Changes in Varnish 6.6¶
For information about updating your current Varnish deployment to the new version, see Upgrading to Varnish 6.6.
A more detailed and technical account of changes in Varnish, with links to issues that have been fixed and pull requests that have been merged, may be found in the change log.
varnishd¶
Arguments¶
varnishd
now supports the-b none
argument to start with only the builtin VCL and no backend at all.
Parameters¶
The
validate_headers
parameter has been added to control header validation.The
ban_cutoff
parameter now refers to the overall length of the ban list, including completed bans, where before only non-completed (“active”) bans were counted towardsban_cutoff
.The
vary_notice
parameter has been added to control the threshold for the new Vary Notice.
feature
Flags¶
The
busy_stats_rate
feature flag has been added to ensure statistics updates (as configured using thethread_stats_rate
parameter) even in scenarios where worker threads never run out of tasks and may remain forever busy.
Accounting¶
Body bytes accounting has been fixed to always represent the number of body bytes moved on the wire, exclusive of protocol-specific overhead like HTTP/1 chunked encoding or HTTP/2 framing.
This change affects counters like
MAIN.s_req_bodybytes
,MAIN.s_resp_bodybytes
,VBE.*.*.bereq_bodybytes
andVBE.*.*.beresp_bodybytes
as well as the VSL records
ReqAcct
,PipeAcct
andBereqAcct
.
Session Close Reasons¶
The connection close reason has been fixed to properly report
SC_RESP_CLOSE
/ resp_close
where previously only
SC_REQ_CLOSE
/ req_close
was reported.
For failing PROXY connections, SessClose
now provides more
detailed information on the cause of the failure.
The session close reason logging/statistics for HTTP/2 connections have been improved.
Vary Notice¶
A log (VSL) Notice
record is now emitted whenever more than
vary_notice
variants are encountered in the cache for a specific
hash. The new vary_notice
parameter defaults to 10.
Changes to VCL¶
Header Validation¶
Unless the new validate_headers
feature is disabled, all newly set
headers are now validated to contain only characters allowed by
RFC7230. A (runtime) VCL failure is triggered if not.
VCL variables¶
The
client.identity
variable is now accessible on the backend side.The variables
bereq.is_hitpass
andbereq.is_hitmiss
have been added to the backend side matchingreq.is_hitpass
andreq.is_hitmiss
on the client side.The
bereq.xid
variable is now also available invcl_pipe {}
The
resp.proto
variable is now read-only as it should have been for long, like the other*.proto
variables.
Other changes to VCL¶
Long strings in VCL can now also be denoted using
""" ... """
in addition to the existing{" ... "}
.The
ban()
builtin is now deprecated and should be replaced with std.ban().Trying to use
std.rollback()
fromvcl_pipe
now results in VCL failure.The modulus operator
%
has been added to VCL.return(retry)
fromvcl_backend_error {}
now correctly resetsberesp.status
andberesp.reason
.The builtin VCL has been reworked: VCL code has been split into small subroutines, which custom VCL can prepend custom code to.
This allows for better integration of custom VCL and the built-in VCL and better reuse.
VMODs¶
directors.shard()
¶
The shard director now supports reconfiguration (adding/removing backends) of several instances without any special ordering requirement.
Calling the shard director
.reconfigure()
method is now optional. If not called explicitly, any shard director backend changes are applied at the end of the current task.Shard director
Error
log messages with(notice)
have been turned intoNotice
log messages.All shard
Error
andNotice
messages now use the unified prefixvmod_directors: shard %s
.
std.set_ip_tos()
¶
The set_ip_tos()
function from the bundled std
vmod now sets
the IPv6 Taffic Class (TCLASS) when used on an IPv6 connection.
std.ban()
and std.ban_error()
¶
The std.ban()
and std.ban_error()
functions have been added to
the std
vmod, allowing VCL to check for ban errors. A typical
usage pattern with the new interface is:
if (std.ban(...)) {
return(synth(200, "Ban added"));
} else {
return(synth(400, std.ban_error()));
}
varnishlog¶
See Accounting for changes to accounting-related VSL records.
See Session Close Reasons for a change affecting
SessClose
.Three new
Timestamp
VSL records have been added to backend request processing:The
Process
timestamp afterreturn(deliver)
orreturn(pass(x))
fromvcl_backend_response
,the
Fetch
timestamp before a backend connection is requested andthe
Connected
timestamp when a connection to a regular backend (VBE) is established, or when a recycled connection was selected for reuse.
The
FetchError
log messageTimed out reusing backend connection
has been renamed tofirst byte timeout (reused connection)
to clarify that it is emit for effectively the same reason asfirst byte timeout
.ExpKill
log (VSL) records are now masked by default. See thevsl_mask
parameter.Comparisons of numbers in VSL queries have been improved to match better the behavior which is likely expected by users who have not read the documentation in all detail.
See Vary Notice for information on a newly added
Notice
log (VSL) record.
varnishncsa¶
The
%{X}T
format has been added tovarnishncsa
, which generalizes%D
and%T
, but also support milliseconds (ms
) output.The
varnishncsa
-E
argument to show ESI requests has been changed to imply-c
(client mode). This behavior is now shared by all log utilities, and-c
no longer includes ESI requests.
varnishadm¶
The
vcl.discard
CLI command can now be used to discard more than one VCL with a single command, which succeeds only if all given VCLs could be discarded (atomic behavior).The
vcl.discard
CLI command now supports glob patterns for vcl names.The
vcl.deps
CLI command has been added to output dependencies between VCLs (because of labels andreturn(vcl)
statements).varnishadm
now has the-p
option to disable readline support for use in scripts and as a generic CLI connector.
varnishstat¶
See Accounting for changes to accounting-related counters.
See Session Close Reasons for a change affecting
MAIN.sc_*
counters.The
MAIN.esi_req
counter has been added as a statistic of the number of ESI sub requests created.The
MAIN.s_bgfetch
counter has been added as a statistic on the number of background fetches issued.
varnishstat
now avoids display errors of gauges which previously could underflow to negative values, being displayed as extremely high positive values.The
-r
option and ther
key binding have been added to return to the previous behavior. When raw mode is active invarnishstat
interactive (curses) mode, the wordRAW
is displayed at the right hand side in the lower status line.
varnishtest¶
Various improvements have been made to the varnishtest
facility:
the
loop
keyword now works everywhereHTTP/2 logging has been improved
Default HTTP/2 parameters have been tweaked
Varnish listen address information is now available by default in the macros
${vNAME_addr}
,${vNAME_port}
and${vNAME_sock}
. Macros by the names${vNAME_SOCKET_*}
contain the address information for each listen socket as created with the-a
argument tovarnishd
.Synchronization points for counters (VSCs) have been added as
varnish vNAME -expect PATTERN OP PATTERN
varnishtest now also works with IPv6 setups
feature ipv4
andfeature ipv6
can be used to control execution of test cases which require one or the other protocol.haproxy arguments can now be externally provided through the
HAPROXY_ARGS
variable.logexpect now supports alternatives with the
expect ? ...
syntax and negative matches with thefail add ...
andfail clear
syntax.The overall logexpect match expectation can now be inverted using the
-err
argument.Numeric comparisons for HTTP headers have been added:
-lt
,-le
,-eq
,-ne
,-ge
,-gt
rxdata -some
has been fixed.
Other Changes to Varnish Utilities¶
All varnish tools using the VUT library utilities for argument
processing now support the --optstring
argument to return a string
suitable for use with getopts
from shell scripts.