upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-27 09:06:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
haproxy/src/cfgparse.c

9374 lines
305 KiB
C
Raw Normal View History

[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* Configuration parser
*
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
* Copyright 2000-2011 Willy Tarreau <w@1wt.eu>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
*/
BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported When an unknown encryption algorithm is used in userlists or the password is not pasted correctly in the configuration, http authentication silently fails. An initial check is now performed during the configuration parsing, in order to verify that the encrypted password is supported. An unsupported password will fail with a fatal error. This patch should be backported to 1.4 and 1.5.
2014-08-29 14:20:02 -04:00
#ifdef CONFIG_HAP_CRYPT
/* This is to have crypt() defined on Linux */
#define _GNU_SOURCE
#ifdef NEED_CRYPT_H
/* some platforms such as Solaris need this */
#include <crypt.h>
#endif
#endif /* CONFIG_HAP_CRYPT */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <netdb.h>
#include <ctype.h>
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
#include <pwd.h>
#include <grp.h>
[BUILD] cfgparse requires errno.h on OpenBSD.
2007-03-25 18:18:40 -04:00
#include <errno.h>
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/cfgparse.h>
REORG: buffers: split buffers into chunk,buffer,channel Many parts of the channel definition still make use of the "buffer" word.
2012-08-24 13:22:53 -04:00
#include <common/chunk.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/config.h>
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
#include <common/errors.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/memory.h>
#include <common/standard.h>
#include <common/time.h>
#include <common/uri_auth.h>
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 09:11:45 -05:00
#include <common/namespace.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <types/capture.h>
MEDIUM: HTTP compression (zlib library support) This commit introduces HTTP compression using the zlib library. http_response_forward_body has been modified to call the compression functions. This feature includes 3 algorithms: identity, gzip and deflate: * identity: this is mostly for debugging, and it was useful for developping the compression feature. With Content-Length in input, it is making each chunk with the data available in the current buffer. With chunks in input, it is rechunking, the output chunks will be bigger or smaller depending of the size of the input chunk and the size of the buffer. Identity does not apply any change on data. * gzip: same as identity, but applying a gzip compression. The data are deflated using the Z_NO_FLUSH flag in zlib. When there is no more data in the input buffer, it flushes the data in the output buffer (Z_SYNC_FLUSH). At the end of data, when it receives the last chunk in input, or when there is no more data to read, it writes the end of data with Z_FINISH and the ending chunk. * deflate: same as gzip, but with deflate algorithm and zlib format. Note that this algorithm has ambiguous support on many browsers and no support at all from recent ones. It is strongly recommended not to use it for anything else than experimentation. You can't choose the compression ratio at the moment, it will be set to Z_BEST_SPEED (1), as tests have shown very little benefit in terms of compression ration when going above for HTML contents, at the cost of a massive CPU impact. Compression will be activated depending of the Accept-Encoding request header. With identity, it does not take care of that header. To build HAProxy with zlib support, use USE_ZLIB=1 in the make parameters. This work was initially started by David Du Colombier at Exceliance.
2012-10-23 04:25:10 -04:00
#include <types/compression.h>
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
#include <types/filters.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <types/global.h>
MAJOR: connection: replace struct target with a pointer to an enum Instead of storing a couple of (int, ptr) in the struct connection and the struct session, we use a different method : we only store a pointer to an integer which is stored inside the target object and which contains a unique type identifier. That way, the pointer allows us to retrieve the object type (by dereferencing it) and the object's address (by computing the displacement in the target structure). The NULL pointer always corresponds to OBJ_TYPE_NONE. This reduces the size of the connection and session structs. It also simplifies target assignment and compare. In order to improve the generated code, we try to put the obj_type element at the beginning of all the structs (listener, server, proxy, si_applet), so that the original and target pointers are always equal. A lot of code was touched by massive replaces, but the changes are not that important.
2012-11-11 18:42:33 -05:00
#include <types/obj_type.h>
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
#include <types/peers.h>
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
#include <types/mailers.h>
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
#include <types/dns.h>
REORG: cli: split dumpstats.h in stats.h and cli.h proto/dumpstats.h has been split in 4 files: * proto/cli.h contains protypes for the CLI * proto/stats.h contains prototypes for the stats * types/cli.h contains definition for the CLI * types/stats.h contains definition for the stats
2016-11-21 11:49:11 -05:00
#include <types/stats.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] add the 'acl' keyword to the config language The 'acl' keyword allows one to declare a new ACL. It is an important part of the ACL framework.
2007-05-06 18:53:22 -04:00
#include <proto/acl.h>
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
#include <proto/auth.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/backend.h>
REORG: buffers: split buffers into chunk,buffer,channel Many parts of the channel definition still make use of the "buffer" word.
2012-08-24 13:22:53 -04:00
#include <proto/channel.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/checks.h>
MEDIUM: HTTP compression (zlib library support) This commit introduces HTTP compression using the zlib library. http_response_forward_body has been modified to call the compression functions. This feature includes 3 algorithms: identity, gzip and deflate: * identity: this is mostly for debugging, and it was useful for developping the compression feature. With Content-Length in input, it is making each chunk with the data available in the current buffer. With chunks in input, it is rechunking, the output chunks will be bigger or smaller depending of the size of the input chunk and the size of the buffer. Identity does not apply any change on data. * gzip: same as identity, but applying a gzip compression. The data are deflated using the Z_NO_FLUSH flag in zlib. When there is no more data in the input buffer, it flushes the data in the output buffer (Z_SYNC_FLUSH). At the end of data, when it receives the last chunk in input, or when there is no more data to read, it writes the end of data with Z_FINISH and the ending chunk. * deflate: same as gzip, but with deflate algorithm and zlib format. Note that this algorithm has ambiguous support on many browsers and no support at all from recent ones. It is strongly recommended not to use it for anything else than experimentation. You can't choose the compression ratio at the moment, it will be set to Z_BEST_SPEED (1), as tests have shown very little benefit in terms of compression ration when going above for HTML contents, at the cost of a massive CPU impact. Compression will be activated depending of the Accept-Encoding request header. With identity, it does not take care of that header. To build HAProxy with zlib support, use USE_ZLIB=1 in the make parameters. This work was initially started by David Du Colombier at Exceliance.
2012-10-23 04:25:10 -04:00
#include <proto/compression.h>
MAJOR/REORG: dns: DNS resolution task and requester queues This patch is a major upgrade of the internal run-time DNS resolver in HAProxy and it brings the following 2 main changes: 1. DNS resolution task Up to now, DNS resolution was triggered by the health check task. From now, DNS resolution task is autonomous. It is started by HAProxy right after the scheduler is available and it is woken either when a network IO occurs for one of its nameserver or when a timeout is matched. From now, this means we can enable DNS resolution for a server without enabling health checking. 2. Introduction of a dns_requester structure Up to now, DNS resolution was purposely made for resolving server hostnames. The idea, is to ensure that any HAProxy internal object should be able to trigger a DNS resolution. For this purpose, 2 things has to be done: - clean up the DNS code from the server structure (this was already quite clean actually) and clean up the server's callbacks from manipulating too much DNS resolution - create an agnostic structure which allows linking a DNS resolution and a requester of any type (using obj_type enum) 3. Manage requesters through queues Up to now, there was an uniq relationship between a resolution and it's owner (aka the requester now). It's a shame, because in some cases, multiple objects may share the same hostname and may benefit from a resolution being performed by a third party. This patch introduces the notion of queues, which are basically lists of either currently running resolution or waiting ones. The resolutions are now available as a pool, which belongs to the resolvers. The pool has has a default size of 64 resolutions per resolvers and is allocated at configuration parsing.
2017-05-22 09:17:15 -04:00
#include <proto/dns.h>
REORG: cli: split dumpstats.h in stats.h and cli.h proto/dumpstats.h has been split in 4 files: * proto/cli.h contains protypes for the CLI * proto/stats.h contains prototypes for the stats * types/cli.h contains definition for the CLI * types/stats.h contains definition for the stats
2016-11-21 11:49:11 -05:00
#include <proto/stats.h>
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
#include <proto/filters.h>
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 12:46:57 -04:00
#include <proto/frontend.h>
OPTIM/MINOR: move the hdr_idx pools out of the proxy struct It makes no sense to have one pointer to the hdr_idx pool in each proxy struct since these pools do not depend on the proxy. Let's have a common pool instead as it is already the case for other types.
2011-10-24 12:15:04 -04:00
#include <proto/hdr_idx.h>
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
#include <proto/lb_chash.h>
MEDIUM: backend: add the 'first' balancing algorithm The principle behind this load balancing algorithm was first imagined and modeled by Steen Larsen then iteratively refined through several work sessions until it would totally address its original goal. The purpose of this algorithm is to always use the smallest number of servers so that extra servers can be powered off during non-intensive hours. Additional tools may be used to do that work, possibly by locally monitoring the servers' activity. The first server with available connection slots receives the connection. The servers are choosen from the lowest numeric identifier to the highest (see server parameter "id"), which defaults to the server's position in the farm. Once a server reaches its maxconn value, the next server is used. It does not make sense to use this algorithm without setting maxconn. Note that it can however make sense to use minconn so that servers are not used at full load before starting new servers, and so that introduction of new servers requires a progressively increasing load (the number of servers would more or less follow the square root of the load until maxconn is reached). This algorithm ignores the server weight, and is more beneficial to long sessions such as RDP or IMAP than HTTP, though it can be useful there too.
2012-02-13 11:12:08 -05:00
#include <proto/lb_fas.h>
[CLEANUP] backend: move LB algos to individual files It was becoming painful to have all the LB algos in backend.c. Let's move them to their own files. A few hashing functions still need be broken in two parts, one for the contents and one for the map position.
2009-10-01 05:19:37 -04:00
#include <proto/lb_fwlc.h>
#include <proto/lb_fwrr.h>
#include <proto/lb_map.h>
REORG: split "protocols" files into protocol and listener It was becoming confusing to have protocols and listeners in the same files, split them.
2012-09-12 16:58:11 -04:00
#include <proto/listener.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/log.h>
REORG: split "protocols" files into protocol and listener It was becoming confusing to have protocols and listeners in the same files, split them.
2012-09-12 16:58:11 -04:00
#include <proto/protocol.h>
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-28 20:09:36 -04:00
#include <proto/proto_tcp.h>
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
#include <proto/proto_uxst.h>
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-28 20:09:36 -04:00
#include <proto/proto_http.h>
[MINOR] indicate the proxy type in the logs after a loss of servers When the last server goes down in a backend, indicate 'backend' or 'listener' in the log message depending on the type of the backend.
2006-12-31 11:46:05 -05:00
#include <proto/proxy.h>
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
#include <proto/peers.h>
REORG: rename "pattern" files They're now called "sample" everywhere to match their description.
2012-04-27 15:52:18 -04:00
#include <proto/sample.h>
REORG: session: move the session parts out of stream.c This concerns everythins related to accepting a new session and expiring the embryonic session. There's still a hard-coded call to stream_accept_session() which could be set somewhere in the frontend, but for now it's not a problem.
2015-04-04 12:50:31 -04:00
#include <proto/session.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/server.h>
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
#include <proto/stream.h>
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
#include <proto/stick_table.h>
REORG: tcp-rules: move tcp rules processing to their own file There's no more reason to keep tcp rules processing inside proto_tcp.c given that there is nothing in common there except these 3 letters : tcp. The tcp rules are in fact connection, session and content processing rules. Let's move them to "tcp-rules" and let them live their life there.
2016-11-25 09:49:32 -05:00
#include <proto/task.h>
#include <proto/tcp_rules.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] implement 'option ssl-hello-chk' to use CLIENT HELLO health checks. This makes it possible to relay SSL connections in pure TCP instances while ensuring the remote end really receives our data eventhough intermediate agents (firewalls, proxies, ...) might acknowledge the connection.
2006-07-09 10:42:34 -04:00
/* This is the SSLv3 CLIENT HELLO packet used in conjunction with the
* ssl-hello-chk option to ensure that the remote server speaks SSL.
*
* Check RFC 2246 (TLSv1.0) sections A.3 and A.4 for details.
*/
const char sslv3_client_hello_pkt[] = {
"\x16" /* ContentType : 0x16 = Hanshake */
"\x03\x00" /* ProtocolVersion : 0x0300 = SSLv3 */
"\x00\x79" /* ContentLength : 0x79 bytes after this one */
"\x01" /* HanshakeType : 0x01 = CLIENT HELLO */
"\x00\x00\x75" /* HandshakeLength : 0x75 bytes after this one */
"\x03\x00" /* Hello Version : 0x0300 = v3 */
"\x00\x00\x00\x00" /* Unix GMT Time (s) : filled with <now> (@0x0B) */
"HAPROXYSSLCHK\nHAPROXYSSLCHK\n" /* Random : must be exactly 28 bytes */
"\x00" /* Session ID length : empty (no session ID) */
"\x00\x4E" /* Cipher Suite Length : 78 bytes after this one */
"\x00\x01" "\x00\x02" "\x00\x03" "\x00\x04" /* 39 most common ciphers : */
"\x00\x05" "\x00\x06" "\x00\x07" "\x00\x08" /* 0x01...0x1B, 0x2F...0x3A */
"\x00\x09" "\x00\x0A" "\x00\x0B" "\x00\x0C" /* This covers RSA/DH, */
"\x00\x0D" "\x00\x0E" "\x00\x0F" "\x00\x10" /* various bit lengths, */
"\x00\x11" "\x00\x12" "\x00\x13" "\x00\x14" /* SHA1/MD5, DES/3DES/AES... */
"\x00\x15" "\x00\x16" "\x00\x17" "\x00\x18"
"\x00\x19" "\x00\x1A" "\x00\x1B" "\x00\x2F"
"\x00\x30" "\x00\x31" "\x00\x32" "\x00\x33"
"\x00\x34" "\x00\x35" "\x00\x36" "\x00\x37"
"\x00\x38" "\x00\x39" "\x00\x3A"
"\x01" /* Compression Length : 0x01 = 1 byte for types */
"\x00" /* Compression Type : 0x00 = NULL compression */
};
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
/* various keyword modifiers */
enum kw_mod {
KWM_STD = 0, /* normal */
KWM_NO, /* "no" prefixed before the keyword */
KWM_DEF, /* "default" prefixed before the keyword */
};
MEDIUM: config: Dynamic sections. This patch permit to register new sections in the haproxy's configuration file. This run like all the "keyword" registration, it is used during the haproxy initialization, typically with the "__attribute__((constructor))" functions.
2014-03-18 08:54:18 -04:00
/* permit to store configuration section */
struct cfg_section {
struct list list;
char *section_name;
int (*section_parser)(const char *, int, char **, int);
};
/* Used to chain configuration sections definitions. This list
* stores struct cfg_section
*/
struct list sections = LIST_HEAD_INIT(sections);
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
/* some of the most common options which are also the easiest to handle */
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
struct cfg_opt {
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
const char *name;
unsigned int val;
unsigned int cap;
[MINOR] the options table now sets the prerequisite checks Some options will need some checks (or initializations) to be performed before starting everything. The cfg_opts table has been extended to allow storing of options-dependant checks.
2007-01-06 15:09:17 -05:00
unsigned int checks;
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
unsigned int mode;
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
};
/* proxy->options */
static const struct cfg_opt cfg_opts[] =
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
{
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
{ "abortonclose", PR_O_ABRT_CLOSE, PR_CAP_BE, 0, 0 },
{ "allbackups", PR_O_USE_ALL_BK, PR_CAP_BE, 0, 0 },
{ "checkcache", PR_O_CHK_CACHE, PR_CAP_BE, 0, PR_MODE_HTTP },
{ "clitcpka", PR_O_TCP_CLI_KA, PR_CAP_FE, 0, 0 },
{ "contstats", PR_O_CONTSTATS, PR_CAP_FE, 0, 0 },
{ "dontlognull", PR_O_NULLNOLOG, PR_CAP_FE, 0, 0 },
{ "http_proxy", PR_O_HTTP_PROXY, PR_CAP_FE | PR_CAP_BE, 0, PR_MODE_HTTP },
MEDIUM: http: add a new option http-buffer-request It is sometimes desirable to wait for the body of an HTTP request before taking a decision. This is what is being done by "balance url_param" for example. The first use case is to buffer requests from slow clients before connecting to the server. Another use case consists in taking the routing decision based on the request body's contents. This option placed in a frontend or backend forces the HTTP processing to wait until either the whole body is received, or the request buffer is full, or the first chunk is complete in case of chunked encoding. It can have undesired side effects with some applications abusing HTTP by expecting unbufferred transmissions between the frontend and the backend, so this should definitely not be used by default. Note that it would not work for the response because we don't reset the message state before starting to forward. For the response we need to 1) reset the message state to MSG_100_SENT or BODY , and 2) to reset body_len in case of chunked encoding to avoid counting it twice.
2015-05-01 16:42:08 -04:00
{ "http-buffer-request", PR_O_WREQ_BODY, PR_CAP_FE | PR_CAP_BE, 0, PR_MODE_HTTP },
MEDIUM: http: add option-ignore-probes to get rid of the floods of 408 Recently some browsers started to implement a "pre-connect" feature consisting in speculatively connecting to some recently visited web sites just in case the user would like to visit them. This results in many connections being established to web sites, which end up in 408 Request Timeout if the timeout strikes first, or 400 Bad Request when the browser decides to close them first. These ones pollute the log and feed the error counters. There was already "option dontlognull" but it's insufficient in this case. Instead, this option does the following things : - prevent any 400/408 message from being sent to the client if nothing was received over a connection before it was closed ; - prevent any log from being emitted in this situation ; - prevent any error counter from being incremented That way the empty connection is silently ignored. Note that it is better not to use this unless it is clear that it is needed, because it will hide real problems. The most common reason for not receiving a request and seeing a 408 is due to an MTU inconsistency between the client and an intermediary element such as a VPN, which blocks too large packets. These issues are generally seen with POST requests as well as GET with large cookies. The logs are often the only way to detect them. This patch should be backported to 1.5 since it avoids false alerts and makes it easier to monitor haproxy's status.
2015-05-01 09:37:53 -04:00
{ "http-ignore-probes", PR_O_IGNORE_PRB, PR_CAP_FE, 0, PR_MODE_HTTP },
MINOR: http: add option prefer-last-server When the load balancing algorithm in use is not deterministic, and a previous request was sent to a server to which haproxy still holds a connection, it is sometimes desirable that subsequent requests on a same session go to the same server as much as possible. Note that this is different from persistence, as we only indicate a preference which haproxy tries to apply without any form of warranty. The real use is for keep-alive connections sent to servers. When this option is used, haproxy will try to reuse the same connection that is attached to the server instead of rebalancing to another server, causing a close of the connection. This can make sense for static file servers. It does not make much sense to use this in combination with hashing algorithms.
2013-12-15 12:58:25 -05:00
{ "prefer-last-server", PR_O_PREF_LAST, PR_CAP_BE, 0, PR_MODE_HTTP },
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
{ "logasap", PR_O_LOGASAP, PR_CAP_FE, 0, 0 },
{ "nolinger", PR_O_TCP_NOLING, PR_CAP_FE | PR_CAP_BE, 0, 0 },
{ "persist", PR_O_PERSIST, PR_CAP_BE, 0, 0 },
{ "srvtcpka", PR_O_TCP_SRV_KA, PR_CAP_BE, 0, 0 },
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
#ifdef TPROXY
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
{ "transparent", PR_O_TRANSP, PR_CAP_BE, 0, 0 },
[MINOR] config: detect options not supported due to compilation options Some options depends on the target architecture or compilation options. When such an option is used on a compiled version that doesn't support it, it's probably better to identify it as an unsupported option due to compilation options instead of an unknown option. Edit: better check on the empty capability than on the option bits. -Willy
2010-11-01 14:26:00 -04:00
#else
{ "transparent", 0, 0, 0, 0 },
[MINOR] added the "tcpsplice" option it does nothing yet except set the minimal options.
2007-01-06 15:11:49 -05:00
#endif
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
{ NULL, 0, 0, 0, 0 }
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
};
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
/* proxy->options2 */
static const struct cfg_opt cfg_opts2[] =
{
#ifdef CONFIG_HAP_LINUX_SPLICE
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
{ "splice-request", PR_O2_SPLIC_REQ, PR_CAP_FE|PR_CAP_BE, 0, 0 },
{ "splice-response", PR_O2_SPLIC_RTR, PR_CAP_FE|PR_CAP_BE, 0, 0 },
{ "splice-auto", PR_O2_SPLIC_AUT, PR_CAP_FE|PR_CAP_BE, 0, 0 },
[MINOR] config: detect options not supported due to compilation options Some options depends on the target architecture or compilation options. When such an option is used on a compiled version that doesn't support it, it's probably better to identify it as an unsupported option due to compilation options instead of an unknown option. Edit: better check on the empty capability than on the option bits. -Willy
2010-11-01 14:26:00 -04:00
#else
{ "splice-request", 0, 0, 0, 0 },
{ "splice-response", 0, 0, 0, 0 },
{ "splice-auto", 0, 0, 0, 0 },
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
#endif
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
{ "accept-invalid-http-request", PR_O2_REQBUG_OK, PR_CAP_FE, 0, PR_MODE_HTTP },
{ "accept-invalid-http-response", PR_O2_RSPBUG_OK, PR_CAP_BE, 0, PR_MODE_HTTP },
{ "dontlog-normal", PR_O2_NOLOGNORM, PR_CAP_FE, 0, 0 },
{ "log-separate-errors", PR_O2_LOGERRORS, PR_CAP_FE, 0, 0 },
{ "log-health-checks", PR_O2_LOGHCHKS, PR_CAP_BE, 0, 0 },
{ "socket-stats", PR_O2_SOCKSTAT, PR_CAP_FE, 0, 0 },
{ "tcp-smart-accept", PR_O2_SMARTACC, PR_CAP_FE, 0, 0 },
{ "tcp-smart-connect", PR_O2_SMARTCON, PR_CAP_BE, 0, 0 },
{ "independant-streams", PR_O2_INDEPSTR, PR_CAP_FE|PR_CAP_BE, 0, 0 },
DOC: fix name for "option independant-streams" The correct spelling is "independent", not "independant". This patch fixes the doc and the configuration parser to accept the correct form. The config parser still allows the old naming for backwards compatibility.
2012-08-25 00:18:33 -04:00
{ "independent-streams", PR_O2_INDEPSTR, PR_CAP_FE|PR_CAP_BE, 0, 0 },
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
{ "http-use-proxy-header", PR_O2_USE_PXHDR, PR_CAP_FE, 0, PR_MODE_HTTP },
[MINOR] option http-pretend-keepalive is both for FEs and BEs The config parser only accepted it in frontends.
2010-04-27 16:19:14 -04:00
{ "http-pretend-keepalive", PR_O2_FAKE_KA, PR_CAP_FE|PR_CAP_BE, 0, PR_MODE_HTTP },
[MEDIUM] http: add support for "http-no-delay" There are some very rare server-to-server applications that abuse the HTTP protocol and expect the payload phase to be highly interactive, with many interleaved data chunks in both directions within a single request. This is absolutely not supported by the HTTP specification and will not work across most proxies or servers. When such applications attempt to do this through haproxy, it works but they will experience high delays due to the network optimizations which favor performance by instructing the system to wait for enough data to be available in order to only send full packets. Typical delays are around 200 ms per round trip. Note that this only happens with abnormal uses. Normal uses such as CONNECT requests nor WebSockets are not affected. When "option http-no-delay" is present in either the frontend or the backend used by a connection, all such optimizations will be disabled in order to make the exchanges as fast as possible. Of course this offers no guarantee on the functionality, as it may break at any other place. But if it works via HAProxy, it will work as fast as possible. This option should never be used by default, and should never be used at all unless such a buggy application is discovered. The impact of using this option is an increase of bandwidth usage and CPU usage, which may significantly lower performance in high latency environments. This change should be backported to 1.4 since the first report of such a misuse was in 1.4. Next patch will also be needed.
2011-05-30 12:10:30 -04:00
{ "http-no-delay", PR_O2_NODELAY, PR_CAP_FE|PR_CAP_BE, 0, PR_MODE_HTTP },
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
{ NULL, 0, 0, 0 }
};
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MINOR] report correct section type for unknown keywords. An unknown keyword was always reported in section "listen" for any section type (defaults, listen, frontend, backend, ...).
2008-01-22 10:44:08 -05:00
static char *cursection = NULL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
static struct proxy defproxy; /* fake proxy used to assign default values on all instances */
int cfg_maxpconn = DEFAULT_MAXCONN; /* # of simultaneous connections per proxy (-N) */
[CLEANUP] config: catch and report some possibly wrong rule ordering There are some configurations in which redirect rules are declared after use_backend rules. We can also find "block" rules after any of these ones. The processing sequence is : - block - redirect - use_backend So as of now we try to detect wrong ordering to warn the user about a possibly undesired behaviour.
2009-03-15 10:23:16 -04:00
int cfg_maxconn = 0; /* # of simultaneous connections, (-n) */
MINOR: cfgparse: Parse scope lines and save the last one parsed A scope is a section name between square bracket, alone on its line, ie: [scope-name] ... The spaces at the beginning and at the end of the line are skipped. Comments at the end of the line are also skipped. When a scope is parsed, its name is saved in the global variable cfg_scope. Initially, cfg_scope is NULL and it remains NULL until a valid scope line is parsed. This feature remains unused in the HAProxy configuration file and undocumented. However, it will be used during SPOE configuration parsing.
2016-11-04 17:36:15 -04:00
char *cfg_scope = NULL; /* the current scope during the configuration parsing */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
/* List head of all known configuration keywords */
static struct cfg_kw_list cfg_keywords = {
.list = LIST_HEAD_INIT(cfg_keywords.list)
};
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* converts <str> to a list of listeners which are dynamically allocated.
* The format is "{addr|'*'}:port[-end][,{addr|'*'}:port[-end]]*", where :
* - <addr> can be empty or "*" to indicate INADDR_ANY ;
* - <port> is a numerical port from 1 to 65535 ;
* - <end> indicates to use the range from <port> to <end> instead (inclusive).
* This can be repeated as many times as necessary, separated by a coma.
MINOR: config: make str2listener() use memprintf() to report errors. This will make it possible to use the function for other listening sockets.
2012-09-20 14:01:39 -04:00
* Function returns 1 for success or 0 if error. In case of errors, if <err> is
* not NULL, it must be a valid pointer to either NULL or a freeable area that
* will be replaced with an error message.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
MINOR: config: make str2listener() use memprintf() to report errors. This will make it possible to use the function for other listening sockets.
2012-09-20 14:01:39 -04:00
int str2listener(char *str, struct proxy *curproxy, struct bind_conf *bind_conf, const char *file, int line, char **err)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
struct listener *l;
[MINOR] cfgparse: better report wrong listening addresses and make use of str2sa_range It's always been a mess to debug wrong listening addresses because the parsing function does not indicate the file and line number. Now it does. Since the code was almost a duplicate of str2sa_range, it now makes use of it and has been sensibly reduced.
2011-03-04 09:43:13 -05:00
char *next, *dupstr;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
int port, end;
next = dupstr = strdup(str);
[MEDIUM] Collect & provide separate statistics for sockets, v2 This patch allows to collect & provide separate statistics for each socket. It can be very useful if you would like to distinguish between traffic generate by local and remote users or between different types of remote clients (peerings, domestic, foreign). Currently no "Session rate" is supported, but adding it should be possible if we found it useful.
2009-10-04 09:43:17 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
while (next && *next) {
MEDIUM: config: use a single str2sa_range() call to parse bind addresses str2listener() now doesn't check the address syntax, it only relies on str2sa_range() to retrieve the address and family.
2013-03-06 09:45:03 -05:00
struct sockaddr_storage ss, *ss2;
MAJOR: listener: support inheriting a listening fd from the parent Using the address syntax "fd@<num>", a listener may inherit a file descriptor that the caller process has already bound and passed as this number. The fd's socket family is detected using getsockname(), and the usual initialization is performed through the existing code for that family, but the socket creation is skipped. Whether the parent has performed the listen() call or not is not important as this is detected. For UNIX sockets, we immediately clear the path after preparing a socket so that we never remove it in case an abort would happen due to a late error during startup.
2013-03-10 18:51:38 -04:00
int fd = -1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
str = next;
/* 1) look for the end of the first address */
[BUG] Fix listen & more of 2 couples <ip>:<port> Fix "listen www-mutualise 80.248.x.y1:80,80.248.x.y2:80,80.248.x.y3:80": [ALERT] 309/161509 (15450) : Invalid server address: '80.248.x.y1:80,80.248.x.y2' [ALERT] 309/161509 (15450) : Error reading configuration file : /etc/haproxy/haproxy.cfg Bug reported by Laurent Dolosor.
2009-01-27 10:57:08 -05:00
if ((next = strchr(str, ',')) != NULL) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*next++ = 0;
}
MINOR: tools: make str2sa_range() return the port in a separate argument This will be needed so that we're don't have to extract it from the returned address where it will not always be anymore (eg: for unresolved servers).
2017-01-06 12:32:38 -05:00
ss2 = str2sa_range(str, NULL, &port, &end, err,
MEDIUM: tools: make str2sa_range() optionally return the FQDN The function does a bunch of things among which resolving environment variables, skipping address family specifiers and trimming port ranges. It is the only one which sees the complete host name before trying to resolve it. The DNS resolving code needs to know the original hostname, so we modify this function to optionally provide it to the caller. Note that the function itself doesn't know if the host part was a host or an address, but str2ip() knows that and can be asked not to try to resolve. So we first try to parse the address without resolving and try again with resolving enabled. This way we know if the address is explicit or needs some kind of resolution.
2015-09-08 09:50:19 -04:00
curproxy == global.stats_fe ? NULL : global.unix_bind.prefix,
MINOR: standard: avoid DNS resolution from the function str2sa_range() This patch blocks the DNS resolution in the function str2sa_range(), this is useful if the function is used during the HAProxy runtime.
2015-09-26 14:03:36 -04:00
NULL, 1);
MEDIUM: config: use a single str2sa_range() call to parse bind addresses str2listener() now doesn't check the address syntax, it only relies on str2sa_range() to retrieve the address and family.
2013-03-06 09:45:03 -05:00
if (!ss2)
goto fail;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: config: use a single str2sa_range() call to parse bind addresses str2listener() now doesn't check the address syntax, it only relies on str2sa_range() to retrieve the address and family.
2013-03-06 09:45:03 -05:00
if (ss2->ss_family == AF_INET || ss2->ss_family == AF_INET6) {
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (!port && !end) {
MINOR: config: make str2listener() use memprintf() to report errors. This will make it possible to use the function for other listening sockets.
2012-09-20 14:01:39 -04:00
memprintf(err, "missing port number: '%s'\n", str);
[MINOR] cfgparse: better report wrong listening addresses and make use of str2sa_range It's always been a mess to debug wrong listening addresses because the parsing function does not indicate the file and line number. Now it does. Since the code was almost a duplicate of str2sa_range, it now makes use of it and has been sensibly reduced.
2011-03-04 09:43:13 -05:00
goto fail;
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
}
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (!port || !end) {
memprintf(err, "port offsets are not allowed in 'bind': '%s'\n", str);
goto fail;
}
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
if (port < 1 || port > 65535) {
MINOR: config: make str2listener() use memprintf() to report errors. This will make it possible to use the function for other listening sockets.
2012-09-20 14:01:39 -04:00
memprintf(err, "invalid port '%d' specified for address '%s'.\n", port, str);
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
goto fail;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
if (end < 1 || end > 65535) {
MINOR: config: make str2listener() use memprintf() to report errors. This will make it possible to use the function for other listening sockets.
2012-09-20 14:01:39 -04:00
memprintf(err, "invalid port '%d' specified for address '%s'.\n", end, str);
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
goto fail;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MAJOR: listener: support inheriting a listening fd from the parent Using the address syntax "fd@<num>", a listener may inherit a file descriptor that the caller process has already bound and passed as this number. The fd's socket family is detected using getsockname(), and the usual initialization is performed through the existing code for that family, but the socket creation is skipped. Whether the parent has performed the listen() call or not is not important as this is detected. For UNIX sockets, we immediately clear the path after preparing a socket so that we never remove it in case an abort would happen due to a late error during startup.
2013-03-10 18:51:38 -04:00
else if (ss2->ss_family == AF_UNSPEC) {
socklen_t addr_len;
/* We want to attach to an already bound fd whose number
* is in the addr part of ss2 when cast to sockaddr_in.
* Note that by definition there is a single listener.
* We still have to determine the address family to
* register the correct protocol.
*/
fd = ((struct sockaddr_in *)ss2)->sin_addr.s_addr;
addr_len = sizeof(*ss2);
if (getsockname(fd, (struct sockaddr *)ss2, &addr_len) == -1) {
memprintf(err, "cannot use file descriptor '%d' : %s.\n", fd, strerror(errno));
goto fail;
}
port = end = get_host_port(ss2);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: config: use a single str2sa_range() call to parse bind addresses str2listener() now doesn't check the address syntax, it only relies on str2sa_range() to retrieve the address and family.
2013-03-06 09:45:03 -05:00
/* OK the address looks correct */
BUG/MAJOR: fix listening IP address storage for frontends When compiled with GCC 6, the IP address specified for a frontend was ignored and HAProxy was listening on all addresses instead. This is caused by an incomplete copy of a "struct sockaddr_storage". With the GNU Libc, "struct sockaddr_storage" is defined as this: struct sockaddr_storage { sa_family_t ss_family; unsigned long int __ss_align; char __ss_padding[(128 - (2 * sizeof (unsigned long int)))]; }; Doing an aggregate copy (ss1 = ss2) is different than using memcpy(): only members of the aggregate have to be copied. Notably, padding can be or not be copied. In GCC 6, some optimizations use this fact and if a "struct sockaddr_storage" contains a "struct sockaddr_in", the port and the address are part of the padding (between sa_family and __ss_align) and can be not copied over. Therefore, we replace any aggregate copy by a memcpy(). There is another place using the same pattern. We also fix a function receiving a "struct sockaddr_storage" by copy instead of by reference. Since it only needs a read-only copy, the function is converted to request a reference.
2016-05-18 10:17:44 -04:00
memcpy(&ss, ss2, sizeof(ss));
MEDIUM: config: use a single str2sa_range() call to parse bind addresses str2listener() now doesn't check the address syntax, it only relies on str2sa_range() to retrieve the address and family.
2013-03-06 09:45:03 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
for (; port <= end; port++) {
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
l = calloc(1, sizeof(*l));
MAJOR: connection: replace struct target with a pointer to an enum Instead of storing a couple of (int, ptr) in the struct connection and the struct session, we use a different method : we only store a pointer to an integer which is stored inside the target object and which contains a unique type identifier. That way, the pointer allows us to retrieve the object type (by dereferencing it) and the object's address (by computing the displacement in the target structure). The NULL pointer always corresponds to OBJ_TYPE_NONE. This reduces the size of the connection and session structs. It also simplifies target assignment and compare. In order to improve the generated code, we try to put the obj_type element at the beginning of all the structs (listener, server, proxy, si_applet), so that the original and target pointers are always equal. A lot of code was touched by massive replaces, but the changes are not that important.
2012-11-11 18:42:33 -05:00
l->obj_type = OBJ_TYPE_LISTENER;
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
LIST_ADDQ(&curproxy->conf.listeners, &l->by_fe);
LIST_ADDQ(&bind_conf->listeners, &l->by_bind);
l->bind_conf = bind_conf;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MAJOR: listener: support inheriting a listening fd from the parent Using the address syntax "fd@<num>", a listener may inherit a file descriptor that the caller process has already bound and passed as this number. The fd's socket family is detected using getsockname(), and the usual initialization is performed through the existing code for that family, but the socket creation is skipped. Whether the parent has performed the listen() call or not is not important as this is detected. For UNIX sockets, we immediately clear the path after preparing a socket so that we never remove it in case an abort would happen due to a late error during startup.
2013-03-10 18:51:38 -04:00
l->fd = fd;
BUG/MINOR: fix listening IP address storage for frontends (cont) Commit 6e6158 was incomplete. There was an additional aggregate copy that may trigger a similar case in the future.
2016-05-19 05:29:43 -04:00
memcpy(&l->addr, &ss, sizeof(ss));
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-28 20:09:36 -04:00
l->state = LI_INIT;
[MINOR] cfgparse: better report wrong listening addresses and make use of str2sa_range It's always been a mess to debug wrong listening addresses because the parsing function does not indicate the file and line number. Now it does. Since the code was almost a duplicate of str2sa_range, it now makes use of it and has been sensibly reduced.
2011-03-04 09:43:13 -05:00
if (ss.ss_family == AF_INET) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
((struct sockaddr_in *)(&l->addr))->sin_port = htons(port);
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-28 20:09:36 -04:00
tcpv4_add_listener(l);
}
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
else if (ss.ss_family == AF_INET6) {
((struct sockaddr_in6 *)(&l->addr))->sin6_port = htons(port);
tcpv6_add_listener(l);
}
else {
uxst_add_listener(l);
}
[MEDIUM] Collect & provide separate statistics for sockets, v2 This patch allows to collect & provide separate statistics for each socket. It can be very useful if you would like to distinguish between traffic generate by local and remote users or between different types of remote clients (peerings, domestic, foreign). Currently no "Session rate" is supported, but adding it should be possible if we found it useful.
2009-10-04 09:43:17 -04:00
[MINOR] support a global jobs counter This counter is incremented for each incoming connection and each active listener, and is used to prevent haproxy from stopping upon SIGUSR1. It will thus be possible for some tasks in increment this counter in order to prevent haproxy from dying until they have completed their job.
2010-08-31 09:39:26 -04:00
jobs++;
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-28 20:09:36 -04:00
listeners++;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} /* end for(port) */
} /* end while(next) */
free(dupstr);
[MEDIUM] Collect & provide separate statistics for sockets, v2 This patch allows to collect & provide separate statistics for each socket. It can be very useful if you would like to distinguish between traffic generate by local and remote users or between different types of remote clients (peerings, domestic, foreign). Currently no "Session rate" is supported, but adding it should be possible if we found it useful.
2009-10-04 09:43:17 -04:00
return 1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
fail:
free(dupstr);
[MEDIUM] Collect & provide separate statistics for sockets, v2 This patch allows to collect & provide separate statistics for each socket. It can be very useful if you would like to distinguish between traffic generate by local and remote users or between different types of remote clients (peerings, domestic, foreign). Currently no "Session rate" is supported, but adding it should be possible if we found it useful.
2009-10-04 09:43:17 -04:00
return 0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: cfgparse: add two new functions to check arguments count We already had alertif_too_many_args{,_idx}(), but these ones are specifically designed for use in cfgparse. Outside of it we're trying to avoid calling Alert() all the time so we need an equivalent using a pointer to an error message. These new functions called too_many_args{,_idx)() do exactly this. They don't take the file name nor the line number which they have no use for but instead they take an optional pointer to an error message and the pointer to the error code is optional as well. With (NULL, NULL) they'll simply check the validity and return a verdict. They are quite convenient for use in isolated keyword parsers. These two new functions as well as the previous ones have all been exported.
2016-12-21 16:41:44 -05:00
/*
* Report an error in <msg> when there are too many arguments. This version is
* intended to be used by keyword parsers so that the message will be included
* into the general error message. The index is the current keyword in args.
* Return 0 if the number of argument is correct, otherwise build a message and
* return 1. Fill err_code with an ERR_ALERT and an ERR_FATAL if not null. The
* message may also be null, it will simply not be produced (useful to check only).
* <msg> and <err_code> are only affected on error.
*/
int too_many_args_idx(int maxarg, int index, char **args, char **msg, int *err_code)
{
int i;
if (!*args[index + maxarg + 1])
return 0;
if (msg) {
*msg = NULL;
memprintf(msg, "%s", args[0]);
for (i = 1; i <= index; i++)
memprintf(msg, "%s %s", *msg, args[i]);
memprintf(msg, "'%s' cannot handle unexpected argument '%s'.", *msg, args[index + maxarg + 1]);
}
if (err_code)
*err_code |= ERR_ALERT | ERR_FATAL;
return 1;
}
/*
* same as too_many_args_idx with a 0 index
*/
int too_many_args(int maxarg, char **args, char **msg, int *err_code)
{
return too_many_args_idx(maxarg, 0, args, msg, err_code);
}
MEDIUM: cfgparse: check section maximum number of arguments This patch checks the number of arguments of the keywords: 'global', 'defaults', 'listen', 'backend', 'frontend', 'peers' and 'userlist' The 'global' section does not take any arguments. Proxy sections does not support bind address as argument anymore. Those sections supports only an <id> argument. The 'defaults' section didn't had any check on its arguments. It takes an optional <name> argument. 'peers' section takes a <peersect> argument. 'userlist' section takes a <listname> argument.
2015-04-28 10:55:23 -04:00
/*
* Report a fatal Alert when there is too much arguments
* The index is the current keyword in args
* Return 0 if the number of argument is correct, otherwise emit an alert and return 1
* Fill err_code with an ERR_ALERT and an ERR_FATAL
*/
int alertif_too_many_args_idx(int maxarg, int index, const char *file, int linenum, char **args, int *err_code)
{
char *kw = NULL;
int i;
if (!*args[index + maxarg + 1])
return 0;
memprintf(&kw, "%s", args[0]);
for (i = 1; i <= index; i++) {
memprintf(&kw, "%s %s", kw, args[i]);
}
Alert("parsing [%s:%d] : '%s' cannot handle unexpected argument '%s'.\n", file, linenum, kw, args[index + maxarg + 1]);
free(kw);
*err_code |= ERR_ALERT | ERR_FATAL;
return 1;
}
/*
* same as alertif_too_many_args_idx with a 0 index
*/
int alertif_too_many_args(int maxarg, const char *file, int linenum, char **args, int *err_code)
{
return alertif_too_many_args_idx(maxarg, 0, file, linenum, args, err_code);
}
MEDIUM: tcp: add registration and processing of TCP L5 rules This commit introduces "tcp-request session" rules. These are very much like "tcp-request connection" rules except that they're processed after the handshake, so it is possible to consider SSL information and addresses rewritten by the proxy protocol header in actions. This is particularly useful to track proxied sources as this was not possible before, given that tcp-request content rules are processed after each HTTP request. Similarly it is possible to assign the proxied source address or the client's cert to a variable.
2016-10-21 10:37:51 -04:00
/* Report a warning if a rule is placed after a 'tcp-request session' rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
int warnif_rule_after_tcp_sess(struct proxy *proxy, const char *file, int line, const char *arg)
{
if (!LIST_ISEMPTY(&proxy->tcp_req.l5_rules)) {
Warning("parsing [%s:%d] : a '%s' rule placed after a 'tcp-request session' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
MEDIUM: config: report it when tcp-request rules are misplaced A config where a tcp-request rule appears after an http-request rule might seem valid but it is not. So let's report a warning about this since this case is hard to detect by the naked eye.
2014-09-16 09:39:51 -04:00
/* Report a warning if a rule is placed after a 'tcp-request content' rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
int warnif_rule_after_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg)
{
if (!LIST_ISEMPTY(&proxy->tcp_req.inspect_rules)) {
Warning("parsing [%s:%d] : a '%s' rule placed after a 'tcp-request content' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
/* Report a warning if a rule is placed after a 'block' rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
[CLEANUP] config: specify correct const char types to warnif_* functions Also factor out a few declarations of acl_cond everywhere.
2010-01-28 13:01:34 -05:00
int warnif_rule_after_block(struct proxy *proxy, const char *file, int line, const char *arg)
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
{
CLEANUP: proxy: rename "block_cond" to "block_rules" Next patch will make them real rules, not only conditions. This separate patch makes the next one more readable.
2014-04-28 16:05:31 -04:00
if (!LIST_ISEMPTY(&proxy->block_rules)) {
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
Warning("parsing [%s:%d] : a '%s' rule placed after a 'block' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
MEDIUM: config: report misplaced http-request rules Recently, the http-request ruleset started to be used a lot and some bug reports were caused by misplaced http-request rules because there was no warning if they're after a redirect or use_backend rule. Let's fix this now. http-request rules are just after the block rules.
2014-04-22 19:32:02 -04:00
/* Report a warning if a rule is placed after an 'http_request' rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
int warnif_rule_after_http_req(struct proxy *proxy, const char *file, int line, const char *arg)
{
if (!LIST_ISEMPTY(&proxy->http_req_rules)) {
Warning("parsing [%s:%d] : a '%s' rule placed after an 'http-request' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
/* Report a warning if a rule is placed after a reqrewrite rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
[CLEANUP] config: specify correct const char types to warnif_* functions Also factor out a few declarations of acl_cond everywhere.
2010-01-28 13:01:34 -05:00
int warnif_rule_after_reqxxx(struct proxy *proxy, const char *file, int line, const char *arg)
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
{
if (proxy->req_exp) {
Warning("parsing [%s:%d] : a '%s' rule placed after a 'reqxxx' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
/* Report a warning if a rule is placed after a reqadd rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
[CLEANUP] config: specify correct const char types to warnif_* functions Also factor out a few declarations of acl_cond everywhere.
2010-01-28 13:01:34 -05:00
int warnif_rule_after_reqadd(struct proxy *proxy, const char *file, int line, const char *arg)
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
{
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
if (!LIST_ISEMPTY(&proxy->req_add)) {
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
Warning("parsing [%s:%d] : a '%s' rule placed after a 'reqadd' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
/* Report a warning if a rule is placed after a redirect rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
[CLEANUP] config: specify correct const char types to warnif_* functions Also factor out a few declarations of acl_cond everywhere.
2010-01-28 13:01:34 -05:00
int warnif_rule_after_redirect(struct proxy *proxy, const char *file, int line, const char *arg)
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
{
if (!LIST_ISEMPTY(&proxy->redirect_rules)) {
Warning("parsing [%s:%d] : a '%s' rule placed after a 'redirect' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
/* Report a warning if a rule is placed after a 'use_backend' rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
[CLEANUP] config: specify correct const char types to warnif_* functions Also factor out a few declarations of acl_cond everywhere.
2010-01-28 13:01:34 -05:00
int warnif_rule_after_use_backend(struct proxy *proxy, const char *file, int line, const char *arg)
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
{
if (!LIST_ISEMPTY(&proxy->switching_rules)) {
Warning("parsing [%s:%d] : a '%s' rule placed after a 'use_backend' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
MEDIUM: config: report misplaced use-server rules Till now there was no check against misplaced use-server rules, and no warning was emitted, adding to the confusion. They're processed just after the use_backend rules, or more exactly at the same level but for the backend.
2014-04-22 19:39:04 -04:00
/* Report a warning if a rule is placed after a 'use-server' rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
int warnif_rule_after_use_server(struct proxy *proxy, const char *file, int line, const char *arg)
{
if (!LIST_ISEMPTY(&proxy->server_rules)) {
Warning("parsing [%s:%d] : a '%s' rule placed after a 'use-server' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
CLEANUP: cfgparse: cascade the warnif_misplaced_* rules There are 8 functions each repeating what another does and adding one extra test. We used to have some copy-paste issues in the past due to this. Instead we now make them simply rely on the previous one and add the final test. It's much better and much safer. The functions could be moved to inlines but they're used at a few other locations only, it didn't make much sense in the end.
2016-11-25 09:16:12 -05:00
/* report a warning if a redirect rule is dangerously placed */
int warnif_misplaced_redirect(struct proxy *proxy, const char *file, int line, const char *arg)
MEDIUM: config: report it when tcp-request rules are misplaced A config where a tcp-request rule appears after an http-request rule might seem valid but it is not. So let's report a warning about this since this case is hard to detect by the naked eye.
2014-09-16 09:39:51 -04:00
{
CLEANUP: cfgparse: cascade the warnif_misplaced_* rules There are 8 functions each repeating what another does and adding one extra test. We used to have some copy-paste issues in the past due to this. Instead we now make them simply rely on the previous one and add the final test. It's much better and much safer. The functions could be moved to inlines but they're used at a few other locations only, it didn't make much sense in the end.
2016-11-25 09:16:12 -05:00
return warnif_rule_after_use_backend(proxy, file, line, arg) ||
MEDIUM: config: report it when tcp-request rules are misplaced A config where a tcp-request rule appears after an http-request rule might seem valid but it is not. So let's report a warning about this since this case is hard to detect by the naked eye.
2014-09-16 09:39:51 -04:00
warnif_rule_after_use_server(proxy, file, line, arg);
}
CLEANUP: cfgparse: cascade the warnif_misplaced_* rules There are 8 functions each repeating what another does and adding one extra test. We used to have some copy-paste issues in the past due to this. Instead we now make them simply rely on the previous one and add the final test. It's much better and much safer. The functions could be moved to inlines but they're used at a few other locations only, it didn't make much sense in the end.
2016-11-25 09:16:12 -05:00
/* report a warning if a reqadd rule is dangerously placed */
int warnif_misplaced_reqadd(struct proxy *proxy, const char *file, int line, const char *arg)
MEDIUM: config: report it when tcp-request rules are misplaced A config where a tcp-request rule appears after an http-request rule might seem valid but it is not. So let's report a warning about this since this case is hard to detect by the naked eye.
2014-09-16 09:39:51 -04:00
{
CLEANUP: cfgparse: cascade the warnif_misplaced_* rules There are 8 functions each repeating what another does and adding one extra test. We used to have some copy-paste issues in the past due to this. Instead we now make them simply rely on the previous one and add the final test. It's much better and much safer. The functions could be moved to inlines but they're used at a few other locations only, it didn't make much sense in the end.
2016-11-25 09:16:12 -05:00
return warnif_rule_after_redirect(proxy, file, line, arg) ||
warnif_misplaced_redirect(proxy, file, line, arg);
MEDIUM: config: report it when tcp-request rules are misplaced A config where a tcp-request rule appears after an http-request rule might seem valid but it is not. So let's report a warning about this since this case is hard to detect by the naked eye.
2014-09-16 09:39:51 -04:00
}
CLEANUP: cfgparse: cascade the warnif_misplaced_* rules There are 8 functions each repeating what another does and adding one extra test. We used to have some copy-paste issues in the past due to this. Instead we now make them simply rely on the previous one and add the final test. It's much better and much safer. The functions could be moved to inlines but they're used at a few other locations only, it didn't make much sense in the end.
2016-11-25 09:16:12 -05:00
/* report a warning if a reqxxx rule is dangerously placed */
int warnif_misplaced_reqxxx(struct proxy *proxy, const char *file, int line, const char *arg)
MEDIUM: config: report misplaced http-request rules Recently, the http-request ruleset started to be used a lot and some bug reports were caused by misplaced http-request rules because there was no warning if they're after a redirect or use_backend rule. Let's fix this now. http-request rules are just after the block rules.
2014-04-22 19:32:02 -04:00
{
CLEANUP: cfgparse: cascade the warnif_misplaced_* rules There are 8 functions each repeating what another does and adding one extra test. We used to have some copy-paste issues in the past due to this. Instead we now make them simply rely on the previous one and add the final test. It's much better and much safer. The functions could be moved to inlines but they're used at a few other locations only, it didn't make much sense in the end.
2016-11-25 09:16:12 -05:00
return warnif_rule_after_reqadd(proxy, file, line, arg) ||
warnif_misplaced_reqadd(proxy, file, line, arg);
MEDIUM: config: report misplaced http-request rules Recently, the http-request ruleset started to be used a lot and some bug reports were caused by misplaced http-request rules because there was no warning if they're after a redirect or use_backend rule. Let's fix this now. http-request rules are just after the block rules.
2014-04-22 19:32:02 -04:00
}
/* report a warning if an http-request rule is dangerously placed */
int warnif_misplaced_http_req(struct proxy *proxy, const char *file, int line, const char *arg)
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
{
return warnif_rule_after_reqxxx(proxy, file, line, arg) ||
CLEANUP: cfgparse: cascade the warnif_misplaced_* rules There are 8 functions each repeating what another does and adding one extra test. We used to have some copy-paste issues in the past due to this. Instead we now make them simply rely on the previous one and add the final test. It's much better and much safer. The functions could be moved to inlines but they're used at a few other locations only, it didn't make much sense in the end.
2016-11-25 09:16:12 -05:00
warnif_misplaced_reqxxx(proxy, file, line, arg);;
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
}
CLEANUP: cfgparse: cascade the warnif_misplaced_* rules There are 8 functions each repeating what another does and adding one extra test. We used to have some copy-paste issues in the past due to this. Instead we now make them simply rely on the previous one and add the final test. It's much better and much safer. The functions could be moved to inlines but they're used at a few other locations only, it didn't make much sense in the end.
2016-11-25 09:16:12 -05:00
/* report a warning if a block rule is dangerously placed */
int warnif_misplaced_block(struct proxy *proxy, const char *file, int line, const char *arg)
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
{
CLEANUP: cfgparse: cascade the warnif_misplaced_* rules There are 8 functions each repeating what another does and adding one extra test. We used to have some copy-paste issues in the past due to this. Instead we now make them simply rely on the previous one and add the final test. It's much better and much safer. The functions could be moved to inlines but they're used at a few other locations only, it didn't make much sense in the end.
2016-11-25 09:16:12 -05:00
return warnif_rule_after_http_req(proxy, file, line, arg) ||
warnif_misplaced_http_req(proxy, file, line, arg);
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
}
CLEANUP: cfgparse: cascade the warnif_misplaced_* rules There are 8 functions each repeating what another does and adding one extra test. We used to have some copy-paste issues in the past due to this. Instead we now make them simply rely on the previous one and add the final test. It's much better and much safer. The functions could be moved to inlines but they're used at a few other locations only, it didn't make much sense in the end.
2016-11-25 09:16:12 -05:00
/* report a warning if a "tcp request content" rule is dangerously placed */
int warnif_misplaced_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg)
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
{
CLEANUP: cfgparse: cascade the warnif_misplaced_* rules There are 8 functions each repeating what another does and adding one extra test. We used to have some copy-paste issues in the past due to this. Instead we now make them simply rely on the previous one and add the final test. It's much better and much safer. The functions could be moved to inlines but they're used at a few other locations only, it didn't make much sense in the end.
2016-11-25 09:16:12 -05:00
return warnif_rule_after_block(proxy, file, line, arg) ||
warnif_misplaced_block(proxy, file, line, arg);
MEDIUM: config: report misplaced use-server rules Till now there was no check against misplaced use-server rules, and no warning was emitted, adding to the confusion. They're processed just after the use_backend rules, or more exactly at the same level but for the backend.
2014-04-22 19:39:04 -04:00
}
CLEANUP: cfgparse: cascade the warnif_misplaced_* rules There are 8 functions each repeating what another does and adding one extra test. We used to have some copy-paste issues in the past due to this. Instead we now make them simply rely on the previous one and add the final test. It's much better and much safer. The functions could be moved to inlines but they're used at a few other locations only, it didn't make much sense in the end.
2016-11-25 09:16:12 -05:00
/* report a warning if a "tcp request session" rule is dangerously placed */
int warnif_misplaced_tcp_sess(struct proxy *proxy, const char *file, int line, const char *arg)
MEDIUM: config: report misplaced use-server rules Till now there was no check against misplaced use-server rules, and no warning was emitted, adding to the confusion. They're processed just after the use_backend rules, or more exactly at the same level but for the backend.
2014-04-22 19:39:04 -04:00
{
CLEANUP: cfgparse: cascade the warnif_misplaced_* rules There are 8 functions each repeating what another does and adding one extra test. We used to have some copy-paste issues in the past due to this. Instead we now make them simply rely on the previous one and add the final test. It's much better and much safer. The functions could be moved to inlines but they're used at a few other locations only, it didn't make much sense in the end.
2016-11-25 09:16:12 -05:00
return warnif_rule_after_tcp_cont(proxy, file, line, arg) ||
warnif_misplaced_tcp_cont(proxy, file, line, arg);
}
/* report a warning if a "tcp request connection" rule is dangerously placed */
int warnif_misplaced_tcp_conn(struct proxy *proxy, const char *file, int line, const char *arg)
{
return warnif_rule_after_tcp_sess(proxy, file, line, arg) ||
warnif_misplaced_tcp_sess(proxy, file, line, arg);
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
}
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
/* Report it if a request ACL condition uses some keywords that are incompatible
* with the place where the ACL is used. It returns either 0 or ERR_WARN so that
* its result can be or'ed with err_code. Note that <cond> may be NULL and then
* will be ignored.
[CLEANUP] config: use warnif_cond_requires_resp() to check for bad ACLs Factor out some repetitive copy-pasted code to check for request ACLs validity.
2010-01-28 11:59:39 -05:00
*/
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
static int warnif_cond_conflicts(const struct acl_cond *cond, unsigned int where, const char *file, int line)
[CLEANUP] config: use warnif_cond_requires_resp() to check for bad ACLs Factor out some repetitive copy-pasted code to check for request ACLs validity.
2010-01-28 11:59:39 -05:00
{
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
const struct acl *acl;
MEDIUM: acl: have a pointer to the keyword name in acl_expr The acl_expr struct used to hold a pointer to the ACL keyword. But since we now have all the relevant pointers, we don't need that anymore, we just need the pointer to the keyword as a string in order to return warnings and error messages. So let's change this in order to remove the dependency on the acl_keyword struct from acl_expr. During this change, acl_cond_kw_conflicts() used to return a pointer to an ACL keyword but had to be changed to return a const char* for the same reason.
2013-03-31 16:59:32 -04:00
const char *kw;
[CLEANUP] config: use warnif_cond_requires_resp() to check for bad ACLs Factor out some repetitive copy-pasted code to check for request ACLs validity.
2010-01-28 11:59:39 -05:00
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
if (!cond)
[CLEANUP] config: use warnif_cond_requires_resp() to check for bad ACLs Factor out some repetitive copy-pasted code to check for request ACLs validity.
2010-01-28 11:59:39 -05:00
return 0;
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
acl = acl_cond_conflicts(cond, where);
if (acl) {
if (acl->name && *acl->name)
Warning("parsing [%s:%d] : acl '%s' will never match because it only involves keywords that are incompatible with '%s'\n",
file, line, acl->name, sample_ckp_names(where));
else
Warning("parsing [%s:%d] : anonymous acl will never match because it uses keyword '%s' which is incompatible with '%s'\n",
MEDIUM: acl: have a pointer to the keyword name in acl_expr The acl_expr struct used to hold a pointer to the ACL keyword. But since we now have all the relevant pointers, we don't need that anymore, we just need the pointer to the keyword as a string in order to return warnings and error messages. So let's change this in order to remove the dependency on the acl_keyword struct from acl_expr. During this change, acl_cond_kw_conflicts() used to return a pointer to an ACL keyword but had to be changed to return a const char* for the same reason.
2013-03-31 16:59:32 -04:00
file, line, LIST_ELEM(acl->expr.n, struct acl_expr *, list)->kw, sample_ckp_names(where));
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
return ERR_WARN;
}
if (!acl_cond_kw_conflicts(cond, where, &acl, &kw))
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
return 0;
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
if (acl->name && *acl->name)
Warning("parsing [%s:%d] : acl '%s' involves keywords '%s' which is incompatible with '%s'\n",
MEDIUM: acl: have a pointer to the keyword name in acl_expr The acl_expr struct used to hold a pointer to the ACL keyword. But since we now have all the relevant pointers, we don't need that anymore, we just need the pointer to the keyword as a string in order to return warnings and error messages. So let's change this in order to remove the dependency on the acl_keyword struct from acl_expr. During this change, acl_cond_kw_conflicts() used to return a pointer to an ACL keyword but had to be changed to return a const char* for the same reason.
2013-03-31 16:59:32 -04:00
file, line, acl->name, kw, sample_ckp_names(where));
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
else
Warning("parsing [%s:%d] : anonymous acl involves keyword '%s' which is incompatible with '%s'\n",
MEDIUM: acl: have a pointer to the keyword name in acl_expr The acl_expr struct used to hold a pointer to the ACL keyword. But since we now have all the relevant pointers, we don't need that anymore, we just need the pointer to the keyword as a string in order to return warnings and error messages. So let's change this in order to remove the dependency on the acl_keyword struct from acl_expr. During this change, acl_cond_kw_conflicts() used to return a pointer to an ACL keyword but had to be changed to return a const char* for the same reason.
2013-03-31 16:59:32 -04:00
file, line, kw, sample_ckp_names(where));
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
return ERR_WARN;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
* parse a line in a <global> section. Returns the error code, 0 if OK, or
* any combination of :
* - ERR_ABORT: must abort ASAP
* - ERR_FATAL: we can continue parsing but not start the service
* - ERR_WARN: a warning has been emitted
* - ERR_ALERT: an alert has been emitted
* Only the two first ones can stop processing, the two others are just
* indicators.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
int err_code = 0;
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
char *errmsg = NULL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (!strcmp(args[0], "global")) { /* new section */
/* no option, nothing special to do */
MEDIUM: cfgparse: check section maximum number of arguments This patch checks the number of arguments of the keywords: 'global', 'defaults', 'listen', 'backend', 'frontend', 'peers' and 'userlist' The 'global' section does not take any arguments. Proxy sections does not support bind address as argument anymore. Those sections supports only an <id> argument. The 'defaults' section didn't had any check on its arguments. It takes an optional <name> argument. 'peers' section takes a <peersect> argument. 'userlist' section takes a <listname> argument.
2015-04-28 10:55:23 -04:00
alertif_too_many_args(0, file, linenum, args, &err_code);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "daemon")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.mode |= MODE_DAEMON;
}
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
else if (!strcmp(args[0], "master-worker")) {
MEDIUM: mworker: exit-on-failure option This option exits every workers when one of the current workers die. It allows you to monitor the master process in order to relaunch everything on a failure. For example it can be used with systemd and Restart=on-failure in a spec file.
2017-06-01 11:38:54 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
goto out;
MEDIUM: mworker: exit-on-failure option This option exits every workers when one of the current workers die. It allows you to monitor the master process in order to relaunch everything on a failure. For example it can be used with systemd and Restart=on-failure in a spec file.
2017-06-01 11:38:54 -04:00
if (*args[1]) {
if (!strcmp(args[1], "exit-on-failure")) {
global.tune.options |= GTUNE_EXIT_ONFAILURE;
} else {
Alert("parsing [%s:%d] : '%s' only supports 'exit-on-failure' option.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
MEDIUM: mworker: replace systemd mode by master worker mode This commit remove the -Ds systemd mode in HAProxy in order to replace it by a more generic master worker system. It aims to replace entirely the systemd wrapper in the near future. The master worker mode implements a new way of managing HAProxy processes. The master is in charge of parsing the configuration file and is responsible for spawning child processes. The master worker mode can be invoked by using the -W flag. It can be used either in background mode (-D) or foreground mode. When used in background mode, the master will fork to daemonize. In master worker background mode, chroot, setuid and setgid are done in each child rather than in the master process, because the master process will still need access to filesystem to reload the configuration.
2017-06-01 11:38:50 -04:00
global.mode |= MODE_MWORKER;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "debug")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.mode |= MODE_DEBUG;
}
else if (!strcmp(args[0], "noepoll")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_EPOLL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MAJOR] introduced speculative I/O with epoll() The principle behind speculative I/O is to speculatively try to perform I/O before registering the events in the system. This considerably reduces the number of calls to epoll_ctl() and sometimes even epoll_wait(), and manages to increase overall performance by about 10%. The new poller has been called "sepoll". It is used by default on Linux when it works. A corresponding option "nosepoll" and the command line argument "-ds" allow to disable it.
2007-04-15 18:53:59 -04:00
else if (!strcmp(args[0], "nokqueue")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_KQUEUE;
[MAJOR] introduced speculative I/O with epoll() The principle behind speculative I/O is to speculatively try to perform I/O before registering the events in the system. This considerably reduces the number of calls to epoll_ctl() and sometimes even epoll_wait(), and manages to increase overall performance by about 10%. The new poller has been called "sepoll". It is used by default on Linux when it works. A corresponding option "nosepoll" and the command line argument "-ds" allow to disable it.
2007-04-15 18:53:59 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "nopoll")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_POLL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
else if (!strcmp(args[0], "nosplice")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
global.tune.options &= ~GTUNE_USE_SPLICE;
}
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
else if (!strcmp(args[0], "nogetaddrinfo")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
global.tune.options &= ~GTUNE_USE_GAI;
}
MEDIUM: make SO_REUSEPORT configurable With Linux officially introducing SO_REUSEPORT support in 3.9 and its mainstream adoption we have seen more people running into strange SO_REUSEPORT related issues (a process management issue turning into hard to diagnose problems because the kernel load-balances between the new and an obsolete haproxy instance). Also some people simply want the guarantee that the bind fails when the old process is still bound. This change makes SO_REUSEPORT configurable, introducing the command line argument "-dR" and the noreuseport configuration directive. A backport to 1.6 should be considered.
2016-09-12 17:42:20 -04:00
else if (!strcmp(args[0], "noreuseport")) {
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
global.tune.options &= ~GTUNE_USE_REUSEPORT;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "quiet")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.mode |= MODE_QUIET;
}
[MEDIUM] limit the number of events returned by *poll* By default, epoll/kqueue used to return as many events as possible. This could sometimes cause huge latencies (latencies of up to 400 ms have been observed with many thousands of fds at once). Limiting the number of events returned also reduces the latency by avoiding too many blind processing. The value is set to 200 by default and can be changed in the global section using the tune.maxpollevents parameter.
2007-06-03 11:16:49 -04:00
else if (!strcmp(args[0], "tune.maxpollevents")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] limit the number of events returned by *poll* By default, epoll/kqueue used to return as many events as possible. This could sometimes cause huge latencies (latencies of up to 400 ms have been observed with many thousands of fds at once). Limiting the number of events returned also reduces the latency by avoiding too many blind processing. The value is set to 200 by default and can be changed in the global section using the tune.maxpollevents parameter.
2007-06-03 11:16:49 -04:00
if (global.tune.maxpollevents != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[MEDIUM] limit the number of events returned by *poll* By default, epoll/kqueue used to return as many events as possible. This could sometimes cause huge latencies (latencies of up to 400 ms have been observed with many thousands of fds at once). Limiting the number of events returned also reduces the latency by avoiding too many blind processing. The value is set to 200 by default and can be changed in the global section using the tune.maxpollevents parameter.
2007-06-03 11:16:49 -04:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] limit the number of events returned by *poll* By default, epoll/kqueue used to return as many events as possible. This could sometimes cause huge latencies (latencies of up to 400 ms have been observed with many thousands of fds at once). Limiting the number of events returned also reduces the latency by avoiding too many blind processing. The value is set to 200 by default and can be changed in the global section using the tune.maxpollevents parameter.
2007-06-03 11:16:49 -04:00
}
global.tune.maxpollevents = atol(args[1]);
}
[OPTIM] introduce global parameter "tune.maxaccept" This new parameter makes it possible to override the default number of consecutive incoming connections which can be accepted on a socket. By default it is not limited on single process mode, and limited to 8 in multi-process mode.
2008-01-06 05:22:57 -05:00
else if (!strcmp(args[0], "tune.maxaccept")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[OPTIM] introduce global parameter "tune.maxaccept" This new parameter makes it possible to override the default number of consecutive incoming connections which can be accepted on a socket. By default it is not limited on single process mode, and limited to 8 in multi-process mode.
2008-01-06 05:22:57 -05:00
if (global.tune.maxaccept != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[OPTIM] introduce global parameter "tune.maxaccept" This new parameter makes it possible to override the default number of consecutive incoming connections which can be accepted on a socket. By default it is not limited on single process mode, and limited to 8 in multi-process mode.
2008-01-06 05:22:57 -05:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[OPTIM] introduce global parameter "tune.maxaccept" This new parameter makes it possible to override the default number of consecutive incoming connections which can be accepted on a socket. By default it is not limited on single process mode, and limited to 8 in multi-process mode.
2008-01-06 05:22:57 -05:00
}
global.tune.maxaccept = atol(args[1]);
}
[MINOR] global: add "tune.chksize" to change the default check buffer size HTTP content-based health checks will be involved in searching text in pages. Some pages may not fit in the default buffer (16kB) and sometimes it might be desired to have larger buffers in order to find patterns. Running checks on smaller URIs is always preferred of course. (cherry picked from commit 043f44aeb835f3d0b57626c4276581a73600b6b1)
2010-10-04 14:39:20 -04:00
else if (!strcmp(args[0], "tune.chksize")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] global: add "tune.chksize" to change the default check buffer size HTTP content-based health checks will be involved in searching text in pages. Some pages may not fit in the default buffer (16kB) and sometimes it might be desired to have larger buffers in order to find patterns. Running checks on smaller URIs is always preferred of course. (cherry picked from commit 043f44aeb835f3d0b57626c4276581a73600b6b1)
2010-10-04 14:39:20 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.chksize = atol(args[1]);
}
MINOR: config: make tune.recv_enough configurable This setting used to be assigned to a variable tunable from a constant and for an unknown reason never made its way into the config parser. tune.recv_enough <number> Haproxy uses some hints to detect that a short read indicates the end of the socket buffers. One of them is that a read returns more than <recv_enough> bytes, which defaults to 10136 (7 segments of 1448 each). This default value may be changed by this setting to better deal with workloads involving lots of short messages such as telnet or SSH sessions.
2015-12-14 06:04:35 -05:00
else if (!strcmp(args[0], "tune.recv_enough")) {
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.recv_enough = atol(args[1]);
}
MINOR: config: implement global setting tune.buffers.limit This setting is used to limit memory usage without causing the alloc failures caused by "-m". Unexpectedly, tests have shown a performance boost of up to about 18% on HTTP traffic when limiting the number of buffers to about 10% of the amount of concurrent connections. tune.buffers.limit <number> Sets a hard limit on the number of buffers which may be allocated per process. The default value is zero which means unlimited. The minimum non-zero value will always be greater than "tune.buffers.reserve" and should ideally always be about twice as large. Forcing this value can be particularly useful to limit the amount of memory a process may take, while retaining a sane behaviour. When this limit is reached, sessions which need a buffer wait for another one to be released by another session. Since buffers are dynamically allocated and released, the waiting time is very short and not perceptible provided that limits remain reasonable. In fact sometimes reducing the limit may even increase performance by increasing the CPU cache's efficiency. Tests have shown good results on average HTTP traffic with a limit to 1/10 of the expected global maxconn setting, which also significantly reduces memory usage. The memory savings come from the fact that a number of connections will not allocate 2*tune.bufsize. It is best not to touch this value unless advised to do so by an haproxy core developer.
2014-12-23 16:52:37 -05:00
else if (!strcmp(args[0], "tune.buffers.limit")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: config: implement global setting tune.buffers.limit This setting is used to limit memory usage without causing the alloc failures caused by "-m". Unexpectedly, tests have shown a performance boost of up to about 18% on HTTP traffic when limiting the number of buffers to about 10% of the amount of concurrent connections. tune.buffers.limit <number> Sets a hard limit on the number of buffers which may be allocated per process. The default value is zero which means unlimited. The minimum non-zero value will always be greater than "tune.buffers.reserve" and should ideally always be about twice as large. Forcing this value can be particularly useful to limit the amount of memory a process may take, while retaining a sane behaviour. When this limit is reached, sessions which need a buffer wait for another one to be released by another session. Since buffers are dynamically allocated and released, the waiting time is very short and not perceptible provided that limits remain reasonable. In fact sometimes reducing the limit may even increase performance by increasing the CPU cache's efficiency. Tests have shown good results on average HTTP traffic with a limit to 1/10 of the expected global maxconn setting, which also significantly reduces memory usage. The memory savings come from the fact that a number of connections will not allocate 2*tune.bufsize. It is best not to touch this value unless advised to do so by an haproxy core developer.
2014-12-23 16:52:37 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.buf_limit = atol(args[1]);
if (global.tune.buf_limit) {
if (global.tune.buf_limit < 3)
global.tune.buf_limit = 3;
if (global.tune.buf_limit <= global.tune.reserved_bufs)
global.tune.buf_limit = global.tune.reserved_bufs + 1;
}
}
MINOR: config: implement global setting tune.buffers.reserve Used in conjunction with the dynamic buffer allocator. tune.buffers.reserve <number> Sets the number of buffers which are pre-allocated and reserved for use only during memory shortage conditions resulting in failed memory allocations. The minimum value is 2 and is also the default. There is no reason a user would want to change this value, it's mostly aimed at haproxy core developers.
2014-12-23 16:40:40 -05:00
else if (!strcmp(args[0], "tune.buffers.reserve")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: config: implement global setting tune.buffers.reserve Used in conjunction with the dynamic buffer allocator. tune.buffers.reserve <number> Sets the number of buffers which are pre-allocated and reserved for use only during memory shortage conditions resulting in failed memory allocations. The minimum value is 2 and is also the default. There is no reason a user would want to change this value, it's mostly aimed at haproxy core developers.
2014-12-23 16:40:40 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.reserved_bufs = atol(args[1]);
if (global.tune.reserved_bufs < 2)
global.tune.reserved_bufs = 2;
MINOR: config: implement global setting tune.buffers.limit This setting is used to limit memory usage without causing the alloc failures caused by "-m". Unexpectedly, tests have shown a performance boost of up to about 18% on HTTP traffic when limiting the number of buffers to about 10% of the amount of concurrent connections. tune.buffers.limit <number> Sets a hard limit on the number of buffers which may be allocated per process. The default value is zero which means unlimited. The minimum non-zero value will always be greater than "tune.buffers.reserve" and should ideally always be about twice as large. Forcing this value can be particularly useful to limit the amount of memory a process may take, while retaining a sane behaviour. When this limit is reached, sessions which need a buffer wait for another one to be released by another session. Since buffers are dynamically allocated and released, the waiting time is very short and not perceptible provided that limits remain reasonable. In fact sometimes reducing the limit may even increase performance by increasing the CPU cache's efficiency. Tests have shown good results on average HTTP traffic with a limit to 1/10 of the expected global maxconn setting, which also significantly reduces memory usage. The memory savings come from the fact that a number of connections will not allocate 2*tune.bufsize. It is best not to touch this value unless advised to do so by an haproxy core developer.
2014-12-23 16:52:37 -05:00
if (global.tune.buf_limit && global.tune.buf_limit <= global.tune.reserved_bufs)
global.tune.buf_limit = global.tune.reserved_bufs + 1;
MINOR: config: implement global setting tune.buffers.reserve Used in conjunction with the dynamic buffer allocator. tune.buffers.reserve <number> Sets the number of buffers which are pre-allocated and reserved for use only during memory shortage conditions resulting in failed memory allocations. The minimum value is 2 and is also the default. There is no reason a user would want to change this value, it's mostly aimed at haproxy core developers.
2014-12-23 16:40:40 -05:00
}
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
else if (!strcmp(args[0], "tune.bufsize")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.bufsize = atol(args[1]);
BUG/MINOR: config: check that tune.bufsize is always positive We must not accept negative values for tune.bufsize as they will only result in crashing the process during the parsing.
2015-09-28 07:49:53 -04:00
if (global.tune.bufsize <= 0) {
Alert("parsing [%s:%d] : '%s' expects a positive integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_init(&trash, realloc(trash.str, global.tune.bufsize), global.tune.bufsize);
MINOR: chunks: allocate the trash chunks before parsing the config get_trash_chunk() is convenient also while parsing the config, better allocate them early just like the global trash.
2013-12-13 08:41:10 -05:00
alloc_trash_buffers(global.tune.bufsize);
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
}
else if (!strcmp(args[0], "tune.maxrewrite")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.maxrewrite = atol(args[1]);
MEDIUM: config: set tune.maxrewrite to 1024 by default The tune.maxrewrite parameter used to be pre-initialized to half of the buffer size since the very early days when buffers were very small. It has grown to absurdly large values over the years to reach 8kB for a 16kB buffer. This prevents large requests from being accepted, which is the opposite of the initial goal. Many users fix it to 1024 which is already quite large for header addition. So let's change the default setting policy : - pre-initialize it to 1024 - let the user tweak it - in any case, limit it to tune.bufsize / 2 This results in 15kB usable to buffer HTTP messages instead of 8kB, and doesn't affect existing configurations which already force it.
2015-09-28 07:53:23 -04:00
if (global.tune.maxrewrite < 0) {
Alert("parsing [%s:%d] : '%s' expects a positive integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
}
MINOR: config: make the stream interface idle timer user-configurable The new tune.idletimer value allows one to set a different value for idle stream detection. The default value remains set to one second. It is possible to disable it using zero, and to change the default value at build time using DEFAULT_IDLE_TIMER.
2014-02-12 10:35:14 -05:00
else if (!strcmp(args[0], "tune.idletimer")) {
unsigned int idle;
const char *res;
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: config: make the stream interface idle timer user-configurable The new tune.idletimer value allows one to set a different value for idle stream detection. The default value remains set to one second. It is possible to disable it using zero, and to change the default value at build time using DEFAULT_IDLE_TIMER.
2014-02-12 10:35:14 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a timer value between 0 and 65535 ms.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
res = parse_time_err(args[1], &idle, TIME_UNIT_MS);
if (res) {
Alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s>.\n",
file, linenum, *res, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (idle > 65535) {
Alert("parsing [%s:%d] : '%s' expects a timer value between 0 and 65535 ms.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.idle_timer = idle;
}
[MINOR] add the ability to force kernel socket buffer size. Sometimes we need to be able to change the default kernel socket buffer size (recv and send). Four new global settings have been added for this : - tune.rcvbuf.client - tune.rcvbuf.server - tune.sndbuf.client - tune.sndbuf.server Those can be used to reduce kernel memory footprint with large numbers of concurrent connections, and to reduce risks of write timeouts with very slow clients due to excessive kernel buffering.
2010-01-21 11:43:04 -05:00
else if (!strcmp(args[0], "tune.rcvbuf.client")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] add the ability to force kernel socket buffer size. Sometimes we need to be able to change the default kernel socket buffer size (recv and send). Four new global settings have been added for this : - tune.rcvbuf.client - tune.rcvbuf.server - tune.sndbuf.client - tune.sndbuf.server Those can be used to reduce kernel memory footprint with large numbers of concurrent connections, and to reduce risks of write timeouts with very slow clients due to excessive kernel buffering.
2010-01-21 11:43:04 -05:00
if (global.tune.client_rcvbuf != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.client_rcvbuf = atol(args[1]);
}
else if (!strcmp(args[0], "tune.rcvbuf.server")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] add the ability to force kernel socket buffer size. Sometimes we need to be able to change the default kernel socket buffer size (recv and send). Four new global settings have been added for this : - tune.rcvbuf.client - tune.rcvbuf.server - tune.sndbuf.client - tune.sndbuf.server Those can be used to reduce kernel memory footprint with large numbers of concurrent connections, and to reduce risks of write timeouts with very slow clients due to excessive kernel buffering.
2010-01-21 11:43:04 -05:00
if (global.tune.server_rcvbuf != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.server_rcvbuf = atol(args[1]);
}
else if (!strcmp(args[0], "tune.sndbuf.client")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] add the ability to force kernel socket buffer size. Sometimes we need to be able to change the default kernel socket buffer size (recv and send). Four new global settings have been added for this : - tune.rcvbuf.client - tune.rcvbuf.server - tune.sndbuf.client - tune.sndbuf.server Those can be used to reduce kernel memory footprint with large numbers of concurrent connections, and to reduce risks of write timeouts with very slow clients due to excessive kernel buffering.
2010-01-21 11:43:04 -05:00
if (global.tune.client_sndbuf != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.client_sndbuf = atol(args[1]);
}
else if (!strcmp(args[0], "tune.sndbuf.server")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] add the ability to force kernel socket buffer size. Sometimes we need to be able to change the default kernel socket buffer size (recv and send). Four new global settings have been added for this : - tune.rcvbuf.client - tune.rcvbuf.server - tune.sndbuf.client - tune.sndbuf.server Those can be used to reduce kernel memory footprint with large numbers of concurrent connections, and to reduce risks of write timeouts with very slow clients due to excessive kernel buffering.
2010-01-21 11:43:04 -05:00
if (global.tune.server_sndbuf != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.server_sndbuf = atol(args[1]);
}
OPTIM/MINOR: make it possible to change pipe size (tune.pipesize) By default, pipes are the default size for the system. But sometimes when using TCP splicing, it can improve performance to increase pipe sizes, especially if it is suspected that pipes are not filled and that many calls to splice() are performed. This has an impact on the kernel's memory footprint, so this must not be changed if impacts are not understood.
2011-10-23 15:14:29 -04:00
else if (!strcmp(args[0], "tune.pipesize")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
OPTIM/MINOR: make it possible to change pipe size (tune.pipesize) By default, pipes are the default size for the system. But sometimes when using TCP splicing, it can improve performance to increase pipe sizes, especially if it is suspected that pipes are not filled and that many calls to splice() are performed. This has an impact on the kernel's memory footprint, so this must not be changed if impacts are not understood.
2011-10-23 15:14:29 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.pipesize = atol(args[1]);
}
MINOR: http: allow the cookie capture size to be changed Some users need more than 64 characters to log large cookies. The limit was set to 63 characters (and not 64 as previously documented). Now it is possible to change this using the global "tune.http.cookielen" setting if required.
2012-11-21 18:17:38 -05:00
else if (!strcmp(args[0], "tune.http.cookielen")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: http: allow the cookie capture size to be changed Some users need more than 64 characters to log large cookies. The limit was set to 63 characters (and not 64 as previously documented). Now it is possible to change this using the global "tune.http.cookielen" setting if required.
2012-11-21 18:17:38 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.cookie_len = atol(args[1]) + 1;
}
MINOR: log: Add logurilen tunable. The default len of request uri in log messages is 1024. In some use cases, you need to keep the long trail of GET parameters. The only way to increase this len is to recompile with DEFINE=-DREQURI_LEN=2048. This commit introduces a tune.http.logurilen configuration directive, allowing to tune this at runtime.
2017-05-18 02:58:41 -04:00
else if (!strcmp(args[0], "tune.http.logurilen")) {
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.requri_len = atol(args[1]) + 1;
}
MEDIUM: tune.http.maxhdr makes it possible to configure the maximum number of HTTP headers For a long time, the max number of headers was taken as a part of the buffer size. Since the header size can be configured at runtime, it does not make much sense anymore. Nothing was making it necessary to have a static value, so let's turn this into a tunable with a default value of 101 which equals what was previously used.
2011-10-24 13:14:41 -04:00
else if (!strcmp(args[0], "tune.http.maxhdr")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MEDIUM: tune.http.maxhdr makes it possible to configure the maximum number of HTTP headers For a long time, the max number of headers was taken as a part of the buffer size. Since the header size can be configured at runtime, it does not make much sense anymore. Nothing was making it necessary to have a static value, so let's turn this into a tunable with a default value of 101 which equals what was previously used.
2011-10-24 13:14:41 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
BUG/MINOR: cfgparse: Check if tune.http.maxhdr is in the range 1..32767 We cannot store more than 32K headers in the structure hdr_idx, because internaly we use signed short integers. To avoid any bugs (due to an integers overflow), a check has been added on tune.http.maxhdr to be sure to not set a value greater than 32767 and lower than 1 (because this is a nonsense to set this parameter to a value <= 0). The documentation has been updated accordingly. This patch can be backported in 1.7, 1.6 and 1.5.
2017-06-21 10:31:35 -04:00
global.tune.max_http_hdr = atoi(args[1]);
if (global.tune.max_http_hdr < 1 || global.tune.max_http_hdr > 32767) {
Alert("parsing [%s:%d] : '%s' expects a numeric value between 1 and 32767\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: tune.http.maxhdr makes it possible to configure the maximum number of HTTP headers For a long time, the max number of headers was taken as a part of the buffer size. Since the header size can be configured at runtime, it does not make much sense anymore. Nothing was making it necessary to have a static value, so let's turn this into a tunable with a default value of 101 which equals what was previously used.
2011-10-24 13:14:41 -04:00
}
MINOR: compression: tune.comp.maxlevel This option allows you to set the maximum compression level usable by the compression algorithm. It affects CPU usage.
2012-11-09 06:33:10 -05:00
else if (!strcmp(args[0], "tune.comp.maxlevel")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: compression: tune.comp.maxlevel This option allows you to set the maximum compression level usable by the compression algorithm. It affects CPU usage.
2012-11-09 06:33:10 -05:00
if (*args[1]) {
global.tune.comp_maxlevel = atoi(args[1]);
if (global.tune.comp_maxlevel < 1 || global.tune.comp_maxlevel > 9) {
Alert("parsing [%s:%d] : '%s' expects a numeric value between 1 and 9\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
} else {
Alert("parsing [%s:%d] : '%s' expects a numeric value between 1 and 9\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
MAJOR: pattern: add LRU-based cache on pattern matching The principle of this cache is to have a global cache for all pattern matching operations which rely on lists (reg, sub, dir, dom, ...). The input data, the expression and a random seed are used as a hashing key. The cached entries contains a pointer to the expression and a revision number for that expression so that we don't accidently used obsolete data after a pattern update or a very unlikely hash collision. Regarding the risk of collisions, 10k entries at 10k req/s mean 1% risk of a collision after 60 years, that's already much less than the memory's reliability in most machines and more durable than most admin's life expectancy. A collision will result in a valid result to be returned for a different entry from the same list. If this is not acceptable, the cache can be disabled using tune.pattern.cache-size. A test on a file containing 10k small regex showed that the regex matching was limited to 6k/s instead of 70k with regular strings. When enabling the LRU cache, the performance was back to 70k/s.
2015-04-29 10:24:50 -04:00
else if (!strcmp(args[0], "tune.pattern.cache-size")) {
if (*args[1]) {
global.tune.pattern_cache = atoi(args[1]);
if (global.tune.pattern_cache < 0) {
Alert("parsing [%s:%d] : '%s' expects a positive numeric value\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
} else {
Alert("parsing [%s:%d] : '%s' expects a positive numeric value\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "uid")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (global.uid != 0) {
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
Alert("parsing [%s:%d] : user/uid already specified. Continuing.\n", file, linenum);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: cfgparse: warn when uid parameter is not a number Currently, no warning are emitted when the uid is not a number. Purpose of this warning is to let admins know they their configuration won't be applied as expected.
2016-03-11 11:10:04 -05:00
if (strl2irc(args[1], strlen(args[1]), &global.uid) != 0) {
Warning("parsing [%s:%d] : uid: string '%s' is not a number.\n | You might want to use the 'user' parameter to use a system user name.\n", file, linenum, args[1]);
err_code |= ERR_WARN;
goto out;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "gid")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (global.gid != 0) {
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
Alert("parsing [%s:%d] : group/gid already specified. Continuing.\n", file, linenum);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: cfgparse: warn when gid parameter is not a number Currently, no warning are emitted when the gid is not a number. Purpose of this warning is to let admins know they their configuration won't be applied as expected.
2016-03-11 11:21:15 -05:00
if (strl2irc(args[1], strlen(args[1]), &global.gid) != 0) {
Warning("parsing [%s:%d] : gid: string '%s' is not a number.\n | You might want to use the 'group' parameter to use a system group name.\n", file, linenum, args[1]);
err_code |= ERR_WARN;
goto out;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
else if (!strcmp(args[0], "external-check")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
global.external_check = 1;
}
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
/* user/group name handling */
else if (!strcmp(args[0], "user")) {
struct passwd *ha_user;
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
if (global.uid != 0) {
Alert("parsing [%s:%d] : user/uid already specified. Continuing.\n", file, linenum);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
}
errno = 0;
ha_user = getpwnam(args[1]);
if (ha_user != NULL) {
global.uid = (int)ha_user->pw_uid;
}
else {
Alert("parsing [%s:%d] : cannot find user id for '%s' (%d:%s)\n", file, linenum, args[1], errno, strerror(errno));
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
}
}
else if (!strcmp(args[0], "group")) {
struct group *ha_group;
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
if (global.gid != 0) {
[MINOR] fix several printf formats and missing arguments Last patch revealed a number of mistakes in printf-like calls, mostly int/long mismatches, and a few missing arguments.
2009-04-03 08:49:12 -04:00
Alert("parsing [%s:%d] : gid/group was already specified. Continuing.\n", file, linenum);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
}
errno = 0;
ha_group = getgrnam(args[1]);
if (ha_group != NULL) {
global.gid = (int)ha_group->gr_gid;
}
else {
Alert("parsing [%s:%d] : cannot find group id for '%s' (%d:%s)\n", file, linenum, args[1], errno, strerror(errno));
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
}
}
/* end of user/group name handling*/
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "nbproc")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
global.nbproc = atol(args[1]);
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
if (global.nbproc < 1 || global.nbproc > LONGBITS) {
Alert("parsing [%s:%d] : '%s' must be between 1 and %d (was %d).\n",
file, linenum, args[0], LONGBITS, global.nbproc);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "maxconn")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (global.maxconn != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
global.maxconn = atol(args[1]);
#ifdef SYSTEM_MAXCONN
if (global.maxconn > DEFAULT_MAXCONN && cfg_maxconn <= DEFAULT_MAXCONN) {
Alert("parsing [%s:%d] : maxconn value %d too high for this system.\nLimiting to %d. Please use '-n' to force the value.\n", file, linenum, global.maxconn, DEFAULT_MAXCONN);
global.maxconn = DEFAULT_MAXCONN;
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
#endif /* SYSTEM_MAXCONN */
MINOR: config: add global directives to set default SSL ciphers The ability to globally override the default client and server cipher suites has been requested multiple times since the introduction of SSL. This commit adds two new keywords to the global section for this : - ssl-default-bind-ciphers - ssl-default-server-ciphers It is still possible to preset them at build time by setting the macros LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS.
2014-02-13 05:36:41 -05:00
}
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
else if (!strcmp(args[0], "ssl-server-verify")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (strcmp(args[1],"none") == 0)
global.ssl_server_verify = SSL_SERVER_VERIFY_NONE;
else if (strcmp(args[1],"required") == 0)
global.ssl_server_verify = SSL_SERVER_VERIFY_REQUIRED;
else {
Alert("parsing [%s:%d] : '%s' expects 'none' or 'required' as argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
[MEDIUM] add support for global.maxconnrate to limit the per-process conn rate. This one enforces a per-process connection rate limit, regardless of what may be set per frontend. It can be a way to limit the CPU usage of a process being severely attacked. The side effect is that the global process connection rate is now measured for each incoming connection, so it will be possible to report it.
2011-09-07 09:17:21 -04:00
else if (!strcmp(args[0], "maxconnrate")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] add support for global.maxconnrate to limit the per-process conn rate. This one enforces a per-process connection rate limit, regardless of what may be set per frontend. It can be a way to limit the CPU usage of a process being severely attacked. The side effect is that the global process connection rate is now measured for each incoming connection, so it will be possible to report it.
2011-09-07 09:17:21 -04:00
if (global.cps_lim != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.cps_lim = atol(args[1]);
}
MEDIUM: listener: add support for limiting the session rate in addition to the connection rate It's sometimes useful to be able to limit the connection rate on a machine running many haproxy instances (eg: per customer) but it removes the ability for that machine to defend itself against a DoS. Thus, better also provide a limit on the session rate, which does not include the connections rejected by "tcp-request connection" rules. This permits to have much higher limits on the connection rate without having to raise the session rate limit to insane values. The limit can be changed on the CLI using "set rate-limit sessions global", or in the global section using "maxsessrate".
2013-10-07 12:51:07 -04:00
else if (!strcmp(args[0], "maxsessrate")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MEDIUM: listener: add support for limiting the session rate in addition to the connection rate It's sometimes useful to be able to limit the connection rate on a machine running many haproxy instances (eg: per customer) but it removes the ability for that machine to defend itself against a DoS. Thus, better also provide a limit on the session rate, which does not include the connections rejected by "tcp-request connection" rules. This permits to have much higher limits on the connection rate without having to raise the session rate limit to insane values. The limit can be changed on the CLI using "set rate-limit sessions global", or in the global section using "maxsessrate".
2013-10-07 12:51:07 -04:00
if (global.sps_lim != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.sps_lim = atol(args[1]);
}
MEDIUM: listener: apply a limit on the session rate submitted to SSL Just like the previous commit, we sometimes want to limit the rate of incoming SSL connections. While it can be done for a frontend, it was not possible for a whole process, which makes sense when multiple processes are running on a system to server multiple customers. The new global "maxsslrate" setting is usable to fix a limit on the session rate going to the SSL frontends. The limits applies before the SSL handshake and not after, so that it saves the SSL stack from expensive key computations that would finally be aborted before being accounted for. The same setting may be changed at run time on the CLI using "set rate-limit ssl-session global".
2013-10-07 14:01:52 -04:00
else if (!strcmp(args[0], "maxsslrate")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MEDIUM: listener: apply a limit on the session rate submitted to SSL Just like the previous commit, we sometimes want to limit the rate of incoming SSL connections. While it can be done for a frontend, it was not possible for a whole process, which makes sense when multiple processes are running on a system to server multiple customers. The new global "maxsslrate" setting is usable to fix a limit on the session rate going to the SSL frontends. The limits applies before the SSL handshake and not after, so that it saves the SSL stack from expensive key computations that would finally be aborted before being accounted for. The same setting may be changed at run time on the CLI using "set rate-limit ssl-session global".
2013-10-07 14:01:52 -04:00
if (global.ssl_lim != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.ssl_lim = atol(args[1]);
}
MINOR: compression: maximum compression rate limit This patch adds input and output rate calcutation on the HTTP compresion feature. Compression can be limited with a maximum rate value in kilobytes per second. The rate is set with the global 'maxcomprate' option. You can change this value dynamicaly with 'set rate-limit http-compression global' on the UNIX socket.
2012-11-09 11:05:39 -05:00
else if (!strcmp(args[0], "maxcomprate")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: compression: maximum compression rate limit This patch adds input and output rate calcutation on the HTTP compresion feature. Compression can be limited with a maximum rate value in kilobytes per second. The rate is set with the global 'maxcomprate' option. You can change this value dynamicaly with 'set rate-limit http-compression global' on the UNIX socket.
2012-11-09 11:05:39 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument in kb/s.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.comp_rate_lim = atoi(args[1]) * 1024;
}
[MINOR] global.maxpipes: add the ability to reserve file descriptors for pipes This will be needed to use linux's splice() syscall.
2009-01-18 14:39:42 -05:00
else if (!strcmp(args[0], "maxpipes")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] global.maxpipes: add the ability to reserve file descriptors for pipes This will be needed to use linux's splice() syscall.
2009-01-18 14:39:42 -05:00
if (global.maxpipes != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[MINOR] global.maxpipes: add the ability to reserve file descriptors for pipes This will be needed to use linux's splice() syscall.
2009-01-18 14:39:42 -05:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] global.maxpipes: add the ability to reserve file descriptors for pipes This will be needed to use linux's splice() syscall.
2009-01-18 14:39:42 -05:00
}
global.maxpipes = atol(args[1]);
}
MEDIUM: compression: limit RAM usage With the global maxzlibmem option, you are able ton control the maximum amount of RAM usable for HTTP compression. A test is done before each zlib allocation, if the there isn't available memory, the test fail and so the zlib initialization, so data won't be compressed.
2012-11-07 10:12:57 -05:00
else if (!strcmp(args[0], "maxzlibmem")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MEDIUM: compression: limit RAM usage With the global maxzlibmem option, you are able ton control the maximum amount of RAM usable for HTTP compression. A test is done before each zlib allocation, if the there isn't available memory, the test fail and so the zlib initialization, so data won't be compressed.
2012-11-07 10:12:57 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: compression: report zlib memory usage Show the memory usage and the max memory available for zlib. The value stored is now the memory used instead of the remaining available memory.
2012-11-20 05:25:20 -05:00
global.maxzlibmem = atol(args[1]) * 1024L * 1024L;
MEDIUM: compression: limit RAM usage With the global maxzlibmem option, you are able ton control the maximum amount of RAM usable for HTTP compression. A test is done before each zlib allocation, if the there isn't available memory, the test fail and so the zlib initialization, so data won't be compressed.
2012-11-07 10:12:57 -05:00
}
MINOR: compression: CPU usage limit New option 'maxcompcpuusage' in global section. Sets the maximum CPU usage HAProxy can reach before stopping the compression for new requests or decreasing the compression level of current requests. It works like 'maxcomprate' but with the Idle.
2012-11-20 11:01:01 -05:00
else if (!strcmp(args[0], "maxcompcpuusage")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: compression: CPU usage limit New option 'maxcompcpuusage' in global section. Sets the maximum CPU usage HAProxy can reach before stopping the compression for new requests or decreasing the compression level of current requests. It works like 'maxcomprate' but with the Idle.
2012-11-20 11:01:01 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument between 0 and 100.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
compress_min_idle = 100 - atoi(args[1]);
CLEANUP: config: maxcompcpuusage is never negative No need to check for a negative value in the "maxcompcpuusage" argument, it's an unsigned int. Reported-by: Dinko Korunic <dkorunic@reflected.net>
2013-01-24 10:25:38 -05:00
if (compress_min_idle > 100) {
MINOR: compression: CPU usage limit New option 'maxcompcpuusage' in global section. Sets the maximum CPU usage HAProxy can reach before stopping the compression for new requests or decreasing the compression level of current requests. It works like 'maxcomprate' but with the Idle.
2012-11-20 11:01:01 -05:00
Alert("parsing [%s:%d] : '%s' expects an integer argument between 0 and 100.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
}
MINOR: compression: CPU usage limit New option 'maxcompcpuusage' in global section. Sets the maximum CPU usage HAProxy can reach before stopping the compression for new requests or decreasing the compression level of current requests. It works like 'maxcomprate' but with the Idle.
2012-11-20 11:01:01 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "ulimit-n")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (global.rlimit_nofile != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
global.rlimit_nofile = atol(args[1]);
}
else if (!strcmp(args[0], "chroot")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (global.chroot != NULL) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a directory as an argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
global.chroot = strdup(args[1]);
}
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
else if (!strcmp(args[0], "description")) {
int i, len=0;
char *d;
if (!*args[1]) {
Alert("parsing [%s:%d]: '%s' expects a string argument.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
BUILD/MEDIUM: cfgparse: get rid of sprintf() A few occurrences of sprintf() were causing harmless warnings on OpenBSD : src/cfgparse.o(.text+0x259e): In function `cfg_parse_global': src/cfgparse.c:1044: warning: sprintf() is often misused, please use snprintf() These ones were easy to get rid of, so better do it.
2014-04-14 09:00:39 -04:00
for (i = 1; *args[i]; i++)
len += strlen(args[i]) + 1;
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
if (global.desc)
free(global.desc);
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
global.desc = d = calloc(1, len);
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
BUILD/MEDIUM: cfgparse: get rid of sprintf() A few occurrences of sprintf() were causing harmless warnings on OpenBSD : src/cfgparse.o(.text+0x259e): In function `cfg_parse_global': src/cfgparse.c:1044: warning: sprintf() is often misused, please use snprintf() These ones were easy to get rid of, so better do it.
2014-04-14 09:00:39 -04:00
d += snprintf(d, global.desc + len - d, "%s", args[1]);
for (i = 2; *args[i]; i++)
d += snprintf(d, global.desc + len - d, " %s", args[i]);
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
}
else if (!strcmp(args[0], "node")) {
int i;
char c;
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
for (i=0; args[1][i]; i++) {
c = args[1][i];
[BUILD] fix some build warnings on Solaris with is* macros isalnum, isdigit and friends are really annoying because they take an int in which we should pass an unsigned char, while strings everywhere use chars. Solaris uses macros relying on an array for those functions, which easily triggers some warnings showing where we have mistakenly passed a char instead of an unsigned char or an int. Those warnings may indicate real bugs on some platforms depending on the implementation.
2010-03-02 18:16:00 -05:00
if (!isupper((unsigned char)c) && !islower((unsigned char)c) &&
!isdigit((unsigned char)c) && c != '_' && c != '-' && c != '.')
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
break;
}
if (!i || args[1][i]) {
Alert("parsing [%s:%d]: '%s' requires valid node name - non-empty string"
" with digits(0-9), letters(A-Z, a-z), dot(.), hyphen(-) or underscode(_).\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (global.node)
free(global.node);
global.node = strdup(args[1]);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "pidfile")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (global.pidfile != NULL) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a file name as an argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
global.pidfile = strdup(args[1]);
}
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
else if (!strcmp(args[0], "unix-bind")) {
int cur_arg = 1;
while (*(args[cur_arg])) {
if (!strcmp(args[cur_arg], "prefix")) {
if (global.unix_bind.prefix != NULL) {
Alert("parsing [%s:%d] : unix-bind '%s' already specified. Continuing.\n", file, linenum, args[cur_arg]);
err_code |= ERR_ALERT;
cur_arg += 2;
continue;
}
if (*(args[cur_arg+1]) == 0) {
Alert("parsing [%s:%d] : unix_bind '%s' expects a path as an argument.\n", file, linenum, args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.unix_bind.prefix = strdup(args[cur_arg+1]);
cur_arg += 2;
continue;
}
if (!strcmp(args[cur_arg], "mode")) {
global.unix_bind.ux.mode = strtol(args[cur_arg + 1], NULL, 8);
cur_arg += 2;
continue;
}
if (!strcmp(args[cur_arg], "uid")) {
global.unix_bind.ux.uid = atol(args[cur_arg + 1 ]);
cur_arg += 2;
continue;
}
if (!strcmp(args[cur_arg], "gid")) {
global.unix_bind.ux.gid = atol(args[cur_arg + 1 ]);
cur_arg += 2;
continue;
}
if (!strcmp(args[cur_arg], "user")) {
struct passwd *user;
user = getpwnam(args[cur_arg + 1]);
if (!user) {
Alert("parsing [%s:%d] : '%s' : '%s' unknown user.\n",
file, linenum, args[0], args[cur_arg + 1 ]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.unix_bind.ux.uid = user->pw_uid;
cur_arg += 2;
continue;
}
if (!strcmp(args[cur_arg], "group")) {
struct group *group;
group = getgrnam(args[cur_arg + 1]);
if (!group) {
Alert("parsing [%s:%d] : '%s' : '%s' unknown group.\n",
file, linenum, args[0], args[cur_arg + 1 ]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.unix_bind.ux.gid = group->gr_gid;
cur_arg += 2;
continue;
}
[CLEANUP] cfgparse: fix reported options for the "bind" keyword
2011-09-04 19:17:06 -04:00
Alert("parsing [%s:%d] : '%s' only supports the 'prefix', 'mode', 'uid', 'gid', 'user' and 'group' options.\n",
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
else if (!strcmp(args[0], "log") && kwm == KWM_NO) { /* no log */
/* delete previous herited or defined syslog servers */
struct logsrv *back;
struct logsrv *tmp;
if (*(args[1]) != 0) {
Alert("parsing [%s:%d]:%s : 'no log' does not expect arguments.\n", file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
list_for_each_entry_safe(tmp, back, &global.logsrvs, list) {
LIST_DEL(&tmp->list);
free(tmp);
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "log")) { /* syslog server address */
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
struct sockaddr_storage *sk;
int port1, port2;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
struct logsrv *logsrv;
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
int arg = 0;
int len = 0;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(8, file, linenum, args, &err_code)) /* does not strictly check optional arguments */
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[1]) == 0 || *(args[2]) == 0) {
Alert("parsing [%s:%d] : '%s' expects <address> and <facility> as arguments.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
logsrv = calloc(1, sizeof(*logsrv));
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
/* just after the address, a length may be specified */
if (strcmp(args[arg+2], "len") == 0) {
len = atoi(args[arg+3]);
if (len < 80 || len > 65535) {
Alert("parsing [%s:%d] : invalid log length '%s', must be between 80 and 65535.\n",
file, linenum, args[arg+3]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
logsrv->maxlen = len;
/* skip these two args */
arg += 2;
}
else
logsrv->maxlen = MAX_SYSLOG_LEN;
if (logsrv->maxlen > global.max_syslog_len) {
global.max_syslog_len = logsrv->maxlen;
CLEANUP: fixed some usages of realloc leading to memory leak Changed all the cases where the pointer passed to realloc is overwritten by the pointer returned by realloc. The new function my_realloc2 has been used except in function register_name. If register_name fails to add a new variable because of an "out of memory" error, all the existing variables remain valid. If we had used my_realloc2, the array of variables would have been freed.
2016-06-28 16:44:26 -04:00
logheader = my_realloc2(logheader, global.max_syslog_len + 1);
logheader_rfc5424 = my_realloc2(logheader_rfc5424, global.max_syslog_len + 1);
logline = my_realloc2(logline, global.max_syslog_len + 1);
logline_rfc5424 = my_realloc2(logline_rfc5424, global.max_syslog_len + 1);
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
}
MEDIUM: logs: add support for RFC5424 header format per logger The function __send_log() iterates over senders and passes the header as the first vector to sendmsg(), thus it can send a logger-specific header in each message. A new logger arguments "format rfc5424" should be used in order to enable RFC5424 header format. For example: log 10.2.3.4:1234 len 2048 format rfc5424 local2 info
2015-09-22 10:05:32 -04:00
/* after the length, a format may be specified */
if (strcmp(args[arg+2], "format") == 0) {
logsrv->format = get_log_format(args[arg+3]);
if (logsrv->format < 0) {
Alert("parsing [%s:%d] : unknown log format '%s'\n", file, linenum, args[arg+3]);
err_code |= ERR_ALERT | ERR_FATAL;
MINOR: cfgparse: few memory leaks fixes. Some minor memory leak during the config parsing.
2016-08-22 18:27:42 -04:00
free(logsrv);
MEDIUM: logs: add support for RFC5424 header format per logger The function __send_log() iterates over senders and passes the header as the first vector to sendmsg(), thus it can send a logger-specific header in each message. A new logger arguments "format rfc5424" should be used in order to enable RFC5424 header format. For example: log 10.2.3.4:1234 len 2048 format rfc5424 local2 info
2015-09-22 10:05:32 -04:00
goto out;
}
/* skip these two args */
arg += 2;
}
BUG/MINOR: cfgparse: couple of small memory leaks. During the config parse in some code paths, there is some forgotten pointers freeing, and as often, during errors handlings.
2016-04-08 05:35:26 -04:00
if (alertif_too_many_args_idx(3, arg + 1, file, linenum, args, &err_code)) {
free(logsrv);
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
goto out;
BUG/MINOR: cfgparse: couple of small memory leaks. During the config parse in some code paths, there is some forgotten pointers freeing, and as often, during errors handlings.
2016-04-08 05:35:26 -04:00
}
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
logsrv->facility = get_log_facility(args[arg+2]);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
if (logsrv->facility < 0) {
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
Alert("parsing [%s:%d] : unknown log facility '%s'\n", file, linenum, args[arg+2]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv->facility = 0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv->level = 7; /* max syslog level = debug */
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
if (*(args[arg+3])) {
logsrv->level = get_log_level(args[arg+3]);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
if (logsrv->level < 0) {
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
Alert("parsing [%s:%d] : unknown optional log level '%s'\n", file, linenum, args[arg+3]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv->level = 0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv->minlvl = 0; /* limit syslog level to this level (emerg) */
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
if (*(args[arg+4])) {
logsrv->minlvl = get_log_level(args[arg+4]);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
if (logsrv->minlvl < 0) {
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
Alert("parsing [%s:%d] : unknown optional minimum log level '%s'\n", file, linenum, args[arg+4]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv->minlvl = 0;
[MINOR] implement per-logger log level limitation Some people are using haproxy in a shared environment where the system logger by default sends alert and emerg messages to all consoles, which happens when all servers go down on a backend for instance. These people can not always change the system configuration and would like to limit the outgoing messages level in order not to disturb the local users. The addition of an optional 4th field on the "log" line permits exactly this. The minimal log level ensures that all outgoing logs will have at least this level. So the logs are not filtered out, just set to this level.
2009-05-10 11:20:05 -04:00
}
}
MINOR: tools: make str2sa_range() return the port in a separate argument This will be needed so that we're don't have to extract it from the returned address where it will not always be anymore (eg: for unresolved servers).
2017-01-06 12:32:38 -05:00
sk = str2sa_range(args[1], NULL, &port1, &port2, &errmsg, NULL, NULL, 1);
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
if (!sk) {
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
Alert("parsing [%s:%d] : '%s': %s\n", file, linenum, args[0], errmsg);
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
free(logsrv);
goto out;
}
logsrv->addr = *sk;
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
if (sk->ss_family == AF_INET || sk->ss_family == AF_INET6) {
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (port1 != port2) {
Alert("parsing [%s:%d] : '%s' : port ranges and offsets are not allowed in '%s'\n",
file, linenum, args[0], args[1]);
[BUG] config: report unresolvable host names as errors When a host name could not be resolved, an alert was emitted but the service used to start with 0.0.0.0 for the IP address, because the address parsing functions could not report an error. This is now changed. This fix must be backported to 1.3 as it was first discovered there.
2010-02-09 14:50:45 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
free(logsrv);
[BUG] config: report unresolvable host names as errors When a host name could not be resolved, an alert was emitted but the service used to start with 0.0.0.0 for the IP address, because the address parsing functions could not report an error. This is now changed. This fix must be backported to 1.3 as it was first discovered there.
2010-02-09 14:50:45 -05:00
goto out;
}
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv->addr = *sk;
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (!port1)
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
set_host_port(&logsrv->addr, SYSLOG_PORT);
[MEDIUM] add support for logging via a UNIX socket The code in haproxy-1.3.13.1 only supports syslogging to an internet address. The attached patch: - Adds support for syslogging to a UNIX domain socket (e.g., /dev/log). If the address field begins with '/' (absolute file path), then AF_UNIX is used to construct the socket. Otherwise, AF_INET is used. - Achieves clean single-source build on both Mac OS X and Linux (sockaddr_in.sin_len and sockaddr_un.sun_len field aren't always present). For handling sendto() failures in send_log(), it appears that the existing code is fine (no need to close/recreate socket) for both UDP and UNIX-domain syslog server. So I left things alone (did not close/recreate socket). Closing/recreating socket after each failure would also work, but would lead to increased amount of unnecessary socket creation/destruction if syslog is temporarily unavailable for some reason (especially for verbose loggers). Please consider this patch for inclusion into the upstream haproxy codebase.
2007-12-05 04:47:29 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
LIST_ADDQ(&global.logsrvs, &logsrv->list);
[MEDIUM] Spread health checks even more When one server appears at the same position in multiple backends, it receives all the checks from all the backends exactly at the same time because the health-checks are only spread within a backend but not globally. Attached patch implements per-server start delay in a different way. Checks are now spread globally - not locally to one backend. It also makes them start faster - IMHO there is no need to add a 'server->inter' when calculating first execution. Calculation were moved from cfgparse.c to checks.c. There is a new function start_checks() and now it is not called when haproxy is started in MODE_CHECK. With this patch it is also possible to set a global 'spread-checks' parameter. It takes a percentage value (1..50, probably something near 5..10 is a good idea) so haproxy adds or removes that many percent to the original interval after each check. My test shows that with 18 backends, 54 servers total and 10000ms/5% it takes about 45m to mix them completely. I decided to use rand/srand pseudo-random number generator. I am aware it is not recommend for a good randomness but a) we do not need a good random generator here b) it is probably the most portable one.
2007-10-14 17:40:01 -04:00
}
[MINOR] log: add support for passing the forwarded hostname Haproxy does not include the hostname rather the IP of the machine in the syslog headers it sends. Unfortunately this means that for each log line rsyslog does a reverse dns on the client IP and in the case of non-routable IPs one gets the public hostname not the internal one. While this is valid according to RFC3164 as one might imagine this is troublsome if you have some machines with public IPs, internal IPs, no reverse DNS entries, etc and you want a standardized hostname based log directory structure. The rfc says the preferred value is the hostname. This patch adds a global "log-send-hostname" statement which accepts an optional string to force the host name. If unset, the local host name is used.
2010-12-29 11:05:48 -05:00
else if (!strcmp(args[0], "log-send-hostname")) { /* set the hostname in syslog header */
char *name;
if (global.log_send_hostname != NULL) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]))
name = args[1];
else
name = hostname;
free(global.log_send_hostname);
MEDIUM: logs: have global.log_send_hostname not contain the trailing space This patch unifies global.log_send_hostname addition in the log header processing.
2015-09-28 07:28:21 -04:00
global.log_send_hostname = strdup(name);
[MINOR] log: add support for passing the forwarded hostname Haproxy does not include the hostname rather the IP of the machine in the syslog headers it sends. Unfortunately this means that for each log line rsyslog does a reverse dns on the client IP and in the case of non-routable IPs one gets the public hostname not the internal one. While this is valid according to RFC3164 as one might imagine this is troublsome if you have some machines with public IPs, internal IPs, no reverse DNS entries, etc and you want a standardized hostname based log directory structure. The rfc says the preferred value is the hostname. This patch adds a global "log-send-hostname" statement which accepts an optional string to force the host name. If unset, the local host name is used.
2010-12-29 11:05:48 -05:00
}
MINOR: config: new global directive server-state-base This new global directive can be used to provide a base directory where all the server state files could be loaded. If a server state file name starts with a slash '/', then this directive must not be applied.
2015-08-23 03:22:25 -04:00
else if (!strcmp(args[0], "server-state-base")) { /* path base where HAProxy can find server state files */
if (global.server_state_base != NULL) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (!*(args[1])) {
Alert("parsing [%s:%d] : '%s' expects one argument: a directory path.\n", file, linenum, args[0]);
err_code |= ERR_FATAL;
goto out;
}
global.server_state_base = strdup(args[1]);
}
MINOR: config: new global section directive: server-state-file This new global section directive is used to store the path to the file where HAProxy will be able to retrieve server states across reloads. The file pointed by this path is used to store a file which can contains state of all servers from all backends.
2015-08-23 03:54:31 -04:00
else if (!strcmp(args[0], "server-state-file")) { /* path to the file where HAProxy can load the server states */
if (global.server_state_file != NULL) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (!*(args[1])) {
Alert("parsing [%s:%d] : '%s' expect one argument: a file path.\n", file, linenum, args[0]);
err_code |= ERR_FATAL;
goto out;
}
global.server_state_file = strdup(args[1]);
}
[MINOR] log: ability to override the syslog tag One of the requirements we have is to run multiple instances of haproxy on a single host; this is so that we can split the responsibilities (and change permissions) between product teams. An issue we ran up against is how we would distinguish between the logs generated by each instance. The solution we came up with (please let me know if there is a better way) is to override the application tag written to syslog. We can then configure syslog to write these to different files. I have attached a patch adding a global option 'log-tag' to override the default syslog tag 'haproxy' (actually defaults to argv[0]).
2010-12-22 11:08:21 -05:00
else if (!strcmp(args[0], "log-tag")) { /* tag to report to syslog */
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] log: ability to override the syslog tag One of the requirements we have is to run multiple instances of haproxy on a single host; this is so that we can split the responsibilities (and change permissions) between product teams. An issue we ran up against is how we would distinguish between the logs generated by each instance. The solution we came up with (please let me know if there is a better way) is to override the application tag written to syslog. We can then configure syslog to write these to different files. I have attached a patch adding a global option 'log-tag' to override the default syslog tag 'haproxy' (actually defaults to argv[0]).
2010-12-22 11:08:21 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a tag for use in syslog.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
BUG/MEDIUM: logs: segfault writing to log from Lua Michael Ezzell reported a bug causing haproxy to segfault during startup when trying to send syslog message from Lua. The function __send_log() can be called with *p that is NULL and/or when the configuration is not fully parsed, as is the case with Lua. This patch fixes this problem by using individual vectors instead of the pre-generated strings log_htp and log_htp_rfc5424. Also, this patch fixes a problem causing haproxy to write the wrong pid in the logs -- the log_htp(_rfc5424) strings were generated at the haproxy start, but "pid" value would be changed after haproxy is started in daemon/systemd mode.
2015-10-01 07:18:13 -04:00
chunk_destroy(&global.log_tag);
chunk_initstr(&global.log_tag, strdup(args[1]));
[MINOR] log: ability to override the syslog tag One of the requirements we have is to run multiple instances of haproxy on a single host; this is so that we can split the responsibilities (and change permissions) between product teams. An issue we ran up against is how we would distinguish between the logs generated by each instance. The solution we came up with (please let me know if there is a better way) is to override the application tag written to syslog. We can then configure syslog to write these to different files. I have attached a patch adding a global option 'log-tag' to override the default syslog tag 'haproxy' (actually defaults to argv[0]).
2010-12-22 11:08:21 -05:00
}
[MEDIUM] Spread health checks even more When one server appears at the same position in multiple backends, it receives all the checks from all the backends exactly at the same time because the health-checks are only spread within a backend but not globally. Attached patch implements per-server start delay in a different way. Checks are now spread globally - not locally to one backend. It also makes them start faster - IMHO there is no need to add a 'server->inter' when calculating first execution. Calculation were moved from cfgparse.c to checks.c. There is a new function start_checks() and now it is not called when haproxy is started in MODE_CHECK. With this patch it is also possible to set a global 'spread-checks' parameter. It takes a percentage value (1..50, probably something near 5..10 is a good idea) so haproxy adds or removes that many percent to the original interval after each check. My test shows that with 18 backends, 54 servers total and 10000ms/5% it takes about 45m to mix them completely. I decided to use rand/srand pseudo-random number generator. I am aware it is not recommend for a good randomness but a) we do not need a good random generator here b) it is probably the most portable one.
2007-10-14 17:40:01 -04:00
else if (!strcmp(args[0], "spread-checks")) { /* random time between checks (0-50) */
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] Spread health checks even more When one server appears at the same position in multiple backends, it receives all the checks from all the backends exactly at the same time because the health-checks are only spread within a backend but not globally. Attached patch implements per-server start delay in a different way. Checks are now spread globally - not locally to one backend. It also makes them start faster - IMHO there is no need to add a 'server->inter' when calculating first execution. Calculation were moved from cfgparse.c to checks.c. There is a new function start_checks() and now it is not called when haproxy is started in MODE_CHECK. With this patch it is also possible to set a global 'spread-checks' parameter. It takes a percentage value (1..50, probably something near 5..10 is a good idea) so haproxy adds or removes that many percent to the original interval after each check. My test shows that with 18 backends, 54 servers total and 10000ms/5% it takes about 45m to mix them completely. I decided to use rand/srand pseudo-random number generator. I am aware it is not recommend for a good randomness but a) we do not need a good random generator here b) it is probably the most portable one.
2007-10-14 17:40:01 -04:00
if (global.spread_checks != 0) {
Alert("parsing [%s:%d]: spread-checks already specified. Continuing.\n", file, linenum);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[MEDIUM] Spread health checks even more When one server appears at the same position in multiple backends, it receives all the checks from all the backends exactly at the same time because the health-checks are only spread within a backend but not globally. Attached patch implements per-server start delay in a different way. Checks are now spread globally - not locally to one backend. It also makes them start faster - IMHO there is no need to add a 'server->inter' when calculating first execution. Calculation were moved from cfgparse.c to checks.c. There is a new function start_checks() and now it is not called when haproxy is started in MODE_CHECK. With this patch it is also possible to set a global 'spread-checks' parameter. It takes a percentage value (1..50, probably something near 5..10 is a good idea) so haproxy adds or removes that many percent to the original interval after each check. My test shows that with 18 backends, 54 servers total and 10000ms/5% it takes about 45m to mix them completely. I decided to use rand/srand pseudo-random number generator. I am aware it is not recommend for a good randomness but a) we do not need a good random generator here b) it is probably the most portable one.
2007-10-14 17:40:01 -04:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d]: '%s' expects an integer argument (0..50).\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] Spread health checks even more When one server appears at the same position in multiple backends, it receives all the checks from all the backends exactly at the same time because the health-checks are only spread within a backend but not globally. Attached patch implements per-server start delay in a different way. Checks are now spread globally - not locally to one backend. It also makes them start faster - IMHO there is no need to add a 'server->inter' when calculating first execution. Calculation were moved from cfgparse.c to checks.c. There is a new function start_checks() and now it is not called when haproxy is started in MODE_CHECK. With this patch it is also possible to set a global 'spread-checks' parameter. It takes a percentage value (1..50, probably something near 5..10 is a good idea) so haproxy adds or removes that many percent to the original interval after each check. My test shows that with 18 backends, 54 servers total and 10000ms/5% it takes about 45m to mix them completely. I decided to use rand/srand pseudo-random number generator. I am aware it is not recommend for a good randomness but a) we do not need a good random generator here b) it is probably the most portable one.
2007-10-14 17:40:01 -04:00
}
global.spread_checks = atol(args[1]);
if (global.spread_checks < 0 || global.spread_checks > 50) {
Alert("parsing [%s:%d]: 'spread-checks' needs a positive value in range 0..50.\n", file, linenum);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] Spread health checks even more When one server appears at the same position in multiple backends, it receives all the checks from all the backends exactly at the same time because the health-checks are only spread within a backend but not globally. Attached patch implements per-server start delay in a different way. Checks are now spread globally - not locally to one backend. It also makes them start faster - IMHO there is no need to add a 'server->inter' when calculating first execution. Calculation were moved from cfgparse.c to checks.c. There is a new function start_checks() and now it is not called when haproxy is started in MODE_CHECK. With this patch it is also possible to set a global 'spread-checks' parameter. It takes a percentage value (1..50, probably something near 5..10 is a good idea) so haproxy adds or removes that many percent to the original interval after each check. My test shows that with 18 backends, 54 servers total and 10000ms/5% it takes about 45m to mix them completely. I decided to use rand/srand pseudo-random number generator. I am aware it is not recommend for a good randomness but a) we do not need a good random generator here b) it is probably the most portable one.
2007-10-14 17:40:01 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: checks: add a new global max-spread-checks directive This directive ensures that checks with a huge interval do not start too far apart at the beginning.
2014-04-25 04:46:47 -04:00
else if (!strcmp(args[0], "max-spread-checks")) { /* maximum time between first and last check */
const char *err;
unsigned int val;
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: checks: add a new global max-spread-checks directive This directive ensures that checks with a huge interval do not start too far apart at the beginning.
2014-04-25 04:46:47 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d]: '%s' expects an integer argument (0..50).\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
err = parse_time_err(args[1], &val, TIME_UNIT_MS);
if (err) {
Alert("parsing [%s:%d]: unsupported character '%c' in '%s' (wants an integer delay).\n", file, linenum, *err, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
}
global.max_spread_checks = val;
if (global.max_spread_checks < 0) {
Alert("parsing [%s:%d]: '%s' needs a positive delay in milliseconds.\n",file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
}
}
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
else if (strcmp(args[0], "cpu-map") == 0) { /* map a process list to a CPU set */
#ifdef USE_CPU_AFFINITY
int cur_arg, i;
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
unsigned long proc = 0;
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
unsigned long cpus = 0;
if (strcmp(args[1], "all") == 0)
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
proc = ~0UL;
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
else if (strcmp(args[1], "odd") == 0)
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
proc = ~0UL/3UL; /* 0x555....555 */
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
else if (strcmp(args[1], "even") == 0)
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
proc = (~0UL/3UL) << 1; /* 0xAAA...AAA */
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
else {
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
proc = atol(args[1]);
if (proc >= 1 && proc <= LONGBITS)
proc = 1UL << (proc - 1);
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
}
if (!proc || !*args[2]) {
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
Alert("parsing [%s:%d]: %s expects a process number including 'all', 'odd', 'even', or a number from 1 to %d, followed by a list of CPU ranges with numbers from 0 to %d.\n",
file, linenum, args[0], LONGBITS, LONGBITS - 1);
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
cur_arg = 2;
while (*args[cur_arg]) {
unsigned int low, high;
BUILD: silence a warning on Solaris about usage of isdigit() On Solaris, isdigit() is a macro and it complains about the use of a char instead of the int for the argument. Let's cast it to an int to silence it.
2012-11-21 19:04:31 -05:00
if (isdigit((int)*args[cur_arg])) {
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
char *dash = strchr(args[cur_arg], '-');
low = high = str2uic(args[cur_arg]);
if (dash)
high = str2uic(dash + 1);
if (high < low) {
unsigned int swap = low;
low = high;
high = swap;
}
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
if (high >= LONGBITS) {
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
Alert("parsing [%s:%d]: %s supports CPU numbers from 0 to %d.\n",
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
file, linenum, args[0], LONGBITS - 1);
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
while (low <= high)
cpus |= 1UL << low++;
}
else {
Alert("parsing [%s:%d]: %s : '%s' is not a CPU range.\n",
file, linenum, args[0], args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
cur_arg++;
}
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
for (i = 0; i < LONGBITS; i++)
if (proc & (1UL << i))
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
global.cpu_map[i] = cpus;
#else
Alert("parsing [%s:%d] : '%s' is not enabled, please check build options for USE_CPU_AFFINITY.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
#endif
}
MEDIUM: config: allow to manipulate environment variables in the global section With new init systems such as systemd, environment variables became a real mess because they're only considered on startup but not on reload since the init script's variables cannot be passed to the process that is signaled to reload. This commit introduces an alternative method consisting in making it possible to modify the environment from the global section with directives like "setenv", "unsetenv", "presetenv" and "resetenv". Since haproxy supports loading multiple config files, it now becomes possible to put the host-dependant variables in one file and to distribute the rest of the configuration to all nodes, without having to deal with the init system's deficiencies. Environment changes take effect immediately when the directives are processed, so it's possible to do perform the same operations as are usually performed in regular service config files.
2016-02-16 06:41:57 -05:00
else if (strcmp(args[0], "setenv") == 0 || strcmp(args[0], "presetenv") == 0) {
if (alertif_too_many_args(3, file, linenum, args, &err_code))
goto out;
if (*(args[2]) == 0) {
Alert("parsing [%s:%d]: '%s' expects a name and a value.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
/* "setenv" overwrites, "presetenv" only sets if not yet set */
if (setenv(args[1], args[2], (args[0][0] == 's')) != 0) {
Alert("parsing [%s:%d]: '%s' failed on variable '%s' : %s.\n", file, linenum, args[0], args[1], strerror(errno));
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
else if (!strcmp(args[0], "unsetenv")) {
int arg;
if (*(args[1]) == 0) {
Alert("parsing [%s:%d]: '%s' expects at least one variable name.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
for (arg = 1; *args[arg]; arg++) {
if (unsetenv(args[arg]) != 0) {
Alert("parsing [%s:%d]: '%s' failed on variable '%s' : %s.\n", file, linenum, args[0], args[arg], strerror(errno));
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
}
else if (!strcmp(args[0], "resetenv")) {
extern char **environ;
char **env = environ;
/* args contain variable names to keep, one per argument */
while (*env) {
int arg;
/* look for current variable in among all those we want to keep */
for (arg = 1; *args[arg]; arg++) {
if (strncmp(*env, args[arg], strlen(args[arg])) == 0 &&
(*env)[strlen(args[arg])] == '=')
break;
}
/* delete this variable */
if (!*args[arg]) {
char *delim = strchr(*env, '=');
if (!delim || delim - *env >= trash.size) {
Alert("parsing [%s:%d]: '%s' failed to unset invalid variable '%s'.\n", file, linenum, args[0], *env);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
memcpy(trash.str, *env, delim - *env);
trash.str[delim - *env] = 0;
if (unsetenv(trash.str) != 0) {
Alert("parsing [%s:%d]: '%s' failed to unset variable '%s' : %s.\n", file, linenum, args[0], *env, strerror(errno));
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
else
env++;
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else {
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
struct cfg_kw_list *kwl;
int index;
[MINOR] cfgparse: add support for warnings in external functions Some parsers will need to report warnings in some cases. Let's use positive values for that.
2008-07-09 14:22:56 -04:00
int rc;
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
list_for_each_entry(kwl, &cfg_keywords.list, list) {
for (index = 0; kwl->kw[index].kw != NULL; index++) {
if (kwl->kw[index].section != CFG_GLOBAL)
continue;
if (strcmp(kwl->kw[index].kw, args[0]) == 0) {
MINOR: config: pass the file and line to config keyword parsers This will be needed when we need to create bind config settings.
2012-09-18 14:02:48 -04:00
rc = kwl->kw[index].parse(args, CFG_GLOBAL, NULL, NULL, file, linenum, &errmsg);
[MINOR] cfgparse: add support for warnings in external functions Some parsers will need to report warnings in some cases. Let's use positive values for that.
2008-07-09 14:22:56 -04:00
if (rc < 0) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
Alert("parsing [%s:%d] : %s\n", file, linenum, errmsg);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
}
[MINOR] cfgparse: add support for warnings in external functions Some parsers will need to report warnings in some cases. Let's use positive values for that.
2008-07-09 14:22:56 -04:00
else if (rc > 0) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
Warning("parsing [%s:%d] : %s\n", file, linenum, errmsg);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_WARN;
goto out;
[MINOR] cfgparse: add support for warnings in external functions Some parsers will need to report warnings in some cases. Let's use positive values for that.
2008-07-09 14:22:56 -04:00
}
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
goto out;
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
}
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : unknown keyword '%s' in '%s' section\n", file, linenum, args[0], "global");
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
out:
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
free(errmsg);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
return err_code;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
void init_default_instance()
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
[MINOR] config: centralize proxy struct initialization
2010-01-03 14:23:58 -05:00
init_new_proxy(&defproxy);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
defproxy.mode = PR_MODE_TCP;
defproxy.state = PR_STNEW;
defproxy.maxconn = cfg_maxpconn;
defproxy.conn_retries = CONN_RETRIES;
MEDIUM: backend: Allow redispatch on retry intervals For backend load balancing it sometimes makes sense to redispatch rather than retrying against the same server. For example, when machines or routers fail you may not want to waste time retrying against a dead server and would instead prefer to immediately redispatch against other servers. This patch allows backend sections to specify that they want to redispatch on a particular interval. If the interval N is positive the redispatch occurs on every Nth retry, and if the interval N is negative then the redispatch occurs on the Nth retry prior to the last retry (-1 is the default and maintains backwards compatibility). In low latency environments tuning this setting can save a few hundred milliseconds when backends fail.
2015-05-12 02:25:34 -04:00
defproxy.redispatch_after = 0;
MINOR: backend: add hash-balance-factor option for hash-type consistent 0 will mean no balancing occurs; otherwise it represents the ratio between the highest-loaded server and the average load, times 100 (i.e. a value of 150 means a 1.5x ratio), assuming equal weights. Signed-off-by: Andrew Rodland <andrewr@vimeo.com>
2016-10-25 12:49:05 -04:00
defproxy.lbprm.chash.balance_factor = 0;
[MEDIUM] default-server support This patch implements default-server support allowing to change default server options. It can be used in [defaults] or [backend]/[listen] sections. Currently the following options are supported: - error-limit - fall - inter - fastinter - downinter - maxconn - maxqueue - minconn - on-error - port - rise - slowstart - weight
2010-01-05 10:38:49 -05:00
MEDIUM: Split up struct server's check element This is in preparation for associating a agent check with a server which runs as well as the server's existing check. The split has been made by: * Moving elements of struct server's check element that will be shared by both checks into a new check_common element of struct server. * Moving the remaining elements to a new struct check and making struct server's check element a struct check. * Adding a server element to struct check, a back-pointer to the server element it is a member of. - At this time the server could be obtained using container_of, however, this will not be so easy once a second struct check element is added to struct server to accommodate an agent health check. Signed-off-by: Simon Horman <horms@verge.net.au>
2013-02-22 20:16:43 -05:00
defproxy.defsrv.check.inter = DEF_CHKINTR;
defproxy.defsrv.check.fastinter = 0;
defproxy.defsrv.check.downinter = 0;
MEDIUM: checks: Add supplementary agent checks Allow an auxiliary agent check to be run independently of the regular a regular health check. This is enabled by the agent-check server setting. The agent-port, which specifies the TCP port to use for the agent's connections, is required. The agent-inter, which specifies the interval between agent checks and timeout of agent checks, is optional. If not set the value for regular checks is used. e.g. server web1_1 127.0.0.1:80 check agent-port 10000 If either the health or agent check determines that a server is down then it is marked as being down, otherwise it is marked as being up. An agent health check performed by opening a TCP socket and reading an ASCII string. The string should have one of the following forms: * An ASCII representation of an positive integer percentage. e.g. "75%" Values in this format will set the weight proportional to the initial weight of a server as configured when haproxy starts. * The string "drain". This will cause the weight of a server to be set to 0, and thus it will not accept any new connections other than those that are accepted via persistence. * The string "down", optionally followed by a description string. Mark the server as down and log the description string as the reason. * The string "stopped", optionally followed by a description string. This currently has the same behaviour as "down". * The string "fail", optionally followed by a description string. This currently has the same behaviour as "down". Signed-off-by: Simon Horman <horms@verge.net.au>
2013-11-24 20:46:36 -05:00
defproxy.defsrv.agent.inter = DEF_CHKINTR;
defproxy.defsrv.agent.fastinter = 0;
defproxy.defsrv.agent.downinter = 0;
MEDIUM: Set rise and fall of agent checks to 1 This is achieved by moving rise and fall from struct server to struct check. After this move the behaviour of the primary check, server->check is unchanged. However, the secondary agent check, server->agent now has independent rise and fall values each of which are set to 1. The result is that receiving "fail", "stopped" or "down" just once from the agent will mark the server as down. And receiving a weight just once will allow the server to be marked up if its primary check is in good health. This opens up the scope to allow the rise and fall values of the agent check to be configurable, however this has not been implemented at this stage. Signed-off-by: Simon Horman <horms@verge.net.au>
2013-11-24 20:46:38 -05:00
defproxy.defsrv.check.rise = DEF_RISETIME;
defproxy.defsrv.check.fall = DEF_FALLTIME;
defproxy.defsrv.agent.rise = DEF_AGENT_RISETIME;
defproxy.defsrv.agent.fall = DEF_AGENT_FALLTIME;
REORG: server: move the check-specific parts into a check subsection The health checks in the servers are becoming a real mess, move them into their own subsection. We'll soon need to have a struct buffer to replace the char * as well as check-specific protocol and transport layers.
2012-09-28 09:01:02 -04:00
defproxy.defsrv.check.port = 0;
MEDIUM: checks: Add supplementary agent checks Allow an auxiliary agent check to be run independently of the regular a regular health check. This is enabled by the agent-check server setting. The agent-port, which specifies the TCP port to use for the agent's connections, is required. The agent-inter, which specifies the interval between agent checks and timeout of agent checks, is optional. If not set the value for regular checks is used. e.g. server web1_1 127.0.0.1:80 check agent-port 10000 If either the health or agent check determines that a server is down then it is marked as being down, otherwise it is marked as being up. An agent health check performed by opening a TCP socket and reading an ASCII string. The string should have one of the following forms: * An ASCII representation of an positive integer percentage. e.g. "75%" Values in this format will set the weight proportional to the initial weight of a server as configured when haproxy starts. * The string "drain". This will cause the weight of a server to be set to 0, and thus it will not accept any new connections other than those that are accepted via persistence. * The string "down", optionally followed by a description string. Mark the server as down and log the description string as the reason. * The string "stopped", optionally followed by a description string. This currently has the same behaviour as "down". * The string "fail", optionally followed by a description string. This currently has the same behaviour as "down". Signed-off-by: Simon Horman <horms@verge.net.au>
2013-11-24 20:46:36 -05:00
defproxy.defsrv.agent.port = 0;
[MEDIUM] default-server support This patch implements default-server support allowing to change default server options. It can be used in [defaults] or [backend]/[listen] sections. Currently the following options are supported: - error-limit - fall - inter - fastinter - downinter - maxconn - maxqueue - minconn - on-error - port - rise - slowstart - weight
2010-01-05 10:38:49 -05:00
defproxy.defsrv.maxqueue = 0;
defproxy.defsrv.minconn = 0;
defproxy.defsrv.maxconn = 0;
defproxy.defsrv.slowstart = 0;
defproxy.defsrv.onerror = DEF_HANA_ONERR;
defproxy.defsrv.consecutive_errors_limit = DEF_HANA_ERRLIMIT;
defproxy.defsrv.uweight = defproxy.defsrv.iweight = 1;
MEDIUM: Allow suppression of email alerts by log level This patch adds a new option which allows configuration of the maximum log level of messages for which email alerts will be sent. The default is alert which is more restrictive than the current code which sends email alerts for all priorities. That behaviour may be configured using the new configuration option to set the maximum level to notice or greater. email-alert level notice Signed-off-by: Simon Horman <horms@verge.net.au>
2015-02-05 21:11:57 -05:00
defproxy.email_alert.level = LOG_ALERT;
MINOR: config: new backend directives: load-server-state-from-file and server-state-file-name This directive gives HAProxy the ability to use the either the global server-state-file directive or a local one using server-state-file-name to load server states. The state can be saved right before the reload by the init script, using the "show servers state" command on the stats socket redirecting output into a file.
2015-08-19 10:44:03 -04:00
defproxy.load_server_state_from_file = PR_SRV_STATE_FILE_UNSPEC;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
/* This function createss a new req* or rsp* rule to the proxy. It compiles the
* regex and may return the ERR_WARN bit, and error bits such as ERR_ALERT and
* ERR_FATAL in case of error.
*/
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
static int create_cond_regex_rule(const char *file, int line,
struct proxy *px, int dir, int action, int flags,
const char *cmd, const char *reg, const char *repl,
const char **cond_start)
{
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
struct my_regex *preg = NULL;
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
char *errmsg = NULL;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
const char *err;
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
char *error;
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
int ret_code = 0;
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
struct acl_cond *cond = NULL;
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
int cs;
int cap;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (px == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, line, cmd);
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
goto err;
}
if (*reg == 0) {
Alert("parsing [%s:%d] : '%s' expects <regex> as an argument.\n", file, line, cmd);
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
goto err;
}
CLEANUP: remove last references to 'ruleset' section
2016-10-26 05:06:28 -04:00
if (warnifnotcap(px, PR_CAP_FE | PR_CAP_BE, file, line, cmd, NULL))
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code |= ERR_WARN;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
if (cond_start &&
(strcmp(*cond_start, "if") == 0 || strcmp(*cond_start, "unless") == 0)) {
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
if ((cond = build_acl_cond(file, line, px, cond_start, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing a '%s' condition : %s.\n",
file, line, cmd, errmsg);
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
goto err;
}
}
else if (cond_start && **cond_start) {
Alert("parsing [%s:%d] : '%s' : Expecting nothing, 'if', or 'unless', got '%s'.\n",
file, line, cmd, *cond_start);
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
goto err;
}
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code |= warnif_cond_conflicts(cond,
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
(dir == SMP_OPT_DIR_REQ) ?
((px->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR) :
((px->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR),
file, line);
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
preg = calloc(1, sizeof(*preg));
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (!preg) {
Alert("parsing [%s:%d] : '%s' : not enough memory to build regex.\n", file, line, cmd);
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code = ERR_ALERT | ERR_FATAL;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
goto err;
}
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
cs = !(flags & REG_ICASE);
cap = !(flags & REG_NOSUB);
error = NULL;
if (!regex_comp(reg, preg, cs, cap, &error)) {
Alert("parsing [%s:%d] : '%s' : regular expression '%s' : %s\n", file, line, cmd, reg, error);
free(error);
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code = ERR_ALERT | ERR_FATAL;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
goto err;
}
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
err = chain_regex((dir == SMP_OPT_DIR_REQ) ? &px->req_exp : &px->rsp_exp,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
preg, action, repl ? strdup(repl) : NULL, cond);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (repl && err) {
Alert("parsing [%s:%d] : '%s' : invalid character or unterminated sequence in replacement string near '%c'.\n",
file, line, cmd, *err);
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code |= ERR_ALERT | ERR_FATAL;
goto err_free;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
}
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
if (dir == SMP_OPT_DIR_REQ && warnif_misplaced_reqxxx(px, file, line, cmd))
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code |= ERR_WARN;
return ret_code;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
err_free:
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
regex_free(preg);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err:
free(preg);
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
free(errmsg);
return ret_code;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
CLEANUP: cfgparse: remove reference to 'ruleset' section The 'ruleset' section was never implemented. This patch remove references and tests about this keyword.
2015-04-14 10:35:22 -04:00
* Parse a line in a <listen>, <frontend> or <backend> section.
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
* Returns the error code, 0 if OK, or any combination of :
* - ERR_ABORT: must abort ASAP
* - ERR_FATAL: we can continue parsing but not start the service
* - ERR_WARN: a warning has been emitted
* - ERR_ALERT: an alert has been emitted
* Only the two first ones can stop processing, the two others are just
* indicators.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
int cfg_parse_peers(const char *file, int linenum, char **args, int kwm)
{
static struct peers *curpeers = NULL;
struct peer *newpeer = NULL;
const char *err;
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
struct bind_conf *bind_conf;
struct listener *l;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
int err_code = 0;
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
char *errmsg = NULL;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
if (strcmp(args[0], "peers") == 0) { /* new peers section */
MINOR: config: report missing peers section name Right now we report "invalid character ''" which is a bit confusing, better make a special case of the missing name.
2013-03-05 05:31:55 -05:00
if (!*args[1]) {
Alert("parsing [%s:%d] : missing name for peers section.\n", file, linenum);
BUG/MEDIUM: config: immediately abort if peers section has no name Cyril Bonté reported that despite commit 0dbbf317 which attempted to fix the crash when a peers section has no name, we still get a segfault after the error message when parsing the peers. The reason is that the returned error code is ERR_FATAL and not ERR_ABORT, so the parsing continues while the section was not initialized. This is 1.5-specific, no backport is needed.
2014-02-16 02:20:13 -05:00
err_code |= ERR_ALERT | ERR_ABORT;
MINOR: config: report missing peers section name Right now we report "invalid character ''" which is a bit confusing, better make a special case of the missing name.
2013-03-05 05:31:55 -05:00
goto out;
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
MEDIUM: cfgparse: check section maximum number of arguments This patch checks the number of arguments of the keywords: 'global', 'defaults', 'listen', 'backend', 'frontend', 'peers' and 'userlist' The 'global' section does not take any arguments. Proxy sections does not support bind address as argument anymore. Those sections supports only an <id> argument. The 'defaults' section didn't had any check on its arguments. It takes an optional <name> argument. 'peers' section takes a <peersect> argument. 'userlist' section takes a <listname> argument.
2015-04-28 10:55:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, args[0], args[1]);
BUG/MEDIUM: config: immediately abort if peers section has no name Cyril Bonté reported that despite commit 0dbbf317 which attempted to fix the crash when a peers section has no name, we still get a segfault after the error message when parsing the peers. The reason is that the returned error code is ERR_FATAL and not ERR_ABORT, so the parsing continues while the section was not initialized. This is 1.5-specific, no backport is needed.
2014-02-16 02:20:13 -05:00
err_code |= ERR_ALERT | ERR_ABORT;
MINOR: config: report missing peers section name Right now we report "invalid character ''" which is a bit confusing, better make a special case of the missing name.
2013-03-05 05:31:55 -05:00
goto out;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
}
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
for (curpeers = cfg_peers; curpeers != NULL; curpeers = curpeers->next) {
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
/*
* If there are two proxies with the same name only following
* combinations are allowed:
*/
if (strcmp(curpeers->id, args[1]) == 0) {
MEDIUM: config: reject invalid config with name duplicates Since 1.4 we used to emit a warning when two frontends or two backends had the same name. In 1.5 we added the same warning for two peers sections. In 1.6 we added the same warning for two mailers sections. It's about time to reject such invalid configurations, the impact they have on the code complexity is huge and it is becoming a real obstacle to some improvements such as restoring servers check status across reloads. Now these errors are reported as fatal errors and will need to be fixed. Anyway, till now there was no guarantee that what was written was working as expected since the behaviour is not defined (eg: use_backend with a name used by two backends leads to undefined behaviour). Example of output : [ALERT] 145/104759 (31564) : Parsing [prx.cfg:12]: mailers section 'm' has the same name as another mailers section declared at prx.cfg:10. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:16]: peers section 'p' has the same name as another peers section declared at prx.cfg:14. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:21]: frontend 'f' has the same name as another frontend declared at prx.cfg:18. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:27]: backend 'b' has the same name as another backend declared at prx.cfg:24. [ALERT] 145/104759 (31564) : Error(s) found in configuration file : prx.cfg [ALERT] 145/104759 (31564) : Fatal errors found in configuration.
2015-05-26 04:35:50 -04:00
Alert("Parsing [%s:%d]: peers section '%s' has the same name as another peers section declared at %s:%d.\n",
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
file, linenum, args[1], curpeers->conf.file, curpeers->conf.line);
MEDIUM: config: reject invalid config with name duplicates Since 1.4 we used to emit a warning when two frontends or two backends had the same name. In 1.5 we added the same warning for two peers sections. In 1.6 we added the same warning for two mailers sections. It's about time to reject such invalid configurations, the impact they have on the code complexity is huge and it is becoming a real obstacle to some improvements such as restoring servers check status across reloads. Now these errors are reported as fatal errors and will need to be fixed. Anyway, till now there was no guarantee that what was written was working as expected since the behaviour is not defined (eg: use_backend with a name used by two backends leads to undefined behaviour). Example of output : [ALERT] 145/104759 (31564) : Parsing [prx.cfg:12]: mailers section 'm' has the same name as another mailers section declared at prx.cfg:10. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:16]: peers section 'p' has the same name as another peers section declared at prx.cfg:14. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:21]: frontend 'f' has the same name as another frontend declared at prx.cfg:18. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:27]: backend 'b' has the same name as another backend declared at prx.cfg:24. [ALERT] 145/104759 (31564) : Error(s) found in configuration file : prx.cfg [ALERT] 145/104759 (31564) : Fatal errors found in configuration.
2015-05-26 04:35:50 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
}
}
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
if ((curpeers = calloc(1, sizeof(*curpeers))) == NULL) {
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
curpeers->next = cfg_peers;
cfg_peers = curpeers;
BUG/MINOR: config: use a copy of the file name in proxy configurations Each proxy contains a reference to the original config file and line number where it was declared. The pointer used is just a reference to the one passed to the function instead of being duplicated. The effect is that it is not valid anymore at the end of the parsing and that all proxies will be enumerated as coming from the same file on some late configuration errors. This may happen for exmaple when reporting SSL certificate issues. By copying using strdup(), we avoid this issue. 1.4 has the same issue, though no report of the proxy file name is done out of the config section. Anyway a backport is recommended to ease post-mortem analysis.
2012-10-04 02:01:43 -04:00
curpeers->conf.file = strdup(file);
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
curpeers->conf.line = linenum;
curpeers->last_change = now.tv_sec;
curpeers->id = strdup(args[1]);
MEDIUM: peers: add the ability to disable a peers section Sometimes it's very hard to disable the use of peers because an empty section is not valid, so it is necessary to comment out all references to the section, and not to forget to restore them in the same state after the operation. Let's add a "disabled" keyword just like for proxies. A ->state member in the peers struct is even present for this purpose but was never used at all. Maybe it would make sense to backport this to 1.5 as it's really cumbersome there.
2015-05-01 14:02:17 -04:00
curpeers->state = PR_STNEW;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
}
else if (strcmp(args[0], "peer") == 0) { /* peer definition */
[MEDIUM] add internal support for IPv6 server addresses This patch turns internal server addresses to sockaddr_storage to store IPv6 addresses, and makes the connect() function use it. This code already works but some caveats with getaddrinfo/gethostbyname still need to be sorted out while the changes had to be merged at this stage of internal architecture changes. So for now the config parser will not emit an IPv6 address yet so that user experience remains unchanged. This change should have absolutely zero user-visible effect, otherwise it's a bug introduced during the merge, that should be reported ASAP.
2011-03-10 16:26:24 -05:00
struct sockaddr_storage *sk;
MEDIUM: config: use str2sa_range() to parse peers addresses Similarly to previous changes, use str2sa_range() so that we can detect invalid addresses or port configurations in peers.
2013-02-20 13:20:59 -05:00
int port1, port2;
MEDIUM: config: add complete support for str2sa_range() in 'peer' The peer addresses are now completely parsed using str2sa_range() and the resulting protocol is checked for support for connect().
2013-03-10 13:37:42 -04:00
struct protocol *proto;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
if (!*args[2]) {
Alert("parsing [%s:%d] : '%s' expects <name> and <addr>[:<port>] as arguments.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in server name '%s'.\n",
file, linenum, *err, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
if ((newpeer = calloc(1, sizeof(*newpeer))) == NULL) {
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
/* the peers are linked backwards first */
curpeers->count++;
newpeer->next = curpeers->remote;
curpeers->remote = newpeer;
BUG/MINOR: config: use a copy of the file name in proxy configurations Each proxy contains a reference to the original config file and line number where it was declared. The pointer used is just a reference to the one passed to the function instead of being duplicated. The effect is that it is not valid anymore at the end of the parsing and that all proxies will be enumerated as coming from the same file on some late configuration errors. This may happen for exmaple when reporting SSL certificate issues. By copying using strdup(), we avoid this issue. 1.4 has the same issue, though no report of the proxy file name is done out of the config section. Anyway a backport is recommended to ease post-mortem analysis.
2012-10-04 02:01:43 -04:00
newpeer->conf.file = strdup(file);
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
newpeer->conf.line = linenum;
newpeer->last_change = now.tv_sec;
newpeer->id = strdup(args[1]);
MINOR: tools: make str2sa_range() return the port in a separate argument This will be needed so that we're don't have to extract it from the returned address where it will not always be anymore (eg: for unresolved servers).
2017-01-06 12:32:38 -05:00
sk = str2sa_range(args[2], NULL, &port1, &port2, &errmsg, NULL, NULL, 1);
MEDIUM: config: use str2sa_range() to parse peers addresses Similarly to previous changes, use str2sa_range() so that we can detect invalid addresses or port configurations in peers.
2013-02-20 13:20:59 -05:00
if (!sk) {
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
Alert("parsing [%s:%d] : '%s %s' : %s\n", file, linenum, args[0], args[1], errmsg);
MEDIUM: config: add complete support for str2sa_range() in 'peer' The peer addresses are now completely parsed using str2sa_range() and the resulting protocol is checked for support for connect().
2013-03-10 13:37:42 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
proto = protocol_by_family(sk->ss_family);
if (!proto || !proto->connect) {
Alert("parsing [%s:%d] : '%s %s' : connect() not supported for this address family.\n",
file, linenum, args[0], args[1]);
MEDIUM: config: use str2sa_range() to parse peers addresses Similarly to previous changes, use str2sa_range() so that we can detect invalid addresses or port configurations in peers.
2013-02-20 13:20:59 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
}
MEDIUM: config: use str2sa_range() to parse peers addresses Similarly to previous changes, use str2sa_range() so that we can detect invalid addresses or port configurations in peers.
2013-02-20 13:20:59 -05:00
if (port1 != port2) {
Alert("parsing [%s:%d] : '%s %s' : port ranges and offsets are not allowed in '%s'\n",
file, linenum, args[0], args[1], args[2]);
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: config: use str2sa_range() to parse peers addresses Similarly to previous changes, use str2sa_range() so that we can detect invalid addresses or port configurations in peers.
2013-02-20 13:20:59 -05:00
if (!port1) {
Alert("parsing [%s:%d] : '%s %s' : missing or invalid port in '%s'\n",
file, linenum, args[0], args[1], args[2]);
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: config: use str2sa_range() to parse peers addresses Similarly to previous changes, use str2sa_range() so that we can detect invalid addresses or port configurations in peers.
2013-02-20 13:20:59 -05:00
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
newpeer->addr = *sk;
MEDIUM: config: add complete support for str2sa_range() in 'peer' The peer addresses are now completely parsed using str2sa_range() and the resulting protocol is checked for support for connect().
2013-03-10 13:37:42 -04:00
newpeer->proto = proto;
CLEANUP: connection: remove all direct references to raw_sock and ssl_sock Now we exclusively use xprt_get(XPRT_RAW) instead of &raw_sock or xprt_get(XPRT_SSL) for &ssl_sock. This removes a bunch of #ifdef and include spread over a number of location including backend, cfgparse, checks, cli, hlua, log, server and session.
2016-12-22 14:44:00 -05:00
newpeer->xprt = xprt_get(XPRT_RAW);
MEDIUM: stream_interface: derive the socket operations from the target Instead of hard-coding sock_raw in connect_server(), we set this socket operation at config parsing time. Right now, only servers and peers have it. Proxies are still hard-coded as sock_raw. This will be needed for future work on SSL which requires a different socket layer.
2012-05-11 12:32:18 -04:00
newpeer->sock_init_arg = NULL;
REORG/MEDIUM: replace stream interface protocol functions by a proto pointer The stream interface now makes use of the socket protocol pointer instead of the direct functions.
2012-05-07 12:12:14 -04:00
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
if (strcmp(newpeer->id, localpeer) == 0) {
/* Current is local peer, it define a frontend */
newpeer->local = 1;
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
cfg_peers->local = newpeer;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
if (!curpeers->peers_fe) {
if ((curpeers->peers_fe = calloc(1, sizeof(struct proxy))) == NULL) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
init_new_proxy(curpeers->peers_fe);
curpeers->peers_fe->parent = curpeers;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
curpeers->peers_fe->id = strdup(args[1]);
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
curpeers->peers_fe->conf.args.file = curpeers->peers_fe->conf.file = strdup(file);
curpeers->peers_fe->conf.args.line = curpeers->peers_fe->conf.line = linenum;
MINOR: peers: centralize configuration of the peers frontend This is in order to stop exporting the peer_accept() function.
2015-03-13 10:47:26 -04:00
peers_setup_frontend(curpeers->peers_fe);
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
CLEANUP: connection: remove all direct references to raw_sock and ssl_sock Now we exclusively use xprt_get(XPRT_RAW) instead of &raw_sock or xprt_get(XPRT_SSL) for &ssl_sock. This removes a bunch of #ifdef and include spread over a number of location including backend, cfgparse, checks, cli, hlua, log, server and session.
2016-12-22 14:44:00 -05:00
bind_conf = bind_conf_alloc(curpeers->peers_fe, file, linenum, args[2], xprt_get(XPRT_RAW));
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
if (!str2listener(args[2], curpeers->peers_fe, bind_conf, file, linenum, &errmsg)) {
if (errmsg && *errmsg) {
indent_msg(&errmsg, 2);
Alert("parsing [%s:%d] : '%s %s' : %s\n", file, linenum, args[0], args[1], errmsg);
MINOR: config: make str2listener() use memprintf() to report errors. This will make it possible to use the function for other listening sockets.
2012-09-20 14:01:39 -04:00
}
else
Alert("parsing [%s:%d] : '%s %s' : error encountered while parsing listening address %s.\n",
file, linenum, args[0], args[1], args[2]);
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
err_code |= ERR_FATAL;
goto out;
}
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
list_for_each_entry(l, &bind_conf->listeners, by_bind) {
CLEANUP: config: set the maxaccept value for peers listeners earlier Since we introduced bind_conf in peers, we can set maxaccept in a cleaner way at the proper time, let's do this to make the code more readable.
2013-01-18 04:51:07 -05:00
l->maxaccept = 1;
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
l->maxconn = curpeers->peers_fe->maxconn;
l->backlog = curpeers->peers_fe->backlog;
REORG: session: move the session parts out of stream.c This concerns everythins related to accepting a new session and expiring the embryonic session. There's still a hard-coded call to stream_accept_session() which could be set somewhere in the frontend, but for now it's not a problem.
2015-04-04 12:50:31 -04:00
l->accept = session_accept_fd;
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
l->analysers |= curpeers->peers_fe->fe_req_ana;
l->default_target = curpeers->peers_fe->default_target;
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
l->options |= LI_O_UNLIMITED; /* don't make the peers subject to global limits */
global.maxsock += l->maxconn;
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
}
BUG/MEDIUM: config: verbosely reject peers sections with multiple local peers If a peers section contains several instances of the local peer name, only the first one was considered and the next ones were silently ignored. This can cause some trouble to debug such a configuration. Now the extra entries are rejected with an error message indicating where the first occurrence was found.
2013-01-18 05:12:27 -05:00
else {
Alert("parsing [%s:%d] : '%s %s' : local peer name already referenced at %s:%d.\n",
file, linenum, args[0], args[1],
curpeers->peers_fe->conf.file, curpeers->peers_fe->conf.line);
err_code |= ERR_FATAL;
goto out;
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
}
} /* neither "peer" nor "peers" */
MEDIUM: peers: add the ability to disable a peers section Sometimes it's very hard to disable the use of peers because an empty section is not valid, so it is necessary to comment out all references to the section, and not to forget to restore them in the same state after the operation. Let's add a "disabled" keyword just like for proxies. A ->state member in the peers struct is even present for this purpose but was never used at all. Maybe it would make sense to backport this to 1.5 as it's really cumbersome there.
2015-05-01 14:02:17 -04:00
else if (!strcmp(args[0], "disabled")) { /* disables this peers section */
curpeers->state = PR_STSTOPPED;
}
else if (!strcmp(args[0], "enabled")) { /* enables this peers section (used to revert a disabled default) */
curpeers->state = PR_STNEW;
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
else if (*args[0] != 0) {
Alert("parsing [%s:%d] : unknown keyword '%s' in '%s' section\n", file, linenum, args[0], cursection);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
out:
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
free(errmsg);
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
return err_code;
}
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
/*
* Parse a <resolvers> section.
* Returns the error code, 0 if OK, or any combination of :
* - ERR_ABORT: must abort ASAP
* - ERR_FATAL: we can continue parsing but not start the service
* - ERR_WARN: a warning has been emitted
* - ERR_ALERT: an alert has been emitted
* Only the two first ones can stop processing, the two others are just
* indicators.
*/
int cfg_parse_resolvers(const char *file, int linenum, char **args, int kwm)
{
static struct dns_resolvers *curr_resolvers = NULL;
struct dns_nameserver *newnameserver = NULL;
const char *err;
int err_code = 0;
char *errmsg = NULL;
if (strcmp(args[0], "resolvers") == 0) { /* new resolvers section */
if (!*args[1]) {
Alert("parsing [%s:%d] : missing name for resolvers section.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, args[0], args[1]);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
list_for_each_entry(curr_resolvers, &dns_resolvers, list) {
/* Error if two resolvers owns the same name */
if (strcmp(curr_resolvers->id, args[1]) == 0) {
Alert("Parsing [%s:%d]: resolvers '%s' has same name as another resolvers (declared at %s:%d).\n",
file, linenum, args[1], curr_resolvers->conf.file, curr_resolvers->conf.line);
err_code |= ERR_ALERT | ERR_ABORT;
}
}
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
if ((curr_resolvers = calloc(1, sizeof(*curr_resolvers))) == NULL) {
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
/* default values */
LIST_ADDQ(&dns_resolvers, &curr_resolvers->list);
curr_resolvers->conf.file = strdup(file);
curr_resolvers->conf.line = linenum;
curr_resolvers->id = strdup(args[1]);
curr_resolvers->query_ids = EB_ROOT;
MINOR: dns: enabled edns0 extension and make accpeted payload size tunable Edns extensions may be used to negotiate some settings between a DNS client and a server. For now we only use it to announce the maximum response payload size accpeted by HAProxy. This size can be set through a configuration parameter in the resolvers section. If not set, it defaults to 512 bytes.
2017-08-13 18:13:01 -04:00
/* default maximum response size */
curr_resolvers->accepted_payload_size = 512;
MINOR: dns: implement extra 'hold' timers. This adds new "hold" timers : nx, refused, timeout, other. This timers will be used to tell HAProxy to keep an erroneous response as valid for the corresponding period. For now they're only configured, not enforced.
2016-11-02 17:23:31 -04:00
/* default hold period for nx, other, refuse and timeout is 30s */
curr_resolvers->hold.nx = 30000;
curr_resolvers->hold.other = 30000;
curr_resolvers->hold.refused = 30000;
curr_resolvers->hold.timeout = 30000;
MINOR: dns: default "hold obsolete" timeout set to 0 The "hold obsolete" timer is used to prevent HAProxy from moving a server to an other IP or from considering the server as DOWN if the IP currently affected to this server has not been seen for this period of time in DNS responses. That said, historically, HAProxy used to update servers as soon as the IP has disappeared from the response. Current default timeout break this historical behavior and may change HAProxy's behavior when people will upgrade to 1.8. This patch changes the default value to 0 to keep backward compatibility.
2017-08-18 04:15:42 -04:00
curr_resolvers->hold.obsolete = 0;
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
/* default hold period for valid is 10s */
BUG/MINOR: dns: wrong time unit for some DNS default parameters Madison May reported that the timeout applied by the default configuration is inproperly set up. This patch fix this: - hold valid default to 10s - timeout retry default to 1s
2015-07-14 15:42:49 -04:00
curr_resolvers->hold.valid = 10000;
curr_resolvers->timeout.retry = 1000;
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
curr_resolvers->resolve_retries = 3;
MAJOR/REORG: dns: DNS resolution task and requester queues This patch is a major upgrade of the internal run-time DNS resolver in HAProxy and it brings the following 2 main changes: 1. DNS resolution task Up to now, DNS resolution was triggered by the health check task. From now, DNS resolution task is autonomous. It is started by HAProxy right after the scheduler is available and it is woken either when a network IO occurs for one of its nameserver or when a timeout is matched. From now, this means we can enable DNS resolution for a server without enabling health checking. 2. Introduction of a dns_requester structure Up to now, DNS resolution was purposely made for resolving server hostnames. The idea, is to ensure that any HAProxy internal object should be able to trigger a DNS resolution. For this purpose, 2 things has to be done: - clean up the DNS code from the server structure (this was already quite clean actually) and clean up the server's callbacks from manipulating too much DNS resolution - create an agnostic structure which allows linking a DNS resolution and a requester of any type (using obj_type enum) 3. Manage requesters through queues Up to now, there was an uniq relationship between a resolution and it's owner (aka the requester now). It's a shame, because in some cases, multiple objects may share the same hostname and may benefit from a resolution being performed by a third party. This patch introduces the notion of queues, which are basically lists of either currently running resolution or waiting ones. The resolutions are now available as a pool, which belongs to the resolvers. The pool has has a default size of 64 resolutions per resolvers and is allocated at configuration parsing.
2017-05-22 09:17:15 -04:00
/* default resolution pool size */
curr_resolvers->resolution_pool_size = DNS_DEFAULT_RESOLUTION_POOL_SIZE;
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
LIST_INIT(&curr_resolvers->nameserver_list);
MAJOR/REORG: dns: DNS resolution task and requester queues This patch is a major upgrade of the internal run-time DNS resolver in HAProxy and it brings the following 2 main changes: 1. DNS resolution task Up to now, DNS resolution was triggered by the health check task. From now, DNS resolution task is autonomous. It is started by HAProxy right after the scheduler is available and it is woken either when a network IO occurs for one of its nameserver or when a timeout is matched. From now, this means we can enable DNS resolution for a server without enabling health checking. 2. Introduction of a dns_requester structure Up to now, DNS resolution was purposely made for resolving server hostnames. The idea, is to ensure that any HAProxy internal object should be able to trigger a DNS resolution. For this purpose, 2 things has to be done: - clean up the DNS code from the server structure (this was already quite clean actually) and clean up the server's callbacks from manipulating too much DNS resolution - create an agnostic structure which allows linking a DNS resolution and a requester of any type (using obj_type enum) 3. Manage requesters through queues Up to now, there was an uniq relationship between a resolution and it's owner (aka the requester now). It's a shame, because in some cases, multiple objects may share the same hostname and may benefit from a resolution being performed by a third party. This patch introduces the notion of queues, which are basically lists of either currently running resolution or waiting ones. The resolutions are now available as a pool, which belongs to the resolvers. The pool has has a default size of 64 resolutions per resolvers and is allocated at configuration parsing.
2017-05-22 09:17:15 -04:00
LIST_INIT(&curr_resolvers->resolution.curr);
LIST_INIT(&curr_resolvers->resolution.wait);
LIST_INIT(&curr_resolvers->resolution.pool);
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
}
else if (strcmp(args[0], "nameserver") == 0) { /* nameserver definition */
struct sockaddr_storage *sk;
int port1, port2;
struct protocol *proto;
if (!*args[2]) {
Alert("parsing [%s:%d] : '%s' expects <name> and <addr>[:<port>] as arguments.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in server name '%s'.\n",
file, linenum, *err, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
BUG/MINOR: dns: check for duplicate nameserver id in a resolvers section was missing Current resolvers section parsing function is permissive on nameserver id and two nameservers may have the same id. It's a shame, since we don't know for example, whose statistics belong to which nameserver... From now, configuration with duplicated nameserver id in a resolvers section are considered as broken and returns a fatal error when parsing.
2015-11-02 16:55:49 -05:00
list_for_each_entry(newnameserver, &curr_resolvers->nameserver_list, list) {
/* Error if two resolvers owns the same name */
if (strcmp(newnameserver->id, args[1]) == 0) {
Alert("Parsing [%s:%d]: nameserver '%s' has same name as another nameserver (declared at %s:%d).\n",
file, linenum, args[1], curr_resolvers->conf.file, curr_resolvers->conf.line);
err_code |= ERR_ALERT | ERR_FATAL;
}
}
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
if ((newnameserver = calloc(1, sizeof(*newnameserver))) == NULL) {
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
/* the nameservers are linked backward first */
LIST_ADDQ(&curr_resolvers->nameserver_list, &newnameserver->list);
curr_resolvers->count_nameservers++;
newnameserver->resolvers = curr_resolvers;
newnameserver->conf.file = strdup(file);
newnameserver->conf.line = linenum;
newnameserver->id = strdup(args[1]);
MINOR: tools: make str2sa_range() return the port in a separate argument This will be needed so that we're don't have to extract it from the returned address where it will not always be anymore (eg: for unresolved servers).
2017-01-06 12:32:38 -05:00
sk = str2sa_range(args[2], NULL, &port1, &port2, &errmsg, NULL, NULL, 1);
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' : %s\n", file, linenum, args[0], args[1], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
proto = protocol_by_family(sk->ss_family);
if (!proto || !proto->connect) {
Alert("parsing [%s:%d] : '%s %s' : connect() not supported for this address family.\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (port1 != port2) {
Alert("parsing [%s:%d] : '%s %s' : port ranges and offsets are not allowed in '%s'\n",
file, linenum, args[0], args[1], args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
BUG/MEDIUM: dns: no DNS resolution happens if no ports provided to the nameserver Erez reported a bug on discourse.haproxy.org about DNS resolution not occuring when no port is specified on the nameserver directive. This patch prevent this behavior by returning an error explaining this issue when parsing the configuration file. That said, later, we may want to force port 53 when client did not provide any. backport: 1.6
2016-01-20 18:59:46 -05:00
if (!port1 && !port2) {
Alert("parsing [%s:%d] : '%s %s' : no UDP port specified\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
newnameserver->addr = *sk;
}
else if (strcmp(args[0], "hold") == 0) { /* hold periods */
const char *res;
unsigned int time;
if (!*args[2]) {
Alert("parsing [%s:%d] : '%s' expects an <event> and a <time> as arguments.\n",
file, linenum, args[0]);
Alert("<event> can be either 'valid', 'nx', 'refused', 'timeout', or 'other'\n");
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
res = parse_time_err(args[2], &time, TIME_UNIT_MS);
if (res) {
Alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s>.\n",
file, linenum, *res, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: dns: implement extra 'hold' timers. This adds new "hold" timers : nx, refused, timeout, other. This timers will be used to tell HAProxy to keep an erroneous response as valid for the corresponding period. For now they're only configured, not enforced.
2016-11-02 17:23:31 -04:00
if (strcmp(args[1], "nx") == 0)
curr_resolvers->hold.nx = time;
else if (strcmp(args[1], "other") == 0)
curr_resolvers->hold.other = time;
else if (strcmp(args[1], "refused") == 0)
curr_resolvers->hold.refused = time;
else if (strcmp(args[1], "timeout") == 0)
curr_resolvers->hold.timeout = time;
else if (strcmp(args[1], "valid") == 0)
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
curr_resolvers->hold.valid = time;
MINOR: dns: Cache previous DNS answers. As DNS servers may not return all IPs in one answer, we want to cache the previous entries. Those entries are removed when considered obsolete, which happens when the IP hasn't been returned by the DNS server for a time defined in the "hold obsolete" parameter of the resolver section. The default is 30s.
2017-07-06 12:46:47 -04:00
else if (strcmp(args[1], "obsolete") == 0)
curr_resolvers->hold.obsolete = time;
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
else {
MINOR: dns: Cache previous DNS answers. As DNS servers may not return all IPs in one answer, we want to cache the previous entries. Those entries are removed when considered obsolete, which happens when the IP hasn't been returned by the DNS server for a time defined in the "hold obsolete" parameter of the resolver section. The default is 30s.
2017-07-06 12:46:47 -04:00
Alert("parsing [%s:%d] : '%s' unknown <event>: '%s', expects either 'nx', 'timeout', 'valid', 'obsolete' or 'other'.\n",
MINOR: dns: implement extra 'hold' timers. This adds new "hold" timers : nx, refused, timeout, other. This timers will be used to tell HAProxy to keep an erroneous response as valid for the corresponding period. For now they're only configured, not enforced.
2016-11-02 17:23:31 -04:00
file, linenum, args[0], args[1]);
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
MINOR: dns: enabled edns0 extension and make accpeted payload size tunable Edns extensions may be used to negotiate some settings between a DNS client and a server. For now we only use it to announce the maximum response payload size accpeted by HAProxy. This size can be set through a configuration parameter in the resolvers section. If not set, it defaults to 512 bytes.
2017-08-13 18:13:01 -04:00
else if (strcmp(args[0], "accepted_payload_size") == 0) {
MINOR: dns: Maximum DNS udp payload set to 8192 Following up DNS extension introduction, this patch aims at making the computation of the maximum number of records in DNS response dynamic. This computation is based on the announced payload size accepted by HAProxy.
2017-08-18 17:35:08 -04:00
int i = 0;
MINOR: dns: enabled edns0 extension and make accpeted payload size tunable Edns extensions may be used to negotiate some settings between a DNS client and a server. For now we only use it to announce the maximum response payload size accpeted by HAProxy. This size can be set through a configuration parameter in the resolvers section. If not set, it defaults to 512 bytes.
2017-08-13 18:13:01 -04:00
if (!*args[1]) {
Alert("parsing [%s:%d] : '%s' expects <nb> as argument.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: dns: Maximum DNS udp payload set to 8192 Following up DNS extension introduction, this patch aims at making the computation of the maximum number of records in DNS response dynamic. This computation is based on the announced payload size accepted by HAProxy.
2017-08-18 17:35:08 -04:00
i = atoi(args[1]);
BUG/MEDIUM: dns: fix accepted_payload_size parser to avoid integer overflow Since commit 9d8dbbc ("MINOR: dns: Maximum DNS udp payload set to 8192") it's possible to specify a packet size, but passing too large a size or a negative size is not detected and results in memset() being performed over a 2GB+ area upon receipt of the first DNS response, causing runtime crashes. We now check that the size is not smaller than the smallest packet which is the DNS header size (12 bytes). No backport is needed.
2017-08-22 06:01:26 -04:00
if (i < DNS_HEADER_SIZE || i > DNS_MAX_UDP_MESSAGE) {
Alert("parsing [%s:%d] : '%s' must be between %d and %d inclusive (was %s).\n",
file, linenum, args[0], DNS_HEADER_SIZE, DNS_MAX_UDP_MESSAGE, args[1]);
MINOR: dns: Maximum DNS udp payload set to 8192 Following up DNS extension introduction, this patch aims at making the computation of the maximum number of records in DNS response dynamic. This computation is based on the announced payload size accepted by HAProxy.
2017-08-18 17:35:08 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curr_resolvers->accepted_payload_size = i;
MINOR: dns: enabled edns0 extension and make accpeted payload size tunable Edns extensions may be used to negotiate some settings between a DNS client and a server. For now we only use it to announce the maximum response payload size accpeted by HAProxy. This size can be set through a configuration parameter in the resolvers section. If not set, it defaults to 512 bytes.
2017-08-13 18:13:01 -04:00
}
MAJOR/REORG: dns: DNS resolution task and requester queues This patch is a major upgrade of the internal run-time DNS resolver in HAProxy and it brings the following 2 main changes: 1. DNS resolution task Up to now, DNS resolution was triggered by the health check task. From now, DNS resolution task is autonomous. It is started by HAProxy right after the scheduler is available and it is woken either when a network IO occurs for one of its nameserver or when a timeout is matched. From now, this means we can enable DNS resolution for a server without enabling health checking. 2. Introduction of a dns_requester structure Up to now, DNS resolution was purposely made for resolving server hostnames. The idea, is to ensure that any HAProxy internal object should be able to trigger a DNS resolution. For this purpose, 2 things has to be done: - clean up the DNS code from the server structure (this was already quite clean actually) and clean up the server's callbacks from manipulating too much DNS resolution - create an agnostic structure which allows linking a DNS resolution and a requester of any type (using obj_type enum) 3. Manage requesters through queues Up to now, there was an uniq relationship between a resolution and it's owner (aka the requester now). It's a shame, because in some cases, multiple objects may share the same hostname and may benefit from a resolution being performed by a third party. This patch introduces the notion of queues, which are basically lists of either currently running resolution or waiting ones. The resolutions are now available as a pool, which belongs to the resolvers. The pool has has a default size of 64 resolutions per resolvers and is allocated at configuration parsing.
2017-05-22 09:17:15 -04:00
else if (strcmp(args[0], "resolution_pool_size") == 0) {
if (!*args[1]) {
Alert("parsing [%s:%d] : '%s' expects <nb> as argument.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curr_resolvers->resolution_pool_size = atoi(args[1]);
}
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
else if (strcmp(args[0], "resolve_retries") == 0) {
if (!*args[1]) {
Alert("parsing [%s:%d] : '%s' expects <nb> as argument.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curr_resolvers->resolve_retries = atoi(args[1]);
}
else if (strcmp(args[0], "timeout") == 0) {
MEDIUM: cfgparse: reject incorrect 'timeout retry' keyword spelling in resolvers If for example it was written as 'timeout retri 1s' or 'timeout wrong 1s' this would be used for the retry timeout value. Resolvers section only timeout setting currently is 'retry', others are still parsed as before this patch to not break existing configurations. A less strict version will be backported to 1.6.
2016-02-13 09:51:58 -05:00
if (!*args[1]) {
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
Alert("parsing [%s:%d] : '%s' expects 'retry' and <time> as arguments.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: cfgparse: reject incorrect 'timeout retry' keyword spelling in resolvers If for example it was written as 'timeout retri 1s' or 'timeout wrong 1s' this would be used for the retry timeout value. Resolvers section only timeout setting currently is 'retry', others are still parsed as before this patch to not break existing configurations. A less strict version will be backported to 1.6.
2016-02-13 09:51:58 -05:00
else if (strcmp(args[1], "retry") == 0) {
const char *res;
unsigned int timeout_retry;
if (!*args[2]) {
Alert("parsing [%s:%d] : '%s %s' expects <time> as argument.\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
res = parse_time_err(args[2], &timeout_retry, TIME_UNIT_MS);
if (res) {
Alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s %s>.\n",
file, linenum, *res, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curr_resolvers->timeout.retry = timeout_retry;
}
else {
Alert("parsing [%s:%d] : '%s' expects 'retry' and <time> as arguments got '%s'.\n",
file, linenum, args[0], args[1]);
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
} /* neither "nameserver" nor "resolvers" */
else if (*args[0] != 0) {
Alert("parsing [%s:%d] : unknown keyword '%s' in '%s' section\n", file, linenum, args[0], cursection);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
out:
free(errmsg);
return err_code;
}
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
/*
CLEANUP: cfgparse: remove reference to 'ruleset' section The 'ruleset' section was never implemented. This patch remove references and tests about this keyword.
2015-04-14 10:35:22 -04:00
* Parse a line in a <listen>, <frontend> or <backend> section.
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
* Returns the error code, 0 if OK, or any combination of :
* - ERR_ABORT: must abort ASAP
* - ERR_FATAL: we can continue parsing but not start the service
* - ERR_WARN: a warning has been emitted
* - ERR_ALERT: an alert has been emitted
* Only the two first ones can stop processing, the two others are just
* indicators.
*/
int cfg_parse_mailers(const char *file, int linenum, char **args, int kwm)
{
static struct mailers *curmailers = NULL;
struct mailer *newmailer = NULL;
const char *err;
int err_code = 0;
char *errmsg = NULL;
if (strcmp(args[0], "mailers") == 0) { /* new mailers section */
if (!*args[1]) {
Alert("parsing [%s:%d] : missing name for mailers section.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, args[0], args[1]);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
for (curmailers = mailers; curmailers != NULL; curmailers = curmailers->next) {
/*
* If there are two proxies with the same name only following
* combinations are allowed:
*/
if (strcmp(curmailers->id, args[1]) == 0) {
MEDIUM: config: reject invalid config with name duplicates Since 1.4 we used to emit a warning when two frontends or two backends had the same name. In 1.5 we added the same warning for two peers sections. In 1.6 we added the same warning for two mailers sections. It's about time to reject such invalid configurations, the impact they have on the code complexity is huge and it is becoming a real obstacle to some improvements such as restoring servers check status across reloads. Now these errors are reported as fatal errors and will need to be fixed. Anyway, till now there was no guarantee that what was written was working as expected since the behaviour is not defined (eg: use_backend with a name used by two backends leads to undefined behaviour). Example of output : [ALERT] 145/104759 (31564) : Parsing [prx.cfg:12]: mailers section 'm' has the same name as another mailers section declared at prx.cfg:10. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:16]: peers section 'p' has the same name as another peers section declared at prx.cfg:14. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:21]: frontend 'f' has the same name as another frontend declared at prx.cfg:18. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:27]: backend 'b' has the same name as another backend declared at prx.cfg:24. [ALERT] 145/104759 (31564) : Error(s) found in configuration file : prx.cfg [ALERT] 145/104759 (31564) : Fatal errors found in configuration.
2015-05-26 04:35:50 -04:00
Alert("Parsing [%s:%d]: mailers section '%s' has the same name as another mailers section declared at %s:%d.\n",
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
file, linenum, args[1], curmailers->conf.file, curmailers->conf.line);
MEDIUM: config: reject invalid config with name duplicates Since 1.4 we used to emit a warning when two frontends or two backends had the same name. In 1.5 we added the same warning for two peers sections. In 1.6 we added the same warning for two mailers sections. It's about time to reject such invalid configurations, the impact they have on the code complexity is huge and it is becoming a real obstacle to some improvements such as restoring servers check status across reloads. Now these errors are reported as fatal errors and will need to be fixed. Anyway, till now there was no guarantee that what was written was working as expected since the behaviour is not defined (eg: use_backend with a name used by two backends leads to undefined behaviour). Example of output : [ALERT] 145/104759 (31564) : Parsing [prx.cfg:12]: mailers section 'm' has the same name as another mailers section declared at prx.cfg:10. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:16]: peers section 'p' has the same name as another peers section declared at prx.cfg:14. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:21]: frontend 'f' has the same name as another frontend declared at prx.cfg:18. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:27]: backend 'b' has the same name as another backend declared at prx.cfg:24. [ALERT] 145/104759 (31564) : Error(s) found in configuration file : prx.cfg [ALERT] 145/104759 (31564) : Fatal errors found in configuration.
2015-05-26 04:35:50 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
}
}
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
if ((curmailers = calloc(1, sizeof(*curmailers))) == NULL) {
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
curmailers->next = mailers;
mailers = curmailers;
curmailers->conf.file = strdup(file);
curmailers->conf.line = linenum;
curmailers->id = strdup(args[1]);
MINOR: mailers: make it possible to configure the connection timeout This patch introduces a configurable connection timeout for mailers with a new "timeout mail <time>" directive. Acked-by: Simon Horman <horms@verge.net.au>
2016-02-13 09:33:40 -05:00
curmailers->timeout.mail = DEF_MAILALERTTIME;/* XXX: Would like to Skip to the next alert, if any, ASAP.
* But need enough time so that timeouts don't occur
* during tcp procssing. For now just us an arbitrary default. */
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
}
else if (strcmp(args[0], "mailer") == 0) { /* mailer definition */
struct sockaddr_storage *sk;
int port1, port2;
struct protocol *proto;
if (!*args[2]) {
Alert("parsing [%s:%d] : '%s' expects <name> and <addr>[:<port>] as arguments.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in server name '%s'.\n",
file, linenum, *err, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
if ((newmailer = calloc(1, sizeof(*newmailer))) == NULL) {
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
/* the mailers are linked backwards first */
curmailers->count++;
newmailer->next = curmailers->mailer_list;
curmailers->mailer_list = newmailer;
newmailer->mailers = curmailers;
newmailer->conf.file = strdup(file);
newmailer->conf.line = linenum;
newmailer->id = strdup(args[1]);
MINOR: tools: make str2sa_range() return the port in a separate argument This will be needed so that we're don't have to extract it from the returned address where it will not always be anymore (eg: for unresolved servers).
2017-01-06 12:32:38 -05:00
sk = str2sa_range(args[2], NULL, &port1, &port2, &errmsg, NULL, NULL, 1);
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' : %s\n", file, linenum, args[0], args[1], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
proto = protocol_by_family(sk->ss_family);
MEDIUM: Support sending email alerts Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:23:00 -05:00
if (!proto || !proto->connect || proto->sock_prot != IPPROTO_TCP) {
Alert("parsing [%s:%d] : '%s %s' : TCP not supported for this address family.\n",
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (port1 != port2) {
Alert("parsing [%s:%d] : '%s %s' : port ranges and offsets are not allowed in '%s'\n",
file, linenum, args[0], args[1], args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (!port1) {
Alert("parsing [%s:%d] : '%s %s' : missing or invalid port in '%s'\n",
file, linenum, args[0], args[1], args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
newmailer->addr = *sk;
newmailer->proto = proto;
CLEANUP: connection: remove all direct references to raw_sock and ssl_sock Now we exclusively use xprt_get(XPRT_RAW) instead of &raw_sock or xprt_get(XPRT_SSL) for &ssl_sock. This removes a bunch of #ifdef and include spread over a number of location including backend, cfgparse, checks, cli, hlua, log, server and session.
2016-12-22 14:44:00 -05:00
newmailer->xprt = xprt_get(XPRT_RAW);
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
newmailer->sock_init_arg = NULL;
MINOR: mailers: make it possible to configure the connection timeout This patch introduces a configurable connection timeout for mailers with a new "timeout mail <time>" directive. Acked-by: Simon Horman <horms@verge.net.au>
2016-02-13 09:33:40 -05:00
}
else if (strcmp(args[0], "timeout") == 0) {
if (!*args[1]) {
Alert("parsing [%s:%d] : '%s' expects 'mail' and <time> as arguments.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
else if (strcmp(args[1], "mail") == 0) {
const char *res;
unsigned int timeout_mail;
if (!*args[2]) {
Alert("parsing [%s:%d] : '%s %s' expects <time> as argument.\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
res = parse_time_err(args[2], &timeout_mail, TIME_UNIT_MS);
if (res) {
Alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s>.\n",
file, linenum, *res, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (timeout_mail <= 0) {
Alert("parsing [%s:%d] : '%s %s' expects a positive <time> argument.\n", file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curmailers->timeout.mail = timeout_mail;
} else {
Alert("parsing [%s:%d] : '%s' expects 'mail' and <time> as arguments got '%s'.\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
else if (*args[0] != 0) {
Alert("parsing [%s:%d] : unknown keyword '%s' in '%s' section\n", file, linenum, args[0], cursection);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
out:
free(errmsg);
return err_code;
}
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
static void free_email_alert(struct proxy *p)
{
free(p->email_alert.mailers.name);
p->email_alert.mailers.name = NULL;
free(p->email_alert.from);
p->email_alert.from = NULL;
free(p->email_alert.to);
p->email_alert.to = NULL;
free(p->email_alert.myhostname);
p->email_alert.myhostname = NULL;
}
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
static struct proxy *curproxy = NULL;
[CLEANUP] add a few "const char *" where appropriate As suggested by Markus Elfring, a few "const char *" have replaced some "char *" declarations where a function is not expected to modify a value. It does not change the code but it helps detecting coding errors.
2006-10-15 09:17:57 -04:00
const char *err;
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
char *error;
[MEDIUM] add support for time units in the configuration It is not always handy to manipulate large values exprimed in milliseconds for timeouts. Also, some values are entered in seconds (such as the stats refresh interval). This patch adds support for time units. It knows about 'us', 'ms', 's', 'm', 'h', and 'd'. It automatically converts each value into the caller's expected unit. Unit-less values are still passed unchanged. The unit must be passed as a suffix to the number. For instance: clitimeout 15m If any character is not understood, an error is returned.
2007-12-02 16:15:14 -05:00
int rc;
unsigned val;
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
int err_code = 0;
[CLEANUP] config: specify correct const char types to warnif_* functions Also factor out a few declarations of acl_cond everywhere.
2010-01-28 13:01:34 -05:00
struct acl_cond *cond = NULL;
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
struct logsrv *tmplogsrv;
MINOR: cfgparse: use a common errmsg pointer for all parsers In order to generalize the simplified error reporting mechanism, let's centralize the error pointer.
2012-05-08 11:37:49 -04:00
char *errmsg = NULL;
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
struct bind_conf *bind_conf;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (!strcmp(args[0], "listen"))
rc = PR_CAP_LISTEN;
else if (!strcmp(args[0], "frontend"))
CLEANUP: remove last references to 'ruleset' section
2016-10-26 05:06:28 -04:00
rc = PR_CAP_FE;
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
else if (!strcmp(args[0], "backend"))
CLEANUP: remove last references to 'ruleset' section
2016-10-26 05:06:28 -04:00
rc = PR_CAP_BE;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
else
rc = PR_CAP_NONE;
if (rc != PR_CAP_NONE) { /* new proxy */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (!*args[1]) {
Alert("parsing [%s:%d] : '%s' expects an <id> argument and\n"
CLEANUP: cfgparse: Very minor spelling correction 'optionnally' changed to 'optionally'
2015-08-18 14:32:08 -04:00
" optionally supports [addr1]:port1[-end1]{,[addr]:port[-end]}...\n",
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[PATCH]: Check for duplicated conflicting proxies Currently haproxy accepts a config with duplicated proxies (listen/fronted/backed/ruleset). This patch fix this, so the application will complain when there is an error. With this modification it is still possible to use the same name for two proxies (for example frontend&backend) as long there is no conflict: listen backend frontend ruleset listen - - - - backend - - OK - frontend - OK - - ruleset - - - - Best regards, Krzysztof Oledzki
2007-10-20 20:55:17 -04:00
[MEDIUM] restrict the set of allowed characters for identifiers In order to avoid issues in the future, we want to restrict the set of allowed characters for identifiers. Starting from now, only A-Z, a-z, 0-9, '-', '_', '.' and ':' will be allowed for a proxy, a server or an ACL name. A test file has been added to check the restriction.
2007-12-02 12:45:09 -05:00
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] restrict the set of allowed characters for identifiers In order to avoid issues in the future, we want to restrict the set of allowed characters for identifiers. Starting from now, only A-Z, a-z, 0-9, '-', '_', '.' and ':' will be allowed for a proxy, a server or an ACL name. A test file has been added to check the restriction.
2007-12-02 12:45:09 -05:00
}
MINOR: config: don't open-code proxy name lookups We can now safely use the standard functions to detect proxy name duplicates.
2015-05-26 05:45:02 -04:00
curproxy = (rc & PR_CAP_FE) ? proxy_fe_by_name(args[1]) : proxy_be_by_name(args[1]);
if (curproxy) {
Alert("Parsing [%s:%d]: %s '%s' has the same name as %s '%s' declared at %s:%d.\n",
file, linenum, proxy_cap_str(rc), args[1], proxy_type_str(curproxy),
curproxy->id, curproxy->conf.file, curproxy->conf.line);
MEDIUM: config: reject invalid config with name duplicates Since 1.4 we used to emit a warning when two frontends or two backends had the same name. In 1.5 we added the same warning for two peers sections. In 1.6 we added the same warning for two mailers sections. It's about time to reject such invalid configurations, the impact they have on the code complexity is huge and it is becoming a real obstacle to some improvements such as restoring servers check status across reloads. Now these errors are reported as fatal errors and will need to be fixed. Anyway, till now there was no guarantee that what was written was working as expected since the behaviour is not defined (eg: use_backend with a name used by two backends leads to undefined behaviour). Example of output : [ALERT] 145/104759 (31564) : Parsing [prx.cfg:12]: mailers section 'm' has the same name as another mailers section declared at prx.cfg:10. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:16]: peers section 'p' has the same name as another peers section declared at prx.cfg:14. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:21]: frontend 'f' has the same name as another frontend declared at prx.cfg:18. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:27]: backend 'b' has the same name as another backend declared at prx.cfg:24. [ALERT] 145/104759 (31564) : Error(s) found in configuration file : prx.cfg [ALERT] 145/104759 (31564) : Fatal errors found in configuration.
2015-05-26 04:35:50 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[PATCH]: Check for duplicated conflicting proxies Currently haproxy accepts a config with duplicated proxies (listen/fronted/backed/ruleset). This patch fix this, so the application will complain when there is an error. With this modification it is still possible to use the same name for two proxies (for example frontend&backend) as long there is no conflict: listen backend frontend ruleset listen - - - - backend - - OK - frontend - OK - - ruleset - - - - Best regards, Krzysztof Oledzki
2007-10-20 20:55:17 -04:00
}
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
if ((curproxy = calloc(1, sizeof(*curproxy))) == NULL) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[CLEANUP] config: catch and report some possibly wrong rule ordering There are some configurations in which redirect rules are declared after use_backend rules. We can also find "block" rules after any of these ones. The processing sequence is : - block - redirect - use_backend So as of now we try to detect wrong ordering to warn the user about a possibly undesired behaviour.
2009-03-15 10:23:16 -04:00
[MINOR] config: centralize proxy struct initialization
2010-01-03 14:23:58 -05:00
init_new_proxy(curproxy);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->next = proxy;
proxy = curproxy;
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
curproxy->conf.args.file = curproxy->conf.file = strdup(file);
curproxy->conf.args.line = curproxy->conf.line = linenum;
[MEDIUM] stats: report server and backend cumulated downtime Hello, This patch implements new statistics for SLA calculation by adding new field 'Dwntime' with total down time since restart (both HTTP/CSV) and extending status field (HTTP) or inserting a new one (CSV) with time showing how long each server/backend is in a current state. Additionaly, down transations are also calculated and displayed for backends, so it is possible to know how many times selected backend was down, generating "No server is available to handle this request." error. New information are presentetd in two different ways: - for HTTP: a "human redable form", one of "100000d 23h", "23h 59m" or "59m 59s" - for CSV: seconds I believe that seconds resolution is enough. As there are more columns in the status page I decided to shrink some names to make more space: - Weight -> Wght - Check -> Chk - Down -> Dwn Making described changes I also made some improvements and fixed some small bugs: - don't increment s->health above 's->rise + s->fall - 1'. Previously it was incremented an then (re)set to 's->rise + s->fall - 1'. - do not set server down if it is down already - do not set server up if it is up already - fix colspan in multiple places (mostly introduced by my previous patch) - add missing "status" header to CSV - fix order of retries/redispatches in server (CSV) - s/Tthen/Then/ - s/server/backend/ in DATA_ST_PX_BE (dumpstats.c) Changes from previous version: - deal with negative time intervales - don't relay on s->state (SRV_RUNNING) - little reworked human_time + compacted format (no spaces). If needed it can be used in the future for other purposes by optionally making "cnt" as an argument - leave set_server_down mostly unchanged - only little reworked "process_chk: 9" - additional fields in CSV are appended to the rigth - fix "SEC" macro - named arguments (human_time, be_downtime, srv_downtime) Hope it is OK. If there are only cosmetic changes needed please fill free to correct it, however if there are some bigger changes required I would like to discuss it first or at last to know what exactly was changed especially since I already put this patch into my production server. :) Thank you, Best regards, Krzysztof Oledzki
2007-10-22 10:21:10 -04:00
curproxy->last_change = now.tv_sec;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->id = strdup(args[1]);
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
curproxy->cap = rc;
MEDIUM: proxy: create a tree to store proxies by name Large configurations can take time to parse when thousands of backends are in use. Let's store all the proxies in trees. findproxy_mode() has been modified to use the tree for lookups, which has divided the parsing time by about 2.5. But many lookups are still present at many places and need to be dealt with.
2014-03-15 02:22:35 -04:00
proxy_store_name(curproxy);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: cfgparse: check section maximum number of arguments This patch checks the number of arguments of the keywords: 'global', 'defaults', 'listen', 'backend', 'frontend', 'peers' and 'userlist' The 'global' section does not take any arguments. Proxy sections does not support bind address as argument anymore. Those sections supports only an <id> argument. The 'defaults' section didn't had any check on its arguments. It takes an optional <name> argument. 'peers' section takes a <peersect> argument. 'userlist' section takes a <listname> argument.
2015-04-28 10:55:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code)) {
if (curproxy->cap & PR_CAP_FE)
Alert("parsing [%s:%d] : please use the 'bind' keyword for listening addresses.\n", file, linenum);
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/* set default values */
[MEDIUM] default-server support This patch implements default-server support allowing to change default server options. It can be used in [defaults] or [backend]/[listen] sections. Currently the following options are supported: - error-limit - fall - inter - fastinter - downinter - maxconn - maxqueue - minconn - on-error - port - rise - slowstart - weight
2010-01-05 10:38:49 -05:00
memcpy(&curproxy->defsrv, &defproxy.defsrv, sizeof(curproxy->defsrv));
[MINOR] config: report "default-server" instead of "(null)" in error messages When an error is reported in a default-server entry, we want to have that name in the error message instead of "(null)".
2010-04-07 10:06:40 -04:00
curproxy->defsrv.id = "default-server";
[MEDIUM] default-server support This patch implements default-server support allowing to change default server options. It can be used in [defaults] or [backend]/[listen] sections. Currently the following options are supported: - error-limit - fall - inter - fastinter - downinter - maxconn - maxqueue - minconn - on-error - port - rise - slowstart - weight
2010-01-05 10:38:49 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->state = defproxy.state;
curproxy->options = defproxy.options;
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
curproxy->options2 = defproxy.options2;
[MINOR] config: track "no option"/"option" changes Sometimes we would want to implement implicit default options, but for this we need to be able to disable them, which requires to keep track of "no option" settings. With this change, an option explicitly disabled in a defaults section will still be seen as explicitly disabled. There should be no regression as nothing makes use of this yet.
2009-06-14 05:10:45 -04:00
curproxy->no_options = defproxy.no_options;
curproxy->no_options2 = defproxy.no_options2;
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
curproxy->bind_proc = defproxy.bind_proc;
[MEDIUM] add the "except" keyword to the "forwardfor" option Patch from Bryan Germann for 1.2.17. In some circumstances, it is useful not to add the X-Forwarded-For header, for instance when the client is another reverse-proxy or stunnel running on the same machine and which already adds it. This patch adds the "except" keyword to the "forwardfor" option, allowing to specify an address or network which will not be added to this header.
2007-03-25 10:00:04 -04:00
curproxy->except_net = defproxy.except_net;
curproxy->except_mask = defproxy.except_mask;
[BUG] x-original-to: fix missing initialization to default value
2009-05-08 11:02:07 -04:00
curproxy->except_to = defproxy.except_to;
[MINOR] add X-Original-To: header I have attached a patch which will add on every http request a new header 'X-Original-To'. If you have HAProxy running in transparent mode with a big number of SQUID servers behind it, it is very nice to have the original destination ip as a common header to make decisions based on it. The whole thing is configurable with a new option 'originalto'. I have updated the sourcecode as well as the documentation. The 'haproxy-en.txt' and 'haproxy-fr.txt' files are untouched, due to lack of my french language knowledge. ;) Also the patch adds this header for IPv4 only. I haven't any IPv6 test environment running here and don't know if getsockopt() with SO_ORIGINAL_DST will work on IPv6. If someone knows it and wants to test it I can modify the diff. Feel free to ask me questions or things which should be changed. :) --Maik
2009-04-17 12:53:21 -04:00
curproxy->except_mask_to = defproxy.except_mask_to;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[BUG] Fix empty X-Forwarded-For header name when set in defaults section The following patch introduced a minor bug : [MINOR] permit renaming of x-forwarded-for header If "option forwardfor" is declared in a defaults section, the header name is never set and we see an empty header name before the value. Also, the header name was not reset between two defaults sections.
2008-08-23 02:18:21 -04:00
if (defproxy.fwdfor_hdr_len) {
curproxy->fwdfor_hdr_len = defproxy.fwdfor_hdr_len;
curproxy->fwdfor_hdr_name = strdup(defproxy.fwdfor_hdr_name);
}
[BUG] x-original-to: name was not set in default instance This resulted in an empty header name when option originalto was declared in a default sections.
2009-11-30 05:50:16 -05:00
if (defproxy.orgto_hdr_len) {
curproxy->orgto_hdr_len = defproxy.orgto_hdr_len;
curproxy->orgto_hdr_name = strdup(defproxy.orgto_hdr_name);
}
MEDIUM: http: add support for sending the server's name in the outgoing request New option "http-send-name-header" specifies the name of a header which will hold the server name in outgoing requests. This is the name of the server the connection is really sent to, which means that upon redispatches, the header's value is updated so that it always matches the server's name.
2012-01-04 13:02:01 -05:00
if (defproxy.server_id_hdr_len) {
curproxy->server_id_hdr_len = defproxy.server_id_hdr_len;
curproxy->server_id_hdr_name = strdup(defproxy.server_id_hdr_name);
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (curproxy->cap & PR_CAP_FE) {
curproxy->maxconn = defproxy.maxconn;
[MINOR] add support for the "backlog" parameter Add the "backlog" parameter to frontends, to give hints to the system about the approximate listen backlog desired size. In order to protect against SYN flood attacks, one solution is to increase the system's SYN backlog size. Depending on the system, sometimes it is just tunable via a system parameter, sometimes it is not adjustable at all, and sometimes the system relies on hints given by the application at the time of the listen() syscall. By default, HAProxy passes the frontend's maxconn value to the listen() syscall. On systems which can make use of this value, it can sometimes be useful to be able to specify a different value, hence this backlog parameter.
2008-01-06 04:55:10 -05:00
curproxy->backlog = defproxy.backlog;
[MINOR] compute the max of sessions/s on fe/be/srv Some users want to keep the max sessions/s seen on servers, frontends and backends for capacity planning. It's easy to grab it while the session count is updated, so let's keep it.
2009-05-10 12:52:49 -04:00
curproxy->fe_sps_lim = defproxy.fe_sps_lim;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
/* initialize error relocations */
[MAJOR] struct chunk rework Add size to struct chunk and simplify the code as there is no longer required to pass sizeof in chunk_printf().
2009-09-27 07:23:20 -04:00
for (rc = 0; rc < HTTP_ERR_SIZE; rc++)
chunk_dup(&curproxy->errmsg[rc], &defproxy.errmsg[rc]);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
curproxy->to_log = defproxy.to_log & ~LW_COOKIE & ~LW_REQHDR & ~ LW_RSPHDR;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (curproxy->cap & PR_CAP_BE) {
BUG/MINOR: config: don't inherit the default balance algorithm in frontends Tom Limoncelli from Stack Exchange reported a minor bug : the frontend inherits the LB parameters from the defaults sections. The impact is that if a "balance" directive uses any L7 parameter in the defaults sections and the frontend is in TCP mode, a warning is emitted about their incompatibility. The warning is harmless but a valid, sane config should never cause any warning to be reported. This fix should be backported into 1.5 and possibly 1.4.
2014-11-18 09:04:29 -05:00
curproxy->lbprm.algo = defproxy.lbprm.algo;
MINOR: backend: add hash-balance-factor option for hash-type consistent 0 will mean no balancing occurs; otherwise it represents the ratio between the highest-loaded server and the average load, times 100 (i.e. a value of 150 means a 1.5x ratio), assuming equal weights. Signed-off-by: Andrew Rodland <andrewr@vimeo.com>
2016-10-25 12:49:05 -04:00
curproxy->lbprm.chash.balance_factor = defproxy.lbprm.chash.balance_factor;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
curproxy->fullconn = defproxy.fullconn;
curproxy->conn_retries = defproxy.conn_retries;
MEDIUM: backend: Allow redispatch on retry intervals For backend load balancing it sometimes makes sense to redispatch rather than retrying against the same server. For example, when machines or routers fail you may not want to waste time retrying against a dead server and would instead prefer to immediately redispatch against other servers. This patch allows backend sections to specify that they want to redispatch on a particular interval. If the interval N is positive the redispatch occurs on every Nth retry, and if the interval N is negative then the redispatch occurs on the Nth retry prior to the last retry (-1 is the default and maintains backwards compatibility). In low latency environments tuning this setting can save a few hundred milliseconds when backends fail.
2015-05-12 02:25:34 -04:00
curproxy->redispatch_after = defproxy.redispatch_after;
MINOR: http: implement the max-keep-alive-queue setting Finn Arne Gangstad suggested that we should have the ability to break keep-alive when the target server has reached its maxconn and that a number of connections are present in the queue. After some discussion around his proposed patch, the following solution was suggested : have a per-proxy setting to fix a limit to the number of queued connections on a server after which we break keep-alive. This ensures that even in high latency networks where keep-alive is beneficial, we try to find a different server. This patch is partially based on his original proposal and implements this configurable threshold.
2014-04-25 07:58:37 -04:00
curproxy->max_ka_queue = defproxy.max_ka_queue;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MINOR] checks: ensure that we can inherit binary checks from the defaults section Health checks were all pure ASCII, but we're going to have to support some binary checks (eg: SQL). When they're inherited from the default section, they will be truncated to the first \0 due to strdup(). Let's fix that with a simple malloc. (cherry picked from commit 98fc04a766bcff80f57db2b1cd865c91761b131b)
2010-10-22 10:15:31 -04:00
if (defproxy.check_req) {
curproxy->check_req = calloc(1, defproxy.check_len);
memcpy(curproxy->check_req, defproxy.check_req, defproxy.check_len);
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
curproxy->check_len = defproxy.check_len;
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
if (defproxy.expect_str) {
curproxy->expect_str = strdup(defproxy.expect_str);
if (defproxy.expect_regex) {
/* note: this regex is known to be valid */
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
curproxy->expect_regex = calloc(1, sizeof(*curproxy->expect_regex));
regex_comp(defproxy.expect_str, curproxy->expect_regex, 1, 1, NULL);
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
}
}
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts = defproxy.ck_opts;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (defproxy.cookie_name)
curproxy->cookie_name = strdup(defproxy.cookie_name);
curproxy->cookie_len = defproxy.cookie_len;
MINOR: server: Add dynamic session cookies. This adds a new "dynamic" keyword for the cookie option. If set, a cookie will be generated for each server (assuming one isn't already provided on the "server" line), from the IP of the server, the TCP port, and a secret key provided. To provide the secret key, a new keyword as been added, "dynamic-cookie-key", for backends. Example : backend bk_web balance roundrobin dynamic-cookie-key "bla" cookie WEBSRV insert dynamic server s1 127.0.0.1:80 check server s2 192.168.56.1:80 check This is a first step to be able to dynamically add and remove servers, without modifying the configuration file, and still have all the load balancers redirect the traffic to the right server. Provide a way to generate session cookies, based on the IP address of the server, the TCP port, and a secret key provided.
2017-03-14 15:01:29 -04:00
if (defproxy.dyncookie_key)
curproxy->dyncookie_key = strdup(defproxy.dyncookie_key);
[BUG] config: cookie domain was ignored in defaults sections Since cookie can appear in a defaults section, the domain extension must be supported there as well. (cherry picked from commit baf78c8e03db8c2255aefb6e11b38b48d1ec5d34)
2009-12-03 17:13:06 -05:00
if (defproxy.cookie_domain)
curproxy->cookie_domain = strdup(defproxy.cookie_domain);
[MEDIUM] introduce the "url_param" balance method Some applications do not have a strict persistence requirement, yet it is still desirable for performance considerations, due to local caches on the servers. For some reasons, there are some applications which cannot rely on cookies, and for which the last resort is to use a parameter passed in the URL. The new 'url_param' balance method is there to solve this issue. It accepts a parameter name which is looked up from the URL and which is then hashed to select a server. If the parameter is not found, then the round robin algorithm is used in order to provide a normal load balancing across the servers for the first requests. It would have been possible to use a source IP hash instead, but since such applications are generally buried behind multiple levels of reverse-proxies, it would not provide a good balance. The doc has been updated, and two regression testing configurations have been added.
2007-11-01 17:48:15 -04:00
[MINOR] cookie: add options "maxidle" and "maxlife" Add two new arguments to the "cookie" keyword, to be able to fix a max idle and max life on them. Right now only the parameter parsing is implemented. (cherry picked from commit 9ad5dec4c3bb8f29129f292cb22d3fc495fcc98a)
2010-10-06 10:59:56 -04:00
if (defproxy.cookie_maxidle)
curproxy->cookie_maxidle = defproxy.cookie_maxidle;
if (defproxy.cookie_maxlife)
curproxy->cookie_maxlife = defproxy.cookie_maxlife;
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
if (defproxy.rdp_cookie_name)
curproxy->rdp_cookie_name = strdup(defproxy.rdp_cookie_name);
curproxy->rdp_cookie_len = defproxy.rdp_cookie_len;
[MEDIUM] introduce the "url_param" balance method Some applications do not have a strict persistence requirement, yet it is still desirable for performance considerations, due to local caches on the servers. For some reasons, there are some applications which cannot rely on cookies, and for which the last resort is to use a parameter passed in the URL. The new 'url_param' balance method is there to solve this issue. It accepts a parameter name which is looked up from the URL and which is then hashed to select a server. If the parameter is not found, then the round robin algorithm is used in order to provide a normal load balancing across the servers for the first requests. It would have been possible to use a source IP hash instead, but since such applications are generally buried behind multiple levels of reverse-proxies, it would not provide a good balance. The doc has been updated, and two regression testing configurations have been added.
2007-11-01 17:48:15 -04:00
if (defproxy.url_param_name)
curproxy->url_param_name = strdup(defproxy.url_param_name);
curproxy->url_param_len = defproxy.url_param_len;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
[MEDIUM] add support for "balance hdr(name)" There is a patch made by me that allow for balancing on any http header field. [WT: made minor changes: - turned 'balance header name' into 'balance hdr(name)' to match more closely the ACL syntax for easier future convergence - renamed the proxy structure fields header_* => hh_* - made it possible to use the domain name reduction to any header, not only "host" since it makes sense to do it with other ones. Otherwise patch looks good. /WT]
2009-03-25 08:02:10 -04:00
if (defproxy.hh_name)
curproxy->hh_name = strdup(defproxy.hh_name);
curproxy->hh_len = defproxy.hh_len;
curproxy->hh_match_domain = defproxy.hh_match_domain;
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
if (defproxy.conn_src.iface_name)
curproxy->conn_src.iface_name = strdup(defproxy.conn_src.iface_name);
curproxy->conn_src.iface_len = defproxy.conn_src.iface_len;
BUG/MINOR: config: "source" does not work in defaults section Source function will not work with the following line in default section: source 0.0.0.0 usesrc clientip even that related settings by iptables and ip rule have been set correctly. But it can work well in backend setcion. The reason is that the operation in line 1815 in cfgparse.c as below: curproxy->conn_src.opts = defproxy.conn_src.opts & ~CO_SRC_TPROXY_MASK; clears three low bits of conn_src.opts which stores the configuration of 'usesrc'. Without correct bits set, the source address function can not work well. They should be copied to the backend proxy without being modified. Since conn_src.tproxy_addr had not copied from defproxy to backend proxy while initializing backend proxy, source function will not work well with explicit source address set in default section either. Signed-off-by: Godbach <nylzhaowei@gmail.com> Note: the bug was introduced in 1.5-dev16 with commit ef9a3605
2013-04-23 03:27:57 -04:00
curproxy->conn_src.opts = defproxy.conn_src.opts;
MAJOR: tproxy: remove support for cttproxy This was the first transparent proxy technology supported by haproxy circa 2005 but it was obsoleted in 2007 by Tproxy 4.0 which removed a lot of the earlier versions' shortcomings and was finally merged into the kernel. Since nobody has been using cttproxy for many years now and nobody has even just tried to compile the files, it's time to remove it. The doc was updated as well.
2015-08-20 13:35:14 -04:00
#if defined(CONFIG_HAP_TRANSPARENT)
BUG/MINOR: config: "source" does not work in defaults section Source function will not work with the following line in default section: source 0.0.0.0 usesrc clientip even that related settings by iptables and ip rule have been set correctly. But it can work well in backend setcion. The reason is that the operation in line 1815 in cfgparse.c as below: curproxy->conn_src.opts = defproxy.conn_src.opts & ~CO_SRC_TPROXY_MASK; clears three low bits of conn_src.opts which stores the configuration of 'usesrc'. Without correct bits set, the source address function can not work well. They should be copied to the backend proxy without being modified. Since conn_src.tproxy_addr had not copied from defproxy to backend proxy while initializing backend proxy, source function will not work well with explicit source address set in default section either. Signed-off-by: Godbach <nylzhaowei@gmail.com> Note: the bug was introduced in 1.5-dev16 with commit ef9a3605
2013-04-23 03:27:57 -04:00
curproxy->conn_src.tproxy_addr = defproxy.conn_src.tproxy_addr;
BUILD: last fix broke non-linux platforms src.tproxy_addr only exists on linux.
2013-04-25 11:35:22 -04:00
#endif
MINOR: config: new backend directives: load-server-state-from-file and server-state-file-name This directive gives HAProxy the ability to use the either the global server-state-file directive or a local one using server-state-file-name to load server states. The state can be saved right before the reload by the init script, using the "show servers state" command on the stats socket redirecting output into a file.
2015-08-19 10:44:03 -04:00
curproxy->load_server_state_from_file = defproxy.load_server_state_from_file;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
}
[MINOR] config: the "capture" keyword is not allowed in backends The "capture" keyword is only supported by frontends, fix the check.
2009-07-23 07:24:23 -04:00
if (curproxy->cap & PR_CAP_FE) {
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (defproxy.capture_name)
curproxy->capture_name = strdup(defproxy.capture_name);
curproxy->capture_namelen = defproxy.capture_namelen;
curproxy->capture_len = defproxy.capture_len;
}
if (curproxy->cap & PR_CAP_FE) {
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
curproxy->timeout.client = defproxy.timeout.client;
BUG/MEDIUM: fix ignored values for half-closed timeouts (client-fin and server-fin) in defaults section. Signed-off-by: Simone Gotti <simone.gotti@gmail.com> WT: bug introduced with the new feature in 1.5-dev25, no backport is needed.
2014-06-11 06:25:28 -04:00
curproxy->timeout.clientfin = defproxy.timeout.clientfin;
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
curproxy->timeout.tarpit = defproxy.timeout.tarpit;
[MEDIUM] introduce "timeout http-request" in frontends In order to offer DoS protection, it may be required to lower the maximum accepted time to receive a complete HTTP request without affecting the client timeout. This helps protecting against established connections on which nothing is sent. The client timeout cannot offer a good protection against this abuse because it is an inactivity timeout, which means that if the attacker sends one character every now and then, the timeout will not trigger. With the HTTP request timeout, no matter what speed the client types, the request will be aborted if it does not complete in time.
2008-01-06 07:24:40 -05:00
curproxy->timeout.httpreq = defproxy.timeout.httpreq;
[MINOR] http: add a separate "http-keep-alive" timeout This one is used to wait for next request after a response was sent to the client.
2010-01-10 08:46:16 -05:00
curproxy->timeout.httpka = defproxy.timeout.httpka;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
curproxy->mon_net = defproxy.mon_net;
curproxy->mon_mask = defproxy.mon_mask;
if (defproxy.monitor_uri)
curproxy->monitor_uri = strdup(defproxy.monitor_uri);
curproxy->monitor_uri_len = defproxy.monitor_uri_len;
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
if (defproxy.defbe.name)
curproxy->defbe.name = strdup(defproxy.defbe.name);
BUG/MINOR: log: don't report logformat errors in backends Logs have always been ignored by backends, do not report useless warnings there.
2012-05-31 13:39:23 -04:00
/* get either a pointer to the logformat string or a copy of it */
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
curproxy->conf.logformat_string = defproxy.conf.logformat_string;
if (curproxy->conf.logformat_string &&
curproxy->conf.logformat_string != default_http_log_format &&
curproxy->conf.logformat_string != default_tcp_log_format &&
curproxy->conf.logformat_string != clf_http_log_format)
curproxy->conf.logformat_string = strdup(curproxy->conf.logformat_string);
if (defproxy.conf.lfs_file) {
curproxy->conf.lfs_file = strdup(defproxy.conf.lfs_file);
curproxy->conf.lfs_line = defproxy.conf.lfs_line;
}
MEDIUM: logs: add a new RFC5424 log-format for the structured-data This patch adds a new RFC5424-specific log-format for the structured-data that is automatically send by __send_log() when the sender is in RFC5424 mode. A new statement "log-format-sd" should be used in order to set log-format for the structured-data part in RFC5424 formatted syslog messages. Example: log-format-sd [exampleSDID@1234\ bytes=\"%B\"\ status=\"%ST\"]
2015-09-25 13:17:44 -04:00
/* get either a pointer to the logformat string for RFC5424 structured-data or a copy of it */
curproxy->conf.logformat_sd_string = defproxy.conf.logformat_sd_string;
if (curproxy->conf.logformat_sd_string &&
curproxy->conf.logformat_sd_string != default_rfc5424_sd_log_format)
curproxy->conf.logformat_sd_string = strdup(curproxy->conf.logformat_sd_string);
if (defproxy.conf.lfsd_file) {
curproxy->conf.lfsd_file = strdup(defproxy.conf.lfsd_file);
curproxy->conf.lfsd_line = defproxy.conf.lfsd_line;
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
}
if (curproxy->cap & PR_CAP_BE) {
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
curproxy->timeout.connect = defproxy.timeout.connect;
curproxy->timeout.server = defproxy.timeout.server;
BUG/MEDIUM: fix ignored values for half-closed timeouts (client-fin and server-fin) in defaults section. Signed-off-by: Simone Gotti <simone.gotti@gmail.com> WT: bug introduced with the new feature in 1.5-dev25, no backport is needed.
2014-06-11 06:25:28 -04:00
curproxy->timeout.serverfin = defproxy.timeout.serverfin;
[MEDIUM]: rework checks handling This patch adds two new variables: fastinter and downinter. When server state is: - non-transitionally UP -> inter (no change) - transitionally UP (going down), unchecked or transitionally DOWN (going up) -> fastinter - down -> downinter It allows to set something like: server sr6 127.0.51.61:80 cookie s6 check inter 10000 downinter 20000 fastinter 500 fall 3 weight 40 In the above example haproxy uses 10000ms between checks but as soon as one check fails fastinter (500ms) is used. If server is down downinter (20000) is used or fastinter (500ms) if one check pass. Fastinter is also used when haproxy starts. New "timeout.check" variable was added, if set haproxy uses it as an additional read timeout, but only after a connection has been already established. I was thinking about using "timeout.server" here but most people set this with an addition reserve but still want checks to kick out laggy servers. Please also note that in most cases check request is much simpler and faster to handle than normal requests so this timeout should be smaller. I also changed the timeout used for check connections establishing. Changes from the previous version: - use tv_isset() to check if the timeout is set, - use min("timeout connect", "inter") but only if "timeout check" is set as this min alone may be to short for full (connect + read) check, - debug code (fprintf) commented/removed - documentation Compile tested only (sorry!) as I'm currently traveling but changes are rather small and trivial.
2008-01-20 19:54:06 -05:00
curproxy->timeout.check = defproxy.timeout.check;
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
curproxy->timeout.queue = defproxy.timeout.queue;
[MINOR] tarpit timeout is also allowed in backends Since the tarpit action may be set in backends too, its timeout must be configurable there.
2008-01-06 07:40:03 -05:00
curproxy->timeout.tarpit = defproxy.timeout.tarpit;
[MINOR] http: take http request timeout from the backend Since we can now switch from TCP to HTTP, we need to be able to apply the HTTP request timeout after switching. That means we need to take it from the backend and not from the frontend. Since the backend points to the frontend before switching, that changes nothing for the normal case.
2009-07-12 04:03:17 -04:00
curproxy->timeout.httpreq = defproxy.timeout.httpreq;
[MINOR] http: add a separate "http-keep-alive" timeout This one is used to wait for next request after a response was sent to the client.
2010-01-10 08:46:16 -05:00
curproxy->timeout.httpka = defproxy.timeout.httpka;
MEDIUM: session: add support for tunnel timeouts Tunnel timeouts are used when TCP connections are forwarded, or when forwarding upgraded HTTP connections (WebSocket) as well as CONNECT requests to proxies. This timeout allows long-lived sessions to be supported without having to set large timeouts to normal requests.
2012-05-12 06:50:00 -04:00
curproxy->timeout.tunnel = defproxy.timeout.tunnel;
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
curproxy->conn_src.source_addr = defproxy.conn_src.source_addr;
[MINOR] store HTTP error messages into a chunk array HTTP error messages were all specific cases handled by an IF. Now they are all in an array so that it will be easier to add new ones. Also, the return functions now use chunks as inputs so that it should be easier to provide alternative return messages if needed.
2006-12-23 14:51:41 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->mode = defproxy.mode;
BUG/MEDIUM: stats: mismatch between behaviour and doc about front/back In version 1.3.4, we got the ability to split configuration parts between frontends and backends. The stats was attached to the backend and a control was made to ensure that it was used only in a listen or backend section, but not in a frontend. The documentation clearly says that the statement may only be used in the backend. But since that same version above, the defaults stats configuration is only filled in the frontend part of the proxy and not in the backend's. So a backend will not get stats which are enabled in a defaults section, despite what the doc says. However, a frontend configured after a defaults section will get stats and will not emit the warning! There were many technical limitations in 1.3.4 making it impossible to have the stats working both in the frontend and backend, but now this has become a total mess. It's common however to see people create a frontend with a perfectly working stats configuration which only emits a warning stating that it might not work, adding to the confusion. Most people workaround the tricky behaviour by declaring a "listen" section with no server, which was the recommended solution in 1.3 where it was even suggested to add a dispatch address to avoid a warning. So the right solution seems to do the following : - ensure that the defaults section's settings apply to the backends, as documented ; - let the frontends work in order not to break existing setups relying on the defaults section ; - officially allow stats to be declared in frontends and remove the warninng This patch should probably not be backported since it's not certain that 1.4 is fully compatible with having stats in frontends and backends (which was really made possible thanks to applets).
2014-04-24 16:10:39 -04:00
curproxy->uri_auth = defproxy.uri_auth; /* for stats */
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
/* copy default logsrvs to curproxy */
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
list_for_each_entry(tmplogsrv, &defproxy.logsrvs, list) {
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
struct logsrv *node = malloc(sizeof(*node));
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
memcpy(node, tmplogsrv, sizeof(struct logsrv));
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
LIST_INIT(&node->list);
LIST_ADDQ(&curproxy->logsrvs, &node->list);
}
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
curproxy->conf.uniqueid_format_string = defproxy.conf.uniqueid_format_string;
if (curproxy->conf.uniqueid_format_string)
curproxy->conf.uniqueid_format_string = strdup(curproxy->conf.uniqueid_format_string);
BUG/MEDIUM: logs: segfault writing to log from Lua Michael Ezzell reported a bug causing haproxy to segfault during startup when trying to send syslog message from Lua. The function __send_log() can be called with *p that is NULL and/or when the configuration is not fully parsed, as is the case with Lua. This patch fixes this problem by using individual vectors instead of the pre-generated strings log_htp and log_htp_rfc5424. Also, this patch fixes a problem causing haproxy to write the wrong pid in the logs -- the log_htp(_rfc5424) strings were generated at the haproxy start, but "pid" value would be changed after haproxy is started in daemon/systemd mode.
2015-10-01 07:18:13 -04:00
chunk_dup(&curproxy->log_tag, &defproxy.log_tag);
MINOR: logs: add a new per-proxy "log-tag" directive This is equivalent to what was done in commit 48936af ("[MINOR] log: ability to override the syslog tag") but this time instead of doing this globally, it does it per proxy. The purpose is to be able to use a separate log tag for various proxies (eg: make it easier to route log messages depending on the customer).
2015-01-07 09:03:42 -05:00
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (defproxy.conf.uif_file) {
curproxy->conf.uif_file = strdup(defproxy.conf.uif_file);
curproxy->conf.uif_line = defproxy.conf.uif_line;
}
MEDIUM: log: Unique ID The Unique ID, is an ID generated with several informations. You can use a log-format string to customize it, with the "unique-id-format" keyword, and insert it in the request header, with the "unique-id-header" keyword.
2012-03-12 07:48:57 -04:00
/* copy default header unique id */
if (defproxy.header_unique_id)
curproxy->header_unique_id = strdup(defproxy.header_unique_id);
MEDIUM: HTTP compression (zlib library support) This commit introduces HTTP compression using the zlib library. http_response_forward_body has been modified to call the compression functions. This feature includes 3 algorithms: identity, gzip and deflate: * identity: this is mostly for debugging, and it was useful for developping the compression feature. With Content-Length in input, it is making each chunk with the data available in the current buffer. With chunks in input, it is rechunking, the output chunks will be bigger or smaller depending of the size of the input chunk and the size of the buffer. Identity does not apply any change on data. * gzip: same as identity, but applying a gzip compression. The data are deflated using the Z_NO_FLUSH flag in zlib. When there is no more data in the input buffer, it flushes the data in the output buffer (Z_SYNC_FLUSH). At the end of data, when it receives the last chunk in input, or when there is no more data to read, it writes the end of data with Z_FINISH and the ending chunk. * deflate: same as gzip, but with deflate algorithm and zlib format. Note that this algorithm has ambiguous support on many browsers and no support at all from recent ones. It is strongly recommended not to use it for anything else than experimentation. You can't choose the compression ratio at the moment, it will be set to Z_BEST_SPEED (1), as tests have shown very little benefit in terms of compression ration when going above for HTML contents, at the cost of a massive CPU impact. Compression will be activated depending of the Accept-Encoding request header. With identity, it does not take care of that header. To build HAProxy with zlib support, use USE_ZLIB=1 in the make parameters. This work was initially started by David Du Colombier at Exceliance.
2012-10-23 04:25:10 -04:00
/* default compression options */
if (defproxy.comp != NULL) {
curproxy->comp = calloc(1, sizeof(struct comp));
curproxy->comp->algos = defproxy.comp->algos;
curproxy->comp->types = defproxy.comp->types;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->grace = defproxy.grace;
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
curproxy->conf.used_listener_id = EB_ROOT;
curproxy->conf.used_server_id = EB_ROOT;
[MEDIUM] implemented the 'monitor-uri' keyword. It is used to test haproxy's status with an HTTP request to which it will reply with HTTP/1.0 200 OK.
2006-07-09 02:22:27 -04:00
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
if (defproxy.check_path)
curproxy->check_path = strdup(defproxy.check_path);
if (defproxy.check_command)
curproxy->check_command = strdup(defproxy.check_command);
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
if (defproxy.email_alert.mailers.name)
curproxy->email_alert.mailers.name = strdup(defproxy.email_alert.mailers.name);
if (defproxy.email_alert.from)
curproxy->email_alert.from = strdup(defproxy.email_alert.from);
if (defproxy.email_alert.to)
curproxy->email_alert.to = strdup(defproxy.email_alert.to);
if (defproxy.email_alert.myhostname)
curproxy->email_alert.myhostname = strdup(defproxy.email_alert.myhostname);
MEDIUM: Allow suppression of email alerts by log level This patch adds a new option which allows configuration of the maximum log level of messages for which email alerts will be sent. The default is alert which is more restrictive than the current code which sends email alerts for all priorities. That behaviour may be configured using the new configuration option to set the maximum level to notice or greater. email-alert level notice Signed-off-by: Simon Horman <horms@verge.net.au>
2015-02-05 21:11:57 -05:00
curproxy->email_alert.level = defproxy.email_alert.level;
BUG/MEDIUM: checks: email-alert not working when declared in defaults Tommy Atkinson and Sylvain Faivre reported that email alerts didn't work when they were declared in the defaults section. This is due to the use of an internal attribute which is set once an email-alert is at least partially configured. But this attribute was not propagated to the current proxy during the configuration parsing. Not that the issue doesn't occur if "email-alert myhostname" is configured in the defaults section. This fix must be backported to 1.6.
2015-12-03 21:07:06 -05:00
curproxy->email_alert.set = defproxy.email_alert.set;
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "defaults")) { /* use this one to assign default values */
/* some variables may have already been initialized earlier */
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
/* FIXME-20070101: we should do this too at the end of the
* config parsing to free all default values.
*/
MEDIUM: cfgparse: check section maximum number of arguments This patch checks the number of arguments of the keywords: 'global', 'defaults', 'listen', 'backend', 'frontend', 'peers' and 'userlist' The 'global' section does not take any arguments. Proxy sections does not support bind address as argument anymore. Those sections supports only an <id> argument. The 'defaults' section didn't had any check on its arguments. It takes an optional <name> argument. 'peers' section takes a <peersect> argument. 'userlist' section takes a <listname> argument.
2015-04-28 10:55:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code)) {
err_code |= ERR_ABORT;
goto out;
}
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(defproxy.check_req);
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
free(defproxy.check_command);
free(defproxy.check_path);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(defproxy.cookie_name);
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
free(defproxy.rdp_cookie_name);
MINOR: server: Add dynamic session cookies. This adds a new "dynamic" keyword for the cookie option. If set, a cookie will be generated for each server (assuming one isn't already provided on the "server" line), from the IP of the server, the TCP port, and a secret key provided. To provide the secret key, a new keyword as been added, "dynamic-cookie-key", for backends. Example : backend bk_web balance roundrobin dynamic-cookie-key "bla" cookie WEBSRV insert dynamic server s1 127.0.0.1:80 check server s2 192.168.56.1:80 check This is a first step to be able to dynamically add and remove servers, without modifying the configuration file, and still have all the load balancers redirect the traffic to the right server. Provide a way to generate session cookies, based on the IP address of the server, the TCP port, and a secret key provided.
2017-03-14 15:01:29 -04:00
free(defproxy.dyncookie_key);
[BUG] config: cookie domain was ignored in defaults sections Since cookie can appear in a defaults section, the domain extension must be supported there as well. (cherry picked from commit baf78c8e03db8c2255aefb6e11b38b48d1ec5d34)
2009-12-03 17:13:06 -05:00
free(defproxy.cookie_domain);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(defproxy.url_param_name);
[MEDIUM] add support for "balance hdr(name)" There is a patch made by me that allow for balancing on any http header field. [WT: made minor changes: - turned 'balance header name' into 'balance hdr(name)' to match more closely the ACL syntax for easier future convergence - renamed the proxy structure fields header_* => hh_* - made it possible to use the domain name reduction to any header, not only "host" since it makes sense to do it with other ones. Otherwise patch looks good. /WT]
2009-03-25 08:02:10 -04:00
free(defproxy.hh_name);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(defproxy.capture_name);
free(defproxy.monitor_uri);
free(defproxy.defbe.name);
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
free(defproxy.conn_src.iface_name);
[BUG] Fix empty X-Forwarded-For header name when set in defaults section The following patch introduced a minor bug : [MINOR] permit renaming of x-forwarded-for header If "option forwardfor" is declared in a defaults section, the header name is never set and we see an empty header name before the value. Also, the header name was not reset between two defaults sections.
2008-08-23 02:18:21 -04:00
free(defproxy.fwdfor_hdr_name);
defproxy.fwdfor_hdr_len = 0;
[BUG] x-original-to: name was not set in default instance This resulted in an empty header name when option originalto was declared in a default sections.
2009-11-30 05:50:16 -05:00
free(defproxy.orgto_hdr_name);
defproxy.orgto_hdr_len = 0;
MEDIUM: http: add support for sending the server's name in the outgoing request New option "http-send-name-header" specifies the name of a header which will hold the server name in outgoing requests. This is the name of the server the connection is really sent to, which means that upon redispatches, the header's value is updated so that it always matches the server's name.
2012-01-04 13:02:01 -05:00
free(defproxy.server_id_hdr_name);
defproxy.server_id_hdr_len = 0;
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
free(defproxy.expect_str);
MINOR: regex: fix a little configuration memory leak. The function regfree free the memory allocated to the pattern buffer by the compiling process. It is not freeing the buffer itself.
2014-06-11 08:45:31 -04:00
if (defproxy.expect_regex) {
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
regex_free(defproxy.expect_regex);
MINOR: regex: fix a little configuration memory leak. The function regfree free the memory allocated to the pattern buffer by the compiling process. It is not freeing the buffer itself.
2014-06-11 08:45:31 -04:00
free(defproxy.expect_regex);
defproxy.expect_regex = NULL;
}
[MINOR] store HTTP error messages into a chunk array HTTP error messages were all specific cases handled by an IF. Now they are all in an array so that it will be easier to add new ones. Also, the return functions now use chunks as inputs so that it should be easier to provide alternative return messages if needed.
2006-12-23 14:51:41 -05:00
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (defproxy.conf.logformat_string != default_http_log_format &&
defproxy.conf.logformat_string != default_tcp_log_format &&
defproxy.conf.logformat_string != clf_http_log_format)
free(defproxy.conf.logformat_string);
BUG/MINOR: fix option httplog validation with TCP frontends Option httplog needs to be checked only once the proxy has been validated, so that its final mode (tcp/http) can be used. Also we need to check for httplog before checking the log format, so that we can report a warning about this specific option and not about the format it implies.
2012-05-31 13:30:26 -04:00
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
free(defproxy.conf.uniqueid_format_string);
free(defproxy.conf.lfs_file);
free(defproxy.conf.uif_file);
BUG/MEDIUM: logs: segfault writing to log from Lua Michael Ezzell reported a bug causing haproxy to segfault during startup when trying to send syslog message from Lua. The function __send_log() can be called with *p that is NULL and/or when the configuration is not fully parsed, as is the case with Lua. This patch fixes this problem by using individual vectors instead of the pre-generated strings log_htp and log_htp_rfc5424. Also, this patch fixes a problem causing haproxy to write the wrong pid in the logs -- the log_htp(_rfc5424) strings were generated at the haproxy start, but "pid" value would be changed after haproxy is started in daemon/systemd mode.
2015-10-01 07:18:13 -04:00
chunk_destroy(&defproxy.log_tag);
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
free_email_alert(&defproxy);
BUG/MINOR: fix option httplog validation with TCP frontends Option httplog needs to be checked only once the proxy has been validated, so that its final mode (tcp/http) can be used. Also we need to check for httplog before checking the log format, so that we can report a warning about this specific option and not about the format it implies.
2012-05-31 13:30:26 -04:00
MEDIUM: logs: add a new RFC5424 log-format for the structured-data This patch adds a new RFC5424-specific log-format for the structured-data that is automatically send by __send_log() when the sender is in RFC5424 mode. A new statement "log-format-sd" should be used in order to set log-format for the structured-data part in RFC5424 formatted syslog messages. Example: log-format-sd [exampleSDID@1234\ bytes=\"%B\"\ status=\"%ST\"]
2015-09-25 13:17:44 -04:00
if (defproxy.conf.logformat_sd_string != default_rfc5424_sd_log_format)
free(defproxy.conf.logformat_sd_string);
free(defproxy.conf.lfsd_file);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
for (rc = 0; rc < HTTP_ERR_SIZE; rc++)
[MAJOR] struct chunk rework Add size to struct chunk and simplify the code as there is no longer required to pass sizeof in chunk_printf().
2009-09-27 07:23:20 -04:00
chunk_destroy(&defproxy.errmsg[rc]);
[MINOR] store HTTP error messages into a chunk array HTTP error messages were all specific cases handled by an IF. Now they are all in an array so that it will be easier to add new ones. Also, the return functions now use chunks as inputs so that it should be easier to provide alternative return messages if needed.
2006-12-23 14:51:41 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* we cannot free uri_auth because it might already be used */
init_default_instance();
curproxy = &defproxy;
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
curproxy->conf.args.file = curproxy->conf.file = strdup(file);
curproxy->conf.args.line = curproxy->conf.line = linenum;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
defproxy.cap = PR_CAP_LISTEN; /* all caps for now */
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (curproxy == NULL) {
Alert("parsing [%s:%d] : 'listen' or 'defaults' expected.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
/* update the current file and line being parsed */
curproxy->conf.args.file = curproxy->conf.file;
curproxy->conf.args.line = linenum;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
/* Now let's parse the proxy-specific keywords */
MINOR: server: Add 'server-template' new keyword supported in backend sections. This patch makes backend sections support 'server-template' new keyword. Such 'server-template' objects are parsed similarly to a 'server' object by parse_server() function, but its first arguments are as follows: server-template <ID prefix> <nb | range> <ip | fqdn>:<port> ... The remaining arguments are the same as for 'server' lines. With such server template declarations, servers may be allocated with IDs built from <ID prefix> and <nb | range> arguments. For instance declaring: server-template foo 1-5 google.com:80 ... or server-template foo 5 google.com:80 ... would be equivalent to declare: server foo1 google.com:80 ... server foo2 google.com:80 ... server foo3 google.com:80 ... server foo4 google.com:80 ... server foo5 google.com:80 ...
2017-04-13 12:24:23 -04:00
if (!strcmp(args[0], "server") ||
!strcmp(args[0], "default-server") ||
!strcmp(args[0], "server-template")) {
REORG: cfgparse: move server keyword parsing to server.c The cfgparse.c file becomes huge, and a large part of it comes from the server keyword parser. Since the configuration is a bit more modular now, move this parser to server.c. This patch also moves the check of the "server" keyword earlier in the supported keywords list, resulting in a slightly faster config parsing for configs with large numbers of servers (about 10%). No functional change was made, only the code was moved.
2014-03-31 04:39:59 -04:00
err_code |= parse_server(file, linenum, args, curproxy, &defproxy);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "bind")) { /* new listen addresses */
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
struct listener *l;
[MINOR] add support for bind interface name By appending "interface <name>" to a "bind" line, it is now possible to specifically bind to a physical interface name. Note that this currently only works on Linux and requires root privileges.
2009-02-04 11:19:29 -05:00
int cur_arg;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: tools: support specifying explicit address families in str2sa_range() This change allows one to force the address family in any address parsed by str2sa_range() by specifying it as a prefix followed by '@' then the address. Currently supported address prefixes are 'ipv4@', 'ipv6@', 'unix@'. This also helps forcing resolving for host names (when getaddrinfo is used), and force the family of the empty address (eg: 'ipv4@' = 0.0.0.0 while 'ipv6@' = ::). The main benefits is that unix sockets can now get a local name without being forced to begin with a slash. This is useful during development as it is no longer necessary to have stats socket sent to /tmp.
2013-03-10 16:32:12 -04:00
if (!*(args[1])) {
[MINOR] cfgparse: report support of <path> for the 'bind' statements "bind" now supports unix sockets, so report that in the error message.
2010-11-09 03:50:37 -05:00
Alert("parsing [%s:%d] : '%s' expects {<path>|[addr1]:port1[-end1]}{,[addr]:port[-end]}... as arguments.\n",
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] support fully transparent proxy on Linux (USE_LINUX_TPROXY) Using some Linux kernel patches, it is possible to redirect non-local traffic to local sockets when IP forwarding is enabled. In order to enable this option, we introduce the "transparent" option keyword on the "bind" command line. It will make the socket reachable by remote sources even if the destination address does not belong to the machine.
2008-01-13 08:49:51 -05:00
CLEANUP: connection: remove all direct references to raw_sock and ssl_sock Now we exclusively use xprt_get(XPRT_RAW) instead of &raw_sock or xprt_get(XPRT_SSL) for &ssl_sock. This removes a bunch of #ifdef and include spread over a number of location including backend, cfgparse, checks, cli, hlua, log, server and session.
2016-12-22 14:44:00 -05:00
bind_conf = bind_conf_alloc(curproxy, file, linenum, args[1], xprt_get(XPRT_RAW));
BUG/MINOR: unix: remove the 'level' field from the ux struct Commit 290e63aa moved the unix parameters out of the global stats socket to the bind_conf struct. As such the stats admin level was also moved overthere, but it remained in the stats global section where it was not used, except by a nasty memcpy() used to initialize the ux struct in the bind_conf with too large data. Fortunately, the extra data copied were the previous level over the new level so it did not have any impact, but it could have been worse. This bug is 1.5 specific, no backport is needed. Reported-by: Dinko Korunic <dkorunic@reflected.net>
2013-01-24 09:17:20 -05:00
/* use default settings for unix sockets */
bind_conf->ux.uid = global.unix_bind.ux.uid;
bind_conf->ux.gid = global.unix_bind.ux.gid;
bind_conf->ux.mode = global.unix_bind.ux.mode;
[MINOR] listener: add the "accept-proxy" option to the "bind" keyword This option will enable the AN_REQ_DECODE_PROXY analyser on the requests that come from those listeners.
2010-10-15 08:27:08 -04:00
/* NOTE: the following line might create several listeners if there
* are comma-separated IPs or port ranges. So all further processing
* will have to be applied to all listeners created after last_listen.
*/
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
if (!str2listener(args[1], curproxy, bind_conf, file, linenum, &errmsg)) {
if (errmsg && *errmsg) {
indent_msg(&errmsg, 2);
Alert("parsing [%s:%d] : '%s' : %s\n", file, linenum, args[0], errmsg);
MINOR: config: make str2listener() use memprintf() to report errors. This will make it possible to use the function for other listening sockets.
2012-09-20 14:01:39 -04:00
}
else
Alert("parsing [%s:%d] : '%s' : error encountered while parsing listening address '%s'.\n",
file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MINOR] add support for bind interface name By appending "interface <name>" to a "bind" line, it is now possible to specifically bind to a physical interface name. Note that this currently only works on Linux and requires root privileges.
2009-02-04 11:19:29 -05:00
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
list_for_each_entry(l, &bind_conf->listeners, by_bind) {
/* Set default global rights and owner for unix bind */
[BUG] cfgparse: correctly count one socket per port in ranges We used to only count one socket instead of one per listener. This makes the socket count wrong, preventing from automatically computing the proper number of sockets to bind. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:08:57 -05:00
global.maxsock++;
[MINOR] config: reference file and line with any listener/proxy/server declaration Those will be used later for cross-references of conflicts or errors.
2009-10-04 14:54:54 -04:00
}
[MINOR] add support for bind interface name By appending "interface <name>" to a "bind" line, it is now possible to specifically bind to a physical interface name. Note that this currently only works on Linux and requires root privileges.
2009-02-04 11:19:29 -05:00
cur_arg = 2;
while (*(args[cur_arg])) {
MEDIUM: config: enumerate full list of registered "bind" keywords upon error When an unknown "bind" keyword is detected, dump the list of all registered keywords. Unsupported default alternatives are also reported as "not supported".
2012-09-18 12:01:17 -04:00
static int bind_dumped;
MEDIUM: listener: add a minimal framework to register "bind" keyword options With the arrival of SSL, the "bind" keyword has received even more options, all of which are processed in cfgparse in a cumbersome way. So it's time to let modules register their own bind options. This is done very similarly to the ACLs with a small difference in that we make the difference between an unknown option and a known, unimplemented option.
2012-09-12 17:17:10 -04:00
struct bind_kw *kw;
MEDIUM: config: enumerate full list of registered "bind" keywords upon error When an unknown "bind" keyword is detected, dump the list of all registered keywords. Unsupported default alternatives are also reported as "not supported".
2012-09-18 12:01:17 -04:00
char *err;
MEDIUM: listener: add a minimal framework to register "bind" keyword options With the arrival of SSL, the "bind" keyword has received even more options, all of which are processed in cfgparse in a cumbersome way. So it's time to let modules register their own bind options. This is done very similarly to the ACLs with a small difference in that we make the difference between an unknown option and a known, unimplemented option.
2012-09-12 17:17:10 -04:00
kw = bind_find_kw(args[cur_arg]);
if (kw) {
char *err = NULL;
int code;
if (!kw->parse) {
MINOR: config: improve error reporting for "bind" lines We now report the bind argument, which was missing in all error reports. It is now much more convenient to spot configuration mistakes.
2012-09-18 10:34:09 -04:00
Alert("parsing [%s:%d] : '%s %s' : '%s' option is not implemented in this version (check build options).\n",
file, linenum, args[0], args[1], args[cur_arg]);
MEDIUM: listener: add a minimal framework to register "bind" keyword options With the arrival of SSL, the "bind" keyword has received even more options, all of which are processed in cfgparse in a cumbersome way. So it's time to let modules register their own bind options. This is done very similarly to the ACLs with a small difference in that we make the difference between an unknown option and a known, unimplemented option.
2012-09-12 17:17:10 -04:00
cur_arg += 1 + kw->skip ;
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
code = kw->parse(args, cur_arg, curproxy, bind_conf, &err);
MEDIUM: listener: add a minimal framework to register "bind" keyword options With the arrival of SSL, the "bind" keyword has received even more options, all of which are processed in cfgparse in a cumbersome way. So it's time to let modules register their own bind options. This is done very similarly to the ACLs with a small difference in that we make the difference between an unknown option and a known, unimplemented option.
2012-09-12 17:17:10 -04:00
err_code |= code;
if (code) {
if (err && *err) {
indent_msg(&err, 2);
MINOR: config: improve error reporting for "bind" lines We now report the bind argument, which was missing in all error reports. It is now much more convenient to spot configuration mistakes.
2012-09-18 10:34:09 -04:00
Alert("parsing [%s:%d] : '%s %s' : %s\n", file, linenum, args[0], args[1], err);
MEDIUM: listener: add a minimal framework to register "bind" keyword options With the arrival of SSL, the "bind" keyword has received even more options, all of which are processed in cfgparse in a cumbersome way. So it's time to let modules register their own bind options. This is done very similarly to the ACLs with a small difference in that we make the difference between an unknown option and a known, unimplemented option.
2012-09-12 17:17:10 -04:00
}
else
MINOR: config: improve error reporting for "bind" lines We now report the bind argument, which was missing in all error reports. It is now much more convenient to spot configuration mistakes.
2012-09-18 10:34:09 -04:00
Alert("parsing [%s:%d] : '%s %s' : error encountered while processing '%s'.\n",
file, linenum, args[0], args[1], args[cur_arg]);
MEDIUM: listener: add a minimal framework to register "bind" keyword options With the arrival of SSL, the "bind" keyword has received even more options, all of which are processed in cfgparse in a cumbersome way. So it's time to let modules register their own bind options. This is done very similarly to the ACLs with a small difference in that we make the difference between an unknown option and a known, unimplemented option.
2012-09-12 17:17:10 -04:00
if (code & ERR_FATAL) {
free(err);
cur_arg += 1 + kw->skip;
goto out;
}
}
free(err);
cur_arg += 1 + kw->skip;
continue;
}
MEDIUM: config: enumerate full list of registered "bind" keywords upon error When an unknown "bind" keyword is detected, dump the list of all registered keywords. Unsupported default alternatives are also reported as "not supported".
2012-09-18 12:01:17 -04:00
err = NULL;
if (!bind_dumped) {
bind_dump_kws(&err);
indent_msg(&err, 4);
bind_dumped = 1;
}
Alert("parsing [%s:%d] : '%s %s' unknown keyword '%s'.%s%s\n",
file, linenum, args[0], args[1], args[cur_arg],
err ? " Registered keywords :" : "", err ? err : "");
free(err);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] support fully transparent proxy on Linux (USE_LINUX_TPROXY) Using some Linux kernel patches, it is possible to redirect non-local traffic to local sockets when IP forwarding is enabled. In order to enable this option, we introduce the "transparent" option keyword on the "bind" command line. It will make the socket reachable by remote sources even if the destination address does not belong to the machine.
2008-01-13 08:49:51 -05:00
}
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "monitor-net")) { /* set the range of IPs to ignore */
MINOR: standard: Disable ip resolution during the runtime The function str2net runs DNS resolution if valid ip cannot be parsed. The DNS function used is the standard function of the libc and it performs asynchronous request. The asynchronous request is not compatible with the haproxy archictecture. str2net() is used during the runtime throught the "socket". This patch remove the DNS resolution during the runtime.
2014-02-11 09:23:04 -05:00
if (!*args[1] || !str2net(args[1], 1, &curproxy->mon_net, &curproxy->mon_mask)) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : '%s' expects address[/mask].\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* flush useless bits */
curproxy->mon_net.s_addr &= curproxy->mon_mask.s_addr;
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] implemented the 'monitor-uri' keyword. It is used to test haproxy's status with an HTTP request to which it will reply with HTTP/1.0 200 OK.
2006-07-09 02:22:27 -04:00
else if (!strcmp(args[0], "monitor-uri")) { /* set the URI to intercept */
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] implemented the 'monitor-uri' keyword. It is used to test haproxy's status with an HTTP request to which it will reply with HTTP/1.0 200 OK.
2006-07-09 02:22:27 -04:00
if (!*args[1]) {
Alert("parsing [%s:%d] : '%s' expects an URI.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] implemented the 'monitor-uri' keyword. It is used to test haproxy's status with an HTTP request to which it will reply with HTTP/1.0 200 OK.
2006-07-09 02:22:27 -04:00
}
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(curproxy->monitor_uri);
[MAJOR] huge rework of the HTTP request FSM The HTTP parser has been rewritten for better compliance to RFC2616. The same parser is now usable for both requests and responses, and it now supports HTTP/0.9 as well as multi-line headers. It has also been improved for speed ; a typicial HTTP request is parsed in about 2 microseconds on a 1 GHz processor. The monitor-uri check has been moved so that the requests are not logged. The httpclose option now tries to change as little as possible in the request, and does not affect the first header if it is already set to 'close'. HTTP/0.9 requests are converted to HTTP/1.0 before being forwarded. Headers and request transformations are now distinct. The headers list is updated after each insertion/removal/transformation. The request is re-parsed and checked after each transformation. It is not possible anymore to remove a request, and requests which lead to invalid request lines are now rejected.
2007-01-21 13:16:41 -05:00
curproxy->monitor_uri_len = strlen(args[1]);
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
curproxy->monitor_uri = calloc(1, curproxy->monitor_uri_len + 1);
[MAJOR] huge rework of the HTTP request FSM The HTTP parser has been rewritten for better compliance to RFC2616. The same parser is now usable for both requests and responses, and it now supports HTTP/0.9 as well as multi-line headers. It has also been improved for speed ; a typicial HTTP request is parsed in about 2 microseconds on a 1 GHz processor. The monitor-uri check has been moved so that the requests are not logged. The httpclose option now tries to change as little as possible in the request, and does not affect the first header if it is already set to 'close'. HTTP/0.9 requests are converted to HTTP/1.0 before being forwarded. Headers and request transformations are now distinct. The headers list is updated after each insertion/removal/transformation. The request is re-parsed and checked after each transformation. It is not possible anymore to remove a request, and requests which lead to invalid request lines are now rejected.
2007-01-21 13:16:41 -05:00
memcpy(curproxy->monitor_uri, args[1], curproxy->monitor_uri_len);
[MEDIUM] implemented the 'monitor-uri' keyword. It is used to test haproxy's status with an HTTP request to which it will reply with HTTP/1.0 200 OK.
2006-07-09 02:22:27 -04:00
curproxy->monitor_uri[curproxy->monitor_uri_len] = '\0';
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[MEDIUM] implemented the 'monitor-uri' keyword. It is used to test haproxy's status with an HTTP request to which it will reply with HTTP/1.0 200 OK.
2006-07-09 02:22:27 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "mode")) { /* sets the proxy mode */
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (!strcmp(args[1], "http")) curproxy->mode = PR_MODE_HTTP;
else if (!strcmp(args[1], "tcp")) curproxy->mode = PR_MODE_TCP;
else if (!strcmp(args[1], "health")) curproxy->mode = PR_MODE_HEALTH;
else {
Alert("parsing [%s:%d] : unknown proxy mode '%s'.\n", file, linenum, args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
else if (!strcmp(args[0], "id")) {
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
struct eb32_node *node;
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
}
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
if (!*args[1]) {
Alert("parsing [%s:%d]: '%s' expects an integer argument.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
}
curproxy->uuid = atol(args[1]);
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
curproxy->conf.id.key = curproxy->uuid;
MINOR: proxy: add a flag to memorize that the proxy's ID was forced This will be used to know if proxy's ID should be considered when names mismatch upon check status reload.
2015-05-27 10:44:02 -04:00
curproxy->options |= PR_O_FORCED_ID;
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
if (curproxy->uuid <= 0) {
Alert("parsing [%s:%d]: custom id has to be > 0.\n",
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
}
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
node = eb32_lookup(&used_proxy_id, curproxy->uuid);
if (node) {
struct proxy *target = container_of(node, struct proxy, conf.id);
Alert("parsing [%s:%d]: %s %s reuses same custom id as %s %s (declared at %s:%d).\n",
file, linenum, proxy_type_str(curproxy), curproxy->id,
proxy_type_str(target), target->id, target->conf.file, target->conf.line);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
eb32_insert(&used_proxy_id, &curproxy->conf.id);
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
}
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
else if (!strcmp(args[0], "description")) {
int i, len=0;
char *d;
[CLEANUP] Keep in sync "defaults" support between documentation and code Hi Willy, I've made a quick pass on the "defaults" column in the Proxy keywords matrix (chapter 4.1. in the documentation). This patch resyncs the code and the documentation. I let you decide if some keywords that still work in the "defaults" section should be forbidden. - default_backend : in the matrix, "defaults" was not supported but the keyword details say it is. Tests also shows it works, then I've updated the matrix. - capture cookie : in the keyword details, we can read `It is not possible to specify a capture in a "defaults" section.'. Ok, even if the tests worked, I've added an alert in the configuration parser (as it is for capture request/response header). - description : not supported in "defaults", I added an alert in the parser. I've also noticed that this keyword doesn't appear in the documentation. There's one "description" entry, but for the "global" section, which is for a different use (the patch doesn't update the documentation). - grace : even if this is maybe useless, it works in "defaults". Documentation is updated. - redirect : alert is added in the parser. - rsprep : alert added in the parser. -- Cyril Bonté
2010-01-24 17:29:44 -05:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
if (!*args[1]) {
Alert("parsing [%s:%d]: '%s' expects a string argument.\n",
file, linenum, args[0]);
return -1;
}
BUILD/MEDIUM: cfgparse: get rid of sprintf() A few occurrences of sprintf() were causing harmless warnings on OpenBSD : src/cfgparse.o(.text+0x259e): In function `cfg_parse_global': src/cfgparse.c:1044: warning: sprintf() is often misused, please use snprintf() These ones were easy to get rid of, so better do it.
2014-04-14 09:00:39 -04:00
for (i = 1; *args[i]; i++)
len += strlen(args[i]) + 1;
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
d = calloc(1, len);
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
curproxy->desc = d;
BUILD/MEDIUM: cfgparse: get rid of sprintf() A few occurrences of sprintf() were causing harmless warnings on OpenBSD : src/cfgparse.o(.text+0x259e): In function `cfg_parse_global': src/cfgparse.c:1044: warning: sprintf() is often misused, please use snprintf() These ones were easy to get rid of, so better do it.
2014-04-14 09:00:39 -04:00
d += snprintf(d, curproxy->desc + len - d, "%s", args[1]);
for (i = 2; *args[i]; i++)
d += snprintf(d, curproxy->desc + len - d, " %s", args[i]);
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "disabled")) { /* disables this proxy */
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->state = PR_STSTOPPED;
}
else if (!strcmp(args[0], "enabled")) { /* enables this proxy (used to revert a disabled default) */
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->state = PR_STNEW;
}
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
else if (!strcmp(args[0], "bind-process")) { /* enable this proxy only on some processes */
int cur_arg = 1;
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
unsigned long set = 0;
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
while (*args[cur_arg]) {
MINOR: config: support process ranges for "bind-process" Several users have already been caught by "bind-process" which does not support ranges, so let's support them now.
2012-11-15 11:50:01 -05:00
unsigned int low, high;
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
if (strcmp(args[cur_arg], "all") == 0) {
set = 0;
break;
}
else if (strcmp(args[cur_arg], "odd") == 0) {
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
set |= ~0UL/3UL; /* 0x555....555 */
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
}
else if (strcmp(args[cur_arg], "even") == 0) {
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
set |= (~0UL/3UL) << 1; /* 0xAAA...AAA */
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
}
BUILD: silence a warning on Solaris about usage of isdigit() On Solaris, isdigit() is a macro and it complains about the use of a char instead of the int for the argument. Let's cast it to an int to silence it.
2012-11-21 19:04:31 -05:00
else if (isdigit((int)*args[cur_arg])) {
MINOR: config: support process ranges for "bind-process" Several users have already been caught by "bind-process" which does not support ranges, so let's support them now.
2012-11-15 11:50:01 -05:00
char *dash = strchr(args[cur_arg], '-');
low = high = str2uic(args[cur_arg]);
if (dash)
high = str2uic(dash + 1);
if (high < low) {
unsigned int swap = low;
low = high;
high = swap;
}
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
if (low < 1 || high > LONGBITS) {
Alert("parsing [%s:%d]: %s supports process numbers from 1 to %d.\n",
file, linenum, args[0], LONGBITS);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
}
MINOR: config: support process ranges for "bind-process" Several users have already been caught by "bind-process" which does not support ranges, so let's support them now.
2012-11-15 11:50:01 -05:00
while (low <= high)
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
set |= 1UL << (low++ - 1);
MINOR: config: support process ranges for "bind-process" Several users have already been caught by "bind-process" which does not support ranges, so let's support them now.
2012-11-15 11:50:01 -05:00
}
else {
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
Alert("parsing [%s:%d]: %s expects 'all', 'odd', 'even', or a list of process ranges with numbers from 1 to %d.\n",
file, linenum, args[0], LONGBITS);
MINOR: config: support process ranges for "bind-process" Several users have already been caught by "bind-process" which does not support ranges, so let's support them now.
2012-11-15 11:50:01 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
}
cur_arg++;
}
curproxy->bind_proc = set;
}
[MEDIUM] add the 'acl' keyword to the config language The 'acl' keyword allows one to declare a new ACL. It is an important part of the ACL framework.
2007-05-06 18:53:22 -04:00
else if (!strcmp(args[0], "acl")) { /* add an ACL */
[BUG] acl-related keywords are not allowed in defaults sections Using an ACL-related keyword in the defaults section causes a segfault during parsing because the list headers are not initialized. We must initialize list headers for default instance and reject keywords relying on ACLs. (cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4) (cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
2008-10-12 11:26:37 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BUG] acl-related keywords are not allowed in defaults sections Using an ACL-related keyword in the defaults section causes a segfault during parsing because the list headers are not initialized. We must initialize list headers for default instance and reject keywords relying on ACLs. (cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4) (cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
2008-10-12 11:26:37 -04:00
}
[MEDIUM] restrict the set of allowed characters for identifiers In order to avoid issues in the future, we want to restrict the set of allowed characters for identifiers. Starting from now, only A-Z, a-z, 0-9, '-', '_', '.' and ':' will be allowed for a proxy, a server or an ACL name. A test file has been added to check the restriction.
2007-12-02 12:45:09 -05:00
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in acl name '%s'.\n",
file, linenum, *err, args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
BUG/MINOR: config: missing goto out after parsing an incorrect ACL character The error doesn't prevent checking for other errors after an invalid character was detected in an ACL name. Better quit ASAP to avoid risking to emit garbled and confusing error messages if something else fails on the same line. This should be backported to 1.7, 1.6 and 1.5.
2017-04-12 12:54:00 -04:00
goto out;
[MEDIUM] restrict the set of allowed characters for identifiers In order to avoid issues in the future, we want to restrict the set of allowed characters for identifiers. Starting from now, only A-Z, a-z, 0-9, '-', '_', '.' and ':' will be allowed for a proxy, a server or an ACL name. A test file has been added to check the restriction.
2007-12-02 12:45:09 -05:00
}
MINOR: pattern: store configuration reference for each acl or map pattern. This patch permit to add reference for each pattern reference. This is useful to identify the acl listed.
2014-02-10 21:31:34 -05:00
if (parse_acl((const char **)args + 1, &curproxy->acl, &errmsg, &curproxy->conf.args, file, linenum) == NULL) {
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
Alert("parsing [%s:%d] : error detected while parsing ACL '%s' : %s.\n",
file, linenum, args[1], errmsg);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add the 'acl' keyword to the config language The 'acl' keyword allows one to declare a new ACL. It is an important part of the ACL framework.
2007-05-06 18:53:22 -04:00
}
}
MINOR: server: Add dynamic session cookies. This adds a new "dynamic" keyword for the cookie option. If set, a cookie will be generated for each server (assuming one isn't already provided on the "server" line), from the IP of the server, the TCP port, and a secret key provided. To provide the secret key, a new keyword as been added, "dynamic-cookie-key", for backends. Example : backend bk_web balance roundrobin dynamic-cookie-key "bla" cookie WEBSRV insert dynamic server s1 127.0.0.1:80 check server s2 192.168.56.1:80 check This is a first step to be able to dynamically add and remove servers, without modifying the configuration file, and still have all the load balancers redirect the traffic to the right server. Provide a way to generate session cookies, based on the IP address of the server, the TCP port, and a secret key provided.
2017-03-14 15:01:29 -04:00
else if (!strcmp(args[0], "dynamic-cookie-key")) { /* Dynamic cookies secret key */
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
err_code |= ERR_WARN;
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects <secret_key> as argument.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(curproxy->dyncookie_key);
curproxy->dyncookie_key = strdup(args[1]);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "cookie")) { /* cookie name */
int cur_arg;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects <cookie_name> as argument.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts = 0;
[BUG] cookie: correctly unset default cookie parameters When a backend defines a new cookie, it forgot to unset any params that could have been set in a defaults section, resulting in configs that would sometimes refuse to load or not work as expected. (cherry picked from commit f80bf174ed905a29a3ed8ee91fcd528da6df174f)
2010-10-23 05:37:27 -04:00
curproxy->cookie_maxidle = curproxy->cookie_maxlife = 0;
[BUG] config: cookie domain was ignored in defaults sections Since cookie can appear in a defaults section, the domain extension must be supported there as well. (cherry picked from commit baf78c8e03db8c2255aefb6e11b38b48d1ec5d34)
2009-12-03 17:13:06 -05:00
free(curproxy->cookie_domain); curproxy->cookie_domain = NULL;
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(curproxy->cookie_name);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->cookie_name = strdup(args[1]);
curproxy->cookie_len = strlen(curproxy->cookie_name);
[BUG] cookie: correctly unset default cookie parameters When a backend defines a new cookie, it forgot to unset any params that could have been set in a defaults section, resulting in configs that would sometimes refuse to load or not work as expected. (cherry picked from commit f80bf174ed905a29a3ed8ee91fcd528da6df174f)
2010-10-23 05:37:27 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
cur_arg = 2;
while (*(args[cur_arg])) {
if (!strcmp(args[cur_arg], "rewrite")) {
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts |= PR_CK_RW;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[cur_arg], "indirect")) {
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts |= PR_CK_IND;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[cur_arg], "insert")) {
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts |= PR_CK_INS;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[cur_arg], "nocache")) {
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts |= PR_CK_NOC;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[cur_arg], "postonly")) {
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts |= PR_CK_POST;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] cookie: add support for the "preserve" option This option makes haproxy preserve any persistence cookie emitted by the server, which allows the server to change it or to unset it, for instance, after a logout request. (cherry picked from commit 52e6d75374c7900c1fe691c5633b4ae029cae8d5)
2010-10-23 06:46:42 -04:00
else if (!strcmp(args[cur_arg], "preserve")) {
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts |= PR_CK_PSV;
[MINOR] cookie: add support for the "preserve" option This option makes haproxy preserve any persistence cookie emitted by the server, which allows the server to change it or to unset it, for instance, after a logout request. (cherry picked from commit 52e6d75374c7900c1fe691c5633b4ae029cae8d5)
2010-10-23 06:46:42 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[cur_arg], "prefix")) {
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts |= PR_CK_PFX;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: http: add support for "httponly" and "secure" cookie attributes httponly This option tells haproxy to add an "HttpOnly" cookie attribute when a cookie is inserted. This attribute is used so that a user agent doesn't share the cookie with non-HTTP components. Please check RFC6265 for more information on this attribute. secure This option tells haproxy to add a "Secure" cookie attribute when a cookie is inserted. This attribute is used so that a user agent never emits this cookie over non-secure channels, which means that a cookie learned with this flag will be presented only over SSL/TLS connections. Please check RFC6265 for more information on this attribute.
2012-05-31 15:02:17 -04:00
else if (!strcmp(args[cur_arg], "httponly")) {
curproxy->ck_opts |= PR_CK_HTTPONLY;
}
else if (!strcmp(args[cur_arg], "secure")) {
curproxy->ck_opts |= PR_CK_SECURE;
}
[MINOR] Allow to specify a domain for a cookie This patch allows to specify a domain used when inserting a cookie providing a session stickiness. Usefull for example with wildcard domains. The patch adds one new variable to the struct proxy: cookiedomain. When set the domain is appended to a Set-Cookie header. Domain name is validated using the new invalid_domainchar() function. It is basically invalid_char() limited to [A-Za-z0-9_.-]. Yes, the test is too trivial and does not cover all wrong situations, but the main purpose is to detect most common mistakes, not intentional abuses. The underscore ("_") character is not RFC-valid but as it is often (mis)used so I decided to allow it.
2008-05-23 17:49:32 -04:00
else if (!strcmp(args[cur_arg], "domain")) {
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d]: '%s' expects <domain> as argument.\n",
file, linenum, args[cur_arg]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] Allow to specify a domain for a cookie This patch allows to specify a domain used when inserting a cookie providing a session stickiness. Usefull for example with wildcard domains. The patch adds one new variable to the struct proxy: cookiedomain. When set the domain is appended to a Set-Cookie header. Domain name is validated using the new invalid_domainchar() function. It is basically invalid_char() limited to [A-Za-z0-9_.-]. Yes, the test is too trivial and does not cover all wrong situations, but the main purpose is to detect most common mistakes, not intentional abuses. The underscore ("_") character is not RFC-valid but as it is often (mis)used so I decided to allow it.
2008-05-23 17:49:32 -04:00
}
[BUG] config: fix erroneous check on cookie domain names, again The previous check was correct: the RFC states that it is required to have a domain-name which contained a dot AND began with a dot. However, currently some (all?) browsers do not obey this specification, so such configuration might work. This patch reverts 3d8fbb6658d4414dac20892bbd9e79e14e99e67f but changes the check from FATAL to WARNING and extends the message.
2009-12-15 17:40:47 -05:00
if (*args[cur_arg + 1] != '.' || !strchr(args[cur_arg + 1] + 1, '.')) {
[MINOR] Allow to specify a domain for a cookie This patch allows to specify a domain used when inserting a cookie providing a session stickiness. Usefull for example with wildcard domains. The patch adds one new variable to the struct proxy: cookiedomain. When set the domain is appended to a Set-Cookie header. Domain name is validated using the new invalid_domainchar() function. It is basically invalid_char() limited to [A-Za-z0-9_.-]. Yes, the test is too trivial and does not cover all wrong situations, but the main purpose is to detect most common mistakes, not intentional abuses. The underscore ("_") character is not RFC-valid but as it is often (mis)used so I decided to allow it.
2008-05-23 17:49:32 -04:00
/* rfc2109, 4.3.2 Rejecting Cookies */
[BUG] config: fix erroneous check on cookie domain names, again The previous check was correct: the RFC states that it is required to have a domain-name which contained a dot AND began with a dot. However, currently some (all?) browsers do not obey this specification, so such configuration might work. This patch reverts 3d8fbb6658d4414dac20892bbd9e79e14e99e67f but changes the check from FATAL to WARNING and extends the message.
2009-12-15 17:40:47 -05:00
Warning("parsing [%s:%d]: domain '%s' contains no embedded"
" dots nor does not start with a dot."
" RFC forbids it, this configuration may not work properly.\n",
[MINOR] Allow to specify a domain for a cookie This patch allows to specify a domain used when inserting a cookie providing a session stickiness. Usefull for example with wildcard domains. The patch adds one new variable to the struct proxy: cookiedomain. When set the domain is appended to a Set-Cookie header. Domain name is validated using the new invalid_domainchar() function. It is basically invalid_char() limited to [A-Za-z0-9_.-]. Yes, the test is too trivial and does not cover all wrong situations, but the main purpose is to detect most common mistakes, not intentional abuses. The underscore ("_") character is not RFC-valid but as it is often (mis)used so I decided to allow it.
2008-05-23 17:49:32 -04:00
file, linenum, args[cur_arg + 1]);
[BUG] config: fix erroneous check on cookie domain names, again The previous check was correct: the RFC states that it is required to have a domain-name which contained a dot AND began with a dot. However, currently some (all?) browsers do not obey this specification, so such configuration might work. This patch reverts 3d8fbb6658d4414dac20892bbd9e79e14e99e67f but changes the check from FATAL to WARNING and extends the message.
2009-12-15 17:40:47 -05:00
err_code |= ERR_WARN;
[MINOR] Allow to specify a domain for a cookie This patch allows to specify a domain used when inserting a cookie providing a session stickiness. Usefull for example with wildcard domains. The patch adds one new variable to the struct proxy: cookiedomain. When set the domain is appended to a Set-Cookie header. Domain name is validated using the new invalid_domainchar() function. It is basically invalid_char() limited to [A-Za-z0-9_.-]. Yes, the test is too trivial and does not cover all wrong situations, but the main purpose is to detect most common mistakes, not intentional abuses. The underscore ("_") character is not RFC-valid but as it is often (mis)used so I decided to allow it.
2008-05-23 17:49:32 -04:00
}
err = invalid_domainchar(args[cur_arg + 1]);
if (err) {
Alert("parsing [%s:%d]: character '%c' is not permitted in domain name '%s'.\n",
file, linenum, *err, args[cur_arg + 1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] Allow to specify a domain for a cookie This patch allows to specify a domain used when inserting a cookie providing a session stickiness. Usefull for example with wildcard domains. The patch adds one new variable to the struct proxy: cookiedomain. When set the domain is appended to a Set-Cookie header. Domain name is validated using the new invalid_domainchar() function. It is basically invalid_char() limited to [A-Za-z0-9_.-]. Yes, the test is too trivial and does not cover all wrong situations, but the main purpose is to detect most common mistakes, not intentional abuses. The underscore ("_") character is not RFC-valid but as it is often (mis)used so I decided to allow it.
2008-05-23 17:49:32 -04:00
}
[MINOR] config: support passing multiple "domain" statements to cookies In some environments it is not possible to rely on any wildcard for a domain name (eg: .com, .net, .fr...) so it is required to send multiple domain extensions. (Un)fortunately the syntax check on the domain name prevented that from being done the dirty way. So let's just build a domain list when multiple domains are passed on the same line. (cherry picked from commit 950245ca2b772fd6b99b8152c48c694ed0212857)
2009-12-03 17:28:34 -05:00
if (!curproxy->cookie_domain) {
curproxy->cookie_domain = strdup(args[cur_arg + 1]);
} else {
/* one domain was already specified, add another one by
* building the string which will be returned along with
* the cookie.
*/
char *new_ptr;
int new_len = strlen(curproxy->cookie_domain) +
strlen("; domain=") + strlen(args[cur_arg + 1]) + 1;
new_ptr = malloc(new_len);
snprintf(new_ptr, new_len, "%s; domain=%s", curproxy->cookie_domain, args[cur_arg+1]);
free(curproxy->cookie_domain);
curproxy->cookie_domain = new_ptr;
}
[MINOR] Allow to specify a domain for a cookie This patch allows to specify a domain used when inserting a cookie providing a session stickiness. Usefull for example with wildcard domains. The patch adds one new variable to the struct proxy: cookiedomain. When set the domain is appended to a Set-Cookie header. Domain name is validated using the new invalid_domainchar() function. It is basically invalid_char() limited to [A-Za-z0-9_.-]. Yes, the test is too trivial and does not cover all wrong situations, but the main purpose is to detect most common mistakes, not intentional abuses. The underscore ("_") character is not RFC-valid but as it is often (mis)used so I decided to allow it.
2008-05-23 17:49:32 -04:00
cur_arg++;
}
[MINOR] cookie: add options "maxidle" and "maxlife" Add two new arguments to the "cookie" keyword, to be able to fix a max idle and max life on them. Right now only the parameter parsing is implemented. (cherry picked from commit 9ad5dec4c3bb8f29129f292cb22d3fc495fcc98a)
2010-10-06 10:59:56 -04:00
else if (!strcmp(args[cur_arg], "maxidle")) {
unsigned int maxidle;
const char *res;
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d]: '%s' expects <idletime> in seconds as argument.\n",
file, linenum, args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
res = parse_time_err(args[cur_arg + 1], &maxidle, TIME_UNIT_S);
if (res) {
Alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s>.\n",
file, linenum, *res, args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curproxy->cookie_maxidle = maxidle;
cur_arg++;
}
else if (!strcmp(args[cur_arg], "maxlife")) {
unsigned int maxlife;
const char *res;
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d]: '%s' expects <lifetime> in seconds as argument.\n",
file, linenum, args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
res = parse_time_err(args[cur_arg + 1], &maxlife, TIME_UNIT_S);
if (res) {
Alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s>.\n",
file, linenum, *res, args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curproxy->cookie_maxlife = maxlife;
cur_arg++;
}
CLEANUP: config: Typo in comment. This is for the recently merged dynamic cookie patch set.
2017-03-15 10:12:06 -04:00
else if (!strcmp(args[cur_arg], "dynamic")) { /* Dynamic persistent cookies secret key */
MINOR: server: Add dynamic session cookies. This adds a new "dynamic" keyword for the cookie option. If set, a cookie will be generated for each server (assuming one isn't already provided on the "server" line), from the IP of the server, the TCP port, and a secret key provided. To provide the secret key, a new keyword as been added, "dynamic-cookie-key", for backends. Example : backend bk_web balance roundrobin dynamic-cookie-key "bla" cookie WEBSRV insert dynamic server s1 127.0.0.1:80 check server s2 192.168.56.1:80 check This is a first step to be able to dynamically add and remove servers, without modifying the configuration file, and still have all the load balancers redirect the traffic to the right server. Provide a way to generate session cookies, based on the IP address of the server, the TCP port, and a secret key provided.
2017-03-14 15:01:29 -04:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[cur_arg], NULL))
err_code |= ERR_WARN;
curproxy->ck_opts |= PR_CK_DYNAMIC;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else {
MINOR: server: Add dynamic session cookies. This adds a new "dynamic" keyword for the cookie option. If set, a cookie will be generated for each server (assuming one isn't already provided on the "server" line), from the IP of the server, the TCP port, and a secret key provided. To provide the secret key, a new keyword as been added, "dynamic-cookie-key", for backends. Example : backend bk_web balance roundrobin dynamic-cookie-key "bla" cookie WEBSRV insert dynamic server s1 127.0.0.1:80 check server s2 192.168.56.1:80 check This is a first step to be able to dynamically add and remove servers, without modifying the configuration file, and still have all the load balancers redirect the traffic to the right server. Provide a way to generate session cookies, based on the IP address of the server, the TCP port, and a secret key provided.
2017-03-14 15:01:29 -04:00
Alert("parsing [%s:%d] : '%s' supports 'rewrite', 'insert', 'prefix', 'indirect', 'nocache', 'postonly', 'domain', 'maxidle', 'dynamic' and 'maxlife' options.\n",
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
cur_arg++;
}
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
if (!POWEROF2(curproxy->ck_opts & (PR_CK_RW|PR_CK_IND))) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : cookie 'rewrite' and 'indirect' modes are incompatible.\n",
file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
if (!POWEROF2(curproxy->ck_opts & (PR_CK_RW|PR_CK_INS|PR_CK_PFX))) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : cookie 'rewrite', 'insert' and 'prefix' modes are incompatible.\n",
file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] cookie: add support for the "preserve" option This option makes haproxy preserve any persistence cookie emitted by the server, which allows the server to change it or to unset it, for instance, after a logout request. (cherry picked from commit 52e6d75374c7900c1fe691c5633b4ae029cae8d5)
2010-10-23 06:46:42 -04:00
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
if ((curproxy->ck_opts & (PR_CK_PSV | PR_CK_INS | PR_CK_IND)) == PR_CK_PSV) {
[MINOR] cookie: add support for the "preserve" option This option makes haproxy preserve any persistence cookie emitted by the server, which allows the server to change it or to unset it, for instance, after a logout request. (cherry picked from commit 52e6d75374c7900c1fe691c5633b4ae029cae8d5)
2010-10-23 06:46:42 -04:00
Alert("parsing [%s:%d] : cookie 'preserve' requires at least 'insert' or 'indirect'.\n",
file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}/* end else if (!strcmp(args[0], "cookie")) */
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
else if (!strcmp(args[0], "email-alert")) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : missing argument after '%s'.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (!strcmp(args[1], "from")) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : missing argument after '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(curproxy->email_alert.from);
curproxy->email_alert.from = strdup(args[2]);
}
else if (!strcmp(args[1], "mailers")) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : missing argument after '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(curproxy->email_alert.mailers.name);
curproxy->email_alert.mailers.name = strdup(args[2]);
}
else if (!strcmp(args[1], "myhostname")) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : missing argument after '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(curproxy->email_alert.myhostname);
curproxy->email_alert.myhostname = strdup(args[2]);
}
MEDIUM: Allow suppression of email alerts by log level This patch adds a new option which allows configuration of the maximum log level of messages for which email alerts will be sent. The default is alert which is more restrictive than the current code which sends email alerts for all priorities. That behaviour may be configured using the new configuration option to set the maximum level to notice or greater. email-alert level notice Signed-off-by: Simon Horman <horms@verge.net.au>
2015-02-05 21:11:57 -05:00
else if (!strcmp(args[1], "level")) {
curproxy->email_alert.level = get_log_level(args[2]);
if (curproxy->email_alert.level < 0) {
Alert("parsing [%s:%d] : unknown log level '%s' after '%s'\n",
file, linenum, args[1], args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
else if (!strcmp(args[1], "to")) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : missing argument after '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(curproxy->email_alert.to);
curproxy->email_alert.to = strdup(args[2]);
}
else {
Alert("parsing [%s:%d] : email-alert: unknown argument '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: Allow suppression of email alerts by log level This patch adds a new option which allows configuration of the maximum log level of messages for which email alerts will be sent. The default is alert which is more restrictive than the current code which sends email alerts for all priorities. That behaviour may be configured using the new configuration option to set the maximum level to notice or greater. email-alert level notice Signed-off-by: Simon Horman <horms@verge.net.au>
2015-02-05 21:11:57 -05:00
/* Indicate that the email_alert is at least partially configured */
curproxy->email_alert.set = 1;
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
}/* end else if (!strcmp(args[0], "email-alert")) */
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
else if (!strcmp(args[0], "external-check")) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : missing argument after '%s'.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (!strcmp(args[1], "command")) {
BUG: config: external-check command validation is checking for incorrect arguments. When using the external-check command option HAProxy was failing to start with a fatal error "'external-check' cannot handle unexpected argument". When looking at the code it was looking for an incorrect argument. Also correcting an Alert message text as spotted by by PiBa-NL.
2015-09-16 07:07:51 -04:00
if (alertif_too_many_args(2, file, linenum, args, &err_code))
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
goto out;
BUG: config: external-check command validation is checking for incorrect arguments. When using the external-check command option HAProxy was failing to start with a fatal error "'external-check' cannot handle unexpected argument". When looking at the code it was looking for an incorrect argument. Also correcting an Alert message text as spotted by by PiBa-NL.
2015-09-16 07:07:51 -04:00
if (*(args[2]) == 0) {
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
Alert("parsing [%s:%d] : missing argument after '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(curproxy->check_command);
curproxy->check_command = strdup(args[2]);
}
else if (!strcmp(args[1], "path")) {
BUG: config: external-check command validation is checking for incorrect arguments. When using the external-check command option HAProxy was failing to start with a fatal error "'external-check' cannot handle unexpected argument". When looking at the code it was looking for an incorrect argument. Also correcting an Alert message text as spotted by by PiBa-NL.
2015-09-16 07:07:51 -04:00
if (alertif_too_many_args(2, file, linenum, args, &err_code))
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
goto out;
BUG: config: external-check command validation is checking for incorrect arguments. When using the external-check command option HAProxy was failing to start with a fatal error "'external-check' cannot handle unexpected argument". When looking at the code it was looking for an incorrect argument. Also correcting an Alert message text as spotted by by PiBa-NL.
2015-09-16 07:07:51 -04:00
if (*(args[2]) == 0) {
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
Alert("parsing [%s:%d] : missing argument after '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(curproxy->check_path);
curproxy->check_path = strdup(args[2]);
}
else {
Alert("parsing [%s:%d] : external-check: unknown argument '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}/* end else if (!strcmp(args[0], "external-check")) */
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
else if (!strcmp(args[0], "persist")) { /* persist */
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : missing persist method.\n",
file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
}
if (!strncmp(args[1], "rdp-cookie", 10)) {
curproxy->options2 |= PR_O2_RDPC_PRST;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
if (*(args[1] + 10) == '(') { /* cookie name */
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
const char *beg, *end;
beg = args[1] + 11;
end = strchr(beg, ')');
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
if (!end || end == beg) {
Alert("parsing [%s:%d] : persist rdp-cookie(name)' requires an rdp cookie name.\n",
file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
}
free(curproxy->rdp_cookie_name);
curproxy->rdp_cookie_name = my_strndup(beg, end - beg);
curproxy->rdp_cookie_len = end-beg;
}
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
else if (*(args[1] + 10) == '\0') { /* default cookie name 'msts' */
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
free(curproxy->rdp_cookie_name);
curproxy->rdp_cookie_name = strdup("msts");
curproxy->rdp_cookie_len = strlen(curproxy->rdp_cookie_name);
}
else { /* syntax */
Alert("parsing [%s:%d] : persist rdp-cookie(name)' requires an rdp cookie name.\n",
file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
}
}
else {
Alert("parsing [%s:%d] : unknown persist method.\n",
file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "appsession")) { /* cookie name */
CLEANUP: config: remove appsession initialization Now it asks to check the documentation.
2015-08-10 13:04:29 -04:00
Alert("parsing [%s:%d] : '%s' is not supported anymore, please check the documentation.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: config: new backend directives: load-server-state-from-file and server-state-file-name This directive gives HAProxy the ability to use the either the global server-state-file directive or a local one using server-state-file-name to load server states. The state can be saved right before the reload by the init script, using the "show servers state" command on the stats socket redirecting output into a file.
2015-08-19 10:44:03 -04:00
else if (!strcmp(args[0], "load-server-state-from-file")) {
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
err_code |= ERR_WARN;
if (!strcmp(args[1], "global")) { /* use the file pointed to by global server-state-file directive */
curproxy->load_server_state_from_file = PR_SRV_STATE_FILE_GLOBAL;
}
else if (!strcmp(args[1], "local")) { /* use the server-state-file-name variable to locate the server-state file */
curproxy->load_server_state_from_file = PR_SRV_STATE_FILE_LOCAL;
}
else if (!strcmp(args[1], "none")) { /* don't use server-state-file directive for this backend */
curproxy->load_server_state_from_file = PR_SRV_STATE_FILE_NONE;
}
else {
Alert("parsing [%s:%d] : '%s' expects 'global', 'local' or 'none'. Got '%s'\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
else if (!strcmp(args[0], "server-state-file-name")) {
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
err_code |= ERR_WARN;
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects 'use-backend-name' or a string. Got no argument\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
else if (!strcmp(args[1], "use-backend-name"))
curproxy->server_state_file_name = strdup(curproxy->id);
else
curproxy->server_state_file_name = strdup(args[1]);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "capture")) {
[MINOR] config: the "capture" keyword is not allowed in backends The "capture" keyword is only supported by frontends, fix the check.
2009-07-23 07:24:23 -04:00
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (!strcmp(args[1], "cookie")) { /* name of a cookie to capture */
[CLEANUP] Keep in sync "defaults" support between documentation and code Hi Willy, I've made a quick pass on the "defaults" column in the Proxy keywords matrix (chapter 4.1. in the documentation). This patch resyncs the code and the documentation. I let you decide if some keywords that still work in the "defaults" section should be forbidden. - default_backend : in the matrix, "defaults" was not supported but the keyword details say it is. Tests also shows it works, then I've updated the matrix. - capture cookie : in the keyword details, we can read `It is not possible to specify a capture in a "defaults" section.'. Ok, even if the tests worked, I've added an alert in the configuration parser (as it is for capture request/response header). - description : not supported in "defaults", I added an alert in the parser. I've also noticed that this keyword doesn't appear in the documentation. There's one "description" entry, but for the "global" section, which is for a different use (the patch doesn't update the documentation). - grace : even if this is maybe useless, it works in "defaults". Documentation is updated. - redirect : alert is added in the parser. - rsprep : alert added in the parser. -- Cyril Bonté
2010-01-24 17:29:44 -05:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s %s' not allowed in 'defaults' section.\n", file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args_idx(4, 1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[4]) == 0) {
Alert("parsing [%s:%d] : '%s' expects 'cookie' <cookie_name> 'len' <len>.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(curproxy->capture_name);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->capture_name = strdup(args[2]);
curproxy->capture_namelen = strlen(curproxy->capture_name);
curproxy->capture_len = atol(args[4]);
curproxy->to_log |= LW_COOKIE;
}
else if (!strcmp(args[1], "request") && !strcmp(args[2], "header")) {
struct cap_hdr *hdr;
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s %s' not allowed in 'defaults' section.\n", file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args_idx(4, 1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[3]) == 0 || strcmp(args[4], "len") != 0 || *(args[5]) == 0) {
Alert("parsing [%s:%d] : '%s %s' expects 'header' <header_name> 'len' <len>.\n",
file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
hdr = calloc(1, sizeof(*hdr));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
hdr->next = curproxy->req_cap;
hdr->name = strdup(args[3]);
hdr->namelen = strlen(args[3]);
hdr->len = atol(args[5]);
[MAJOR] last bunch of capture changes for mempool v2 The header captures had lots of pools. They have all been transformed.
2007-05-13 16:46:04 -04:00
hdr->pool = create_pool("caphdr", hdr->len + 1, MEM_F_SHARED);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
hdr->index = curproxy->nb_req_cap++;
curproxy->req_cap = hdr;
curproxy->to_log |= LW_REQHDR;
}
else if (!strcmp(args[1], "response") && !strcmp(args[2], "header")) {
struct cap_hdr *hdr;
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s %s' not allowed in 'defaults' section.\n", file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args_idx(4, 1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[3]) == 0 || strcmp(args[4], "len") != 0 || *(args[5]) == 0) {
Alert("parsing [%s:%d] : '%s %s' expects 'header' <header_name> 'len' <len>.\n",
file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
hdr = calloc(1, sizeof(*hdr));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
hdr->next = curproxy->rsp_cap;
hdr->name = strdup(args[3]);
hdr->namelen = strlen(args[3]);
hdr->len = atol(args[5]);
[MAJOR] last bunch of capture changes for mempool v2 The header captures had lots of pools. They have all been transformed.
2007-05-13 16:46:04 -04:00
hdr->pool = create_pool("caphdr", hdr->len + 1, MEM_F_SHARED);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
hdr->index = curproxy->nb_rsp_cap++;
curproxy->rsp_cap = hdr;
curproxy->to_log |= LW_RSPHDR;
}
else {
Alert("parsing [%s:%d] : '%s' expects 'cookie' or 'request header' or 'response header'.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
else if (!strcmp(args[0], "retries")) { /* connection retries */
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument (dispatch counts for one).\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
curproxy->conn_retries = atol(args[1]);
}
[MINOR] http-request: allow/deny/auth support for frontend/backend/listen Use the generic auth framework to control access to frontends/backends/listens
2010-01-29 11:58:21 -05:00
else if (!strcmp(args[0], "http-request")) { /* request access control: allow/deny/auth */
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
struct act_rule *rule;
[MINOR] http-request: allow/deny/auth support for frontend/backend/listen Use the generic auth framework to control access to frontends/backends/listens
2010-01-29 11:58:21 -05:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: http: add http-request 'add-header' and 'set-header' to build headers These two new statements allow to pass information extracted from the request to the server. It's particularly useful for passing SSL information to the server, but may be used for various other purposes such as combining headers together to emulate internal variables.
2012-12-24 09:45:22 -05:00
if (!LIST_ISEMPTY(&curproxy->http_req_rules) &&
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
!LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->cond &&
MINOR: actions: change actions names For performances considerations, some actions are not processed by remote function. They are directly processed by the function. Some of these actions does the same things but for different processing part (request / response). This patch give the same name for the same actions, and change the normalization of the other actions names. This patch is ONLY a rename, it doesn't modify the code.
2015-08-05 13:05:19 -04:00
(LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->action == ACT_ACTION_ALLOW ||
LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->action == ACT_ACTION_DENY ||
LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->action == ACT_HTTP_REDIR ||
LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->action == ACT_HTTP_REQ_AUTH)) {
MEDIUM: http: add http-request 'add-header' and 'set-header' to build headers These two new statements allow to pass information extracted from the request to the server. It's particularly useful for passing SSL information to the server, but may be used for various other purposes such as combining headers together to emulate internal variables.
2012-12-24 09:45:22 -05:00
Warning("parsing [%s:%d]: previous '%s' action is final and has no condition attached, further entries are NOOP.\n",
[MINOR] http-request: allow/deny/auth support for frontend/backend/listen Use the generic auth framework to control access to frontends/backends/listens
2010-01-29 11:58:21 -05:00
file, linenum, args[0]);
err_code |= ERR_WARN;
}
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
rule = parse_http_req_cond((const char **)args + 1, file, linenum, curproxy);
[MINOR] http-request: allow/deny/auth support for frontend/backend/listen Use the generic auth framework to control access to frontends/backends/listens
2010-01-29 11:58:21 -05:00
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
if (!rule) {
[MINOR] http-request: allow/deny/auth support for frontend/backend/listen Use the generic auth framework to control access to frontends/backends/listens
2010-01-29 11:58:21 -05:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
MEDIUM: config: report misplaced http-request rules Recently, the http-request ruleset started to be used a lot and some bug reports were caused by misplaced http-request rules because there was no warning if they're after a redirect or use_backend rule. Let's fix this now. http-request rules are just after the block rules.
2014-04-22 19:32:02 -04:00
err_code |= warnif_misplaced_http_req(curproxy, file, linenum, args[0]);
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(rule->cond,
(curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
file, linenum);
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
LIST_ADDQ(&curproxy->http_req_rules, &rule->list);
[MINOR] http-request: allow/deny/auth support for frontend/backend/listen Use the generic auth framework to control access to frontends/backends/listens
2010-01-29 11:58:21 -05:00
}
MEDIUM: http: add a new "http-response" ruleset Some actions were clearly missing to process response headers. This patch adds a new "http-response" ruleset which provides the following actions : - allow : stop evaluating http-response rules - deny : stop and reject the response with a 502 - add-header : add a header in log-format mode - set-header : set a header in log-format mode
2013-06-11 10:06:12 -04:00
else if (!strcmp(args[0], "http-response")) { /* response access control */
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
struct act_rule *rule;
MEDIUM: http: add a new "http-response" ruleset Some actions were clearly missing to process response headers. This patch adds a new "http-response" ruleset which provides the following actions : - allow : stop evaluating http-response rules - deny : stop and reject the response with a 502 - add-header : add a header in log-format mode - set-header : set a header in log-format mode
2013-06-11 10:06:12 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (!LIST_ISEMPTY(&curproxy->http_res_rules) &&
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
!LIST_PREV(&curproxy->http_res_rules, struct act_rule *, list)->cond &&
MINOR: actions: change actions names For performances considerations, some actions are not processed by remote function. They are directly processed by the function. Some of these actions does the same things but for different processing part (request / response). This patch give the same name for the same actions, and change the normalization of the other actions names. This patch is ONLY a rename, it doesn't modify the code.
2015-08-05 13:05:19 -04:00
(LIST_PREV(&curproxy->http_res_rules, struct act_rule *, list)->action == ACT_ACTION_ALLOW ||
LIST_PREV(&curproxy->http_res_rules, struct act_rule *, list)->action == ACT_ACTION_DENY)) {
MEDIUM: http: add a new "http-response" ruleset Some actions were clearly missing to process response headers. This patch adds a new "http-response" ruleset which provides the following actions : - allow : stop evaluating http-response rules - deny : stop and reject the response with a 502 - add-header : add a header in log-format mode - set-header : set a header in log-format mode
2013-06-11 10:06:12 -04:00
Warning("parsing [%s:%d]: previous '%s' action is final and has no condition attached, further entries are NOOP.\n",
file, linenum, args[0]);
err_code |= ERR_WARN;
}
rule = parse_http_res_cond((const char **)args + 1, file, linenum, curproxy);
if (!rule) {
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
err_code |= warnif_cond_conflicts(rule->cond,
(curproxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR,
file, linenum);
LIST_ADDQ(&curproxy->http_res_rules, &rule->list);
}
MEDIUM: http: add support for sending the server's name in the outgoing request New option "http-send-name-header" specifies the name of a header which will hold the server name in outgoing requests. This is the name of the server the connection is really sent to, which means that upon redispatches, the header's value is updated so that it always matches the server's name.
2012-01-04 13:02:01 -05:00
else if (!strcmp(args[0], "http-send-name-header")) { /* send server name in request header */
/* set the header name and length into the proxy structure */
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
err_code |= ERR_WARN;
if (!*args[1]) {
Alert("parsing [%s:%d] : '%s' requires a header string.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
/* set the desired header name */
free(curproxy->server_id_hdr_name);
curproxy->server_id_hdr_name = strdup(args[1]);
curproxy->server_id_hdr_len = strlen(curproxy->server_id_hdr_name);
}
[MEDIUM] added the 'block' keyword to the config language The new 'block' keyword makes it possible to block a request based on ACL test results. Block accepts two optional arguments : 'if' <cond> and 'unless' <cond>. The request will be blocked with a 403 response if the condition is validated (if) or if it is not (unless). Do not rely on this one too much, as it's more of a proof of concept helping in developing other matches.
2007-05-06 18:58:25 -04:00
else if (!strcmp(args[0], "block")) { /* early blocking based on ACLs */
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
struct act_rule *rule;
MEDIUM: http: emulate "block" rules using "http-request" rules The "block" rules are redundant with http-request rules because they are performed immediately before and do exactly the same thing as "http-request deny". Moreover, this duplication has led to a few minor stats accounting issues fixed lately. Instead of keeping the two rule sets, we now build a list of "block" rules that we compile as "http-request block" and that we later insert at the beginning of the "http-request" rules. The only user-visible change is that in case of a parsing error, the config parser will now report "http-request block rule" instead of "blocking condition".
2014-04-28 16:06:57 -04:00
[BUG] acl-related keywords are not allowed in defaults sections Using an ACL-related keyword in the defaults section causes a segfault during parsing because the list headers are not initialized. We must initialize list headers for default instance and reject keywords relying on ACLs. (cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4) (cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
2008-10-12 11:26:37 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BUG] acl-related keywords are not allowed in defaults sections Using an ACL-related keyword in the defaults section causes a segfault during parsing because the list headers are not initialized. We must initialize list headers for default instance and reject keywords relying on ACLs. (cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4) (cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
2008-10-12 11:26:37 -04:00
}
MEDIUM: http: emulate "block" rules using "http-request" rules The "block" rules are redundant with http-request rules because they are performed immediately before and do exactly the same thing as "http-request deny". Moreover, this duplication has led to a few minor stats accounting issues fixed lately. Instead of keeping the two rule sets, we now build a list of "block" rules that we compile as "http-request block" and that we later insert at the beginning of the "http-request" rules. The only user-visible change is that in case of a parsing error, the config parser will now report "http-request block rule" instead of "blocking condition".
2014-04-28 16:06:57 -04:00
/* emulate "block" using "http-request block". Since these rules are supposed to
* be processed before all http-request rules, we put them into their own list
* and will insert them at the end.
*/
rule = parse_http_req_cond((const char **)args, file, linenum, curproxy);
if (!rule) {
err_code |= ERR_ALERT | ERR_ABORT;
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[MEDIUM] added the 'block' keyword to the config language The new 'block' keyword makes it possible to block a request based on ACL test results. Block accepts two optional arguments : 'if' <cond> and 'unless' <cond>. The request will be blocked with a 403 response if the condition is validated (if) or if it is not (unless). Do not rely on this one too much, as it's more of a proof of concept helping in developing other matches.
2007-05-06 18:58:25 -04:00
}
MEDIUM: http: emulate "block" rules using "http-request" rules The "block" rules are redundant with http-request rules because they are performed immediately before and do exactly the same thing as "http-request deny". Moreover, this duplication has led to a few minor stats accounting issues fixed lately. Instead of keeping the two rule sets, we now build a list of "block" rules that we compile as "http-request block" and that we later insert at the beginning of the "http-request" rules. The only user-visible change is that in case of a parsing error, the config parser will now report "http-request block rule" instead of "blocking condition".
2014-04-28 16:06:57 -04:00
err_code |= warnif_misplaced_block(curproxy, file, linenum, args[0]);
err_code |= warnif_cond_conflicts(rule->cond,
(curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
file, linenum);
LIST_ADDQ(&curproxy->block_rules, &rule->list);
MEDIUM: config: inform the user about the deprecatedness of "block" rules It's just a warning emitted once.
2014-04-28 16:28:02 -04:00
if (!already_warned(WARN_BLOCK_DEPRECATED))
Warning("parsing [%s:%d] : The '%s' directive is now deprecated in favor of 'http-request deny' which uses the exact same syntax. The rules are translated but support might disappear in a future version.\n", file, linenum, args[0]);
[MEDIUM] added the 'block' keyword to the config language The new 'block' keyword makes it possible to block a request based on ACL test results. Block accepts two optional arguments : 'if' <cond> and 'unless' <cond>. The request will be blocked with a 403 response if the condition is validated (if) or if it is not (unless). Do not rely on this one too much, as it's more of a proof of concept helping in developing other matches.
2007-05-06 18:58:25 -04:00
}
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
else if (!strcmp(args[0], "redirect")) {
struct redirect_rule *rule;
[CLEANUP] Keep in sync "defaults" support between documentation and code Hi Willy, I've made a quick pass on the "defaults" column in the Proxy keywords matrix (chapter 4.1. in the documentation). This patch resyncs the code and the documentation. I let you decide if some keywords that still work in the "defaults" section should be forbidden. - default_backend : in the matrix, "defaults" was not supported but the keyword details say it is. Tests also shows it works, then I've updated the matrix. - capture cookie : in the keyword details, we can read `It is not possible to specify a capture in a "defaults" section.'. Ok, even if the tests worked, I've added an alert in the configuration parser (as it is for capture request/response header). - description : not supported in "defaults", I added an alert in the parser. I've also noticed that this keyword doesn't appear in the documentation. There's one "description" entry, but for the "global" section, which is for a different use (the patch doesn't update the documentation). - grace : even if this is maybe useless, it works in "defaults". Documentation is updated. - redirect : alert is added in the parser. - rsprep : alert added in the parser. -- Cyril Bonté
2010-01-24 17:29:44 -05:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: http: prepare support for parsing redirect actions on responses In order to support http-response redirect, the parsing needs to be adapted a little bit to only support the "location" type, and to adjust the log-format parser so that it knows the direction of the sample fetch calls.
2015-05-28 09:26:58 -04:00
if ((rule = http_parse_redirect_rule(file, linenum, curproxy, (const char **)args + 1, &errmsg, 0, 0)) == NULL) {
REORG: config: move the http redirect rule parser to proto_http.c We'll have to use this elsewhere soon, let's move it to the proper place.
2012-12-27 06:00:31 -05:00
Alert("parsing [%s:%d] : error detected in %s '%s' while parsing redirect rule : %s.\n",
file, linenum, proxy_type_str(curproxy), curproxy->id, errmsg);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
}
LIST_ADDQ(&curproxy->redirect_rules, &rule->list);
MEDIUM: config: report misplaced use-server rules Till now there was no check against misplaced use-server rules, and no warning was emitted, adding to the confusion. They're processed just after the use_backend rules, or more exactly at the same level but for the backend.
2014-04-22 19:39:04 -04:00
err_code |= warnif_misplaced_redirect(curproxy, file, linenum, args[0]);
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(rule->cond,
(curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
file, linenum);
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
}
[DOC] remove buggy comment for use_backend "early blocking based on ACLs" is definitely wrong here
2009-01-27 15:09:41 -05:00
else if (!strcmp(args[0], "use_backend")) {
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
struct switching_rule *rule;
[BUG] acl-related keywords are not allowed in defaults sections Using an ACL-related keyword in the defaults section causes a segfault during parsing because the list headers are not initialized. We must initialize list headers for default instance and reject keywords relying on ACLs. (cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4) (cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
2008-10-12 11:26:37 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BUG] acl-related keywords are not allowed in defaults sections Using an ACL-related keyword in the defaults section causes a segfault during parsing because the list headers are not initialized. We must initialize list headers for default instance and reject keywords relying on ACLs. (cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4) (cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
2008-10-12 11:26:37 -04:00
}
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a backend name.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
}
MEDIUM: config: relax use_backend check to make the condition optional Since it became possible to use log-format expressions in use_backend, having a mandatory condition becomes annoying because configurations are full of "if TRUE". Let's relax the check to accept no condition like many other keywords (eg: redirect).
2014-04-22 19:21:56 -04:00
if (strcmp(args[2], "if") == 0 || strcmp(args[2], "unless") == 0) {
if ((cond = build_acl_cond(file, linenum, curproxy, (const char **)args + 2, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing switching rule : %s.\n",
file, linenum, errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
MEDIUM: config: relax use_backend check to make the condition optional Since it became possible to use log-format expressions in use_backend, having a mandatory condition becomes annoying because configurations are full of "if TRUE". Let's relax the check to accept no condition like many other keywords (eg: redirect).
2014-04-22 19:21:56 -04:00
err_code |= warnif_cond_conflicts(cond, SMP_VAL_FE_SET_BCK, file, linenum);
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
}
BUG/MEDIUM: config: reject anything but "if" or "unless" after a use-backend rule Adrian Fitzpatrick reported that since commit f51658d ("MEDIUM: config: relax use_backend check to make the condition optional"), typos like "of" instead of "if" on use_backend rules are not properly detected. The reason is that the parser only checks for "if" or "unless" otherwise it considers there's no keyword, making the rule inconditional. This patch fixes it. It may reveal some rare config bugs for some people, but will not affect valid configurations. This fix must be backported to 1.7, 1.6 and 1.5.
2017-02-28 03:34:39 -05:00
else if (*args[2]) {
Alert("parsing [%s:%d] : unexpected keyword '%s' after switching rule, only 'if' and 'unless' are allowed.\n",
file, linenum, args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
rule = calloc(1, sizeof(*rule));
BUG/MINOR: conf: calloc untested A calloc is executed without check of its returns code.
2016-11-24 17:58:32 -05:00
if (!rule) {
Alert("Out of memory error.\n");
goto out;
}
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
rule->cond = cond;
rule->be.name = strdup(args[1]);
MINOR: http/conf: store the use_backend configuration file and line for logs The error log of the directive use_backend doesn't provide the file and line containing the declaration. This patch stores theses informations.
2016-11-24 17:57:54 -05:00
rule->line = linenum;
rule->file = strdup(file);
if (!rule->file) {
Alert("Out of memory error.\n");
goto out;
}
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
LIST_INIT(&rule->list);
LIST_ADDQ(&curproxy->switching_rules, &rule->list);
}
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
else if (strcmp(args[0], "use-server") == 0) {
struct server_rule *rule;
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
err_code |= ERR_WARN;
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a server name.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (strcmp(args[2], "if") != 0 && strcmp(args[2], "unless") != 0) {
Alert("parsing [%s:%d] : '%s' requires either 'if' or 'unless' followed by a condition.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
if ((cond = build_acl_cond(file, linenum, curproxy, (const char **)args + 2, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing switching rule : %s.\n",
file, linenum, errmsg);
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(cond, SMP_VAL_BE_SET_SRV, file, linenum);
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
rule = calloc(1, sizeof(*rule));
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
rule->cond = cond;
rule->srv.name = strdup(args[1]);
LIST_INIT(&rule->list);
LIST_ADDQ(&curproxy->server_rules, &rule->list);
curproxy->be_req_ana |= AN_REQ_SRV_RULES;
}
[MINOR] add the "ignore-persist" option to conditionally ignore persistence This is used to disable persistence depending on some conditions (for example using an ACL matching static files or a specific User-Agent). You can see it as a complement to "force-persist". In the configuration file, the force-persist/ignore-persist declaration order define the rules priority. Used with the "appsesion" keyword, it can also help reducing memory usage, as the session won't be hashed the persistence is ignored.
2010-04-24 18:00:51 -04:00
else if ((!strcmp(args[0], "force-persist")) ||
(!strcmp(args[0], "ignore-persist"))) {
struct persist_rule *rule;
[MINOR] add the "force-persist" statement to force persistence on down servers This is used to force access to down servers for some requests. This is useful when validating that a change on a server correctly works before enabling the server again.
2010-01-22 13:10:05 -05:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (warnifnotcap(curproxy, PR_CAP_FE|PR_CAP_BE, file, linenum, args[0], NULL))
err_code |= ERR_WARN;
[CLEANUP] config: use build_acl_cond() instead of parse_acl_cond() This allows to clean up the code a little bit by moving some of the ACL internals out of the config parser.
2010-01-28 11:12:36 -05:00
if (strcmp(args[1], "if") != 0 && strcmp(args[1], "unless") != 0) {
[MINOR] add the "force-persist" statement to force persistence on down servers This is used to force access to down servers for some requests. This is useful when validating that a change on a server correctly works before enabling the server again.
2010-01-22 13:10:05 -05:00
Alert("parsing [%s:%d] : '%s' requires either 'if' or 'unless' followed by a condition.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
if ((cond = build_acl_cond(file, linenum, curproxy, (const char **)args + 1, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing a '%s' rule : %s.\n",
file, linenum, args[0], errmsg);
[MINOR] add the "force-persist" statement to force persistence on down servers This is used to force access to down servers for some requests. This is useful when validating that a change on a server correctly works before enabling the server again.
2010-01-22 13:10:05 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
/* note: BE_REQ_CNT is the first one after FE_SET_BCK, which is
* where force-persist is applied.
*/
err_code |= warnif_cond_conflicts(cond, SMP_VAL_BE_REQ_CNT, file, linenum);
[MINOR] add the "force-persist" statement to force persistence on down servers This is used to force access to down servers for some requests. This is useful when validating that a change on a server correctly works before enabling the server again.
2010-01-22 13:10:05 -05:00
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
rule = calloc(1, sizeof(*rule));
[MINOR] add the "force-persist" statement to force persistence on down servers This is used to force access to down servers for some requests. This is useful when validating that a change on a server correctly works before enabling the server again.
2010-01-22 13:10:05 -05:00
rule->cond = cond;
[MINOR] add the "ignore-persist" option to conditionally ignore persistence This is used to disable persistence depending on some conditions (for example using an ACL matching static files or a specific User-Agent). You can see it as a complement to "force-persist". In the configuration file, the force-persist/ignore-persist declaration order define the rules priority. Used with the "appsesion" keyword, it can also help reducing memory usage, as the session won't be hashed the persistence is ignored.
2010-04-24 18:00:51 -04:00
if (!strcmp(args[0], "force-persist")) {
rule->type = PERSIST_TYPE_FORCE;
} else {
rule->type = PERSIST_TYPE_IGNORE;
}
[MINOR] add the "force-persist" statement to force persistence on down servers This is used to force access to down servers for some requests. This is useful when validating that a change on a server correctly works before enabling the server again.
2010-01-22 13:10:05 -05:00
LIST_INIT(&rule->list);
[MINOR] add the "ignore-persist" option to conditionally ignore persistence This is used to disable persistence depending on some conditions (for example using an ACL matching static files or a specific User-Agent). You can see it as a complement to "force-persist". In the configuration file, the force-persist/ignore-persist declaration order define the rules priority. Used with the "appsesion" keyword, it can also help reducing memory usage, as the session won't be hashed the persistence is ignored.
2010-04-24 18:00:51 -04:00
LIST_ADDQ(&curproxy->persist_rules, &rule->list);
[MINOR] add the "force-persist" statement to force persistence on down servers This is used to force access to down servers for some requests. This is useful when validating that a change on a server correctly works before enabling the server again.
2010-01-22 13:10:05 -05:00
}
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
else if (!strcmp(args[0], "stick-table")) {
int myidx = 1;
MEDIUM: config: reject conflicts in table names A nasty situation happens when two tables have the same name. Since it is possible to declare a table in a frontend and another one in a backend, this situation may happen and result in a random behaviour each time a table is designated in a "stick" or "track" rule. Let's make sure this is properly detected and stopped. Such a config will now report : [ALERT] 145/104933 (31571) : parsing [prx.cfg:36] : stick-table name 't' conflicts with table declared in frontend 't' at prx.cfg:30. [ALERT] 145/104933 (31571) : Error(s) found in configuration file : prx.cfg [ALERT] 145/104933 (31571) : Fatal errors found in configuration.
2015-05-26 04:49:46 -04:00
struct proxy *other;
MEDIUM: stick-table: remove the now duplicate find_stktable() function Since proxy_tbl_by_name() already does the same job, let's not keep duplicate functions and use this one only.
2015-05-26 06:08:07 -04:00
other = proxy_tbl_by_name(curproxy->id);
MEDIUM: config: reject conflicts in table names A nasty situation happens when two tables have the same name. Since it is possible to declare a table in a frontend and another one in a backend, this situation may happen and result in a random behaviour each time a table is designated in a "stick" or "track" rule. Let's make sure this is properly detected and stopped. Such a config will now report : [ALERT] 145/104933 (31571) : parsing [prx.cfg:36] : stick-table name 't' conflicts with table declared in frontend 't' at prx.cfg:30. [ALERT] 145/104933 (31571) : Error(s) found in configuration file : prx.cfg [ALERT] 145/104933 (31571) : Fatal errors found in configuration.
2015-05-26 04:49:46 -04:00
if (other) {
Alert("parsing [%s:%d] : stick-table name '%s' conflicts with table declared in %s '%s' at %s:%d.\n",
file, linenum, curproxy->id, proxy_type_str(other), other->id, other->conf.file, other->conf.line);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
curproxy->table.id = curproxy->id;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
curproxy->table.type = (unsigned int)-1;
while (*args[myidx]) {
const char *err;
if (strcmp(args[myidx], "size") == 0) {
myidx++;
if (!*(args[myidx])) {
Alert("parsing [%s:%d] : stick-table: missing argument after '%s'.\n",
file, linenum, args[myidx-1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if ((err = parse_size_err(args[myidx], &curproxy->table.size))) {
Alert("parsing [%s:%d] : stick-table: unexpected character '%c' in argument of '%s'.\n",
file, linenum, *err, args[myidx-1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MINOR] config: off-by-one in "stick-table" after list of converters
2010-01-26 12:36:26 -05:00
myidx++;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
else if (strcmp(args[myidx], "peers") == 0) {
myidx++;
CLEANUP: code style: use tabs to indent codes The original codes are indented by spaces and not aligned with the former line. It should be a convention to indent by tabs in HAProxy. Signed-off-by: Godbach <nylzhaowei@gmail.com>
2013-12-11 06:48:57 -05:00
if (!*(args[myidx])) {
CLEANUP: code style: use tabs to indent codes instead of spaces Signed-off-by: Godbach <nylzhaowei@gmail.com>
2014-04-21 09:52:23 -04:00
Alert("parsing [%s:%d] : stick-table: missing argument after '%s'.\n",
file, linenum, args[myidx-1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
CLEANUP: code style: use tabs to indent codes The original codes are indented by spaces and not aligned with the former line. It should be a convention to indent by tabs in HAProxy. Signed-off-by: Godbach <nylzhaowei@gmail.com>
2013-12-11 06:48:57 -05:00
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
curproxy->table.peers.name = strdup(args[myidx++]);
}
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
else if (strcmp(args[myidx], "expire") == 0) {
myidx++;
if (!*(args[myidx])) {
Alert("parsing [%s:%d] : stick-table: missing argument after '%s'.\n",
file, linenum, args[myidx-1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
err = parse_time_err(args[myidx], &val, TIME_UNIT_MS);
if (err) {
Alert("parsing [%s:%d] : stick-table: unexpected character '%c' in argument of '%s'.\n",
file, linenum, *err, args[myidx-1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
BUG/MEDIUM: config: Adding validation to stick-table expire value. If the expire value exceedes the maximum value clients are not added to the stick table.
2016-01-20 04:44:39 -05:00
if (val > INT_MAX) {
Alert("parsing [%s:%d] : Expire value [%u]ms exceeds maxmimum value of 24.85 days.\n",
file, linenum, val);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
curproxy->table.expire = val;
[MINOR] config: off-by-one in "stick-table" after list of converters
2010-01-26 12:36:26 -05:00
myidx++;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
}
else if (strcmp(args[myidx], "nopurge") == 0) {
curproxy->table.nopurge = 1;
[MINOR] config: off-by-one in "stick-table" after list of converters
2010-01-26 12:36:26 -05:00
myidx++;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
}
else if (strcmp(args[myidx], "type") == 0) {
myidx++;
if (stktable_parse_type(args, &myidx, &curproxy->table.type, &curproxy->table.key_size) != 0) {
Alert("parsing [%s:%d] : stick-table: unknown type '%s'.\n",
file, linenum, args[myidx]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MINOR] config: off-by-one in "stick-table" after list of converters
2010-01-26 12:36:26 -05:00
/* myidx already points to next arg */
}
[MEDIUM] stick_table: add room for extra data types The stick_tables will now be able to store extra data for a same key. A limited set of extra data types will be defined and for each of them an offset in the sticky session will be assigned at startup time. All of this information will be stored in the stick table. The extra data types will have to be specified after the new "store" keyword of the "stick-table" directive, which will reserve some space for them.
2010-06-06 07:34:54 -04:00
else if (strcmp(args[myidx], "store") == 0) {
[MEDIUM] stick-tables: add stored data argument type checking We're now able to return errors based on the validity of an argument passed to a stick-table store data type. We also support ARG_T_DELAY to pass delays to stored data types (eg: for rate counters).
2010-06-20 04:41:54 -04:00
int type, err;
[MEDIUM] stick-tables: add support for arguments to data_types Some data types will require arguments (eg: period for a rate counter). This patch adds support for such arguments between parenthesis in the "store" directive of the stick-table statement. Right now only integers are supported.
2010-06-20 03:11:39 -04:00
char *cw, *nw, *sa;
[MEDIUM] stick_table: add room for extra data types The stick_tables will now be able to store extra data for a same key. A limited set of extra data types will be defined and for each of them an offset in the sticky session will be assigned at startup time. All of this information will be stored in the stick table. The extra data types will have to be specified after the new "store" keyword of the "stick-table" directive, which will reserve some space for them.
2010-06-06 07:34:54 -04:00
myidx++;
[MINOR] config: support a comma-separated list of store data types in stick-table Sometimes we need to store many data types in stick-tables. Let's support a comma-separated list instead of repeating "store" with each keyword.
2010-06-19 01:12:36 -04:00
nw = args[myidx];
while (*nw) {
/* the "store" keyword supports a comma-separated list */
cw = nw;
[MEDIUM] stick-tables: add support for arguments to data_types Some data types will require arguments (eg: period for a rate counter). This patch adds support for such arguments between parenthesis in the "store" directive of the stick-table statement. Right now only integers are supported.
2010-06-20 03:11:39 -04:00
sa = NULL; /* store arg */
while (*nw && *nw != ',') {
if (*nw == '(') {
*nw = 0;
sa = ++nw;
while (*nw != ')') {
if (!*nw) {
Alert("parsing [%s:%d] : %s: missing closing parenthesis after store option '%s'.\n",
file, linenum, args[0], cw);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
nw++;
}
*nw = '\0';
}
[MINOR] config: support a comma-separated list of store data types in stick-table Sometimes we need to store many data types in stick-tables. Let's support a comma-separated list instead of repeating "store" with each keyword.
2010-06-19 01:12:36 -04:00
nw++;
[MEDIUM] stick-tables: add support for arguments to data_types Some data types will require arguments (eg: period for a rate counter). This patch adds support for such arguments between parenthesis in the "store" directive of the stick-table statement. Right now only integers are supported.
2010-06-20 03:11:39 -04:00
}
[MINOR] config: support a comma-separated list of store data types in stick-table Sometimes we need to store many data types in stick-tables. Let's support a comma-separated list instead of repeating "store" with each keyword.
2010-06-19 01:12:36 -04:00
if (*nw)
*nw++ = '\0';
type = stktable_get_data_type(cw);
if (type < 0) {
Alert("parsing [%s:%d] : %s: unknown store option '%s'.\n",
file, linenum, args[0], cw);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MEDIUM] stick-tables: add stored data argument type checking We're now able to return errors based on the validity of an argument passed to a stick-table store data type. We also support ARG_T_DELAY to pass delays to stored data types (eg: for rate counters).
2010-06-20 04:41:54 -04:00
err = stktable_alloc_data_type(&curproxy->table, type, sa);
switch (err) {
case PE_NONE: break;
case PE_EXIST:
[MINOR] config: support a comma-separated list of store data types in stick-table Sometimes we need to store many data types in stick-tables. Let's support a comma-separated list instead of repeating "store" with each keyword.
2010-06-19 01:12:36 -04:00
Warning("parsing [%s:%d]: %s: store option '%s' already enabled, ignored.\n",
file, linenum, args[0], cw);
err_code |= ERR_WARN;
[MEDIUM] stick-tables: add stored data argument type checking We're now able to return errors based on the validity of an argument passed to a stick-table store data type. We also support ARG_T_DELAY to pass delays to stored data types (eg: for rate counters).
2010-06-20 04:41:54 -04:00
break;
case PE_ARG_MISSING:
Alert("parsing [%s:%d] : %s: missing argument to store option '%s'.\n",
file, linenum, args[0], cw);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
case PE_ARG_NOT_USED:
Alert("parsing [%s:%d] : %s: unexpected argument to store option '%s'.\n",
file, linenum, args[0], cw);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
default:
Alert("parsing [%s:%d] : %s: error when processing store option '%s'.\n",
file, linenum, args[0], cw);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] config: support a comma-separated list of store data types in stick-table Sometimes we need to store many data types in stick-tables. Let's support a comma-separated list instead of repeating "store" with each keyword.
2010-06-19 01:12:36 -04:00
}
[MEDIUM] stick_table: add room for extra data types The stick_tables will now be able to store extra data for a same key. A limited set of extra data types will be defined and for each of them an offset in the sticky session will be assigned at startup time. All of this information will be stored in the stick table. The extra data types will have to be specified after the new "store" keyword of the "stick-table" directive, which will reserve some space for them.
2010-06-06 07:34:54 -04:00
}
myidx++;
}
[MINOR] config: off-by-one in "stick-table" after list of converters
2010-01-26 12:36:26 -05:00
else {
Alert("parsing [%s:%d] : stick-table: unknown argument '%s'.\n",
file, linenum, args[myidx]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
}
}
if (!curproxy->table.size) {
Alert("parsing [%s:%d] : stick-table: missing size.\n",
file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (curproxy->table.type == (unsigned int)-1) {
Alert("parsing [%s:%d] : stick-table: missing type.\n",
file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
else if (!strcmp(args[0], "stick")) {
struct sticking_rule *rule;
REORG: use the name "sample" instead of "pattern" to designate extracted data This is mainly a massive renaming in the code to get it in line with the calling convention. Next patch will rename a few files to complete this operation.
2012-04-27 15:37:17 -04:00
struct sample_expr *expr;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
int myidx = 0;
const char *name = NULL;
int flags;
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) {
err_code |= ERR_WARN;
goto out;
}
myidx++;
if ((strcmp(args[myidx], "store") == 0) ||
(strcmp(args[myidx], "store-request") == 0)) {
myidx++;
flags = STK_IS_STORE;
}
else if (strcmp(args[myidx], "store-response") == 0) {
myidx++;
flags = STK_IS_STORE | STK_ON_RSP;
}
else if (strcmp(args[myidx], "match") == 0) {
myidx++;
flags = STK_IS_MATCH;
}
else if (strcmp(args[myidx], "on") == 0) {
myidx++;
flags = STK_IS_MATCH | STK_IS_STORE;
}
else {
Alert("parsing [%s:%d] : '%s' expects 'on', 'match', or 'store'.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (*(args[myidx]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a fetch method.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
curproxy->conf.args.ctx = ARGC_STK;
MINOR: configuration: File and line propagation This patch permits to communicate file and line of the configuration file at the configuration parser.
2014-02-11 08:00:19 -05:00
expr = sample_parse_expr(args, &myidx, file, linenum, &errmsg, &curproxy->conf.args);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
if (!expr) {
MINOR: sample: make sample_parse_expr() use memprintf() to report parse errors Doing so ensures that we're consistent between all the functions in the whole chain. This is important so that we can extract the argument parsing from this function.
2013-12-12 17:16:54 -05:00
Alert("parsing [%s:%d] : '%s': %s\n", file, linenum, args[0], errmsg);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (flags & STK_ON_RSP) {
MEDIUM: samples: use new flags to describe compatibility between fetches and their usages Samples fetches were relying on two flags SMP_CAP_REQ/SMP_CAP_RES to describe whether they were compatible with requests rules or with response rules. This was never reliable because we need a finer granularity (eg: an HTTP request method needs to parse an HTTP request, and is available past this point). Some fetches are also dependant on the context (eg: "hdr" uses request or response depending where it's involved, causing some abiguity). In order to solve this, we need to precisely indicate in fetches what they use, and their users will have to compare with what they have. So now we have a bunch of bits indicating where the sample is fetched in the processing chain, with a few variants indicating for some of them if it is permanent or volatile (eg: an HTTP status is stored into the transaction so it is permanent, despite being caught in the response contents). The fetches also have a second mask indicating their validity domain. This one is computed from a conversion table at registration time, so there is no need for doing it by hand. This validity domain consists in a bitmask with one bit set for each usage point in the processing chain. Some provisions were made for upcoming controls such as connection-based TCP rules which apply on top of the connection layer but before instantiating the session. Then everywhere a fetch is used, the bit for the control point is checked in the fetch's validity domain, and it becomes possible to finely ensure that a fetch will work or not. Note that we need these two separate bitfields because some fetches are usable both in request and response (eg: "hdr", "payload"). So the keyword will have a "use" field made of a combination of several SMP_USE_* values, which will be converted into a wider list of SMP_VAL_* flags. The knowledge of permanent vs dynamic information has disappeared for now, as it was never used. Later we'll probably reintroduce it differently when dealing with variables. Its only use at the moment could have been to avoid caching a dynamic rate measurement, but nothing is cached as of now.
2013-01-07 09:42:20 -05:00
if (!(expr->fetch->val & SMP_VAL_BE_STO_RUL)) {
Alert("parsing [%s:%d] : '%s': fetch method '%s' extracts information from '%s', none of which is available for 'store-response'.\n",
file, linenum, args[0], expr->fetch->kw, sample_src_names(expr->fetch->use));
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
[MINOR] Consistently free expr on error in cfg_parse_listen() It seems to me that without this change cfg_parse_listen() may leak memory.
2011-07-15 00:14:07 -04:00
free(expr);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
goto out;
}
} else {
MEDIUM: samples: use new flags to describe compatibility between fetches and their usages Samples fetches were relying on two flags SMP_CAP_REQ/SMP_CAP_RES to describe whether they were compatible with requests rules or with response rules. This was never reliable because we need a finer granularity (eg: an HTTP request method needs to parse an HTTP request, and is available past this point). Some fetches are also dependant on the context (eg: "hdr" uses request or response depending where it's involved, causing some abiguity). In order to solve this, we need to precisely indicate in fetches what they use, and their users will have to compare with what they have. So now we have a bunch of bits indicating where the sample is fetched in the processing chain, with a few variants indicating for some of them if it is permanent or volatile (eg: an HTTP status is stored into the transaction so it is permanent, despite being caught in the response contents). The fetches also have a second mask indicating their validity domain. This one is computed from a conversion table at registration time, so there is no need for doing it by hand. This validity domain consists in a bitmask with one bit set for each usage point in the processing chain. Some provisions were made for upcoming controls such as connection-based TCP rules which apply on top of the connection layer but before instantiating the session. Then everywhere a fetch is used, the bit for the control point is checked in the fetch's validity domain, and it becomes possible to finely ensure that a fetch will work or not. Note that we need these two separate bitfields because some fetches are usable both in request and response (eg: "hdr", "payload"). So the keyword will have a "use" field made of a combination of several SMP_USE_* values, which will be converted into a wider list of SMP_VAL_* flags. The knowledge of permanent vs dynamic information has disappeared for now, as it was never used. Later we'll probably reintroduce it differently when dealing with variables. Its only use at the moment could have been to avoid caching a dynamic rate measurement, but nothing is cached as of now.
2013-01-07 09:42:20 -05:00
if (!(expr->fetch->val & SMP_VAL_BE_SET_SRV)) {
Alert("parsing [%s:%d] : '%s': fetch method '%s' extracts information from '%s', none of which is available during request.\n",
file, linenum, args[0], expr->fetch->kw, sample_src_names(expr->fetch->use));
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
[MINOR] Consistently free expr on error in cfg_parse_listen() It seems to me that without this change cfg_parse_listen() may leak memory.
2011-07-15 00:14:07 -04:00
free(expr);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
goto out;
}
}
BUG/MAJOR: ensure that hdr_idx is always reserved when L7 fetches are used Baptiste Assmann reported a bug causing a crash on recent versions when sticking rules were set on layer 7 in a TCP proxy. The bug is easier to reproduce with the "defer-accept" option on the "bind" line in order to have some contents to parse when the connection is accepted. The issue is that the acl_prefetch_http() function called from HTTP fetches relies on hdr_idx to be preinitialized, which is not the case if there is no L7 ACL. The solution consists in adding a new SMP_CAP_L7 flag to fetches to indicate that they are expected to work on L7 data, so that the proxy knows that the hdr_idx has to be initialized. This is already how ACL and HTTP mode are handled. The bug was present since 1.5-dev9.
2012-10-05 16:41:26 -04:00
/* check if we need to allocate an hdr_idx struct for HTTP parsing */
MEDIUM: proxy: remove acl_requires and just keep a flag "http_needed" Proxy's acl_requires was a copy of all bits taken from ACLs, but we'll get rid of ACL flags and only rely on sample fetches soon. The proxy's acl_requires was only used to allocate an HTTP context when needed, and was even forced in HTTP mode. So better have a flag which exactly says what it's supposed to be used for.
2013-03-24 02:22:08 -04:00
curproxy->http_needed |= !!(expr->fetch->use & SMP_USE_HTTP_ANY);
BUG/MAJOR: ensure that hdr_idx is always reserved when L7 fetches are used Baptiste Assmann reported a bug causing a crash on recent versions when sticking rules were set on layer 7 in a TCP proxy. The bug is easier to reproduce with the "defer-accept" option on the "bind" line in order to have some contents to parse when the connection is accepted. The issue is that the acl_prefetch_http() function called from HTTP fetches relies on hdr_idx to be preinitialized, which is not the case if there is no L7 ACL. The solution consists in adding a new SMP_CAP_L7 flag to fetches to indicate that they are expected to work on L7 data, so that the proxy knows that the hdr_idx has to be initialized. This is already how ACL and HTTP mode are handled. The bug was present since 1.5-dev9.
2012-10-05 16:41:26 -04:00
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
if (strcmp(args[myidx], "table") == 0) {
myidx++;
name = args[myidx++];
}
[CLEANUP] config: use build_acl_cond() instead of parse_acl_cond() This allows to clean up the code a little bit by moving some of the ACL internals out of the config parser.
2010-01-28 11:12:36 -05:00
if (strcmp(args[myidx], "if") == 0 || strcmp(args[myidx], "unless") == 0) {
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
if ((cond = build_acl_cond(file, linenum, curproxy, (const char **)args + myidx, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : '%s': error detected while parsing sticking condition : %s.\n",
file, linenum, args[0], errmsg);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
[MINOR] Consistently free expr on error in cfg_parse_listen() It seems to me that without this change cfg_parse_listen() may leak memory.
2011-07-15 00:14:07 -04:00
free(expr);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
goto out;
}
}
[CLEANUP] config: use build_acl_cond() instead of parse_acl_cond() This allows to clean up the code a little bit by moving some of the ACL internals out of the config parser.
2010-01-28 11:12:36 -05:00
else if (*(args[myidx])) {
Alert("parsing [%s:%d] : '%s': unknown keyword '%s'.\n",
file, linenum, args[0], args[myidx]);
err_code |= ERR_ALERT | ERR_FATAL;
[MINOR] Consistently free expr on error in cfg_parse_listen() It seems to me that without this change cfg_parse_listen() may leak memory.
2011-07-15 00:14:07 -04:00
free(expr);
[CLEANUP] config: use build_acl_cond() instead of parse_acl_cond() This allows to clean up the code a little bit by moving some of the ACL internals out of the config parser.
2010-01-28 11:12:36 -05:00
goto out;
}
[MEDIUM] Implement tcp inspect response rules
2010-09-23 11:56:44 -04:00
if (flags & STK_ON_RSP)
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(cond, SMP_VAL_BE_STO_RUL, file, linenum);
[MEDIUM] Implement tcp inspect response rules
2010-09-23 11:56:44 -04:00
else
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(cond, SMP_VAL_BE_SET_SRV, file, linenum);
[CLEANUP] config: use warnif_cond_requires_resp() to check for bad ACLs Factor out some repetitive copy-pasted code to check for request ACLs validity.
2010-01-28 11:59:39 -05:00
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
rule = calloc(1, sizeof(*rule));
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
rule->cond = cond;
rule->expr = expr;
rule->flags = flags;
rule->table.name = name ? strdup(name) : NULL;
LIST_INIT(&rule->list);
if (flags & STK_ON_RSP)
LIST_ADDQ(&curproxy->storersp_rules, &rule->list);
else
LIST_ADDQ(&curproxy->sticking_rules, &rule->list);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "stats")) {
if (curproxy != &defproxy && curproxy->uri_auth == defproxy.uri_auth)
curproxy->uri_auth = NULL; /* we must detach from the default config */
[BUG] cfgparser/stats: fix error message Fix the error message by unification and goto, previously we had two independent lists of supported keywords and were raporting 'stats' instead of a wrong keyword. Code: stats wrong-keyword stats Before: [ALERT] 005/163032 (27175) : parsing [haproxy.cfg:248] : unknown stats parameter 'stats' (expects 'hide-version', 'uri', 'realm', 'auth' or 'enable'). [ALERT] 005/163032 (27175) : parsing [haproxy.cfg:249] : 'stats' expects 'uri', 'realm', 'auth', 'scope' or 'enable', 'hide-version', 'show-node', 'show-desc', 'show-legends'. After: [ALERT] 005/162841 (22710) : parsing [haproxy.cfg:248]: unknown stats parameter 'wrong-keyword', expects 'uri', 'realm', 'auth', 'scope', 'enable', 'hide-version', 'show-node', 'show-desc' or 'show-legends'. [ALERT] 005/162841 (22710) : parsing [haproxy.cfg:249]: missing keyword in 'stats', expects 'uri', 'realm', 'auth', 'scope', 'enable', 'hide-version', 'show-node', 'show-desc' or 'show-legends'.
2010-01-06 10:25:05 -05:00
if (!*args[1]) {
goto stats_error_parsing;
[MEDIUM] stats: add an admin level The stats web interface must be read-only by default to prevent security holes. As it is now allowed to enable/disable servers, a new keyword "stats admin" is introduced to activate this admin level, conditioned by ACLs. (cherry picked from commit 5334bab92ca7debe36df69983c19c21b6dc63f78)
2010-10-11 18:14:36 -04:00
} else if (!strcmp(args[1], "admin")) {
struct stats_admin_rule *rule;
if (curproxy == &defproxy) {
Alert("parsing [%s:%d]: '%s %s' not allowed in 'defaults' section.\n", file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (!stats_check_init_uri_auth(&curproxy->uri_auth)) {
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
if (strcmp(args[2], "if") != 0 && strcmp(args[2], "unless") != 0) {
Alert("parsing [%s:%d] : '%s %s' requires either 'if' or 'unless' followed by a condition.\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
if ((cond = build_acl_cond(file, linenum, curproxy, (const char **)args + 2, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing a '%s %s' rule : %s.\n",
file, linenum, args[0], args[1], errmsg);
[MEDIUM] stats: add an admin level The stats web interface must be read-only by default to prevent security holes. As it is now allowed to enable/disable servers, a new keyword "stats admin" is introduced to activate this admin level, conditioned by ACLs. (cherry picked from commit 5334bab92ca7debe36df69983c19c21b6dc63f78)
2010-10-11 18:14:36 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(cond,
(curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
file, linenum);
[MEDIUM] stats: add an admin level The stats web interface must be read-only by default to prevent security holes. As it is now allowed to enable/disable servers, a new keyword "stats admin" is introduced to activate this admin level, conditioned by ACLs. (cherry picked from commit 5334bab92ca7debe36df69983c19c21b6dc63f78)
2010-10-11 18:14:36 -04:00
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
rule = calloc(1, sizeof(*rule));
[MEDIUM] stats: add an admin level The stats web interface must be read-only by default to prevent security holes. As it is now allowed to enable/disable servers, a new keyword "stats admin" is introduced to activate this admin level, conditioned by ACLs. (cherry picked from commit 5334bab92ca7debe36df69983c19c21b6dc63f78)
2010-10-11 18:14:36 -04:00
rule->cond = cond;
LIST_INIT(&rule->list);
LIST_ADDQ(&curproxy->uri_auth->admin_rules, &rule->list);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else if (!strcmp(args[1], "uri")) {
if (*(args[2]) == 0) {
Alert("parsing [%s:%d] : 'uri' needs an URI prefix.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else if (!stats_set_uri(&curproxy->uri_auth, args[2])) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
} else if (!strcmp(args[1], "realm")) {
if (*(args[2]) == 0) {
Alert("parsing [%s:%d] : 'realm' needs an realm name.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else if (!stats_set_realm(&curproxy->uri_auth, args[2])) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
[MINOR] stats: add a new node-name setting The new "node-name" stats setting enables reporting of a node ID on the stats page. It is possible to return the system's host name as well as a specific name.
2009-08-16 04:29:18 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
[MINOR] add support for "stats refresh <interval>" Sometimes it may be desirable to automatically refresh the stats page. Most browsers support the "Refresh:" header with an interval in seconds. Specifying "stats refresh xxx" will automatically add this header.
2007-07-25 01:26:38 -04:00
} else if (!strcmp(args[1], "refresh")) {
[MEDIUM] add support for time units in the configuration It is not always handy to manipulate large values exprimed in milliseconds for timeouts. Also, some values are entered in seconds (such as the stats refresh interval). This patch adds support for time units. It knows about 'us', 'ms', 's', 'm', 'h', and 'd'. It automatically converts each value into the caller's expected unit. Unit-less values are still passed unchanged. The unit must be passed as a suffix to the number. For instance: clitimeout 15m If any character is not understood, an error is returned.
2007-12-02 16:15:14 -05:00
unsigned interval;
err = parse_time_err(args[2], &interval, TIME_UNIT_S);
if (err) {
Alert("parsing [%s:%d] : unexpected character '%c' in stats refresh interval.\n",
file, linenum, *err);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] add support for "stats refresh <interval>" Sometimes it may be desirable to automatically refresh the stats page. Most browsers support the "Refresh:" header with an interval in seconds. Specifying "stats refresh xxx" will automatically add this header.
2007-07-25 01:26:38 -04:00
} else if (!stats_set_refresh(&curproxy->uri_auth, interval)) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
[MINOR] add support for "stats refresh <interval>" Sometimes it may be desirable to automatically refresh the stats page. Most browsers support the "Refresh:" header with an interval in seconds. Specifying "stats refresh xxx" will automatically add this header.
2007-07-25 01:26:38 -04:00
}
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
} else if (!strcmp(args[1], "http-request")) { /* request access control: allow/deny/auth */
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
struct act_rule *rule;
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (!stats_check_init_uri_auth(&curproxy->uri_auth)) {
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
if (!LIST_ISEMPTY(&curproxy->uri_auth->http_req_rules) &&
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
!LIST_PREV(&curproxy->uri_auth->http_req_rules, struct act_rule *, list)->cond) {
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
Warning("parsing [%s:%d]: previous '%s' action has no condition attached, further entries are NOOP.\n",
file, linenum, args[0]);
err_code |= ERR_WARN;
}
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
rule = parse_http_req_cond((const char **)args + 2, file, linenum, curproxy);
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
if (!rule) {
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(rule->cond,
(curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
file, linenum);
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
LIST_ADDQ(&curproxy->uri_auth->http_req_rules, &rule->list);
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else if (!strcmp(args[1], "auth")) {
if (*(args[2]) == 0) {
Alert("parsing [%s:%d] : 'auth' needs a user:password account.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else if (!stats_add_auth(&curproxy->uri_auth, args[2])) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
} else if (!strcmp(args[1], "scope")) {
if (*(args[2]) == 0) {
Alert("parsing [%s:%d] : 'scope' needs a proxy name.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else if (!stats_add_scope(&curproxy->uri_auth, args[2])) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
} else if (!strcmp(args[1], "enable")) {
if (!stats_check_init_uri_auth(&curproxy->uri_auth)) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] report haproxy's version by default on the stats page For people who manage many haproxies, it is sometimes convenient to be informed of their version. This patch adds this, with the option to disable this report by specifying "stats hide-version". Also, the feature may be permanently disabled by setting the STATS_VERSION_STRING to "" (empty string), or the format can simply be adjusted.
2007-10-15 04:05:11 -04:00
} else if (!strcmp(args[1], "hide-version")) {
if (!stats_set_flag(&curproxy->uri_auth, ST_HIDEVER)) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
[MINOR] report haproxy's version by default on the stats page For people who manage many haproxies, it is sometimes convenient to be informed of their version. This patch adds this, with the option to disable this report by specifying "stats hide-version". Also, the feature may be permanently disabled by setting the STATS_VERSION_STRING to "" (empty string), or the format can simply be adjusted.
2007-10-15 04:05:11 -04:00
}
[MINOR]: stats: add show-legends to report additional informations Supported informations, available via "tr/td title": - cap: capabilities (proxy) - mode: one of tcp, http or health (proxy) - id: SNMP ID (proxy, socket, server) - IP (socket, server) - cookie (backend, server)
2010-01-04 10:03:09 -05:00
} else if (!strcmp(args[1], "show-legends")) {
if (!stats_set_flag(&curproxy->uri_auth, ST_SHLGNDS)) {
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
} else if (!strcmp(args[1], "show-node")) {
if (*args[2]) {
int i;
char c;
for (i=0; args[2][i]; i++) {
c = args[2][i];
[BUILD] fix some build warnings on Solaris with is* macros isalnum, isdigit and friends are really annoying because they take an int in which we should pass an unsigned char, while strings everywhere use chars. Solaris uses macros relying on an array for those functions, which easily triggers some warnings showing where we have mistakenly passed a char instead of an unsigned char or an int. Those warnings may indicate real bugs on some platforms depending on the implementation.
2010-03-02 18:16:00 -05:00
if (!isupper((unsigned char)c) && !islower((unsigned char)c) &&
!isdigit((unsigned char)c) && c != '_' && c != '-' && c != '.')
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
break;
}
if (!i || args[2][i]) {
Alert("parsing [%s:%d]: '%s %s' invalid node name - should be a string"
"with digits(0-9), letters(A-Z, a-z), hyphen(-) or underscode(_).\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
if (!stats_set_node(&curproxy->uri_auth, args[2])) {
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
} else if (!strcmp(args[1], "show-desc")) {
char *desc = NULL;
if (*args[2]) {
int i, len=0;
char *d;
BUILD/MEDIUM: cfgparse: get rid of sprintf() A few occurrences of sprintf() were causing harmless warnings on OpenBSD : src/cfgparse.o(.text+0x259e): In function `cfg_parse_global': src/cfgparse.c:1044: warning: sprintf() is often misused, please use snprintf() These ones were easy to get rid of, so better do it.
2014-04-14 09:00:39 -04:00
for (i = 2; *args[i]; i++)
len += strlen(args[i]) + 1;
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
desc = d = calloc(1, len);
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
BUILD/MEDIUM: cfgparse: get rid of sprintf() A few occurrences of sprintf() were causing harmless warnings on OpenBSD : src/cfgparse.o(.text+0x259e): In function `cfg_parse_global': src/cfgparse.c:1044: warning: sprintf() is often misused, please use snprintf() These ones were easy to get rid of, so better do it.
2014-04-14 09:00:39 -04:00
d += snprintf(d, desc + len - d, "%s", args[2]);
for (i = 3; *args[i]; i++)
d += snprintf(d, desc + len - d, " %s", args[i]);
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
}
if (!*args[2] && !global.desc)
Warning("parsing [%s:%d]: '%s' requires a parameter or 'desc' to be set in the global section.\n",
file, linenum, args[1]);
else {
if (!stats_set_desc(&curproxy->uri_auth, desc)) {
free(desc);
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
free(desc);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else {
[BUG] cfgparser/stats: fix error message Fix the error message by unification and goto, previously we had two independent lists of supported keywords and were raporting 'stats' instead of a wrong keyword. Code: stats wrong-keyword stats Before: [ALERT] 005/163032 (27175) : parsing [haproxy.cfg:248] : unknown stats parameter 'stats' (expects 'hide-version', 'uri', 'realm', 'auth' or 'enable'). [ALERT] 005/163032 (27175) : parsing [haproxy.cfg:249] : 'stats' expects 'uri', 'realm', 'auth', 'scope' or 'enable', 'hide-version', 'show-node', 'show-desc', 'show-legends'. After: [ALERT] 005/162841 (22710) : parsing [haproxy.cfg:248]: unknown stats parameter 'wrong-keyword', expects 'uri', 'realm', 'auth', 'scope', 'enable', 'hide-version', 'show-node', 'show-desc' or 'show-legends'. [ALERT] 005/162841 (22710) : parsing [haproxy.cfg:249]: missing keyword in 'stats', expects 'uri', 'realm', 'auth', 'scope', 'enable', 'hide-version', 'show-node', 'show-desc' or 'show-legends'.
2010-01-06 10:25:05 -05:00
stats_error_parsing:
[MEDIUM] stats: add an admin level The stats web interface must be read-only by default to prevent security holes. As it is now allowed to enable/disable servers, a new keyword "stats admin" is introduced to activate this admin level, conditioned by ACLs. (cherry picked from commit 5334bab92ca7debe36df69983c19c21b6dc63f78)
2010-10-11 18:14:36 -04:00
Alert("parsing [%s:%d]: %s '%s', expects 'admin', 'uri', 'realm', 'auth', 'scope', 'enable', 'hide-version', 'show-node', 'show-desc' or 'show-legends'.\n",
[BUG] cfgparser/stats: fix error message Fix the error message by unification and goto, previously we had two independent lists of supported keywords and were raporting 'stats' instead of a wrong keyword. Code: stats wrong-keyword stats Before: [ALERT] 005/163032 (27175) : parsing [haproxy.cfg:248] : unknown stats parameter 'stats' (expects 'hide-version', 'uri', 'realm', 'auth' or 'enable'). [ALERT] 005/163032 (27175) : parsing [haproxy.cfg:249] : 'stats' expects 'uri', 'realm', 'auth', 'scope' or 'enable', 'hide-version', 'show-node', 'show-desc', 'show-legends'. After: [ALERT] 005/162841 (22710) : parsing [haproxy.cfg:248]: unknown stats parameter 'wrong-keyword', expects 'uri', 'realm', 'auth', 'scope', 'enable', 'hide-version', 'show-node', 'show-desc' or 'show-legends'. [ALERT] 005/162841 (22710) : parsing [haproxy.cfg:249]: missing keyword in 'stats', expects 'uri', 'realm', 'auth', 'scope', 'enable', 'hide-version', 'show-node', 'show-desc' or 'show-legends'.
2010-01-06 10:25:05 -05:00
file, linenum, *args[1]?"unknown stats parameter":"missing keyword in", args[*args[1]?1:0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
else if (!strcmp(args[0], "option")) {
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
int optnum;
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
if (*(args[1]) == '\0') {
Alert("parsing [%s:%d]: '%s' expects an option name.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
for (optnum = 0; cfg_opts[optnum].name; optnum++) {
if (!strcmp(args[1], cfg_opts[optnum].name)) {
[MINOR] config: detect options not supported due to compilation options Some options depends on the target architecture or compilation options. When such an option is used on a compiled version that doesn't support it, it's probably better to identify it as an unsupported option due to compilation options instead of an unknown option. Edit: better check on the empty capability than on the option bits. -Willy
2010-11-01 14:26:00 -04:00
if (cfg_opts[optnum].cap == PR_CAP_NONE) {
Alert("parsing [%s:%d]: option '%s' is not supported due to build options.\n",
file, linenum, cfg_opts[optnum].name);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
if (warnifnotcap(curproxy, cfg_opts[optnum].cap, file, linenum, args[1], NULL)) {
err_code |= ERR_WARN;
goto out;
}
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
curproxy->no_options &= ~cfg_opts[optnum].val;
curproxy->options &= ~cfg_opts[optnum].val;
switch (kwm) {
case KWM_STD:
curproxy->options |= cfg_opts[optnum].val;
break;
case KWM_NO:
curproxy->no_options |= cfg_opts[optnum].val;
break;
case KWM_DEF: /* already cleared */
break;
[MINOR] config: track "no option"/"option" changes Sometimes we would want to implement implicit default options, but for this we need to be able to disable them, which requires to keep track of "no option" settings. With this change, an option explicitly disabled in a defaults section will still be seen as explicitly disabled. There should be no regression as nothing makes use of this yet.
2009-06-14 05:10:45 -04:00
}
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
}
}
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
for (optnum = 0; cfg_opts2[optnum].name; optnum++) {
if (!strcmp(args[1], cfg_opts2[optnum].name)) {
[MINOR] config: detect options not supported due to compilation options Some options depends on the target architecture or compilation options. When such an option is used on a compiled version that doesn't support it, it's probably better to identify it as an unsupported option due to compilation options instead of an unknown option. Edit: better check on the empty capability than on the option bits. -Willy
2010-11-01 14:26:00 -04:00
if (cfg_opts2[optnum].cap == PR_CAP_NONE) {
Alert("parsing [%s:%d]: option '%s' is not supported due to build options.\n",
file, linenum, cfg_opts2[optnum].name);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
if (warnifnotcap(curproxy, cfg_opts2[optnum].cap, file, linenum, args[1], NULL)) {
err_code |= ERR_WARN;
goto out;
}
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
curproxy->no_options2 &= ~cfg_opts2[optnum].val;
curproxy->options2 &= ~cfg_opts2[optnum].val;
switch (kwm) {
case KWM_STD:
curproxy->options2 |= cfg_opts2[optnum].val;
break;
case KWM_NO:
curproxy->no_options2 |= cfg_opts2[optnum].val;
break;
case KWM_DEF: /* already cleared */
break;
[MINOR] config: track "no option"/"option" changes Sometimes we would want to implement implicit default options, but for this we need to be able to disable them, which requires to keep track of "no option" settings. With this change, an option explicitly disabled in a defaults section will still be seen as explicitly disabled. There should be no regression as nothing makes use of this yet.
2009-06-14 05:10:45 -04:00
}
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
}
}
MAJOR: http: update connection mode configuration At the very beginning of haproxy, there was "option httpclose" to make haproxy add a "Connection: close" header in both directions to invite both sides to agree on closing the connection. It did not work with some rare products, so "option forceclose" was added to do the same and actively close the connection. Then client-side keep-alive was supported, so option http-server-close was introduced. Now we have keep-alive with a fourth option, not to mention the implicit tunnel mode. The connection configuration has become a total mess because all the options above may be combined together, despite almost everyone thinking they cancel each other, as judging from the common problem reports on the mailing list. Unfortunately, re-reading the doc shows that it's not clear at all that options may be combined, and the opposite seems more obvious since they're compared. The most common issue is options being set in the defaults section that are not negated in other sections, but are just combined when the user expects them to be overloaded. The migration to keep-alive by default will only make things worse. So let's start to address the first problem. A transaction can only work in 5 modes today : - tunnel : haproxy doesn't bother with what follows the first req/resp - passive close : option http-close - forced close : option forceclose - server close : option http-server-close with keep-alive on the client side - keep-alive : option http-keep-alive, end to end All 16 combination for each section fall into one of these cases. Same for the 256 combinations resulting from frontend+backend different modes. With this patch, we're doing something slightly different, which will not change anything for users with valid configs, and will only change the behaviour for users with unsafe configs. The principle is that these options may not combined anymore, and that the latest one always overrides all the other ones, including those inherited from the defaults section. The "no option xxx" statement is still supported to cancel one option and fall back to the default one. It is mainly needed to ignore defaults sections (eg: force the tunnel mode). The frontend+backend combinations have not changed. So for examplen the following configuration used to put the connection into forceclose : defaults http mode http option httpclose frontend foo. option http-server-close => http-server-close+httpclose = forceclose before this patch! Now the frontend's config replaces the defaults config and results in the more expected http-server-close. All 25 combinations of the 5 modes in (frontend,backend) have been successfully tested. In order to prepare for upcoming changes, a new "option http-tunnel" was added. It currently only voids all other options, and has the lowest precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
/* HTTP options override each other. They can be cancelled using
* "no option xxx" which only switches to default mode if the mode
* was this one (useful for cancelling options set in defaults
* sections).
*/
if (strcmp(args[1], "httpclose") == 0) {
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
MAJOR: http: update connection mode configuration At the very beginning of haproxy, there was "option httpclose" to make haproxy add a "Connection: close" header in both directions to invite both sides to agree on closing the connection. It did not work with some rare products, so "option forceclose" was added to do the same and actively close the connection. Then client-side keep-alive was supported, so option http-server-close was introduced. Now we have keep-alive with a fourth option, not to mention the implicit tunnel mode. The connection configuration has become a total mess because all the options above may be combined together, despite almost everyone thinking they cancel each other, as judging from the common problem reports on the mailing list. Unfortunately, re-reading the doc shows that it's not clear at all that options may be combined, and the opposite seems more obvious since they're compared. The most common issue is options being set in the defaults section that are not negated in other sections, but are just combined when the user expects them to be overloaded. The migration to keep-alive by default will only make things worse. So let's start to address the first problem. A transaction can only work in 5 modes today : - tunnel : haproxy doesn't bother with what follows the first req/resp - passive close : option http-close - forced close : option forceclose - server close : option http-server-close with keep-alive on the client side - keep-alive : option http-keep-alive, end to end All 16 combination for each section fall into one of these cases. Same for the 256 combinations resulting from frontend+backend different modes. With this patch, we're doing something slightly different, which will not change anything for users with valid configs, and will only change the behaviour for users with unsafe configs. The principle is that these options may not combined anymore, and that the latest one always overrides all the other ones, including those inherited from the defaults section. The "no option xxx" statement is still supported to cancel one option and fall back to the default one. It is mainly needed to ignore defaults sections (eg: force the tunnel mode). The frontend+backend combinations have not changed. So for examplen the following configuration used to put the connection into forceclose : defaults http mode http option httpclose frontend foo. option http-server-close => http-server-close+httpclose = forceclose before this patch! Now the frontend's config replaces the defaults config and results in the more expected http-server-close. All 25 combinations of the 5 modes in (frontend,backend) have been successfully tested. In order to prepare for upcoming changes, a new "option http-tunnel" was added. It currently only voids all other options, and has the lowest precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
if (kwm == KWM_STD) {
curproxy->options &= ~PR_O_HTTP_MODE;
curproxy->options |= PR_O_HTTP_PCL;
goto out;
}
else if (kwm == KWM_NO) {
if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL)
curproxy->options &= ~PR_O_HTTP_MODE;
goto out;
}
}
else if (strcmp(args[1], "forceclose") == 0) {
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
MAJOR: http: update connection mode configuration At the very beginning of haproxy, there was "option httpclose" to make haproxy add a "Connection: close" header in both directions to invite both sides to agree on closing the connection. It did not work with some rare products, so "option forceclose" was added to do the same and actively close the connection. Then client-side keep-alive was supported, so option http-server-close was introduced. Now we have keep-alive with a fourth option, not to mention the implicit tunnel mode. The connection configuration has become a total mess because all the options above may be combined together, despite almost everyone thinking they cancel each other, as judging from the common problem reports on the mailing list. Unfortunately, re-reading the doc shows that it's not clear at all that options may be combined, and the opposite seems more obvious since they're compared. The most common issue is options being set in the defaults section that are not negated in other sections, but are just combined when the user expects them to be overloaded. The migration to keep-alive by default will only make things worse. So let's start to address the first problem. A transaction can only work in 5 modes today : - tunnel : haproxy doesn't bother with what follows the first req/resp - passive close : option http-close - forced close : option forceclose - server close : option http-server-close with keep-alive on the client side - keep-alive : option http-keep-alive, end to end All 16 combination for each section fall into one of these cases. Same for the 256 combinations resulting from frontend+backend different modes. With this patch, we're doing something slightly different, which will not change anything for users with valid configs, and will only change the behaviour for users with unsafe configs. The principle is that these options may not combined anymore, and that the latest one always overrides all the other ones, including those inherited from the defaults section. The "no option xxx" statement is still supported to cancel one option and fall back to the default one. It is mainly needed to ignore defaults sections (eg: force the tunnel mode). The frontend+backend combinations have not changed. So for examplen the following configuration used to put the connection into forceclose : defaults http mode http option httpclose frontend foo. option http-server-close => http-server-close+httpclose = forceclose before this patch! Now the frontend's config replaces the defaults config and results in the more expected http-server-close. All 25 combinations of the 5 modes in (frontend,backend) have been successfully tested. In order to prepare for upcoming changes, a new "option http-tunnel" was added. It currently only voids all other options, and has the lowest precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
if (kwm == KWM_STD) {
curproxy->options &= ~PR_O_HTTP_MODE;
curproxy->options |= PR_O_HTTP_FCL;
goto out;
}
else if (kwm == KWM_NO) {
if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_FCL)
curproxy->options &= ~PR_O_HTTP_MODE;
goto out;
}
}
else if (strcmp(args[1], "http-server-close") == 0) {
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
MAJOR: http: update connection mode configuration At the very beginning of haproxy, there was "option httpclose" to make haproxy add a "Connection: close" header in both directions to invite both sides to agree on closing the connection. It did not work with some rare products, so "option forceclose" was added to do the same and actively close the connection. Then client-side keep-alive was supported, so option http-server-close was introduced. Now we have keep-alive with a fourth option, not to mention the implicit tunnel mode. The connection configuration has become a total mess because all the options above may be combined together, despite almost everyone thinking they cancel each other, as judging from the common problem reports on the mailing list. Unfortunately, re-reading the doc shows that it's not clear at all that options may be combined, and the opposite seems more obvious since they're compared. The most common issue is options being set in the defaults section that are not negated in other sections, but are just combined when the user expects them to be overloaded. The migration to keep-alive by default will only make things worse. So let's start to address the first problem. A transaction can only work in 5 modes today : - tunnel : haproxy doesn't bother with what follows the first req/resp - passive close : option http-close - forced close : option forceclose - server close : option http-server-close with keep-alive on the client side - keep-alive : option http-keep-alive, end to end All 16 combination for each section fall into one of these cases. Same for the 256 combinations resulting from frontend+backend different modes. With this patch, we're doing something slightly different, which will not change anything for users with valid configs, and will only change the behaviour for users with unsafe configs. The principle is that these options may not combined anymore, and that the latest one always overrides all the other ones, including those inherited from the defaults section. The "no option xxx" statement is still supported to cancel one option and fall back to the default one. It is mainly needed to ignore defaults sections (eg: force the tunnel mode). The frontend+backend combinations have not changed. So for examplen the following configuration used to put the connection into forceclose : defaults http mode http option httpclose frontend foo. option http-server-close => http-server-close+httpclose = forceclose before this patch! Now the frontend's config replaces the defaults config and results in the more expected http-server-close. All 25 combinations of the 5 modes in (frontend,backend) have been successfully tested. In order to prepare for upcoming changes, a new "option http-tunnel" was added. It currently only voids all other options, and has the lowest precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
if (kwm == KWM_STD) {
curproxy->options &= ~PR_O_HTTP_MODE;
curproxy->options |= PR_O_HTTP_SCL;
goto out;
}
else if (kwm == KWM_NO) {
if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_SCL)
curproxy->options &= ~PR_O_HTTP_MODE;
goto out;
}
}
else if (strcmp(args[1], "http-keep-alive") == 0) {
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
MAJOR: http: update connection mode configuration At the very beginning of haproxy, there was "option httpclose" to make haproxy add a "Connection: close" header in both directions to invite both sides to agree on closing the connection. It did not work with some rare products, so "option forceclose" was added to do the same and actively close the connection. Then client-side keep-alive was supported, so option http-server-close was introduced. Now we have keep-alive with a fourth option, not to mention the implicit tunnel mode. The connection configuration has become a total mess because all the options above may be combined together, despite almost everyone thinking they cancel each other, as judging from the common problem reports on the mailing list. Unfortunately, re-reading the doc shows that it's not clear at all that options may be combined, and the opposite seems more obvious since they're compared. The most common issue is options being set in the defaults section that are not negated in other sections, but are just combined when the user expects them to be overloaded. The migration to keep-alive by default will only make things worse. So let's start to address the first problem. A transaction can only work in 5 modes today : - tunnel : haproxy doesn't bother with what follows the first req/resp - passive close : option http-close - forced close : option forceclose - server close : option http-server-close with keep-alive on the client side - keep-alive : option http-keep-alive, end to end All 16 combination for each section fall into one of these cases. Same for the 256 combinations resulting from frontend+backend different modes. With this patch, we're doing something slightly different, which will not change anything for users with valid configs, and will only change the behaviour for users with unsafe configs. The principle is that these options may not combined anymore, and that the latest one always overrides all the other ones, including those inherited from the defaults section. The "no option xxx" statement is still supported to cancel one option and fall back to the default one. It is mainly needed to ignore defaults sections (eg: force the tunnel mode). The frontend+backend combinations have not changed. So for examplen the following configuration used to put the connection into forceclose : defaults http mode http option httpclose frontend foo. option http-server-close => http-server-close+httpclose = forceclose before this patch! Now the frontend's config replaces the defaults config and results in the more expected http-server-close. All 25 combinations of the 5 modes in (frontend,backend) have been successfully tested. In order to prepare for upcoming changes, a new "option http-tunnel" was added. It currently only voids all other options, and has the lowest precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
if (kwm == KWM_STD) {
curproxy->options &= ~PR_O_HTTP_MODE;
curproxy->options |= PR_O_HTTP_KAL;
goto out;
}
else if (kwm == KWM_NO) {
if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_KAL)
curproxy->options &= ~PR_O_HTTP_MODE;
goto out;
}
}
else if (strcmp(args[1], "http-tunnel") == 0) {
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
MAJOR: http: update connection mode configuration At the very beginning of haproxy, there was "option httpclose" to make haproxy add a "Connection: close" header in both directions to invite both sides to agree on closing the connection. It did not work with some rare products, so "option forceclose" was added to do the same and actively close the connection. Then client-side keep-alive was supported, so option http-server-close was introduced. Now we have keep-alive with a fourth option, not to mention the implicit tunnel mode. The connection configuration has become a total mess because all the options above may be combined together, despite almost everyone thinking they cancel each other, as judging from the common problem reports on the mailing list. Unfortunately, re-reading the doc shows that it's not clear at all that options may be combined, and the opposite seems more obvious since they're compared. The most common issue is options being set in the defaults section that are not negated in other sections, but are just combined when the user expects them to be overloaded. The migration to keep-alive by default will only make things worse. So let's start to address the first problem. A transaction can only work in 5 modes today : - tunnel : haproxy doesn't bother with what follows the first req/resp - passive close : option http-close - forced close : option forceclose - server close : option http-server-close with keep-alive on the client side - keep-alive : option http-keep-alive, end to end All 16 combination for each section fall into one of these cases. Same for the 256 combinations resulting from frontend+backend different modes. With this patch, we're doing something slightly different, which will not change anything for users with valid configs, and will only change the behaviour for users with unsafe configs. The principle is that these options may not combined anymore, and that the latest one always overrides all the other ones, including those inherited from the defaults section. The "no option xxx" statement is still supported to cancel one option and fall back to the default one. It is mainly needed to ignore defaults sections (eg: force the tunnel mode). The frontend+backend combinations have not changed. So for examplen the following configuration used to put the connection into forceclose : defaults http mode http option httpclose frontend foo. option http-server-close => http-server-close+httpclose = forceclose before this patch! Now the frontend's config replaces the defaults config and results in the more expected http-server-close. All 25 combinations of the 5 modes in (frontend,backend) have been successfully tested. In order to prepare for upcoming changes, a new "option http-tunnel" was added. It currently only voids all other options, and has the lowest precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
if (kwm == KWM_STD) {
curproxy->options &= ~PR_O_HTTP_MODE;
curproxy->options |= PR_O_HTTP_TUN;
goto out;
}
else if (kwm == KWM_NO) {
if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_TUN)
curproxy->options &= ~PR_O_HTTP_MODE;
goto out;
}
}
MEDIUM: backend: Allow redispatch on retry intervals For backend load balancing it sometimes makes sense to redispatch rather than retrying against the same server. For example, when machines or routers fail you may not want to waste time retrying against a dead server and would instead prefer to immediately redispatch against other servers. This patch allows backend sections to specify that they want to redispatch on a particular interval. If the interval N is positive the redispatch occurs on every Nth retry, and if the interval N is negative then the redispatch occurs on the Nth retry prior to the last retry (-1 is the default and maintains backwards compatibility). In low latency environments tuning this setting can save a few hundred milliseconds when backends fail.
2015-05-12 02:25:34 -04:00
/* Redispatch can take an integer argument that control when the
* resispatch occurs. All values are relative to the retries option.
* This can be cancelled using "no option xxx".
*/
if (strcmp(args[1], "redispatch") == 0) {
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) {
err_code |= ERR_WARN;
goto out;
}
curproxy->no_options &= ~PR_O_REDISP;
curproxy->options &= ~PR_O_REDISP;
switch (kwm) {
case KWM_STD:
curproxy->options |= PR_O_REDISP;
curproxy->redispatch_after = -1;
if(*args[2]) {
curproxy->redispatch_after = atol(args[2]);
}
break;
case KWM_NO:
curproxy->no_options |= PR_O_REDISP;
curproxy->redispatch_after = 0;
break;
case KWM_DEF: /* already cleared */
break;
}
goto out;
}
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
if (kwm != KWM_STD) {
Alert("parsing [%s:%d]: negation/default is not supported for option '%s'.\n",
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
file, linenum, args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
}
[MINOR] add a new CLF log format Appending the "clf" word after "option httplog" turns the HTTP log format into a CLF format, more suited for certain tools.
2009-06-30 12:26:00 -04:00
if (!strcmp(args[1], "httplog")) {
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
char *logformat;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* generate a complete HTTP log */
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
logformat = default_http_log_format;
[MINOR] add a new CLF log format Appending the "clf" word after "option httplog" turns the HTTP log format into a CLF format, more suited for certain tools.
2009-06-30 12:26:00 -04:00
if (*(args[2]) != '\0') {
if (!strcmp(args[2], "clf")) {
curproxy->options2 |= PR_O2_CLFLOG;
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
logformat = clf_http_log_format;
[MINOR] add a new CLF log format Appending the "clf" word after "option httplog" turns the HTTP log format into a CLF format, more suited for certain tools.
2009-06-30 12:26:00 -04:00
} else {
BUG/MINOR: cfgparse: fix typo in 'option httplog' error message The error message was displaying the wrong argument when 'option httplog' took a wrong argument.
2015-05-28 12:02:48 -04:00
Alert("parsing [%s:%d] : keyword '%s' only supports option 'clf'.\n", file, linenum, args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] add a new CLF log format Appending the "clf" word after "option httplog" turns the HTTP log format into a CLF format, more suited for certain tools.
2009-06-30 12:26:00 -04:00
}
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(1, 1, file, linenum, args, &err_code))
goto out;
[MINOR] add a new CLF log format Appending the "clf" word after "option httplog" turns the HTTP log format into a CLF format, more suited for certain tools.
2009-06-30 12:26:00 -04:00
}
MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections Add a warning when "log-format" or "tcplog" or "httplog" is overriden in "defaults" sections.
2017-03-31 13:54:09 -04:00
if (curproxy->conf.logformat_string && curproxy == &defproxy) {
char *oldlogformat = "log-format";
char *clflogformat = "";
if (curproxy->conf.logformat_string == default_http_log_format)
oldlogformat = "option httplog";
else if (curproxy->conf.logformat_string == default_tcp_log_format)
oldlogformat = "option tcplog";
else if (curproxy->conf.logformat_string == clf_http_log_format)
oldlogformat = "option httplog clf";
if (logformat == clf_http_log_format)
clflogformat = " clf";
Warning("parsing [%s:%d]: 'option httplog%s' overrides previous '%s' in 'defaults' section.\n",
file, linenum, clflogformat, oldlogformat);
}
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (curproxy->conf.logformat_string != default_http_log_format &&
curproxy->conf.logformat_string != default_tcp_log_format &&
curproxy->conf.logformat_string != clf_http_log_format)
free(curproxy->conf.logformat_string);
curproxy->conf.logformat_string = logformat;
free(curproxy->conf.lfs_file);
curproxy->conf.lfs_file = strdup(curproxy->conf.args.file);
curproxy->conf.lfs_line = curproxy->conf.args.line;
[MINOR] add a new CLF log format Appending the "clf" word after "option httplog" turns the HTTP log format into a CLF format, more suited for certain tools.
2009-06-30 12:26:00 -04:00
}
MEDIUM: log: use log_format for mode tcplog Merge http_sess_log() and tcp_sess_log() to sess_log() and move it to log.c A new field in logformat_type define if you can use a logformat variable in TCP or HTTP mode. doc: log-format in tcp mode Note that due to the way log buffer allocation currently works, trying to log an HTTP request without "option httplog" is still not possible. This will change in the near future.
2012-02-27 05:23:10 -05:00
else if (!strcmp(args[1], "tcplog")) {
MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections Add a warning when "log-format" or "tcplog" or "httplog" is overriden in "defaults" sections.
2017-03-31 13:54:09 -04:00
if (curproxy->conf.logformat_string && curproxy == &defproxy) {
char *oldlogformat = "log-format";
if (curproxy->conf.logformat_string == default_http_log_format)
oldlogformat = "option httplog";
else if (curproxy->conf.logformat_string == default_tcp_log_format)
oldlogformat = "option tcplog";
else if (curproxy->conf.logformat_string == clf_http_log_format)
oldlogformat = "option httplog clf";
Warning("parsing [%s:%d]: 'option tcplog' overrides previous '%s' in 'defaults' section.\n",
file, linenum, oldlogformat);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* generate a detailed TCP log */
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (curproxy->conf.logformat_string != default_http_log_format &&
curproxy->conf.logformat_string != default_tcp_log_format &&
curproxy->conf.logformat_string != clf_http_log_format)
free(curproxy->conf.logformat_string);
curproxy->conf.logformat_string = default_tcp_log_format;
free(curproxy->conf.lfs_file);
curproxy->conf.lfs_file = strdup(curproxy->conf.args.file);
curproxy->conf.lfs_line = curproxy->conf.args.line;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
MEDIUM: log: use log_format for mode tcplog Merge http_sess_log() and tcp_sess_log() to sess_log() and move it to log.c A new field in logformat_type define if you can use a logformat variable in TCP or HTTP mode. doc: log-format in tcp mode Note that due to the way log buffer allocation currently works, trying to log an HTTP request without "option httplog" is still not possible. This will change in the near future.
2012-02-27 05:23:10 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[1], "tcpka")) {
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
/* enable TCP keep-alives on client and server streams */
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE | PR_CAP_FE, file, linenum, args[1], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
if (curproxy->cap & PR_CAP_FE)
curproxy->options |= PR_O_TCP_CLI_KA;
if (curproxy->cap & PR_CAP_BE)
curproxy->options |= PR_O_TCP_SRV_KA;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[1], "httpchk")) {
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* use HTTP request to check servers' health */
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(curproxy->check_req);
[BUG] config: reset check request to avoid double free when switching to ssl/sql SSL and SQL checks did only perform a free() of the request without replacing it, so having multiple SSL/SQL check declarations after another check type causes a double free condition during config parsing. This should be backported although it's harmless.
2010-02-01 10:31:14 -05:00
curproxy->check_req = NULL;
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
curproxy->options2 &= ~PR_O2_CHK_ANY;
curproxy->options2 |= PR_O2_HTTP_CHK;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (!*args[2]) { /* no argument */
curproxy->check_req = strdup(DEF_CHECK_REQ); /* default request */
curproxy->check_len = strlen(DEF_CHECK_REQ);
} else if (!*args[3]) { /* one argument : URI */
[MINOR] checks: make the HTTP check code add the CRLF itself Currently we cannot easily add headers nor anything to HTTP checks because the requests are pre-formatted with the last CRLF. Make the check code add the CRLF itself so that we can later add useful info.
2010-01-27 05:28:42 -05:00
int reqlen = strlen(args[2]) + strlen("OPTIONS HTTP/1.0\r\n") + 1;
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
curproxy->check_req = malloc(reqlen);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->check_len = snprintf(curproxy->check_req, reqlen,
[MINOR] checks: make the HTTP check code add the CRLF itself Currently we cannot easily add headers nor anything to HTTP checks because the requests are pre-formatted with the last CRLF. Make the check code add the CRLF itself so that we can later add useful info.
2010-01-27 05:28:42 -05:00
"OPTIONS %s HTTP/1.0\r\n", args[2]); /* URI to use */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else { /* more arguments : METHOD URI [HTTP_VER] */
[MINOR] checks: make the HTTP check code add the CRLF itself Currently we cannot easily add headers nor anything to HTTP checks because the requests are pre-formatted with the last CRLF. Make the check code add the CRLF itself so that we can later add useful info.
2010-01-27 05:28:42 -05:00
int reqlen = strlen(args[2]) + strlen(args[3]) + 3 + strlen("\r\n");
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*args[4])
reqlen += strlen(args[4]);
else
reqlen += strlen("HTTP/1.0");
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
curproxy->check_req = malloc(reqlen);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->check_len = snprintf(curproxy->check_req, reqlen,
[MINOR] checks: make the HTTP check code add the CRLF itself Currently we cannot easily add headers nor anything to HTTP checks because the requests are pre-formatted with the last CRLF. Make the check code add the CRLF itself so that we can later add useful info.
2010-01-27 05:28:42 -05:00
"%s %s %s\r\n", args[2], args[3], *args[4]?args[4]:"HTTP/1.0");
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(3, 1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] implement 'option ssl-hello-chk' to use CLIENT HELLO health checks. This makes it possible to relay SSL connections in pure TCP instances while ensuring the remote end really receives our data eventhough intermediate agents (firewalls, proxies, ...) might acknowledge the connection.
2006-07-09 10:42:34 -04:00
else if (!strcmp(args[1], "ssl-hello-chk")) {
/* use SSLv3 CLIENT HELLO to check servers' health */
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(curproxy->check_req);
[BUG] config: reset check request to avoid double free when switching to ssl/sql SSL and SQL checks did only perform a free() of the request without replacing it, so having multiple SSL/SQL check declarations after another check type causes a double free condition during config parsing. This should be backported although it's harmless.
2010-02-01 10:31:14 -05:00
curproxy->check_req = NULL;
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
curproxy->options2 &= ~PR_O2_CHK_ANY;
[CLEANUP] proxy: move PR_O_SSL3_CHK to options2 to release one flag We'll need another flag in the 'options' member close to PR_O_TPXY_*, and all are used, so let's move this easy one to options2 (which are already used for SQL checks).
2010-03-29 12:33:29 -04:00
curproxy->options2 |= PR_O2_SSL3_CHK;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
[MEDIUM] implement 'option ssl-hello-chk' to use CLIENT HELLO health checks. This makes it possible to relay SSL connections in pure TCP instances while ensuring the remote end really receives our data eventhough intermediate agents (firewalls, proxies, ...) might acknowledge the connection.
2006-07-09 10:42:34 -04:00
}
[MEDIUM] implement SMTP health checks Peter van Dijk contributed this patch which implements the "smtpchk" option, which is to SMTP what "httpchk" is to HTTP. By default, it sends "HELO localhost" to the servers, and waits for the 250 message, but it can also send a specific request.
2007-05-08 17:50:35 -04:00
else if (!strcmp(args[1], "smtpchk")) {
/* use SMTP request to check servers' health */
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(curproxy->check_req);
[BUG] config: reset check request to avoid double free when switching to ssl/sql SSL and SQL checks did only perform a free() of the request without replacing it, so having multiple SSL/SQL check declarations after another check type causes a double free condition during config parsing. This should be backported although it's harmless.
2010-02-01 10:31:14 -05:00
curproxy->check_req = NULL;
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
curproxy->options2 &= ~PR_O2_CHK_ANY;
curproxy->options2 |= PR_O2_SMTP_CHK;
[MEDIUM] implement SMTP health checks Peter van Dijk contributed this patch which implements the "smtpchk" option, which is to SMTP what "httpchk" is to HTTP. By default, it sends "HELO localhost" to the servers, and waits for the 250 message, but it can also send a specific request.
2007-05-08 17:50:35 -04:00
if (!*args[2] || !*args[3]) { /* no argument or incomplete EHLO host */
curproxy->check_req = strdup(DEF_SMTP_CHECK_REQ); /* default request */
curproxy->check_len = strlen(DEF_SMTP_CHECK_REQ);
} else { /* ESMTP EHLO, or SMTP HELO, and a hostname */
if (!strcmp(args[2], "EHLO") || !strcmp(args[2], "HELO")) {
int reqlen = strlen(args[2]) + strlen(args[3]) + strlen(" \r\n") + 1;
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
curproxy->check_req = malloc(reqlen);
[MEDIUM] implement SMTP health checks Peter van Dijk contributed this patch which implements the "smtpchk" option, which is to SMTP what "httpchk" is to HTTP. By default, it sends "HELO localhost" to the servers, and waits for the 250 message, but it can also send a specific request.
2007-05-08 17:50:35 -04:00
curproxy->check_len = snprintf(curproxy->check_req, reqlen,
"%s %s\r\n", args[2], args[3]); /* HELO hostname */
} else {
/* this just hits the default for now, but you could potentially expand it to allow for other stuff
though, it's unlikely you'd want to send anything other than an EHLO or HELO */
curproxy->check_req = strdup(DEF_SMTP_CHECK_REQ); /* default request */
curproxy->check_len = strlen(DEF_SMTP_CHECK_REQ);
}
}
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(2, 1, file, linenum, args, &err_code))
goto out;
[MEDIUM] implement SMTP health checks Peter van Dijk contributed this patch which implements the "smtpchk" option, which is to SMTP what "httpchk" is to HTTP. By default, it sends "HELO localhost" to the servers, and waits for the 250 message, but it can also send a specific request.
2007-05-08 17:50:35 -04:00
}
[MINOR] checks: add PostgreSQL health check I have written a small patch to enable a correct PostgreSQL health check It works similar to mysql-check with the very same parameters. E.g.: listen pgsql 127.0.0.1:5432 mode tcp option pgsql-check user pgsql server masterdb pgsql.server.com:5432 check inter 10000
2011-01-04 09:14:13 -05:00
else if (!strcmp(args[1], "pgsql-check")) {
/* use PostgreSQL request to check servers' health */
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL))
err_code |= ERR_WARN;
free(curproxy->check_req);
curproxy->check_req = NULL;
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
curproxy->options2 &= ~PR_O2_CHK_ANY;
[MINOR] checks: add PostgreSQL health check I have written a small patch to enable a correct PostgreSQL health check It works similar to mysql-check with the very same parameters. E.g.: listen pgsql 127.0.0.1:5432 mode tcp option pgsql-check user pgsql server masterdb pgsql.server.com:5432 check inter 10000
2011-01-04 09:14:13 -05:00
curproxy->options2 |= PR_O2_PGSQL_CHK;
if (*(args[2])) {
int cur_arg = 2;
while (*(args[cur_arg])) {
if (strcmp(args[cur_arg], "user") == 0) {
char * packet;
uint32_t packet_len;
uint32_t pv;
/* suboption header - needs additional argument for it */
if (*(args[cur_arg+1]) == 0) {
Alert("parsing [%s:%d] : '%s %s %s' expects <username> as argument.\n",
file, linenum, args[0], args[1], args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
/* uint32_t + uint32_t + strlen("user")+1 + strlen(username)+1 + 1 */
packet_len = 4 + 4 + 5 + strlen(args[cur_arg + 1])+1 +1;
pv = htonl(0x30000); /* protocol version 3.0 */
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
packet = calloc(1, packet_len);
[MINOR] checks: add PostgreSQL health check I have written a small patch to enable a correct PostgreSQL health check It works similar to mysql-check with the very same parameters. E.g.: listen pgsql 127.0.0.1:5432 mode tcp option pgsql-check user pgsql server masterdb pgsql.server.com:5432 check inter 10000
2011-01-04 09:14:13 -05:00
memcpy(packet + 4, &pv, 4);
/* copy "user" */
memcpy(packet + 8, "user", 4);
/* copy username */
memcpy(packet + 13, args[cur_arg+1], strlen(args[cur_arg+1]));
free(curproxy->check_req);
curproxy->check_req = packet;
curproxy->check_len = packet_len;
packet_len = htonl(packet_len);
memcpy(packet, &packet_len, 4);
cur_arg += 2;
} else {
/* unknown suboption - catchall */
Alert("parsing [%s:%d] : '%s %s' only supports optional values: 'user'.\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
} /* end while loop */
}
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(2, 1, file, linenum, args, &err_code))
goto out;
[MINOR] checks: add PostgreSQL health check I have written a small patch to enable a correct PostgreSQL health check It works similar to mysql-check with the very same parameters. E.g.: listen pgsql 127.0.0.1:5432 mode tcp option pgsql-check user pgsql server masterdb pgsql.server.com:5432 check inter 10000
2011-01-04 09:14:13 -05:00
}
[MINOR] check: add redis check support This patch provides a new "option redis-check" statement to enable server health checks based on redis PING request (http://www.redis.io/commands/ping).
2011-08-05 10:23:48 -04:00
else if (!strcmp(args[1], "redis-check")) {
/* use REDIS PING request to check servers' health */
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL))
err_code |= ERR_WARN;
free(curproxy->check_req);
curproxy->check_req = NULL;
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
curproxy->options2 &= ~PR_O2_CHK_ANY;
[MINOR] check: add redis check support This patch provides a new "option redis-check" statement to enable server health checks based on redis PING request (http://www.redis.io/commands/ping).
2011-08-05 10:23:48 -04:00
curproxy->options2 |= PR_O2_REDIS_CHK;
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
curproxy->check_req = malloc(sizeof(DEF_REDIS_CHECK_REQ) - 1);
[MINOR] check: add redis check support This patch provides a new "option redis-check" statement to enable server health checks based on redis PING request (http://www.redis.io/commands/ping).
2011-08-05 10:23:48 -04:00
memcpy(curproxy->check_req, DEF_REDIS_CHECK_REQ, sizeof(DEF_REDIS_CHECK_REQ) - 1);
curproxy->check_len = sizeof(DEF_REDIS_CHECK_REQ) - 1;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
[MINOR] check: add redis check support This patch provides a new "option redis-check" statement to enable server health checks based on redis PING request (http://www.redis.io/commands/ping).
2011-08-05 10:23:48 -04:00
}
[MINOR] add option "mysql-check" to use MySQL health checks This patch adds support for MySQL health checks. Those are enabled using the new option "mysql-check".
2010-01-12 03:25:13 -05:00
else if (!strcmp(args[1], "mysql-check")) {
/* use MYSQL request to check servers' health */
[MINOR] add better support to "mysql-check" The MySQL check has been revamped to be able to send real MySQL data, and to avoid Aborted connects on MySQL side. It is however backward compatible with older version, but it is highly recommended to use the new mode, by adding "user <username>" on the "mysql-check" line. The new check consists in sending two MySQL packet, one Client Authentication packet, with "haproxy" username (by default), and one QUIT packet, to correctly close MySQL session. We then parse the Mysql Handshake Initialisation packet and/or Error packet. It is a basic but useful test which does not produce error nor aborted connect on the server. (cherry picked from commit a1e4dcfe5718311b7653d7dabfad65c005d0439b)
2010-10-18 09:58:36 -04:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL))
err_code |= ERR_WARN;
[MINOR] add option "mysql-check" to use MySQL health checks This patch adds support for MySQL health checks. Those are enabled using the new option "mysql-check".
2010-01-12 03:25:13 -05:00
free(curproxy->check_req);
[BUG] config: reset check request to avoid double free when switching to ssl/sql SSL and SQL checks did only perform a free() of the request without replacing it, so having multiple SSL/SQL check declarations after another check type causes a double free condition during config parsing. This should be backported although it's harmless.
2010-02-01 10:31:14 -05:00
curproxy->check_req = NULL;
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
curproxy->options2 &= ~PR_O2_CHK_ANY;
[MINOR] add option "mysql-check" to use MySQL health checks This patch adds support for MySQL health checks. Those are enabled using the new option "mysql-check".
2010-01-12 03:25:13 -05:00
curproxy->options2 |= PR_O2_MYSQL_CHK;
[MINOR] add better support to "mysql-check" The MySQL check has been revamped to be able to send real MySQL data, and to avoid Aborted connects on MySQL side. It is however backward compatible with older version, but it is highly recommended to use the new mode, by adding "user <username>" on the "mysql-check" line. The new check consists in sending two MySQL packet, one Client Authentication packet, with "haproxy" username (by default), and one QUIT packet, to correctly close MySQL session. We then parse the Mysql Handshake Initialisation packet and/or Error packet. It is a basic but useful test which does not produce error nor aborted connect on the server. (cherry picked from commit a1e4dcfe5718311b7653d7dabfad65c005d0439b)
2010-10-18 09:58:36 -04:00
MINOR: checks: mysql-check: Add support for v4.1+ authentication MySQL will in stop supporting pre-4.1 authentication packets in the future and is already giving us a hard time regarding non-silencable warnings which are logged on each health check. Warnings look like the following: "[Warning] Client failed to provide its character set. 'latin1' will be used as client character set." This patch adds basic support for post-4.1 authentication by sending the proper authentication packet with the character set, along with the QUIT command.
2014-05-30 08:26:32 -04:00
/* This is an example of a MySQL >=4.0 client Authentication packet kindly provided by Cyril Bonte.
[MINOR] add better support to "mysql-check" The MySQL check has been revamped to be able to send real MySQL data, and to avoid Aborted connects on MySQL side. It is however backward compatible with older version, but it is highly recommended to use the new mode, by adding "user <username>" on the "mysql-check" line. The new check consists in sending two MySQL packet, one Client Authentication packet, with "haproxy" username (by default), and one QUIT packet, to correctly close MySQL session. We then parse the Mysql Handshake Initialisation packet and/or Error packet. It is a basic but useful test which does not produce error nor aborted connect on the server. (cherry picked from commit a1e4dcfe5718311b7653d7dabfad65c005d0439b)
2010-10-18 09:58:36 -04:00
* const char mysql40_client_auth_pkt[] = {
* "\x0e\x00\x00" // packet length
* "\x01" // packet number
* "\x00\x00" // client capabilities
* "\x00\x00\x01" // max packet
* "haproxy\x00" // username (null terminated string)
* "\x00" // filler (always 0x00)
* "\x01\x00\x00" // packet length
* "\x00" // packet number
* "\x01" // COM_QUIT command
* };
*/
MINOR: checks: mysql-check: Add support for v4.1+ authentication MySQL will in stop supporting pre-4.1 authentication packets in the future and is already giving us a hard time regarding non-silencable warnings which are logged on each health check. Warnings look like the following: "[Warning] Client failed to provide its character set. 'latin1' will be used as client character set." This patch adds basic support for post-4.1 authentication by sending the proper authentication packet with the character set, along with the QUIT command.
2014-05-30 08:26:32 -04:00
/* This is an example of a MySQL >=4.1 client Authentication packet provided by Nenad Merdanovic.
* const char mysql41_client_auth_pkt[] = {
* "\x0e\x00\x00\" // packet length
* "\x01" // packet number
* "\x00\x00\x00\x00" // client capabilities
* "\x00\x00\x00\x01" // max packet
* "\x21" // character set (UTF-8)
* char[23] // All zeroes
* "haproxy\x00" // username (null terminated string)
* "\x00" // filler (always 0x00)
* "\x01\x00\x00" // packet length
* "\x00" // packet number
* "\x01" // COM_QUIT command
* };
*/
[MINOR] add better support to "mysql-check" The MySQL check has been revamped to be able to send real MySQL data, and to avoid Aborted connects on MySQL side. It is however backward compatible with older version, but it is highly recommended to use the new mode, by adding "user <username>" on the "mysql-check" line. The new check consists in sending two MySQL packet, one Client Authentication packet, with "haproxy" username (by default), and one QUIT packet, to correctly close MySQL session. We then parse the Mysql Handshake Initialisation packet and/or Error packet. It is a basic but useful test which does not produce error nor aborted connect on the server. (cherry picked from commit a1e4dcfe5718311b7653d7dabfad65c005d0439b)
2010-10-18 09:58:36 -04:00
if (*(args[2])) {
int cur_arg = 2;
while (*(args[cur_arg])) {
if (strcmp(args[cur_arg], "user") == 0) {
char *mysqluser;
int packetlen, reqlen, userlen;
/* suboption header - needs additional argument for it */
if (*(args[cur_arg+1]) == 0) {
Alert("parsing [%s:%d] : '%s %s %s' expects <username> as argument.\n",
file, linenum, args[0], args[1], args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
mysqluser = args[cur_arg + 1];
userlen = strlen(mysqluser);
MINOR: checks: mysql-check: Add support for v4.1+ authentication MySQL will in stop supporting pre-4.1 authentication packets in the future and is already giving us a hard time regarding non-silencable warnings which are logged on each health check. Warnings look like the following: "[Warning] Client failed to provide its character set. 'latin1' will be used as client character set." This patch adds basic support for post-4.1 authentication by sending the proper authentication packet with the character set, along with the QUIT command.
2014-05-30 08:26:32 -04:00
if (*(args[cur_arg+2])) {
if (!strcmp(args[cur_arg+2], "post-41")) {
packetlen = userlen + 7 + 27;
reqlen = packetlen + 9;
free(curproxy->check_req);
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
curproxy->check_req = calloc(1, reqlen);
MINOR: checks: mysql-check: Add support for v4.1+ authentication MySQL will in stop supporting pre-4.1 authentication packets in the future and is already giving us a hard time regarding non-silencable warnings which are logged on each health check. Warnings look like the following: "[Warning] Client failed to provide its character set. 'latin1' will be used as client character set." This patch adds basic support for post-4.1 authentication by sending the proper authentication packet with the character set, along with the QUIT command.
2014-05-30 08:26:32 -04:00
curproxy->check_len = reqlen;
snprintf(curproxy->check_req, 4, "%c%c%c",
((unsigned char) packetlen & 0xff),
((unsigned char) (packetlen >> 8) & 0xff),
((unsigned char) (packetlen >> 16) & 0xff));
curproxy->check_req[3] = 1;
curproxy->check_req[5] = 130;
curproxy->check_req[11] = 1;
curproxy->check_req[12] = 33;
memcpy(&curproxy->check_req[36], mysqluser, userlen);
curproxy->check_req[36 + userlen + 1 + 1] = 1;
curproxy->check_req[36 + userlen + 1 + 1 + 4] = 1;
cur_arg += 3;
} else {
Alert("parsing [%s:%d] : keyword '%s' only supports option 'post-41'.\n", file, linenum, args[cur_arg+2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
} else {
packetlen = userlen + 7;
reqlen = packetlen + 9;
free(curproxy->check_req);
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
curproxy->check_req = calloc(1, reqlen);
MINOR: checks: mysql-check: Add support for v4.1+ authentication MySQL will in stop supporting pre-4.1 authentication packets in the future and is already giving us a hard time regarding non-silencable warnings which are logged on each health check. Warnings look like the following: "[Warning] Client failed to provide its character set. 'latin1' will be used as client character set." This patch adds basic support for post-4.1 authentication by sending the proper authentication packet with the character set, along with the QUIT command.
2014-05-30 08:26:32 -04:00
curproxy->check_len = reqlen;
snprintf(curproxy->check_req, 4, "%c%c%c",
((unsigned char) packetlen & 0xff),
((unsigned char) (packetlen >> 8) & 0xff),
((unsigned char) (packetlen >> 16) & 0xff));
curproxy->check_req[3] = 1;
curproxy->check_req[5] = 128;
curproxy->check_req[8] = 1;
memcpy(&curproxy->check_req[9], mysqluser, userlen);
curproxy->check_req[9 + userlen + 1 + 1] = 1;
curproxy->check_req[9 + userlen + 1 + 1 + 4] = 1;
cur_arg += 2;
}
[MINOR] add better support to "mysql-check" The MySQL check has been revamped to be able to send real MySQL data, and to avoid Aborted connects on MySQL side. It is however backward compatible with older version, but it is highly recommended to use the new mode, by adding "user <username>" on the "mysql-check" line. The new check consists in sending two MySQL packet, one Client Authentication packet, with "haproxy" username (by default), and one QUIT packet, to correctly close MySQL session. We then parse the Mysql Handshake Initialisation packet and/or Error packet. It is a basic but useful test which does not produce error nor aborted connect on the server. (cherry picked from commit a1e4dcfe5718311b7653d7dabfad65c005d0439b)
2010-10-18 09:58:36 -04:00
} else {
/* unknown suboption - catchall */
Alert("parsing [%s:%d] : '%s %s' only supports optional values: 'user'.\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
} /* end while loop */
}
[MINOR] add option "mysql-check" to use MySQL health checks This patch adds support for MySQL health checks. Those are enabled using the new option "mysql-check".
2010-01-12 03:25:13 -05:00
}
[MINOR] checks: add support for LDAPv3 health checks This patch provides a new "option ldap-check" statement to enable server health checks based on LDAPv3 bind requests. (cherry picked from commit b76b44c6fed8a7ba6f0f565dd72a9cb77aaeca7c)
2010-09-29 12:17:05 -04:00
else if (!strcmp(args[1], "ldap-check")) {
/* use LDAP request to check servers' health */
free(curproxy->check_req);
curproxy->check_req = NULL;
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
curproxy->options2 &= ~PR_O2_CHK_ANY;
[MINOR] checks: add support for LDAPv3 health checks This patch provides a new "option ldap-check" statement to enable server health checks based on LDAPv3 bind requests. (cherry picked from commit b76b44c6fed8a7ba6f0f565dd72a9cb77aaeca7c)
2010-09-29 12:17:05 -04:00
curproxy->options2 |= PR_O2_LDAP_CHK;
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
curproxy->check_req = malloc(sizeof(DEF_LDAP_CHECK_REQ) - 1);
[MINOR] checks: add support for LDAPv3 health checks This patch provides a new "option ldap-check" statement to enable server health checks based on LDAPv3 bind requests. (cherry picked from commit b76b44c6fed8a7ba6f0f565dd72a9cb77aaeca7c)
2010-09-29 12:17:05 -04:00
memcpy(curproxy->check_req, DEF_LDAP_CHECK_REQ, sizeof(DEF_LDAP_CHECK_REQ) - 1);
curproxy->check_len = sizeof(DEF_LDAP_CHECK_REQ) - 1;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
[MINOR] checks: add support for LDAPv3 health checks This patch provides a new "option ldap-check" statement to enable server health checks based on LDAPv3 bind requests. (cherry picked from commit b76b44c6fed8a7ba6f0f565dd72a9cb77aaeca7c)
2010-09-29 12:17:05 -04:00
}
MINOR: spoe/checks: Add support for SPOP health checks A new "option spop-check" statement has been added to enable server health checks based on SPOP HELLO handshake. SPOP is the protocol used by SPOE filters to talk to servers.
2016-11-07 15:07:38 -05:00
else if (!strcmp(args[1], "spop-check")) {
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s %s' not allowed in 'defaults' section.\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (curproxy->cap & PR_CAP_FE) {
Alert("parsing [%s:%d] : '%s %s' not allowed in 'frontend' and 'listen' sections.\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
/* use SPOE request to check servers' health */
free(curproxy->check_req);
curproxy->check_req = NULL;
curproxy->options2 &= ~PR_O2_CHK_ANY;
curproxy->options2 |= PR_O2_SPOP_CHK;
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
if (spoe_prepare_healthcheck_request(&curproxy->check_req, &curproxy->check_len)) {
MINOR: spoe/checks: Add support for SPOP health checks A new "option spop-check" statement has been added to enable server health checks based on SPOP HELLO handshake. SPOP is the protocol used by SPOE filters to talk to servers.
2016-11-07 15:07:38 -05:00
Alert("parsing [%s:%d] : failed to prepare SPOP healthcheck request.\n", file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
}
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
else if (!strcmp(args[1], "tcp-check")) {
/* use raw TCPCHK send/expect to check servers' health */
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL))
err_code |= ERR_WARN;
free(curproxy->check_req);
curproxy->check_req = NULL;
curproxy->options2 &= ~PR_O2_CHK_ANY;
curproxy->options2 |= PR_O2_TCPCHK_CHK;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
}
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
else if (!strcmp(args[1], "external-check")) {
/* excute an external command to check servers' health */
free(curproxy->check_req);
curproxy->check_req = NULL;
curproxy->options2 &= ~PR_O2_CHK_ANY;
curproxy->options2 |= PR_O2_EXT_CHK;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
}
[MEDIUM] add the "except" keyword to the "forwardfor" option Patch from Bryan Germann for 1.2.17. In some circumstances, it is useful not to add the X-Forwarded-For header, for instance when the client is another reverse-proxy or stunnel running on the same machine and which already adds it. This patch adds the "except" keyword to the "forwardfor" option, allowing to specify an address or network which will not be added to this header.
2007-03-25 10:00:04 -04:00
else if (!strcmp(args[1], "forwardfor")) {
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
int cur_arg;
/* insert x-forwarded-for field, but not for the IP address listed as an except.
* set default options (ie: bitfield, header name, etc)
[MEDIUM] add the "except" keyword to the "forwardfor" option Patch from Bryan Germann for 1.2.17. In some circumstances, it is useful not to add the X-Forwarded-For header, for instance when the client is another reverse-proxy or stunnel running on the same machine and which already adds it. This patch adds the "except" keyword to the "forwardfor" option, allowing to specify an address or network which will not be added to this header.
2007-03-25 10:00:04 -04:00
*/
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
[MEDIUM] http: make x-forwarded-for addition conditional If "option forwardfor" has the "if-none" argument, then the header is only added when the request did not already have one. This option has security implications, and should not be set blindly.
2011-08-19 16:57:24 -04:00
curproxy->options |= PR_O_FWDFOR | PR_O_FF_ALWAYS;
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
free(curproxy->fwdfor_hdr_name);
curproxy->fwdfor_hdr_name = strdup(DEF_XFORWARDFOR_HDR);
curproxy->fwdfor_hdr_len = strlen(DEF_XFORWARDFOR_HDR);
/* loop to go through arguments - start at 2, since 0+1 = "option" "forwardfor" */
cur_arg = 2;
while (*(args[cur_arg])) {
if (!strcmp(args[cur_arg], "except")) {
/* suboption except - needs additional argument for it */
MINOR: standard: Disable ip resolution during the runtime The function str2net runs DNS resolution if valid ip cannot be parsed. The DNS function used is the standard function of the libc and it performs asynchronous request. The asynchronous request is not compatible with the haproxy archictecture. str2net() is used during the runtime throught the "socket". This patch remove the DNS resolution during the runtime.
2014-02-11 09:23:04 -05:00
if (!*(args[cur_arg+1]) || !str2net(args[cur_arg+1], 1, &curproxy->except_net, &curproxy->except_mask)) {
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
Alert("parsing [%s:%d] : '%s %s %s' expects <address>[/mask] as argument.\n",
file, linenum, args[0], args[1], args[cur_arg]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add the "except" keyword to the "forwardfor" option Patch from Bryan Germann for 1.2.17. In some circumstances, it is useful not to add the X-Forwarded-For header, for instance when the client is another reverse-proxy or stunnel running on the same machine and which already adds it. This patch adds the "except" keyword to the "forwardfor" option, allowing to specify an address or network which will not be added to this header.
2007-03-25 10:00:04 -04:00
}
/* flush useless bits */
curproxy->except_net.s_addr &= curproxy->except_mask.s_addr;
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
cur_arg += 2;
} else if (!strcmp(args[cur_arg], "header")) {
/* suboption header - needs additional argument for it */
if (*(args[cur_arg+1]) == 0) {
Alert("parsing [%s:%d] : '%s %s %s' expects <header_name> as argument.\n",
file, linenum, args[0], args[1], args[cur_arg]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
}
free(curproxy->fwdfor_hdr_name);
curproxy->fwdfor_hdr_name = strdup(args[cur_arg+1]);
curproxy->fwdfor_hdr_len = strlen(curproxy->fwdfor_hdr_name);
cur_arg += 2;
[MEDIUM] http: make x-forwarded-for addition conditional If "option forwardfor" has the "if-none" argument, then the header is only added when the request did not already have one. This option has security implications, and should not be set blindly.
2011-08-19 16:57:24 -04:00
} else if (!strcmp(args[cur_arg], "if-none")) {
curproxy->options &= ~PR_O_FF_ALWAYS;
cur_arg += 1;
[MEDIUM] add the "except" keyword to the "forwardfor" option Patch from Bryan Germann for 1.2.17. In some circumstances, it is useful not to add the X-Forwarded-For header, for instance when the client is another reverse-proxy or stunnel running on the same machine and which already adds it. This patch adds the "except" keyword to the "forwardfor" option, allowing to specify an address or network which will not be added to this header.
2007-03-25 10:00:04 -04:00
} else {
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
/* unknown suboption - catchall */
[MEDIUM] http: make x-forwarded-for addition conditional If "option forwardfor" has the "if-none" argument, then the header is only added when the request did not already have one. This option has security implications, and should not be set blindly.
2011-08-19 16:57:24 -04:00
Alert("parsing [%s:%d] : '%s %s' only supports optional values: 'except', 'header' and 'if-none'.\n",
[MINOR] add X-Original-To: header I have attached a patch which will add on every http request a new header 'X-Original-To'. If you have HAProxy running in transparent mode with a big number of SQUID servers behind it, it is very nice to have the original destination ip as a common header to make decisions based on it. The whole thing is configurable with a new option 'originalto'. I have updated the sourcecode as well as the documentation. The 'haproxy-en.txt' and 'haproxy-fr.txt' files are untouched, due to lack of my french language knowledge. ;) Also the patch adds this header for IPv4 only. I haven't any IPv6 test environment running here and don't know if getsockopt() with SO_ORIGINAL_DST will work on IPv6. If someone knows it and wants to test it I can modify the diff. Feel free to ask me questions or things which should be changed. :) --Maik
2009-04-17 12:53:21 -04:00
file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] add X-Original-To: header I have attached a patch which will add on every http request a new header 'X-Original-To'. If you have HAProxy running in transparent mode with a big number of SQUID servers behind it, it is very nice to have the original destination ip as a common header to make decisions based on it. The whole thing is configurable with a new option 'originalto'. I have updated the sourcecode as well as the documentation. The 'haproxy-en.txt' and 'haproxy-fr.txt' files are untouched, due to lack of my french language knowledge. ;) Also the patch adds this header for IPv4 only. I haven't any IPv6 test environment running here and don't know if getsockopt() with SO_ORIGINAL_DST will work on IPv6. If someone knows it and wants to test it I can modify the diff. Feel free to ask me questions or things which should be changed. :) --Maik
2009-04-17 12:53:21 -04:00
}
} /* end while loop */
}
else if (!strcmp(args[1], "originalto")) {
int cur_arg;
/* insert x-original-to field, but not for the IP address listed as an except.
* set default options (ie: bitfield, header name, etc)
*/
curproxy->options |= PR_O_ORGTO;
free(curproxy->orgto_hdr_name);
curproxy->orgto_hdr_name = strdup(DEF_XORIGINALTO_HDR);
curproxy->orgto_hdr_len = strlen(DEF_XORIGINALTO_HDR);
[MEDIUM] http: make x-forwarded-for addition conditional If "option forwardfor" has the "if-none" argument, then the header is only added when the request did not already have one. This option has security implications, and should not be set blindly.
2011-08-19 16:57:24 -04:00
/* loop to go through arguments - start at 2, since 0+1 = "option" "originalto" */
[MINOR] add X-Original-To: header I have attached a patch which will add on every http request a new header 'X-Original-To'. If you have HAProxy running in transparent mode with a big number of SQUID servers behind it, it is very nice to have the original destination ip as a common header to make decisions based on it. The whole thing is configurable with a new option 'originalto'. I have updated the sourcecode as well as the documentation. The 'haproxy-en.txt' and 'haproxy-fr.txt' files are untouched, due to lack of my french language knowledge. ;) Also the patch adds this header for IPv4 only. I haven't any IPv6 test environment running here and don't know if getsockopt() with SO_ORIGINAL_DST will work on IPv6. If someone knows it and wants to test it I can modify the diff. Feel free to ask me questions or things which should be changed. :) --Maik
2009-04-17 12:53:21 -04:00
cur_arg = 2;
while (*(args[cur_arg])) {
if (!strcmp(args[cur_arg], "except")) {
/* suboption except - needs additional argument for it */
MINOR: standard: Disable ip resolution during the runtime The function str2net runs DNS resolution if valid ip cannot be parsed. The DNS function used is the standard function of the libc and it performs asynchronous request. The asynchronous request is not compatible with the haproxy archictecture. str2net() is used during the runtime throught the "socket". This patch remove the DNS resolution during the runtime.
2014-02-11 09:23:04 -05:00
if (!*(args[cur_arg+1]) || !str2net(args[cur_arg+1], 1, &curproxy->except_to, &curproxy->except_mask_to)) {
[MINOR] add X-Original-To: header I have attached a patch which will add on every http request a new header 'X-Original-To'. If you have HAProxy running in transparent mode with a big number of SQUID servers behind it, it is very nice to have the original destination ip as a common header to make decisions based on it. The whole thing is configurable with a new option 'originalto'. I have updated the sourcecode as well as the documentation. The 'haproxy-en.txt' and 'haproxy-fr.txt' files are untouched, due to lack of my french language knowledge. ;) Also the patch adds this header for IPv4 only. I haven't any IPv6 test environment running here and don't know if getsockopt() with SO_ORIGINAL_DST will work on IPv6. If someone knows it and wants to test it I can modify the diff. Feel free to ask me questions or things which should be changed. :) --Maik
2009-04-17 12:53:21 -04:00
Alert("parsing [%s:%d] : '%s %s %s' expects <address>[/mask] as argument.\n",
file, linenum, args[0], args[1], args[cur_arg]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] add X-Original-To: header I have attached a patch which will add on every http request a new header 'X-Original-To'. If you have HAProxy running in transparent mode with a big number of SQUID servers behind it, it is very nice to have the original destination ip as a common header to make decisions based on it. The whole thing is configurable with a new option 'originalto'. I have updated the sourcecode as well as the documentation. The 'haproxy-en.txt' and 'haproxy-fr.txt' files are untouched, due to lack of my french language knowledge. ;) Also the patch adds this header for IPv4 only. I haven't any IPv6 test environment running here and don't know if getsockopt() with SO_ORIGINAL_DST will work on IPv6. If someone knows it and wants to test it I can modify the diff. Feel free to ask me questions or things which should be changed. :) --Maik
2009-04-17 12:53:21 -04:00
}
/* flush useless bits */
curproxy->except_to.s_addr &= curproxy->except_mask_to.s_addr;
cur_arg += 2;
} else if (!strcmp(args[cur_arg], "header")) {
/* suboption header - needs additional argument for it */
if (*(args[cur_arg+1]) == 0) {
Alert("parsing [%s:%d] : '%s %s %s' expects <header_name> as argument.\n",
file, linenum, args[0], args[1], args[cur_arg]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] add X-Original-To: header I have attached a patch which will add on every http request a new header 'X-Original-To'. If you have HAProxy running in transparent mode with a big number of SQUID servers behind it, it is very nice to have the original destination ip as a common header to make decisions based on it. The whole thing is configurable with a new option 'originalto'. I have updated the sourcecode as well as the documentation. The 'haproxy-en.txt' and 'haproxy-fr.txt' files are untouched, due to lack of my french language knowledge. ;) Also the patch adds this header for IPv4 only. I haven't any IPv6 test environment running here and don't know if getsockopt() with SO_ORIGINAL_DST will work on IPv6. If someone knows it and wants to test it I can modify the diff. Feel free to ask me questions or things which should be changed. :) --Maik
2009-04-17 12:53:21 -04:00
}
free(curproxy->orgto_hdr_name);
curproxy->orgto_hdr_name = strdup(args[cur_arg+1]);
curproxy->orgto_hdr_len = strlen(curproxy->orgto_hdr_name);
cur_arg += 2;
} else {
/* unknown suboption - catchall */
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
Alert("parsing [%s:%d] : '%s %s' only supports optional values: 'except' and 'header'.\n",
file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add the "except" keyword to the "forwardfor" option Patch from Bryan Germann for 1.2.17. In some circumstances, it is useful not to add the X-Forwarded-For header, for instance when the client is another reverse-proxy or stunnel running on the same machine and which already adds it. This patch adds the "except" keyword to the "forwardfor" option, allowing to specify an address or network which will not be added to this header.
2007-03-25 10:00:04 -04:00
}
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
} /* end while loop */
[MEDIUM] add the "except" keyword to the "forwardfor" option Patch from Bryan Germann for 1.2.17. In some circumstances, it is useful not to add the X-Forwarded-For header, for instance when the client is another reverse-proxy or stunnel running on the same machine and which already adds it. This patch adds the "except" keyword to the "forwardfor" option, allowing to specify an address or network which will not be added to this header.
2007-03-25 10:00:04 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else {
Alert("parsing [%s:%d] : unknown option '%s'.\n", file, linenum, args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
else if (!strcmp(args[0], "default_backend")) {
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a backend name.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
}
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(curproxy->defbe.name);
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
curproxy->defbe.name = strdup(args[1]);
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(1, 0, file, linenum, args, &err_code))
goto out;
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "redispatch") || !strcmp(args[0], "redisp")) {
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
MEDIUM: config: inform the user only once that "redispatch" is deprecated It may go away in 1.6, but there's no point reporting it for each and every occurrence.
2014-04-28 16:37:32 -04:00
if (!already_warned(WARN_REDISPATCH_DEPRECATED))
Warning("parsing [%s:%d]: keyword '%s' is deprecated in favor of 'option redispatch', and will not be supported by future versions.\n",
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* enable reconnections to dispatch */
curproxy->options |= PR_O_REDISP;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(1, 0, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: config: add new setting "http-reuse" For now it only supports "never", meaning that we never want to reuse a shared connection, and "always", meaning that we can use any connection that was not marked private. When "never" is set, this also implies that no idle connection may become a shared one.
2015-08-05 08:12:31 -04:00
else if (!strcmp(args[0], "http-reuse")) {
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
err_code |= ERR_WARN;
if (strcmp(args[1], "never") == 0) {
/* enable a graceful server shutdown on an HTTP 404 response */
curproxy->options &= ~PR_O_REUSE_MASK;
curproxy->options |= PR_O_REUSE_NEVR;
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
}
MEDIUM: backend: implement "http-reuse safe" The "safe" mode consists in picking existing connections only when processing a request that's not the first one from a connection. This ensures that in case where the server finally times out and closes, the client can decide to replay idempotent requests.
2015-08-05 10:02:46 -04:00
else if (strcmp(args[1], "safe") == 0) {
/* enable a graceful server shutdown on an HTTP 404 response */
curproxy->options &= ~PR_O_REUSE_MASK;
curproxy->options |= PR_O_REUSE_SAFE;
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
}
MEDIUM: backend: add the "http-reuse aggressive" strategy This strategy is less extreme than "always", it only dispatches first requests to validated reused connections, and moves a connection from the idle list to the safe list once it has seen a second request, thus proving that it could be reused.
2015-08-05 11:16:33 -04:00
else if (strcmp(args[1], "aggressive") == 0) {
curproxy->options &= ~PR_O_REUSE_MASK;
curproxy->options |= PR_O_REUSE_AGGR;
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
}
MINOR: config: add new setting "http-reuse" For now it only supports "never", meaning that we never want to reuse a shared connection, and "always", meaning that we can use any connection that was not marked private. When "never" is set, this also implies that no idle connection may become a shared one.
2015-08-05 08:12:31 -04:00
else if (strcmp(args[1], "always") == 0) {
/* enable a graceful server shutdown on an HTTP 404 response */
curproxy->options &= ~PR_O_REUSE_MASK;
curproxy->options |= PR_O_REUSE_ALWS;
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
}
else {
MEDIUM: backend: add the "http-reuse aggressive" strategy This strategy is less extreme than "always", it only dispatches first requests to validated reused connections, and moves a connection from the idle list to the safe list once it has seen a second request, thus proving that it could be reused.
2015-08-05 11:16:33 -04:00
Alert("parsing [%s:%d] : '%s' only supports 'never', 'safe', 'aggressive', 'always'.\n", file, linenum, args[0]);
MINOR: config: add new setting "http-reuse" For now it only supports "never", meaning that we never want to reuse a shared connection, and "always", meaning that we can use any connection that was not marked private. When "never" is set, this also implies that no idle connection may become a shared one.
2015-08-05 08:12:31 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
[MEDIUM] implement "http-check disable-on-404" for graceful shutdown When an HTTP server returns "404 not found", it indicates that at least part of it is still running. For this reason, it can be convenient for application administrators to be able to consider code 404 as valid, but for a server which does not want to participate to load balancing anymore. This is useful to seamlessly exclude a server from a farm without acting on the load balancer. For instance, let's consider that haproxy checks for the "/alive" file. To enable load balancing on a server, the admin would simply do : # touch /var/www/alive And to disable the server, he would simply do : # rm /var/www/alive Another immediate gain from doing this is that it is now possible to send NOTICE messages instead of ALERT messages when a server is first disable, then goes down. This provides a graceful shutdown method. To enable this behaviour, specify "http-check disable-on-404" in the backend.
2007-11-30 04:41:39 -05:00
else if (!strcmp(args[0], "http-check")) {
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MEDIUM] implement "http-check disable-on-404" for graceful shutdown When an HTTP server returns "404 not found", it indicates that at least part of it is still running. For this reason, it can be convenient for application administrators to be able to consider code 404 as valid, but for a server which does not want to participate to load balancing anymore. This is useful to seamlessly exclude a server from a farm without acting on the load balancer. For instance, let's consider that haproxy checks for the "/alive" file. To enable load balancing on a server, the admin would simply do : # touch /var/www/alive And to disable the server, he would simply do : # rm /var/www/alive Another immediate gain from doing this is that it is now possible to send NOTICE messages instead of ALERT messages when a server is first disable, then goes down. This provides a graceful shutdown method. To enable this behaviour, specify "http-check disable-on-404" in the backend.
2007-11-30 04:41:39 -05:00
if (strcmp(args[1], "disable-on-404") == 0) {
/* enable a graceful server shutdown on an HTTP 404 response */
curproxy->options |= PR_O_DISABLE404;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
[MEDIUM] implement "http-check disable-on-404" for graceful shutdown When an HTTP server returns "404 not found", it indicates that at least part of it is still running. For this reason, it can be convenient for application administrators to be able to consider code 404 as valid, but for a server which does not want to participate to load balancing anymore. This is useful to seamlessly exclude a server from a farm without acting on the load balancer. For instance, let's consider that haproxy checks for the "/alive" file. To enable load balancing on a server, the admin would simply do : # touch /var/www/alive And to disable the server, he would simply do : # rm /var/www/alive Another immediate gain from doing this is that it is now possible to send NOTICE messages instead of ALERT messages when a server is first disable, then goes down. This provides a graceful shutdown method. To enable this behaviour, specify "http-check disable-on-404" in the backend.
2007-11-30 04:41:39 -05:00
}
[MINOR] checks: add the server's status in the checks Now a server can check the contents of the header X-Haproxy-Server-State to know how haproxy sees it. The same values as those reported in the stats are provided : - up/down status + check counts - throttle - weight vs backend weight - active sessions vs backend sessions - queue length - haproxy node name
2010-01-27 05:53:01 -05:00
else if (strcmp(args[1], "send-state") == 0) {
/* enable emission of the apparent state of a server in HTTP checks */
curproxy->options2 |= PR_O2_CHK_SNDST;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
[MINOR] checks: add the server's status in the checks Now a server can check the contents of the header X-Haproxy-Server-State to know how haproxy sees it. The same values as those reported in the stats are provided : - up/down status + check counts - throttle - weight vs backend weight - active sessions vs backend sessions - queue length - haproxy node name
2010-01-27 05:53:01 -05:00
}
[MEDIUM] checks: add support for HTTP contents lookup This patch adds the "http-check expect [r]{string,status}" statements which enable health checks based on whether the response status or body to an HTTP request contains a string or matches a regex. This probably is one of the oldest patches that remained unmerged. Over the time, several people have contributed to it, among which FinalBSD (first and second implementations), Nick Chalk (port to 1.4), Anze Skerlavaj (tests and fixes), Cyril Bonté (general fixes), and of course myself for the final fixes and doc during integration. Some people already use an old version of this patch which has several issues, among which the inability to search for a plain string that is not at the beginning of the data, and the inability to look for response contents that are provided in a second and subsequent recv() calls. But since some configs are already deployed, it was quite important to ensure a 100% compatible behaviour on the working cases. Thus, that patch fixes the issues while maintaining config compatibility with already deployed versions. (cherry picked from commit b507c43a3ce9a8e8e4b770e52e4edc20cba4c37f)
2010-03-16 13:46:54 -04:00
else if (strcmp(args[1], "expect") == 0) {
const char *ptr_arg;
int cur_arg;
if (curproxy->options2 & PR_O2_EXP_TYPE) {
Alert("parsing [%s:%d] : '%s %s' already specified.\n", file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
cur_arg = 2;
/* consider exclamation marks, sole or at the beginning of a word */
while (*(ptr_arg = args[cur_arg])) {
while (*ptr_arg == '!') {
curproxy->options2 ^= PR_O2_EXP_INV;
ptr_arg++;
}
if (*ptr_arg)
break;
cur_arg++;
}
/* now ptr_arg points to the beginning of a word past any possible
* exclamation mark, and cur_arg is the argument which holds this word.
*/
if (strcmp(ptr_arg, "status") == 0) {
if (!*(args[cur_arg + 1])) {
Alert("parsing [%s:%d] : '%s %s %s' expects <string> as an argument.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curproxy->options2 |= PR_O2_EXP_STS;
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
free(curproxy->expect_str);
[MEDIUM] checks: add support for HTTP contents lookup This patch adds the "http-check expect [r]{string,status}" statements which enable health checks based on whether the response status or body to an HTTP request contains a string or matches a regex. This probably is one of the oldest patches that remained unmerged. Over the time, several people have contributed to it, among which FinalBSD (first and second implementations), Nick Chalk (port to 1.4), Anze Skerlavaj (tests and fixes), Cyril Bonté (general fixes), and of course myself for the final fixes and doc during integration. Some people already use an old version of this patch which has several issues, among which the inability to search for a plain string that is not at the beginning of the data, and the inability to look for response contents that are provided in a second and subsequent recv() calls. But since some configs are already deployed, it was quite important to ensure a 100% compatible behaviour on the working cases. Thus, that patch fixes the issues while maintaining config compatibility with already deployed versions. (cherry picked from commit b507c43a3ce9a8e8e4b770e52e4edc20cba4c37f)
2010-03-16 13:46:54 -04:00
curproxy->expect_str = strdup(args[cur_arg + 1]);
}
else if (strcmp(ptr_arg, "string") == 0) {
if (!*(args[cur_arg + 1])) {
Alert("parsing [%s:%d] : '%s %s %s' expects <string> as an argument.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curproxy->options2 |= PR_O2_EXP_STR;
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
free(curproxy->expect_str);
[MEDIUM] checks: add support for HTTP contents lookup This patch adds the "http-check expect [r]{string,status}" statements which enable health checks based on whether the response status or body to an HTTP request contains a string or matches a regex. This probably is one of the oldest patches that remained unmerged. Over the time, several people have contributed to it, among which FinalBSD (first and second implementations), Nick Chalk (port to 1.4), Anze Skerlavaj (tests and fixes), Cyril Bonté (general fixes), and of course myself for the final fixes and doc during integration. Some people already use an old version of this patch which has several issues, among which the inability to search for a plain string that is not at the beginning of the data, and the inability to look for response contents that are provided in a second and subsequent recv() calls. But since some configs are already deployed, it was quite important to ensure a 100% compatible behaviour on the working cases. Thus, that patch fixes the issues while maintaining config compatibility with already deployed versions. (cherry picked from commit b507c43a3ce9a8e8e4b770e52e4edc20cba4c37f)
2010-03-16 13:46:54 -04:00
curproxy->expect_str = strdup(args[cur_arg + 1]);
}
else if (strcmp(ptr_arg, "rstatus") == 0) {
if (!*(args[cur_arg + 1])) {
Alert("parsing [%s:%d] : '%s %s %s' expects <regex> as an argument.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curproxy->options2 |= PR_O2_EXP_RSTS;
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
free(curproxy->expect_str);
MINOR: regex: fix a little configuration memory leak. The function regfree free the memory allocated to the pattern buffer by the compiling process. It is not freeing the buffer itself.
2014-06-11 08:45:31 -04:00
if (curproxy->expect_regex) {
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
regex_free(curproxy->expect_regex);
MINOR: regex: fix a little configuration memory leak. The function regfree free the memory allocated to the pattern buffer by the compiling process. It is not freeing the buffer itself.
2014-06-11 08:45:31 -04:00
free(curproxy->expect_regex);
curproxy->expect_regex = NULL;
}
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
curproxy->expect_str = strdup(args[cur_arg + 1]);
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
curproxy->expect_regex = calloc(1, sizeof(*curproxy->expect_regex));
error = NULL;
if (!regex_comp(args[cur_arg + 1], curproxy->expect_regex, 1, 1, &error)) {
Alert("parsing [%s:%d] : '%s %s %s' : bad regular expression '%s': %s.\n",
file, linenum, args[0], args[1], ptr_arg, args[cur_arg + 1], error);
free(error);
[MEDIUM] checks: add support for HTTP contents lookup This patch adds the "http-check expect [r]{string,status}" statements which enable health checks based on whether the response status or body to an HTTP request contains a string or matches a regex. This probably is one of the oldest patches that remained unmerged. Over the time, several people have contributed to it, among which FinalBSD (first and second implementations), Nick Chalk (port to 1.4), Anze Skerlavaj (tests and fixes), Cyril Bonté (general fixes), and of course myself for the final fixes and doc during integration. Some people already use an old version of this patch which has several issues, among which the inability to search for a plain string that is not at the beginning of the data, and the inability to look for response contents that are provided in a second and subsequent recv() calls. But since some configs are already deployed, it was quite important to ensure a 100% compatible behaviour on the working cases. Thus, that patch fixes the issues while maintaining config compatibility with already deployed versions. (cherry picked from commit b507c43a3ce9a8e8e4b770e52e4edc20cba4c37f)
2010-03-16 13:46:54 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
else if (strcmp(ptr_arg, "rstring") == 0) {
if (!*(args[cur_arg + 1])) {
Alert("parsing [%s:%d] : '%s %s %s' expects <regex> as an argument.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curproxy->options2 |= PR_O2_EXP_RSTR;
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
free(curproxy->expect_str);
MINOR: regex: fix a little configuration memory leak. The function regfree free the memory allocated to the pattern buffer by the compiling process. It is not freeing the buffer itself.
2014-06-11 08:45:31 -04:00
if (curproxy->expect_regex) {
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
regex_free(curproxy->expect_regex);
MINOR: regex: fix a little configuration memory leak. The function regfree free the memory allocated to the pattern buffer by the compiling process. It is not freeing the buffer itself.
2014-06-11 08:45:31 -04:00
free(curproxy->expect_regex);
curproxy->expect_regex = NULL;
}
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
curproxy->expect_str = strdup(args[cur_arg + 1]);
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
curproxy->expect_regex = calloc(1, sizeof(*curproxy->expect_regex));
error = NULL;
if (!regex_comp(args[cur_arg + 1], curproxy->expect_regex, 1, 1, &error)) {
Alert("parsing [%s:%d] : '%s %s %s' : bad regular expression '%s': %s.\n",
file, linenum, args[0], args[1], ptr_arg, args[cur_arg + 1], error);
free(error);
[MEDIUM] checks: add support for HTTP contents lookup This patch adds the "http-check expect [r]{string,status}" statements which enable health checks based on whether the response status or body to an HTTP request contains a string or matches a regex. This probably is one of the oldest patches that remained unmerged. Over the time, several people have contributed to it, among which FinalBSD (first and second implementations), Nick Chalk (port to 1.4), Anze Skerlavaj (tests and fixes), Cyril Bonté (general fixes), and of course myself for the final fixes and doc during integration. Some people already use an old version of this patch which has several issues, among which the inability to search for a plain string that is not at the beginning of the data, and the inability to look for response contents that are provided in a second and subsequent recv() calls. But since some configs are already deployed, it was quite important to ensure a 100% compatible behaviour on the working cases. Thus, that patch fixes the issues while maintaining config compatibility with already deployed versions. (cherry picked from commit b507c43a3ce9a8e8e4b770e52e4edc20cba4c37f)
2010-03-16 13:46:54 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
else {
Alert("parsing [%s:%d] : '%s %s' only supports [!] 'status', 'string', 'rstatus', 'rstring', found '%s'.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
[MEDIUM] implement "http-check disable-on-404" for graceful shutdown When an HTTP server returns "404 not found", it indicates that at least part of it is still running. For this reason, it can be convenient for application administrators to be able to consider code 404 as valid, but for a server which does not want to participate to load balancing anymore. This is useful to seamlessly exclude a server from a farm without acting on the load balancer. For instance, let's consider that haproxy checks for the "/alive" file. To enable load balancing on a server, the admin would simply do : # touch /var/www/alive And to disable the server, he would simply do : # rm /var/www/alive Another immediate gain from doing this is that it is now possible to send NOTICE messages instead of ALERT messages when a server is first disable, then goes down. This provides a graceful shutdown method. To enable this behaviour, specify "http-check disable-on-404" in the backend.
2007-11-30 04:41:39 -05:00
else {
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
Alert("parsing [%s:%d] : '%s' only supports 'disable-on-404', 'send-state', 'expect'.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] implement "http-check disable-on-404" for graceful shutdown When an HTTP server returns "404 not found", it indicates that at least part of it is still running. For this reason, it can be convenient for application administrators to be able to consider code 404 as valid, but for a server which does not want to participate to load balancing anymore. This is useful to seamlessly exclude a server from a farm without acting on the load balancer. For instance, let's consider that haproxy checks for the "/alive" file. To enable load balancing on a server, the admin would simply do : # touch /var/www/alive And to disable the server, he would simply do : # rm /var/www/alive Another immediate gain from doing this is that it is now possible to send NOTICE messages instead of ALERT messages when a server is first disable, then goes down. This provides a graceful shutdown method. To enable this behaviour, specify "http-check disable-on-404" in the backend.
2007-11-30 04:41:39 -05:00
}
}
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
else if (!strcmp(args[0], "tcp-check")) {
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
err_code |= ERR_WARN;
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
if (strcmp(args[1], "comment") == 0) {
int cur_arg;
struct tcpcheck_rule *tcpcheck;
cur_arg = 1;
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
tcpcheck = calloc(1, sizeof(*tcpcheck));
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
tcpcheck->action = TCPCHK_ACT_COMMENT;
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d] : '%s' expects a comment string.\n",
file, linenum, args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->comment = strdup(args[cur_arg + 1]);
LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list);
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(1, 1, file, linenum, args, &err_code))
goto out;
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
}
else if (strcmp(args[1], "connect") == 0) {
MEDIUM: tcp-check new feature: connect A new tcp-check rule type: connect. It allows HAProxy to test applications which stand on multiple ports or multiple applications load-balanced through the same backend.
2013-12-10 18:52:19 -05:00
const char *ptr_arg;
int cur_arg;
struct tcpcheck_rule *tcpcheck;
/* check if first rule is also a 'connect' action */
BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct The method used to skip to next rule in the list is wrong, it assumes that the list element starts at the same offset as the rule. It happens to be true on most architectures since the list is the first element for now but it's definitely wrong. Now the code doesn't crash anymore when the struct list is moved anywhere else in the struct tcpcheck_rule. This fix must be backported to 1.5.
2015-05-13 06:24:53 -04:00
tcpcheck = LIST_NEXT(&curproxy->tcpcheck_rules, struct tcpcheck_rule *, list);
while (&tcpcheck->list != &curproxy->tcpcheck_rules &&
tcpcheck->action == TCPCHK_ACT_COMMENT) {
tcpcheck = LIST_NEXT(&tcpcheck->list, struct tcpcheck_rule *, list);
}
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct The method used to skip to next rule in the list is wrong, it assumes that the list element starts at the same offset as the rule. It happens to be true on most architectures since the list is the first element for now but it's definitely wrong. Now the code doesn't crash anymore when the struct list is moved anywhere else in the struct tcpcheck_rule. This fix must be backported to 1.5.
2015-05-13 06:24:53 -04:00
if (&tcpcheck->list != &curproxy->tcpcheck_rules
&& tcpcheck->action != TCPCHK_ACT_CONNECT) {
Alert("parsing [%s:%d] : first step MUST also be a 'connect' when there is a 'connect' step in the tcp-check ruleset.\n",
file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
MEDIUM: tcp-check new feature: connect A new tcp-check rule type: connect. It allows HAProxy to test applications which stand on multiple ports or multiple applications load-balanced through the same backend.
2013-12-10 18:52:19 -05:00
}
cur_arg = 2;
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
tcpcheck = calloc(1, sizeof(*tcpcheck));
MEDIUM: tcp-check new feature: connect A new tcp-check rule type: connect. It allows HAProxy to test applications which stand on multiple ports or multiple applications load-balanced through the same backend.
2013-12-10 18:52:19 -05:00
tcpcheck->action = TCPCHK_ACT_CONNECT;
/* parsing each parameters to fill up the rule */
while (*(ptr_arg = args[cur_arg])) {
/* tcp port */
if (strcmp(args[cur_arg], "port") == 0) {
if ( (atol(args[cur_arg + 1]) > 65535) ||
(atol(args[cur_arg + 1]) < 1) ){
Alert("parsing [%s:%d] : '%s %s %s' expects a valid TCP port (from range 1 to 65535), got %s.\n",
file, linenum, args[0], args[1], "port", args[cur_arg + 1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->port = atol(args[cur_arg + 1]);
cur_arg += 2;
}
/* send proxy protocol */
else if (strcmp(args[cur_arg], "send-proxy") == 0) {
tcpcheck->conn_opts |= TCPCHK_OPT_SEND_PROXY;
cur_arg++;
}
#ifdef USE_OPENSSL
else if (strcmp(args[cur_arg], "ssl") == 0) {
curproxy->options |= PR_O_TCPCHK_SSL;
tcpcheck->conn_opts |= TCPCHK_OPT_SSL;
cur_arg++;
}
#endif /* USE_OPENSSL */
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
/* comment for this tcpcheck line */
else if (strcmp(args[cur_arg], "comment") == 0) {
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d] : '%s' expects a comment string.\n",
file, linenum, args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->comment = strdup(args[cur_arg + 1]);
cur_arg += 2;
}
MEDIUM: tcp-check new feature: connect A new tcp-check rule type: connect. It allows HAProxy to test applications which stand on multiple ports or multiple applications load-balanced through the same backend.
2013-12-10 18:52:19 -05:00
else {
#ifdef USE_OPENSSL
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
Alert("parsing [%s:%d] : '%s %s' expects 'comment', 'port', 'send-proxy' or 'ssl' but got '%s' as argument.\n",
MEDIUM: tcp-check new feature: connect A new tcp-check rule type: connect. It allows HAProxy to test applications which stand on multiple ports or multiple applications load-balanced through the same backend.
2013-12-10 18:52:19 -05:00
#else /* USE_OPENSSL */
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
Alert("parsing [%s:%d] : '%s %s' expects 'comment', 'port', 'send-proxy' or but got '%s' as argument.\n",
MEDIUM: tcp-check new feature: connect A new tcp-check rule type: connect. It allows HAProxy to test applications which stand on multiple ports or multiple applications load-balanced through the same backend.
2013-12-10 18:52:19 -05:00
#endif /* USE_OPENSSL */
file, linenum, args[0], args[1], args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list);
}
else if (strcmp(args[1], "send") == 0) {
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
if (! *(args[2]) ) {
/* SEND string expected */
Alert("parsing [%s:%d] : '%s %s %s' expects <STRING> as argument.\n",
file, linenum, args[0], args[1], args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
} else {
struct tcpcheck_rule *tcpcheck;
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
tcpcheck = calloc(1, sizeof(*tcpcheck));
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
tcpcheck->action = TCPCHK_ACT_SEND;
tcpcheck->string_len = strlen(args[2]);
tcpcheck->string = strdup(args[2]);
tcpcheck->expect_regex = NULL;
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
/* comment for this tcpcheck line */
if (strcmp(args[3], "comment") == 0) {
if (!*args[4]) {
Alert("parsing [%s:%d] : '%s' expects a comment string.\n",
file, linenum, args[3]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->comment = strdup(args[4]);
}
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list);
}
}
else if (strcmp(args[1], "send-binary") == 0) {
if (! *(args[2]) ) {
/* SEND binary string expected */
Alert("parsing [%s:%d] : '%s %s %s' expects <BINARY STRING> as argument.\n",
file, linenum, args[0], args[1], args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
} else {
struct tcpcheck_rule *tcpcheck;
char *err = NULL;
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
tcpcheck = calloc(1, sizeof(*tcpcheck));
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
tcpcheck->action = TCPCHK_ACT_SEND;
if (parse_binary(args[2], &tcpcheck->string, &tcpcheck->string_len, &err) == 0) {
Alert("parsing [%s:%d] : '%s %s %s' expects <BINARY STRING> as argument, but %s\n",
file, linenum, args[0], args[1], args[2], err);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->expect_regex = NULL;
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
/* comment for this tcpcheck line */
if (strcmp(args[3], "comment") == 0) {
if (!*args[4]) {
Alert("parsing [%s:%d] : '%s' expects a comment string.\n",
file, linenum, args[3]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->comment = strdup(args[4]);
}
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list);
}
}
else if (strcmp(args[1], "expect") == 0) {
const char *ptr_arg;
int cur_arg;
int inverse = 0;
if (curproxy->options2 & PR_O2_EXP_TYPE) {
Alert("parsing [%s:%d] : '%s %s' already specified.\n", file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
cur_arg = 2;
/* consider exclamation marks, sole or at the beginning of a word */
while (*(ptr_arg = args[cur_arg])) {
while (*ptr_arg == '!') {
inverse = !inverse;
ptr_arg++;
}
if (*ptr_arg)
break;
cur_arg++;
}
/* now ptr_arg points to the beginning of a word past any possible
* exclamation mark, and cur_arg is the argument which holds this word.
*/
if (strcmp(ptr_arg, "binary") == 0) {
BUILD/CLEANUP: config: silent 3 warnings about mixed declarations with code These ones were present in the tcp-check parser.
2015-02-27 10:37:05 -05:00
struct tcpcheck_rule *tcpcheck;
char *err = NULL;
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
if (!*(args[cur_arg + 1])) {
Alert("parsing [%s:%d] : '%s %s %s' expects <binary string> as an argument.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
tcpcheck = calloc(1, sizeof(*tcpcheck));
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
tcpcheck->action = TCPCHK_ACT_EXPECT;
if (parse_binary(args[cur_arg + 1], &tcpcheck->string, &tcpcheck->string_len, &err) == 0) {
Alert("parsing [%s:%d] : '%s %s %s' expects <BINARY STRING> as argument, but %s\n",
file, linenum, args[0], args[1], args[2], err);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->expect_regex = NULL;
tcpcheck->inverse = inverse;
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
/* tcpcheck comment */
cur_arg += 2;
if (strcmp(args[cur_arg], "comment") == 0) {
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d] : '%s' expects a comment string.\n",
file, linenum, args[cur_arg + 1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->comment = strdup(args[cur_arg + 1]);
}
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list);
}
else if (strcmp(ptr_arg, "string") == 0) {
BUILD/CLEANUP: config: silent 3 warnings about mixed declarations with code These ones were present in the tcp-check parser.
2015-02-27 10:37:05 -05:00
struct tcpcheck_rule *tcpcheck;
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
if (!*(args[cur_arg + 1])) {
Alert("parsing [%s:%d] : '%s %s %s' expects <string> as an argument.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
tcpcheck = calloc(1, sizeof(*tcpcheck));
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
tcpcheck->action = TCPCHK_ACT_EXPECT;
tcpcheck->string_len = strlen(args[cur_arg + 1]);
tcpcheck->string = strdup(args[cur_arg + 1]);
tcpcheck->expect_regex = NULL;
tcpcheck->inverse = inverse;
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
/* tcpcheck comment */
cur_arg += 2;
if (strcmp(args[cur_arg], "comment") == 0) {
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d] : '%s' expects a comment string.\n",
file, linenum, args[cur_arg + 1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->comment = strdup(args[cur_arg + 1]);
}
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list);
}
else if (strcmp(ptr_arg, "rstring") == 0) {
BUILD/CLEANUP: config: silent 3 warnings about mixed declarations with code These ones were present in the tcp-check parser.
2015-02-27 10:37:05 -05:00
struct tcpcheck_rule *tcpcheck;
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
if (!*(args[cur_arg + 1])) {
Alert("parsing [%s:%d] : '%s %s %s' expects <regex> as an argument.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
tcpcheck = calloc(1, sizeof(*tcpcheck));
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
tcpcheck->action = TCPCHK_ACT_EXPECT;
tcpcheck->string_len = 0;
tcpcheck->string = NULL;
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
tcpcheck->expect_regex = calloc(1, sizeof(*tcpcheck->expect_regex));
error = NULL;
if (!regex_comp(args[cur_arg + 1], tcpcheck->expect_regex, 1, 1, &error)) {
Alert("parsing [%s:%d] : '%s %s %s' : bad regular expression '%s': %s.\n",
file, linenum, args[0], args[1], ptr_arg, args[cur_arg + 1], error);
free(error);
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->inverse = inverse;
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
/* tcpcheck comment */
cur_arg += 2;
if (strcmp(args[cur_arg], "comment") == 0) {
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d] : '%s' expects a comment string.\n",
file, linenum, args[cur_arg + 1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->comment = strdup(args[cur_arg + 1]);
}
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list);
}
else {
Alert("parsing [%s:%d] : '%s %s' only supports [!] 'binary', 'string', 'rstring', found '%s'.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
else {
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
Alert("parsing [%s:%d] : '%s' only supports 'comment', 'connect', 'send' or 'expect'.\n", file, linenum, args[0]);
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
else if (!strcmp(args[0], "monitor")) {
[BUG] acl-related keywords are not allowed in defaults sections Using an ACL-related keyword in the defaults section causes a segfault during parsing because the list headers are not initialized. We must initialize list headers for default instance and reject keywords relying on ACLs. (cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4) (cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
2008-10-12 11:26:37 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BUG] acl-related keywords are not allowed in defaults sections Using an ACL-related keyword in the defaults section causes a segfault during parsing because the list headers are not initialized. We must initialize list headers for default instance and reject keywords relying on ACLs. (cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4) (cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
2008-10-12 11:26:37 -04:00
}
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
if (strcmp(args[1], "fail") == 0) {
/* add a condition to fail monitor requests */
[CLEANUP] config: use build_acl_cond() instead of parse_acl_cond() This allows to clean up the code a little bit by moving some of the ACL internals out of the config parser.
2010-01-28 11:12:36 -05:00
if (strcmp(args[2], "if") != 0 && strcmp(args[2], "unless") != 0) {
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
Alert("parsing [%s:%d] : '%s %s' requires either 'if' or 'unless' followed by a condition.\n",
file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
}
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
if ((cond = build_acl_cond(file, linenum, curproxy, (const char **)args + 2, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing a '%s %s' condition : %s.\n",
file, linenum, args[0], args[1], errmsg);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
}
LIST_ADDQ(&curproxy->mon_fail_cond, &cond->list);
}
else {
Alert("parsing [%s:%d] : '%s' only supports 'fail'.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#ifdef TPROXY
else if (!strcmp(args[0], "transparent")) {
/* enable transparent proxy connections */
curproxy->options |= PR_O_TRANSP;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
#endif
else if (!strcmp(args[0], "maxconn")) { /* maxconn */
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], " Maybe you want 'fullconn' instead ?"))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
curproxy->maxconn = atol(args[1]);
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] add support for the "backlog" parameter Add the "backlog" parameter to frontends, to give hints to the system about the approximate listen backlog desired size. In order to protect against SYN flood attacks, one solution is to increase the system's SYN backlog size. Depending on the system, sometimes it is just tunable via a system parameter, sometimes it is not adjustable at all, and sometimes the system relies on hints given by the application at the time of the listen() syscall. By default, HAProxy passes the frontend's maxconn value to the listen() syscall. On systems which can make use of this value, it can sometimes be useful to be able to specify a different value, hence this backlog parameter.
2008-01-06 04:55:10 -05:00
else if (!strcmp(args[0], "backlog")) { /* backlog */
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MINOR] add support for the "backlog" parameter Add the "backlog" parameter to frontends, to give hints to the system about the approximate listen backlog desired size. In order to protect against SYN flood attacks, one solution is to increase the system's SYN backlog size. Depending on the system, sometimes it is just tunable via a system parameter, sometimes it is not adjustable at all, and sometimes the system relies on hints given by the application at the time of the listen() syscall. By default, HAProxy passes the frontend's maxconn value to the listen() syscall. On systems which can make use of this value, it can sometimes be useful to be able to specify a different value, hence this backlog parameter.
2008-01-06 04:55:10 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] add support for the "backlog" parameter Add the "backlog" parameter to frontends, to give hints to the system about the approximate listen backlog desired size. In order to protect against SYN flood attacks, one solution is to increase the system's SYN backlog size. Depending on the system, sometimes it is just tunable via a system parameter, sometimes it is not adjustable at all, and sometimes the system relies on hints given by the application at the time of the listen() syscall. By default, HAProxy passes the frontend's maxconn value to the listen() syscall. On systems which can make use of this value, it can sometimes be useful to be able to specify a different value, hence this backlog parameter.
2008-01-06 04:55:10 -05:00
}
curproxy->backlog = atol(args[1]);
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] add support for the "backlog" parameter Add the "backlog" parameter to frontends, to give hints to the system about the approximate listen backlog desired size. In order to protect against SYN flood attacks, one solution is to increase the system's SYN backlog size. Depending on the system, sometimes it is just tunable via a system parameter, sometimes it is not adjustable at all, and sometimes the system relies on hints given by the application at the time of the listen() syscall. By default, HAProxy passes the frontend's maxconn value to the listen() syscall. On systems which can make use of this value, it can sometimes be useful to be able to specify a different value, hence this backlog parameter.
2008-01-06 04:55:10 -05:00
}
[MEDIUM] split fe->maxconn into fe->maxconn and be->fullconn The maxconn argument is used only for the listeners, and the fullconn is used only for the backends. If unset, it inherits maxconn's value which itself can inherit the default or the global value (we might need to change this).
2006-12-28 18:10:33 -05:00
else if (!strcmp(args[0], "fullconn")) { /* fullconn */
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], " Maybe you want 'maxconn' instead ?"))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
[MEDIUM] split fe->maxconn into fe->maxconn and be->fullconn The maxconn argument is used only for the listeners, and the fullconn is used only for the backends. If unset, it inherits maxconn's value which itself can inherit the default or the global value (we might need to change this).
2006-12-28 18:10:33 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] split fe->maxconn into fe->maxconn and be->fullconn The maxconn argument is used only for the listeners, and the fullconn is used only for the backends. If unset, it inherits maxconn's value which itself can inherit the default or the global value (we might need to change this).
2006-12-28 18:10:33 -05:00
}
curproxy->fullconn = atol(args[1]);
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] split fe->maxconn into fe->maxconn and be->fullconn The maxconn argument is used only for the listeners, and the fullconn is used only for the backends. If unset, it inherits maxconn's value which itself can inherit the default or the global value (we might need to change this).
2006-12-28 18:10:33 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "grace")) { /* grace time (ms) */
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a time in milliseconds.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] add support for time units in the configuration It is not always handy to manipulate large values exprimed in milliseconds for timeouts. Also, some values are entered in seconds (such as the stats refresh interval). This patch adds support for time units. It knows about 'us', 'ms', 's', 'm', 'h', and 'd'. It automatically converts each value into the caller's expected unit. Unit-less values are still passed unchanged. The unit must be passed as a suffix to the number. For instance: clitimeout 15m If any character is not understood, an error is returned.
2007-12-02 16:15:14 -05:00
err = parse_time_err(args[1], &val, TIME_UNIT_MS);
if (err) {
Alert("parsing [%s:%d] : unexpected character '%c' in grace time.\n",
file, linenum, *err);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for time units in the configuration It is not always handy to manipulate large values exprimed in milliseconds for timeouts. Also, some values are entered in seconds (such as the stats refresh interval). This patch adds support for time units. It knows about 'us', 'ms', 's', 'm', 'h', and 'd'. It automatically converts each value into the caller's expected unit. Unit-less values are still passed unchanged. The unit must be passed as a suffix to the number. For instance: clitimeout 15m If any character is not understood, an error is returned.
2007-12-02 16:15:14 -05:00
}
curproxy->grace = val;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "dispatch")) { /* dispatch address */
[MEDIUM] add internal support for IPv6 server addresses This patch turns internal server addresses to sockaddr_storage to store IPv6 addresses, and makes the connect() function use it. This code already works but some caveats with getaddrinfo/gethostbyname still need to be sorted out while the changes had to be merged at this stage of internal architecture changes. So for now the config parser will not emit an IPv6 address yet so that user experience remains unchanged. This change should have absolutely zero user-visible effect, otherwise it's a bug introduced during the merge, that should be reported ASAP.
2011-03-10 16:26:24 -05:00
struct sockaddr_storage *sk;
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
int port1, port2;
MEDIUM: config: add complete support for str2sa_range() in dispatch The dispatch statement now completely relies on str2sa_range() to parse an address.
2013-03-06 10:52:04 -05:00
struct protocol *proto;
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
else if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
MINOR: tools: make str2sa_range() return the port in a separate argument This will be needed so that we're don't have to extract it from the returned address where it will not always be anymore (eg: for unresolved servers).
2017-01-06 12:32:38 -05:00
sk = str2sa_range(args[1], NULL, &port1, &port2, &errmsg, NULL, NULL, 1);
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (!sk) {
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
Alert("parsing [%s:%d] : '%s' : %s\n", file, linenum, args[0], errmsg);
MEDIUM: config: add complete support for str2sa_range() in dispatch The dispatch statement now completely relies on str2sa_range() to parse an address.
2013-03-06 10:52:04 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
proto = protocol_by_family(sk->ss_family);
if (!proto || !proto->connect) {
Alert("parsing [%s:%d] : '%s %s' : connect() not supported for this address family.\n",
file, linenum, args[0], args[1]);
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (port1 != port2) {
Alert("parsing [%s:%d] : '%s' : port ranges and offsets are not allowed in '%s'.\n",
file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (!port1) {
Alert("parsing [%s:%d] : '%s' : missing port number in '%s', <addr:port> expected.\n",
file, linenum, args[0], args[1]);
[BUG] config: report unresolvable host names as errors When a host name could not be resolved, an alert was emitted but the service used to start with 0.0.0.0 for the IP address, because the address parsing functions could not report an error. This is now changed. This fix must be backported to 1.3 as it was first discovered there.
2010-02-09 14:50:45 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BUG] config: report unresolvable host names as errors When a host name could not be resolved, an alert was emitted but the service used to start with 0.0.0.0 for the IP address, because the address parsing functions could not report an error. This is now changed. This fix must be backported to 1.3 as it was first discovered there.
2010-02-09 14:50:45 -05:00
curproxy->dispatch_addr = *sk;
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
curproxy->options |= PR_O_DISPATCH;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "balance")) { /* set balancing with optional algorithm */
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
MEDIUM: cfgparse: make backend_parse_balance() use memprintf to report errors Using the new error reporting framework makes it easier to report complex errors.
2012-05-08 12:14:39 -04:00
if (backend_parse_balance((const char **)args + 1, &errmsg, curproxy) < 0) {
Alert("parsing [%s:%d] : %s %s\n", file, linenum, args[0], errmsg);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] implement the URI hash algorithm Guillaume Dallaire contributed the URI hashing algorithm for use with proxy-caches. It provides the advantage of optimizing the cache hit rate.
2007-05-08 07:35:26 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
else if (!strcmp(args[0], "hash-type")) { /* set hashing method */
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
/**
* The syntax for hash-type config element is
* hash-type {map-based|consistent} [[<algo>] avalanche]
*
* The default hash function is sdbm for map-based and sdbm+avalanche for consistent.
*/
curproxy->lbprm.algo &= ~(BE_LB_HASH_TYPE | BE_LB_HASH_FUNC | BE_LB_HASH_MOD);
MEDIUM: backend: Enhance hash-type directive with an algorithm options Summary: In testing at tumblr, we found that using djb2 hashing instead of the default sdbm hashing resulted is better workload distribution to our backends. This commit implements a change, that allows the user to specify the hash function they want to use. It does not limit itself to consistent hashing scenarios. The supported hash functions are sdbm (default), and djb2. For a discussion of the feature and analysis, see mailing list thread "Consistent hashing alternative to sdbm" : http://marc.info/?l=haproxy&m=138213693909219 Note: This change does NOT make changes to new features, for instance, applying an avalance hashing always being performed before applying consistent hashing.
2013-10-29 23:30:51 -04:00
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
err_code |= ERR_WARN;
if (strcmp(args[1], "consistent") == 0) { /* use consistent hashing */
curproxy->lbprm.algo |= BE_LB_HASH_CONS;
}
else if (strcmp(args[1], "map-based") == 0) { /* use map-based hashing */
curproxy->lbprm.algo |= BE_LB_HASH_MAP;
}
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
else if (strcmp(args[1], "avalanche") == 0) {
Alert("parsing [%s:%d] : experimental feature '%s %s' is not supported anymore, please use '%s map-based sdbm avalanche' instead.\n", file, linenum, args[0], args[1], args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] hash: add support for an 'avalanche' hash-type When the number of servers is a multiple of the size of the input set, map-based hash can be inefficient. This typically happens with 64 servers when doing URI hashing. The "avalanche" hash-type applies an avalanche hash before performing a map lookup in order to smooth the distribution. The result is slightly less smooth than the map for small numbers of servers, but still better than the consistent hashing.
2010-11-24 09:04:29 -05:00
}
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
else {
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
Alert("parsing [%s:%d] : '%s' only supports 'consistent' and 'map-based'.\n", file, linenum, args[0]);
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
MEDIUM: backend: Enhance hash-type directive with an algorithm options Summary: In testing at tumblr, we found that using djb2 hashing instead of the default sdbm hashing resulted is better workload distribution to our backends. This commit implements a change, that allows the user to specify the hash function they want to use. It does not limit itself to consistent hashing scenarios. The supported hash functions are sdbm (default), and djb2. For a discussion of the feature and analysis, see mailing list thread "Consistent hashing alternative to sdbm" : http://marc.info/?l=haproxy&m=138213693909219 Note: This change does NOT make changes to new features, for instance, applying an avalance hashing always being performed before applying consistent hashing.
2013-10-29 23:30:51 -04:00
}
/* set the hash function to use */
if (!*args[2]) {
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
/* the default algo is sdbm */
MEDIUM: backend: Enhance hash-type directive with an algorithm options Summary: In testing at tumblr, we found that using djb2 hashing instead of the default sdbm hashing resulted is better workload distribution to our backends. This commit implements a change, that allows the user to specify the hash function they want to use. It does not limit itself to consistent hashing scenarios. The supported hash functions are sdbm (default), and djb2. For a discussion of the feature and analysis, see mailing list thread "Consistent hashing alternative to sdbm" : http://marc.info/?l=haproxy&m=138213693909219 Note: This change does NOT make changes to new features, for instance, applying an avalance hashing always being performed before applying consistent hashing.
2013-10-29 23:30:51 -04:00
curproxy->lbprm.algo |= BE_LB_HFCN_SDBM;
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
/* if consistent with no argument, then avalanche modifier is also applied */
if ((curproxy->lbprm.algo & BE_LB_HASH_TYPE) == BE_LB_HASH_CONS)
curproxy->lbprm.algo |= BE_LB_HMOD_AVAL;
MEDIUM: backend: Enhance hash-type directive with an algorithm options Summary: In testing at tumblr, we found that using djb2 hashing instead of the default sdbm hashing resulted is better workload distribution to our backends. This commit implements a change, that allows the user to specify the hash function they want to use. It does not limit itself to consistent hashing scenarios. The supported hash functions are sdbm (default), and djb2. For a discussion of the feature and analysis, see mailing list thread "Consistent hashing alternative to sdbm" : http://marc.info/?l=haproxy&m=138213693909219 Note: This change does NOT make changes to new features, for instance, applying an avalance hashing always being performed before applying consistent hashing.
2013-10-29 23:30:51 -04:00
} else {
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
/* set the hash function */
if (!strcmp(args[2], "sdbm")) {
curproxy->lbprm.algo |= BE_LB_HFCN_SDBM;
}
else if (!strcmp(args[2], "djb2")) {
curproxy->lbprm.algo |= BE_LB_HFCN_DJB2;
MEDIUM: backend: add the crc32 hash algorithm for load balancing Since we have it available, let's make it usable for load balancing, it comes at no cost except 3 lines of documentation.
2015-01-20 13:44:50 -05:00
}
else if (!strcmp(args[2], "wt6")) {
MEDIUM: backend: add support for the wt6 hash This function was designed for haproxy while testing other functions in the past. Initially it was not planned to be used given the not very interesting numbers it showed on real URL data : it is not as smooth as the other ones. But later tests showed that the other ones are extremely sensible to the server count and the type of input data, especially DJB2 which must not be used on numeric input. So in fact this function is still a generally average performer and it can make sense to merge it in the end, as it can provide an alternative to sdbm+avalanche or djb2+avalanche for consistent hashing or when hashing on numeric data such as a source IP address or a visitor identifier in a URL parameter.
2013-11-14 08:30:35 -05:00
curproxy->lbprm.algo |= BE_LB_HFCN_WT6;
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
}
MEDIUM: backend: add the crc32 hash algorithm for load balancing Since we have it available, let's make it usable for load balancing, it comes at no cost except 3 lines of documentation.
2015-01-20 13:44:50 -05:00
else if (!strcmp(args[2], "crc32")) {
curproxy->lbprm.algo |= BE_LB_HFCN_CRC32;
}
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
else {
MEDIUM: backend: add the crc32 hash algorithm for load balancing Since we have it available, let's make it usable for load balancing, it comes at no cost except 3 lines of documentation.
2015-01-20 13:44:50 -05:00
Alert("parsing [%s:%d] : '%s' only supports 'sdbm', 'djb2', 'crc32', or 'wt6' hash functions.\n", file, linenum, args[0]);
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
/* set the hash modifier */
if (!strcmp(args[3], "avalanche")) {
curproxy->lbprm.algo |= BE_LB_HMOD_AVAL;
}
else if (*args[3]) {
Alert("parsing [%s:%d] : '%s' only supports 'avalanche' as a modifier for hash functions.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
}
}
MINOR: backend: add hash-balance-factor option for hash-type consistent 0 will mean no balancing occurs; otherwise it represents the ratio between the highest-loaded server and the average load, times 100 (i.e. a value of 150 means a 1.5x ratio), assuming equal weights. Signed-off-by: Andrew Rodland <andrewr@vimeo.com>
2016-10-25 12:49:05 -04:00
else if (strcmp(args[0], "hash-balance-factor") == 0) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curproxy->lbprm.chash.balance_factor = atol(args[1]);
if (curproxy->lbprm.chash.balance_factor != 0 && curproxy->lbprm.chash.balance_factor <= 100) {
Alert("parsing [%s:%d] : '%s' must be 0 or greater than 100.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
MEDIUM: log: Unique ID The Unique ID, is an ID generated with several informations. You can use a log-format string to customize it, with the "unique-id-format" keyword, and insert it in the request header, with the "unique-id-header" keyword.
2012-03-12 07:48:57 -04:00
else if (strcmp(args[0], "unique-id-format") == 0) {
if (!*(args[1])) {
Alert("parsing [%s:%d] : %s expects an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: log-format: check number of arguments in cfgparse.c Exit with error if there is a second argument in the 'log-format' and 'unique-id-format' options. It is convenient when we forgot to escape spaces.
2012-11-11 11:30:56 -05:00
if (*(args[2])) {
Alert("parsing [%s:%d] : %s expects only one argument, don't forget to escape spaces!\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
free(curproxy->conf.uniqueid_format_string);
curproxy->conf.uniqueid_format_string = strdup(args[1]);
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
free(curproxy->conf.uif_file);
curproxy->conf.uif_file = strdup(curproxy->conf.args.file);
curproxy->conf.uif_line = curproxy->conf.args.line;
MEDIUM: log: Unique ID The Unique ID, is an ID generated with several informations. You can use a log-format string to customize it, with the "unique-id-format" keyword, and insert it in the request header, with the "unique-id-header" keyword.
2012-03-12 07:48:57 -04:00
}
else if (strcmp(args[0], "unique-id-header") == 0) {
if (!*(args[1])) {
Alert("parsing [%s:%d] : %s expects an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(curproxy->header_unique_id);
curproxy->header_unique_id = strdup(args[1]);
}
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
else if (strcmp(args[0], "log-format") == 0) {
if (!*(args[1])) {
Alert("parsing [%s:%d] : %s expects an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
MINOR: log-format: check number of arguments in cfgparse.c Exit with error if there is a second argument in the 'log-format' and 'unique-id-format' options. It is convenient when we forgot to escape spaces.
2012-11-11 11:30:56 -05:00
}
if (*(args[2])) {
Alert("parsing [%s:%d] : %s expects only one argument, don't forget to escape spaces!\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
}
MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections Add a warning when "log-format" or "tcplog" or "httplog" is overriden in "defaults" sections.
2017-03-31 13:54:09 -04:00
if (curproxy->conf.logformat_string && curproxy == &defproxy) {
char *oldlogformat = "log-format";
BUG/MINOR: fix option httplog validation with TCP frontends Option httplog needs to be checked only once the proxy has been validated, so that its final mode (tcp/http) can be used. Also we need to check for httplog before checking the log format, so that we can report a warning about this specific option and not about the format it implies.
2012-05-31 13:30:26 -04:00
MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections Add a warning when "log-format" or "tcplog" or "httplog" is overriden in "defaults" sections.
2017-03-31 13:54:09 -04:00
if (curproxy->conf.logformat_string == default_http_log_format)
oldlogformat = "option httplog";
else if (curproxy->conf.logformat_string == default_tcp_log_format)
oldlogformat = "option tcplog";
else if (curproxy->conf.logformat_string == clf_http_log_format)
oldlogformat = "option httplog clf";
Warning("parsing [%s:%d]: 'log-format' overrides previous '%s' in 'defaults' section.\n",
file, linenum, oldlogformat);
}
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (curproxy->conf.logformat_string != default_http_log_format &&
curproxy->conf.logformat_string != default_tcp_log_format &&
curproxy->conf.logformat_string != clf_http_log_format)
free(curproxy->conf.logformat_string);
curproxy->conf.logformat_string = strdup(args[1]);
free(curproxy->conf.lfs_file);
curproxy->conf.lfs_file = strdup(curproxy->conf.args.file);
curproxy->conf.lfs_line = curproxy->conf.args.line;
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
/* get a chance to improve log-format error reporting by
* reporting the correct line-number when possible.
*/
if (curproxy != &defproxy && !(curproxy->cap & PR_CAP_FE)) {
Warning("parsing [%s:%d] : backend '%s' : 'log-format' directive is ignored in backends.\n",
file, linenum, curproxy->id);
err_code |= ERR_WARN;
}
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
}
MEDIUM: logs: add a new RFC5424 log-format for the structured-data This patch adds a new RFC5424-specific log-format for the structured-data that is automatically send by __send_log() when the sender is in RFC5424 mode. A new statement "log-format-sd" should be used in order to set log-format for the structured-data part in RFC5424 formatted syslog messages. Example: log-format-sd [exampleSDID@1234\ bytes=\"%B\"\ status=\"%ST\"]
2015-09-25 13:17:44 -04:00
else if (!strcmp(args[0], "log-format-sd")) {
if (!*(args[1])) {
Alert("parsing [%s:%d] : %s expects an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (*(args[2])) {
Alert("parsing [%s:%d] : %s expects only one argument, don't forget to escape spaces!\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (curproxy->conf.logformat_sd_string != default_rfc5424_sd_log_format)
free(curproxy->conf.logformat_sd_string);
curproxy->conf.logformat_sd_string = strdup(args[1]);
free(curproxy->conf.lfsd_file);
curproxy->conf.lfsd_file = strdup(curproxy->conf.args.file);
curproxy->conf.lfsd_line = curproxy->conf.args.line;
/* get a chance to improve log-format-sd error reporting by
* reporting the correct line-number when possible.
*/
if (curproxy != &defproxy && !(curproxy->cap & PR_CAP_FE)) {
Warning("parsing [%s:%d] : backend '%s' : 'log-format-sd' directive is ignored in backends.\n",
file, linenum, curproxy->id);
err_code |= ERR_WARN;
}
}
MINOR: logs: add a new per-proxy "log-tag" directive This is equivalent to what was done in commit 48936af ("[MINOR] log: ability to override the syslog tag") but this time instead of doing this globally, it does it per proxy. The purpose is to be able to use a separate log tag for various proxies (eg: make it easier to route log messages depending on the customer).
2015-01-07 09:03:42 -05:00
else if (!strcmp(args[0], "log-tag")) { /* tag to report to syslog */
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a tag for use in syslog.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
BUG/MEDIUM: logs: segfault writing to log from Lua Michael Ezzell reported a bug causing haproxy to segfault during startup when trying to send syslog message from Lua. The function __send_log() can be called with *p that is NULL and/or when the configuration is not fully parsed, as is the case with Lua. This patch fixes this problem by using individual vectors instead of the pre-generated strings log_htp and log_htp_rfc5424. Also, this patch fixes a problem causing haproxy to write the wrong pid in the logs -- the log_htp(_rfc5424) strings were generated at the haproxy start, but "pid" value would be changed after haproxy is started in daemon/systemd mode.
2015-10-01 07:18:13 -04:00
chunk_destroy(&curproxy->log_tag);
chunk_initstr(&curproxy->log_tag, strdup(args[1]));
MINOR: logs: add a new per-proxy "log-tag" directive This is equivalent to what was done in commit 48936af ("[MINOR] log: ability to override the syslog tag") but this time instead of doing this globally, it does it per proxy. The purpose is to be able to use a separate log tag for various proxies (eg: make it easier to route log messages depending on the customer).
2015-01-07 09:03:42 -05:00
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
else if (!strcmp(args[0], "log") && kwm == KWM_NO) {
/* delete previous herited or defined syslog servers */
struct logsrv *back;
if (*(args[1]) != 0) {
Alert("parsing [%s:%d]:%s : 'no log' does not expect arguments.\n", file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
list_for_each_entry_safe(tmplogsrv, back, &curproxy->logsrvs, list) {
LIST_DEL(&tmplogsrv->list);
free(tmplogsrv);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "log")) { /* syslog server address */
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
struct logsrv *logsrv;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[1]) && *(args[2]) == 0 && !strcmp(args[1], "global")) {
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
/* copy global.logrsvs linked list to the end of curproxy->logsrvs */
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
list_for_each_entry(tmplogsrv, &global.logsrvs, list) {
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
struct logsrv *node = malloc(sizeof(*node));
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
memcpy(node, tmplogsrv, sizeof(struct logsrv));
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
LIST_INIT(&node->list);
LIST_ADDQ(&curproxy->logsrvs, &node->list);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (*(args[1]) && *(args[2])) {
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
struct sockaddr_storage *sk;
int port1, port2;
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
int arg = 0;
int len = 0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
logsrv = calloc(1, sizeof(*logsrv));
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
/* just after the address, a length may be specified */
if (strcmp(args[arg+2], "len") == 0) {
len = atoi(args[arg+3]);
if (len < 80 || len > 65535) {
Alert("parsing [%s:%d] : invalid log length '%s', must be between 80 and 65535.\n",
file, linenum, args[arg+3]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
logsrv->maxlen = len;
/* skip these two args */
arg += 2;
}
else
logsrv->maxlen = MAX_SYSLOG_LEN;
if (logsrv->maxlen > global.max_syslog_len) {
global.max_syslog_len = logsrv->maxlen;
CLEANUP: fixed some usages of realloc leading to memory leak Changed all the cases where the pointer passed to realloc is overwritten by the pointer returned by realloc. The new function my_realloc2 has been used except in function register_name. If register_name fails to add a new variable because of an "out of memory" error, all the existing variables remain valid. If we had used my_realloc2, the array of variables would have been freed.
2016-06-28 16:44:26 -04:00
logheader = my_realloc2(logheader, global.max_syslog_len + 1);
logheader_rfc5424 = my_realloc2(logheader_rfc5424, global.max_syslog_len + 1);
logline = my_realloc2(logline, global.max_syslog_len + 1);
logline_rfc5424 = my_realloc2(logline_rfc5424, global.max_syslog_len + 1);
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
}
MEDIUM: logs: add support for RFC5424 header format per logger The function __send_log() iterates over senders and passes the header as the first vector to sendmsg(), thus it can send a logger-specific header in each message. A new logger arguments "format rfc5424" should be used in order to enable RFC5424 header format. For example: log 10.2.3.4:1234 len 2048 format rfc5424 local2 info
2015-09-22 10:05:32 -04:00
/* after the length, a format may be specified */
if (strcmp(args[arg+2], "format") == 0) {
logsrv->format = get_log_format(args[arg+3]);
if (logsrv->format < 0) {
Alert("parsing [%s:%d] : unknown log format '%s'\n", file, linenum, args[arg+3]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
/* skip these two args */
arg += 2;
}
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(3, arg + 1, file, linenum, args, &err_code))
goto out;
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
logsrv->facility = get_log_facility(args[arg+2]);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
if (logsrv->facility < 0) {
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
Alert("parsing [%s:%d] : unknown log facility '%s'\n", file, linenum, args[arg+2]);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv->level = 7; /* max syslog level = debug */
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
if (*(args[arg+3])) {
logsrv->level = get_log_level(args[arg+3]);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
if (logsrv->level < 0) {
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
Alert("parsing [%s:%d] : unknown optional log level '%s'\n", file, linenum, args[arg+3]);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv->minlvl = 0; /* limit syslog level to this level (emerg) */
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
if (*(args[arg+4])) {
logsrv->minlvl = get_log_level(args[arg+4]);
BUG/MINOR: config: check the proper variable when parsing log minlvl logsrv->minlvl gets the numeric log level from the equivalent string. Upon error, ->level was checked due to a wrong copy-paste. The effect is that a wrong name will silently be ignored and due to minlvl=-1, will act as if the option was not set. No backport is needed, this is 1.5-specific. Reported-by: Dinko Korunic <dkorunic@reflected.net>
2013-01-23 18:31:24 -05:00
if (logsrv->minlvl < 0) {
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
Alert("parsing [%s:%d] : unknown optional minimum log level '%s'\n", file, linenum, args[arg+4]);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] implement per-logger log level limitation Some people are using haproxy in a shared environment where the system logger by default sends alert and emerg messages to all consoles, which happens when all servers go down on a backend for instance. These people can not always change the system configuration and would like to limit the outgoing messages level in order not to disturb the local users. The addition of an optional 4th field on the "log" line permits exactly this. The minimal log level ensures that all outgoing logs will have at least this level. So the logs are not filtered out, just set to this level.
2009-05-10 11:20:05 -04:00
}
}
MINOR: tools: make str2sa_range() return the port in a separate argument This will be needed so that we're don't have to extract it from the returned address where it will not always be anymore (eg: for unresolved servers).
2017-01-06 12:32:38 -05:00
sk = str2sa_range(args[1], NULL, &port1, &port2, &errmsg, NULL, NULL, 1);
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
if (!sk) {
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
Alert("parsing [%s:%d] : '%s': %s\n", file, linenum, args[0], errmsg);
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
logsrv->addr = *sk;
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
if (sk->ss_family == AF_INET || sk->ss_family == AF_INET6) {
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (port1 != port2) {
Alert("parsing [%s:%d] : '%s' : port ranges and offsets are not allowed in '%s'\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (!port1)
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
set_host_port(&logsrv->addr, SYSLOG_PORT);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
LIST_ADDQ(&curproxy->logsrvs, &logsrv->list);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else {
Alert("parsing [%s:%d] : 'log' expects either <address[:port]> and <facility> or 'global' as arguments.\n",
file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
else if (!strcmp(args[0], "source")) { /* address to which we bind when connecting */
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
int cur_arg;
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
int port1, port2;
[MEDIUM] add internal support for IPv6 server addresses This patch turns internal server addresses to sockaddr_storage to store IPv6 addresses, and makes the connect() function use it. This code already works but some caveats with getaddrinfo/gethostbyname still need to be sorted out while the changes had to be merged at this stage of internal architecture changes. So for now the config parser will not emit an IPv6 address yet so that user experience remains unchanged. This change should have absolutely zero user-visible effect, otherwise it's a bug introduced during the merge, that should be reported ASAP.
2011-03-10 16:26:24 -05:00
struct sockaddr_storage *sk;
MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc' The 'source' and 'usesrc' statements now completely rely on str2sa_range() to parse an address. A test is made to ensure that the address family supports connect().
2013-03-10 13:51:54 -04:00
struct protocol *proto;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (!*args[1]) {
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
Alert("parsing [%s:%d] : '%s' expects <addr>[:<port>], and optionally '%s' <addr>, and '%s' <name>.\n",
file, linenum, "source", "usesrc", "interface");
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[BUG] the "source" keyword must first clear optional settings Problem reported by John Lauro. When "source ... usesrc ..." is set in the defaults section, it is not possible anymore to remove the "usesrc" part when declaring a more precise "source" in a backend. The only workaround was to declare it by server. We need to clear optional settings when declaring a new "source". The problem was the same with the "interface" declaration.
2009-03-01 02:27:21 -05:00
/* we must first clear any optional default setting */
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
curproxy->conn_src.opts &= ~CO_SRC_TPROXY_MASK;
free(curproxy->conn_src.iface_name);
curproxy->conn_src.iface_name = NULL;
curproxy->conn_src.iface_len = 0;
[BUG] the "source" keyword must first clear optional settings Problem reported by John Lauro. When "source ... usesrc ..." is set in the defaults section, it is not possible anymore to remove the "usesrc" part when declaring a more precise "source" in a backend. The only workaround was to declare it by server. We need to clear optional settings when declaring a new "source". The problem was the same with the "interface" declaration.
2009-03-01 02:27:21 -05:00
MINOR: tools: make str2sa_range() return the port in a separate argument This will be needed so that we're don't have to extract it from the returned address where it will not always be anymore (eg: for unresolved servers).
2017-01-06 12:32:38 -05:00
sk = str2sa_range(args[1], NULL, &port1, &port2, &errmsg, NULL, NULL, 1);
[BUG] config: report unresolvable host names as errors When a host name could not be resolved, an alert was emitted but the service used to start with 0.0.0.0 for the IP address, because the address parsing functions could not report an error. This is now changed. This fix must be backported to 1.3 as it was first discovered there.
2010-02-09 14:50:45 -05:00
if (!sk) {
MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc' The 'source' and 'usesrc' statements now completely rely on str2sa_range() to parse an address. A test is made to ensure that the address family supports connect().
2013-03-10 13:51:54 -04:00
Alert("parsing [%s:%d] : '%s %s' : %s\n",
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
file, linenum, args[0], args[1], errmsg);
MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc' The 'source' and 'usesrc' statements now completely rely on str2sa_range() to parse an address. A test is made to ensure that the address family supports connect().
2013-03-10 13:51:54 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
proto = protocol_by_family(sk->ss_family);
if (!proto || !proto->connect) {
Alert("parsing [%s:%d] : '%s %s' : connect() not supported for this address family.\n",
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
file, linenum, args[0], args[1]);
[BUG] config: report unresolvable host names as errors When a host name could not be resolved, an alert was emitted but the service used to start with 0.0.0.0 for the IP address, because the address parsing functions could not report an error. This is now changed. This fix must be backported to 1.3 as it was first discovered there.
2010-02-09 14:50:45 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (port1 != port2) {
Alert("parsing [%s:%d] : '%s' : port ranges and offsets are not allowed in '%s'\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
curproxy->conn_src.source_addr = *sk;
curproxy->conn_src.opts |= CO_SRC_BIND;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
cur_arg = 2;
while (*(args[cur_arg])) {
if (!strcmp(args[cur_arg], "usesrc")) { /* address to use outside */
MAJOR: tproxy: remove support for cttproxy This was the first transparent proxy technology supported by haproxy circa 2005 but it was obsoleted in 2007 by Tproxy 4.0 which removed a lot of the earlier versions' shortcomings and was finally merged into the kernel. Since nobody has been using cttproxy for many years now and nobody has even just tried to compile the files, it's time to remove it. The doc was updated as well.
2015-08-20 13:35:14 -04:00
#if defined(CONFIG_HAP_TRANSPARENT)
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d] : '%s' expects <addr>[:<port>], 'client', or 'clientip' as argument.\n",
file, linenum, "usesrc");
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
}
if (!strcmp(args[cur_arg + 1], "client")) {
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
curproxy->conn_src.opts &= ~CO_SRC_TPROXY_MASK;
curproxy->conn_src.opts |= CO_SRC_TPROXY_CLI;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
} else if (!strcmp(args[cur_arg + 1], "clientip")) {
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
curproxy->conn_src.opts &= ~CO_SRC_TPROXY_MASK;
curproxy->conn_src.opts |= CO_SRC_TPROXY_CIP;
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
} else if (!strncmp(args[cur_arg + 1], "hdr_ip(", 7)) {
char *name, *end;
name = args[cur_arg+1] + 7;
while (isspace(*name))
name++;
end = name;
while (*end && !isspace(*end) && *end != ',' && *end != ')')
end++;
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
curproxy->conn_src.opts &= ~CO_SRC_TPROXY_MASK;
curproxy->conn_src.opts |= CO_SRC_TPROXY_DYN;
curproxy->conn_src.bind_hdr_name = calloc(1, end - name + 1);
curproxy->conn_src.bind_hdr_len = end - name;
memcpy(curproxy->conn_src.bind_hdr_name, name, end - name);
curproxy->conn_src.bind_hdr_name[end-name] = '\0';
curproxy->conn_src.bind_hdr_occ = -1;
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
/* now look for an occurrence number */
while (isspace(*end))
end++;
if (*end == ',') {
end++;
name = end;
if (*end == '-')
end++;
BUILD: silence a warning on Solaris about usage of isdigit() On Solaris, isdigit() is a macro and it complains about the use of a char instead of the int for the argument. Let's cast it to an int to silence it.
2012-11-21 19:04:31 -05:00
while (isdigit((int)*end))
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
end++;
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
curproxy->conn_src.bind_hdr_occ = strl2ic(name, end-name);
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
}
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
if (curproxy->conn_src.bind_hdr_occ < -MAX_HDR_HISTORY) {
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
Alert("parsing [%s:%d] : usesrc hdr_ip(name,num) does not support negative"
" occurrences values smaller than %d.\n",
file, linenum, MAX_HDR_HISTORY);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
} else {
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
struct sockaddr_storage *sk;
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
MINOR: tools: make str2sa_range() return the port in a separate argument This will be needed so that we're don't have to extract it from the returned address where it will not always be anymore (eg: for unresolved servers).
2017-01-06 12:32:38 -05:00
sk = str2sa_range(args[cur_arg + 1], NULL, &port1, &port2, &errmsg, NULL, NULL, 1);
[BUG] config: report unresolvable host names as errors When a host name could not be resolved, an alert was emitted but the service used to start with 0.0.0.0 for the IP address, because the address parsing functions could not report an error. This is now changed. This fix must be backported to 1.3 as it was first discovered there.
2010-02-09 14:50:45 -05:00
if (!sk) {
MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc' The 'source' and 'usesrc' statements now completely rely on str2sa_range() to parse an address. A test is made to ensure that the address family supports connect().
2013-03-10 13:51:54 -04:00
Alert("parsing [%s:%d] : '%s %s' : %s\n",
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
file, linenum, args[cur_arg], args[cur_arg+1], errmsg);
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc' The 'source' and 'usesrc' statements now completely rely on str2sa_range() to parse an address. A test is made to ensure that the address family supports connect().
2013-03-10 13:51:54 -04:00
proto = protocol_by_family(sk->ss_family);
if (!proto || !proto->connect) {
Alert("parsing [%s:%d] : '%s %s' : connect() not supported for this address family.\n",
file, linenum, args[cur_arg], args[cur_arg+1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (port1 != port2) {
Alert("parsing [%s:%d] : '%s' : port ranges and offsets are not allowed in '%s'\n",
file, linenum, args[cur_arg], args[cur_arg + 1]);
[BUG] config: report unresolvable host names as errors When a host name could not be resolved, an alert was emitted but the service used to start with 0.0.0.0 for the IP address, because the address parsing functions could not report an error. This is now changed. This fix must be backported to 1.3 as it was first discovered there.
2010-02-09 14:50:45 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
curproxy->conn_src.tproxy_addr = *sk;
curproxy->conn_src.opts |= CO_SRC_TPROXY_ADDR;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
}
global.last_checks |= LSTCHK_NETADM;
#else /* no TPROXY support */
Alert("parsing [%s:%d] : '%s' not allowed here because support for TPROXY was not compiled in.\n",
[MAJOR] support for source binding via cttproxy Using the cttproxy kernel patch, it's possible to bind to any source address. It is highly recommended to use the 03-natdel patch with the other ones. A new keyword appears as a complement to the "source" keyword : "usesrc". The source address is mandatory and must be valid on the interface which will see the packets. The "usesrc" option supports "client" (for full client_ip:client_port spoofing), "client_ip" (for client_ip spoofing) and any 'IP[:port]' combination to pretend to be another machine. Right now, the source binding is missing from server health-checks if set to another address. It must be implemented (think restricted firewalls). The doc is still missing too.
2006-11-12 17:57:19 -05:00
file, linenum, "usesrc");
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
#endif
cur_arg += 2;
continue;
[MAJOR] support for source binding via cttproxy Using the cttproxy kernel patch, it's possible to bind to any source address. It is highly recommended to use the 03-natdel patch with the other ones. A new keyword appears as a complement to the "source" keyword : "usesrc". The source address is mandatory and must be valid on the interface which will see the packets. The "usesrc" option supports "client" (for full client_ip:client_port spoofing), "client_ip" (for client_ip spoofing) and any 'IP[:port]' combination to pretend to be another machine. Right now, the source binding is missing from server health-checks if set to another address. It must be implemented (think restricted firewalls). The doc is still missing too.
2006-11-12 17:57:19 -05:00
}
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
if (!strcmp(args[cur_arg], "interface")) { /* specifically bind to this interface */
#ifdef SO_BINDTODEVICE
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d] : '%s' : missing interface name.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
}
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
free(curproxy->conn_src.iface_name);
curproxy->conn_src.iface_name = strdup(args[cur_arg + 1]);
curproxy->conn_src.iface_len = strlen(curproxy->conn_src.iface_name);
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
global.last_checks |= LSTCHK_NETADM;
#else
Alert("parsing [%s:%d] : '%s' : '%s' option not implemented.\n",
file, linenum, args[0], args[cur_arg]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add non-local bind to connect() on Linux Using some Linux kernel patches which add the IP_TRANSPARENT SOL_IP option , it is possible to bind to a non-local address on without having resort to any sort of NAT, thus causing no performance degradation. This is by far faster and cleaner than the previous CTTPROXY method. The code has been slightly changed in order to remain compatible with CTTPROXY as a fallback for the new method when it does not work. It is not needed anymore to specify the outgoing source address for connect, it can remain 0.0.0.0.
2008-01-13 10:31:17 -05:00
#endif
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
cur_arg += 2;
continue;
}
Alert("parsing [%s:%d] : '%s' only supports optional keywords '%s' and '%s'.\n",
CLEANUP: config: fix typo inteface => interface This was in an error message.
2012-09-25 10:31:00 -04:00
file, linenum, args[0], "interface", "usesrc");
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] more friendly reports of wrong uses of the usesrc keyword It was difficult to find how to enter the "usesrc" keyword. Now the configuration checker is a bit more friendly and tries to identify most mistakes and gives some hints back.
2007-03-24 07:47:24 -04:00
}
}
else if (!strcmp(args[0], "usesrc")) { /* address to use outside: needs "source" first */
Alert("parsing [%s:%d] : '%s' only allowed after a '%s' statement.\n",
file, linenum, "usesrc", "source");
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "cliexp") || !strcmp(args[0], "reqrep")) { /* replace request header from a regex */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (*(args[2]) == 0) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : '%s' expects <search> and <replace> as arguments.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_REPLACE, 0,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], args[2], (const char **)args+3);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "reqdel")) { /* delete request header from a regex */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_REMOVE, 0,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "reqdeny")) { /* deny a request if a header matches this regex */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_DENY, 0,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "reqpass")) { /* pass this header without allowing or denying the request */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_PASS, 0,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "reqallow")) { /* allow a request if a header matches this regex */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_ALLOW, 0,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] added the "reqtarpit" and "reqitarpit" features It is now possible to tarpit connections based on regex matches. The tarpit timeout is equal to the contimeout. A 500 server error response is faked, and the logs show the status flags as "PT" which indicate the connection has been tarpitted.
2006-09-03 03:56:00 -04:00
else if (!strcmp(args[0], "reqtarpit")) { /* tarpit a request if a header matches this regex */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_TARPIT, 0,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[MEDIUM] added the "reqtarpit" and "reqitarpit" features It is now possible to tarpit connections based on regex matches. The tarpit timeout is equal to the contimeout. A 500 server error response is faked, and the logs show the status flags as "PT" which indicate the connection has been tarpitted.
2006-09-03 03:56:00 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "reqirep")) { /* replace request header from a regex, ignoring case */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (*(args[2]) == 0) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : '%s' expects <search> and <replace> as arguments.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_REPLACE, REG_ICASE,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], args[2], (const char **)args+3);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "reqidel")) { /* delete request header from a regex ignoring case */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_REMOVE, REG_ICASE,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "reqideny")) { /* deny a request if a header matches this regex ignoring case */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_DENY, REG_ICASE,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "reqipass")) { /* pass this header without allowing or denying the request */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_PASS, REG_ICASE,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "reqiallow")) { /* allow a request if a header matches this regex ignoring case */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_ALLOW, REG_ICASE,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] added the "reqtarpit" and "reqitarpit" features It is now possible to tarpit connections based on regex matches. The tarpit timeout is equal to the contimeout. A 500 server error response is faked, and the logs show the status flags as "PT" which indicate the connection has been tarpitted.
2006-09-03 03:56:00 -04:00
else if (!strcmp(args[0], "reqitarpit")) { /* tarpit a request if a header matches this regex ignoring case */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_TARPIT, REG_ICASE,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[MEDIUM] added the "reqtarpit" and "reqitarpit" features It is now possible to tarpit connections based on regex matches. The tarpit timeout is equal to the contimeout. A 500 server error response is faked, and the logs show the status flags as "PT" which indicate the connection has been tarpitted.
2006-09-03 03:56:00 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "reqadd")) { /* add request header */
[MINOR] prepare req_*/rsp_* to receive a condition It will be very handy to be able to pass conditions to req_* and rsp_*. For now, we just add the pointer to the condition in the affected structs.
2010-01-28 12:10:50 -05:00
struct cond_wordlist *wl;
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
CLEANUP: remove last references to 'ruleset' section
2016-10-26 05:06:28 -04:00
else if (warnifnotcap(curproxy, PR_CAP_FE | PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects <header> as an argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
[MEDIUM] http: add support for conditional request header addition Now the reqadd rules also support ACLs. All req* rules are converted now.
2010-01-31 08:30:44 -05:00
if ((strcmp(args[2], "if") == 0 || strcmp(args[2], "unless") == 0)) {
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
if ((cond = build_acl_cond(file, linenum, curproxy, (const char **)args+2, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing a '%s' condition : %s.\n",
file, linenum, args[0], errmsg);
[MEDIUM] http: add support for conditional request header addition Now the reqadd rules also support ACLs. All req* rules are converted now.
2010-01-31 08:30:44 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(cond,
(curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
file, linenum);
[MEDIUM] http: add support for conditional request header addition Now the reqadd rules also support ACLs. All req* rules are converted now.
2010-01-31 08:30:44 -05:00
}
else if (*args[2]) {
Alert("parsing [%s:%d] : '%s' : Expecting nothing, 'if', or 'unless', got '%s'.\n",
file, linenum, args[0], args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
wl = calloc(1, sizeof(*wl));
[MEDIUM] http: add support for conditional request header addition Now the reqadd rules also support ACLs. All req* rules are converted now.
2010-01-31 08:30:44 -05:00
wl->cond = cond;
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
wl->s = strdup(args[1]);
LIST_ADDQ(&curproxy->req_add, &wl->list);
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
warnif_misplaced_reqadd(curproxy, file, linenum, args[0]);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "srvexp") || !strcmp(args[0], "rsprep")) { /* replace response header from a regex */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (*(args[2]) == 0) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : '%s' expects <search> and <replace> as arguments.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_RES, ACT_REPLACE, 0,
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
args[0], args[1], args[2], (const char **)args+3);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "rspdel")) { /* delete response header from a regex */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_RES, ACT_REMOVE, 0,
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "rspdeny")) { /* block response header from a regex */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_RES, ACT_DENY, 0,
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "rspirep")) { /* replace response header from a regex ignoring case */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (*(args[2]) == 0) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : '%s' expects <search> and <replace> as arguments.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_RES, ACT_REPLACE, REG_ICASE,
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
args[0], args[1], args[2], (const char **)args+3);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "rspidel")) { /* delete response header from a regex ignoring case */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_RES, ACT_REMOVE, REG_ICASE,
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "rspideny")) { /* block response header from a regex ignoring case */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_RES, ACT_DENY, REG_ICASE,
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "rspadd")) { /* add response header */
[MINOR] prepare req_*/rsp_* to receive a condition It will be very handy to be able to pass conditions to req_* and rsp_*. For now, we just add the pointer to the condition in the affected structs.
2010-01-28 12:10:50 -05:00
struct cond_wordlist *wl;
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
CLEANUP: remove last references to 'ruleset' section
2016-10-26 05:06:28 -04:00
else if (warnifnotcap(curproxy, PR_CAP_FE | PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects <header> as an argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
if ((strcmp(args[2], "if") == 0 || strcmp(args[2], "unless") == 0)) {
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
if ((cond = build_acl_cond(file, linenum, curproxy, (const char **)args+2, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing a '%s' condition : %s.\n",
file, linenum, args[0], errmsg);
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(cond,
(curproxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR,
file, linenum);
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
}
else if (*args[2]) {
Alert("parsing [%s:%d] : '%s' : Expecting nothing, 'if', or 'unless', got '%s'.\n",
file, linenum, args[0], args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
wl = calloc(1, sizeof(*wl));
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
wl->cond = cond;
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
wl->s = strdup(args[1]);
LIST_ADDQ(&curproxy->rsp_add, &wl->list);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "errorloc") ||
!strcmp(args[0], "errorloc302") ||
!strcmp(args[0], "errorloc303")) { /* error location */
int errnum, errlen;
char *err;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_FE | PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[2]) == 0) {
[MINOR] fix several printf formats and missing arguments Last patch revealed a number of mistakes in printf-like calls, mostly int/long mismatches, and a few missing arguments.
2009-04-03 08:49:12 -04:00
Alert("parsing [%s:%d] : <%s> expects <status_code> and <url> as arguments.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
errnum = atol(args[1]);
if (!strcmp(args[0], "errorloc303")) {
BUILD/MEDIUM: cfgparse: get rid of sprintf() A few occurrences of sprintf() were causing harmless warnings on OpenBSD : src/cfgparse.o(.text+0x259e): In function `cfg_parse_global': src/cfgparse.c:1044: warning: sprintf() is often misused, please use snprintf() These ones were easy to get rid of, so better do it.
2014-04-14 09:00:39 -04:00
errlen = strlen(HTTP_303) + strlen(args[2]) + 5;
err = malloc(errlen);
errlen = snprintf(err, errlen, "%s%s\r\n\r\n", HTTP_303, args[2]);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else {
BUILD/MEDIUM: cfgparse: get rid of sprintf() A few occurrences of sprintf() were causing harmless warnings on OpenBSD : src/cfgparse.o(.text+0x259e): In function `cfg_parse_global': src/cfgparse.c:1044: warning: sprintf() is often misused, please use snprintf() These ones were easy to get rid of, so better do it.
2014-04-14 09:00:39 -04:00
errlen = strlen(HTTP_302) + strlen(args[2]) + 5;
err = malloc(errlen);
errlen = snprintf(err, errlen, "%s%s\r\n\r\n", HTTP_302, args[2]);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] store HTTP error messages into a chunk array HTTP error messages were all specific cases handled by an IF. Now they are all in an array so that it will be easier to add new ones. Also, the return functions now use chunks as inputs so that it should be easier to provide alternative return messages if needed.
2006-12-23 14:51:41 -05:00
for (rc = 0; rc < HTTP_ERR_SIZE; rc++) {
if (http_err_codes[rc] == errnum) {
[MAJOR] struct chunk rework Add size to struct chunk and simplify the code as there is no longer required to pass sizeof in chunk_printf().
2009-09-27 07:23:20 -04:00
chunk_destroy(&curproxy->errmsg[rc]);
chunk_initlen(&curproxy->errmsg[rc], err, errlen, errlen);
[MINOR] store HTTP error messages into a chunk array HTTP error messages were all specific cases handled by an IF. Now they are all in an array so that it will be easier to add new ones. Also, the return functions now use chunks as inputs so that it should be easier to provide alternative return messages if needed.
2006-12-23 14:51:41 -05:00
break;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
[MINOR] store HTTP error messages into a chunk array HTTP error messages were all specific cases handled by an IF. Now they are all in an array so that it will be easier to add new ones. Also, the return functions now use chunks as inputs so that it should be easier to provide alternative return messages if needed.
2006-12-23 14:51:41 -05:00
if (rc >= HTTP_ERR_SIZE) {
CLEANUP: config: make the errorloc/errorfile messages less confusing Some users believe that "status code XXX not handled" means "not handled by haproxy". Let's be clear that's only about the option.
2015-09-27 09:13:30 -04:00
Warning("parsing [%s:%d] : status code %d not handled by '%s', error relocation will be ignored.\n",
file, linenum, errnum, args[0]);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
free(err);
}
}
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
else if (!strcmp(args[0], "errorfile")) { /* error message from a file */
int errnum, errlen, fd;
char *err;
struct stat stat;
if (warnifnotcap(curproxy, PR_CAP_FE | PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
if (*(args[2]) == 0) {
[MINOR] fix several printf formats and missing arguments Last patch revealed a number of mistakes in printf-like calls, mostly int/long mismatches, and a few missing arguments.
2009-04-03 08:49:12 -04:00
Alert("parsing [%s:%d] : <%s> expects <status_code> and <file> as arguments.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
}
fd = open(args[2], O_RDONLY);
if ((fd < 0) || (fstat(fd, &stat) < 0)) {
Alert("parsing [%s:%d] : error opening file <%s> for custom error message <%s>.\n",
file, linenum, args[2], args[1]);
if (fd >= 0)
close(fd);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
}
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
if (stat.st_size <= global.tune.bufsize) {
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
errlen = stat.st_size;
} else {
Warning("parsing [%s:%d] : custom error message file <%s> larger than %d bytes. Truncating.\n",
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
file, linenum, args[2], global.tune.bufsize);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
errlen = global.tune.bufsize;
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
}
err = malloc(errlen); /* malloc() must succeed during parsing */
errnum = read(fd, err, errlen);
if (errnum != errlen) {
Alert("parsing [%s:%d] : error reading file <%s> for custom error message <%s>.\n",
file, linenum, args[2], args[1]);
close(fd);
free(err);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
}
close(fd);
errnum = atol(args[1]);
for (rc = 0; rc < HTTP_ERR_SIZE; rc++) {
if (http_err_codes[rc] == errnum) {
[MAJOR] struct chunk rework Add size to struct chunk and simplify the code as there is no longer required to pass sizeof in chunk_printf().
2009-09-27 07:23:20 -04:00
chunk_destroy(&curproxy->errmsg[rc]);
chunk_initlen(&curproxy->errmsg[rc], err, errlen, errlen);
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
break;
}
}
if (rc >= HTTP_ERR_SIZE) {
CLEANUP: config: make the errorloc/errorfile messages less confusing Some users believe that "status code XXX not handled" means "not handled by haproxy". Let's be clear that's only about the option.
2015-09-27 09:13:30 -04:00
Warning("parsing [%s:%d] : status code %d not handled by '%s', error customization will be ignored.\n",
file, linenum, errnum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
free(err);
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else {
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
struct cfg_kw_list *kwl;
int index;
list_for_each_entry(kwl, &cfg_keywords.list, list) {
for (index = 0; kwl->kw[index].kw != NULL; index++) {
if (kwl->kw[index].section != CFG_LISTEN)
continue;
if (strcmp(kwl->kw[index].kw, args[0]) == 0) {
/* prepare error message just in case */
MINOR: config: pass the file and line to config keyword parsers This will be needed when we need to create bind config settings.
2012-09-18 14:02:48 -04:00
rc = kwl->kw[index].parse(args, CFG_LISTEN, curproxy, &defproxy, file, linenum, &errmsg);
[MINOR] cfgparse: add support for warnings in external functions Some parsers will need to report warnings in some cases. Let's use positive values for that.
2008-07-09 14:22:56 -04:00
if (rc < 0) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
Alert("parsing [%s:%d] : %s\n", file, linenum, errmsg);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
}
[MINOR] cfgparse: add support for warnings in external functions Some parsers will need to report warnings in some cases. Let's use positive values for that.
2008-07-09 14:22:56 -04:00
else if (rc > 0) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
Warning("parsing [%s:%d] : %s\n", file, linenum, errmsg);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
goto out;
[MINOR] cfgparse: add support for warnings in external functions Some parsers will need to report warnings in some cases. Let's use positive values for that.
2008-07-09 14:22:56 -04:00
}
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
}
}
}
MEDIUM: HTTP compression (zlib library support) This commit introduces HTTP compression using the zlib library. http_response_forward_body has been modified to call the compression functions. This feature includes 3 algorithms: identity, gzip and deflate: * identity: this is mostly for debugging, and it was useful for developping the compression feature. With Content-Length in input, it is making each chunk with the data available in the current buffer. With chunks in input, it is rechunking, the output chunks will be bigger or smaller depending of the size of the input chunk and the size of the buffer. Identity does not apply any change on data. * gzip: same as identity, but applying a gzip compression. The data are deflated using the Z_NO_FLUSH flag in zlib. When there is no more data in the input buffer, it flushes the data in the output buffer (Z_SYNC_FLUSH). At the end of data, when it receives the last chunk in input, or when there is no more data to read, it writes the end of data with Z_FINISH and the ending chunk. * deflate: same as gzip, but with deflate algorithm and zlib format. Note that this algorithm has ambiguous support on many browsers and no support at all from recent ones. It is strongly recommended not to use it for anything else than experimentation. You can't choose the compression ratio at the moment, it will be set to Z_BEST_SPEED (1), as tests have shown very little benefit in terms of compression ration when going above for HTML contents, at the cost of a massive CPU impact. Compression will be activated depending of the Accept-Encoding request header. With identity, it does not take care of that header. To build HAProxy with zlib support, use USE_ZLIB=1 in the make parameters. This work was initially started by David Du Colombier at Exceliance.
2012-10-23 04:25:10 -04:00
[MINOR] report correct section type for unknown keywords. An unknown keyword was always reported in section "listen" for any section type (defaults, listen, frontend, backend, ...).
2008-01-22 10:44:08 -05:00
Alert("parsing [%s:%d] : unknown keyword '%s' in '%s' section\n", file, linenum, args[0], cursection);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
out:
MINOR: cfgparse: use a common errmsg pointer for all parsers In order to generalize the simplified error reporting mechanism, let's centralize the error pointer.
2012-05-08 11:37:49 -04:00
free(errmsg);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
return err_code;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 09:11:45 -05:00
int
cfg_parse_netns(const char *file, int linenum, char **args, int kwm)
{
#ifdef CONFIG_HAP_NS
const char *err;
const char *item = args[0];
if (!strcmp(item, "namespace_list")) {
return 0;
}
else if (!strcmp(item, "namespace")) {
size_t idx = 1;
const char *current;
while (*(current = args[idx++])) {
err = invalid_char(current);
if (err) {
Alert("parsing [%s:%d]: character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, item, current);
return ERR_ALERT | ERR_FATAL;
}
if (netns_store_lookup(current, strlen(current))) {
Alert("parsing [%s:%d]: Namespace '%s' is already added.\n",
file, linenum, current);
return ERR_ALERT | ERR_FATAL;
}
if (!netns_store_insert(current)) {
Alert("parsing [%s:%d]: Cannot open namespace '%s'.\n",
file, linenum, current);
return ERR_ALERT | ERR_FATAL;
}
}
}
return 0;
#else
Alert("parsing [%s:%d]: namespace support is not compiled in.",
file, linenum);
return ERR_ALERT | ERR_FATAL;
#endif
}
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
int
cfg_parse_users(const char *file, int linenum, char **args, int kwm)
{
int err_code = 0;
const char *err;
if (!strcmp(args[0], "userlist")) { /* new userlist */
struct userlist *newul;
if (!*args[1]) {
Alert("parsing [%s:%d]: '%s' expects <name> as arguments.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: cfgparse: check section maximum number of arguments This patch checks the number of arguments of the keywords: 'global', 'defaults', 'listen', 'backend', 'frontend', 'peers' and 'userlist' The 'global' section does not take any arguments. Proxy sections does not support bind address as argument anymore. Those sections supports only an <id> argument. The 'defaults' section didn't had any check on its arguments. It takes an optional <name> argument. 'peers' section takes a <peersect> argument. 'userlist' section takes a <listname> argument.
2015-04-28 10:55:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d]: character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
for (newul = userlist; newul; newul = newul->next)
if (!strcmp(newul->name, args[1])) {
Warning("parsing [%s:%d]: ignoring duplicated userlist '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_WARN;
goto out;
}
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
newul = calloc(1, sizeof(*newul));
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
if (!newul) {
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
newul->name = strdup(args[1]);
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
if (!newul->name) {
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
BUG/MINOR: cfgparse: couple of small memory leaks. During the config parse in some code paths, there is some forgotten pointers freeing, and as often, during errors handlings.
2016-04-08 05:35:26 -04:00
free(newul);
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
goto out;
}
newul->next = userlist;
userlist = newul;
} else if (!strcmp(args[0], "group")) { /* new group */
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
int cur_arg;
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
const char *err;
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
struct auth_groups *ag;
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
if (!*args[1]) {
Alert("parsing [%s:%d]: '%s' expects <name> as arguments.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d]: character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
BUG/MEDIUM: cfgparse: segfault when userlist is misused If the 'userlist' keyword parsing returns an error and no userlist were previously created. The parsing of 'user' and 'group' leads to NULL derefence. The userlist pointer is now tested to prevent this issue.
2015-05-28 12:03:51 -04:00
if (!userlist)
goto out;
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
for (ag = userlist->groups; ag; ag = ag->next)
if (!strcmp(ag->name, args[1])) {
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
Warning("parsing [%s:%d]: ignoring duplicated group '%s' in userlist '%s'.\n",
file, linenum, args[1], userlist->name);
err_code |= ERR_ALERT;
goto out;
}
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
ag = calloc(1, sizeof(*ag));
if (!ag) {
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
ag->name = strdup(args[1]);
MINOR: cfgparse: few memory leaks fixes. Some minor memory leak during the config parsing.
2016-08-22 18:27:42 -04:00
if (!ag->name) {
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
MINOR: cfgparse: few memory leaks fixes. Some minor memory leak during the config parsing.
2016-08-22 18:27:42 -04:00
free(ag);
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
goto out;
}
cur_arg = 2;
while (*args[cur_arg]) {
if (!strcmp(args[cur_arg], "users")) {
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
ag->groupusers = strdup(args[cur_arg + 1]);
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
cur_arg += 2;
continue;
} else {
Alert("parsing [%s:%d]: '%s' only supports 'users' option.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
MINOR: cfgparse: few memory leaks fixes. Some minor memory leak during the config parsing.
2016-08-22 18:27:42 -04:00
free(ag->groupusers);
free(ag->name);
free(ag);
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
goto out;
}
}
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
ag->next = userlist->groups;
userlist->groups = ag;
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
} else if (!strcmp(args[0], "user")) { /* new user */
struct auth_users *newuser;
int cur_arg;
if (!*args[1]) {
Alert("parsing [%s:%d]: '%s' expects <name> as arguments.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
BUG/MEDIUM: cfgparse: segfault when userlist is misused If the 'userlist' keyword parsing returns an error and no userlist were previously created. The parsing of 'user' and 'group' leads to NULL derefence. The userlist pointer is now tested to prevent this issue.
2015-05-28 12:03:51 -04:00
if (!userlist)
goto out;
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
for (newuser = userlist->users; newuser; newuser = newuser->next)
if (!strcmp(newuser->user, args[1])) {
Warning("parsing [%s:%d]: ignoring duplicated user '%s' in userlist '%s'.\n",
file, linenum, args[1], userlist->name);
err_code |= ERR_ALERT;
goto out;
}
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
newuser = calloc(1, sizeof(*newuser));
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
if (!newuser) {
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
newuser->user = strdup(args[1]);
newuser->next = userlist->users;
userlist->users = newuser;
cur_arg = 2;
while (*args[cur_arg]) {
if (!strcmp(args[cur_arg], "password")) {
BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported When an unknown encryption algorithm is used in userlists or the password is not pasted correctly in the configuration, http authentication silently fails. An initial check is now performed during the configuration parsing, in order to verify that the encrypted password is supported. An unsupported password will fail with a fatal error. This patch should be backported to 1.4 and 1.5.
2014-08-29 14:20:02 -04:00
#ifdef CONFIG_HAP_CRYPT
if (!crypt("", args[cur_arg + 1])) {
Alert("parsing [%s:%d]: the encrypted password used for user '%s' is not supported by crypt(3).\n",
file, linenum, newuser->user);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
#else
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
Warning("parsing [%s:%d]: no crypt(3) support compiled, encrypted passwords will not work.\n",
file, linenum);
err_code |= ERR_ALERT;
#endif
newuser->pass = strdup(args[cur_arg + 1]);
cur_arg += 2;
continue;
} else if (!strcmp(args[cur_arg], "insecure-password")) {
newuser->pass = strdup(args[cur_arg + 1]);
newuser->flags |= AU_O_INSECURE;
cur_arg += 2;
continue;
} else if (!strcmp(args[cur_arg], "groups")) {
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
newuser->u.groups_names = strdup(args[cur_arg + 1]);
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
cur_arg += 2;
continue;
} else {
Alert("parsing [%s:%d]: '%s' only supports 'password', 'insecure-password' and 'groups' options.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
} else {
Alert("parsing [%s:%d]: unknown keyword '%s' in '%s' section\n", file, linenum, args[0], "users");
err_code |= ERR_ALERT | ERR_FATAL;
}
out:
return err_code;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: cfgparse: Parse scope lines and save the last one parsed A scope is a section name between square bracket, alone on its line, ie: [scope-name] ... The spaces at the beginning and at the end of the line are skipped. Comments at the end of the line are also skipped. When a scope is parsed, its name is saved in the global variable cfg_scope. Initially, cfg_scope is NULL and it remains NULL until a valid scope line is parsed. This feature remains unused in the HAProxy configuration file and undocumented. However, it will be used during SPOE configuration parsing.
2016-11-04 17:36:15 -04:00
int
cfg_parse_scope(const char *file, int linenum, char *line)
{
char *beg, *end, *scope = NULL;
int err_code = 0;
const char *err;
beg = line + 1;
end = strchr(beg, ']');
/* Detect end of scope declaration */
if (!end || end == beg) {
Alert("parsing [%s:%d] : empty scope name is forbidden.\n",
file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
/* Get scope name and check its validity */
scope = my_strndup(beg, end-beg);
err = invalid_char(scope);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in a scope name.\n",
file, linenum, *err);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
/* Be sure to have a scope declaration alone on its line */
line = end+1;
while (isspace((unsigned char)*line))
line++;
if (*line && *line != '#' && *line != '\n' && *line != '\r') {
Alert("parsing [%s:%d] : character '%c' is not permitted after scope declaration.\n",
file, linenum, *line);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
/* We have a valid scope declaration, save it */
free(cfg_scope);
cfg_scope = scope;
scope = NULL;
out:
free(scope);
return err_code;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* This function reads and parses the configuration file given in the argument.
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
* Returns the error code, 0 if OK, or any combination of :
* - ERR_ABORT: must abort ASAP
* - ERR_FATAL: we can continue parsing but not start the service
* - ERR_WARN: a warning has been emitted
* - ERR_ALERT: an alert has been emitted
* Only the two first ones can stop processing, the two others are just
* indicators.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
[CLEANUP] add a few "const char *" where appropriate As suggested by Markus Elfring, a few "const char *" have replaced some "char *" declarations where a function is not expected to modify a value. It does not change the code but it helps detecting coding errors.
2006-10-15 09:17:57 -04:00
int readcfgfile(const char *file)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
MINOR: cfgparse: remove line size limitation Remove the line size limitation of the configuration parser. The buffer is now allocated dynamically and grows when the line is too long.
2015-05-12 08:25:37 -04:00
char *thisline;
int linesize = LINESIZE;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
FILE *f;
int linenum = 0;
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
int err_code = 0;
MEDIUM: config: Dynamic sections. This patch permit to register new sections in the haproxy's configuration file. This run like all the "keyword" registration, it is used during the haproxy initialization, typically with the "__attribute__((constructor))" functions.
2014-03-18 08:54:18 -04:00
struct cfg_section *cs = NULL;
struct cfg_section *ics;
MINOR: cfgparse: remove line size limitation Remove the line size limitation of the configuration parser. The buffer is now allocated dynamically and grows when the line is too long.
2015-05-12 08:25:37 -04:00
int readbytes = 0;
if ((thisline = malloc(sizeof(*thisline) * linesize)) == NULL) {
MEDIUM: cfgparse: expand environment variables Environment variables were expandables only in adresses. Now there are expandables everywhere in the configuration file within double quotes. This patch breaks compatibility with the previous behavior of environment variables in adresses, you must enclose adresses with double quotes to make it work.
2015-05-12 08:27:13 -04:00
Alert("parsing [%s] : out of memory.\n", file);
MINOR: cfgparse: remove line size limitation Remove the line size limitation of the configuration parser. The buffer is now allocated dynamically and grows when the line is too long.
2015-05-12 08:25:37 -04:00
return -1;
}
MEDIUM: config: Dynamic sections. This patch permit to register new sections in the haproxy's configuration file. This run like all the "keyword" registration, it is used during the haproxy initialization, typically with the "__attribute__((constructor))" functions.
2014-03-18 08:54:18 -04:00
BUG/MINOR: cfgparse: couple of small memory leaks. During the config parse in some code paths, there is some forgotten pointers freeing, and as often, during errors handlings.
2016-04-08 05:35:26 -04:00
if ((f=fopen(file,"r")) == NULL) {
free(thisline);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
return -1;
BUG/MINOR: cfgparse: couple of small memory leaks. During the config parse in some code paths, there is some forgotten pointers freeing, and as often, during errors handlings.
2016-04-08 05:35:26 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: cfgparse: expand environment variables Environment variables were expandables only in adresses. Now there are expandables everywhere in the configuration file within double quotes. This patch breaks compatibility with the previous behavior of environment variables in adresses, you must enclose adresses with double quotes to make it work.
2015-05-12 08:27:13 -04:00
next_line:
MINOR: cfgparse: remove line size limitation Remove the line size limitation of the configuration parser. The buffer is now allocated dynamically and grows when the line is too long.
2015-05-12 08:25:37 -04:00
while (fgets(thisline + readbytes, linesize - readbytes, f) != NULL) {
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
int arg, kwm = KWM_STD;
[MEDIUM] Handle long lines properly Currently, there is a hidden line length limit in the haproxy, set to 256-1 chars. With large acls (for example many hdr(host) matches) it may be not enough and which is even worse, error message may be totally confusing as everything above this limit is treated as a next line: echo -ne "frontend aqq 1.2.3.4:80\nmode http\nacl e hdr(host) -i X X X X X X X www.xx.example.com stats\n"| sed s/X/www.some-host-name.example.com/g > ha.cfg && haproxy -c -f ./ha.cfg [WARNING] 300/163906 (11342) : parsing [./ha.cfg:4] : 'stats' ignored because frontend 'aqq' has no backend capability. Recently I hit simmilar problem and it took me a while to find why requests for "stats" are not handled properly. This patch: - makes the limit configurable (LINESIZE) - increases default line length limit from 256 to 2048 - increases MAX_LINE_ARGS from 40 to 64 - fixes hidden assignment in fgets() - moves arg/end/args/line inside the loop, making code auditing easier - adds a check that shows error if the limit is reached - changes "*line++ = 0;" to "*line++ = '\0';" (cosmetics) With this patch, when LINESIZE is defined to 256, above example produces: [ALERT] 300/164724 (27364) : parsing [/tmp/ha.cfg:3]: line too long, limit: 255. [ALERT] 300/164724 (27364) : Error reading configuration file : /tmp/ha.cfg
2007-10-31 19:33:12 -04:00
char *end;
char *args[MAX_LINE_ARGS + 1];
char *line = thisline;
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
int dquote = 0; /* double quote */
int squote = 0; /* simple quote */
[MEDIUM] Handle long lines properly Currently, there is a hidden line length limit in the haproxy, set to 256-1 chars. With large acls (for example many hdr(host) matches) it may be not enough and which is even worse, error message may be totally confusing as everything above this limit is treated as a next line: echo -ne "frontend aqq 1.2.3.4:80\nmode http\nacl e hdr(host) -i X X X X X X X www.xx.example.com stats\n"| sed s/X/www.some-host-name.example.com/g > ha.cfg && haproxy -c -f ./ha.cfg [WARNING] 300/163906 (11342) : parsing [./ha.cfg:4] : 'stats' ignored because frontend 'aqq' has no backend capability. Recently I hit simmilar problem and it took me a while to find why requests for "stats" are not handled properly. This patch: - makes the limit configurable (LINESIZE) - increases default line length limit from 256 to 2048 - increases MAX_LINE_ARGS from 40 to 64 - fixes hidden assignment in fgets() - moves arg/end/args/line inside the loop, making code auditing easier - adds a check that shows error if the limit is reached - changes "*line++ = 0;" to "*line++ = '\0';" (cosmetics) With this patch, when LINESIZE is defined to 256, above example produces: [ALERT] 300/164724 (27364) : parsing [/tmp/ha.cfg:3]: line too long, limit: 255. [ALERT] 300/164724 (27364) : Error reading configuration file : /tmp/ha.cfg
2007-10-31 19:33:12 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
linenum++;
end = line + strlen(line);
MINOR: cfgparse: remove line size limitation Remove the line size limitation of the configuration parser. The buffer is now allocated dynamically and grows when the line is too long.
2015-05-12 08:25:37 -04:00
if (end-line == linesize-1 && *(end-1) != '\n') {
[MEDIUM] Handle long lines properly Currently, there is a hidden line length limit in the haproxy, set to 256-1 chars. With large acls (for example many hdr(host) matches) it may be not enough and which is even worse, error message may be totally confusing as everything above this limit is treated as a next line: echo -ne "frontend aqq 1.2.3.4:80\nmode http\nacl e hdr(host) -i X X X X X X X www.xx.example.com stats\n"| sed s/X/www.some-host-name.example.com/g > ha.cfg && haproxy -c -f ./ha.cfg [WARNING] 300/163906 (11342) : parsing [./ha.cfg:4] : 'stats' ignored because frontend 'aqq' has no backend capability. Recently I hit simmilar problem and it took me a while to find why requests for "stats" are not handled properly. This patch: - makes the limit configurable (LINESIZE) - increases default line length limit from 256 to 2048 - increases MAX_LINE_ARGS from 40 to 64 - fixes hidden assignment in fgets() - moves arg/end/args/line inside the loop, making code auditing easier - adds a check that shows error if the limit is reached - changes "*line++ = 0;" to "*line++ = '\0';" (cosmetics) With this patch, when LINESIZE is defined to 256, above example produces: [ALERT] 300/164724 (27364) : parsing [/tmp/ha.cfg:3]: line too long, limit: 255. [ALERT] 300/164724 (27364) : Error reading configuration file : /tmp/ha.cfg
2007-10-31 19:33:12 -04:00
/* Check if we reached the limit and the last char is not \n.
* Watch out for the last line without the terminating '\n'!
*/
MINOR: cfgparse: remove line size limitation Remove the line size limitation of the configuration parser. The buffer is now allocated dynamically and grows when the line is too long.
2015-05-12 08:25:37 -04:00
char *newline;
int newlinesize = linesize * 2;
newline = realloc(thisline, sizeof(*thisline) * newlinesize);
if (newline == NULL) {
Alert("parsing [%s:%d]: line too long, cannot allocate memory.\n",
file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
continue;
}
readbytes = linesize - 1;
linesize = newlinesize;
thisline = newline;
continue;
[MEDIUM] Handle long lines properly Currently, there is a hidden line length limit in the haproxy, set to 256-1 chars. With large acls (for example many hdr(host) matches) it may be not enough and which is even worse, error message may be totally confusing as everything above this limit is treated as a next line: echo -ne "frontend aqq 1.2.3.4:80\nmode http\nacl e hdr(host) -i X X X X X X X www.xx.example.com stats\n"| sed s/X/www.some-host-name.example.com/g > ha.cfg && haproxy -c -f ./ha.cfg [WARNING] 300/163906 (11342) : parsing [./ha.cfg:4] : 'stats' ignored because frontend 'aqq' has no backend capability. Recently I hit simmilar problem and it took me a while to find why requests for "stats" are not handled properly. This patch: - makes the limit configurable (LINESIZE) - increases default line length limit from 256 to 2048 - increases MAX_LINE_ARGS from 40 to 64 - fixes hidden assignment in fgets() - moves arg/end/args/line inside the loop, making code auditing easier - adds a check that shows error if the limit is reached - changes "*line++ = 0;" to "*line++ = '\0';" (cosmetics) With this patch, when LINESIZE is defined to 256, above example produces: [ALERT] 300/164724 (27364) : parsing [/tmp/ha.cfg:3]: line too long, limit: 255. [ALERT] 300/164724 (27364) : Error reading configuration file : /tmp/ha.cfg
2007-10-31 19:33:12 -04:00
}
MINOR: cfgparse: remove line size limitation Remove the line size limitation of the configuration parser. The buffer is now allocated dynamically and grows when the line is too long.
2015-05-12 08:25:37 -04:00
readbytes = 0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* skip leading spaces */
[CLEANUP] shut warnings 'is*' macros from ctype.h on solaris Solaris visibly uses an array for is*, which returns warnings about the use of signed chars as indexes. Good opportunity to put casts everywhere.
2007-06-17 15:51:38 -04:00
while (isspace((unsigned char)*line))
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
line++;
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
MINOR: cfgparse: Parse scope lines and save the last one parsed A scope is a section name between square bracket, alone on its line, ie: [scope-name] ... The spaces at the beginning and at the end of the line are skipped. Comments at the end of the line are also skipped. When a scope is parsed, its name is saved in the global variable cfg_scope. Initially, cfg_scope is NULL and it remains NULL until a valid scope line is parsed. This feature remains unused in the HAProxy configuration file and undocumented. However, it will be used during SPOE configuration parsing.
2016-11-04 17:36:15 -04:00
if (*line == '[') {/* This is the begining if a scope */
err_code |= cfg_parse_scope(file, linenum, line);
goto next_line;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
arg = 0;
args[arg] = line;
while (*line && arg < MAX_LINE_ARGS) {
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
if (*line == '"' && !squote) { /* double quote outside single quotes */
if (dquote)
dquote = 0;
else
dquote = 1;
BUG/MEDIUM: cfgparse: incorrect memmove in quotes management The size of the memmove was incorrect (one byte too far) in the quotes parser and can lead to segfault during configuration parsing.
2015-05-12 08:01:09 -04:00
memmove(line, line + 1, end - line);
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
end--;
}
else if (*line == '\'' && !dquote) { /* single quote outside double quotes */
if (squote)
squote = 0;
else
squote = 1;
BUG/MEDIUM: cfgparse: incorrect memmove in quotes management The size of the memmove was incorrect (one byte too far) in the quotes parser and can lead to segfault during configuration parsing.
2015-05-12 08:01:09 -04:00
memmove(line, line + 1, end - line);
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
end--;
}
else if (*line == '\\' && !squote) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* first, we'll replace \\, \<space>, \#, \r, \n, \t, \xXX with their
* C equivalent value. Other combinations left unchanged (eg: \1).
*/
int skip = 0;
if (line[1] == ' ' || line[1] == '\\' || line[1] == '#') {
*line = line[1];
skip = 1;
}
else if (line[1] == 'r') {
*line = '\r';
skip = 1;
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (line[1] == 'n') {
*line = '\n';
skip = 1;
}
else if (line[1] == 't') {
*line = '\t';
skip = 1;
}
else if (line[1] == 'x') {
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
if ((line + 3 < end) && ishex(line[2]) && ishex(line[3])) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
unsigned char hex1, hex2;
hex1 = toupper(line[2]) - '0';
hex2 = toupper(line[3]) - '0';
if (hex1 > 9) hex1 -= 'A' - '9' - 1;
if (hex2 > 9) hex2 -= 'A' - '9' - 1;
*line = (hex1<<4) + hex2;
skip = 3;
}
else {
Alert("parsing [%s:%d] : invalid or incomplete '\\x' sequence in '%s'.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
} else if (line[1] == '"') {
*line = '"';
skip = 1;
} else if (line[1] == '\'') {
*line = '\'';
skip = 1;
MEDIUM: cfgparse: expand environment variables Environment variables were expandables only in adresses. Now there are expandables everywhere in the configuration file within double quotes. This patch breaks compatibility with the previous behavior of environment variables in adresses, you must enclose adresses with double quotes to make it work.
2015-05-12 08:27:13 -04:00
} else if (line[1] == '$' && dquote) { /* escaping of $ only inside double quotes */
*line = '$';
skip = 1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
if (skip) {
[BUG] Configuration parser bug when escaping characters Today I was testing headers manipulation but I met a bug with my first test. To reproduce it, add for example this line : rspadd Cache-Control:\ max-age=1500 Check the response header, it will provide : Cache-Control: max-age=15000 <= the last character is duplicated This only happens when we use backslashes on the last line of the configuration file, without returning to the line. Also if the last line is like : rspadd Cache-Control:\ max-age=1500\ the last backslash causes a segfault. This is not due to rspadd but to a more general bug in cfgparse.c : ... if (skip) { memmove(line + 1, line + 1 + skip, end - (line + skip + 1)); end -= skip; } ... should be : ... if (skip) { memmove(line + 1, line + 1 + skip, end - (line + skip)); end -= skip; } ... I've reproduced it with haproxy 1.3.22 and the last 1.4 snapshot.
2009-12-06 07:43:42 -05:00
memmove(line + 1, line + 1 + skip, end - (line + skip));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
end -= skip;
}
line++;
}
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
else if ((!squote && !dquote && *line == '#') || *line == '\n' || *line == '\r') {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* end of string, end of loop */
*line = 0;
break;
}
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
else if (!squote && !dquote && isspace((unsigned char)*line)) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* a non-escaped space is an argument separator */
[MEDIUM] Handle long lines properly Currently, there is a hidden line length limit in the haproxy, set to 256-1 chars. With large acls (for example many hdr(host) matches) it may be not enough and which is even worse, error message may be totally confusing as everything above this limit is treated as a next line: echo -ne "frontend aqq 1.2.3.4:80\nmode http\nacl e hdr(host) -i X X X X X X X www.xx.example.com stats\n"| sed s/X/www.some-host-name.example.com/g > ha.cfg && haproxy -c -f ./ha.cfg [WARNING] 300/163906 (11342) : parsing [./ha.cfg:4] : 'stats' ignored because frontend 'aqq' has no backend capability. Recently I hit simmilar problem and it took me a while to find why requests for "stats" are not handled properly. This patch: - makes the limit configurable (LINESIZE) - increases default line length limit from 256 to 2048 - increases MAX_LINE_ARGS from 40 to 64 - fixes hidden assignment in fgets() - moves arg/end/args/line inside the loop, making code auditing easier - adds a check that shows error if the limit is reached - changes "*line++ = 0;" to "*line++ = '\0';" (cosmetics) With this patch, when LINESIZE is defined to 256, above example produces: [ALERT] 300/164724 (27364) : parsing [/tmp/ha.cfg:3]: line too long, limit: 255. [ALERT] 300/164724 (27364) : Error reading configuration file : /tmp/ha.cfg
2007-10-31 19:33:12 -04:00
*line++ = '\0';
[CLEANUP] shut warnings 'is*' macros from ctype.h on solaris Solaris visibly uses an array for is*, which returns warnings about the use of signed chars as indexes. Good opportunity to put casts everywhere.
2007-06-17 15:51:38 -04:00
while (isspace((unsigned char)*line))
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
line++;
args[++arg] = line;
}
MEDIUM: cfgparse: expand environment variables Environment variables were expandables only in adresses. Now there are expandables everywhere in the configuration file within double quotes. This patch breaks compatibility with the previous behavior of environment variables in adresses, you must enclose adresses with double quotes to make it work.
2015-05-12 08:27:13 -04:00
else if (dquote && *line == '$') {
/* environment variables are evaluated inside double quotes */
char *var_beg;
char *var_end;
char save_char;
char *value;
int val_len;
int newlinesize;
int braces = 0;
var_beg = line + 1;
var_end = var_beg;
if (*var_beg == '{') {
var_beg++;
var_end++;
braces = 1;
}
if (!isalpha((int)(unsigned char)*var_beg) && *var_beg != '_') {
Alert("parsing [%s:%d] : Variable expansion: Unrecognized character '%c' in variable name.\n", file, linenum, *var_beg);
err_code |= ERR_ALERT | ERR_FATAL;
goto next_line; /* skip current line */
}
while (isalnum((int)(unsigned char)*var_end) || *var_end == '_')
var_end++;
save_char = *var_end;
*var_end = '\0';
value = getenv(var_beg);
*var_end = save_char;
val_len = value ? strlen(value) : 0;
if (braces) {
if (*var_end == '}') {
var_end++;
braces = 0;
} else {
Alert("parsing [%s:%d] : Variable expansion: Mismatched braces.\n", file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
goto next_line; /* skip current line */
}
}
newlinesize = (end - thisline) - (var_end - line) + val_len + 1;
/* if not enough space in thisline */
if (newlinesize > linesize) {
char *newline;
newline = realloc(thisline, newlinesize * sizeof(*thisline));
if (newline == NULL) {
Alert("parsing [%s:%d] : Variable expansion: Not enough memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
goto next_line; /* slip current line */
}
/* recompute pointers if realloc returns a new pointer */
if (newline != thisline) {
int i;
int diff;
for (i = 0; i <= arg; i++) {
diff = args[i] - thisline;
args[i] = newline + diff;
}
diff = var_end - thisline;
var_end = newline + diff;
diff = end - thisline;
end = newline + diff;
diff = line - thisline;
line = newline + diff;
thisline = newline;
}
linesize = newlinesize;
}
/* insert value inside the line */
memmove(line + val_len, var_end, end - var_end + 1);
memcpy(line, value, val_len);
end += val_len - (var_end - line);
line += val_len;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else {
line++;
}
}
MEDIUM: cfgparse: expand environment variables Environment variables were expandables only in adresses. Now there are expandables everywhere in the configuration file within double quotes. This patch breaks compatibility with the previous behavior of environment variables in adresses, you must enclose adresses with double quotes to make it work.
2015-05-12 08:27:13 -04:00
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
if (dquote) {
Alert("parsing [%s:%d] : Mismatched double quotes.\n", file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
}
if (squote) {
Alert("parsing [%s:%d] : Mismatched simple quotes.\n", file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* empty line */
if (!**args)
continue;
[BUG] config: fix wrong handling of too large argument count Holger Just reported that running ACLs with too many args caused a segfault during config parsing. This is caused by a wrong test on argument count. In case of too many arguments on a config line, the last one was not correctly zeroed. This is now done and we report the error indicating what part had been truncated. (cherry picked from commit 3b39c1446b9bd842324e87782a836948a07c25a2)
2009-11-09 15:16:53 -05:00
if (*line) {
/* we had to stop due to too many args.
* Let's terminate the string, print the offending part then cut the
* last arg.
*/
while (*line && *line != '#' && *line != '\n' && *line != '\r')
line++;
*line = '\0';
[BUG] format '%d' expects type 'int', but argument 5 has type 'long int' src/cfgparse.c: In function 'readcfgfile': src/cfgparse.c:4087: warning: format '%d' expects type 'int', but argument 5 has type 'long int'
2009-12-15 16:34:51 -05:00
Alert("parsing [%s:%d]: line too long, truncating at word %d, position %ld: <%s>.\n",
[BUG] second fix for the printf format warning Fix 500b8f0349fb52678f5143c49f5a8be5c033a988 fixed the patch for the 64 bit case but caused the opposite type issue to appear on 32 bit platforms. Cast the difference and be done with it since gcc does not agree on type carrying the difference between two pointers on 32 and 64 bit platforms.
2009-12-17 15:12:16 -05:00
file, linenum, arg + 1, (long)(args[arg] - thisline + 1), args[arg]);
[BUG] config: fix wrong handling of too large argument count Holger Just reported that running ACLs with too many args caused a segfault during config parsing. This is caused by a wrong test on argument count. In case of too many arguments on a config line, the last one was not correctly zeroed. This is now done and we report the error indicating what part had been truncated. (cherry picked from commit 3b39c1446b9bd842324e87782a836948a07c25a2)
2009-11-09 15:16:53 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
args[arg] = line;
}
[MEDIUM] ensure that we always have a null word in config It is important when parsing configuration file to ensure that at least one word is empty to mark the end of the line. This will be required with ACLs in order to avoid reading past the end of line.
2007-05-02 14:50:16 -04:00
/* zero out remaining args and ensure that at least one entry
* is zeroed out.
*/
while (++arg <= MAX_LINE_ARGS) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
args[arg] = line;
}
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
/* check for keyword modifiers "no" and "default" */
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
if (!strcmp(args[0], "no")) {
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
char *tmp;
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
kwm = KWM_NO;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
tmp = args[0];
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
for (arg=0; *args[arg+1]; arg++)
args[arg] = args[arg+1]; // shift args after inversion
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
*tmp = '\0'; // fix the next arg to \0
args[arg] = tmp;
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
}
else if (!strcmp(args[0], "default")) {
kwm = KWM_DEF;
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
for (arg=0; *args[arg+1]; arg++)
args[arg] = args[arg+1]; // shift args after inversion
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
if (kwm != KWM_STD && strcmp(args[0], "option") != 0 && \
strcmp(args[0], "log") != 0) {
Alert("parsing [%s:%d]: negation/default currently supported only for options and log.\n", file, linenum);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
}
MEDIUM: config: Dynamic sections. This patch permit to register new sections in the haproxy's configuration file. This run like all the "keyword" registration, it is used during the haproxy initialization, typically with the "__attribute__((constructor))" functions.
2014-03-18 08:54:18 -04:00
/* detect section start */
list_for_each_entry(ics, &sections, list) {
if (strcmp(args[0], ics->section_name) == 0) {
cursection = ics->section_name;
cs = ics;
break;
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* else it's a section keyword */
MEDIUM: config: Dynamic sections. This patch permit to register new sections in the haproxy's configuration file. This run like all the "keyword" registration, it is used during the haproxy initialization, typically with the "__attribute__((constructor))" functions.
2014-03-18 08:54:18 -04:00
if (cs)
err_code |= cs->section_parser(file, linenum, args, kwm);
else {
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
Alert("parsing [%s:%d]: unknown keyword '%s' out of section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
if (err_code & ERR_ABORT)
break;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: cfgparse: Parse scope lines and save the last one parsed A scope is a section name between square bracket, alone on its line, ie: [scope-name] ... The spaces at the beginning and at the end of the line are skipped. Comments at the end of the line are also skipped. When a scope is parsed, its name is saved in the global variable cfg_scope. Initially, cfg_scope is NULL and it remains NULL until a valid scope line is parsed. This feature remains unused in the HAProxy configuration file and undocumented. However, it will be used during SPOE configuration parsing.
2016-11-04 17:36:15 -04:00
free(cfg_scope);
cfg_scope = NULL;
[MINOR] report correct section type for unknown keywords. An unknown keyword was always reported in section "listen" for any section type (defaults, listen, frontend, backend, ...).
2008-01-22 10:44:08 -05:00
cursection = NULL;
MINOR: cfgparse: remove line size limitation Remove the line size limitation of the configuration parser. The buffer is now allocated dynamically and grows when the line is too long.
2015-05-12 08:25:37 -04:00
free(thisline);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
fclose(f);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
return err_code;
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
}
MEDIUM: config: properly propagate process binding between proxies We now recursively propagate the bind-process values between frontends and backends instead of doing it during name resolving. This ensures that we're able to properly propagate all the bind-process directives even across "listen" instances, which are not perfectly covered at the moment, depending on the declaration order.
2014-09-16 06:17:36 -04:00
/* This function propagates processes from frontend <from> to backend <to> so
* that it is always guaranteed that a backend pointed to by a frontend is
* bound to all of its processes. After that, if the target is a "listen"
* instance, the function recursively descends the target's own targets along
MAJOR: config: remove the deprecated reqsetbe / reqisetbe actions These ones were already obsoleted in 1.4, marked for removal in 1.5, and not documented anymore. They used to emit warnings, and do still require quite some code to stay in place. Let's remove them now.
2015-05-26 06:18:29 -04:00
* default_backend and use_backend rules. Since the bits are
MEDIUM: config: properly propagate process binding between proxies We now recursively propagate the bind-process values between frontends and backends instead of doing it during name resolving. This ensures that we're able to properly propagate all the bind-process directives even across "listen" instances, which are not perfectly covered at the moment, depending on the declaration order.
2014-09-16 06:17:36 -04:00
* checked first to ensure that <to> is already bound to all processes of
* <from>, there is no risk of looping and we ensure to follow the shortest
* path to the destination.
*
* It is possible to set <to> to NULL for the first call so that the function
* takes care of visiting the initial frontend in <from>.
*
* It is important to note that the function relies on the fact that all names
* have already been resolved.
*/
void propagate_processes(struct proxy *from, struct proxy *to)
{
struct switching_rule *rule;
if (to) {
/* check whether we need to go down */
if (from->bind_proc &&
(from->bind_proc & to->bind_proc) == from->bind_proc)
return;
if (!from->bind_proc && !to->bind_proc)
return;
to->bind_proc = from->bind_proc ?
(to->bind_proc | from->bind_proc) : 0;
/* now propagate down */
from = to;
}
BUG/MINOR: config: fix typo in condition when propagating process binding propagate_processes() has a typo in a condition : if (!from->cap & PR_CAP_FE) return; The return is never taken because each proxy has at least one capability so !from->cap always evaluates to zero. Most of the time the caller already checks that <from> is a frontend. In the cases where it's not tested (use_backend, reqsetbe), the rules have been checked for the context to be a frontend as well, so in the end it had no nasty side effect. This should be backported to 1.5.
2014-12-18 07:56:26 -05:00
if (!(from->cap & PR_CAP_FE))
MEDIUM: config: properly propagate process binding between proxies We now recursively propagate the bind-process values between frontends and backends instead of doing it during name resolving. This ensures that we're able to properly propagate all the bind-process directives even across "listen" instances, which are not perfectly covered at the moment, depending on the declaration order.
2014-09-16 06:17:36 -04:00
return;
BUG/MEDIUM: config: do not propagate processes between stopped processes Immo Goltz reported a case of segfault while parsing the config where we try to propagate processes across stopped frontends (those with a "disabled" statement). The fix is trivial. The workaround consists in commenting out these frontends, although not always easy. This fix must be backported to 1.5.
2014-12-18 08:00:43 -05:00
if (from->state == PR_STSTOPPED)
return;
MEDIUM: config: properly propagate process binding between proxies We now recursively propagate the bind-process values between frontends and backends instead of doing it during name resolving. This ensures that we're able to properly propagate all the bind-process directives even across "listen" instances, which are not perfectly covered at the moment, depending on the declaration order.
2014-09-16 06:17:36 -04:00
/* default_backend */
if (from->defbe.be)
propagate_processes(from, from->defbe.be);
/* use_backend */
list_for_each_entry(rule, &from->switching_rules, list) {
BUG/MINOR: config: don't propagate process binding for dynamic use_backend A segfault was reported with the introduction of the propagate_processes() function. It was caused when a use_backend rule was declared with a dynamic name, using a log-format string. The backend is not resolved during the configuration, which lead to the segfault. The patch prevents the process binding propagation for such dynamic rules, it should also be backported to 1.5.
2014-10-02 13:56:25 -04:00
if (rule->dynamic)
continue;
MEDIUM: config: properly propagate process binding between proxies We now recursively propagate the bind-process values between frontends and backends instead of doing it during name resolving. This ensures that we're able to properly propagate all the bind-process directives even across "listen" instances, which are not perfectly covered at the moment, depending on the declaration order.
2014-09-16 06:17:36 -04:00
to = rule->be.backend;
propagate_processes(from, to);
}
}
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
/*
* Returns the error code, 0 if OK, or any combination of :
* - ERR_ABORT: must abort ASAP
* - ERR_FATAL: we can continue parsing but not start the service
* - ERR_WARN: a warning has been emitted
* - ERR_ALERT: an alert has been emitted
* Only the two first ones can stop processing, the two others are just
* indicators.
*/
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
int check_config_validity()
{
int cfgerr = 0;
struct proxy *curproxy = NULL;
struct server *newsrv = NULL;
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
int err_code = 0;
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
unsigned int next_pxid = 1;
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
struct bind_conf *bind_conf;
MEDIUM: log-format: Use standard HAProxy log system to report errors The function log format emit its own error message using Alert(). This patch replaces this behavior and uses the standard HAProxy error system (with memprintf). The benefits are: - cleaning the log system - the logformat can ignore the caller (actually the caller must set a flag designing the caller function). - Make the usage of the logformat function easy for future components.
2016-11-22 18:41:28 -05:00
char *err;
MAJOR/REORG: dns: DNS resolution task and requester queues This patch is a major upgrade of the internal run-time DNS resolver in HAProxy and it brings the following 2 main changes: 1. DNS resolution task Up to now, DNS resolution was triggered by the health check task. From now, DNS resolution task is autonomous. It is started by HAProxy right after the scheduler is available and it is woken either when a network IO occurs for one of its nameserver or when a timeout is matched. From now, this means we can enable DNS resolution for a server without enabling health checking. 2. Introduction of a dns_requester structure Up to now, DNS resolution was purposely made for resolving server hostnames. The idea, is to ensure that any HAProxy internal object should be able to trigger a DNS resolution. For this purpose, 2 things has to be done: - clean up the DNS code from the server structure (this was already quite clean actually) and clean up the server's callbacks from manipulating too much DNS resolution - create an agnostic structure which allows linking a DNS resolution and a requester of any type (using obj_type enum) 3. Manage requesters through queues Up to now, there was an uniq relationship between a resolution and it's owner (aka the requester now). It's a shame, because in some cases, multiple objects may share the same hostname and may benefit from a resolution being performed by a third party. This patch introduces the notion of queues, which are basically lists of either currently running resolution or waiting ones. The resolutions are now available as a pool, which belongs to the resolvers. The pool has has a default size of 64 resolutions per resolvers and is allocated at configuration parsing.
2017-05-22 09:17:15 -04:00
struct dns_resolvers *curr_resolvers;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
bind_conf = NULL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* Now, check for the integrity of all that we have collected.
*/
/* will be needed further to delay some tasks */
[MEDIUM] further improve monotonic clock by check forward jumps The first implementation of the monotonic clock did not verify forward jumps. The consequence is that a fast changing time may expire a lot of tasks. While it does seem minor, in fact it is problematic because most machines which boot with a wrong date are in the past and suddenly see their time jump by several years in the future. The solution is to check if we spent more apparent time in a poller than allowed (with a margin applied). The margin is currently set to 1000 ms. It should be large enough for any poll() to complete. Tests with randomly jumping clock show that the result is quite accurate (error less than 1 second at every change of more than one second).
2008-06-23 08:00:57 -04:00
tv_update_date(0,1);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: http: allow the cookie capture size to be changed Some users need more than 64 characters to log large cookies. The limit was set to 63 characters (and not 64 as previously documented). Now it is possible to change this using the global "tune.http.cookielen" setting if required.
2012-11-21 18:17:38 -05:00
if (!global.tune.max_http_hdr)
global.tune.max_http_hdr = MAX_HTTP_HDR;
if (!global.tune.cookie_len)
global.tune.cookie_len = CAPTURE_LEN;
MINOR: log: Add logurilen tunable. The default len of request uri in log messages is 1024. In some use cases, you need to keep the long trail of GET parameters. The only way to increase this len is to recompile with DEFINE=-DREQURI_LEN=2048. This commit introduces a tune.http.logurilen configuration directive, allowing to tune this at runtime.
2017-05-18 02:58:41 -04:00
if (!global.tune.requri_len)
global.tune.requri_len = REQURI_LEN;
BUG/MAJOR: http: fix buffer overflow on loguri buffer. The pool used to log the uri was created with a size of 0 because the configuration and 'tune.http.logurilen' were parsed too earlier. The fix consist to postpone the pool_create as it is done for cookie captures. Regression introduced with 'MINOR: log: Add logurilen tunable'
2017-07-05 07:33:16 -04:00
pool2_requri = create_pool("requri", global.tune.requri_len , MEM_F_SHARED);
MINOR: http: allow the cookie capture size to be changed Some users need more than 64 characters to log large cookies. The limit was set to 63 characters (and not 64 as previously documented). Now it is possible to change this using the global "tune.http.cookielen" setting if required.
2012-11-21 18:17:38 -05:00
pool2_capture = create_pool("capture", global.tune.cookie_len, MEM_F_SHARED);
MAJOR/REORG: dns: DNS resolution task and requester queues This patch is a major upgrade of the internal run-time DNS resolver in HAProxy and it brings the following 2 main changes: 1. DNS resolution task Up to now, DNS resolution was triggered by the health check task. From now, DNS resolution task is autonomous. It is started by HAProxy right after the scheduler is available and it is woken either when a network IO occurs for one of its nameserver or when a timeout is matched. From now, this means we can enable DNS resolution for a server without enabling health checking. 2. Introduction of a dns_requester structure Up to now, DNS resolution was purposely made for resolving server hostnames. The idea, is to ensure that any HAProxy internal object should be able to trigger a DNS resolution. For this purpose, 2 things has to be done: - clean up the DNS code from the server structure (this was already quite clean actually) and clean up the server's callbacks from manipulating too much DNS resolution - create an agnostic structure which allows linking a DNS resolution and a requester of any type (using obj_type enum) 3. Manage requesters through queues Up to now, there was an uniq relationship between a resolution and it's owner (aka the requester now). It's a shame, because in some cases, multiple objects may share the same hostname and may benefit from a resolution being performed by a third party. This patch introduces the notion of queues, which are basically lists of either currently running resolution or waiting ones. The resolutions are now available as a pool, which belongs to the resolvers. The pool has has a default size of 64 resolutions per resolvers and is allocated at configuration parsing.
2017-05-22 09:17:15 -04:00
/* allocate pool of resolution per resolvers */
list_for_each_entry(curr_resolvers, &dns_resolvers, list) {
if (dns_alloc_resolution_pool(curr_resolvers) != 0) {
/* error message is already displayed by dns_alloc_resolution_pool() */
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
}
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
/* Post initialisation of the users and groups lists. */
err_code = userlist_postinit();
if (err_code != ERR_NONE)
goto out;
[MEDIUM] reverse internal proxy declaration order to match configuration People are regularly complaining that proxies are linked in reverse order when reading the stats. This is now definitely fixed because the proxy order is now fixed to match configuration order.
2009-03-15 09:51:53 -04:00
/* first, we will invert the proxy list order */
curproxy = NULL;
while (proxy) {
struct proxy *next;
next = proxy->next;
proxy->next = curproxy;
curproxy = proxy;
if (!next)
break;
proxy = next;
}
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
struct switching_rule *rule;
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
struct server_rule *srule;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
struct sticking_rule *mrule;
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
struct act_rule *trule;
struct act_rule *hrqrule;
MEDIUM: logs: add support for RFC5424 header format per logger The function __send_log() iterates over senders and passes the header as the first vector to sendmsg(), thus it can send a logger-specific header in each message. A new logger arguments "format rfc5424" should be used in order to enable RFC5424 header format. For example: log 10.2.3.4:1234 len 2048 format rfc5424 local2 info
2015-09-22 10:05:32 -04:00
struct logsrv *tmplogsrv;
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
unsigned int next_id;
MEDIUM: adjust the maxaccept per listener depending on the number of processes global.tune.maxaccept was used for all listeners. This becomes really not convenient when some listeners are bound to a single process and other ones are bound to many processes. Now we change the principle : we count the number of processes a listener is bound to, and apply the maxaccept either entirely if there is a single process, or divided by twice the number of processes in order to maintain fairness. The default limit has also been increased from 32 to 64 as it appeared that on small machines, 32 was too low to achieve high connection rates.
2012-11-19 06:39:59 -05:00
int nbproc;
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
MEDIUM: proxy: add the global frontend to the list of normal proxies Since recent changes on the global frontend, it was not possible anymore to soft-reload a process which had a stats socket because the socket would not be disabled upon reload. The only solution to this endless madness is to have the global frontend part of normal proxies. Since we don't want to get an ID that shifts all other proxies and causes trouble in deployed environments, we assign it ID #0 which other proxies can't grab, and we don't report it in the stats pages.
2012-10-04 02:47:34 -04:00
if (curproxy->uuid < 0) {
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
/* proxy ID not set, use automatic numbering with first
* spare entry starting with next_pxid.
*/
next_pxid = get_next_id(&used_proxy_id, next_pxid);
curproxy->conf.id.key = curproxy->uuid = next_pxid;
eb32_insert(&used_proxy_id, &curproxy->conf.id);
}
[BUG] pxid/puid/luid: don't shift IDs when some of them are forced [WT: it was not a bug, I did it on purpose to leave no hole between IDs, though it's not very practical when admins want to force some entries after they have been used, because they'd rather leave a hole than renumber everything ] Forcing some of IDs should not shift others. Regression introduced in 53fb4ae261b6e0e33e618f5cabbacc1657c19cc5 ---cut here--- global stats socket /home/ole/haproxy.stat user ole group ole mode 660 frontend F1 bind 127.0.0.1:9999 mode http backend B1 mode http backend B2 mode http id 9999 backend B3 mode http backend B4 mode http ---cut here--- Before 53fb4ae261b6e0e33e618f5cabbacc1657c19cc5: $ echo "show stat" | socat unix-connect:/home/ole/haproxy.stat stdio|cut -d , -f 28 iid 1 2 9999 4 5 After 53fb4ae261b6e0e33e618f5cabbacc1657c19cc5: $ echo "show stat" | socat unix-connect:/home/ole/haproxy.stat stdio|cut -d , -f 28 iid 1 2 9999 3 4 With this patch: $ echo "show stat" | socat unix-connect:/home/ole/haproxy.stat stdio|cut -d , -f 28 iid 1 2 9999 4 5
2010-02-05 14:58:27 -05:00
next_pxid++;
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (curproxy->state == PR_STSTOPPED) {
[BUG] ensure that listeners from disabled proxies are correctly unbound. There is a problem when an instance is marked "disabled". Its ports are still bound but will not be unbound upon termination. This causes processes to accumulate during soft restarts, and might even cause failures to restart new ones due to the inability to bind to the same port. The ideal solution would be to bind all ports at the end of the configuration parsing. An acceptable workaround is to unbind all listeners of disabled proxies. This is what the current patch does. (cherry picked from commit a944218e9c1d5ff1aca34609146389dc680335b7) (cherry picked from commit 8cfebbb82b87345bade831920177077e7d25840a)
2008-10-12 06:07:48 -04:00
/* ensure we don't keep listeners uselessly bound */
stop_proxy(curproxy);
BUG/MINOR: config: clear proxy->table.peers.p for disabled proxies If a table in a disabled proxy references a peers section, the peers name is not resolved to a pointer to a table, but since it belongs to a union, it can later be dereferenced. Right now it seems it cannot happen, but it definitely will after the pending changes. It doesn't cost anything to backport this into 1.5, it will make gdb sessions less head-scratching.
2015-05-01 13:59:56 -04:00
free((void *)curproxy->table.peers.name);
curproxy->table.peers.p = NULL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
continue;
}
MEDIUM: config: check the bind-process settings according to nbproc When a bind-process setting is present in a frontend or backend, we now verify that the specified process range at least shares one common process with those defined globally by nbproc. Then if the value is set, it is reduced to the one enforced by nbproc. A warning is emitted if process count does not match, and the fix is done the following way : - if a single process was specified in the range, it's remapped to process #1 - if more than one process was specified, the binding is removed and all processes are usable. Note that since backends may inherit their settings from frontends, depending on the declaration order, they may or may not be reported as warnings.
2014-05-07 17:56:38 -04:00
/* Check multi-process mode compatibility for the current proxy */
if (curproxy->bind_proc) {
/* an explicit bind-process was specified, let's check how many
* processes remain.
*/
BUILD/MINOR: tools: rename popcount to my_popcountl This is in order to avoid conflicting with NetBSD popcount* functions since 6.x release, the final l to mentions the argument is a long like NetBSD does. This patch could be backported to 1.5 to fix the build issue there as well.
2015-07-02 03:00:17 -04:00
nbproc = my_popcountl(curproxy->bind_proc);
MEDIUM: config: check the bind-process settings according to nbproc When a bind-process setting is present in a frontend or backend, we now verify that the specified process range at least shares one common process with those defined globally by nbproc. Then if the value is set, it is reduced to the one enforced by nbproc. A warning is emitted if process count does not match, and the fix is done the following way : - if a single process was specified in the range, it's remapped to process #1 - if more than one process was specified, the binding is removed and all processes are usable. Note that since backends may inherit their settings from frontends, depending on the declaration order, they may or may not be reported as warnings.
2014-05-07 17:56:38 -04:00
curproxy->bind_proc &= nbits(global.nbproc);
if (!curproxy->bind_proc && nbproc == 1) {
Warning("Proxy '%s': the process specified on the 'bind-process' directive refers to a process number that is higher than global.nbproc. The proxy has been forced to run on process 1 only.\n", curproxy->id);
curproxy->bind_proc = 1;
}
else if (!curproxy->bind_proc && nbproc > 1) {
Warning("Proxy '%s': all processes specified on the 'bind-process' directive refer to numbers that are all higher than global.nbproc. The directive was ignored and the proxy will run on all processes.\n", curproxy->id);
curproxy->bind_proc = 0;
}
}
MEDIUM: listener: inherit the process mask from the proxy When a process list is specified on either the proxy or the bind lines, the latter is refined to the intersection of the two. A warning is emitted if no intersection is found, and the situation is fixed by either falling back to the first process of the proxy or to all processes.
2014-05-09 11:06:11 -04:00
/* check and reduce the bind-proc of each listener */
list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
unsigned long mask;
if (!bind_conf->bind_proc)
continue;
mask = nbits(global.nbproc);
if (curproxy->bind_proc)
mask &= curproxy->bind_proc;
/* mask cannot be null here thanks to the previous checks */
BUILD/MINOR: tools: rename popcount to my_popcountl This is in order to avoid conflicting with NetBSD popcount* functions since 6.x release, the final l to mentions the argument is a long like NetBSD does. This patch could be backported to 1.5 to fix the build issue there as well.
2015-07-02 03:00:17 -04:00
nbproc = my_popcountl(bind_conf->bind_proc);
MEDIUM: listener: inherit the process mask from the proxy When a process list is specified on either the proxy or the bind lines, the latter is refined to the intersection of the two. A warning is emitted if no intersection is found, and the situation is fixed by either falling back to the first process of the proxy or to all processes.
2014-05-09 11:06:11 -04:00
bind_conf->bind_proc &= mask;
if (!bind_conf->bind_proc && nbproc == 1) {
Warning("Proxy '%s': the process number specified on the 'process' directive of 'bind %s' at [%s:%d] refers to a process not covered by the proxy. This has been fixed by forcing it to run on the proxy's first process only.\n",
curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
bind_conf->bind_proc = mask & ~(mask - 1);
}
else if (!bind_conf->bind_proc && nbproc > 1) {
Warning("Proxy '%s': the process range specified on the 'process' directive of 'bind %s' at [%s:%d] only refers to processes not covered by the proxy. The directive was ignored so that all of the proxy's processes are used.\n",
curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
bind_conf->bind_proc = 0;
}
}
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
switch (curproxy->mode) {
case PR_MODE_HEALTH:
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
cfgerr += proxy_cfg_ensure_no_http(curproxy);
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
if (!(curproxy->cap & PR_CAP_FE)) {
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
Alert("config : %s '%s' cannot be in health mode as it has no frontend capability.\n",
proxy_type_str(curproxy), curproxy->id);
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
cfgerr++;
}
if (curproxy->srv != NULL)
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
Warning("config : servers will be ignored for %s '%s'.\n",
proxy_type_str(curproxy), curproxy->id);
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
break;
case PR_MODE_TCP:
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
cfgerr += proxy_cfg_ensure_no_http(curproxy);
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
break;
case PR_MODE_HTTP:
MEDIUM: proxy: remove acl_requires and just keep a flag "http_needed" Proxy's acl_requires was a copy of all bits taken from ACLs, but we'll get rid of ACL flags and only rely on sample fetches soon. The proxy's acl_requires was only used to allocate an HTTP context when needed, and was even forced in HTTP mode. So better have a flag which exactly says what it's supposed to be used for.
2013-03-24 02:22:08 -04:00
curproxy->http_needed = 1;
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
break;
}
MEDIUM: config: emit a warning on a frontend without listener Commit c6678e2 ("MEDIUM: config: authorize frontend and listen without bind") completely removed the test for bind lines in frontends in order to make it easier for automated tools to generate configs (eg: replacing a bind with another one passing via a temporary config without any bind line). The problem is that some common mistakes are totally hidden now. For example, this apparently valid entry is silently ignored : listen 1.2.3.4:8000 server s1 127.0.0.1:8000 Hint: 1.2.3.4:8000 is mistakenly the proxy name here. Thus instead we now emit a warning to indicate that a frontend was found with no listener. This should be backported to 1.5 to help spot abnormal configurations.
2015-08-11 05:36:45 -04:00
if ((curproxy->cap & PR_CAP_FE) && LIST_ISEMPTY(&curproxy->conf.listeners)) {
Warning("config : %s '%s' has no 'bind' directive. Please declare it as a backend if this was intended.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
}
[MINOR] cfgparse: set backends to "balance roundrobin" by default When a backend has no LB algo specified and is not in dispatch, proxy nor transparent mode, use "balance roundrobin" by default instead of complaining. This will be particularly useful with stats and redirects.
2009-03-15 09:06:41 -04:00
if ((curproxy->cap & PR_CAP_BE) && (curproxy->mode != PR_MODE_HEALTH)) {
[MINOR] backend: separate declarations of LB algos from their lookup method LB algo macros were composed of the LB algo by itself without any indication of the method to use to look up a server (the lb function itself). This method was implied by the LB algo, which was not very convenient to add more algorithms. Now we have several fields in the LB macros, some to describe what to look for in the requests, some to describe how to transform that (kind of algo) and some to describe what lookup function to use. The next patch will make it possible to factor out some code for all algos which rely on a map.
2009-10-03 06:21:20 -04:00
if (curproxy->lbprm.algo & BE_LB_KIND) {
[MINOR] cfgparse: set backends to "balance roundrobin" by default When a backend has no LB algo specified and is not in dispatch, proxy nor transparent mode, use "balance roundrobin" by default instead of complaining. This will be particularly useful with stats and redirects.
2009-03-15 09:06:41 -04:00
if (curproxy->options & PR_O_TRANSP) {
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
Alert("config : %s '%s' cannot use both transparent and balance mode.\n",
proxy_type_str(curproxy), curproxy->id);
[MINOR] cfgparse: set backends to "balance roundrobin" by default When a backend has no LB algo specified and is not in dispatch, proxy nor transparent mode, use "balance roundrobin" by default instead of complaining. This will be particularly useful with stats and redirects.
2009-03-15 09:06:41 -04:00
cfgerr++;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#ifdef WE_DONT_SUPPORT_SERVERLESS_LISTENERS
[MINOR] cfgparse: set backends to "balance roundrobin" by default When a backend has no LB algo specified and is not in dispatch, proxy nor transparent mode, use "balance roundrobin" by default instead of complaining. This will be particularly useful with stats and redirects.
2009-03-15 09:06:41 -04:00
else if (curproxy->srv == NULL) {
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
Alert("config : %s '%s' needs at least 1 server in balance mode.\n",
proxy_type_str(curproxy), curproxy->id);
[MINOR] cfgparse: set backends to "balance roundrobin" by default When a backend has no LB algo specified and is not in dispatch, proxy nor transparent mode, use "balance roundrobin" by default instead of complaining. This will be particularly useful with stats and redirects.
2009-03-15 09:06:41 -04:00
cfgerr++;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
else if (curproxy->options & PR_O_DISPATCH) {
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
Warning("config : dispatch address of %s '%s' will be ignored in balance mode.\n",
proxy_type_str(curproxy), curproxy->id);
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
err_code |= ERR_WARN;
[MINOR] cfgparse: set backends to "balance roundrobin" by default When a backend has no LB algo specified and is not in dispatch, proxy nor transparent mode, use "balance roundrobin" by default instead of complaining. This will be particularly useful with stats and redirects.
2009-03-15 09:06:41 -04:00
}
}
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
else if (!(curproxy->options & (PR_O_TRANSP | PR_O_DISPATCH | PR_O_HTTP_PROXY))) {
[MINOR] cfgparse: set backends to "balance roundrobin" by default When a backend has no LB algo specified and is not in dispatch, proxy nor transparent mode, use "balance roundrobin" by default instead of complaining. This will be particularly useful with stats and redirects.
2009-03-15 09:06:41 -04:00
/* If no LB algo is set in a backend, and we're not in
* transparent mode, dispatch mode nor proxy mode, we
* want to use balance roundrobin by default.
*/
curproxy->lbprm.algo &= ~BE_LB_ALGO;
curproxy->lbprm.algo |= BE_LB_ALGO_RR;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
[MEDIUM] fix configuration sanity checks for TCP listeners A log chain of if/else prevented many sanity checks from being performed on TCP listeners, resulting in dangerous configs being accepted. Removed the offending 'else'.
2007-09-17 04:17:23 -04:00
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
if (curproxy->options & PR_O_DISPATCH)
curproxy->options &= ~(PR_O_TRANSP | PR_O_HTTP_PROXY);
else if (curproxy->options & PR_O_HTTP_PROXY)
curproxy->options &= ~(PR_O_DISPATCH | PR_O_TRANSP);
else if (curproxy->options & PR_O_TRANSP)
curproxy->options &= ~(PR_O_DISPATCH | PR_O_HTTP_PROXY);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
if ((curproxy->options2 & PR_O2_CHK_ANY) != PR_O2_HTTP_CHK) {
if (curproxy->options & PR_O_DISABLE404) {
Warning("config : '%s' will be ignored for %s '%s' (requires 'option httpchk').\n",
"disable-on-404", proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
curproxy->options &= ~PR_O_DISABLE404;
}
if (curproxy->options2 & PR_O2_CHK_SNDST) {
Warning("config : '%s' will be ignored for %s '%s' (requires 'option httpchk').\n",
"send-state", proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
curproxy->options &= ~PR_O2_CHK_SNDST;
}
[MINOR] checks: add the server's status in the checks Now a server can check the contents of the header X-Haproxy-Server-State to know how haproxy sees it. The same values as those reported in the stats are provided : - up/down status + check counts - throttle - weight vs backend weight - active sessions vs backend sessions - queue length - haproxy node name
2010-01-27 05:53:01 -05:00
}
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
if ((curproxy->options2 & PR_O2_CHK_ANY) == PR_O2_EXT_CHK) {
if (!global.external_check) {
Alert("Proxy '%s' : '%s' unable to find required 'global.external-check'.\n",
curproxy->id, "option external-check");
cfgerr++;
}
if (!curproxy->check_command) {
Alert("Proxy '%s' : '%s' unable to find required 'external-check command'.\n",
curproxy->id, "option external-check");
cfgerr++;
}
}
MEDIUM: Allow suppression of email alerts by log level This patch adds a new option which allows configuration of the maximum log level of messages for which email alerts will be sent. The default is alert which is more restrictive than the current code which sends email alerts for all priorities. That behaviour may be configured using the new configuration option to set the maximum level to notice or greater. email-alert level notice Signed-off-by: Simon Horman <horms@verge.net.au>
2015-02-05 21:11:57 -05:00
if (curproxy->email_alert.set) {
MEDIUM: Support sending email alerts Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:23:00 -05:00
if (!(curproxy->email_alert.mailers.name && curproxy->email_alert.from && curproxy->email_alert.to)) {
Warning("config : 'email-alert' will be ignored for %s '%s' (the presence any of "
MINOR cfgparse: Correct the mailer warning text to show the right names to the user
2015-08-16 18:45:05 -04:00
"'email-alert from', 'email-alert level' 'email-alert mailers', "
"'email-alert myhostname', or 'email-alert to' "
"requires each of 'email-alert from', 'email-alert mailers' and 'email-alert to' "
MEDIUM: Support sending email alerts Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:23:00 -05:00
"to be present).\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
free_email_alert(curproxy);
}
if (!curproxy->email_alert.myhostname)
BUG/MINOR: checks: email-alert causes a segfault when an unknown mailers section is configured A segfault can occur during at the initialization phase, when an unknown "mailers" name is configured. This happens when "email-alert myhostname" is not set, where a direct pointer to an array is used instead of copying the string, causing the segfault when haproxy tries to free the memory. This is a minor issue because the configuration is invalid and a fatal error will remain, but it should be fixed to prevent reload issues. Example of minimal configuration to reproduce the bug : backend example email-alert mailers NOT_FOUND email-alert from foo@localhost email-alert to bar@localhost This fix must be backported to 1.6.
2015-12-03 21:07:07 -05:00
curproxy->email_alert.myhostname = strdup(hostname);
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
}
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
if (curproxy->check_command) {
int clear = 0;
if ((curproxy->options2 & PR_O2_CHK_ANY) != PR_O2_EXT_CHK) {
Warning("config : '%s' will be ignored for %s '%s' (requires 'option external-check').\n",
"external-check command", proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
clear = 1;
}
if (curproxy->check_command[0] != '/' && !curproxy->check_path) {
BUG: config: external-check command validation is checking for incorrect arguments. When using the external-check command option HAProxy was failing to start with a fatal error "'external-check' cannot handle unexpected argument". When looking at the code it was looking for an incorrect argument. Also correcting an Alert message text as spotted by by PiBa-NL.
2015-09-16 07:07:51 -04:00
Alert("Proxy '%s': '%s' does not have a leading '/' and 'external-check path' is not set.\n",
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
curproxy->id, "external-check command");
cfgerr++;
}
if (clear) {
free(curproxy->check_command);
curproxy->check_command = NULL;
}
}
if (curproxy->check_path) {
if ((curproxy->options2 & PR_O2_CHK_ANY) != PR_O2_EXT_CHK) {
Warning("config : '%s' will be ignored for %s '%s' (requires 'option external-check').\n",
"external-check path", proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
free(curproxy->check_path);
curproxy->check_path = NULL;
}
}
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
/* if a default backend was specified, let's find it */
if (curproxy->defbe.name) {
struct proxy *target;
MEDIUM: config: clarify the conflicting modes detection for backend rules We don't use findproxy_mode() anymore so we can check the conflicting modes and report the anomalies accordingly with line numbers and more explicit details.
2015-05-26 06:04:09 -04:00
target = proxy_be_by_name(curproxy->defbe.name);
[MEDIUM] Implement and use generic findproxy and relax duplicated proxy check This patch: - adds proxy_mode_str() similar to proxy_type_str() - adds a generic findproxy function used with default_backend/setbe/use_backed - rewrite default_backend/senbe/use_backed to use introduced findproxy() - relaxes duplicated proxy check - changes capabilities displaying from "%X" to "%s" with a call to proxy_type_str()
2007-11-03 18:41:58 -04:00
if (!target) {
Alert("Proxy '%s': unable to find required default_backend: '%s'.\n",
curproxy->id, curproxy->defbe.name);
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
cfgerr++;
} else if (target == curproxy) {
[MEDIUM] Implement and use generic findproxy and relax duplicated proxy check This patch: - adds proxy_mode_str() similar to proxy_type_str() - adds a generic findproxy function used with default_backend/setbe/use_backed - rewrite default_backend/senbe/use_backed to use introduced findproxy() - relaxes duplicated proxy check - changes capabilities displaying from "%X" to "%s" with a call to proxy_type_str()
2007-11-03 18:41:58 -04:00
Alert("Proxy '%s': loop detected for default_backend: '%s'.\n",
curproxy->id, curproxy->defbe.name);
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
cfgerr++;
MEDIUM: config: clarify the conflicting modes detection for backend rules We don't use findproxy_mode() anymore so we can check the conflicting modes and report the anomalies accordingly with line numbers and more explicit details.
2015-05-26 06:04:09 -04:00
} else if (target->mode != curproxy->mode &&
!(curproxy->mode == PR_MODE_TCP && target->mode == PR_MODE_HTTP)) {
Alert("%s %s '%s' (%s:%d) tries to use incompatible %s %s '%s' (%s:%d) as its default backend (see 'mode').\n",
proxy_mode_str(curproxy->mode), proxy_type_str(curproxy), curproxy->id,
curproxy->conf.file, curproxy->conf.line,
proxy_mode_str(target->mode), proxy_type_str(target), target->id,
target->conf.file, target->conf.line);
cfgerr++;
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
} else {
free(curproxy->defbe.name);
curproxy->defbe.be = target;
OPTIM/MINOR: config: Optimize fullconn automatic computation loading configuration The previous version used an O(number of proxies)^2 algo to get the sum of the number of maxconns of frontends which reference a backend at least once. This new version adds the frontend's maxconn number to the backend's struct proxy member 'tot_fe_maxconn' when the backend name is resolved for switching rules or default_backend statment. At the end, the final backend's fullconn is computed looping only one time for all on proxies O(n). The load of a configuration using a large amount of backends (10 thousands) without configured fullconn was reduced from several minutes to few seconds.
2017-01-12 05:21:28 -05:00
/* Update tot_fe_maxconn for a further fullconn's computation */
target->tot_fe_maxconn += curproxy->maxconn;
MINOR: config: emit a warning when 'default_backend' masks servers When a "listen" instance uses a "default_backned" rule and has servers, the servers will never be used. Report it so that users don't get trapped.
2012-02-13 08:32:34 -05:00
/* Emit a warning if this proxy also has some servers */
if (curproxy->srv) {
Warning("In proxy '%s', the 'default_backend' rule always has precedence over the servers, which will never be used.\n",
curproxy->id);
err_code |= ERR_WARN;
}
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
}
}
OPTIM/MINOR: config: Optimize fullconn automatic computation loading configuration The previous version used an O(number of proxies)^2 algo to get the sum of the number of maxconns of frontends which reference a backend at least once. This new version adds the frontend's maxconn number to the backend's struct proxy member 'tot_fe_maxconn' when the backend name is resolved for switching rules or default_backend statment. At the end, the final backend's fullconn is computed looping only one time for all on proxies O(n). The load of a configuration using a large amount of backends (10 thousands) without configured fullconn was reduced from several minutes to few seconds.
2017-01-12 05:21:28 -05:00
if (!curproxy->defbe.be && (curproxy->cap & PR_CAP_LISTEN) == PR_CAP_LISTEN) {
/* Case of listen without default backend
* The curproxy will be its own default backend
* so we update tot_fe_maxconn for a further
* fullconn's computation */
curproxy->tot_fe_maxconn += curproxy->maxconn;
}
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
/* find the target proxy for 'use_backend' rules */
list_for_each_entry(rule, &curproxy->switching_rules, list) {
struct proxy *target;
MEDIUM: proxy: support use_backend with dynamic names We have a use case where we look up a customer ID in an HTTP header and direct it to the corresponding server. This can easily be done using ACLs and use_backend rules, but the configuration becomes painful to maintain when the number of customers grows to a few tens or even a several hundreds. We realized it would be nice if we could make the use_backend resolve its name at run time instead of config parsing time, and use a similar expression as http-request add-header to decide on the proper backend to use. This permits the use of prefixes or even complex names in backend expressions. If no name matches, then the default backend is used. Doing so allowed us to get rid of all the use_backend rules. Since there are some config checks on the use_backend rules to see if the referenced backend exists, we want to keep them to detect config errors in normal config. So this patch does not modify the default behaviour and proceeds this way : - if the backend name in the use_backend directive parses as a log format rule, it's used as-is and is resolved at run time ; - otherwise it's a static name which must be valid at config time. There was the possibility of doing this with the use-server directive instead of use_backend, but it seems like use_backend is more suited to this task, as it can be used for other purposes. For example, it becomes easy to serve a customer-specific proxy.pac file based on the customer ID by abusing the errorfile primitive : use_backend bk_cust_%[hdr(X-Cust-Id)] if { hdr(X-Cust-Id) -m found } default_backend bk_err_404 backend bk_cust_1 errorfile 200 /etc/haproxy/static/proxy.pac.cust1 Signed-off-by: Bertrand Jacquin <bjacquin@exosec.fr>
2013-11-19 05:43:06 -05:00
struct logformat_node *node;
char *pxname;
/* Try to parse the string as a log format expression. If the result
* of the parsing is only one entry containing a simple string, then
* it's a standard string corresponding to a static rule, thus the
* parsing is cancelled and be.name is restored to be resolved.
*/
pxname = rule->be.name;
LIST_INIT(&rule->be.expr);
MINOR: http/conf: store the use_backend configuration file and line for logs The error log of the directive use_backend doesn't provide the file and line containing the declaration. This patch stores theses informations.
2016-11-24 17:57:54 -05:00
curproxy->conf.args.ctx = ARGC_UBK;
curproxy->conf.args.file = rule->file;
curproxy->conf.args.line = rule->line;
MEDIUM: log-format: Use standard HAProxy log system to report errors The function log format emit its own error message using Alert(). This patch replaces this behavior and uses the standard HAProxy error system (with memprintf). The benefits are: - cleaning the log system - the logformat can ignore the caller (actually the caller must set a flag designing the caller function). - Make the usage of the logformat function easy for future components.
2016-11-22 18:41:28 -05:00
err = NULL;
if (!parse_logformat_string(pxname, curproxy, &rule->be.expr, 0, SMP_VAL_FE_HRQ_HDR, &err)) {
Alert("Parsing [%s:%d]: failed to parse use_backend rule '%s' : %s.\n",
rule->file, rule->line, pxname, err);
free(err);
MEDIUM: log-format/conf: take into account the parse_logformat_string() return code This patch takes into account the return code of the parse_logformat_string() function. Now the configuration parser will fail if the log_format is not strict.
2016-11-22 17:50:02 -05:00
cfgerr++;
continue;
}
MEDIUM: proxy: support use_backend with dynamic names We have a use case where we look up a customer ID in an HTTP header and direct it to the corresponding server. This can easily be done using ACLs and use_backend rules, but the configuration becomes painful to maintain when the number of customers grows to a few tens or even a several hundreds. We realized it would be nice if we could make the use_backend resolve its name at run time instead of config parsing time, and use a similar expression as http-request add-header to decide on the proper backend to use. This permits the use of prefixes or even complex names in backend expressions. If no name matches, then the default backend is used. Doing so allowed us to get rid of all the use_backend rules. Since there are some config checks on the use_backend rules to see if the referenced backend exists, we want to keep them to detect config errors in normal config. So this patch does not modify the default behaviour and proceeds this way : - if the backend name in the use_backend directive parses as a log format rule, it's used as-is and is resolved at run time ; - otherwise it's a static name which must be valid at config time. There was the possibility of doing this with the use-server directive instead of use_backend, but it seems like use_backend is more suited to this task, as it can be used for other purposes. For example, it becomes easy to serve a customer-specific proxy.pac file based on the customer ID by abusing the errorfile primitive : use_backend bk_cust_%[hdr(X-Cust-Id)] if { hdr(X-Cust-Id) -m found } default_backend bk_err_404 backend bk_cust_1 errorfile 200 /etc/haproxy/static/proxy.pac.cust1 Signed-off-by: Bertrand Jacquin <bjacquin@exosec.fr>
2013-11-19 05:43:06 -05:00
node = LIST_NEXT(&rule->be.expr, struct logformat_node *, list);
if (!LIST_ISEMPTY(&rule->be.expr)) {
if (node->type != LOG_FMT_TEXT || node->list.n != &rule->be.expr) {
rule->dynamic = 1;
free(pxname);
continue;
}
/* simple string: free the expression and fall back to static rule */
free(node->arg);
free(node);
}
rule->dynamic = 0;
rule->be.name = pxname;
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
MEDIUM: config: clarify the conflicting modes detection for backend rules We don't use findproxy_mode() anymore so we can check the conflicting modes and report the anomalies accordingly with line numbers and more explicit details.
2015-05-26 06:04:09 -04:00
target = proxy_be_by_name(rule->be.name);
[MEDIUM] Implement and use generic findproxy and relax duplicated proxy check This patch: - adds proxy_mode_str() similar to proxy_type_str() - adds a generic findproxy function used with default_backend/setbe/use_backed - rewrite default_backend/senbe/use_backed to use introduced findproxy() - relaxes duplicated proxy check - changes capabilities displaying from "%X" to "%s" with a call to proxy_type_str()
2007-11-03 18:41:58 -04:00
if (!target) {
Alert("Proxy '%s': unable to find required use_backend: '%s'.\n",
curproxy->id, rule->be.name);
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
cfgerr++;
} else if (target == curproxy) {
[MEDIUM] Implement and use generic findproxy and relax duplicated proxy check This patch: - adds proxy_mode_str() similar to proxy_type_str() - adds a generic findproxy function used with default_backend/setbe/use_backed - rewrite default_backend/senbe/use_backed to use introduced findproxy() - relaxes duplicated proxy check - changes capabilities displaying from "%X" to "%s" with a call to proxy_type_str()
2007-11-03 18:41:58 -04:00
Alert("Proxy '%s': loop detected for use_backend: '%s'.\n",
curproxy->id, rule->be.name);
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
cfgerr++;
MEDIUM: config: clarify the conflicting modes detection for backend rules We don't use findproxy_mode() anymore so we can check the conflicting modes and report the anomalies accordingly with line numbers and more explicit details.
2015-05-26 06:04:09 -04:00
} else if (target->mode != curproxy->mode &&
!(curproxy->mode == PR_MODE_TCP && target->mode == PR_MODE_HTTP)) {
Alert("%s %s '%s' (%s:%d) tries to use incompatible %s %s '%s' (%s:%d) in a 'use_backend' rule (see 'mode').\n",
proxy_mode_str(curproxy->mode), proxy_type_str(curproxy), curproxy->id,
curproxy->conf.file, curproxy->conf.line,
proxy_mode_str(target->mode), proxy_type_str(target), target->id,
target->conf.file, target->conf.line);
cfgerr++;
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
} else {
free((void *)rule->be.name);
rule->be.backend = target;
OPTIM/MINOR: config: Optimize fullconn automatic computation loading configuration The previous version used an O(number of proxies)^2 algo to get the sum of the number of maxconns of frontends which reference a backend at least once. This new version adds the frontend's maxconn number to the backend's struct proxy member 'tot_fe_maxconn' when the backend name is resolved for switching rules or default_backend statment. At the end, the final backend's fullconn is computed looping only one time for all on proxies O(n). The load of a configuration using a large amount of backends (10 thousands) without configured fullconn was reduced from several minutes to few seconds.
2017-01-12 05:21:28 -05:00
/* For each target of switching rules, we update
* their tot_fe_maxconn, except if a previous rule point
* on the same backend or on the default backend */
if (rule->be.backend != curproxy->defbe.be) {
struct switching_rule *swrule;
list_for_each_entry(swrule, &curproxy->switching_rules, list) {
if (rule == swrule) {
target->tot_fe_maxconn += curproxy->maxconn;
break;
}
else if (!swrule->dynamic && swrule->be.backend == rule->be.backend) {
/* there is multiple ref of this backend */
break;
}
}
}
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
}
}
MEDIUM: config: properly propagate process binding between proxies We now recursively propagate the bind-process values between frontends and backends instead of doing it during name resolving. This ensures that we're able to properly propagate all the bind-process directives even across "listen" instances, which are not perfectly covered at the moment, depending on the declaration order.
2014-09-16 06:17:36 -04:00
/* find the target server for 'use_server' rules */
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
list_for_each_entry(srule, &curproxy->server_rules, list) {
struct server *target = findserver(curproxy, srule->srv.name);
if (!target) {
Alert("config : %s '%s' : unable to find server '%s' referenced in a 'use-server' rule.\n",
proxy_type_str(curproxy), curproxy->id, srule->srv.name);
cfgerr++;
continue;
}
free((void *)srule->srv.name);
srule->srv.ptr = target;
}
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
/* find the target table for 'stick' rules */
list_for_each_entry(mrule, &curproxy->sticking_rules, list) {
struct proxy *target;
[MEDIUM] Add stick and store rules analysers.
2010-01-04 09:47:17 -05:00
curproxy->be_req_ana |= AN_REQ_STICKING_RULES;
if (mrule->flags & STK_IS_STORE)
curproxy->be_rsp_ana |= AN_RES_STORE_RULES;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
if (mrule->table.name)
CLEANUP: proxy: make the proxy lookup functions more user-friendly First, findproxy() was renamed proxy_find_by_name() so that its explicit that a name is required for the lookup. Second, we give this function the ability to search for tables if needed. Third we now provide inline wrappers to pass the appropriate PR_CAP_* flags and to explicitly look up a frontend, backend or table.
2015-05-26 05:24:42 -04:00
target = proxy_tbl_by_name(mrule->table.name);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
else
target = curproxy;
if (!target) {
Alert("Proxy '%s': unable to find stick-table '%s'.\n",
curproxy->id, mrule->table.name);
cfgerr++;
}
else if (target->table.size == 0) {
Alert("Proxy '%s': stick-table '%s' used but not configured.\n",
curproxy->id, mrule->table.name ? mrule->table.name : curproxy->id);
cfgerr++;
}
REORG: use the name "sample" instead of "pattern" to designate extracted data This is mainly a massive renaming in the code to get it in line with the calling convention. Next patch will rename a few files to complete this operation.
2012-04-27 15:37:17 -04:00
else if (!stktable_compatible_sample(mrule->expr, target->table.type)) {
Alert("Proxy '%s': type of fetch not usable with type of stick-table '%s'.\n",
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
curproxy->id, mrule->table.name ? mrule->table.name : curproxy->id);
cfgerr++;
}
else {
free((void *)mrule->table.name);
mrule->table.t = &(target->table);
[MEDIUM] stick-tables: add support for arguments to data_types Some data types will require arguments (eg: period for a rate counter). This patch adds support for such arguments between parenthesis in the "store" directive of the stick-table statement. Right now only integers are supported.
2010-06-20 03:11:39 -04:00
stktable_alloc_data_type(&target->table, STKTABLE_DT_SERVER_ID, NULL);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
}
}
/* find the target table for 'store response' rules */
list_for_each_entry(mrule, &curproxy->storersp_rules, list) {
struct proxy *target;
[MEDIUM] Add stick and store rules analysers.
2010-01-04 09:47:17 -05:00
curproxy->be_rsp_ana |= AN_RES_STORE_RULES;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
if (mrule->table.name)
CLEANUP: proxy: make the proxy lookup functions more user-friendly First, findproxy() was renamed proxy_find_by_name() so that its explicit that a name is required for the lookup. Second, we give this function the ability to search for tables if needed. Third we now provide inline wrappers to pass the appropriate PR_CAP_* flags and to explicitly look up a frontend, backend or table.
2015-05-26 05:24:42 -04:00
target = proxy_tbl_by_name(mrule->table.name);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
else
target = curproxy;
if (!target) {
Alert("Proxy '%s': unable to find store table '%s'.\n",
curproxy->id, mrule->table.name);
cfgerr++;
}
else if (target->table.size == 0) {
Alert("Proxy '%s': stick-table '%s' used but not configured.\n",
curproxy->id, mrule->table.name ? mrule->table.name : curproxy->id);
cfgerr++;
}
REORG: use the name "sample" instead of "pattern" to designate extracted data This is mainly a massive renaming in the code to get it in line with the calling convention. Next patch will rename a few files to complete this operation.
2012-04-27 15:37:17 -04:00
else if (!stktable_compatible_sample(mrule->expr, target->table.type)) {
Alert("Proxy '%s': type of fetch not usable with type of stick-table '%s'.\n",
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
curproxy->id, mrule->table.name ? mrule->table.name : curproxy->id);
cfgerr++;
}
else {
free((void *)mrule->table.name);
mrule->table.t = &(target->table);
[MEDIUM] stick-tables: add support for arguments to data_types Some data types will require arguments (eg: period for a rate counter). This patch adds support for such arguments between parenthesis in the "store" directive of the stick-table statement. Right now only integers are supported.
2010-06-20 03:11:39 -04:00
stktable_alloc_data_type(&target->table, STKTABLE_DT_SERVER_ID, NULL);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
}
}
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 15:04:55 -04:00
/* find the target table for 'tcp-request' layer 4 rules */
list_for_each_entry(trule, &curproxy->tcp_req.l4_rules, list) {
struct proxy *target;
MINOR: actions: change actions names For performances considerations, some actions are not processed by remote function. They are directly processed by the function. Some of these actions does the same things but for different processing part (request / response). This patch give the same name for the same actions, and change the normalization of the other actions names. This patch is ONLY a rename, it doesn't modify the code.
2015-08-05 13:05:19 -04:00
if (trule->action < ACT_ACTION_TRK_SC0 || trule->action > ACT_ACTION_TRK_SCMAX)
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 15:04:55 -04:00
continue;
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
if (trule->arg.trk_ctr.table.n)
target = proxy_tbl_by_name(trule->arg.trk_ctr.table.n);
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 15:04:55 -04:00
else
target = curproxy;
[MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules Doing so allows us to track counters from backends or depending on contents. For instance, it now becomes possible to decide to track a connection based on a Host header if enough time is granted to parse the HTTP request. It is also possible to just track frontend counters in the frontend and unconditionally track backend counters in the backend without having to write complex rules. The first track-fe-counters rule executed is used to track counters for the frontend, and the first track-be-counters rule executed is used to track counters for the backend. Nothing prevents a frontend from setting a track-be rule nor a backend from setting a track-fe rule. In fact these rules are arbitrarily split between FE and BE with no dependencies.
2010-08-03 13:34:32 -04:00
if (!target) {
[MINOR] session-counters: use "track-sc{1,2}" instead of "track-{fe,be}-counters" The assumption that there was a 1:1 relation between tracked counters and the frontend/backend role was wrong. It is perfectly possible to track the track-fe-counters from the backend and the track-be-counters from the frontend. Thus, in order to reduce confusion, let's remove this useless {fe,be} reference and simply use {1,2} instead. The keywords have also been renamed in order to limit confusion. The ACL rule action now becomes "track-sc{1,2}". The ACLs are now "sc{1,2}_*" instead of "trk{fe,be}_*". That means that we can reasonably document "sc1" and "sc2" (sticky counters 1 and 2) as sort of patterns that are available during the whole session's life and use them just like any other pattern.
2010-08-06 13:06:56 -04:00
Alert("Proxy '%s': unable to find table '%s' referenced by track-sc%d.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, trule->arg.trk_ctr.table.n,
BUG/MINOR: config: report the correct track-sc number in tcp-rules When parsing track-sc* actions in tcp-request rules, we now automatically compute the track-sc identifier number using %d when displaying an error message. But the ID has become wrong since we introduced sc0, we continue to report id+1 in error messages causing some confusion. No backport is needed.
2013-12-02 17:29:05 -05:00
tcp_trk_idx(trule->action));
[MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules Doing so allows us to track counters from backends or depending on contents. For instance, it now becomes possible to decide to track a connection based on a Host header if enough time is granted to parse the HTTP request. It is also possible to just track frontend counters in the frontend and unconditionally track backend counters in the backend without having to write complex rules. The first track-fe-counters rule executed is used to track counters for the frontend, and the first track-be-counters rule executed is used to track counters for the backend. Nothing prevents a frontend from setting a track-be rule nor a backend from setting a track-fe rule. In fact these rules are arbitrarily split between FE and BE with no dependencies.
2010-08-03 13:34:32 -04:00
cfgerr++;
}
else if (target->table.size == 0) {
Alert("Proxy '%s': table '%s' used but not configured.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, trule->arg.trk_ctr.table.n ? trule->arg.trk_ctr.table.n : curproxy->id);
[MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules Doing so allows us to track counters from backends or depending on contents. For instance, it now becomes possible to decide to track a connection based on a Host header if enough time is granted to parse the HTTP request. It is also possible to just track frontend counters in the frontend and unconditionally track backend counters in the backend without having to write complex rules. The first track-fe-counters rule executed is used to track counters for the frontend, and the first track-be-counters rule executed is used to track counters for the backend. Nothing prevents a frontend from setting a track-be rule nor a backend from setting a track-fe rule. In fact these rules are arbitrarily split between FE and BE with no dependencies.
2010-08-03 13:34:32 -04:00
cfgerr++;
}
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
else if (!stktable_compatible_sample(trule->arg.trk_ctr.expr, target->table.type)) {
MINOR: config: improve error checking on TCP stick-table tracking Commit 5d5b5d added support for multiple types to track-sc* but forgot to check that the types are compatible with the stick-tables.
2012-12-11 18:25:44 -05:00
Alert("Proxy '%s': stick-table '%s' uses a type incompatible with the 'track-sc%d' rule.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, trule->arg.trk_ctr.table.n ? trule->arg.trk_ctr.table.n : curproxy->id,
BUG/MINOR: config: report the correct track-sc number in tcp-rules When parsing track-sc* actions in tcp-request rules, we now automatically compute the track-sc identifier number using %d when displaying an error message. But the ID has become wrong since we introduced sc0, we continue to report id+1 in error messages causing some confusion. No backport is needed.
2013-12-02 17:29:05 -05:00
tcp_trk_idx(trule->action));
MINOR: config: improve error checking on TCP stick-table tracking Commit 5d5b5d added support for multiple types to track-sc* but forgot to check that the types are compatible with the stick-tables.
2012-12-11 18:25:44 -05:00
cfgerr++;
}
[MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules Doing so allows us to track counters from backends or depending on contents. For instance, it now becomes possible to decide to track a connection based on a Host header if enough time is granted to parse the HTTP request. It is also possible to just track frontend counters in the frontend and unconditionally track backend counters in the backend without having to write complex rules. The first track-fe-counters rule executed is used to track counters for the frontend, and the first track-be-counters rule executed is used to track counters for the backend. Nothing prevents a frontend from setting a track-be rule nor a backend from setting a track-fe rule. In fact these rules are arbitrarily split between FE and BE with no dependencies.
2010-08-03 13:34:32 -04:00
else {
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
free(trule->arg.trk_ctr.table.n);
trule->arg.trk_ctr.table.t = &target->table;
[MINOR] session-counters: use "track-sc{1,2}" instead of "track-{fe,be}-counters" The assumption that there was a 1:1 relation between tracked counters and the frontend/backend role was wrong. It is perfectly possible to track the track-fe-counters from the backend and the track-be-counters from the frontend. Thus, in order to reduce confusion, let's remove this useless {fe,be} reference and simply use {1,2} instead. The keywords have also been renamed in order to limit confusion. The ACL rule action now becomes "track-sc{1,2}". The ACLs are now "sc{1,2}_*" instead of "trk{fe,be}_*". That means that we can reasonably document "sc1" and "sc2" (sticky counters 1 and 2) as sort of patterns that are available during the whole session's life and use them just like any other pattern.
2010-08-06 13:06:56 -04:00
/* Note: if we decide to enhance the track-sc syntax, we may be able
[MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules Doing so allows us to track counters from backends or depending on contents. For instance, it now becomes possible to decide to track a connection based on a Host header if enough time is granted to parse the HTTP request. It is also possible to just track frontend counters in the frontend and unconditionally track backend counters in the backend without having to write complex rules. The first track-fe-counters rule executed is used to track counters for the frontend, and the first track-be-counters rule executed is used to track counters for the backend. Nothing prevents a frontend from setting a track-be rule nor a backend from setting a track-fe rule. In fact these rules are arbitrarily split between FE and BE with no dependencies.
2010-08-03 13:34:32 -04:00
* to pass a list of counters to track and allocate them right here using
* stktable_alloc_data_type().
*/
}
}
MEDIUM: tcp: add registration and processing of TCP L5 rules This commit introduces "tcp-request session" rules. These are very much like "tcp-request connection" rules except that they're processed after the handshake, so it is possible to consider SSL information and addresses rewritten by the proxy protocol header in actions. This is particularly useful to track proxied sources as this was not possible before, given that tcp-request content rules are processed after each HTTP request. Similarly it is possible to assign the proxied source address or the client's cert to a variable.
2016-10-21 10:37:51 -04:00
/* find the target table for 'tcp-request' layer 5 rules */
list_for_each_entry(trule, &curproxy->tcp_req.l5_rules, list) {
struct proxy *target;
if (trule->action < ACT_ACTION_TRK_SC0 || trule->action > ACT_ACTION_TRK_SCMAX)
continue;
if (trule->arg.trk_ctr.table.n)
target = proxy_tbl_by_name(trule->arg.trk_ctr.table.n);
else
target = curproxy;
if (!target) {
Alert("Proxy '%s': unable to find table '%s' referenced by track-sc%d.\n",
curproxy->id, trule->arg.trk_ctr.table.n,
tcp_trk_idx(trule->action));
cfgerr++;
}
else if (target->table.size == 0) {
Alert("Proxy '%s': table '%s' used but not configured.\n",
curproxy->id, trule->arg.trk_ctr.table.n ? trule->arg.trk_ctr.table.n : curproxy->id);
cfgerr++;
}
else if (!stktable_compatible_sample(trule->arg.trk_ctr.expr, target->table.type)) {
Alert("Proxy '%s': stick-table '%s' uses a type incompatible with the 'track-sc%d' rule.\n",
curproxy->id, trule->arg.trk_ctr.table.n ? trule->arg.trk_ctr.table.n : curproxy->id,
tcp_trk_idx(trule->action));
cfgerr++;
}
else {
free(trule->arg.trk_ctr.table.n);
trule->arg.trk_ctr.table.t = &target->table;
/* Note: if we decide to enhance the track-sc syntax, we may be able
* to pass a list of counters to track and allocate them right here using
* stktable_alloc_data_type().
*/
}
}
[MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules Doing so allows us to track counters from backends or depending on contents. For instance, it now becomes possible to decide to track a connection based on a Host header if enough time is granted to parse the HTTP request. It is also possible to just track frontend counters in the frontend and unconditionally track backend counters in the backend without having to write complex rules. The first track-fe-counters rule executed is used to track counters for the frontend, and the first track-be-counters rule executed is used to track counters for the backend. Nothing prevents a frontend from setting a track-be rule nor a backend from setting a track-fe rule. In fact these rules are arbitrarily split between FE and BE with no dependencies.
2010-08-03 13:34:32 -04:00
/* find the target table for 'tcp-request' layer 6 rules */
list_for_each_entry(trule, &curproxy->tcp_req.inspect_rules, list) {
struct proxy *target;
MINOR: actions: change actions names For performances considerations, some actions are not processed by remote function. They are directly processed by the function. Some of these actions does the same things but for different processing part (request / response). This patch give the same name for the same actions, and change the normalization of the other actions names. This patch is ONLY a rename, it doesn't modify the code.
2015-08-05 13:05:19 -04:00
if (trule->action < ACT_ACTION_TRK_SC0 || trule->action > ACT_ACTION_TRK_SCMAX)
[MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules Doing so allows us to track counters from backends or depending on contents. For instance, it now becomes possible to decide to track a connection based on a Host header if enough time is granted to parse the HTTP request. It is also possible to just track frontend counters in the frontend and unconditionally track backend counters in the backend without having to write complex rules. The first track-fe-counters rule executed is used to track counters for the frontend, and the first track-be-counters rule executed is used to track counters for the backend. Nothing prevents a frontend from setting a track-be rule nor a backend from setting a track-fe rule. In fact these rules are arbitrarily split between FE and BE with no dependencies.
2010-08-03 13:34:32 -04:00
continue;
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
if (trule->arg.trk_ctr.table.n)
target = proxy_tbl_by_name(trule->arg.trk_ctr.table.n);
[MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules Doing so allows us to track counters from backends or depending on contents. For instance, it now becomes possible to decide to track a connection based on a Host header if enough time is granted to parse the HTTP request. It is also possible to just track frontend counters in the frontend and unconditionally track backend counters in the backend without having to write complex rules. The first track-fe-counters rule executed is used to track counters for the frontend, and the first track-be-counters rule executed is used to track counters for the backend. Nothing prevents a frontend from setting a track-be rule nor a backend from setting a track-fe rule. In fact these rules are arbitrarily split between FE and BE with no dependencies.
2010-08-03 13:34:32 -04:00
else
target = curproxy;
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 15:04:55 -04:00
if (!target) {
[MINOR] session-counters: use "track-sc{1,2}" instead of "track-{fe,be}-counters" The assumption that there was a 1:1 relation between tracked counters and the frontend/backend role was wrong. It is perfectly possible to track the track-fe-counters from the backend and the track-be-counters from the frontend. Thus, in order to reduce confusion, let's remove this useless {fe,be} reference and simply use {1,2} instead. The keywords have also been renamed in order to limit confusion. The ACL rule action now becomes "track-sc{1,2}". The ACLs are now "sc{1,2}_*" instead of "trk{fe,be}_*". That means that we can reasonably document "sc1" and "sc2" (sticky counters 1 and 2) as sort of patterns that are available during the whole session's life and use them just like any other pattern.
2010-08-06 13:06:56 -04:00
Alert("Proxy '%s': unable to find table '%s' referenced by track-sc%d.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, trule->arg.trk_ctr.table.n,
BUG/MINOR: config: report the correct track-sc number in tcp-rules When parsing track-sc* actions in tcp-request rules, we now automatically compute the track-sc identifier number using %d when displaying an error message. But the ID has become wrong since we introduced sc0, we continue to report id+1 in error messages causing some confusion. No backport is needed.
2013-12-02 17:29:05 -05:00
tcp_trk_idx(trule->action));
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 15:04:55 -04:00
cfgerr++;
}
else if (target->table.size == 0) {
Alert("Proxy '%s': table '%s' used but not configured.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, trule->arg.trk_ctr.table.n ? trule->arg.trk_ctr.table.n : curproxy->id);
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 15:04:55 -04:00
cfgerr++;
}
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
else if (!stktable_compatible_sample(trule->arg.trk_ctr.expr, target->table.type)) {
MINOR: config: improve error checking on TCP stick-table tracking Commit 5d5b5d added support for multiple types to track-sc* but forgot to check that the types are compatible with the stick-tables.
2012-12-11 18:25:44 -05:00
Alert("Proxy '%s': stick-table '%s' uses a type incompatible with the 'track-sc%d' rule.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, trule->arg.trk_ctr.table.n ? trule->arg.trk_ctr.table.n : curproxy->id,
BUG/MINOR: config: report the correct track-sc number in tcp-rules When parsing track-sc* actions in tcp-request rules, we now automatically compute the track-sc identifier number using %d when displaying an error message. But the ID has become wrong since we introduced sc0, we continue to report id+1 in error messages causing some confusion. No backport is needed.
2013-12-02 17:29:05 -05:00
tcp_trk_idx(trule->action));
MINOR: config: improve error checking on TCP stick-table tracking Commit 5d5b5d added support for multiple types to track-sc* but forgot to check that the types are compatible with the stick-tables.
2012-12-11 18:25:44 -05:00
cfgerr++;
}
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 15:04:55 -04:00
else {
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
free(trule->arg.trk_ctr.table.n);
trule->arg.trk_ctr.table.t = &target->table;
[MINOR] session-counters: use "track-sc{1,2}" instead of "track-{fe,be}-counters" The assumption that there was a 1:1 relation between tracked counters and the frontend/backend role was wrong. It is perfectly possible to track the track-fe-counters from the backend and the track-be-counters from the frontend. Thus, in order to reduce confusion, let's remove this useless {fe,be} reference and simply use {1,2} instead. The keywords have also been renamed in order to limit confusion. The ACL rule action now becomes "track-sc{1,2}". The ACLs are now "sc{1,2}_*" instead of "trk{fe,be}_*". That means that we can reasonably document "sc1" and "sc2" (sticky counters 1 and 2) as sort of patterns that are available during the whole session's life and use them just like any other pattern.
2010-08-06 13:06:56 -04:00
/* Note: if we decide to enhance the track-sc syntax, we may be able
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 15:04:55 -04:00
* to pass a list of counters to track and allocate them right here using
* stktable_alloc_data_type().
*/
}
}
BUG/MINOR: http rule: http capture 'id' rule points to a non existing id It is possible to create a http capture rule which points to a capture slot id which does not exist. Current patch prevent this when parsing configuration and prevent running configuration which contains such rules. This configuration is now invalid: frontend f bind :8080 http-request capture req.hdr(User-Agent) id 0 default_backend b this one as well: frontend f bind :8080 declare capture request len 32 # implicit id is 0 here http-request capture req.hdr(User-Agent) id 1 default_backend b It applies of course to both http-request and http-response rules.
2015-11-03 17:31:35 -05:00
/* parse http-request capture rules to ensure id really exists */
list_for_each_entry(hrqrule, &curproxy->http_req_rules, list) {
if (hrqrule->action != ACT_CUSTOM ||
hrqrule->action_ptr != http_action_req_capture_by_id)
continue;
if (hrqrule->arg.capid.idx >= curproxy->nb_req_cap) {
Alert("Proxy '%s': unable to find capture id '%d' referenced by http-request capture rule.\n",
curproxy->id, hrqrule->arg.capid.idx);
cfgerr++;
}
}
/* parse http-response capture rules to ensure id really exists */
list_for_each_entry(hrqrule, &curproxy->http_res_rules, list) {
if (hrqrule->action != ACT_CUSTOM ||
hrqrule->action_ptr != http_action_res_capture_by_id)
continue;
if (hrqrule->arg.capid.idx >= curproxy->nb_rsp_cap) {
Alert("Proxy '%s': unable to find capture id '%d' referenced by http-response capture rule.\n",
curproxy->id, hrqrule->arg.capid.idx);
cfgerr++;
}
}
MEDIUM: http: add the track-sc* actions to http-request rules Add support for http-request track-sc, similar to what is done in tcp-request for backends. A new act_prm field was added to HTTP request rules to store the track params (table, counter). Just like for TCP rules, the table is resolved while checking for config validity. The code was mostly copied from the TCP code with the exception that here we also count the HTTP request count and rate by hand. Probably that something could be factored out in the future. It seems like tracking flags should be improved to mark each hook which tracks a key so that we can have some check points where to increase counters of the past if not done yet, a bit like is done for TRACK_BACKEND.
2014-06-25 12:12:15 -04:00
/* find the target table for 'http-request' layer 7 rules */
list_for_each_entry(hrqrule, &curproxy->http_req_rules, list) {
struct proxy *target;
MINOR: actions: change actions names For performances considerations, some actions are not processed by remote function. They are directly processed by the function. Some of these actions does the same things but for different processing part (request / response). This patch give the same name for the same actions, and change the normalization of the other actions names. This patch is ONLY a rename, it doesn't modify the code.
2015-08-05 13:05:19 -04:00
if (hrqrule->action < ACT_ACTION_TRK_SC0 || hrqrule->action > ACT_ACTION_TRK_SCMAX)
MEDIUM: http: add the track-sc* actions to http-request rules Add support for http-request track-sc, similar to what is done in tcp-request for backends. A new act_prm field was added to HTTP request rules to store the track params (table, counter). Just like for TCP rules, the table is resolved while checking for config validity. The code was mostly copied from the TCP code with the exception that here we also count the HTTP request count and rate by hand. Probably that something could be factored out in the future. It seems like tracking flags should be improved to mark each hook which tracks a key so that we can have some check points where to increase counters of the past if not done yet, a bit like is done for TRACK_BACKEND.
2014-06-25 12:12:15 -04:00
continue;
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
if (hrqrule->arg.trk_ctr.table.n)
target = proxy_tbl_by_name(hrqrule->arg.trk_ctr.table.n);
MEDIUM: http: add the track-sc* actions to http-request rules Add support for http-request track-sc, similar to what is done in tcp-request for backends. A new act_prm field was added to HTTP request rules to store the track params (table, counter). Just like for TCP rules, the table is resolved while checking for config validity. The code was mostly copied from the TCP code with the exception that here we also count the HTTP request count and rate by hand. Probably that something could be factored out in the future. It seems like tracking flags should be improved to mark each hook which tracks a key so that we can have some check points where to increase counters of the past if not done yet, a bit like is done for TRACK_BACKEND.
2014-06-25 12:12:15 -04:00
else
target = curproxy;
if (!target) {
Alert("Proxy '%s': unable to find table '%s' referenced by track-sc%d.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, hrqrule->arg.trk_ctr.table.n,
MEDIUM: http: implement http-response track-sc* directive This enables tracking of sticky counters from current response. The only difference from "http-request track-sc" is the <key> sample expression can only make use of samples in response (eg. res.*, status etc.) and samples below Layer 6.
2016-07-14 03:07:45 -04:00
http_trk_idx(hrqrule->action));
MEDIUM: http: add the track-sc* actions to http-request rules Add support for http-request track-sc, similar to what is done in tcp-request for backends. A new act_prm field was added to HTTP request rules to store the track params (table, counter). Just like for TCP rules, the table is resolved while checking for config validity. The code was mostly copied from the TCP code with the exception that here we also count the HTTP request count and rate by hand. Probably that something could be factored out in the future. It seems like tracking flags should be improved to mark each hook which tracks a key so that we can have some check points where to increase counters of the past if not done yet, a bit like is done for TRACK_BACKEND.
2014-06-25 12:12:15 -04:00
cfgerr++;
}
else if (target->table.size == 0) {
Alert("Proxy '%s': table '%s' used but not configured.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, hrqrule->arg.trk_ctr.table.n ? hrqrule->arg.trk_ctr.table.n : curproxy->id);
MEDIUM: http: add the track-sc* actions to http-request rules Add support for http-request track-sc, similar to what is done in tcp-request for backends. A new act_prm field was added to HTTP request rules to store the track params (table, counter). Just like for TCP rules, the table is resolved while checking for config validity. The code was mostly copied from the TCP code with the exception that here we also count the HTTP request count and rate by hand. Probably that something could be factored out in the future. It seems like tracking flags should be improved to mark each hook which tracks a key so that we can have some check points where to increase counters of the past if not done yet, a bit like is done for TRACK_BACKEND.
2014-06-25 12:12:15 -04:00
cfgerr++;
}
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
else if (!stktable_compatible_sample(hrqrule->arg.trk_ctr.expr, target->table.type)) {
MEDIUM: http: add the track-sc* actions to http-request rules Add support for http-request track-sc, similar to what is done in tcp-request for backends. A new act_prm field was added to HTTP request rules to store the track params (table, counter). Just like for TCP rules, the table is resolved while checking for config validity. The code was mostly copied from the TCP code with the exception that here we also count the HTTP request count and rate by hand. Probably that something could be factored out in the future. It seems like tracking flags should be improved to mark each hook which tracks a key so that we can have some check points where to increase counters of the past if not done yet, a bit like is done for TRACK_BACKEND.
2014-06-25 12:12:15 -04:00
Alert("Proxy '%s': stick-table '%s' uses a type incompatible with the 'track-sc%d' rule.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, hrqrule->arg.trk_ctr.table.n ? hrqrule->arg.trk_ctr.table.n : curproxy->id,
MEDIUM: http: implement http-response track-sc* directive This enables tracking of sticky counters from current response. The only difference from "http-request track-sc" is the <key> sample expression can only make use of samples in response (eg. res.*, status etc.) and samples below Layer 6.
2016-07-14 03:07:45 -04:00
http_trk_idx(hrqrule->action));
cfgerr++;
}
else {
free(hrqrule->arg.trk_ctr.table.n);
hrqrule->arg.trk_ctr.table.t = &target->table;
/* Note: if we decide to enhance the track-sc syntax, we may be able
* to pass a list of counters to track and allocate them right here using
* stktable_alloc_data_type().
*/
}
}
/* find the target table for 'http-response' layer 7 rules */
list_for_each_entry(hrqrule, &curproxy->http_res_rules, list) {
struct proxy *target;
if (hrqrule->action < ACT_ACTION_TRK_SC0 || hrqrule->action > ACT_ACTION_TRK_SCMAX)
continue;
if (hrqrule->arg.trk_ctr.table.n)
target = proxy_tbl_by_name(hrqrule->arg.trk_ctr.table.n);
else
target = curproxy;
if (!target) {
Alert("Proxy '%s': unable to find table '%s' referenced by track-sc%d.\n",
curproxy->id, hrqrule->arg.trk_ctr.table.n,
http_trk_idx(hrqrule->action));
cfgerr++;
}
else if (target->table.size == 0) {
Alert("Proxy '%s': table '%s' used but not configured.\n",
curproxy->id, hrqrule->arg.trk_ctr.table.n ? hrqrule->arg.trk_ctr.table.n : curproxy->id);
cfgerr++;
}
else if (!stktable_compatible_sample(hrqrule->arg.trk_ctr.expr, target->table.type)) {
Alert("Proxy '%s': stick-table '%s' uses a type incompatible with the 'track-sc%d' rule.\n",
curproxy->id, hrqrule->arg.trk_ctr.table.n ? hrqrule->arg.trk_ctr.table.n : curproxy->id,
http_trk_idx(hrqrule->action));
MEDIUM: http: add the track-sc* actions to http-request rules Add support for http-request track-sc, similar to what is done in tcp-request for backends. A new act_prm field was added to HTTP request rules to store the track params (table, counter). Just like for TCP rules, the table is resolved while checking for config validity. The code was mostly copied from the TCP code with the exception that here we also count the HTTP request count and rate by hand. Probably that something could be factored out in the future. It seems like tracking flags should be improved to mark each hook which tracks a key so that we can have some check points where to increase counters of the past if not done yet, a bit like is done for TRACK_BACKEND.
2014-06-25 12:12:15 -04:00
cfgerr++;
}
else {
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
free(hrqrule->arg.trk_ctr.table.n);
hrqrule->arg.trk_ctr.table.t = &target->table;
MEDIUM: http: add the track-sc* actions to http-request rules Add support for http-request track-sc, similar to what is done in tcp-request for backends. A new act_prm field was added to HTTP request rules to store the track params (table, counter). Just like for TCP rules, the table is resolved while checking for config validity. The code was mostly copied from the TCP code with the exception that here we also count the HTTP request count and rate by hand. Probably that something could be factored out in the future. It seems like tracking flags should be improved to mark each hook which tracks a key so that we can have some check points where to increase counters of the past if not done yet, a bit like is done for TRACK_BACKEND.
2014-06-25 12:12:15 -04:00
/* Note: if we decide to enhance the track-sc syntax, we may be able
* to pass a list of counters to track and allocate them right here using
* stktable_alloc_data_type().
*/
}
}
MEDIUM: http: emulate "block" rules using "http-request" rules The "block" rules are redundant with http-request rules because they are performed immediately before and do exactly the same thing as "http-request deny". Moreover, this duplication has led to a few minor stats accounting issues fixed lately. Instead of keeping the two rule sets, we now build a list of "block" rules that we compile as "http-request block" and that we later insert at the beginning of the "http-request" rules. The only user-visible change is that in case of a parsing error, the config parser will now report "http-request block rule" instead of "blocking condition".
2014-04-28 16:06:57 -04:00
/* move any "block" rules at the beginning of the http-request rules */
if (!LIST_ISEMPTY(&curproxy->block_rules)) {
/* insert block_rules into http_req_rules at the beginning */
curproxy->block_rules.p->n = curproxy->http_req_rules.n;
curproxy->http_req_rules.n->p = curproxy->block_rules.p;
curproxy->block_rules.n->p = &curproxy->http_req_rules;
curproxy->http_req_rules.n = curproxy->block_rules.n;
LIST_INIT(&curproxy->block_rules);
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
if (curproxy->table.peers.name) {
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
struct peers *curpeers;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
for (curpeers = cfg_peers; curpeers; curpeers = curpeers->next) {
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
if (strcmp(curpeers->id, curproxy->table.peers.name) == 0) {
free((void *)curproxy->table.peers.name);
BUG/MEDIUM: peers: only the last peers section was used by tables Due to a typo in the peers section lookup code, the last declared peers section was used instead of the one matching the requested name. This bug has been there since the very first commit on peers section (1.5-dev2).
2013-01-17 15:34:52 -05:00
curproxy->table.peers.p = curpeers;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
break;
}
}
if (!curpeers) {
Alert("Proxy '%s': unable to find sync peers '%s'.\n",
curproxy->id, curproxy->table.peers.name);
BUG/MINOR: fix a segfault when parsing a config with undeclared peers Baptiste Assmann reported that a config where a non-existing peers section is referenced by a stick-table causes a segfault after displaying the error. This is caused by the freeing of the peers. Setting it to NULL after displaying the error fixes the issue.
2011-10-28 08:16:49 -04:00
free((void *)curproxy->table.peers.name);
curproxy->table.peers.p = NULL;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
cfgerr++;
}
MEDIUM: peers: add the ability to disable a peers section Sometimes it's very hard to disable the use of peers because an empty section is not valid, so it is necessary to comment out all references to the section, and not to forget to restore them in the same state after the operation. Let's add a "disabled" keyword just like for proxies. A ->state member in the peers struct is even present for this purpose but was never used at all. Maybe it would make sense to backport this to 1.5 as it's really cumbersome there.
2015-05-01 14:02:17 -04:00
else if (curpeers->state == PR_STSTOPPED) {
/* silently disable this peers section */
curproxy->table.peers.p = NULL;
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
else if (!curpeers->peers_fe) {
[BUG] peers: don't keep a peers section which has a NULL frontend If a peers section has no peer named as the local peer, we must destroy it, otherwise a NULL peer frontend remains in the lists and a segfault can happen upon a soft restart. We also now report the missing peer name in order to help troubleshooting.
2011-09-07 15:24:49 -04:00
Alert("Proxy '%s': unable to find local peer '%s' in peers section '%s'.\n",
curproxy->id, localpeer, curpeers->id);
BUG/MINOR: fix a segfault when parsing a config with undeclared peers Baptiste Assmann reported that a config where a non-existing peers section is referenced by a stick-table causes a segfault after displaying the error. This is caused by the freeing of the peers. Setting it to NULL after displaying the error fixes the issue.
2011-10-28 08:16:49 -04:00
curproxy->table.peers.p = NULL;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
cfgerr++;
}
}
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
if (curproxy->email_alert.mailers.name) {
struct mailers *curmailers = mailers;
for (curmailers = mailers; curmailers; curmailers = curmailers->next) {
if (strcmp(curmailers->id, curproxy->email_alert.mailers.name) == 0) {
free(curproxy->email_alert.mailers.name);
curproxy->email_alert.mailers.m = curmailers;
curmailers->users++;
break;
}
}
if (!curmailers) {
Alert("Proxy '%s': unable to find mailers '%s'.\n",
curproxy->id, curproxy->email_alert.mailers.name);
free_email_alert(curproxy);
cfgerr++;
}
}
[BUG] uri_auth: do not attemp to convert uri_auth -> http-request more than once Bug reported by Laurent Dolosor.
2010-02-22 14:27:23 -05:00
if (curproxy->uri_auth && !(curproxy->uri_auth->flags & ST_CONVDONE) &&
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
!LIST_ISEMPTY(&curproxy->uri_auth->http_req_rules) &&
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
(curproxy->uri_auth->userlist || curproxy->uri_auth->auth_realm )) {
Alert("%s '%s': stats 'auth'/'realm' and 'http-request' can't be used at the same time.\n",
"proxy", curproxy->id);
cfgerr++;
goto out_uri_auth_compat;
}
[BUG] uri_auth: do not attemp to convert uri_auth -> http-request more than once Bug reported by Laurent Dolosor.
2010-02-22 14:27:23 -05:00
if (curproxy->uri_auth && curproxy->uri_auth->userlist && !(curproxy->uri_auth->flags & ST_CONVDONE)) {
[MEDIUM] add support for anonymous ACLs Anonymous ACLs allow the declaration of rules which rely directly on ACL expressions without passing via the declaration of an ACL. Example : With named ACLs : acl site_dead nbsrv(dynamic) lt 2 acl site_dead nbsrv(static) lt 2 monitor fail if site_dead With anonymous ACLs : monitor fail if { nbsrv(dynamic) lt 2 } || { nbsrv(static) lt 2 }
2010-02-01 07:05:50 -05:00
const char *uri_auth_compat_req[10];
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
struct act_rule *rule;
[MEDIUM] add support for anonymous ACLs Anonymous ACLs allow the declaration of rules which rely directly on ACL expressions without passing via the declaration of an ACL. Example : With named ACLs : acl site_dead nbsrv(dynamic) lt 2 acl site_dead nbsrv(static) lt 2 monitor fail if site_dead With anonymous ACLs : monitor fail if { nbsrv(dynamic) lt 2 } || { nbsrv(static) lt 2 }
2010-02-01 07:05:50 -05:00
int i = 0;
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
[MEDIUM] add support for anonymous ACLs Anonymous ACLs allow the declaration of rules which rely directly on ACL expressions without passing via the declaration of an ACL. Example : With named ACLs : acl site_dead nbsrv(dynamic) lt 2 acl site_dead nbsrv(static) lt 2 monitor fail if site_dead With anonymous ACLs : monitor fail if { nbsrv(dynamic) lt 2 } || { nbsrv(static) lt 2 }
2010-02-01 07:05:50 -05:00
/* build the ACL condition from scratch. We're relying on anonymous ACLs for that */
uri_auth_compat_req[i++] = "auth";
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
if (curproxy->uri_auth->auth_realm) {
[MEDIUM] add support for anonymous ACLs Anonymous ACLs allow the declaration of rules which rely directly on ACL expressions without passing via the declaration of an ACL. Example : With named ACLs : acl site_dead nbsrv(dynamic) lt 2 acl site_dead nbsrv(static) lt 2 monitor fail if site_dead With anonymous ACLs : monitor fail if { nbsrv(dynamic) lt 2 } || { nbsrv(static) lt 2 }
2010-02-01 07:05:50 -05:00
uri_auth_compat_req[i++] = "realm";
uri_auth_compat_req[i++] = curproxy->uri_auth->auth_realm;
}
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
[MEDIUM] add support for anonymous ACLs Anonymous ACLs allow the declaration of rules which rely directly on ACL expressions without passing via the declaration of an ACL. Example : With named ACLs : acl site_dead nbsrv(dynamic) lt 2 acl site_dead nbsrv(static) lt 2 monitor fail if site_dead With anonymous ACLs : monitor fail if { nbsrv(dynamic) lt 2 } || { nbsrv(static) lt 2 }
2010-02-01 07:05:50 -05:00
uri_auth_compat_req[i++] = "unless";
uri_auth_compat_req[i++] = "{";
uri_auth_compat_req[i++] = "http_auth(.internal-stats-userlist)";
uri_auth_compat_req[i++] = "}";
uri_auth_compat_req[i++] = "";
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
rule = parse_http_req_cond(uri_auth_compat_req, "internal-stats-auth-compat", 0, curproxy);
if (!rule) {
[MEDIUM] add support for anonymous ACLs Anonymous ACLs allow the declaration of rules which rely directly on ACL expressions without passing via the declaration of an ACL. Example : With named ACLs : acl site_dead nbsrv(dynamic) lt 2 acl site_dead nbsrv(static) lt 2 monitor fail if site_dead With anonymous ACLs : monitor fail if { nbsrv(dynamic) lt 2 } || { nbsrv(static) lt 2 }
2010-02-01 07:05:50 -05:00
cfgerr++;
break;
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
}
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
LIST_ADDQ(&curproxy->uri_auth->http_req_rules, &rule->list);
[MEDIUM] add support for anonymous ACLs Anonymous ACLs allow the declaration of rules which rely directly on ACL expressions without passing via the declaration of an ACL. Example : With named ACLs : acl site_dead nbsrv(dynamic) lt 2 acl site_dead nbsrv(static) lt 2 monitor fail if site_dead With anonymous ACLs : monitor fail if { nbsrv(dynamic) lt 2 } || { nbsrv(static) lt 2 }
2010-02-01 07:05:50 -05:00
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
if (curproxy->uri_auth->auth_realm) {
free(curproxy->uri_auth->auth_realm);
curproxy->uri_auth->auth_realm = NULL;
}
[BUG] uri_auth: do not attemp to convert uri_auth -> http-request more than once Bug reported by Laurent Dolosor.
2010-02-22 14:27:23 -05:00
curproxy->uri_auth->flags |= ST_CONVDONE;
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
}
out_uri_auth_compat:
BUG/MEDIUM: logs: segfault writing to log from Lua Michael Ezzell reported a bug causing haproxy to segfault during startup when trying to send syslog message from Lua. The function __send_log() can be called with *p that is NULL and/or when the configuration is not fully parsed, as is the case with Lua. This patch fixes this problem by using individual vectors instead of the pre-generated strings log_htp and log_htp_rfc5424. Also, this patch fixes a problem causing haproxy to write the wrong pid in the logs -- the log_htp(_rfc5424) strings were generated at the haproxy start, but "pid" value would be changed after haproxy is started in daemon/systemd mode.
2015-10-01 07:18:13 -04:00
/* check whether we have a log server that uses RFC5424 log format */
MEDIUM: logs: add support for RFC5424 header format per logger The function __send_log() iterates over senders and passes the header as the first vector to sendmsg(), thus it can send a logger-specific header in each message. A new logger arguments "format rfc5424" should be used in order to enable RFC5424 header format. For example: log 10.2.3.4:1234 len 2048 format rfc5424 local2 info
2015-09-22 10:05:32 -04:00
list_for_each_entry(tmplogsrv, &curproxy->logsrvs, list) {
BUG/MEDIUM: logs: segfault writing to log from Lua Michael Ezzell reported a bug causing haproxy to segfault during startup when trying to send syslog message from Lua. The function __send_log() can be called with *p that is NULL and/or when the configuration is not fully parsed, as is the case with Lua. This patch fixes this problem by using individual vectors instead of the pre-generated strings log_htp and log_htp_rfc5424. Also, this patch fixes a problem causing haproxy to write the wrong pid in the logs -- the log_htp(_rfc5424) strings were generated at the haproxy start, but "pid" value would be changed after haproxy is started in daemon/systemd mode.
2015-10-01 07:18:13 -04:00
if (tmplogsrv->format == LOG_FORMAT_RFC5424) {
if (!curproxy->conf.logformat_sd_string) {
/* set the default logformat_sd_string */
curproxy->conf.logformat_sd_string = default_rfc5424_sd_log_format;
}
MEDIUM: logs: add support for RFC5424 header format per logger The function __send_log() iterates over senders and passes the header as the first vector to sendmsg(), thus it can send a logger-specific header in each message. A new logger arguments "format rfc5424" should be used in order to enable RFC5424 header format. For example: log 10.2.3.4:1234 len 2048 format rfc5424 local2 info
2015-09-22 10:05:32 -04:00
break;
}
}
MEDIUM: logs: remove the hostname, tag and pid part from the logheader At the moment we have to call snprintf() for every log line just to rebuild a constant. Thanks to sendmsg(), we send the message in 3 parts: time-based header, proxy-specific hostname+log-tag+pid, session-specific message.
2015-09-19 16:35:44 -04:00
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
/* compile the log format */
if (!(curproxy->cap & PR_CAP_FE)) {
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (curproxy->conf.logformat_string != default_http_log_format &&
curproxy->conf.logformat_string != default_tcp_log_format &&
curproxy->conf.logformat_string != clf_http_log_format)
free(curproxy->conf.logformat_string);
curproxy->conf.logformat_string = NULL;
free(curproxy->conf.lfs_file);
curproxy->conf.lfs_file = NULL;
curproxy->conf.lfs_line = 0;
MEDIUM: logs: add a new RFC5424 log-format for the structured-data This patch adds a new RFC5424-specific log-format for the structured-data that is automatically send by __send_log() when the sender is in RFC5424 mode. A new statement "log-format-sd" should be used in order to set log-format for the structured-data part in RFC5424 formatted syslog messages. Example: log-format-sd [exampleSDID@1234\ bytes=\"%B\"\ status=\"%ST\"]
2015-09-25 13:17:44 -04:00
if (curproxy->conf.logformat_sd_string != default_rfc5424_sd_log_format)
free(curproxy->conf.logformat_sd_string);
curproxy->conf.logformat_sd_string = NULL;
free(curproxy->conf.lfsd_file);
curproxy->conf.lfsd_file = NULL;
curproxy->conf.lfsd_line = 0;
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
}
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (curproxy->conf.logformat_string) {
curproxy->conf.args.ctx = ARGC_LOG;
curproxy->conf.args.file = curproxy->conf.lfs_file;
curproxy->conf.args.line = curproxy->conf.lfs_line;
MEDIUM: log-format: Use standard HAProxy log system to report errors The function log format emit its own error message using Alert(). This patch replaces this behavior and uses the standard HAProxy error system (with memprintf). The benefits are: - cleaning the log system - the logformat can ignore the caller (actually the caller must set a flag designing the caller function). - Make the usage of the logformat function easy for future components.
2016-11-22 18:41:28 -05:00
err = NULL;
MEDIUM: log-format/conf: take into account the parse_logformat_string() return code This patch takes into account the return code of the parse_logformat_string() function. Now the configuration parser will fail if the log_format is not strict.
2016-11-22 17:50:02 -05:00
if (!parse_logformat_string(curproxy->conf.logformat_string, curproxy, &curproxy->logformat, LOG_OPT_MANDATORY,
MEDIUM: log-format: Use standard HAProxy log system to report errors The function log format emit its own error message using Alert(). This patch replaces this behavior and uses the standard HAProxy error system (with memprintf). The benefits are: - cleaning the log system - the logformat can ignore the caller (actually the caller must set a flag designing the caller function). - Make the usage of the logformat function easy for future components.
2016-11-22 18:41:28 -05:00
SMP_VAL_FE_LOG_END, &err)) {
Alert("Parsing [%s:%d]: failed to parse log-format : %s.\n",
curproxy->conf.lfs_file, curproxy->conf.lfs_line, err);
free(err);
MEDIUM: log-format/conf: take into account the parse_logformat_string() return code This patch takes into account the return code of the parse_logformat_string() function. Now the configuration parser will fail if the log_format is not strict.
2016-11-22 17:50:02 -05:00
cfgerr++;
}
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
curproxy->conf.args.file = NULL;
curproxy->conf.args.line = 0;
}
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
MEDIUM: logs: add a new RFC5424 log-format for the structured-data This patch adds a new RFC5424-specific log-format for the structured-data that is automatically send by __send_log() when the sender is in RFC5424 mode. A new statement "log-format-sd" should be used in order to set log-format for the structured-data part in RFC5424 formatted syslog messages. Example: log-format-sd [exampleSDID@1234\ bytes=\"%B\"\ status=\"%ST\"]
2015-09-25 13:17:44 -04:00
if (curproxy->conf.logformat_sd_string) {
curproxy->conf.args.ctx = ARGC_LOGSD;
curproxy->conf.args.file = curproxy->conf.lfsd_file;
curproxy->conf.args.line = curproxy->conf.lfsd_line;
MEDIUM: log-format: Use standard HAProxy log system to report errors The function log format emit its own error message using Alert(). This patch replaces this behavior and uses the standard HAProxy error system (with memprintf). The benefits are: - cleaning the log system - the logformat can ignore the caller (actually the caller must set a flag designing the caller function). - Make the usage of the logformat function easy for future components.
2016-11-22 18:41:28 -05:00
err = NULL;
MEDIUM: log-format/conf: take into account the parse_logformat_string() return code This patch takes into account the return code of the parse_logformat_string() function. Now the configuration parser will fail if the log_format is not strict.
2016-11-22 17:50:02 -05:00
if (!parse_logformat_string(curproxy->conf.logformat_sd_string, curproxy, &curproxy->logformat_sd, LOG_OPT_MANDATORY,
MEDIUM: log-format: Use standard HAProxy log system to report errors The function log format emit its own error message using Alert(). This patch replaces this behavior and uses the standard HAProxy error system (with memprintf). The benefits are: - cleaning the log system - the logformat can ignore the caller (actually the caller must set a flag designing the caller function). - Make the usage of the logformat function easy for future components.
2016-11-22 18:41:28 -05:00
SMP_VAL_FE_LOG_END, &err)) {
Alert("Parsing [%s:%d]: failed to parse log-format-sd : %s.\n",
curproxy->conf.lfs_file, curproxy->conf.lfs_line, err);
free(err);
MEDIUM: log-format/conf: take into account the parse_logformat_string() return code This patch takes into account the return code of the parse_logformat_string() function. Now the configuration parser will fail if the log_format is not strict.
2016-11-22 17:50:02 -05:00
cfgerr++;
MEDIUM: log-format: Use standard HAProxy log system to report errors The function log format emit its own error message using Alert(). This patch replaces this behavior and uses the standard HAProxy error system (with memprintf). The benefits are: - cleaning the log system - the logformat can ignore the caller (actually the caller must set a flag designing the caller function). - Make the usage of the logformat function easy for future components.
2016-11-22 18:41:28 -05:00
} else if (!add_to_logformat_list(NULL, NULL, LF_SEPARATOR, &curproxy->logformat_sd, &err)) {
Alert("Parsing [%s:%d]: failed to parse log-format-sd : %s.\n",
curproxy->conf.lfs_file, curproxy->conf.lfs_line, err);
free(err);
MEDIUM: log-format/conf: take into account the parse_logformat_string() return code This patch takes into account the return code of the parse_logformat_string() function. Now the configuration parser will fail if the log_format is not strict.
2016-11-22 17:50:02 -05:00
cfgerr++;
}
MEDIUM: logs: add a new RFC5424 log-format for the structured-data This patch adds a new RFC5424-specific log-format for the structured-data that is automatically send by __send_log() when the sender is in RFC5424 mode. A new statement "log-format-sd" should be used in order to set log-format for the structured-data part in RFC5424 formatted syslog messages. Example: log-format-sd [exampleSDID@1234\ bytes=\"%B\"\ status=\"%ST\"]
2015-09-25 13:17:44 -04:00
curproxy->conf.args.file = NULL;
curproxy->conf.args.line = 0;
}
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (curproxy->conf.uniqueid_format_string) {
curproxy->conf.args.ctx = ARGC_UIF;
curproxy->conf.args.file = curproxy->conf.uif_file;
curproxy->conf.args.line = curproxy->conf.uif_line;
MEDIUM: log-format: Use standard HAProxy log system to report errors The function log format emit its own error message using Alert(). This patch replaces this behavior and uses the standard HAProxy error system (with memprintf). The benefits are: - cleaning the log system - the logformat can ignore the caller (actually the caller must set a flag designing the caller function). - Make the usage of the logformat function easy for future components.
2016-11-22 18:41:28 -05:00
err = NULL;
MEDIUM: log-format/conf: take into account the parse_logformat_string() return code This patch takes into account the return code of the parse_logformat_string() function. Now the configuration parser will fail if the log_format is not strict.
2016-11-22 17:50:02 -05:00
if (!parse_logformat_string(curproxy->conf.uniqueid_format_string, curproxy, &curproxy->format_unique_id, LOG_OPT_HTTP,
MEDIUM: log-format: Use standard HAProxy log system to report errors The function log format emit its own error message using Alert(). This patch replaces this behavior and uses the standard HAProxy error system (with memprintf). The benefits are: - cleaning the log system - the logformat can ignore the caller (actually the caller must set a flag designing the caller function). - Make the usage of the logformat function easy for future components.
2016-11-22 18:41:28 -05:00
(curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR, &err)) {
Alert("Parsing [%s:%d]: failed to parse unique-id : %s.\n",
curproxy->conf.uif_file, curproxy->conf.uif_line, err);
free(err);
MEDIUM: log-format/conf: take into account the parse_logformat_string() return code This patch takes into account the return code of the parse_logformat_string() function. Now the configuration parser will fail if the log_format is not strict.
2016-11-22 17:50:02 -05:00
cfgerr++;
}
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
curproxy->conf.args.file = NULL;
curproxy->conf.args.line = 0;
}
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
/* only now we can check if some args remain unresolved.
* This must be done after the users and groups resolution.
*/
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
cfgerr += smp_resolve_args(curproxy);
if (!cfgerr)
cfgerr += acl_find_targets(curproxy);
[MINOR] acl: add http_auth and http_auth_group Add two acls to match http auth data: acl <name> http_auth(userlist) acl <name> http_auth_hroup(userlist) group1 group2 (...)
2010-01-29 13:26:18 -05:00
[MEDIUM] now upon startup, haproxy will warn about missing timeouts. Too many problem reports were caused by missing timeouts. While there has never been any default value since version 1.0, having no timeout is abnormal in networked environments, and will lead to various problems such as CLOSE_WAIT sockets accumulating and nasty things like this. For this reason, it's better to annoy the users until they fix their configs than letting them run buggy configurations.
2006-07-08 11:28:09 -04:00
if ((curproxy->mode == PR_MODE_TCP || curproxy->mode == PR_MODE_HTTP) &&
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
(((curproxy->cap & PR_CAP_FE) && !curproxy->timeout.client) ||
[MAJOR] replaced all timeouts with struct timeval The timeout functions were difficult to manipulate because they were rounding results to the millisecond. Thus, it was difficult to compare and to check what expired and what did not. Also, the comparison functions were heavy with multiplies and divides by 1000. Now, all timeouts are stored in timevals, reducing the number of operations for updates and leading to cleaner and more efficient code.
2007-05-12 16:35:00 -04:00
((curproxy->cap & PR_CAP_BE) && (curproxy->srv) &&
MEDIUM: session: add support for tunnel timeouts Tunnel timeouts are used when TCP connections are forwarded, or when forwarding upgraded HTTP connections (WebSocket) as well as CONNECT requests to proxies. This timeout allows long-lived sessions to be supported without having to set large timeouts to normal requests.
2012-05-12 06:50:00 -04:00
(!curproxy->timeout.connect ||
(!curproxy->timeout.server && (curproxy->mode == PR_MODE_HTTP || !curproxy->timeout.tunnel)))))) {
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
Warning("config : missing timeouts for %s '%s'.\n"
[MEDIUM] now upon startup, haproxy will warn about missing timeouts. Too many problem reports were caused by missing timeouts. While there has never been any default value since version 1.0, having no timeout is abnormal in networked environments, and will lead to various problems such as CLOSE_WAIT sockets accumulating and nasty things like this. For this reason, it's better to annoy the users until they fix their configs than letting them run buggy configurations.
2006-07-08 11:28:09 -04:00
" | While not properly invalid, you will certainly encounter various problems\n"
" | with such a configuration. To fix this, please ensure that all following\n"
[MINOR] fix configuration hint about timeouts Do not talk about "clitimeout", "contimeout" or "srvtimeout" anymore.
2008-01-20 17:25:06 -05:00
" | timeouts are set to a non-zero value: 'client', 'connect', 'server'.\n",
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
proxy_type_str(curproxy), curproxy->id);
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
err_code |= ERR_WARN;
[MEDIUM] now upon startup, haproxy will warn about missing timeouts. Too many problem reports were caused by missing timeouts. While there has never been any default value since version 1.0, having no timeout is abnormal in networked environments, and will lead to various problems such as CLOSE_WAIT sockets accumulating and nasty things like this. For this reason, it's better to annoy the users until they fix their configs than letting them run buggy configurations.
2006-07-08 11:28:09 -04:00
}
[MEDIUM] implement 'option ssl-hello-chk' to use CLIENT HELLO health checks. This makes it possible to relay SSL connections in pure TCP instances while ensuring the remote end really receives our data eventhough intermediate agents (firewalls, proxies, ...) might acknowledge the connection.
2006-07-09 10:42:34 -04:00
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
/* Historically, the tarpit and queue timeouts were inherited from contimeout.
* We must still support older configurations, so let's find out whether those
* parameters have been set or must be copied from contimeouts.
*/
if (curproxy != &defproxy) {
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
if (!curproxy->timeout.tarpit ||
curproxy->timeout.tarpit == defproxy.timeout.tarpit) {
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
/* tarpit timeout not set. We search in the following order:
* default.tarpit, curr.connect, default.connect.
*/
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
if (defproxy.timeout.tarpit)
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
curproxy->timeout.tarpit = defproxy.timeout.tarpit;
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
else if (curproxy->timeout.connect)
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
curproxy->timeout.tarpit = curproxy->timeout.connect;
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
else if (defproxy.timeout.connect)
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
curproxy->timeout.tarpit = defproxy.timeout.connect;
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
}
if ((curproxy->cap & PR_CAP_BE) &&
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
(!curproxy->timeout.queue ||
curproxy->timeout.queue == defproxy.timeout.queue)) {
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
/* queue timeout not set. We search in the following order:
* default.queue, curr.connect, default.connect.
*/
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
if (defproxy.timeout.queue)
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
curproxy->timeout.queue = defproxy.timeout.queue;
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
else if (curproxy->timeout.connect)
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
curproxy->timeout.queue = curproxy->timeout.connect;
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
else if (defproxy.timeout.connect)
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
curproxy->timeout.queue = defproxy.timeout.connect;
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
}
}
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
if ((curproxy->options2 & PR_O2_CHK_ANY) == PR_O2_SSL3_CHK) {
[MINOR] config: fix too large ssl-hello-check message. As reported by Cyril Bonté and Hervé Commowick, the ssl-hello-check should use sizeof()-1 and not sizeof() for the message length.
2010-02-01 10:38:17 -05:00
curproxy->check_len = sizeof(sslv3_client_hello_pkt) - 1;
CLEANUP: remove unneeded casts In C89, "void *" is automatically promoted to any pointer type. Casting the result of malloc/calloc to the type of the LHS variable is therefore unneeded. Most of this patch was built using this Coccinelle patch: @@ type T; @@ - (T *) (\(lua_touserdata\|malloc\|calloc\|SSL_get_app_data\|hlua_checkudata\|lua_newuserdata\)(...)) @@ type T; T *x; void *data; @@ x = - (T *) data @@ type T; T *x; T *data; @@ x = - (T *) data Unfortunately, either Coccinelle or I is too limited to detect situation where a complex RHS expression is of type "void *" and therefore casting is not needed. Those cases were manually examined and corrected.
2016-04-03 07:48:42 -04:00
curproxy->check_req = malloc(curproxy->check_len);
[MINOR] config: fix too large ssl-hello-check message. As reported by Cyril Bonté and Hervé Commowick, the ssl-hello-check should use sizeof()-1 and not sizeof() for the message length.
2010-02-01 10:38:17 -05:00
memcpy(curproxy->check_req, sslv3_client_hello_pkt, curproxy->check_len);
[MEDIUM] implement 'option ssl-hello-chk' to use CLIENT HELLO health checks. This makes it possible to relay SSL connections in pure TCP instances while ensuring the remote end really receives our data eventhough intermediate agents (firewalls, proxies, ...) might acknowledge the connection.
2006-07-09 10:42:34 -04:00
}
MINOR: config: warn when tcp-check rules are used without option tcp-check Since this case means that the rules will be ignored, better emit a warning.
2014-06-13 12:30:23 -04:00
if (!LIST_ISEMPTY(&curproxy->tcpcheck_rules) &&
(curproxy->options2 & PR_O2_CHK_ANY) != PR_O2_TCPCHK_CHK) {
Warning("config : %s '%s' uses tcp-check rules without 'option tcp-check', so the rules are ignored.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
}
MINOR: http: allow the cookie capture size to be changed Some users need more than 64 characters to log large cookies. The limit was set to 63 characters (and not 64 as previously documented). Now it is possible to change this using the global "tune.http.cookielen" setting if required.
2012-11-21 18:17:38 -05:00
/* ensure that cookie capture length is not too large */
if (curproxy->capture_len >= global.tune.cookie_len) {
Warning("config : truncating capture length to %d bytes for %s '%s'.\n",
global.tune.cookie_len - 1, proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
curproxy->capture_len = global.tune.cookie_len - 1;
}
[MAJOR] last bunch of capture changes for mempool v2 The header captures had lots of pools. They have all been transformed.
2007-05-13 16:46:04 -04:00
/* The small pools required for the capture lists */
MINOR: config: disable header captures in TCP mode and complain In order to help users fix their configs, report a warning when a capture has been set on a non-HTTP frontend. This should be backported to 1.4.
2012-03-24 03:33:05 -04:00
if (curproxy->nb_req_cap) {
MINOR: logs: don't limit HTTP header captures to HTTP frontends Similar to previous patches, HTTP header captures are performed when a TCP frontend switches to an HTTP backend, but are not possible to report. So let's relax the check to explicitly allow them to be present in TCP frontends.
2014-06-13 06:23:06 -04:00
curproxy->req_cap_pool = create_pool("ptrcap",
curproxy->nb_req_cap * sizeof(char *),
MEM_F_SHARED);
MINOR: config: disable header captures in TCP mode and complain In order to help users fix their configs, report a warning when a capture has been set on a non-HTTP frontend. This should be backported to 1.4.
2012-03-24 03:33:05 -04:00
}
if (curproxy->nb_rsp_cap) {
MINOR: logs: don't limit HTTP header captures to HTTP frontends Similar to previous patches, HTTP header captures are performed when a TCP frontend switches to an HTTP backend, but are not possible to report. So let's relax the check to explicitly allow them to be present in TCP frontends.
2014-06-13 06:23:06 -04:00
curproxy->rsp_cap_pool = create_pool("ptrcap",
curproxy->nb_rsp_cap * sizeof(char *),
MEM_F_SHARED);
MINOR: config: disable header captures in TCP mode and complain In order to help users fix their configs, report a warning when a capture has been set on a non-HTTP frontend. This should be backported to 1.4.
2012-03-24 03:33:05 -04:00
}
[MAJOR] last bunch of capture changes for mempool v2 The header captures had lots of pools. They have all been transformed.
2007-05-13 16:46:04 -04:00
MINOR: config: new backend directives: load-server-state-from-file and server-state-file-name This directive gives HAProxy the ability to use the either the global server-state-file directive or a local one using server-state-file-name to load server states. The state can be saved right before the reload by the init script, using the "show servers state" command on the stats socket redirecting output into a file.
2015-08-19 10:44:03 -04:00
switch (curproxy->load_server_state_from_file) {
case PR_SRV_STATE_FILE_UNSPEC:
curproxy->load_server_state_from_file = PR_SRV_STATE_FILE_NONE;
break;
case PR_SRV_STATE_FILE_GLOBAL:
if (!global.server_state_file) {
Warning("config : backend '%s' configured to load server state file from global section 'server-state-file' directive. Unfortunately, 'server-state-file' is not set!\n",
curproxy->id);
err_code |= ERR_WARN;
}
break;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* first, we will invert the servers list order */
newsrv = NULL;
while (curproxy->srv) {
struct server *next;
next = curproxy->srv->next;
curproxy->srv->next = newsrv;
newsrv = curproxy->srv;
if (!next)
break;
curproxy->srv = next;
}
MEDIUM: config: report a warning when multiple servers have the same name A config where multiple servers have the same name in the same backend is prone to a number of issues : logs are not really exploitable, stats get really tricky and even harder to change, etc... In fact, it can be safe to have the same name between multiple servers only when their respective IDs are known and used. So now we detect this situation and emit a warning for the first conflict detected per server if any of the servers uses an automatic ID.
2014-01-03 06:14:34 -05:00
/* Check that no server name conflicts. This causes trouble in the stats.
* We only emit a warning for the first conflict affecting each server,
* in order to avoid combinatory explosion if all servers have the same
* name. We do that only for servers which do not have an explicit ID,
* because these IDs were made also for distinguishing them and we don't
* want to annoy people who correctly manage them.
*/
for (newsrv = curproxy->srv; newsrv; newsrv = newsrv->next) {
struct server *other_srv;
if (newsrv->puid)
continue;
for (other_srv = curproxy->srv; other_srv && other_srv != newsrv; other_srv = other_srv->next) {
if (!other_srv->puid && strcmp(other_srv->id, newsrv->id) == 0) {
Warning("parsing [%s:%d] : %s '%s', another server named '%s' was defined without an explicit ID at line %d, this is not recommended.\n",
newsrv->conf.file, newsrv->conf.line,
proxy_type_str(curproxy), curproxy->id,
newsrv->id, other_srv->conf.line);
break;
}
}
}
[BUG] consistent hash: balance on all servers, not only 2 ! It was once reported at least by Dirk Taggesell that the consistent hash had a very poor distribution, making use of only two servers. Jeff Persch analysed the code and found the root cause. Consistent hash makes use of the server IDs, which are completed after the chash array initialization. This implies that each server which does not have an explicit "id" parameter will be merged at the same place in the chash tree and that in the end, only the first or last servers may be used. The now obvious fix (thanks to Jeff) is to assign the missing IDs earlier. However, it should be clearly understood that changing a hash algorithm on live systems will rebalance the whole system. Anyway, the only affected users will be the ones for which the system is quite unbalanced already. The ones who fix their IDs are not affected at all. Kudos to Jeff for spotting that bug which got merged 3 days after the consistent hashing !
2010-05-25 17:03:02 -04:00
/* assign automatic UIDs to servers which don't have one yet */
next_id = 1;
newsrv = curproxy->srv;
while (newsrv != NULL) {
if (!newsrv->puid) {
/* server ID not set, use automatic numbering with first
* spare entry starting with next_svid.
*/
next_id = get_next_id(&curproxy->conf.used_server_id, next_id);
newsrv->conf.id.key = newsrv->puid = next_id;
eb32_insert(&curproxy->conf.used_server_id, &newsrv->conf.id);
}
next_id++;
newsrv = newsrv->next;
}
[MEDIUM] differentiate between generic LB params and map-specific ones Since the introduction of server weights, all load balancing algorithms relied on a pre-computed map. Incidently, quite a bunch of map-specific parameters were used at random places in order to get the number of servers or their total weight. It was not architecturally acceptable that optimizations for the map computation had impact on external parts. For instance, during this cleanup it was found that a backend weight was seen as 1 when only the first backup server is used, whatever its weight. This cleanup consists in differentiating between LB-generic parameters, such as total weights, number of servers, etc... and map-specific ones. The struct proxy has been enhanced in order to make it easier to later support other algorithms. The recount_servers() function now also updates generic values such as total weights so that it's not needed anymore to call recalc_server_map() when weights are needed. This permitted to simplify some code which does not need to know about map internals anymore.
2007-11-15 17:26:18 -05:00
curproxy->lbprm.wmult = 1; /* default weight multiplier */
[MINOR] add a weight divisor to the struct proxy Under some circumstances, it will be useful to be able to have a server's effective weight bigger than the user weight, and this is particularly true for dynamic weight-based algorithms. In order to support this, we add a "wdiv" member to the lbprm structure which will always be used to divide the weights before reporting them.
2007-11-19 13:10:18 -05:00
curproxy->lbprm.wdiv = 1; /* default weight divider */
[MEDIUM] differentiate between generic LB params and map-specific ones Since the introduction of server weights, all load balancing algorithms relied on a pre-computed map. Incidently, quite a bunch of map-specific parameters were used at random places in order to get the number of servers or their total weight. It was not architecturally acceptable that optimizations for the map computation had impact on external parts. For instance, during this cleanup it was found that a backend weight was seen as 1 when only the first backup server is used, whatever its weight. This cleanup consists in differentiating between LB-generic parameters, such as total weights, number of servers, etc... and map-specific ones. The struct proxy has been enhanced in order to make it easier to later support other algorithms. The recount_servers() function now also updates generic values such as total weights so that it's not needed anymore to call recalc_server_map() when weights are needed. This permitted to simplify some code which does not need to know about map internals anymore.
2007-11-15 17:26:18 -05:00
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
/*
* If this server supports a maxconn parameter, it needs a dedicated
* tasks to fill the emptied slots when a connection leaves.
* Also, resolve deferred tracking dependency if needed.
*/
newsrv = curproxy->srv;
while (newsrv != NULL) {
if (newsrv->minconn > newsrv->maxconn) {
/* Only 'minconn' was specified, or it was higher than or equal
* to 'maxconn'. Let's turn this into maxconn and clean it, as
* this will avoid further useless expensive computations.
*/
newsrv->maxconn = newsrv->minconn;
} else if (newsrv->maxconn && !newsrv->minconn) {
/* minconn was not specified, so we set it to maxconn */
newsrv->minconn = newsrv->maxconn;
}
MINOR: ssl_sock: implement and use prepare_srv()/destroy_srv() Now we can simply check the transport layer at run time and decide whether or not to initialize or destroy these entries. This removes other ifdefs and includes from cfgparse.c, haproxy.c and hlua.c.
2016-12-22 15:16:08 -05:00
/* this will also properly set the transport layer for prod and checks */
if (newsrv->use_ssl || newsrv->check.use_ssl) {
if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv)
cfgerr += xprt_get(XPRT_SSL)->prepare_srv(newsrv);
}
MINOR: ssl: move ssl context init for servers from cfgparse.c to ssl_sock.c
2012-10-11 08:00:19 -04:00
BUG/MEDIUM: checks: fix health check regression causing them to depend on declaration order Since commit 4a74143 (MEDIUM: Paramatise functions over the check of a server), the check type is inherited from the current proxy's check type at the moment where the server is declared instead of when reviewing server configs. This causes an issue where a health check is disabled when the server is declared before the checks. In fact the server will inherit the last known check type declared before the "server" line : backend foo # this server is not checked at all server s1 1.1.1.1:80 check option tcpchk # this server is tcp-checked : server s2 1.1.1.2:80 check option httpchk # this server is http-checked : server s3 1.1.1.3:80 check The fix consists in assigning the check type during the config review phase where the config is stable. No backport is nedeed.
2013-12-03 05:11:34 -05:00
/* set the check type on the server */
newsrv->check.type = curproxy->options2 & PR_O2_CHK_ANY;
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
if (newsrv->trackit) {
struct proxy *px;
MEDIUM: server: allow multi-level server tracking Now that it is possible to know whether a server is in forced maintenance or inherits its maintenance status from another one, it is possible to allow server tracking at more than one level. We still provide a loop detection however. Note that for the stats it's a bit trickier since we have to report the check state which corresponds to the state of the server at the end of the chain.
2014-05-16 07:52:00 -04:00
struct server *srv, *loop;
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
char *pname, *sname;
pname = newsrv->trackit;
sname = strrchr(pname, '/');
if (sname)
*sname++ = '\0';
else {
sname = pname;
pname = NULL;
}
if (pname) {
CLEANUP: proxy: make the proxy lookup functions more user-friendly First, findproxy() was renamed proxy_find_by_name() so that its explicit that a name is required for the lookup. Second, we give this function the ability to search for tables if needed. Third we now provide inline wrappers to pass the appropriate PR_CAP_* flags and to explicitly look up a frontend, backend or table.
2015-05-26 05:24:42 -04:00
px = proxy_be_by_name(pname);
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
if (!px) {
Alert("config : %s '%s', server '%s': unable to find required proxy '%s' for tracking.\n",
proxy_type_str(curproxy), curproxy->id,
newsrv->id, pname);
cfgerr++;
goto next_srv;
}
} else
px = curproxy;
srv = findserver(px, sname);
if (!srv) {
Alert("config : %s '%s', server '%s': unable to find required server '%s' for tracking.\n",
proxy_type_str(curproxy), curproxy->id,
newsrv->id, sname);
cfgerr++;
goto next_srv;
}
MEDIUM: server: allow multi-level server tracking Now that it is possible to know whether a server is in forced maintenance or inherits its maintenance status from another one, it is possible to allow server tracking at more than one level. We still provide a loop detection however. Note that for the stats it's a bit trickier since we have to report the check state which corresponds to the state of the server at the end of the chain.
2014-05-16 07:52:00 -04:00
if (!(srv->check.state & CHK_ST_CONFIGURED) &&
!(srv->agent.state & CHK_ST_CONFIGURED) &&
!srv->track && !srv->trackit) {
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
Alert("config : %s '%s', server '%s': unable to use %s/%s for "
MEDIUM: server: allow multi-level server tracking Now that it is possible to know whether a server is in forced maintenance or inherits its maintenance status from another one, it is possible to allow server tracking at more than one level. We still provide a loop detection however. Note that for the stats it's a bit trickier since we have to report the check state which corresponds to the state of the server at the end of the chain.
2014-05-16 07:52:00 -04:00
"tracking as it does not have any check nor agent enabled.\n",
proxy_type_str(curproxy), curproxy->id,
newsrv->id, px->id, srv->id);
cfgerr++;
goto next_srv;
}
for (loop = srv->track; loop && loop != newsrv; loop = loop->track);
BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity(). There is a silly case where a loop is not detected in tracked servers lists: when a server tracks itself. Ex: server srv1 127.0.0.1:8000 track srv1 Well, this never happens and this does not prevent haproxy from working. But with this next following configuration: server srv1 127.0.0.1:8000 track srv2 server srv2 127.0.0.1:8000 track srv2 server srv3 127.0.0.1:8000 track srv2 the code in charge of detecting such loops never returns (without any error message). haproxy becomes stuck in an infinite loop because of this statement found in check_config_validity(): for (loop = srv->track; loop && loop != newsrv; loop = loop->track); Again, such a configuration is never accidentally used I guess. This latter example seems silly, but as several 'default-server' directives may be used in the same proxy section, and as 'default-server' settings are not resetted each a new 'default-server' line is created, it will match the following configuration, in the future, when 'track' setting will be supported by 'default-server': default-server track srv3 server srv1 127.0.0.1:8000 server srv2 127.0.0.1:8000 . . . default-server check server srv3 127.0.0.1:8000 (cherry picked from commit 6528fc93d3c065fdac841f24e55cfe9674a67414)
2017-03-14 09:32:17 -04:00
if (newsrv == srv || loop) {
MEDIUM: server: allow multi-level server tracking Now that it is possible to know whether a server is in forced maintenance or inherits its maintenance status from another one, it is possible to allow server tracking at more than one level. We still provide a loop detection however. Note that for the stats it's a bit trickier since we have to report the check state which corresponds to the state of the server at the end of the chain.
2014-05-16 07:52:00 -04:00
Alert("config : %s '%s', server '%s': unable to track %s/%s as it "
"belongs to a tracking chain looping back to %s/%s.\n",
proxy_type_str(curproxy), curproxy->id,
BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity(). There is a silly case where a loop is not detected in tracked servers lists: when a server tracks itself. Ex: server srv1 127.0.0.1:8000 track srv1 Well, this never happens and this does not prevent haproxy from working. But with this next following configuration: server srv1 127.0.0.1:8000 track srv2 server srv2 127.0.0.1:8000 track srv2 server srv3 127.0.0.1:8000 track srv2 the code in charge of detecting such loops never returns (without any error message). haproxy becomes stuck in an infinite loop because of this statement found in check_config_validity(): for (loop = srv->track; loop && loop != newsrv; loop = loop->track); Again, such a configuration is never accidentally used I guess. This latter example seems silly, but as several 'default-server' directives may be used in the same proxy section, and as 'default-server' settings are not resetted each a new 'default-server' line is created, it will match the following configuration, in the future, when 'track' setting will be supported by 'default-server': default-server track srv3 server srv1 127.0.0.1:8000 server srv2 127.0.0.1:8000 . . . default-server check server srv3 127.0.0.1:8000 (cherry picked from commit 6528fc93d3c065fdac841f24e55cfe9674a67414)
2017-03-14 09:32:17 -04:00
newsrv->id, px->id, srv->id, px->id,
newsrv == srv ? srv->id : loop->id);
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
cfgerr++;
goto next_srv;
}
if (curproxy != px &&
(curproxy->options & PR_O_DISABLE404) != (px->options & PR_O_DISABLE404)) {
Alert("config : %s '%s', server '%s': unable to use %s/%s for"
"tracking: disable-on-404 option inconsistency.\n",
proxy_type_str(curproxy), curproxy->id,
newsrv->id, px->id, srv->id);
cfgerr++;
goto next_srv;
}
newsrv->track = srv;
MINOR: checks: improve handling of the servers tracking chain Server tracking uses the same "tracknext" list for servers tracking another one and for the servers being tracked. This caused an issue which was fixed by commit f39c71c ([CRITICAL] fix server state tracking: it was O(n!) instead of O(n)), consisting in ensuring that a server is being checked before walking down the list, so that we don't propagate the up/down information via servers being part of the track chain. But the root cause is the fact that all servers share the same list. The correct solution consists in having a list head for the tracked servers and a list of next tracking servers. This simplifies the propagation logic, especially for the case where status changes might be passed to individual servers via the CLI.
2013-12-11 09:27:05 -05:00
newsrv->tracknext = srv->trackers;
srv->trackers = newsrv;
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
free(newsrv->trackit);
newsrv->trackit = NULL;
}
MAJOR: server: add DNS-based server name resolution Relies on the DNS protocol freshly implemented in HAProxy. It performs a server IP addr resolution based on a server hostname.
2015-04-13 19:15:08 -04:00
/*
* resolve server's resolvers name and update the resolvers pointer
* accordingly
*/
if (newsrv->resolvers_id) {
struct dns_resolvers *curr_resolvers;
int found;
found = 0;
list_for_each_entry(curr_resolvers, &dns_resolvers, list) {
if (!strcmp(curr_resolvers->id, newsrv->resolvers_id)) {
found = 1;
break;
}
}
if (!found) {
Alert("config : %s '%s', server '%s': unable to find required resolvers '%s'\n",
proxy_type_str(curproxy), curproxy->id,
newsrv->id, newsrv->resolvers_id);
cfgerr++;
} else {
MINOR: dns: Handle SRV records. Make it so for each server, instead of specifying a hostname, one can use a SRV label. When doing so, haproxy will first resolve the SRV label, then use the resulting hostnames, as well as port and weight (priority is ignored right now), to each server using the SRV label. It is resolved periodically, and any server disappearing from the SRV records will be removed, and any server appearing will be added, assuming there're free servers in haproxy.
2017-08-04 12:35:36 -04:00
if (newsrv->srvrq) {
if (!newsrv->srvrq->resolvers) {
newsrv->srvrq->resolvers = curr_resolvers;
if (dns_link_resolution(newsrv->srvrq,
OBJ_TYPE_SRVRQ, NULL) != 0) {
Alert("config : %s '%s', server '%s': unable to set DNS resolution\n",
proxy_type_str(curproxy), curproxy->id,
newsrv->id);
cfgerr++;
}
}
}
if (newsrv->srvrq || newsrv->hostname_dn) {
REORG: dns: dns_option structure, storage of hostname_dn This patch introduces a some re-organisation around the DNS code in HAProxy. 1. make the dns_* functions less dependent on 'struct server' and 'struct resolution'. With this in mind, the following changes were performed: - 'struct dns_options' has been removed from 'struct resolution' (well, we might need it back at some point later, we'll see) ==> we'll use the 'struct dns_options' from the owner of the resolution - dns_get_ip_from_response(): takes a 'struct dns_options' instead of 'struct resolution' ==> so the caller can pass its own dns options to get the most appropriate IP from the response - dns_process_resolve(): struct dns_option is deduced from new resolution->requester_type parameter 2. add hostname_dn and hostname_dn_len into struct server In order to avoid recomputing a server's hostname into its domain name format (and use a trash buffer to store the result), it is safer to compute it once at configuration parsing and to store it into the struct server. In the mean time, the struct resolution linked to the server doesn't need anymore to store the hostname in domain name format. A simple pointer to the server one will make the trick. The function srv_alloc_dns_resolution() properly manages everything for us: memory allocation, pointer updates, etc... 3. move resolvers pointer into struct server This patch makes the pointer to struct dns_resolvers from struct dns_resolution obsolete. Purpose is to make the resolution as "neutral" as possible and since the requester is already linked to the resolvers, then we don't need this information anymore in the resolution itself.
2017-05-03 06:12:02 -04:00
newsrv->resolvers = curr_resolvers;
MAJOR/REORG: dns: DNS resolution task and requester queues This patch is a major upgrade of the internal run-time DNS resolver in HAProxy and it brings the following 2 main changes: 1. DNS resolution task Up to now, DNS resolution was triggered by the health check task. From now, DNS resolution task is autonomous. It is started by HAProxy right after the scheduler is available and it is woken either when a network IO occurs for one of its nameserver or when a timeout is matched. From now, this means we can enable DNS resolution for a server without enabling health checking. 2. Introduction of a dns_requester structure Up to now, DNS resolution was purposely made for resolving server hostnames. The idea, is to ensure that any HAProxy internal object should be able to trigger a DNS resolution. For this purpose, 2 things has to be done: - clean up the DNS code from the server structure (this was already quite clean actually) and clean up the server's callbacks from manipulating too much DNS resolution - create an agnostic structure which allows linking a DNS resolution and a requester of any type (using obj_type enum) 3. Manage requesters through queues Up to now, there was an uniq relationship between a resolution and it's owner (aka the requester now). It's a shame, because in some cases, multiple objects may share the same hostname and may benefit from a resolution being performed by a third party. This patch introduces the notion of queues, which are basically lists of either currently running resolution or waiting ones. The resolutions are now available as a pool, which belongs to the resolvers. The pool has has a default size of 64 resolutions per resolvers and is allocated at configuration parsing.
2017-05-22 09:17:15 -04:00
if (dns_link_resolution(newsrv, OBJ_TYPE_SERVER, NULL) != 0) {
Alert("config : %s '%s', server '%s': unable to set DNS resolution\n",
proxy_type_str(curproxy), curproxy->id,
newsrv->id);
cfgerr++;
}
}
MAJOR: server: add DNS-based server name resolution Relies on the DNS protocol freshly implemented in HAProxy. It performs a server IP addr resolution based on a server hostname.
2015-04-13 19:15:08 -04:00
}
}
else {
/* if no resolvers section associated to this server
* we can clean up the associated resolution structure
*/
if (newsrv->resolution) {
free(newsrv->resolution->hostname_dn);
newsrv->resolution->hostname_dn = NULL;
free(newsrv->resolution);
newsrv->resolution = NULL;
}
}
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
next_srv:
newsrv = newsrv->next;
}
MINOR: server: Add dynamic session cookies. This adds a new "dynamic" keyword for the cookie option. If set, a cookie will be generated for each server (assuming one isn't already provided on the "server" line), from the IP of the server, the TCP port, and a secret key provided. To provide the secret key, a new keyword as been added, "dynamic-cookie-key", for backends. Example : backend bk_web balance roundrobin dynamic-cookie-key "bla" cookie WEBSRV insert dynamic server s1 127.0.0.1:80 check server s2 192.168.56.1:80 check This is a first step to be able to dynamically add and remove servers, without modifying the configuration file, and still have all the load balancers redirect the traffic to the right server. Provide a way to generate session cookies, based on the IP address of the server, the TCP port, and a secret key provided.
2017-03-14 15:01:29 -04:00
/*
* Try to generate dynamic cookies for servers now.
* It couldn't be done earlier, since at the time we parsed
* the server line, we may not have known yet that we
* should use dynamic cookies, or the secret key may not
* have been provided yet.
*/
if (curproxy->ck_opts & PR_CK_DYNAMIC) {
newsrv = curproxy->srv;
while (newsrv != NULL) {
srv_set_dyncookie(newsrv);
newsrv = newsrv->next;
}
}
[MINOR] backend: separate declarations of LB algos from their lookup method LB algo macros were composed of the LB algo by itself without any indication of the method to use to look up a server (the lb function itself). This method was implied by the LB algo, which was not very convenient to add more algorithms. Now we have several fields in the LB macros, some to describe what to look for in the requests, some to describe how to transform that (kind of algo) and some to describe what lookup function to use. The next patch will make it possible to factor out some code for all algos which rely on a map.
2009-10-03 06:21:20 -04:00
/* We have to initialize the server lookup mechanism depending
* on what LB algorithm was choosen.
*/
curproxy->lbprm.algo &= ~(BE_LB_LKUP | BE_LB_PROP_DYN);
switch (curproxy->lbprm.algo & BE_LB_KIND) {
case BE_LB_KIND_RR:
[MEDIUM] backend: introduce the "static-rr" LB algorithm The "static-rr" is just the old round-robin algorithm. It is still in use when a hash algorithm is used and the data to hash is not present, but it was impossible to configure it explicitly. This one is cheaper in terms of CPU and supports unlimited numbers of servers, so it makes sense to be able to use it.
2009-10-03 06:56:50 -04:00
if ((curproxy->lbprm.algo & BE_LB_PARM) == BE_LB_RR_STATIC) {
curproxy->lbprm.algo |= BE_LB_LKUP_MAP;
init_server_map(curproxy);
} else {
curproxy->lbprm.algo |= BE_LB_LKUP_RRTREE | BE_LB_PROP_DYN;
fwrr_init_server_groups(curproxy);
}
[MINOR] backend: separate declarations of LB algos from their lookup method LB algo macros were composed of the LB algo by itself without any indication of the method to use to look up a server (the lb function itself). This method was implied by the LB algo, which was not very convenient to add more algorithms. Now we have several fields in the LB macros, some to describe what to look for in the requests, some to describe how to transform that (kind of algo) and some to describe what lookup function to use. The next patch will make it possible to factor out some code for all algos which rely on a map.
2009-10-03 06:21:20 -04:00
break;
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
MINOR: backend: rework the LC definition to support other connection-based algos The leastconn algorithm should be of kind "connection-based", not "leastconn" if we want to later support other connection-based LB algos.
2012-02-13 10:57:44 -05:00
case BE_LB_KIND_CB:
MEDIUM: backend: add the 'first' balancing algorithm The principle behind this load balancing algorithm was first imagined and modeled by Steen Larsen then iteratively refined through several work sessions until it would totally address its original goal. The purpose of this algorithm is to always use the smallest number of servers so that extra servers can be powered off during non-intensive hours. Additional tools may be used to do that work, possibly by locally monitoring the servers' activity. The first server with available connection slots receives the connection. The servers are choosen from the lowest numeric identifier to the highest (see server parameter "id"), which defaults to the server's position in the farm. Once a server reaches its maxconn value, the next server is used. It does not make sense to use this algorithm without setting maxconn. Note that it can however make sense to use minconn so that servers are not used at full load before starting new servers, and so that introduction of new servers requires a progressively increasing load (the number of servers would more or less follow the square root of the load until maxconn is reached). This algorithm ignores the server weight, and is more beneficial to long sessions such as RDP or IMAP than HTTP, though it can be useful there too.
2012-02-13 11:12:08 -05:00
if ((curproxy->lbprm.algo & BE_LB_PARM) == BE_LB_CB_LC) {
curproxy->lbprm.algo |= BE_LB_LKUP_LCTREE | BE_LB_PROP_DYN;
fwlc_init_server_tree(curproxy);
} else {
curproxy->lbprm.algo |= BE_LB_LKUP_FSTREE | BE_LB_PROP_DYN;
fas_init_server_tree(curproxy);
}
[MINOR] backend: separate declarations of LB algos from their lookup method LB algo macros were composed of the LB algo by itself without any indication of the method to use to look up a server (the lb function itself). This method was implied by the LB algo, which was not very convenient to add more algorithms. Now we have several fields in the LB macros, some to describe what to look for in the requests, some to describe how to transform that (kind of algo) and some to describe what lookup function to use. The next patch will make it possible to factor out some code for all algos which rely on a map.
2009-10-03 06:21:20 -04:00
break;
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
[MINOR] backend: separate declarations of LB algos from their lookup method LB algo macros were composed of the LB algo by itself without any indication of the method to use to look up a server (the lb function itself). This method was implied by the LB algo, which was not very convenient to add more algorithms. Now we have several fields in the LB macros, some to describe what to look for in the requests, some to describe how to transform that (kind of algo) and some to describe what lookup function to use. The next patch will make it possible to factor out some code for all algos which rely on a map.
2009-10-03 06:21:20 -04:00
case BE_LB_KIND_HI:
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
if ((curproxy->lbprm.algo & BE_LB_HASH_TYPE) == BE_LB_HASH_CONS) {
curproxy->lbprm.algo |= BE_LB_LKUP_CHTREE | BE_LB_PROP_DYN;
chash_init_server_tree(curproxy);
} else {
curproxy->lbprm.algo |= BE_LB_LKUP_MAP;
init_server_map(curproxy);
}
[MINOR] backend: separate declarations of LB algos from their lookup method LB algo macros were composed of the LB algo by itself without any indication of the method to use to look up a server (the lb function itself). This method was implied by the LB algo, which was not very convenient to add more algorithms. Now we have several fields in the LB macros, some to describe what to look for in the requests, some to describe how to transform that (kind of algo) and some to describe what lookup function to use. The next patch will make it possible to factor out some code for all algos which rely on a map.
2009-10-03 06:21:20 -04:00
break;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (curproxy->options & PR_O_LOGASAP)
curproxy->to_log &= ~LW_BYTES;
[BUG] log: option tcplog would log to global if no logger was defined Romuald du Song reported a strange bug causing "option tcplog" to unexpectedly use global log parameters if no log server was declared. Eventhough it can be useful in some circumstances, it only hides configuration bugs and can even cause traffic logs to be sent to the wrong logger, since global settings are just for the process. This has been fixed and a warning has been added for configurations where tcplog or httplog are set without any logger. This fix must be backported to 1.3.20, but not to 1.3.15.X in order not to risk any regression on old configurations.
2009-08-09 04:11:45 -04:00
if ((curproxy->mode == PR_MODE_TCP || curproxy->mode == PR_MODE_HTTP) &&
MEDIUM: logs: add a new RFC5424 log-format for the structured-data This patch adds a new RFC5424-specific log-format for the structured-data that is automatically send by __send_log() when the sender is in RFC5424 mode. A new statement "log-format-sd" should be used in order to set log-format for the structured-data part in RFC5424 formatted syslog messages. Example: log-format-sd [exampleSDID@1234\ bytes=\"%B\"\ status=\"%ST\"]
2015-09-25 13:17:44 -04:00
(curproxy->cap & PR_CAP_FE) && LIST_ISEMPTY(&curproxy->logsrvs) &&
(!LIST_ISEMPTY(&curproxy->logformat) || !LIST_ISEMPTY(&curproxy->logformat_sd))) {
[BUG] log: option tcplog would log to global if no logger was defined Romuald du Song reported a strange bug causing "option tcplog" to unexpectedly use global log parameters if no log server was declared. Eventhough it can be useful in some circumstances, it only hides configuration bugs and can even cause traffic logs to be sent to the wrong logger, since global settings are just for the process. This has been fixed and a warning has been added for configurations where tcplog or httplog are set without any logger. This fix must be backported to 1.3.20, but not to 1.3.15.X in order not to risk any regression on old configurations.
2009-08-09 04:11:45 -04:00
Warning("config : log format ignored for %s '%s' since it has no log address.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
}
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
if (curproxy->mode != PR_MODE_HTTP) {
int optnum;
if (curproxy->uri_auth) {
Warning("config : 'stats' statement ignored for %s '%s' as it requires HTTP mode.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
curproxy->uri_auth = NULL;
}
MINOR: config: warn when some HTTP rules are used in a TCP proxy Surprizingly, http-request, http-response, block, redirect, and capture rules did not cause a warning to be emitted when used in a TCP proxy, so let's fix this. This patch may be backported to older versions as it helps spotting configuration issues.
2017-03-10 05:49:21 -05:00
if (curproxy->capture_name) {
Warning("config : 'capture' statement ignored for %s '%s' as it requires HTTP mode.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
}
if (!LIST_ISEMPTY(&curproxy->http_req_rules)) {
Warning("config : 'http-request' rules ignored for %s '%s' as they require HTTP mode.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
}
if (!LIST_ISEMPTY(&curproxy->http_res_rules)) {
Warning("config : 'http-response' rules ignored for %s '%s' as they require HTTP mode.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
}
if (!LIST_ISEMPTY(&curproxy->block_rules)) {
Warning("config : 'block' rules ignored for %s '%s' as they require HTTP mode.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
}
if (!LIST_ISEMPTY(&curproxy->redirect_rules)) {
Warning("config : 'redirect' rules ignored for %s '%s' as they require HTTP mode.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
}
[MEDIUM] http: make x-forwarded-for addition conditional If "option forwardfor" has the "if-none" argument, then the header is only added when the request did not already have one. This option has security implications, and should not be set blindly.
2011-08-19 16:57:24 -04:00
if (curproxy->options & (PR_O_FWDFOR | PR_O_FF_ALWAYS)) {
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
Warning("config : 'option %s' ignored for %s '%s' as it requires HTTP mode.\n",
"forwardfor", proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
[MEDIUM] http: make x-forwarded-for addition conditional If "option forwardfor" has the "if-none" argument, then the header is only added when the request did not already have one. This option has security implications, and should not be set blindly.
2011-08-19 16:57:24 -04:00
curproxy->options &= ~(PR_O_FWDFOR | PR_O_FF_ALWAYS);
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
}
if (curproxy->options & PR_O_ORGTO) {
Warning("config : 'option %s' ignored for %s '%s' as it requires HTTP mode.\n",
"originalto", proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
curproxy->options &= ~PR_O_ORGTO;
}
for (optnum = 0; cfg_opts[optnum].name; optnum++) {
if (cfg_opts[optnum].mode == PR_MODE_HTTP &&
(curproxy->cap & cfg_opts[optnum].cap) &&
(curproxy->options & cfg_opts[optnum].val)) {
Warning("config : 'option %s' ignored for %s '%s' as it requires HTTP mode.\n",
cfg_opts[optnum].name, proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
curproxy->options &= ~cfg_opts[optnum].val;
}
}
for (optnum = 0; cfg_opts2[optnum].name; optnum++) {
if (cfg_opts2[optnum].mode == PR_MODE_HTTP &&
(curproxy->cap & cfg_opts2[optnum].cap) &&
(curproxy->options2 & cfg_opts2[optnum].val)) {
Warning("config : 'option %s' ignored for %s '%s' as it requires HTTP mode.\n",
cfg_opts2[optnum].name, proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
curproxy->options2 &= ~cfg_opts2[optnum].val;
}
}
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
MAJOR: tproxy: remove support for cttproxy This was the first transparent proxy technology supported by haproxy circa 2005 but it was obsoleted in 2007 by Tproxy 4.0 which removed a lot of the earlier versions' shortcomings and was finally merged into the kernel. Since nobody has been using cttproxy for many years now and nobody has even just tried to compile the files, it's time to remove it. The doc was updated as well.
2015-08-20 13:35:14 -04:00
#if defined(CONFIG_HAP_TRANSPARENT)
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
if (curproxy->conn_src.bind_hdr_occ) {
curproxy->conn_src.bind_hdr_occ = 0;
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
Warning("config : %s '%s' : ignoring use of header %s as source IP in non-HTTP mode.\n",
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
proxy_type_str(curproxy), curproxy->id, curproxy->conn_src.bind_hdr_name);
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
err_code |= ERR_WARN;
}
[BUILD] config: last patch breaks build without CONFIG_HAP_LINUX_TPROXY A few ifdefs were missing in the config validity check function.
2010-03-30 14:13:29 -04:00
#endif
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
}
Revert "[BUILD] backend.c and checks.c did not build without tproxy !" This reverts commit 3c3c0122f84d72eae1c4ef4b1826bfdbef7d95e6. This commit was buggy as it also removed previous tproxy changes !
2008-02-14 14:25:24 -05:00
/*
* ensure that we're not cross-dressing a TCP server into HTTP.
*/
newsrv = curproxy->srv;
while (newsrv != NULL) {
MINOR: config: tolerate server "cookie" setting in non-HTTP mode Up to now, if a cookie value was specified on a server when the proxy was in TCP mode, it would cause a fatal error. Now we only report a warning, since the cookie will be ignored. This makes it easier to generate configs from scripts.
2011-10-31 08:49:26 -04:00
if ((curproxy->mode != PR_MODE_HTTP) && newsrv->rdr_len) {
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
Alert("config : %s '%s' : server cannot have cookie or redirect prefix in non-HTTP mode.\n",
proxy_type_str(curproxy), curproxy->id);
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
cfgerr++;
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
}
MINOR: config: tolerate server "cookie" setting in non-HTTP mode Up to now, if a cookie value was specified on a server when the proxy was in TCP mode, it would cause a fatal error. Now we only report a warning, since the cookie will be ignored. This makes it easier to generate configs from scripts.
2011-10-31 08:49:26 -04:00
if ((curproxy->mode != PR_MODE_HTTP) && newsrv->cklen) {
Warning("config : %s '%s' : ignoring cookie for server '%s' as HTTP mode is disabled.\n",
proxy_type_str(curproxy), curproxy->id, newsrv->id);
err_code |= ERR_WARN;
MINOR: config: warn when a server with no specific port uses rdp-cookie Mathew Levett reported an issue which is a bit nasty and hard to track down. RDP cookies contain both the IP and the port, and haproxy matches them exactly. So if a server has no port specified (or a remapped port), it will never match a port specified in a cookie. Better warn the user when this is detected.
2013-08-13 11:19:08 -04:00
}
REORG/MEDIUM: server: split server state and flags in two different variables Till now, the server's state and flags were all saved as a single bit field. It causes some difficulties because we'd like to have an enum for the state and separate flags. This commit starts by splitting them in two distinct fields. The first one is srv->state (with its counter-part srv->prev_state) which are now enums, but which still contain bits (SRV_STF_*). The flags now lie in their own field (srv->flags). The function srv_is_usable() was updated to use the enum as input, since it already used to deal only with the state. Note that currently, the maintenance mode is still in the state for simplicity, but it must move as well.
2014-05-13 09:54:22 -04:00
if ((newsrv->flags & SRV_F_MAPPORTS) && (curproxy->options2 & PR_O2_RDPC_PRST)) {
MINOR: config: warn when a server with no specific port uses rdp-cookie Mathew Levett reported an issue which is a bit nasty and hard to track down. RDP cookies contain both the IP and the port, and haproxy matches them exactly. So if a server has no port specified (or a remapped port), it will never match a port specified in a cookie. Better warn the user when this is detected.
2013-08-13 11:19:08 -04:00
Warning("config : %s '%s' : RDP cookie persistence will not work for server '%s' because it lacks an explicit port number.\n",
proxy_type_str(curproxy), curproxy->id, newsrv->id);
err_code |= ERR_WARN;
MINOR: config: tolerate server "cookie" setting in non-HTTP mode Up to now, if a cookie value was specified on a server when the proxy was in TCP mode, it would cause a fatal error. Now we only report a warning, since the cookie will be ignored. This makes it easier to generate configs from scripts.
2011-10-31 08:49:26 -04:00
}
MAJOR: tproxy: remove support for cttproxy This was the first transparent proxy technology supported by haproxy circa 2005 but it was obsoleted in 2007 by Tproxy 4.0 which removed a lot of the earlier versions' shortcomings and was finally merged into the kernel. Since nobody has been using cttproxy for many years now and nobody has even just tried to compile the files, it's time to remove it. The doc was updated as well.
2015-08-20 13:35:14 -04:00
#if defined(CONFIG_HAP_TRANSPARENT)
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
if (curproxy->mode != PR_MODE_HTTP && newsrv->conn_src.bind_hdr_occ) {
newsrv->conn_src.bind_hdr_occ = 0;
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
Warning("config : %s '%s' : server %s cannot use header %s as source IP in non-HTTP mode.\n",
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
proxy_type_str(curproxy), curproxy->id, newsrv->id, newsrv->conn_src.bind_hdr_name);
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
err_code |= ERR_WARN;
Revert "[BUILD] backend.c and checks.c did not build without tproxy !" This reverts commit 3c3c0122f84d72eae1c4ef4b1826bfdbef7d95e6. This commit was buggy as it also removed previous tproxy changes !
2008-02-14 14:25:24 -05:00
}
[BUILD] config: last patch breaks build without CONFIG_HAP_LINUX_TPROXY A few ifdefs were missing in the config validity check function.
2010-03-30 14:13:29 -04:00
#endif
BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options http-reuse should normally not be used in conjunction with the proxy protocol or with "usesrc clientip". While there's nothing fundamentally wrong with this, whenever these options are used, the server expects the IP address to be the source address for all requests, which doesn't make sense with http-reuse.
2017-01-06 06:21:38 -05:00
if ((curproxy->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR) {
if ((curproxy->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CLI ||
(curproxy->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CIP ||
(newsrv->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CLI ||
(newsrv->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CIP) {
Warning("config : %s '%s' : connections to server '%s' use the client's IP address as the source while http-reuse is enabled and allows the same connection to be shared between multiple clients. It is strongly advised to disable 'usesrc' and to use the 'forwardfor' option instead.\n",
proxy_type_str(curproxy), curproxy->id, newsrv->id);
err_code |= ERR_WARN;
}
if (newsrv->pp_opts & (SRV_PP_V1|SRV_PP_V2)) {
Warning("config : %s '%s' : connections to server '%s' will have a PROXY protocol header announcing the first client's IP address while http-reuse is enabled and allows the same connection to be shared between multiple clients. It is strongly advised to disable 'send-proxy' and to use the 'forwardfor' option instead.\n",
proxy_type_str(curproxy), curproxy->id, newsrv->id);
err_code |= ERR_WARN;
}
}
Revert "[BUILD] backend.c and checks.c did not build without tproxy !" This reverts commit 3c3c0122f84d72eae1c4ef4b1826bfdbef7d95e6. This commit was buggy as it also removed previous tproxy changes !
2008-02-14 14:25:24 -05:00
newsrv = newsrv->next;
}
MINOR: config: detect the case where a tcp-request content rule has no inspect-delay If a frontend has any tcp-request content rule relying on request contents without any inspect delay, we now emit a warning as this will randomly match. This can be backported to 1.5 as it reduces the support effort.
2014-09-16 10:21:19 -04:00
/* check if we have a frontend with "tcp-request content" looking at L7
* with no inspect-delay
*/
if ((curproxy->cap & PR_CAP_FE) && !curproxy->tcp_req.inspect_delay) {
list_for_each_entry(trule, &curproxy->tcp_req.inspect_rules, list) {
MINOR: actions: change actions names For performances considerations, some actions are not processed by remote function. They are directly processed by the function. Some of these actions does the same things but for different processing part (request / response). This patch give the same name for the same actions, and change the normalization of the other actions names. This patch is ONLY a rename, it doesn't modify the code.
2015-08-05 13:05:19 -04:00
if (trule->action == ACT_TCP_CAPTURE &&
MEDIUM: capture: Move the capture configuration storage in the union This patch moves the capture configuration struct (capture_prm) in the main "arg" union. This reduce the size of the struct.
2015-08-04 02:21:12 -04:00
!(trule->arg.cap.expr->fetch->val & SMP_VAL_FE_SES_ACC))
MINOR: config: detect the case where a tcp-request content rule has no inspect-delay If a frontend has any tcp-request content rule relying on request contents without any inspect delay, we now emit a warning as this will randomly match. This can be backported to 1.5 as it reduces the support effort.
2014-09-16 10:21:19 -04:00
break;
MINOR: actions: change actions names For performances considerations, some actions are not processed by remote function. They are directly processed by the function. Some of these actions does the same things but for different processing part (request / response). This patch give the same name for the same actions, and change the normalization of the other actions names. This patch is ONLY a rename, it doesn't modify the code.
2015-08-05 13:05:19 -04:00
if ((trule->action >= ACT_ACTION_TRK_SC0 && trule->action <= ACT_ACTION_TRK_SCMAX) &&
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
!(trule->arg.trk_ctr.expr->fetch->val & SMP_VAL_FE_SES_ACC))
MINOR: config: detect the case where a tcp-request content rule has no inspect-delay If a frontend has any tcp-request content rule relying on request contents without any inspect delay, we now emit a warning as this will randomly match. This can be backported to 1.5 as it reduces the support effort.
2014-09-16 10:21:19 -04:00
break;
}
if (&trule->list != &curproxy->tcp_req.inspect_rules) {
Warning("config : %s '%s' : some 'tcp-request content' rules explicitly depending on request"
" contents were found in a frontend without any 'tcp-request inspect-delay' setting."
" This means that these rules will randomly find their contents. This can be fixed by"
" setting the tcp-request inspect-delay.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
}
}
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
/* Check filter configuration, if any */
cfgerr += flt_check(curproxy);
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
if (curproxy->cap & PR_CAP_FE) {
MEDIUM: proxy: add the global frontend to the list of normal proxies Since recent changes on the global frontend, it was not possible anymore to soft-reload a process which had a stats socket because the socket would not be disabled upon reload. The only solution to this endless madness is to have the global frontend part of normal proxies. Since we don't want to get an ID that shifts all other proxies and causes trouble in deployed environments, we assign it ID #0 which other proxies can't grab, and we don't report it in the stats pages.
2012-10-04 02:47:34 -04:00
if (!curproxy->accept)
curproxy->accept = frontend_accept;
[MAJOR] frontend: split accept() into frontend_accept() and session_accept() A new function session_accept() is now called from the lower layer to instanciate a new session. Once the session is instanciated, the upper layer's frontent_accept() is called. This one can be service-dependant. That way, we have a 3-phase accept() sequence : 1) protocol-specific, session-less accept(), which is pointed to by the listener. It defaults to the generic stream_sock_accept(). 2) session_accept() which relies on a frontend but not necessarily for use in a proxy (eg: stats or any future service). 3) frontend_accept() which performs the accept for the service offerred by the frontend. It defaults to frontend_accept() which is really what is used by a proxy. The TCP/HTTP proxies have been moved to this mode so that we can now rely on frontend_accept() for any type of session initialization relying on a frontend. The next step will be to convert the stats to use the same system for the stats.
2010-06-01 11:45:26 -04:00
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
if (curproxy->tcp_req.inspect_delay ||
!LIST_ISEMPTY(&curproxy->tcp_req.inspect_rules))
[MEDIUM] session: support "tcp-request content" rules in backends Sometimes it's necessary to be able to perform some "layer 6" analysis in the backend. TCP request rules were not available till now, although documented in the diagram. Enable them in backend now.
2010-08-03 08:02:05 -04:00
curproxy->fe_req_ana |= AN_REQ_INSPECT_FE;
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
[MEDIUM] set rep->analysers from fe and be analysers sess_establish() used to resort to protocol-specific guesses in order to set rep->analysers. This is no longer needed as it gets set from the frontend and the backend as a copy of what was defined in the configuration.
2009-08-16 16:57:50 -04:00
if (curproxy->mode == PR_MODE_HTTP) {
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
curproxy->fe_req_ana |= AN_REQ_WAIT_HTTP | AN_REQ_HTTP_PROCESS_FE;
[MAJOR] http: create the analyser which waits for a response The code part which waits for an HTTP response has been extracted from the old function. We now have two analysers and the second one may re-enable the first one when an 1xx response is encountered. This has been tested and works. The calls to stream_int_return() that were remaining in the wait analyser have been converted to stream_int_retnclose().
2009-10-18 16:53:08 -04:00
curproxy->fe_rsp_ana |= AN_RES_WAIT_HTTP | AN_RES_HTTP_PROCESS_FE;
[MEDIUM] set rep->analysers from fe and be analysers sess_establish() used to resort to protocol-specific guesses in order to set rep->analysers. This is no longer needed as it gets set from the frontend and the backend as a copy of what was defined in the configuration.
2009-08-16 16:57:50 -04:00
}
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
/* both TCP and HTTP must check switching rules */
curproxy->fe_req_ana |= AN_REQ_SWITCHING_RULES;
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
/* Add filters analyzers if needed */
MINOR: filters: Extract proxy stuff from the struct filter Now, filter's configuration (.id, .conf and .ops fields) is stored in the structure 'flt_conf'. So proxies own a flt_conf list instead of a filter list. When a filter is attached to a stream, it gets a pointer on its configuration. This avoids mixing the filter's context (owns by a stream) and its configuration (owns by a proxy). It also saves 2 pointers per filter instance.
2016-02-04 07:40:26 -05:00
if (!LIST_ISEMPTY(&curproxy->filter_configs)) {
BUG/MAJOR: channel: Fix the definition order of channel analyzers It is important to defined analyzers (AN_REQ_* and AN_RES_*) in the same order they are evaluated in process_stream. This order is really important because during analyzers evaluation, we run them in the order of the lower bit to the higher one. This way, when an analyzer adds/removes another one during its evaluation, we know if it is located before or after it. So, when it adds an analyzer which is located before it, we can switch to it immediately, even if it has already been called once but removed since. With the time, and introduction of new analyzers, this order was broken up. the main problems come from the filter analyzers. We used values not related with their evaluation order. Furthermore, we used same values for request and response analyzers. So, to fix the bug, filter analyzers have been splitted in 2 distinct lists to have different analyzers for the request channel than those for the response channel. And of course, we have moved them to the right place. Some other analyzers have been reordered to respect the evaluation order: * AN_REQ_HTTP_TARPIT has been moved just before AN_REQ_SRV_RULES * AN_REQ_PRST_RDP_COOKIE has been moved just before AN_REQ_STICKING_RULES * AN_RES_STORE_RULES has been moved just after AN_RES_WAIT_HTTP Note today we have 29 analyzers, all stored into a 32 bits bitfield. So we can still add 4 more analyzers before having a problem. A good way to fend off the problem for a while could be to have a different bitfield for request and response analyzers. [wt: all of this must be backported to 1.7, and part of it must be backported to 1.6 and 1.5]
2017-01-05 08:06:34 -05:00
curproxy->fe_req_ana |= AN_REQ_FLT_START_FE | AN_REQ_FLT_XFER_DATA | AN_REQ_FLT_END;
curproxy->fe_rsp_ana |= AN_RES_FLT_START_FE | AN_RES_FLT_XFER_DATA | AN_RES_FLT_END;
MEDIUM: filters: Replace filter_http_headers callback by an analyzer This new analyzer will be called for each HTTP request/response, before the parsing of the body. It is identified by AN_FLT_HTTP_HDRS. Special care was taken about the following condition : * the frontend is a TCP proxy * filters are defined in the frontend section * the selected backend is a HTTP proxy So, this patch explicitly add AN_FLT_HTTP_HDRS analyzer on the request and the response channels when the backend is a HTTP proxy and when there are filters attatched on the stream. This patch simplifies http_request_forward_body and http_response_forward_body functions.
2015-12-02 03:57:32 -05:00
if (curproxy->mode == PR_MODE_HTTP) {
BUG/MAJOR: channel: Fix the definition order of channel analyzers It is important to defined analyzers (AN_REQ_* and AN_RES_*) in the same order they are evaluated in process_stream. This order is really important because during analyzers evaluation, we run them in the order of the lower bit to the higher one. This way, when an analyzer adds/removes another one during its evaluation, we know if it is located before or after it. So, when it adds an analyzer which is located before it, we can switch to it immediately, even if it has already been called once but removed since. With the time, and introduction of new analyzers, this order was broken up. the main problems come from the filter analyzers. We used values not related with their evaluation order. Furthermore, we used same values for request and response analyzers. So, to fix the bug, filter analyzers have been splitted in 2 distinct lists to have different analyzers for the request channel than those for the response channel. And of course, we have moved them to the right place. Some other analyzers have been reordered to respect the evaluation order: * AN_REQ_HTTP_TARPIT has been moved just before AN_REQ_SRV_RULES * AN_REQ_PRST_RDP_COOKIE has been moved just before AN_REQ_STICKING_RULES * AN_RES_STORE_RULES has been moved just after AN_RES_WAIT_HTTP Note today we have 29 analyzers, all stored into a 32 bits bitfield. So we can still add 4 more analyzers before having a problem. A good way to fend off the problem for a while could be to have a different bitfield for request and response analyzers. [wt: all of this must be backported to 1.7, and part of it must be backported to 1.6 and 1.5]
2017-01-05 08:06:34 -05:00
curproxy->fe_req_ana |= AN_REQ_FLT_HTTP_HDRS;
curproxy->fe_rsp_ana |= AN_RES_FLT_HTTP_HDRS;
MEDIUM: filters: Replace filter_http_headers callback by an analyzer This new analyzer will be called for each HTTP request/response, before the parsing of the body. It is identified by AN_FLT_HTTP_HDRS. Special care was taken about the following condition : * the frontend is a TCP proxy * filters are defined in the frontend section * the selected backend is a HTTP proxy So, this patch explicitly add AN_FLT_HTTP_HDRS analyzer on the request and the response channels when the backend is a HTTP proxy and when there are filters attatched on the stream. This patch simplifies http_request_forward_body and http_response_forward_body functions.
2015-12-02 03:57:32 -05:00
}
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
}
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
}
if (curproxy->cap & PR_CAP_BE) {
[MEDIUM] session: support "tcp-request content" rules in backends Sometimes it's necessary to be able to perform some "layer 6" analysis in the backend. TCP request rules were not available till now, although documented in the diagram. Enable them in backend now.
2010-08-03 08:02:05 -04:00
if (curproxy->tcp_req.inspect_delay ||
!LIST_ISEMPTY(&curproxy->tcp_req.inspect_rules))
curproxy->be_req_ana |= AN_REQ_INSPECT_BE;
[MEDIUM] Implement tcp inspect response rules
2010-09-23 11:56:44 -04:00
if (!LIST_ISEMPTY(&curproxy->tcp_rep.inspect_rules))
curproxy->be_rsp_ana |= AN_RES_INSPECT;
[MEDIUM] set rep->analysers from fe and be analysers sess_establish() used to resort to protocol-specific guesses in order to set rep->analysers. This is no longer needed as it gets set from the frontend and the backend as a copy of what was defined in the configuration.
2009-08-16 16:57:50 -04:00
if (curproxy->mode == PR_MODE_HTTP) {
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
curproxy->be_req_ana |= AN_REQ_WAIT_HTTP | AN_REQ_HTTP_INNER | AN_REQ_HTTP_PROCESS_BE;
[MAJOR] http: create the analyser which waits for a response The code part which waits for an HTTP response has been extracted from the old function. We now have two analysers and the second one may re-enable the first one when an 1xx response is encountered. This has been tested and works. The calls to stream_int_return() that were remaining in the wait analyser have been converted to stream_int_retnclose().
2009-10-18 16:53:08 -04:00
curproxy->be_rsp_ana |= AN_RES_WAIT_HTTP | AN_RES_HTTP_PROCESS_BE;
[MEDIUM] set rep->analysers from fe and be analysers sess_establish() used to resort to protocol-specific guesses in order to set rep->analysers. This is no longer needed as it gets set from the frontend and the backend as a copy of what was defined in the configuration.
2009-08-16 16:57:50 -04:00
}
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
/* If the backend does requires RDP cookie persistence, we have to
* enable the corresponding analyser.
*/
if (curproxy->options2 & PR_O2_RDPC_PRST)
curproxy->be_req_ana |= AN_REQ_PRST_RDP_COOKIE;
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
/* Add filters analyzers if needed */
MINOR: filters: Extract proxy stuff from the struct filter Now, filter's configuration (.id, .conf and .ops fields) is stored in the structure 'flt_conf'. So proxies own a flt_conf list instead of a filter list. When a filter is attached to a stream, it gets a pointer on its configuration. This avoids mixing the filter's context (owns by a stream) and its configuration (owns by a proxy). It also saves 2 pointers per filter instance.
2016-02-04 07:40:26 -05:00
if (!LIST_ISEMPTY(&curproxy->filter_configs)) {
BUG/MAJOR: channel: Fix the definition order of channel analyzers It is important to defined analyzers (AN_REQ_* and AN_RES_*) in the same order they are evaluated in process_stream. This order is really important because during analyzers evaluation, we run them in the order of the lower bit to the higher one. This way, when an analyzer adds/removes another one during its evaluation, we know if it is located before or after it. So, when it adds an analyzer which is located before it, we can switch to it immediately, even if it has already been called once but removed since. With the time, and introduction of new analyzers, this order was broken up. the main problems come from the filter analyzers. We used values not related with their evaluation order. Furthermore, we used same values for request and response analyzers. So, to fix the bug, filter analyzers have been splitted in 2 distinct lists to have different analyzers for the request channel than those for the response channel. And of course, we have moved them to the right place. Some other analyzers have been reordered to respect the evaluation order: * AN_REQ_HTTP_TARPIT has been moved just before AN_REQ_SRV_RULES * AN_REQ_PRST_RDP_COOKIE has been moved just before AN_REQ_STICKING_RULES * AN_RES_STORE_RULES has been moved just after AN_RES_WAIT_HTTP Note today we have 29 analyzers, all stored into a 32 bits bitfield. So we can still add 4 more analyzers before having a problem. A good way to fend off the problem for a while could be to have a different bitfield for request and response analyzers. [wt: all of this must be backported to 1.7, and part of it must be backported to 1.6 and 1.5]
2017-01-05 08:06:34 -05:00
curproxy->be_req_ana |= AN_REQ_FLT_START_BE | AN_REQ_FLT_XFER_DATA | AN_REQ_FLT_END;
curproxy->be_rsp_ana |= AN_RES_FLT_START_BE | AN_RES_FLT_XFER_DATA | AN_RES_FLT_END;
MEDIUM: filters: Replace filter_http_headers callback by an analyzer This new analyzer will be called for each HTTP request/response, before the parsing of the body. It is identified by AN_FLT_HTTP_HDRS. Special care was taken about the following condition : * the frontend is a TCP proxy * filters are defined in the frontend section * the selected backend is a HTTP proxy So, this patch explicitly add AN_FLT_HTTP_HDRS analyzer on the request and the response channels when the backend is a HTTP proxy and when there are filters attatched on the stream. This patch simplifies http_request_forward_body and http_response_forward_body functions.
2015-12-02 03:57:32 -05:00
if (curproxy->mode == PR_MODE_HTTP) {
BUG/MAJOR: channel: Fix the definition order of channel analyzers It is important to defined analyzers (AN_REQ_* and AN_RES_*) in the same order they are evaluated in process_stream. This order is really important because during analyzers evaluation, we run them in the order of the lower bit to the higher one. This way, when an analyzer adds/removes another one during its evaluation, we know if it is located before or after it. So, when it adds an analyzer which is located before it, we can switch to it immediately, even if it has already been called once but removed since. With the time, and introduction of new analyzers, this order was broken up. the main problems come from the filter analyzers. We used values not related with their evaluation order. Furthermore, we used same values for request and response analyzers. So, to fix the bug, filter analyzers have been splitted in 2 distinct lists to have different analyzers for the request channel than those for the response channel. And of course, we have moved them to the right place. Some other analyzers have been reordered to respect the evaluation order: * AN_REQ_HTTP_TARPIT has been moved just before AN_REQ_SRV_RULES * AN_REQ_PRST_RDP_COOKIE has been moved just before AN_REQ_STICKING_RULES * AN_RES_STORE_RULES has been moved just after AN_RES_WAIT_HTTP Note today we have 29 analyzers, all stored into a 32 bits bitfield. So we can still add 4 more analyzers before having a problem. A good way to fend off the problem for a while could be to have a different bitfield for request and response analyzers. [wt: all of this must be backported to 1.7, and part of it must be backported to 1.6 and 1.5]
2017-01-05 08:06:34 -05:00
curproxy->be_req_ana |= AN_REQ_FLT_HTTP_HDRS;
curproxy->be_rsp_ana |= AN_RES_FLT_HTTP_HDRS;
MEDIUM: filters: Replace filter_http_headers callback by an analyzer This new analyzer will be called for each HTTP request/response, before the parsing of the body. It is identified by AN_FLT_HTTP_HDRS. Special care was taken about the following condition : * the frontend is a TCP proxy * filters are defined in the frontend section * the selected backend is a HTTP proxy So, this patch explicitly add AN_FLT_HTTP_HDRS analyzer on the request and the response channels when the backend is a HTTP proxy and when there are filters attatched on the stream. This patch simplifies http_request_forward_body and http_response_forward_body functions.
2015-12-02 03:57:32 -05:00
}
MAJOR: filters: Add filters support This patch adds the support of filters in HAProxy. The main idea is to have a way to "easely" extend HAProxy by adding some "modules", called filters, that will be able to change HAProxy behavior in a programmatic way. To do so, many entry points has been added in code to let filters to hook up to different steps of the processing. A filter must define a flt_ops sutrctures (see include/types/filters.h for details). This structure contains all available callbacks that a filter can define: struct flt_ops { /* * Callbacks to manage the filter lifecycle */ int (*init) (struct proxy *p); void (*deinit)(struct proxy *p); int (*check) (struct proxy *p); /* * Stream callbacks */ void (*stream_start) (struct stream *s); void (*stream_accept) (struct stream *s); void (*session_establish)(struct stream *s); void (*stream_stop) (struct stream *s); /* * HTTP callbacks */ int (*http_start) (struct stream *s, struct http_msg *msg); int (*http_start_body) (struct stream *s, struct http_msg *msg); int (*http_start_chunk) (struct stream *s, struct http_msg *msg); int (*http_data) (struct stream *s, struct http_msg *msg); int (*http_last_chunk) (struct stream *s, struct http_msg *msg); int (*http_end_chunk) (struct stream *s, struct http_msg *msg); int (*http_chunk_trailers)(struct stream *s, struct http_msg *msg); int (*http_end_body) (struct stream *s, struct http_msg *msg); void (*http_end) (struct stream *s, struct http_msg *msg); void (*http_reset) (struct stream *s, struct http_msg *msg); int (*http_pre_process) (struct stream *s, struct http_msg *msg); int (*http_post_process) (struct stream *s, struct http_msg *msg); void (*http_reply) (struct stream *s, short status, const struct chunk *msg); }; To declare and use a filter, in the configuration, the "filter" keyword must be used in a listener/frontend section: frontend test ... filter <FILTER-NAME> [OPTIONS...] The filter referenced by the <FILTER-NAME> must declare a configuration parser on its own name to fill flt_ops and filter_conf field in the proxy's structure. An exemple will be provided later to make it perfectly clear. For now, filters cannot be used in backend section. But this is only a matter of time. Documentation will also be added later. This is the first commit of a long list about filters. It is possible to have several filters on the same listener/frontend. These filters are stored in an array of at most MAX_FILTERS elements (define in include/types/filters.h). Again, this will be replaced later by a list of filters. The filter API has been highly refactored. Main changes are: * Now, HA supports an infinite number of filters per proxy. To do so, filters are stored in list. * Because filters are stored in list, filters state has been moved from the channel structure to the filter structure. This is cleaner because there is no more info about filters in channel structure. * It is possible to defined filters on backends only. For such filters, stream_start/stream_stop callbacks are not called. Of course, it is possible to mix frontend and backend filters. * Now, TCP streams are also filtered. All callbacks without the 'http_' prefix are called for all kind of streams. In addition, 2 new callbacks were added to filter data exchanged through a TCP stream: - tcp_data: it is called when new data are available or when old unprocessed data are still waiting. - tcp_forward_data: it is called when some data can be consumed. * New callbacks attached to channel were added: - channel_start_analyze: it is called when a filter is ready to process data exchanged through a channel. 2 new analyzers (a frontend and a backend) are attached to channels to call this callback. For a frontend filter, it is called before any other analyzer. For a backend filter, it is called when a backend is attached to a stream. So some processing cannot be filtered in that case. - channel_analyze: it is called before each analyzer attached to a channel, expects analyzers responsible for data sending. - channel_end_analyze: it is called when all other analyzers have finished their processing. A new analyzers is attached to channels to call this callback. For a TCP stream, this is always the last one called. For a HTTP one, the callback is called when a request/response ends, so it is called one time for each request/response. * 'session_established' callback has been removed. Everything that is done in this callback can be handled by 'channel_start_analyze' on the response channel. * 'http_pre_process' and 'http_post_process' callbacks have been replaced by 'channel_analyze'. * 'http_start' callback has been replaced by 'http_headers'. This new one is called just before headers sending and parsing of the body. * 'http_end' callback has been replaced by 'channel_end_analyze'. * It is possible to set a forwarder for TCP channels. It was already possible to do it for HTTP ones. * Forwarders can partially consumed forwardable data. For this reason a new HTTP message state was added before HTTP_MSG_DONE : HTTP_MSG_ENDING. Now all filters can define corresponding callbacks (http_forward_data and tcp_forward_data). Each filter owns 2 offsets relative to buf->p, next and forward, to track, respectively, input data already parsed but not forwarded yet by the filter and parsed data considered as forwarded by the filter. A any time, we have the warranty that a filter cannot parse or forward more input than previous ones. And, of course, it cannot forward more input than it has parsed. 2 macros has been added to retrieve these offets: FLT_NXT and FLT_FWD. In addition, 2 functions has been added to change the 'next size' and the 'forward size' of a filter. When a filter parses input data, it can alter these data, so the size of these data can vary. This action has an effet on all previous filters that must be handled. To do so, the function 'filter_change_next_size' must be called, passing the size variation. In the same spirit, if a filter alter forwarded data, it must call the function 'filter_change_forward_size'. 'filter_change_next_size' can be called in 'http_data' and 'tcp_data' callbacks and only these ones. And 'filter_change_forward_size' can be called in 'http_forward_data' and 'tcp_forward_data' callbacks and only these ones. The data changes are the filter responsability, but with some limitation. It must not change already parsed/forwarded data or data that previous filters have not parsed/forwarded yet. Because filters can be used on backends, when we the backend is set for a stream, we add filters defined for this backend in the filter list of the stream. But we must only do that when the backend and the frontend of the stream are not the same. Else same filters are added a second time leading to undefined behavior. The HTTP compression code had to be moved. So it simplifies http_response_forward_body function. To do so, the way the data are forwarded has changed. Now, a filter (and only one) can forward data. In a commit to come, this limitation will be removed to let all filters take part to data forwarding. There are 2 new functions that filters should use to deal with this feature: * flt_set_http_data_forwarder: This function sets the filter (using its id) that will forward data for the specified HTTP message. It is possible if it was not already set by another filter _AND_ if no data was yet forwarded (msg->msg_state <= HTTP_MSG_BODY). It returns -1 if an error occurs. * flt_http_data_forwarder: This function returns the filter id that will forward data for the specified HTTP message. If there is no forwarder set, it returns -1. When an HTTP data forwarder is set for the response, the HTTP compression is disabled. Of course, this is not definitive.
2015-04-30 05:48:27 -04:00
}
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
}
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
}
/***********************************************************/
/* At this point, target names have already been resolved. */
/***********************************************************/
/* Check multi-process mode compatibility */
if (global.nbproc > 1 && global.stats_fe) {
list_for_each_entry(bind_conf, &global.stats_fe->conf.bind, by_fe) {
unsigned long mask;
mask = nbits(global.nbproc);
if (global.stats_fe->bind_proc)
mask &= global.stats_fe->bind_proc;
if (bind_conf->bind_proc)
mask &= bind_conf->bind_proc;
/* stop here if more than one process is used */
BUILD/MINOR: tools: rename popcount to my_popcountl This is in order to avoid conflicting with NetBSD popcount* functions since 6.x release, the final l to mentions the argument is a long like NetBSD does. This patch could be backported to 1.5 to fix the build issue there as well.
2015-07-02 03:00:17 -04:00
if (my_popcountl(mask) > 1)
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
break;
}
if (&bind_conf->by_fe != &global.stats_fe->conf.bind) {
Warning("stats socket will not work as expected in multi-process mode (nbproc > 1), you should force process binding globally using 'stats bind-process' or per socket using the 'process' attribute.\n");
}
}
/* Make each frontend inherit bind-process from its listeners when not specified. */
for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
if (curproxy->bind_proc)
continue;
list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
unsigned long mask;
BUG/MEDIUM: config: properly compute the default number of processes for a proxy Chad Lavoie reported an interesting regression caused by the latest updates to automatically detect the processes a peers section runs on. It turns out that if a config has neither nbproc nor a bind-process statement and depending on the frontend->backend chaining, it is possible to evade all bind_proc propagations, resulting in assigning only ~0UL (all processes, which is 32 or 64) without ever restricting it to nbproc. It was not visible in backends until they started to reference peers sections which saw themselves with 64 processes at once. This patch addresses this by replacing all those ~0UL with nbits(nbproc). That way all "bind-process" settings *default* to the number of processes defined in nbproc instead of 32 or 64. This fix could possibly be backported into 1.5, though there is no indication that this bug could have any effect there.
2015-05-04 15:57:58 -04:00
mask = bind_conf->bind_proc ? bind_conf->bind_proc : nbits(global.nbproc);
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
curproxy->bind_proc |= mask;
}
if (!curproxy->bind_proc)
BUG/MEDIUM: config: properly compute the default number of processes for a proxy Chad Lavoie reported an interesting regression caused by the latest updates to automatically detect the processes a peers section runs on. It turns out that if a config has neither nbproc nor a bind-process statement and depending on the frontend->backend chaining, it is possible to evade all bind_proc propagations, resulting in assigning only ~0UL (all processes, which is 32 or 64) without ever restricting it to nbproc. It was not visible in backends until they started to reference peers sections which saw themselves with 64 processes at once. This patch addresses this by replacing all those ~0UL with nbits(nbproc). That way all "bind-process" settings *default* to the number of processes defined in nbproc instead of 32 or 64. This fix could possibly be backported into 1.5, though there is no indication that this bug could have any effect there.
2015-05-04 15:57:58 -04:00
curproxy->bind_proc = nbits(global.nbproc);
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
}
if (global.stats_fe) {
list_for_each_entry(bind_conf, &global.stats_fe->conf.bind, by_fe) {
unsigned long mask;
BUG/MEDIUM: stats: stats bind-process doesn't propagate the process mask correctly With nbproc > 1, it is possible to specify on which process the stats socket will be bound using "stats bind-process", but the behaviour was not correct, ignoring the value in some configurations. Example : global nbproc 4 stats bind-process 1 stats socket /var/run/haproxy.sock With such a configuration, all the processes will listen on the stats socket. As a workaround, it is also possible to declare a "process" keyword on the "stats stocket" line. The patch must be applied to 1.7, 1.6 and 1.5
2016-02-23 18:14:54 -05:00
mask = bind_conf->bind_proc ? bind_conf->bind_proc : 0;
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
global.stats_fe->bind_proc |= mask;
}
if (!global.stats_fe->bind_proc)
BUG/MEDIUM: config: properly compute the default number of processes for a proxy Chad Lavoie reported an interesting regression caused by the latest updates to automatically detect the processes a peers section runs on. It turns out that if a config has neither nbproc nor a bind-process statement and depending on the frontend->backend chaining, it is possible to evade all bind_proc propagations, resulting in assigning only ~0UL (all processes, which is 32 or 64) without ever restricting it to nbproc. It was not visible in backends until they started to reference peers sections which saw themselves with 64 processes at once. This patch addresses this by replacing all those ~0UL with nbits(nbproc). That way all "bind-process" settings *default* to the number of processes defined in nbproc instead of 32 or 64. This fix could possibly be backported into 1.5, though there is no indication that this bug could have any effect there.
2015-05-04 15:57:58 -04:00
global.stats_fe->bind_proc = nbits(global.nbproc);
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
}
BUG/MINOR: config: don't propagate process binding on fatal errors. propagate_processes() must not be called with unresolved proxies, but nothing prevents it from being called in check_config_validity(). The resulting effect is that an unresolved proxy can cause a recursion loop if called in such a situation, ending with a segfault after the fatal error report. There's no side effect beyond this. This patch refrains from calling the function when any error was met. This bug also affects 1.5, it should be backported.
2014-10-01 14:50:17 -04:00
/* propagate bindings from frontends to backends. Don't do it if there
* are any fatal errors as we must not call it with unresolved proxies.
*/
if (!cfgerr) {
for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
if (curproxy->cap & PR_CAP_FE)
propagate_processes(curproxy, NULL);
}
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
}
/* Bind each unbound backend to all processes when not specified. */
for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
if (curproxy->bind_proc)
continue;
BUG/MEDIUM: config: properly compute the default number of processes for a proxy Chad Lavoie reported an interesting regression caused by the latest updates to automatically detect the processes a peers section runs on. It turns out that if a config has neither nbproc nor a bind-process statement and depending on the frontend->backend chaining, it is possible to evade all bind_proc propagations, resulting in assigning only ~0UL (all processes, which is 32 or 64) without ever restricting it to nbproc. It was not visible in backends until they started to reference peers sections which saw themselves with 64 processes at once. This patch addresses this by replacing all those ~0UL with nbits(nbproc). That way all "bind-process" settings *default* to the number of processes defined in nbproc instead of 32 or 64. This fix could possibly be backported into 1.5, though there is no indication that this bug could have any effect there.
2015-05-04 15:57:58 -04:00
curproxy->bind_proc = nbits(global.nbproc);
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
}
/*******************************************************/
/* At this step, all proxies have a non-null bind_proc */
/*******************************************************/
/* perform the final checks before creating tasks */
for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
struct listener *listener;
unsigned int next_id;
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
MEDIUM: config: centralize handling of SSL config per bind line SSL config holds many parameters which are per bind line and not per listener. Let's use a per-bind line config instead of having it replicated for each listener. At the moment we only do this for the SSL part but this should probably evolved to handle more of the configuration and maybe even the state per bind line.
2012-09-07 10:58:00 -04:00
/* Configure SSL for each bind line.
* Note: if configuration fails at some point, the ->ctx member
* remains NULL so that listeners can later detach.
*/
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
MEDIUM: ssl_sock: implement ssl_sock_prepare_bind_conf() Instead of hard-coding all SSL preparation in cfgparse.c, we now register this new function as the transport layer's prepare_bind_conf() and call it only when definied. This removes some non-obvious SSL-specific code from cfgparse.c as well as a #ifdef.
2016-12-21 17:38:39 -05:00
if (bind_conf->xprt->prepare_bind_conf &&
bind_conf->xprt->prepare_bind_conf(bind_conf) < 0)
MEDIUM: config: centralize handling of SSL config per bind line SSL config holds many parameters which are per bind line and not per listener. Let's use a per-bind line config instead of having it replicated for each listener. At the moment we only do this for the SSL part but this should probably evolved to handle more of the configuration and maybe even the state per bind line.
2012-09-07 10:58:00 -04:00
cfgerr++;
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
}
MEDIUM: config: centralize handling of SSL config per bind line SSL config holds many parameters which are per bind line and not per listener. Let's use a per-bind line config instead of having it replicated for each listener. At the moment we only do this for the SSL part but this should probably evolved to handle more of the configuration and maybe even the state per bind line.
2012-09-07 10:58:00 -04:00
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-28 20:09:36 -04:00
/* adjust this proxy's listeners */
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
next_id = 1;
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
list_for_each_entry(listener, &curproxy->conf.listeners, by_fe) {
BUG/MEDIUM: fix maxaccept computation on per-process listeners Christian Ruppert reported a performance degradation when binding a single frontend to many processes while only one bind line was being used, bound to a single process. The reason comes from the fact that whenever a listener is bound to multiple processes, the it is assigned a maxaccept value which equals half the global maxaccept value divided by the number of processes the frontend is bound to. The purpose is to ensure that no single process will drain all the incoming requests at once and ensure a fair share between all listeners. Usually this works pretty well, when a listener is bound to all the processes of its frontend. But here we're in a situation where the maxaccept of a listener which is bound to a single process is still divided by a large value. The fix consists in taking into account the number of processes the listener is bound do and not only those of the frontend. This way it is perfectly possible to benefit from nbproc and SO_REUSEPORT without performance degradation. 1.6 and 1.5 normally suffer from the same issue.
2016-04-14 05:47:38 -04:00
int nbproc;
nbproc = my_popcountl(curproxy->bind_proc &
BUG/MINOR: fix maxaccept computation according to the frontend process range commit 7c0ffd23 is only considering the explicit use of the "process" keyword on the listeners. But at this step, if it's not defined in the configuration, the listener bind_proc mask is set to 0. As a result, the code will compute the maxaccept value based on only 1 process, which is not always true. For example : global nbproc 4 frontend test bind-process 1-2 bind :80 Here, the maxaccept value for the "test" frontend was set to the global tune.maxaccept value (default to 64), whereas it should consider 2 processes will accept connections. As of the documentation, the value should be divided by twice the number of processes the listener is bound to. To fix this, we can consider that if no mask is set to the listener, we take the frontend mask. This is not critical but it can introduce unfairness distribution of the incoming connections across the processes. It should be backported to the same branches as commit 7c0ffd23 (1.6 and 1.5 were in the scope).
2016-04-15 01:58:43 -04:00
(listener->bind_conf->bind_proc ? listener->bind_conf->bind_proc : curproxy->bind_proc) &
BUG/MEDIUM: fix maxaccept computation on per-process listeners Christian Ruppert reported a performance degradation when binding a single frontend to many processes while only one bind line was being used, bound to a single process. The reason comes from the fact that whenever a listener is bound to multiple processes, the it is assigned a maxaccept value which equals half the global maxaccept value divided by the number of processes the frontend is bound to. The purpose is to ensure that no single process will drain all the incoming requests at once and ensure a fair share between all listeners. Usually this works pretty well, when a listener is bound to all the processes of its frontend. But here we're in a situation where the maxaccept of a listener which is bound to a single process is still divided by a large value. The fix consists in taking into account the number of processes the listener is bound do and not only those of the frontend. This way it is perfectly possible to benefit from nbproc and SO_REUSEPORT without performance degradation. 1.6 and 1.5 normally suffer from the same issue.
2016-04-14 05:47:38 -04:00
nbits(global.nbproc));
if (!nbproc) /* no intersection between listener and frontend */
nbproc = 1;
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
if (!listener->luid) {
/* listener ID not set, use automatic numbering with first
* spare entry starting with next_luid.
*/
next_id = get_next_id(&curproxy->conf.used_listener_id, next_id);
listener->conf.id.key = listener->luid = next_id;
eb32_insert(&curproxy->conf.used_listener_id, &listener->conf.id);
}
[BUG] pxid/puid/luid: don't shift IDs when some of them are forced [WT: it was not a bug, I did it on purpose to leave no hole between IDs, though it's not very practical when admins want to force some entries after they have been used, because they'd rather leave a hole than renumber everything ] Forcing some of IDs should not shift others. Regression introduced in 53fb4ae261b6e0e33e618f5cabbacc1657c19cc5 ---cut here--- global stats socket /home/ole/haproxy.stat user ole group ole mode 660 frontend F1 bind 127.0.0.1:9999 mode http backend B1 mode http backend B2 mode http id 9999 backend B3 mode http backend B4 mode http ---cut here--- Before 53fb4ae261b6e0e33e618f5cabbacc1657c19cc5: $ echo "show stat" | socat unix-connect:/home/ole/haproxy.stat stdio|cut -d , -f 28 iid 1 2 9999 4 5 After 53fb4ae261b6e0e33e618f5cabbacc1657c19cc5: $ echo "show stat" | socat unix-connect:/home/ole/haproxy.stat stdio|cut -d , -f 28 iid 1 2 9999 3 4 With this patch: $ echo "show stat" | socat unix-connect:/home/ole/haproxy.stat stdio|cut -d , -f 28 iid 1 2 9999 4 5
2010-02-05 14:58:27 -05:00
next_id++;
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
[MEDIUM] Collect & provide separate statistics for sockets, v2 This patch allows to collect & provide separate statistics for each socket. It can be very useful if you would like to distinguish between traffic generate by local and remote users or between different types of remote clients (peerings, domestic, foreign). Currently no "Session rate" is supported, but adding it should be possible if we found it useful.
2009-10-04 09:43:17 -04:00
/* enable separate counters */
if (curproxy->options2 & PR_O2_SOCKSTAT) {
CLEANUP: counters: move from 3 types to 2 types We used to have 3 types of counters with a huge overlap : - listener counters : stats collected for each bind line - proxy counters : union of the frontend and backend counters - server counters : stats collected per server It happens that quite a good part was common between listeners and proxies due to the frontend counters being updated at the two locations, and that similarly the server and proxy counters were overlapping and being updated together. This patch cleans this up to propose only two types of counters : - fe_counters: used by frontends and listeners, related to incoming connections activity - be_counters: used by backends and servers, related to outgoing connections activity This allowed to remove some non-sensical counters from both parts. For frontends, the following entries were removed : cum_lbconn, last_sess, nbpend_max, failed_conns, failed_resp, retries, redispatches, q_time, c_time, d_time, t_time For backends, this ones was removed : intercepted_req. While doing this it was discovered that we used to incorrectly report intercepted_req for backends in the HTML stats, which was always zero since it's never updated. Also it revealed a few inconsistencies (which were not fixed as they are harmless). For example, backends count connections (cum_conn) instead of sessions while servers count sessions and not connections. Over the long term, some extra cleanups may be performed by having some counters update functions touching both the server and backend at the same time, as well as both the frontend and listener, to ensure that all sides have all their stats properly filled. The stats dump will also be able to factor the dump functions by counter types.
2016-11-25 08:44:52 -05:00
listener->counters = calloc(1, sizeof(*listener->counters));
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
if (!listener->name)
memprintf(&listener->name, "sock-%d", listener->luid);
[MEDIUM] Collect & provide separate statistics for sockets, v2 This patch allows to collect & provide separate statistics for each socket. It can be very useful if you would like to distinguish between traffic generate by local and remote users or between different types of remote clients (peerings, domestic, foreign). Currently no "Session rate" is supported, but adding it should be possible if we found it useful.
2009-10-04 09:43:17 -04:00
}
MINOR: ssl: set the listeners' data layer to ssl during parsing It's better to set all listeners to ssl_sock when seeing the "ssl" keyword that to loop on all of them afterwards just for this. This also removes some #ifdefs.
2012-09-22 13:11:47 -04:00
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-28 20:09:36 -04:00
if (curproxy->options & PR_O_TCP_NOLING)
listener->options |= LI_O_NOLINGER;
MEDIUM: config: support per-listener backlog and maxconn With SSL, connections are much more expensive, so it is important to be able to limit concurrent connections per listener in order to limit the memory usage.
2012-09-06 05:10:55 -04:00
if (!listener->maxconn)
listener->maxconn = curproxy->maxconn;
if (!listener->backlog)
listener->backlog = curproxy->backlog;
MEDIUM: adjust the maxaccept per listener depending on the number of processes global.tune.maxaccept was used for all listeners. This becomes really not convenient when some listeners are bound to a single process and other ones are bound to many processes. Now we change the principle : we count the number of processes a listener is bound to, and apply the maxaccept either entirely if there is a single process, or divided by twice the number of processes in order to maintain fairness. The default limit has also been increased from 32 to 64 as it appeared that on small machines, 32 was too low to achieve high connection rates.
2012-11-19 06:39:59 -05:00
if (!listener->maxaccept)
listener->maxaccept = global.tune.maxaccept ? global.tune.maxaccept : 64;
/* we want to have an optimal behaviour on single process mode to
* maximize the work at once, but in multi-process we want to keep
* some fairness between processes, so we target half of the max
* number of events to be balanced over all the processes the proxy
* is bound to. Rememeber that maxaccept = -1 must be kept as it is
* used to disable the limit.
*/
if (listener->maxaccept > 0) {
if (nbproc > 1)
listener->maxaccept = (listener->maxaccept + 1) / 2;
listener->maxaccept = (listener->maxaccept + nbproc - 1) / nbproc;
}
REORG: session: move the session parts out of stream.c This concerns everythins related to accepting a new session and expiring the embryonic session. There's still a hard-coded call to stream_accept_session() which could be set somewhere in the frontend, but for now it's not a problem.
2015-04-04 12:50:31 -04:00
listener->accept = session_accept_fd;
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
listener->analysers |= curproxy->fe_req_ana;
MEDIUM: listener: store the default target per listener This will be useful later to state that some listeners have to use certain decoders (typically an HTTP/2 decoder) regardless of the regular processing applied to other listeners. For now it simply defaults to the frontend's default target, and it is used by the session.
2015-03-13 11:43:12 -04:00
listener->default_target = curproxy->default_target;
[MINOR] pre-set analyser flags on the listener at registration time In order to achieve more generic accept() code, we can set the request analysers at the listener registration time. It's better than doing it during accept(), and allows more code reuse.
2008-12-07 05:50:35 -05:00
[MEDIUM] frontend: check for LI_O_TCP_RULES in the listener The new LI_O_TCP_RULES listener option indicates that some TCP rules must be checked upon accept on this listener. It is now checked by the frontend and the L4 rules are evaluated only in this case. The flag is only set when at least one tcp-req rule is present in the frontend. The L4 rules check function has now been moved to proto_tcp.c where it ought to be.
2010-05-31 04:30:33 -04:00
if (!LIST_ISEMPTY(&curproxy->tcp_req.l4_rules))
CLEANUP: tcp rules: mention everywhere that tcp-conn rules are L4 This is in order to make integration of tcp-request-session cleaner : - tcp_exec_req_rules() was renamed tcp_exec_l4_rules() - LI_O_TCP_RULES was renamed LI_O_TCP_L4_RULES (LI_O_*'s horrible indent was also fixed and a provision was left for L5 rules).
2016-10-21 10:34:21 -04:00
listener->options |= LI_O_TCP_L4_RULES;
[MEDIUM] frontend: check for LI_O_TCP_RULES in the listener The new LI_O_TCP_RULES listener option indicates that some TCP rules must be checked upon accept on this listener. It is now checked by the frontend and the L4 rules are evaluated only in this case. The flag is only set when at least one tcp-req rule is present in the frontend. The L4 rules check function has now been moved to proto_tcp.c where it ought to be.
2010-05-31 04:30:33 -04:00
MEDIUM: tcp: add registration and processing of TCP L5 rules This commit introduces "tcp-request session" rules. These are very much like "tcp-request connection" rules except that they're processed after the handshake, so it is possible to consider SSL information and addresses rewritten by the proxy protocol header in actions. This is particularly useful to track proxied sources as this was not possible before, given that tcp-request content rules are processed after each HTTP request. Similarly it is possible to assign the proxied source address or the client's cert to a variable.
2016-10-21 10:37:51 -04:00
if (!LIST_ISEMPTY(&curproxy->tcp_req.l5_rules))
listener->options |= LI_O_TCP_L5_RULES;
[MINOR] frontend: only check for monitor-net rules if LI_O_CHK_MONNET is set We can disable the monitor-net rules on a listener if this flag is not set in the listener's options. This will be useful when we don't want to check that fe->addr is set or not for non-TCP frontends.
2010-05-31 04:56:17 -04:00
if (curproxy->mon_mask.s_addr)
listener->options |= LI_O_CHK_MONNET;
[MEDIUM] implement option tcp-smart-accept at the frontend This option disables TCP quick ack upon accept. It is also automatically enabled in HTTP mode, unless the option is explicitly disabled with "no option tcp-smart-accept". This saves one packet per connection which can bring reasonable amounts of bandwidth for servers processing small requests.
2009-06-14 06:07:01 -04:00
/* smart accept mode is automatic in HTTP mode */
if ((curproxy->options2 & PR_O2_SMARTACC) ||
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
((curproxy->mode == PR_MODE_HTTP || listener->bind_conf->is_ssl) &&
[MEDIUM] implement option tcp-smart-accept at the frontend This option disables TCP quick ack upon accept. It is also automatically enabled in HTTP mode, unless the option is explicitly disabled with "no option tcp-smart-accept". This saves one packet per connection which can bring reasonable amounts of bandwidth for servers processing small requests.
2009-06-14 06:07:01 -04:00
!(curproxy->no_options2 & PR_O2_SMARTACC)))
listener->options |= LI_O_NOQUICKACK;
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-28 20:09:36 -04:00
}
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
/* Release unused SSL configs */
list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf() Instead of hard-coding all SSL destruction in cfgparse.c and haproxy.c, we now register this new function as the transport layer's destroy_bind_conf() and call it only when defined. This removes some non-obvious SSL-specific code and #ifdefs from cfgparse.c and haproxy.c
2016-12-22 11:30:54 -05:00
if (!bind_conf->is_ssl && bind_conf->xprt->destroy_bind_conf)
bind_conf->xprt->destroy_bind_conf(bind_conf);
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
}
MEDIUM: config: centralize handling of SSL config per bind line SSL config holds many parameters which are per bind line and not per listener. Let's use a per-bind line config instead of having it replicated for each listener. At the moment we only do this for the SSL part but this should probably evolved to handle more of the configuration and maybe even the state per bind line.
2012-09-07 10:58:00 -04:00
BUG/MEDIUM: fix maxaccept computation on per-process listeners Christian Ruppert reported a performance degradation when binding a single frontend to many processes while only one bind line was being used, bound to a single process. The reason comes from the fact that whenever a listener is bound to multiple processes, the it is assigned a maxaccept value which equals half the global maxaccept value divided by the number of processes the frontend is bound to. The purpose is to ensure that no single process will drain all the incoming requests at once and ensure a fair share between all listeners. Usually this works pretty well, when a listener is bound to all the processes of its frontend. But here we're in a situation where the maxaccept of a listener which is bound to a single process is still divided by a large value. The fix consists in taking into account the number of processes the listener is bound do and not only those of the frontend. This way it is perfectly possible to benefit from nbproc and SO_REUSEPORT without performance degradation. 1.6 and 1.5 normally suffer from the same issue.
2016-04-14 05:47:38 -04:00
if (my_popcountl(curproxy->bind_proc & nbits(global.nbproc)) > 1) {
MEDIUM: config: check the bind-process settings according to nbproc When a bind-process setting is present in a frontend or backend, we now verify that the specified process range at least shares one common process with those defined globally by nbproc. Then if the value is set, it is reduced to the one enforced by nbproc. A warning is emitted if process count does not match, and the fix is done the following way : - if a single process was specified in the range, it's remapped to process #1 - if more than one process was specified, the binding is removed and all processes are usable. Note that since backends may inherit their settings from frontends, depending on the declaration order, they may or may not be reported as warnings.
2014-05-07 17:56:38 -04:00
if (curproxy->uri_auth) {
MEDIUM: config: only warn if stats are attached to multi-process bind directives Some users want to have a stats frontend with one line per process, but while 100% valid and safe, the config parser emits a warning. Relax this check to ensure that the warning is only emitted if at least one of the listeners is bound to multiple processes, or if the directive is placed in a backend called from multiple processes (since in this case we don't know if it's safe).
2014-09-16 09:11:04 -04:00
int count, maxproc = 0;
list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
BUILD/MINOR: tools: rename popcount to my_popcountl This is in order to avoid conflicting with NetBSD popcount* functions since 6.x release, the final l to mentions the argument is a long like NetBSD does. This patch could be backported to 1.5 to fix the build issue there as well.
2015-07-02 03:00:17 -04:00
count = my_popcountl(bind_conf->bind_proc);
MEDIUM: config: only warn if stats are attached to multi-process bind directives Some users want to have a stats frontend with one line per process, but while 100% valid and safe, the config parser emits a warning. Relax this check to ensure that the warning is only emitted if at least one of the listeners is bound to multiple processes, or if the directive is placed in a backend called from multiple processes (since in this case we don't know if it's safe).
2014-09-16 09:11:04 -04:00
if (count > maxproc)
maxproc = count;
}
/* backends have 0, frontends have 1 or more */
if (maxproc != 1)
Warning("Proxy '%s': in multi-process mode, stats will be"
" limited to process assigned to the current request.\n",
curproxy->id);
MEDIUM: config: check the bind-process settings according to nbproc When a bind-process setting is present in a frontend or backend, we now verify that the specified process range at least shares one common process with those defined globally by nbproc. Then if the value is set, it is reduced to the one enforced by nbproc. A warning is emitted if process count does not match, and the fix is done the following way : - if a single process was specified in the range, it's remapped to process #1 - if more than one process was specified, the binding is removed and all processes are usable. Note that since backends may inherit their settings from frontends, depending on the declaration order, they may or may not be reported as warnings.
2014-05-07 17:56:38 -04:00
if (!LIST_ISEMPTY(&curproxy->uri_auth->admin_rules)) {
Warning("Proxy '%s': stats admin will not work correctly in multi-process mode.\n",
curproxy->id);
[MINOR] add warnings on features not compatible with multi-process mode Using haproxy in multi-process mode (nbproc > 1), some features can be not fully compatible or not work at all. haproxy will now display a warning on startup for : - appsession - sticking rules - stats / stats admin - stats socket - peers (fatal error in that case)
2010-12-14 16:48:49 -05:00
}
}
MEDIUM: config: check the bind-process settings according to nbproc When a bind-process setting is present in a frontend or backend, we now verify that the specified process range at least shares one common process with those defined globally by nbproc. Then if the value is set, it is reduced to the one enforced by nbproc. A warning is emitted if process count does not match, and the fix is done the following way : - if a single process was specified in the range, it's remapped to process #1 - if more than one process was specified, the binding is removed and all processes are usable. Note that since backends may inherit their settings from frontends, depending on the declaration order, they may or may not be reported as warnings.
2014-05-07 17:56:38 -04:00
if (!LIST_ISEMPTY(&curproxy->sticking_rules)) {
Warning("Proxy '%s': sticking rules will not work correctly in multi-process mode.\n",
curproxy->id);
[MINOR] add warnings on features not compatible with multi-process mode Using haproxy in multi-process mode (nbproc > 1), some features can be not fully compatible or not work at all. haproxy will now display a warning on startup for : - appsession - sticking rules - stats / stats admin - stats socket - peers (fatal error in that case)
2010-12-14 16:48:49 -05:00
}
}
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
/* create the task associated with the proxy */
curproxy->task = task_new();
if (curproxy->task) {
curproxy->task->context = curproxy;
curproxy->task->process = manage_proxy;
} else {
Alert("Proxy '%s': no more memory when trying to allocate the management task\n",
curproxy->id);
cfgerr++;
}
MEDIUM: config: make the frontends automatically bind to the listeners' processes When a frontend does not have any bind-process directive, make it automatically bind to the union of all of its listeners' processes instead of binding to all processes. That will make it possible to have the expected behaviour without having to explicitly specify a bind-process directive. Note that if the listeners are not bound to a specific process, the default is still to bind to all processes. This change could be backported to 1.5 as it simplifies process management, and was planned to be done during the 1.5 development phase.
2014-09-16 07:21:03 -04:00
}
[MINOR] config: automatically compute a default fullconn value The fullconn value is not easy to get right when doing dynamic regulation, as it should depend on the maxconns of the frontends that can reach a backend. Since the parameter is mandatory, many configs are found with an inappropriate default value. Instead of rejecting configs without a fullconn value, we now set it to 10% of the sum of the configured maxconns of all the frontends which are susceptible to branch to the backend. That way if new frontends are added, the backend's fullconn automatically adjusts itself.
2011-06-05 09:38:35 -04:00
/* automatically compute fullconn if not set. We must not do it in the
* loop above because cross-references are not yet fully resolved.
*/
for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
/* If <fullconn> is not set, let's set it to 10% of the sum of
* the possible incoming frontend's maxconns.
*/
if (!curproxy->fullconn && (curproxy->cap & PR_CAP_BE)) {
/* we have the sum of the maxconns in <total>. We only
* keep 10% of that sum to set the default fullconn, with
* a hard minimum of 1 (to avoid a divide by zero).
*/
OPTIM/MINOR: config: Optimize fullconn automatic computation loading configuration The previous version used an O(number of proxies)^2 algo to get the sum of the number of maxconns of frontends which reference a backend at least once. This new version adds the frontend's maxconn number to the backend's struct proxy member 'tot_fe_maxconn' when the backend name is resolved for switching rules or default_backend statment. At the end, the final backend's fullconn is computed looping only one time for all on proxies O(n). The load of a configuration using a large amount of backends (10 thousands) without configured fullconn was reduced from several minutes to few seconds.
2017-01-12 05:21:28 -05:00
curproxy->fullconn = (curproxy->tot_fe_maxconn + 9) / 10;
[MINOR] config: automatically compute a default fullconn value The fullconn value is not easy to get right when doing dynamic regulation, as it should depend on the maxconns of the frontends that can reach a backend. Since the parameter is mandatory, many configs are found with an inappropriate default value. Instead of rejecting configs without a fullconn value, we now set it to 10% of the sum of the configured maxconns of all the frontends which are susceptible to branch to the backend. That way if new frontends are added, the backend's fullconn automatically adjusts itself.
2011-06-05 09:38:35 -04:00
if (!curproxy->fullconn)
curproxy->fullconn = 1;
}
}
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
/*
* Recount currently required checks.
*/
for (curproxy=proxy; curproxy; curproxy=curproxy->next) {
int optnum;
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
for (optnum = 0; cfg_opts[optnum].name; optnum++)
if (curproxy->options & cfg_opts[optnum].val)
global.last_checks |= cfg_opts[optnum].checks;
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
for (optnum = 0; cfg_opts2[optnum].name; optnum++)
if (curproxy->options2 & cfg_opts2[optnum].val)
global.last_checks |= cfg_opts2[optnum].checks;
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
}
MEDIUM: config: propagate the table's process list to the peers sections Now a peers section has its bind_proc set to the union of all those of its users.
2015-05-01 13:12:05 -04:00
/* compute the required process bindings for the peers */
for (curproxy = proxy; curproxy; curproxy = curproxy->next)
if (curproxy->table.peers.p)
curproxy->table.peers.p->peers_fe->bind_proc |= curproxy->bind_proc;
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
if (cfg_peers) {
struct peers *curpeers = cfg_peers, **last;
[BUG] peers: don't keep a peers section which has a NULL frontend If a peers section has no peer named as the local peer, we must destroy it, otherwise a NULL peer frontend remains in the lists and a segfault can happen upon a soft restart. We also now report the missing peer name in order to help troubleshooting.
2011-09-07 15:24:49 -04:00
struct peer *p, *pb;
MEDIUM: config: validate that peers sections are bound to exactly one process If a peers section is bound to no process, it's silently discarded. If its bound to multiple processes, an error is emitted and the process will not start.
2015-05-01 13:15:17 -04:00
/* Remove all peers sections which don't have a valid listener,
* which are not used by any table, or which are bound to more
* than one process.
[BUG] peers: don't keep a peers section which has a NULL frontend If a peers section has no peer named as the local peer, we must destroy it, otherwise a NULL peer frontend remains in the lists and a segfault can happen upon a soft restart. We also now report the missing peer name in order to help troubleshooting.
2011-09-07 15:24:49 -04:00
*/
BUG/MINOR: peers: peer synchronization issue (with several peers sections). When several stick-tables were configured with several peers sections, only a part of them could be synchronized: the ones attached to the last parsed 'peers' section. This was due to the fact that, at least, the peer I/O handler refered to the wrong peer section list, in fact always the same: the last one parsed. The fact that the global peer section list was named "struct peers *peers" lead to this issue. This variable name is dangerous ;). So this patch renames global 'peers' variable to 'cfg_peers' to ensure that no such wrong references are still in use, then all the functions wich used old 'peers' variable have been modified to refer to the correct peer list. Must be backported to 1.6 and 1.7.
2017-07-13 03:07:09 -04:00
last = &cfg_peers;
[BUG] peers: don't keep a peers section which has a NULL frontend If a peers section has no peer named as the local peer, we must destroy it, otherwise a NULL peer frontend remains in the lists and a segfault can happen upon a soft restart. We also now report the missing peer name in order to help troubleshooting.
2011-09-07 15:24:49 -04:00
while (*last) {
curpeers = *last;
MEDIUM: peers: add the ability to disable a peers section Sometimes it's very hard to disable the use of peers because an empty section is not valid, so it is necessary to comment out all references to the section, and not to forget to restore them in the same state after the operation. Let's add a "disabled" keyword just like for proxies. A ->state member in the peers struct is even present for this purpose but was never used at all. Maybe it would make sense to backport this to 1.5 as it's really cumbersome there.
2015-05-01 14:02:17 -04:00
if (curpeers->state == PR_STSTOPPED) {
/* the "disabled" keyword was present */
if (curpeers->peers_fe)
stop_proxy(curpeers->peers_fe);
curpeers->peers_fe = NULL;
}
else if (!curpeers->peers_fe) {
Warning("Removing incomplete section 'peers %s' (no peer named '%s').\n",
curpeers->id, localpeer);
}
BUILD/MINOR: tools: rename popcount to my_popcountl This is in order to avoid conflicting with NetBSD popcount* functions since 6.x release, the final l to mentions the argument is a long like NetBSD does. This patch could be backported to 1.5 to fix the build issue there as well.
2015-07-02 03:00:17 -04:00
else if (my_popcountl(curpeers->peers_fe->bind_proc) != 1) {
MEDIUM: config: validate that peers sections are bound to exactly one process If a peers section is bound to no process, it's silently discarded. If its bound to multiple processes, an error is emitted and the process will not start.
2015-05-01 13:15:17 -04:00
/* either it's totally stopped or too much used */
if (curpeers->peers_fe->bind_proc) {
Alert("Peers section '%s': peers referenced by sections "
MINOR: config: report the number of processes using a peers section in the error case It can be helpful to know how many different processes try to use the same peers section when trying to find the culprits.
2015-05-04 15:48:51 -04:00
"running in different processes (%d different ones). "
"Check global.nbproc and all tables' bind-process "
BUILD/MINOR: tools: rename popcount to my_popcountl This is in order to avoid conflicting with NetBSD popcount* functions since 6.x release, the final l to mentions the argument is a long like NetBSD does. This patch could be backported to 1.5 to fix the build issue there as well.
2015-07-02 03:00:17 -04:00
"settings.\n", curpeers->id, my_popcountl(curpeers->peers_fe->bind_proc));
MEDIUM: config: validate that peers sections are bound to exactly one process If a peers section is bound to no process, it's silently discarded. If its bound to multiple processes, an error is emitted and the process will not start.
2015-05-01 13:15:17 -04:00
cfgerr++;
}
stop_proxy(curpeers->peers_fe);
curpeers->peers_fe = NULL;
}
MEDIUM: peers: add the ability to disable a peers section Sometimes it's very hard to disable the use of peers because an empty section is not valid, so it is necessary to comment out all references to the section, and not to forget to restore them in the same state after the operation. Let's add a "disabled" keyword just like for proxies. A ->state member in the peers struct is even present for this purpose but was never used at all. Maybe it would make sense to backport this to 1.5 as it's really cumbersome there.
2015-05-01 14:02:17 -04:00
else {
MAJOR: peers: peers protocol version 2.0 This patch does'nt add any new feature: the functional behavior is the same than version 1.0. Technical differences: In this version all updates on different stick tables are multiplexed on the same tcp session. There is only one established tcp session per peer whereas in first version there was one established tcp session per peer and per stick table. Messages format was reviewed to be more evolutive and to support further types of data exchange such as SSL sessions or other sticktable's data types (currently only the sticktable's server id is supported).
2015-05-12 12:49:09 -04:00
peers_init_sync(curpeers);
[BUG] peers: don't keep a peers section which has a NULL frontend If a peers section has no peer named as the local peer, we must destroy it, otherwise a NULL peer frontend remains in the lists and a segfault can happen upon a soft restart. We also now report the missing peer name in order to help troubleshooting.
2011-09-07 15:24:49 -04:00
last = &curpeers->next;
continue;
}
MEDIUM: peers: add the ability to disable a peers section Sometimes it's very hard to disable the use of peers because an empty section is not valid, so it is necessary to comment out all references to the section, and not to forget to restore them in the same state after the operation. Let's add a "disabled" keyword just like for proxies. A ->state member in the peers struct is even present for this purpose but was never used at all. Maybe it would make sense to backport this to 1.5 as it's really cumbersome there.
2015-05-01 14:02:17 -04:00
/* clean what has been detected above */
[BUG] peers: don't keep a peers section which has a NULL frontend If a peers section has no peer named as the local peer, we must destroy it, otherwise a NULL peer frontend remains in the lists and a segfault can happen upon a soft restart. We also now report the missing peer name in order to help troubleshooting.
2011-09-07 15:24:49 -04:00
p = curpeers->remote;
while (p) {
pb = p->next;
free(p->id);
free(p);
p = pb;
}
/* Destroy and unlink this curpeers section.
* Note: curpeers is backed up into *last.
*/
free(curpeers->id);
curpeers = curpeers->next;
free(*last);
*last = curpeers;
}
}
MEDIUM: config: initialize stick-tables after peers, not before It's dangerous to initialize stick-tables before peers because they start a task that cannot be stopped before we know if the peers need to be disabled and destroyed. Move this after.
2015-05-01 13:09:08 -04:00
/* initialize stick-tables on backend capable proxies. This must not
* be done earlier because the data size may be discovered while parsing
* other proxies.
*/
for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
if (curproxy->state == PR_STSTOPPED)
continue;
if (!stktable_init(&curproxy->table)) {
Alert("Proxy '%s': failed to initialize stick-table.\n", curproxy->id);
cfgerr++;
}
}
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
if (mailers) {
struct mailers *curmailers = mailers, **last;
struct mailer *m, *mb;
/* Remove all mailers sections which don't have a valid listener.
* This can happen when a mailers section is never referenced.
*/
last = &mailers;
while (*last) {
curmailers = *last;
if (curmailers->users) {
last = &curmailers->next;
continue;
}
Warning("Removing incomplete section 'mailers %s'.\n",
curmailers->id);
m = curmailers->mailer_list;
while (m) {
mb = m->next;
free(m->id);
free(m);
m = mb;
}
/* Destroy and unlink this curmailers section.
* Note: curmailers is backed up into *last.
*/
free(curmailers->id);
curmailers = curmailers->next;
free(*last);
*last = curmailers;
}
}
MINOR: config: new backend directives: load-server-state-from-file and server-state-file-name This directive gives HAProxy the ability to use the either the global server-state-file directive or a local one using server-state-file-name to load server states. The state can be saved right before the reload by the init script, using the "show servers state" command on the stats socket redirecting output into a file.
2015-08-19 10:44:03 -04:00
/* Update server_state_file_name to backend name if backend is supposed to use
* a server-state file locally defined and none has been provided */
for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
if (curproxy->load_server_state_from_file == PR_SRV_STATE_FILE_LOCAL &&
curproxy->server_state_file_name == NULL)
curproxy->server_state_file_name = strdup(curproxy->id);
}
OPTIM/MINOR: move the hdr_idx pools out of the proxy struct It makes no sense to have one pointer to the hdr_idx pool in each proxy struct since these pools do not depend on the proxy. Let's have a common pool instead as it is already the case for other types.
2011-10-24 12:15:04 -04:00
pool2_hdr_idx = create_pool("hdr_idx",
MEDIUM: tune.http.maxhdr makes it possible to configure the maximum number of HTTP headers For a long time, the max number of headers was taken as a part of the buffer size. Since the header size can be configured at runtime, it does not make much sense anymore. Nothing was making it necessary to have a static value, so let's turn this into a tunable with a default value of 101 which equals what was previously used.
2011-10-24 13:14:41 -04:00
global.tune.max_http_hdr * sizeof(struct hdr_idx_elem),
OPTIM/MINOR: move the hdr_idx pools out of the proxy struct It makes no sense to have one pointer to the hdr_idx pool in each proxy struct since these pools do not depend on the proxy. Let's have a common pool instead as it is already the case for other types.
2011-10-24 12:15:04 -04:00
MEM_F_SHARED);
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
if (cfgerr > 0)
err_code |= ERR_ALERT | ERR_FATAL;
out:
return err_code;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
/*
* Registers the CFG keyword list <kwl> as a list of valid keywords for next
* parsing sessions.
*/
void cfg_register_keywords(struct cfg_kw_list *kwl)
{
LIST_ADDQ(&cfg_keywords.list, &kwl->list);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
/*
* Unregisters the CFG keyword list <kwl> from the list of valid keywords.
*/
void cfg_unregister_keywords(struct cfg_kw_list *kwl)
{
LIST_DEL(&kwl->list);
LIST_INIT(&kwl->list);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: config: Dynamic sections. This patch permit to register new sections in the haproxy's configuration file. This run like all the "keyword" registration, it is used during the haproxy initialization, typically with the "__attribute__((constructor))" functions.
2014-03-18 08:54:18 -04:00
/* this function register new section in the haproxy configuration file.
* <section_name> is the name of this new section and <section_parser>
* is the called parser. If two section declaration have the same name,
* only the first declared is used.
*/
int cfg_register_section(char *section_name,
int (*section_parser)(const char *, int, char **, int))
{
struct cfg_section *cs;
CLEANUP: config: detect double registration of a config section In an effort to make the config parser more robust, we should validate that everything we register is not already registered. Most cfg_register_* functions unfortunately return void and just perform a LIST_ADDQ(), so they will have to change for this. At least cfg_register_section() does perform a bit of checks and is easy to check for such errors, so let's start with this one. Future patches will definitely have to focus on the remaining functions and ensure unicity of all config parsers.
2016-05-17 10:16:09 -04:00
list_for_each_entry(cs, &sections, list) {
if (strcmp(cs->section_name, section_name) == 0) {
Alert("register section '%s': already registered.\n", section_name);
return 0;
}
}
MEDIUM: config: Dynamic sections. This patch permit to register new sections in the haproxy's configuration file. This run like all the "keyword" registration, it is used during the haproxy initialization, typically with the "__attribute__((constructor))" functions.
2014-03-18 08:54:18 -04:00
cs = calloc(1, sizeof(*cs));
if (!cs) {
Alert("register section '%s': out of memory.\n", section_name);
return 0;
}
cs->section_name = section_name;
cs->section_parser = section_parser;
LIST_ADDQ(&sections, &cs->list);
return 1;
}
MINOR: cfgparse: New function cfg_unregister_sections() A new function introduced meant to be called during general deinit phase. During the configuration parsing, the section entries are all allocated. This new function free them.
2015-09-25 06:49:18 -04:00
/*
* free all config section entries
*/
void cfg_unregister_sections(void)
{
struct cfg_section *cs, *ics;
list_for_each_entry_safe(cs, ics, &sections, list) {
LIST_DEL(&cs->list);
free(cs);
}
}
MINOR: cfgparse: Add functions to backup and restore registered sections This feature will be used by the stream processing offload engine (SPOE) to parse dedicated configuration files without mixing HAProxy sections with SPOE sections. So, here we can back up all sections known by HAProxy, unregister all of them and add new ones, dedicted to the SPOE. Once the SPOE configuration file parsed, we can roll back all changes by restoring HAProxy sections.
2016-10-26 05:09:44 -04:00
void cfg_backup_sections(struct list *backup_sections)
{
struct cfg_section *cs, *ics;
list_for_each_entry_safe(cs, ics, &sections, list) {
LIST_DEL(&cs->list);
LIST_ADDQ(backup_sections, &cs->list);
}
}
void cfg_restore_sections(struct list *backup_sections)
{
struct cfg_section *cs, *ics;
list_for_each_entry_safe(cs, ics, backup_sections, list) {
LIST_DEL(&cs->list);
LIST_ADDQ(&sections, &cs->list);
}
}
BUG/MEDIUM: config: fix multiple declaration of section parsers Ben Cabot reported that after commit 5e4261b ("CLEANUP: config: detect double registration of a config section") recently introduced in 1.7-dev, it's not possible anymore to load multiple configuration files. Bryan Talbot provided a simple reproducer to exhibit the issue. It turns out that function readcfgfile() registers new parsers for section keywords for each new file. In addition to being useless, this has the negative effect of wasting memory and slowing down the config parser as the number of configuration files increases. This fix only needs to be backported if/where the commit above is backported.
2016-05-26 11:55:28 -04:00
__attribute__((constructor))
static void cfgparse_init(void)
{
/* Register internal sections */
cfg_register_section("listen", cfg_parse_listen);
cfg_register_section("frontend", cfg_parse_listen);
cfg_register_section("backend", cfg_parse_listen);
cfg_register_section("defaults", cfg_parse_listen);
cfg_register_section("global", cfg_parse_global);
cfg_register_section("userlist", cfg_parse_users);
cfg_register_section("peers", cfg_parse_peers);
cfg_register_section("mailers", cfg_parse_mailers);
cfg_register_section("namespace_list", cfg_parse_netns);
cfg_register_section("resolvers", cfg_parse_resolvers);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/
Reference in a new issue Copy permalink