Skip to content

Fluxheim 1.5.16

Choose a tag to compare

View all tags
@eldryoth eldryoth released this 11 Jun 09:41
· 237 commits to main since this release
Immutable release. Only release title and notes can be modified.
v1.5.16
This tag was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.
2317f40
This commit was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.

Fluxheim 1.5.16 Release Notes

Fluxheim 1.5.16 starts the UDP/GSLB exploration line.

This release adds the first reviewed boundary for UDP work: a separate beta
[udp] configuration namespace, an opt-in udp-proxy feature gate, and a
small scoped UDP runtime for DNS-style request/response forwarding and
syslog-style one-way forwarding. It does not turn TCP stream routes into mixed
TCP/UDP routes and it does not ship production UDP/GSLB support yet.

What Changed

  • Added udp-proxy as a beta feature gate.
  • Added [udp] with enabled and routes fields.
  • Added [[udp.routes]] with bounded route mode, listeners, upstreams,
    optional weights, optional aliases, idle/session timeouts, datagram caps, and
    session caps. max_sessions defaults to 4096; 0 remains an explicit
    unlimited setting.
  • Added beta UDP listener/runtime support for dns-load-balance and
    syslog-forward.
  • Added response_timeout_secs for UDP routes. It defaults to 3 seconds and
    keeps unanswered DNS-style datagrams from occupying route slots for the full
    idle timeout.
  • Removed the unused beta max_session_secs UDP field before release. Current
    beta modes handle one datagram at a time; response_timeout_secs is the
    effective cap for DNS-style upstream waits.
  • Hardened beta UDP forwarding so oversized upstream responses are dropped
    instead of being forwarded as truncated datagrams.
  • Rate-limited high-volume UDP drop warnings for oversized downstream
    datagrams and max_sessions pressure.
  • Added explicit reserved route modes for future scoped UDP modules:
    quic-pass-through and game-proxy.
  • Added config validation for duplicate route names, duplicate listeners,
    duplicate upstreams, invalid listener/upstream authorities, invalid timeout
    values, oversized datagrams, excessive session caps, and invalid
    weight/alias lists.
  • Added unit coverage with real local UDP sockets for request/response and
    one-way forwarding behavior.
  • Added scripts/smoke_udp_proxy.sh, an optional local smoke that starts
    Fluxheim with a UDP-only config and proves DNS-style response forwarding plus
    syslog-style one-way delivery.
  • Refreshed low-risk dependency and workflow pins: base64-ng 1.0.8, http
    1.4.2, manifest log 0.4.32, and exact current GitHub Action tags for
    checkout and Docker image workflows. Pingora was intentionally left unchanged.
  • Kept udp-proxy out of the normal full, proxy, cache, php, and
    load-balancer release profiles until the runtime data plane is added and
    reviewed.

Compatibility

  • Existing HTTP proxy, cache, TCP stream proxy, and load-balancer configs are
    unchanged.
  • Configs that set udp.enabled = true fail with a clear
    udp.enabled requires building Fluxheim with the udp-proxy feature error in
    normal production builds.
  • The UDP namespace is intentionally separate from [stream]; TCP stream
    routing remains TCP-only.
  • UDP-only beta configs can validate without HTTP/TLS listeners when built
    with udp-proxy.

Not Included

  • No production UDP/GSLB support yet.
  • No generic catchall UDP proxy.
  • No authoritative DNS server or full GSLB control plane.
  • No public-Internet DNS reflector hardening yet. dns-load-balance should be
    bound to loopback or internal interfaces unless the surrounding network
    provides ingress filtering; response rate limiting remains future work.
  • No QUIC pass-through or game-server UDP session proxying yet.
  • No WAF, VPN/firewall appliance behavior, HTTP/3 ingress, or
    Wasm/iRules/Lua scripting in this release.

Checksums And Signatures

  • Commit: 2317f400ab629e4f349528df843e1d4ee3887b27
  • Local gate: GitHub CI green before tag; local release metadata checks passed
  • CodeQL/code scanning: no open release-blocking alerts before tag
  • Source archive checksums:
    • 4fdbe3dd5d99776a0d7eb70b04890785b8273b243b571733510ee5f1342f833a fluxheim-1.5.16.tar.gz
    • 7652deef9e38aed455bf77d4ad5374dd7e59e24a654179470fc1500072aded7a fluxheim-1.5.16.zip
  • Binary checksums:
    • x86_64:
      • 5d49fd8f457b551d609091c18407f0cb91f15f8a0a90ef9f28024cdeafe8c2f2 fluxheim-1.5.16-full-x86_64-linux.tar.gz
      • b01b97dd959eef05dab2f372b99c1f67b784801faa4be578fbc6cea94bed5ba7 fluxheim-1.5.16-cache-x86_64-linux.tar.gz
      • 48972e284761eb1a40bbf9181f374535d4c4f112f1abda4fbb9fe4a4f1a40222 fluxheim-1.5.16-proxy-x86_64-linux.tar.gz
      • d28b873f28945cfa2fa2960110f9d020190ac3c438fc96aa8d78a866c73b0885 fluxheim-1.5.16-php-x86_64-linux.tar.gz
      • 191d621626eded6bc4621dcd59f39ddef60c4effadb3d37c14b81a83de3975f1 fluxheim-1.5.16-load-balancer-x86_64-linux.tar.gz
      • 8970d0fe2cb18faa6333c00a7731368f3e01eb49a3187b1534b66d8162a00cf5 fluxheim-1.5.16-config-tester-x86_64-linux.tar.gz
    • aarch64:
      • 2e1ad38570154e1a1bfe70d3ad2c567f972f5783541a07d6adfbf78e4691619b fluxheim-1.5.16-full-aarch64-linux.tar.gz
      • c6090f12ff7c603c26e080c89e97c98d80c5eeb994262b5aec42833445a7ba0f fluxheim-1.5.16-cache-aarch64-linux.tar.gz
      • fc45fef67664a281cc8e58da275537b1f7108f2a6079465cb2a62a51f1da5762 fluxheim-1.5.16-proxy-aarch64-linux.tar.gz
      • 541d67b74cc18fedc8d18d94dec9e573ffd5a2ad6ecfc32b0ea48c85a7b28e66 fluxheim-1.5.16-php-aarch64-linux.tar.gz
      • 785291a89dee9c51a248de4a75c41604a3c1fa79e52547597959cbcd0e26bb2c fluxheim-1.5.16-load-balancer-aarch64-linux.tar.gz
      • d9e4a58628602ae2825dddb53cdfe8aa3366d375b54ea8f17c07d696c1a5dacd fluxheim-1.5.16-config-tester-aarch64-linux.tar.gz
    • macos:
      • c7b31df1f7bfd5e5339f6a845757da59ee7953814b3bc320c3dbde6f936fbf10 fluxheim-1.5.16-dev-aarch64-macos.tar.gz
  • SBOM checksums:
    • ec2074d032ce064ef7c377d7b8e75592b60c35cb18a1f0f2b91daf43d50c0ad0 fluxheim.spdx.json
    • 9143362bdf5274204e0fcede86f7881481cf8a186633bdbe78db7dc9ca7fbcfb fluxheim.cyclonedx.json
  • Reproducible build:
    • abaf5daa060faa3c5f34f0b1216ae7f3f25202a12a6b2edb6b0973b29fbe7e9e x86_64
    • d82462cb6ea39e567b9d526bdb0431368ccb2f86906c24109a6f9c3c4a00ab2c aarch64
    • d2a676eedbfcb48e78365020ad96d0f5db6d1769e8aedd89d1fe74377693abb7 macos
  • Full Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:0d6de4685d300b15492c3099ca149195f59bbc8b192f8c80b7c2d1d72029e210
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:e41fbc532ba0fdc5ecffa6aff7bb0e21e188d9f0aec449fbcb196b758b73e197
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:4f9c863e01c8cfb4e04efd3f761d478fb3eb9c34393892c6fb0191a5b60b1dca
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:621ab66186cedaff4885270d91bdc290d22cfbc3691498b04f9916d887eb49f8
  • Cache Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:0b616a70a716dfb569db017825c23554a4819a3412b1363af6e55ef957d4f0ce
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:8185980bc380870d79dc09ce6e0da85aa442afe09942fe8437b598ed3af9880a
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:8a0a548da76c8e34df233afdb277f2af5b97b25a653054b9fff14d209ecaf10c
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:82e08f13eb70256bbc56c1de233ec2cdd23af7385df9d79d21b10a911810d2b6
  • Proxy Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:287cdd12dd51482af3d52b98b7e5f0194a8852a9492e4c1175666d41d82c2dc4
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:bec8cf76be87b0c3dde7356e017ede8686e311297ef6e52b1c62c3ac2fee8802
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:88edc20a987ee4cc8460d3a80118d0f054d328489cc2649b8650c7bd56d26b02
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:2618b670a621d83bc80544cba6b8acce467a63a2864836c621b60a4d1548e65a
  • PHP Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:9ea00069fe707c3c0e99bdb1edf6c21ed164443231236080a693cfa3467e596b
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:33d17779954a3ae77b9a9f53364e31e2eb8fe980c7bce82dc2b319f2ece7f14b
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:4cbc3483ebced4d4d70f2978a8c6a86782cbeab6707e74917ad31c4976e1b48c
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:0ccc8714400d3ba7bfaf0af17d2f24052f1a23b5d7e25bdedba0fc4b1c02d4c5
  • Load Balancer Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:4c2b5e29762c7da67448e85b6c96a1d8cdc312805889da7704dbd5e514970f66
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:06ef2670f9f0777474543da40ac1e7fa3132376314a3825dbfcfa905b95b8ace
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:96ccdbe5240a2a9cd3e97355171af6ed9c147abc88f4c07c38c64730f88b62a5
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:36e0033263a74ece44e81521895c4a6449c0a8b24afa340b0c24ba80c85c7a07
  • Tag signature:
    • Good "git" signature for 1921261+eldryoth@users.noreply.github.com with ED25519 key SHA256:EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Assets 16
Loading
0 Join discussion