlim_nofile to limits
CLEANUP: fd: rm struct rlimit definition
REORG: global: move rlim_fd_*_at_boot in limits
MINOR: haproxy: prepare to move limits-related code
REORG: haproxy: move limits handlers to limits
MINOR: limits: add is_any_limit_configured
BUG/MINOR: limits: fix license type in limits.h
MINOR: debug: prepare feed_post_mortem_late
CLEANUP: debug: fix indents in debug_parse_cli_show_dev
MINOR: debug: store runtime uid/gid in postmortem
MINOR: debug: keep runtime capabilities in post_mortem
MINOR: debug: use LIM2A to show limits
MINOR: debug: prepare to show runtime limits
MINOR: debug: keep runtime limits in postmortem
BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path
MEDIUM: ocsp: fix ocsp when the chain is loaded from 'issuers-chain-path'
BUG/MEDIUM: startup: fix zero-warning mode
MINOR: cfgparse-global: move mode's keywords in cfg_kw_list
MINOR: cfgparse-global: move no<poller_name> in cfg_kw_list
William Lallemand (5):
MEDIUM: ssl: add extra_chain to ckch_data
MINOR: ssl: change issuers-chain for show_cert_detail()
REGTESTS: ssl: test the issuers-chain-path keyword
DOC: configuration: issuers-chain-path not compatible with OCSP
DOC: configuration: issuers-chain-path is compatible with OCSP
Willy Tarreau (5):
BUILD: mux-spop: fix build failure on gcc 4-10 and clang
MINOR: fd: don't scan the full fdtab on all threads
BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts
BUG/MAJOR: mux-h2: force a hard error upon short read with pending error
DOC: config: improve the http-keep-alive section
---
