pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/net/haproxy
Module Name: pkgsrc
Committed By: adam
Date: Wed May 29 20:27:50 UTC 2024
Modified Files:
pkgsrc/net/haproxy: Makefile distinfo
pkgsrc/net/haproxy/patches: patch-include_haproxy_proxy-t.h
patch-include_haproxy_server-t.h
Log Message:
haproxy: updated to 3.0.0
HAProxy 3.0.0 was released on 2024/05/29. It added 21 new commits
after version 3.0-dev13. I do appreciate that everything was only
cosmetic.
We're having a total of 1108 patches in this release among which 850 ones
not concerning a bug, which makes it the smallest LTS release of all times
(2.6 and 2.4 still remain the largest ones, respectively 65% and 58%
larger). This is a good news in terms of expected stability, which might
possibly break the old myth of "better avoid dot zero".
Let's try to summarize what's new in this release. It has been one of the
most difficult for me to summarize because I'm not seeing one big killer
feature, instead it's an LTS as we like them: mostly a nice polishing of
existing stuff and small improvements all over the place as permitted by
the previous version's architectural changes. I tried to classify this
into a few categories, depending on the intended benefits.
First, let's enumerate the new features, and improvements of existing ones:
- stats can finally be preserved across reloads for frontends,
listeners, backends and servers. When using this, the config objects
of the new process are preloaded with the relevant values from a dump
of the previous process. This essentially concerns counters, ages and
rates. Please have a look at "stats-file" and "dump stats-file" for
more information.
- the log outgoing load-balancing now relies on a regular backend,
meaning that the load balancing algorithms could finally be unified
with the ones used by other protocols, and servers now support
weights.
- log-format now supports JSON and CBOR output encoding. In such a case,
the field name is taken from a new naming scheme that is placed within
the log-format itself, allowing to assign a name to each field.
- the load balancing algorithm "sticky" that was initially reserved for
logs was generalized to other protocols.
- the HTTP/2 RST_STREAM reason code can finally be forwarded to the
server for client aborts. This addresses the problem a few users were
facing with gRPC where request cancellation appeared as communication
errors the server side. For now this is purposely limited to only a
few reason codes that are relevant to gRPC so that we don't ruin the
possibility to later extend that to H3 and maybe H1.
- QUIC now supports the HyStart++ (RFC9406) alternative to slowstart
with the Cubic algorithm. It's supposed to show better recovery
patterns. It's not yet enabled by default.
- a new set of converters, map_*_key, will report the matching part of
the key itself instead of the associated pattern. The main target use
cases for this is to know what address mask an address did match, or
what regex a pattern did match.
- the "uuid()" sample fetch function, which takes an optional version in
argument now also supports "7" for UUIDv7. These UUIDs regroup many
properties found in ULID and other mechanisms, one of the most
interesting one being time-based locality that, for example, eases the
archiving of old data, or the grouping of events on systems where
they'll be processed together.
- the name associated with servers in connection pools can now be
overridden by the expression in "pool-conn-name" when SNI is not
desired (useful with rhttp without SSL for example, but may also make
sense when reaching remote servers over SSL tunnels). It also allows
to entirely drop SSL from the server.
- the "namespace" argument now works for "bind" and "server" lines using
UNIX sockets.
- Linux capabilities: the use of namespaces on the server side used to
require capability "cap_sys_admin" but it was neither checked nor
reported on startup to it would silently fail. The capability is now
supported and is being checked for. Similarly, the need for
capabilities for transparent proxying or QUIC are checked and reported
on startup. Finally, file-system capabilities set on the executable are
also supported now.
- the set-mark/set-tos actions were extended to support an expression in
addition of the constant, and were extended to also support the backend
side. This can for example be used to select an outgoing link from a
single IP address. The new backend actions are called "set-bc-mark" and
"set-bc-tos", and by analogy new frontend actions called "set-fc-mark"
and "set-fc-tos" were created, and the old actions are aliases of these
last ones.
- QUIC built with latest AWS-LC TLS library now correctly supports 0-RTT.
- a new global setting "ssl-security-level" allows to adjust OpenSSL's
internal security level beween 0 and 5. Previously it could only be
done in openssl.cnf.
- the key used by consistent hash to map to a server used to always be
the server's id (either explicit or implicit, position-based), but
that was not always convenient when dealing with fast added-removed
server within a large fleet of LBs. Now the "hash-key" directive will
also allow to use the server's address or address+port for this so
that the same key ends up on the same server for all LBs.
- The HTTP client now has an option to use either origin or absolute
URIs. This should make it easier to configure it to talk to old
servers which are not spec-compliant and do not support absolute
URIs. The ocsp_update agent already exploits this ability via a new
setting "ocsp-update.httpproxy".
- it is now possible to suppress Content-Length and Transfer-Encoding
headers from HTTP/1 requests and responses. It must never be done of
course but there are rare situations where users dealing with bogus
clients or server need to perform such cleanups. Most of the time
when done, this will mark a connection non-reusable and it will be
closed at the end of the transfer.
- the proxy protocol now also parses TLV for LOCAL mode and supports
sending them without a stream so that elements can be passed during
the preconnect phase of a reverse-HTTP instance to a next stage that
will no longer ignore them.
- the new sched_setaffinity() of FreeBSD 14 and newer is now supported.
- the new certificate selection callback for WolfSSL was now enabled
since it's finally available in the upstream project.
To generate a diff of this commit:
cvs rdiff -u -r1.121 -r1.122 pkgsrc/net/haproxy/Makefile
cvs rdiff -u -r1.113 -r1.114 pkgsrc/net/haproxy/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/net/haproxy/patches/patch-include_haproxy_proxy-t.h
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/net/haproxy/patches/patch-include_haproxy_server-t.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/net/haproxy/Makefile
diff -u pkgsrc/net/haproxy/Makefile:1.121 pkgsrc/net/haproxy/Makefile:1.122
--- pkgsrc/net/haproxy/Makefile:1.121 Sun Apr 7 21:37:12 2024
+++ pkgsrc/net/haproxy/Makefile Wed May 29 20:27:50 2024
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.121 2024/04/07 21:37:12 adam Exp $
+# $NetBSD: Makefile,v 1.122 2024/05/29 20:27:50 adam Exp $
-DISTNAME= haproxy-2.9.7
+DISTNAME= haproxy-3.0.0
CATEGORIES= net www
MASTER_SITES= https://www.haproxy.org/download/${PKGVERSION_NOREV:R}/src/
Index: pkgsrc/net/haproxy/distinfo
diff -u pkgsrc/net/haproxy/distinfo:1.113 pkgsrc/net/haproxy/distinfo:1.114
--- pkgsrc/net/haproxy/distinfo:1.113 Sun Apr 7 21:37:12 2024
+++ pkgsrc/net/haproxy/distinfo Wed May 29 20:27:50 2024
@@ -1,13 +1,13 @@
-$NetBSD: distinfo,v 1.113 2024/04/07 21:37:12 adam Exp $
+$NetBSD: distinfo,v 1.114 2024/05/29 20:27:50 adam Exp $
-BLAKE2s (haproxy-2.9.7.tar.gz) = 8f3ad861863a9c03afa4aabee3c9a841cd623efeb85117f7575343d5de5bd14d
-SHA512 (haproxy-2.9.7.tar.gz) = 23f320d49f822761cc0a4d8b7e15c8a58b804e4601c9421fa2433afe19798944d5a7264bf83502534b99236dda7c44ec72b97c1e6cdbcf203ab3090ae5313b3b
-Size (haproxy-2.9.7.tar.gz) = 4516225 bytes
+BLAKE2s (haproxy-3.0.0.tar.gz) = a2e2d313dacd32ea0ee7975922444a959be26c72c0b7234e4675935f2c786298
+SHA512 (haproxy-3.0.0.tar.gz) = 65b3b2a9f3600f3d7b1353ba9c0132d08b9522b742276d54d04fadb55a389ab4d6baa2d89d2b84ae0d14be30cc162c9757877d693172fd1bf3f92d97c9be4924
+Size (haproxy-3.0.0.tar.gz) = 4677659 bytes
SHA1 (patch-Makefile) = 36c0e5d46b30d7b28fdb4b3fdbb4fe052fa8d850
-SHA1 (patch-include_haproxy_proxy-t.h) = 5560f5f50e66cf122fe8464f74541f226e127e8d
+SHA1 (patch-include_haproxy_proxy-t.h) = c8786f431a13c6515553c77314cc8b3a002d6d03
SHA1 (patch-include_haproxy_queue-t.h) = bf2ea918a6d8ec3d3fb2f88b7b9303a695381d96
SHA1 (patch-include_haproxy_queue.h) = eed5ea43212462134fb60b50c2a32e619e104d51
-SHA1 (patch-include_haproxy_server-t.h) = 4328e1cba03b27d832d3e13e6c6370395c6d8f1d
+SHA1 (patch-include_haproxy_server-t.h) = e6f2bc3ae630663a6b3ae596edd5b08ba4d3fec0
SHA1 (patch-src_cli.c) = 4bc5cf0116df121ac4c3c38b8f962c3a62d536e5
SHA1 (patch-src_haproxy.c) = a466acb853b5018b70571d0a03b9d28ed9245d06
SHA1 (patch-src_proto__sockpair.c) = 67b8b94768d029d412eddc35c2165e9183ab69f9
Index: pkgsrc/net/haproxy/patches/patch-include_haproxy_proxy-t.h
diff -u pkgsrc/net/haproxy/patches/patch-include_haproxy_proxy-t.h:1.1 pkgsrc/net/haproxy/patches/patch-include_haproxy_proxy-t.h:1.2
--- pkgsrc/net/haproxy/patches/patch-include_haproxy_proxy-t.h:1.1 Thu Dec 9 10:36:07 2021
+++ pkgsrc/net/haproxy/patches/patch-include_haproxy_proxy-t.h Wed May 29 20:27:50 2024
@@ -1,10 +1,10 @@
-$NetBSD: patch-include_haproxy_proxy-t.h,v 1.1 2021/12/09 10:36:07 jperkin Exp $
+$NetBSD: patch-include_haproxy_proxy-t.h,v 1.2 2024/05/29 20:27:50 adam Exp $
Avoid 'struct queue' conflict.
---- include/haproxy/proxy-t.h.orig 2021-11-23 14:40:21.000000000 +0000
+--- include/haproxy/proxy-t.h.orig 2024-05-29 12:43:38.000000000 +0000
+++ include/haproxy/proxy-t.h
-@@ -341,7 +341,7 @@ struct proxy {
+@@ -350,7 +350,7 @@ struct proxy {
__decl_thread(HA_RWLOCK_T lock); /* may be taken under the server's lock */
char *id, *desc; /* proxy id (name) and description */
@@ -12,4 +12,4 @@ Avoid 'struct queue' conflict.
+ struct haqueue queue; /* queued requests (pendconns) */
int totpend; /* total number of pending connections on this instance (for stats) */
unsigned int feconn, beconn; /* # of active frontend and backends streams */
- struct freq_ctr fe_req_per_sec; /* HTTP requests per second on the frontend */
+ unsigned int fe_sps_lim; /* limit on new sessions per second on the frontend */
Index: pkgsrc/net/haproxy/patches/patch-include_haproxy_server-t.h
diff -u pkgsrc/net/haproxy/patches/patch-include_haproxy_server-t.h:1.2 pkgsrc/net/haproxy/patches/patch-include_haproxy_server-t.h:1.3
--- pkgsrc/net/haproxy/patches/patch-include_haproxy_server-t.h:1.2 Tue Dec 6 08:18:17 2022
+++ pkgsrc/net/haproxy/patches/patch-include_haproxy_server-t.h Wed May 29 20:27:50 2024
@@ -1,15 +1,15 @@
-$NetBSD: patch-include_haproxy_server-t.h,v 1.2 2022/12/06 08:18:17 adam Exp $
+$NetBSD: patch-include_haproxy_server-t.h,v 1.3 2024/05/29 20:27:50 adam Exp $
Avoid 'struct queue' conflict.
---- include/haproxy/server-t.h.orig 2022-12-01 14:16:46.000000000 +0000
+--- include/haproxy/server-t.h.orig 2024-05-29 12:43:38.000000000 +0000
+++ include/haproxy/server-t.h
-@@ -289,7 +289,7 @@ struct server {
+@@ -347,7 +347,7 @@ struct server {
unsigned int max_used_conns; /* Max number of used connections (the counter is reset at each connection purges */
unsigned int est_need_conns; /* Estimate on the number of needed connections (max of curr and previous max_used) */
- struct queue queue; /* pending connections */
+ struct haqueue queue; /* pending connections */
+ struct mt_list sess_conns; /* list of private conns managed by a session on this server */
/* Element below are usd by LB algorithms and must be doable in
- * parallel to other threads reusing connections above.
Home |
Main Index |
Thread Index |
Old Index