Hi,
HAProxy 1.9.4 was released on 2019/02/06. It added 65 new commits
after version 1.9.3.
The main focus in terms of time spent was clearly on end-to-end H2
correctness, which involves both the H2 protocol itself and the idle
connections management. It's difficult to enumerate in details all the
issues that were addressed, but these generally range from not failing
a connection when failing a stream can be sufficient to counting the
number of pre-allocated streams on an idle idle outgoing connection to
make sure it still has stream IDs left. Some server-side idle timeout
errors could occasionally lead to the whole connection being closed.
One check was added to prevent an HTX frontend from dynamically branching
to a non-HTX backend (and conversely), as only the static branches were
addressed till now.
There were some improvements on memory allocation failures, a number of
places were not tested anymore (or this was new code). Ah and a memory
leak on the unique_id was addressed (it could happen with TCP instances
when declared in a defaults section).
Etags are now rewritten from strong to weak by the compression. I had no
idea this concept of weak vs strong existed at all :-)
And in addition to this, yesterday two other interesting problems were
reported and addressed :
- the first one is about using certain L7 features at the load balancing
layer (such as "balance hdr") in HTX mode which could crash haproxy.
It was in fact caused by the loss of one patch during the multiple
liftings of the code prior to the merge. That's now fixed. I'm still
amazed we managed to lose only one patch in this ocean of code!
- the other one is quite nasty and impacts all supported versions. Haproxy
currently performs very deep compatibility tests on your rules, frontends
and backends after parsing the configuration. But a corner case remained
by which it was possible to have a frontend bound on, say, processes
1 and 2, tracking a key stored in a table present only in process 1 that
would in turn rely on peers on process 1 as well. Here there is a problem,
when the frontend receives connections on process 2, the resolved pointers
for the table end up pointing to a completely different location in a
parallel universe, then peers are activated to push the data while the
section has been deallocated... So the relevant checks have been added
to make sure that a process doesn't try to interact with a section that
is not present for this process. This covers the track-sc* actions, the
sc_* sample keywords, and SPOE filters. I was extremely cautious to cover
the strict minimum so as not to impact any harmless config. It *is*
possible that one of your config will refuse to load if it is already
bogus. Please note that if this happens, it means this config is wrong
and already presents the risk of random crashes. *Do not* rollback if
this happens, please ask for help here instead. (I in fact expect that
nobody will see these errors, meaning that the amount of complex and
bogus configs in field is rather low).
The rest is pretty low impact and standard.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : http://www.haproxy.org/download/1.9/src/
Git repository : http://git.haproxy.org/git/haproxy-1.9.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-1.9.git
Changelog : http://www.haproxy.org/download/1.9/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Christopher Faulet (2):
BUG/MEDIUM: mux-h1: Don't add "transfer-encoding" if message-body is
forbidden
BUG/MAJOR: htx/backend: Make all tests on HTTP messages compatible with
HTX
Jérôme Magnin (1):
DOC: add a missing space in the documentation for bc_http_major
Kevin Zhu (1):
BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit
Olivier Houchard (11):
BUG/MEDIUM: connections: Don't forget to remove CO_FL_SESS_IDLE.
MINOR: xref: Add missing barriers.
BUG/MEDIUM: peers: Handle mux creation failure.
BUG/MEDIUM: checks: Check that conn_install_mux succeeded.
BUG/MEDIUM: servers: Only destroy a conn_stream we just allocated.
BUG/MEDIUM: servers: Don't add an incomplete conn to the server idle list.
BUG/MEDIUM: checks: Don't try to set ALPN if connection failed.
BUG/MEDIUM: h2: In h2_send(), stop the loop if we failed to alloc a buf.
BUG/MEDIUM: servers: Close the connection if we failed to install the mux.
BUG/MEDIUM: buffer: Make sure b_is_null handles buffers waiting for
allocation.
BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free().
Tim Duesterhus (2):
BUG/MEDIUM: compression: Rewrite strong ETags
DOC: compression: Update the reasons for disabled compression
Willy Tarreau (48):
SCRIPTS: add the issue tracker URL to the announce script
BUG/MINOR: server: fix logic flaw in idle connection list management
BUG/MINOR: stream: don't close the front connection when facing a backend
error
DOC: htx: make it clear that htxbuf() and htx_from_buf() always return
valid pointers
MINOR: htx: never check for null htx pointer in htx_is_{,not_}empty()
MEDIUM: stream-int: always mark pending outgoing SI_ST_CON
MINOR: stream: don't wait before retrying after a failed connection reuse
MEDIUM: h2: always parse and deduplicate the content-length header
BUG/MINOR: mux-h2: always compare content-length to the sum of DATA frames
BUG/MEDIUM: mux-h2: only close connection on request frames on closed
streams
BUG/MEDIUM: mux-h2: wake up flow-controlled streams on initial window
update
BUG/MEDIUM: mux-h2: fix two half-closed to closed transitions
BUG/MEDIUM: mux-h2: make sure never to send GOAWAY on too old streams
BUG/MEDIUM: mux-h2: do not abort HEADERS frame before decoding them
BUG/MINOR: mux-h2: make sure response HEADERS are not received in other
states than OPEN and HLOC
MINOR: h2: add a generic frame checker
MEDIUM: mux-h2: check the frame validity before considering the stream
state
CLEANUP: mux-h2: remove misleading leftover test on h2s' nullity
CLEANUP: mux-h2: clean the stream error path on HEADERS frame processing
CLEANUP: mux-h2: remove stream ID and frame length checks from the frame
parsers
BUG/MINOR: mux-h2: make sure request trailers on aborted streams don't
break the connection
MINOR: mux-h2: consistently rely on the htx variable to detect the mode
BUG/MEDIUM: mux-h2: wait for the mux buffer to be empty before closing
the connection
MINOR: stream-int: add a new flag to mention that we want the connection
to be killed
MINOR: connstream: have a new flag CS_FL_KILL_CONN to kill a connection
BUG/MEDIUM: mux-h2: do not close the connection on aborted streams
MINOR: mux-h2: max-concurrent-streams should be unsigned
MINOR: mux-h2: make sure to only check concurrency limit on the frontend
MINOR: mux-h2: learn and store the peer's advertised
MAX_CONCURRENT_STREAMS setting
BUG/MEDIUM: mux-h2: properly consider the peer's advertised
max-concurrent-streams
BUG/MEDIUM: backend: always release the previous connection into its own
target srv_list
BUG/MEDIUM: htx: check the HTX compatibility in dynamic use-backend rules
BUG/MINOR: backend: check srv_conn before dereferencing it
BUG/MEDIUM: mux-h2: always omit :scheme and :path for the CONNECT method
BUG/MEDIUM: mux-h2: always set :authority on request output
BUG/MINOR: config: fix bind line thread mask validation
BUG/MINOR: compression: properly report compression stats in HTX mode
BUG/MINOR: task: close a tiny race in the inter-thread wakeup
BUG/MAJOR: config: verify that targets of track-sc and stick rules are
present
BUG/MAJOR: spoe: verify that backends used by SPOE cover all their
callers' processes
MINOR: backend: move url_param_name/len to lbprm.arg_str/len
MINOR: backend: make headers and RDP cookie also use arg_str/len
MINOR: backend: add new fields in lbprm to store more LB options
MINOR: backend: make the header hash use arg_opt1 for use_domain_only
MINOR: backend: remap the balance uri settings to lbprm.arg_opt{1,2,3}
MINOR: backend: move hash_balance_factor out of chash
MEDIUM: backend: move all LB algo parameters into an union
BUG/MINOR: config: make sure to count the error on incorrect
track-sc/stick rules
---
