[ANNOUNCE] haproxy-2.7.6
Hi, HAProxy 2.7.6 was released on 2023/03/28. It added 39 new commits after version 2.7.5. Here is a short summary of the improvements : Aurélien has extended the internal listener API to better handle the resume operation. One noticeable effect is that listeners that have an ABNS abstract namespace socket can now support reload without crashing haproxy. Also, it also ensures properly that 'no-quic' configuration keyword is respected on reload so that disabled QUIC listeners are not started. Christopher fixed an issue affecting the H1 multiplexer. If the reponse was fully transferred before the whole request is read, there was a risk that the channel is left open without any further processing. In the end, this caused the stream to enter a spinning loop which triggered an assertion failure crash. A similar problem was also encountered for the stats applet when large GET HTTP requests were issued to it. The stream is left in a blocked state with memory resource consumed for nothing. As usual, several QUIC improvements were introduced. Two github issues were opened recently about an assertion failure on the sending code after several hours of running. A serie of patches were deployed to solve them, with notably a fix on the connection level flow-control calculation. Also, probing on PTO expiration has been corrected which should improve transfers under packet loss condition. Finally, if a connection is preemptively closed by haproxy for any reason the CONNECTION_CLOSE error code should be more precise. Willy has fixed several crashes and leaks related to potential memory allocation failures. The code is now more robust and should better resist under memory pressure. Thanks to everyone who contributed to this release. # Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation: https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse: https://discourse.haproxy.org/ Slack channel: https://slack.haproxy.org/ Issue tracker: https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.7/src/ Git repository : https://git.haproxy.org/git/haproxy-2.7.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy-2.7.git Changelog: https://www.haproxy.org/download/2.7/src/CHANGELOG Dataplane API: https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs: https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds: https://www.haproxy.org/l/dev-packages --- Complete changelog : Amaury Denoyelle (13): BUG/MINOR: quic: wake up MUX on probing only for 01RTT BUG/MINOR: quic: ignore congestion window on probing for MUX wakeup BUG/MINOR: trace: fix hardcoded level for TRACE_PRINTF BUG/MEDIUM: mux-quic: release data from conn flow-control on qcs reset MINOR: mux-quic: complete traces for qcs emission MINOR: mux-quic: adjust trace level for MAX_DATA/MAX_STREAM_DATA recv MINOR: mux-quic: add flow-control info to minimal trace level BUG/MINOR: h3: properly handle incomplete remote uni stream type BUG/MINOR: mux-quic: prevent CC status to be erased by shutdown MINOR: mux-quic: interrupt qcc_recv*() operations if CC scheduled MINOR: mux-quic: ensure CONNECTION_CLOSE is scheduled once per conn MINOR: mux-quic: close on qcs allocation failure MINOR: mux-quic: close on frame alloc failure Aurelien DARRAGON (14): MINOR: proto_uxst: add resume method MINOR: listener/api: add lli hint to listener functions MINOR: listener: add relax_listener() function MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping MINOR: listener: make sure we don't pause/resume bypassed listeners BUG/MEDIUM: listener: fix pause_listener() suspend return value handling BUG/MINOR: listener: fix resume_listener() resume return value handling BUG/MEDIUM: resume from LI_ASSIGNED in default_resume_listener() MINOR: listener: pause_listener() becomes suspend_listener() BUG/MEDIUM: listener/proxy: fix listeners notify for proxy resume MEDIUM: proto_ux: properly suspend named UNIX listeners MINOR: proto_ux: ability to dump ABNS names in error messages DOC: config: set-var() dconv rendering issues BUG/MINOR: applet/new: fix sedesc freeing logic Christopher Faulet (2): BUG/MEDIUM: stats: Consume the request except when parsing the POST payload BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription Frédéric Lécaille (3): MINOR: quic: Stop stressing the acknowledgments process (RX ACK frames) BUG/MINOR: quic: Dysfunctional
Re: [PATCH] BUG/MINOR: ssl: Stop leaking `err` in ssl_sock_load_ocsp()
On Mon, Mar 27, 2023 at 03:43:22PM +0200, Remi Tricot-Le Breton wrote: > > On 27/03/2023 15:31, Tim Düsterhus wrote: > > Hi > > > > On 3/19/23 16:07, Tim Duesterhus wrote: > >> Previously performing a config check of `.github/h2spec.config` would > >> report a > >> 20 byte leak as reported in GitHub Issue #2082. > >> > >> The leak was introduced in a6c0a59e9af65180c3ff591b91855bea8d19b352, > >> which is > >> dev only. No backport needed. > > > > I believe you might've missed this patch. > > > > Best regards > > Tim Düsterhus > > Hi Tim, > > Sorry about that delay. The patch looks good to me. I'll let William > merge it when he has the time. > > Rémi > Thanks to both of you, merged. -- William Lallemand
[ANNOUNCE] haproxy-2.6.12
Hi, HAProxy 2.6.12 was released on 2023/03/28. It added 19 new commits after version 2.6.11. Here is a detailled summary of the improvements : In 2.6.10, important fixes were introduced on FD thread concurrent access which could have caused a crash. However, this patch was incomplete for kqueue and events ports pollers used respectively in BSD and SunOS. This has been corrected by Willy for the current release. Christopher fixed an issue affecting the H1 multiplexer. If the reponse was fully transferred before the whole request is read, there was a risk that the channel is left open without any further processing. In the end, this caused the stream to enter a spinning loop which triggered an assertion failure crash. A similar problem was also encountered for the stats applet when large GET HTTP requests were issued to it. The stream is left in a blocked state with memory resource consumed for nothing. A bunch of QUIC fixes were made. Two github issues were opened recently about an assertion failure on the sending code after several hours of running. A serie of patches were deployed to solve them, with notably a fix on the connection level flow-control calculation. Also, probing on PTO expiration has been corrected which should improve transfers under packet loss condition. Finally, if a connection is preemptively closed by haproxy for any reason the CONNECTION_CLOSE error code should be more precise. Willy has fixed several crashes and leaks related to potential memory allocation failures. The code is now more robust and should better resist under memory pressure. Thanks to everyone who contributed to this release. # Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation: https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse: https://discourse.haproxy.org/ Slack channel: https://slack.haproxy.org/ Issue tracker: https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.6/src/ Git repository : https://git.haproxy.org/git/haproxy-2.6.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy-2.6.git Changelog: https://www.haproxy.org/download/2.6/src/CHANGELOG Dataplane API: https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs: https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds: https://www.haproxy.org/l/dev-packages --- Complete changelog : Amaury Denoyelle (5): BUG/MINOR: quic: wake up MUX on probing only for 01RTT BUG/MINOR: trace: fix hardcoded level for TRACE_PRINTF BUG/MEDIUM: mux-quic: release data from conn flow-control on qcs reset BUG/MINOR: h3: properly handle incomplete remote uni stream type BUG/MINOR: mux-quic: prevent CC status to be erased by shutdown Aurelien DARRAGON (2): DOC: config: set-var() dconv rendering issues BUG/MINOR: applet/new: fix sedesc freeing logic Christopher Faulet (2): BUG/MEDIUM: stats: Consume the request except when parsing the POST payload BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription Frédéric Lécaille (1): BUG/MINOR: quic: Missing STREAM frame type updated Willy Tarreau (9): BUG/MAJOR: poller: drop FD's tgid when masks don't match OPTIM: mux-h1: limit first read size to avoid wrapping BUG/MEDIUM: stream: do not try to free a failed stream-conn BUG/MEDIUM: mux-h2: do not try to free an unallocated h2s->sd BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path BUG/MEDIUM: stconn: don't set the type before allocation succeeds BUG/MINOR: stconn: fix sedesc memory leak on stream allocation failure BUG/MEDIUM: mux-h1: properly destroy a partially allocated h1s BUG/MEDIUM: applet: only set appctx->sedesc on successful allocation --- -- Amaury Denoyelle
Re: [PATCH] DOC/MINOR: fixes section 2.2 haproxy-dconv output
Willy, On 3/18/23 15:55, Willy Tarreau wrote: Ah indeed, sorry for the misunderstanding, I'll do it. I believe this did not yet happen. Best regards Tim Düsterhus
[ANNOUNCE] haproxy-2.8-dev6
Hi, HAProxy 2.8-dev6 was released on 2023/03/28. It added 71 new commits after version 2.8-dev5. It's a bit late, I wanted to emit this one by end of last week or the week-end but got disturbed by pending bugs that I preferred to analyze first. No less than 35 bugs were fixed in this release, most of them not particularly new, so I can't say that we're degrading anything but it indicates we still need to be careful, and chasing all of them continues to slow everyone's progress down, so that's a pain. A few 2.8-specific build errors and warnings were addressed when threads are disabled. This is either a good indication that by now everyone uses threads, or that very few people test -dev (or more likely that -dev is not tested on rare systems where threads are disabled) The detection of inherited incompatible libraries from external shared libraries (typically Lua modules being loaded) was made more accurate and is slightly relaxed. Instead of detecting that one of our dependencies know about a different symbol, we now assume that it will use ours (which is how ELF works) but we still detect if the lib expects an incompatible API. For memory allocators, this means that building haproxy with jemalloc is no longer incompatible with loading modules (and we've implemented a generic version of the problematic call: malloc_trim()). For openssl, we detect about 10 symbols to figure whether the loaded library is at risk of calling a wrong combination of functions, and it proved efficient enough to reject incompatible major libs, so that looks OK. The -dMfail command line option that is used to inject random allocation failures used to only enable the feature, but nothing was done until the config was not modified to set the failure ratio. I got caught a few times by this, thinking I was running under failures while I was not, so now by default, setting it like this will automatically preset the failure rate to 1%. This was sufficient to raise 8-10 bugs on error paths! More info were made available in "show ssl ocsp-response" such as the certificate path, and the OCSP update log format was improved. Some minor QUIC updates and fixes were made, more debugging info was added to "show fd". Some doc fixes for set-var() rendering in dconv. The DeviceAtlas build command line was extended to support building in a way that is also compatible with the v3 of the API that will become the default version in by the end of this year. Overall, nothing extraordinary, and the issue rate still remains a bit high for my taste. As such, I think we'll continue to be careful about changes to come in the near future and spend quite some time making what we have more reliable. Among the upcoming changes I'm still having in mind for the short term are: - Aurélien's updates on event handlers to notify Lua about servers going up and down (the final batch is just waiting for review at the moment) - Christopher's improvements on error propagation and handling. The short-term ones are mostly cosmetic but will continue to improve the mid-term debuggability of the code so the more of it we get done the better we'll be able to debug in the future. - I'm almost done with finally supporting "bind" lines that span multiple thread groups so that starting with many threads will not throw an error anymore and will not require to manually duplicate the line, so I'm finishing this. - I'm also aware of a few QUIC changes to come (though I don't exactly remember which ones) - I also remember that there are a few other things that don't immediately come to my mind, and as usual all the doc/cleanup/etc stuff that's suitable for a cool down period where we're debugging and stabilizing. So basically I'm positive that we should get a clean 2.8 release, but we should make sure not to try to push too late stuff if we want to finish cleaning leftovers from previous versions. Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation: https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse: https://discourse.haproxy.org/ Slack channel: https://slack.haproxy.org/ Issue tracker: https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.8/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy.git Changelog: https://www.haproxy.org/download/2.8/src/CHANGELOG Dataplane API: https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs: https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds: https://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (13): BUG/MINOR: quic: wake up MUX on pro
RFQ HAPROXY SERVER for CTBC Bank
Hi Sir/Madam, Please help to provide quotation below for: 1. HAPROXY SERVER - QTY: 1 Thanks & Best Regards, Najihah
Re: RFQ HAPROXY SERVER for CTBC Bank
Hello, On Wed, Mar 29, 2023 at 03:02:09AM +, Procurement - TTSolution wrote: > Hi Sir/Madam, > > > > Please help to provide quotation below for: > > > > 1. HAPROXY SERVER - QTY: 1 > > > > Thanks & Best Regards, > Najihah This is a public development mailing-list. We don't provide anything here except patches and bug reports, please check your contacts. Regards, Willy
Re: [PATCH] DOC/MINOR: fixes section 2.2 haproxy-dconv output
On Tue, Mar 28, 2023 at 04:02:04PM +0200, Tim Düsterhus wrote: > Willy, > > On 3/18/23 15:55, Willy Tarreau wrote: > > Ah indeed, sorry for the misunderstanding, I'll do it. > > I believe this did not yet happen. Indeed, thanks for the reminder. It's now merged. Thanks! Willy