Hi,
HAProxy 2.8.14 was released on 2025/01/29. It added 38 new commits
after version 2.8.13.
Following bugs were fixed in this release:
* A bug was found in the way QUIC CRYPTO frames were stored internally to
handle unordered frames reception. There was no control on the relative
frame position that could lead to a crash when this position was too
high to be stored. Now, when this happens, the connection is closed with
CRYPTO_BUFFER_EXCEEDED error, as required by the QUIC specification.
* Most of remaining issues with the queues management were fixed. The
dequeuing process is now called when a stream is closed. This should
unsure no stream remains infinitely blocked in the queue and prevent any
infinite loop in some extreme cases. It was also possible to exceed the
configured maxconn when a server was brought back up. It appears that
only the proxy queue was evaluated at this stage while the server queue
must also be processed. Note that the issue it not totally fixed in
3.0. We can occasionally see a few more connections than maxconn, but
the max that have been observed is 4 more connections, we no longer get
multiple times maxconn. This was improved in the 3.2 to strictly respect
the maxconn value.
* A crash because of a BUG_ON() could be experienced because a stream task
could be queued in the past. Conditions to trigger the issue are quite
hard to meet. A buffer allocation must have failed while an analysis
timer is set. In that case, if an I/O event is received, the stream task
could be queued in past because an expired analysis timer is used. It
appeared that only I/O timers (read and write timeout) must be
considered when an I/O event is handled. Only the stream is responsible
to consider analysis timers.
* Some locks were missing on some stick-table converters. No issue was
reported about this bug but it could lead to inconsistent values being
reported by "table_*" converters.
* In H1, it was possible to have unusable client connections waiting for
the client timeout while they should be closed. This happened when a
connection error was immediately encountered after the connection
establishment, in same time of the connection closure. It was not a leak
because connections were finally closed but it was a waste of
ressources, especially with a high client timeout.
* Crashes could be encountered because of a use-after-free bug after two
QUIC packets were coalesced.
* QUIC NEW_TOKEN frames emitted by clients were not reject as expected. Now
when this happens, the connection is closed with PROTOCOL_VIOLATION error
code.
* The QUIC congestion window was increased each time a new acknowledge was
received without considering the window filling level. On a network
condition with negligible loss, this would cause the window to be
incremented until the maximum value, even though the application does not
have enough data to fill it. In most case, this issue was not
noticeable. However, it could lead to an excessive memory consumption when a
QUIC connection was suddenly interrupted, as in this case HAProxy would
fill the window with retransmission. It even caused OOM crash when thousands
of clients were interrupted at once on a local network benchmark.
* "on-marked-up shutdown-backup-sessions" action was no longer working. It was
broken when the shutdown of a stream was modified to be async-safe. When
this part was fixed, the active stream shutdowns, via the CLI for instance,
and "on-marked-down shutdown-sessions" action were properly handled. But not
the shutdown of backup sessions.
* An issue could be experienced on big-endian architecture in stick-table
sample fetch functions and converters because of conversions from 64-bit
integers and 32-bit ones.
* The HAPROXY_STARTUP_VERSION environment variable, defined during the init
stage, was set from a macro instead of being set from a variable. Depending
on how HAProxy is rebuilt, this could make debugging sessions confusing
because the version exposed in the environment was not necessarily the same
as the one presented in "haproxy -vv".
* The parsing of errorfile and errorloc was improved to properly alert
about unexpected extra arguments.
* An issue with the parsing of QUIC packets containing too many
out-of-order CRYPTO frames led to reject and unacknowledged the whole
packet. Indeed, these CRYPTO frames must be buffered to be handled
sequentially. But CRYPTO frames too heavily split with small fragments
could reach a limit and be rejected. Now, the packet parsing is repeated
to be able to reassemble the CRYPTO frames. In addition, the QUIC
multiplexer was fixed to properly implement the wait-for-handshake
action
* The H1 multiplexer was only able to handle timeouts if the client or
server timeouts were defined, depending on the side. So, it was possible
to ignore client-fin/server-fin and http-keep-alive/http-request
timeouts.
Thanks everyone for your help !
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/2.8/src/
Git repository : https://git.haproxy.org/git/haproxy-2.8.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-2.8.git
Changelog : https://www.haproxy.org/download/2.8/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
---
Complete changelog :
Amaury Denoyelle (11):
MINOR: quic: notify connection layer on handshake completion
BUG/MINOR: stream: unblock stream on wait-for-handshake completion
BUG/MEDIUM: quic: support wait-for-handshake
MINOR: quic: simplify qc_parse_pkt_frms() return path
MINOR: quic: use dynamically allocated frame on parsing
MINOR: quic: extend return value of CRYPTO parsing
BUG/MINOR: quic: repeat packet parsing to deal with fragmented CRYPTO
BUG/MEDIUM: quic: prevent crash due to CRYPTO parsing error
BUG/MINOR: quic: reject NEW_TOKEN frames from clients
BUG/MAJOR: quic: reject too large CRYPTO frames
BUG/MINOR: quic: do not increase congestion window if app limited
Aurelien DARRAGON (4):
BUG/MEDIUM: pattern: prevent uninitialized reads in pat_match_{str,beg}
DOC: config: add example for server "track" keyword
BUG/MINOR: stktable: fix big-endian compatiblity in smp_to_stkey()
BUG/MEDIUM: stktable: fix missing lock on some table converters
Christopher Faulet (7):
BUG/MEDIUM: stconn: Really report blocked send if sends are blocked by an
error
BUG/MEDIUM: mux-h1: Fix how timeouts are applied on H1 connections
BUG/MEDIUM: stconn: Don't forward shut for SC in connecting state
BUG/MEDIUM: stconn: Only consider I/O timers to update stream's
expiration date
MINOR: config: Alert about extra arguments for errorfile and errorloc
BUG/MEDIUM: mux-h1: Properly close H1C if an error is reported before
sending data
BUG/MINOR: stream: Properly handle "on-marked-up shutdown-backup-sessions"
Frederic Lecaille (3):
BUG/MINOR: quic: ensure a detached coalesced packet can't access its
neighbours
MINOR: quic: Add a BUG_ON() on quic_tx_packet refcount
BUILD: quic: Move an ASSUME_NONNULL() for variable which is not null
Olivier Houchard (3):
BUG/MEDIUM: queues: Make sure we call process_srv_queue() when leaving
BUG/MEDIUM: queues: Do not use pendconn_grab_from_px().
BUG/MEDIUM: queue: Make process_srv_queue return the number of streams
Valentine Krasnobaeva (1):
BUG/MINOR: ssl: put ssl_sock_load_ca under SSL_NO_GENERATE_CERTIFICATES
Willy Tarreau (9):
MINOR: debug: make mark_tainted() return the previous value
DEBUG: add a tainted flag when ha_panic() is called
MINOR: chunk: drop the global thread_dump_buffer
MINOR: debug: split ha_thread_dump() in two parts
MINOR: debug: slightly change the thread_dump_pointer signification
MINOR: debug: make ha_thread_dump_done() take the pointer to be used
MINOR: debug: replace ha_thread_dump() with its two components
MEDIUM: debug: on panic, make the target thread automatically allocate
its buf
BUG/MINOR: init: set HAPROXY_STARTUP_VERSION from the variable, not the
macro
--
Christopher Faulet
