2006-06-25 20:48:02 -04:00
|
|
|
/*
|
2009-10-03 05:21:53 -04:00
|
|
|
* include/types/proxy.h
|
|
|
|
|
* This file defines everything related to proxies.
|
|
|
|
|
*
|
2011-01-06 11:51:27 -05:00
|
|
|
* Copyright (C) 2000-2011 Willy Tarreau - w@1wt.eu
|
2009-10-03 05:21:53 -04:00
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
* License as published by the Free Software Foundation, version 2.1
|
|
|
|
|
* exclusively.
|
|
|
|
|
*
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
|
*/
|
2006-06-25 20:48:02 -04:00
|
|
|
|
|
|
|
|
#ifndef _TYPES_PROXY_H
|
|
|
|
|
#define _TYPES_PROXY_H
|
|
|
|
|
|
2006-10-15 17:18:47 -04:00
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <sys/socket.h>
|
2006-06-25 20:48:02 -04:00
|
|
|
#include <netinet/in.h>
|
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
|
|
2006-06-29 11:53:05 -04:00
|
|
|
#include <common/appsession.h>
|
2012-08-24 13:22:53 -04:00
|
|
|
#include <common/chunk.h>
|
2006-06-29 12:54:54 -04:00
|
|
|
#include <common/config.h>
|
2006-06-29 11:53:05 -04:00
|
|
|
#include <common/mini-clist.h>
|
|
|
|
|
#include <common/regex.h>
|
2007-09-09 15:56:53 -04:00
|
|
|
#include <common/sessionhash.h>
|
2007-04-09 10:10:57 -04:00
|
|
|
#include <common/tools.h>
|
2009-10-26 16:10:04 -04:00
|
|
|
#include <eb32tree.h>
|
2014-03-15 02:22:35 -04:00
|
|
|
#include <ebistree.h>
|
2006-06-25 20:48:02 -04:00
|
|
|
|
2007-05-06 18:53:22 -04:00
|
|
|
#include <types/acl.h>
|
2009-10-03 05:21:53 -04:00
|
|
|
#include <types/backend.h>
|
2009-10-04 08:52:57 -04:00
|
|
|
#include <types/counters.h>
|
2009-03-05 12:43:00 -05:00
|
|
|
#include <types/freq_ctr.h>
|
2012-09-12 16:58:11 -04:00
|
|
|
#include <types/listener.h>
|
2007-12-05 04:47:29 -05:00
|
|
|
#include <types/log.h>
|
2012-11-11 18:42:33 -05:00
|
|
|
#include <types/obj_type.h>
|
2011-05-11 10:10:11 -04:00
|
|
|
#include <types/proto_http.h>
|
2012-04-27 15:52:18 -04:00
|
|
|
#include <types/sample.h>
|
2006-06-25 20:48:02 -04:00
|
|
|
#include <types/server.h>
|
2010-01-04 09:45:53 -05:00
|
|
|
#include <types/stick_table.h>
|
2006-06-25 20:48:02 -04:00
|
|
|
|
|
|
|
|
/* values for proxy->state */
|
2013-12-06 15:29:13 -05:00
|
|
|
enum pr_state {
|
2011-07-25 02:11:52 -04:00
|
|
|
PR_STNEW = 0, /* proxy has not been initialized yet */
|
|
|
|
|
PR_STREADY, /* proxy has been initialized and is ready */
|
|
|
|
|
PR_STFULL, /* frontend is full (maxconn reached) */
|
|
|
|
|
PR_STPAUSED, /* frontend is paused (during hot restart) */
|
|
|
|
|
PR_STSTOPPED, /* proxy is stopped (end of a restart) */
|
|
|
|
|
PR_STERROR, /* proxy experienced an unrecoverable error */
|
2013-12-06 15:29:13 -05:00
|
|
|
} __attribute__((packed));
|
2006-06-25 20:48:02 -04:00
|
|
|
|
|
|
|
|
/* values for proxy->mode */
|
2013-12-06 15:29:13 -05:00
|
|
|
enum pr_mode {
|
|
|
|
|
PR_MODE_TCP = 0,
|
|
|
|
|
PR_MODE_HTTP,
|
|
|
|
|
PR_MODE_HEALTH,
|
|
|
|
|
} __attribute__((packed));
|
2006-06-25 20:48:02 -04:00
|
|
|
|
2006-12-29 08:19:17 -05:00
|
|
|
/* flag values for proxy->cap. This is a bitmask of capabilities supported by the proxy */
|
|
|
|
|
#define PR_CAP_NONE 0x0000
|
|
|
|
|
#define PR_CAP_FE 0x0001
|
|
|
|
|
#define PR_CAP_BE 0x0002
|
|
|
|
|
#define PR_CAP_RS 0x0004
|
|
|
|
|
#define PR_CAP_LISTEN (PR_CAP_FE|PR_CAP_BE|PR_CAP_RS)
|
|
|
|
|
|
2007-11-29 09:38:04 -05:00
|
|
|
/* bits for proxy->options */
|
|
|
|
|
#define PR_O_REDISP 0x00000001 /* allow reconnection to dispatch in case of errors */
|
|
|
|
|
#define PR_O_TRANSP 0x00000002 /* transparent mode : use original DEST as dispatch */
|
2013-12-15 12:58:25 -05:00
|
|
|
/* unused: 0x04, 0x08, 0x10 */
|
|
|
|
|
#define PR_O_PREF_LAST 0x00000020 /* prefer last server */
|
2011-08-06 11:05:02 -04:00
|
|
|
#define PR_O_DISPATCH 0x00000040 /* use dispatch mode */
|
MAJOR: http: update connection mode configuration
At the very beginning of haproxy, there was "option httpclose" to make
haproxy add a "Connection: close" header in both directions to invite
both sides to agree on closing the connection. It did not work with some
rare products, so "option forceclose" was added to do the same and actively
close the connection. Then client-side keep-alive was supported, so option
http-server-close was introduced. Now we have keep-alive with a fourth
option, not to mention the implicit tunnel mode.
The connection configuration has become a total mess because all the
options above may be combined together, despite almost everyone thinking
they cancel each other, as judging from the common problem reports on the
mailing list. Unfortunately, re-reading the doc shows that it's not clear
at all that options may be combined, and the opposite seems more obvious
since they're compared. The most common issue is options being set in the
defaults section that are not negated in other sections, but are just
combined when the user expects them to be overloaded. The migration to
keep-alive by default will only make things worse.
So let's start to address the first problem. A transaction can only work in
5 modes today :
- tunnel : haproxy doesn't bother with what follows the first req/resp
- passive close : option http-close
- forced close : option forceclose
- server close : option http-server-close with keep-alive on the client side
- keep-alive : option http-keep-alive, end to end
All 16 combination for each section fall into one of these cases. Same for
the 256 combinations resulting from frontend+backend different modes.
With this patch, we're doing something slightly different, which will not
change anything for users with valid configs, and will only change the
behaviour for users with unsafe configs. The principle is that these options
may not combined anymore, and that the latest one always overrides all the
other ones, including those inherited from the defaults section. The "no
option xxx" statement is still supported to cancel one option and fall back
to the default one. It is mainly needed to ignore defaults sections (eg:
force the tunnel mode). The frontend+backend combinations have not changed.
So for examplen the following configuration used to put the connection
into forceclose :
defaults http
mode http
option httpclose
frontend foo.
option http-server-close
=> http-server-close+httpclose = forceclose before this patch! Now
the frontend's config replaces the defaults config and results in
the more expected http-server-close.
All 25 combinations of the 5 modes in (frontend,backend) have been
successfully tested.
In order to prepare for upcoming changes, a new "option http-tunnel" was
added. It currently only voids all other options, and has the lowest
precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
|
|
|
/* unused: 0x00000080 */
|
2011-08-19 16:57:24 -04:00
|
|
|
#define PR_O_FWDFOR 0x00000100 /* conditionally insert x-forwarded-for with client address */
|
2012-12-08 16:29:20 -05:00
|
|
|
/* unused: 0x00000200 */
|
2007-11-29 09:38:04 -05:00
|
|
|
#define PR_O_NULLNOLOG 0x00000400 /* a connect without request will not be logged */
|
2012-05-31 14:40:20 -04:00
|
|
|
/* unused: 0x0800, 0x1000 */
|
2011-08-19 16:57:24 -04:00
|
|
|
#define PR_O_FF_ALWAYS 0x00002000 /* always set x-forwarded-for */
|
2007-11-29 09:38:04 -05:00
|
|
|
#define PR_O_PERSIST 0x00004000 /* server persistence stays effective even when server is down */
|
|
|
|
|
#define PR_O_LOGASAP 0x00008000 /* log as soon as possible, without waiting for the session to complete */
|
MAJOR: http: update connection mode configuration
At the very beginning of haproxy, there was "option httpclose" to make
haproxy add a "Connection: close" header in both directions to invite
both sides to agree on closing the connection. It did not work with some
rare products, so "option forceclose" was added to do the same and actively
close the connection. Then client-side keep-alive was supported, so option
http-server-close was introduced. Now we have keep-alive with a fourth
option, not to mention the implicit tunnel mode.
The connection configuration has become a total mess because all the
options above may be combined together, despite almost everyone thinking
they cancel each other, as judging from the common problem reports on the
mailing list. Unfortunately, re-reading the doc shows that it's not clear
at all that options may be combined, and the opposite seems more obvious
since they're compared. The most common issue is options being set in the
defaults section that are not negated in other sections, but are just
combined when the user expects them to be overloaded. The migration to
keep-alive by default will only make things worse.
So let's start to address the first problem. A transaction can only work in
5 modes today :
- tunnel : haproxy doesn't bother with what follows the first req/resp
- passive close : option http-close
- forced close : option forceclose
- server close : option http-server-close with keep-alive on the client side
- keep-alive : option http-keep-alive, end to end
All 16 combination for each section fall into one of these cases. Same for
the 256 combinations resulting from frontend+backend different modes.
With this patch, we're doing something slightly different, which will not
change anything for users with valid configs, and will only change the
behaviour for users with unsafe configs. The principle is that these options
may not combined anymore, and that the latest one always overrides all the
other ones, including those inherited from the defaults section. The "no
option xxx" statement is still supported to cancel one option and fall back
to the default one. It is mainly needed to ignore defaults sections (eg:
force the tunnel mode). The frontend+backend combinations have not changed.
So for examplen the following configuration used to put the connection
into forceclose :
defaults http
mode http
option httpclose
frontend foo.
option http-server-close
=> http-server-close+httpclose = forceclose before this patch! Now
the frontend's config replaces the defaults config and results in
the more expected http-server-close.
All 25 combinations of the 5 modes in (frontend,backend) have been
successfully tested.
In order to prepare for upcoming changes, a new "option http-tunnel" was
added. It currently only voids all other options, and has the lowest
precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
|
|
|
/* unused: 0x00010000 */
|
2007-11-29 09:38:04 -05:00
|
|
|
#define PR_O_CHK_CACHE 0x00020000 /* require examination of cacheability of the 'set-cookie' field */
|
|
|
|
|
#define PR_O_TCP_CLI_KA 0x00040000 /* enable TCP keep-alive on client-side sessions */
|
|
|
|
|
#define PR_O_TCP_SRV_KA 0x00080000 /* enable TCP keep-alive on server-side sessions */
|
|
|
|
|
#define PR_O_USE_ALL_BK 0x00100000 /* load-balance between backup servers */
|
MAJOR: http: update connection mode configuration
At the very beginning of haproxy, there was "option httpclose" to make
haproxy add a "Connection: close" header in both directions to invite
both sides to agree on closing the connection. It did not work with some
rare products, so "option forceclose" was added to do the same and actively
close the connection. Then client-side keep-alive was supported, so option
http-server-close was introduced. Now we have keep-alive with a fourth
option, not to mention the implicit tunnel mode.
The connection configuration has become a total mess because all the
options above may be combined together, despite almost everyone thinking
they cancel each other, as judging from the common problem reports on the
mailing list. Unfortunately, re-reading the doc shows that it's not clear
at all that options may be combined, and the opposite seems more obvious
since they're compared. The most common issue is options being set in the
defaults section that are not negated in other sections, but are just
combined when the user expects them to be overloaded. The migration to
keep-alive by default will only make things worse.
So let's start to address the first problem. A transaction can only work in
5 modes today :
- tunnel : haproxy doesn't bother with what follows the first req/resp
- passive close : option http-close
- forced close : option forceclose
- server close : option http-server-close with keep-alive on the client side
- keep-alive : option http-keep-alive, end to end
All 16 combination for each section fall into one of these cases. Same for
the 256 combinations resulting from frontend+backend different modes.
With this patch, we're doing something slightly different, which will not
change anything for users with valid configs, and will only change the
behaviour for users with unsafe configs. The principle is that these options
may not combined anymore, and that the latest one always overrides all the
other ones, including those inherited from the defaults section. The "no
option xxx" statement is still supported to cancel one option and fall back
to the default one. It is mainly needed to ignore defaults sections (eg:
force the tunnel mode). The frontend+backend combinations have not changed.
So for examplen the following configuration used to put the connection
into forceclose :
defaults http
mode http
option httpclose
frontend foo.
option http-server-close
=> http-server-close+httpclose = forceclose before this patch! Now
the frontend's config replaces the defaults config and results in
the more expected http-server-close.
All 25 combinations of the 5 modes in (frontend,backend) have been
successfully tested.
In order to prepare for upcoming changes, a new "option http-tunnel" was
added. It currently only voids all other options, and has the lowest
precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
|
|
|
/* unused: 0x00020000 */
|
2007-11-29 09:38:04 -05:00
|
|
|
#define PR_O_TCP_NOLING 0x00400000 /* disable lingering on client and server connections */
|
|
|
|
|
#define PR_O_ABRT_CLOSE 0x00800000 /* immediately abort request when client closes */
|
|
|
|
|
|
MAJOR: http: update connection mode configuration
At the very beginning of haproxy, there was "option httpclose" to make
haproxy add a "Connection: close" header in both directions to invite
both sides to agree on closing the connection. It did not work with some
rare products, so "option forceclose" was added to do the same and actively
close the connection. Then client-side keep-alive was supported, so option
http-server-close was introduced. Now we have keep-alive with a fourth
option, not to mention the implicit tunnel mode.
The connection configuration has become a total mess because all the
options above may be combined together, despite almost everyone thinking
they cancel each other, as judging from the common problem reports on the
mailing list. Unfortunately, re-reading the doc shows that it's not clear
at all that options may be combined, and the opposite seems more obvious
since they're compared. The most common issue is options being set in the
defaults section that are not negated in other sections, but are just
combined when the user expects them to be overloaded. The migration to
keep-alive by default will only make things worse.
So let's start to address the first problem. A transaction can only work in
5 modes today :
- tunnel : haproxy doesn't bother with what follows the first req/resp
- passive close : option http-close
- forced close : option forceclose
- server close : option http-server-close with keep-alive on the client side
- keep-alive : option http-keep-alive, end to end
All 16 combination for each section fall into one of these cases. Same for
the 256 combinations resulting from frontend+backend different modes.
With this patch, we're doing something slightly different, which will not
change anything for users with valid configs, and will only change the
behaviour for users with unsafe configs. The principle is that these options
may not combined anymore, and that the latest one always overrides all the
other ones, including those inherited from the defaults section. The "no
option xxx" statement is still supported to cancel one option and fall back
to the default one. It is mainly needed to ignore defaults sections (eg:
force the tunnel mode). The frontend+backend combinations have not changed.
So for examplen the following configuration used to put the connection
into forceclose :
defaults http
mode http
option httpclose
frontend foo.
option http-server-close
=> http-server-close+httpclose = forceclose before this patch! Now
the frontend's config replaces the defaults config and results in
the more expected http-server-close.
All 25 combinations of the 5 modes in (frontend,backend) have been
successfully tested.
In order to prepare for upcoming changes, a new "option http-tunnel" was
added. It currently only voids all other options, and has the lowest
precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
|
|
|
/* unused: 0x01000000, 0x02000000, 0x04000000, 0x08000000 */
|
2014-01-29 21:07:23 -05:00
|
|
|
#define PR_O_HTTP_KAL 0x00000000 /* HTTP keep-alive mode (http-keep-alive) */
|
MAJOR: http: update connection mode configuration
At the very beginning of haproxy, there was "option httpclose" to make
haproxy add a "Connection: close" header in both directions to invite
both sides to agree on closing the connection. It did not work with some
rare products, so "option forceclose" was added to do the same and actively
close the connection. Then client-side keep-alive was supported, so option
http-server-close was introduced. Now we have keep-alive with a fourth
option, not to mention the implicit tunnel mode.
The connection configuration has become a total mess because all the
options above may be combined together, despite almost everyone thinking
they cancel each other, as judging from the common problem reports on the
mailing list. Unfortunately, re-reading the doc shows that it's not clear
at all that options may be combined, and the opposite seems more obvious
since they're compared. The most common issue is options being set in the
defaults section that are not negated in other sections, but are just
combined when the user expects them to be overloaded. The migration to
keep-alive by default will only make things worse.
So let's start to address the first problem. A transaction can only work in
5 modes today :
- tunnel : haproxy doesn't bother with what follows the first req/resp
- passive close : option http-close
- forced close : option forceclose
- server close : option http-server-close with keep-alive on the client side
- keep-alive : option http-keep-alive, end to end
All 16 combination for each section fall into one of these cases. Same for
the 256 combinations resulting from frontend+backend different modes.
With this patch, we're doing something slightly different, which will not
change anything for users with valid configs, and will only change the
behaviour for users with unsafe configs. The principle is that these options
may not combined anymore, and that the latest one always overrides all the
other ones, including those inherited from the defaults section. The "no
option xxx" statement is still supported to cancel one option and fall back
to the default one. It is mainly needed to ignore defaults sections (eg:
force the tunnel mode). The frontend+backend combinations have not changed.
So for examplen the following configuration used to put the connection
into forceclose :
defaults http
mode http
option httpclose
frontend foo.
option http-server-close
=> http-server-close+httpclose = forceclose before this patch! Now
the frontend's config replaces the defaults config and results in
the more expected http-server-close.
All 25 combinations of the 5 modes in (frontend,backend) have been
successfully tested.
In order to prepare for upcoming changes, a new "option http-tunnel" was
added. It currently only voids all other options, and has the lowest
precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
|
|
|
#define PR_O_HTTP_PCL 0x01000000 /* HTTP passive close mode (httpclose) = tunnel with Connection: close */
|
|
|
|
|
#define PR_O_HTTP_FCL 0x02000000 /* HTTP forced close mode (forceclose) */
|
|
|
|
|
#define PR_O_HTTP_SCL 0x03000000 /* HTTP server close mode (http-server-close) */
|
2014-01-29 21:07:23 -05:00
|
|
|
#define PR_O_HTTP_TUN 0x04000000 /* HTTP tunnel mode : no analysis past first request/response */
|
MAJOR: http: update connection mode configuration
At the very beginning of haproxy, there was "option httpclose" to make
haproxy add a "Connection: close" header in both directions to invite
both sides to agree on closing the connection. It did not work with some
rare products, so "option forceclose" was added to do the same and actively
close the connection. Then client-side keep-alive was supported, so option
http-server-close was introduced. Now we have keep-alive with a fourth
option, not to mention the implicit tunnel mode.
The connection configuration has become a total mess because all the
options above may be combined together, despite almost everyone thinking
they cancel each other, as judging from the common problem reports on the
mailing list. Unfortunately, re-reading the doc shows that it's not clear
at all that options may be combined, and the opposite seems more obvious
since they're compared. The most common issue is options being set in the
defaults section that are not negated in other sections, but are just
combined when the user expects them to be overloaded. The migration to
keep-alive by default will only make things worse.
So let's start to address the first problem. A transaction can only work in
5 modes today :
- tunnel : haproxy doesn't bother with what follows the first req/resp
- passive close : option http-close
- forced close : option forceclose
- server close : option http-server-close with keep-alive on the client side
- keep-alive : option http-keep-alive, end to end
All 16 combination for each section fall into one of these cases. Same for
the 256 combinations resulting from frontend+backend different modes.
With this patch, we're doing something slightly different, which will not
change anything for users with valid configs, and will only change the
behaviour for users with unsafe configs. The principle is that these options
may not combined anymore, and that the latest one always overrides all the
other ones, including those inherited from the defaults section. The "no
option xxx" statement is still supported to cancel one option and fall back
to the default one. It is mainly needed to ignore defaults sections (eg:
force the tunnel mode). The frontend+backend combinations have not changed.
So for examplen the following configuration used to put the connection
into forceclose :
defaults http
mode http
option httpclose
frontend foo.
option http-server-close
=> http-server-close+httpclose = forceclose before this patch! Now
the frontend's config replaces the defaults config and results in
the more expected http-server-close.
All 25 combinations of the 5 modes in (frontend,backend) have been
successfully tested.
In order to prepare for upcoming changes, a new "option http-tunnel" was
added. It currently only voids all other options, and has the lowest
precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
|
|
|
/* unassigned values : 0x05000000, 0x06000000, 0x07000000 */
|
|
|
|
|
#define PR_O_HTTP_MODE 0x07000000 /* MASK to retrieve the HTTP mode */
|
2013-12-10 18:52:19 -05:00
|
|
|
#define PR_O_TCPCHK_SSL 0x08000000 /* at least one TCPCHECK connect rule requires SSL */
|
2007-11-29 09:38:04 -05:00
|
|
|
#define PR_O_CONTSTATS 0x10000000 /* continous counters */
|
2007-11-29 09:43:32 -05:00
|
|
|
#define PR_O_HTTP_PROXY 0x20000000 /* Enable session to use HTTP proxy operations */
|
2007-11-30 04:41:39 -05:00
|
|
|
#define PR_O_DISABLE404 0x40000000 /* Disable a server on a 404 response to a health-check */
|
2009-04-17 12:53:21 -04:00
|
|
|
#define PR_O_ORGTO 0x80000000 /* insert x-original-to with destination address */
|
2009-01-18 15:44:07 -05:00
|
|
|
|
|
|
|
|
/* bits for proxy->options2 */
|
|
|
|
|
#define PR_O2_SPLIC_REQ 0x00000001 /* transfer requests using linux kernel's splice() */
|
|
|
|
|
#define PR_O2_SPLIC_RTR 0x00000002 /* transfer responses using linux kernel's splice() */
|
|
|
|
|
#define PR_O2_SPLIC_AUT 0x00000004 /* automatically use linux kernel's splice() */
|
|
|
|
|
#define PR_O2_SPLIC_ANY (PR_O2_SPLIC_REQ|PR_O2_SPLIC_RTR|PR_O2_SPLIC_AUT)
|
2009-04-02 05:35:18 -04:00
|
|
|
#define PR_O2_REQBUG_OK 0x00000008 /* let buggy requests pass through */
|
|
|
|
|
#define PR_O2_RSPBUG_OK 0x00000010 /* let buggy responses pass through */
|
2009-05-10 05:57:02 -04:00
|
|
|
#define PR_O2_NOLOGNORM 0x00000020 /* don't log normal traffic, only errors and retries */
|
|
|
|
|
#define PR_O2_LOGERRORS 0x00000040 /* log errors and retries at level LOG_ERR */
|
2009-06-14 06:07:01 -04:00
|
|
|
#define PR_O2_SMARTACC 0x00000080 /* don't immediately ACK request after accept */
|
2009-06-14 09:48:17 -04:00
|
|
|
#define PR_O2_SMARTCON 0x00000100 /* don't immediately send empty ACK after connect */
|
2009-06-30 11:57:00 -04:00
|
|
|
#define PR_O2_RDPC_PRST 0x00000200 /* Actvate rdp cookie analyser */
|
2009-06-30 12:26:00 -04:00
|
|
|
#define PR_O2_CLFLOG 0x00000400 /* log into clf format */
|
2009-09-27 09:50:02 -04:00
|
|
|
#define PR_O2_LOGHCHKS 0x00000800 /* log health checks */
|
2012-08-25 00:18:33 -04:00
|
|
|
#define PR_O2_INDEPSTR 0x00001000 /* independent streams, don't update rex on write */
|
2009-10-04 09:43:17 -04:00
|
|
|
#define PR_O2_SOCKSTAT 0x00002000 /* collect & provide separate statistics for sockets */
|
2009-11-29 14:04:48 -05:00
|
|
|
|
|
|
|
|
/* appsession */
|
|
|
|
|
#define PR_O2_AS_REQL 0x00004000 /* learn the session id from the request */
|
|
|
|
|
#define PR_O2_AS_PFX 0x00008000 /* match on the cookie prefix */
|
|
|
|
|
|
|
|
|
|
/* Encoding of appsession cookie matching modes : 2 possible values => 1 bit */
|
|
|
|
|
#define PR_O2_AS_M_PP 0x00000000 /* path-parameters mode (the default mode) */
|
|
|
|
|
#define PR_O2_AS_M_QS 0x00010000 /* query-string mode */
|
|
|
|
|
#define PR_O2_AS_M_ANY 0x00010000 /* mask covering all PR_O2_AS_M_* values */
|
2011-08-06 11:05:02 -04:00
|
|
|
#define PR_O2_NODELAY 0x00020000 /* fully interactive mode, never delay outgoing data */
|
2010-01-25 06:15:43 -05:00
|
|
|
#define PR_O2_USE_PXHDR 0x00040000 /* use Proxy-Connection for proxy requests */
|
2010-01-27 05:53:01 -05:00
|
|
|
#define PR_O2_CHK_SNDST 0x00080000 /* send the state of each server along with HTTP health checks */
|
2012-03-02 08:35:21 -05:00
|
|
|
|
|
|
|
|
#define PR_O2_SRC_ADDR 0x00100000 /* get the source ip and port for logs */
|
|
|
|
|
|
2010-04-05 10:15:16 -04:00
|
|
|
#define PR_O2_FAKE_KA 0x00200000 /* pretend we do keep-alive with server eventhough we close */
|
2011-08-06 11:05:02 -04:00
|
|
|
/* unused: 0x00400000 */
|
[MEDIUM] checks: add support for HTTP contents lookup
This patch adds the "http-check expect [r]{string,status}" statements
which enable health checks based on whether the response status or body
to an HTTP request contains a string or matches a regex.
This probably is one of the oldest patches that remained unmerged. Over
the time, several people have contributed to it, among which FinalBSD
(first and second implementations), Nick Chalk (port to 1.4), Anze
Skerlavaj (tests and fixes), Cyril Bonté (general fixes), and of course
myself for the final fixes and doc during integration.
Some people already use an old version of this patch which has several
issues, among which the inability to search for a plain string that is
not at the beginning of the data, and the inability to look for response
contents that are provided in a second and subsequent recv() calls. But
since some configs are already deployed, it was quite important to ensure
a 100% compatible behaviour on the working cases.
Thus, that patch fixes the issues while maintaining config compatibility
with already deployed versions.
(cherry picked from commit b507c43a3ce9a8e8e4b770e52e4edc20cba4c37f)
2010-03-16 13:46:54 -04:00
|
|
|
#define PR_O2_EXP_NONE 0x00000000 /* http-check : no expect rule */
|
|
|
|
|
#define PR_O2_EXP_STS 0x00800000 /* http-check expect status */
|
|
|
|
|
#define PR_O2_EXP_RSTS 0x01000000 /* http-check expect rstatus */
|
|
|
|
|
#define PR_O2_EXP_STR 0x01800000 /* http-check expect string */
|
|
|
|
|
#define PR_O2_EXP_RSTR 0x02000000 /* http-check expect rstring */
|
|
|
|
|
#define PR_O2_EXP_TYPE 0x03800000 /* mask for http-check expect type */
|
|
|
|
|
#define PR_O2_EXP_INV 0x04000000 /* http-check expect !<rule> */
|
2012-05-31 14:40:20 -04:00
|
|
|
/* unused: 0x08000000 */
|
2011-01-04 09:14:13 -05:00
|
|
|
|
2011-08-06 11:05:02 -04:00
|
|
|
/* server health checks */
|
|
|
|
|
#define PR_O2_CHK_NONE 0x00000000 /* no L7 health checks configured (TCP by default) */
|
2011-01-04 09:14:13 -05:00
|
|
|
#define PR_O2_PGSQL_CHK 0x10000000 /* use PGSQL check for server health */
|
2011-08-06 11:05:02 -04:00
|
|
|
#define PR_O2_REDIS_CHK 0x20000000 /* use LDAP check for server health */
|
|
|
|
|
#define PR_O2_SMTP_CHK 0x30000000 /* use SMTP EHLO check for server health - pvandijk@vision6.com.au */
|
|
|
|
|
#define PR_O2_HTTP_CHK 0x40000000 /* use HTTP 'OPTIONS' method to check server health */
|
|
|
|
|
#define PR_O2_MYSQL_CHK 0x50000000 /* use MYSQL check for server health */
|
|
|
|
|
#define PR_O2_LDAP_CHK 0x60000000 /* use LDAP check for server health */
|
|
|
|
|
#define PR_O2_SSL3_CHK 0x70000000 /* use SSLv3 CLIENT_HELLO packets for server health */
|
2013-02-11 20:45:54 -05:00
|
|
|
#define PR_O2_LB_AGENT_CHK 0x80000000 /* use a TCP connection to obtain a metric of server health */
|
2013-10-06 17:24:13 -04:00
|
|
|
#define PR_O2_TCPCHK_CHK 0x90000000 /* use TCPCHK check for server health */
|
2014-06-19 23:30:16 -04:00
|
|
|
#define PR_O2_EXT_CHK 0xA0000000 /* use external command for server health */
|
|
|
|
|
/* unused: 0xB0000000 to 0xF000000, reserved for health checks */
|
2011-08-06 11:05:02 -04:00
|
|
|
#define PR_O2_CHK_ANY 0xF0000000 /* Mask to cover any check */
|
2010-01-04 09:45:53 -05:00
|
|
|
/* end of proxy->options2 */
|
|
|
|
|
|
2012-05-31 14:40:20 -04:00
|
|
|
/* Cookie settings for pr->ck_opts */
|
2012-05-31 14:43:11 -04:00
|
|
|
#define PR_CK_RW 0x00000001 /* rewrite all direct cookies with the right serverid */
|
|
|
|
|
#define PR_CK_IND 0x00000002 /* keep only indirect cookies */
|
|
|
|
|
#define PR_CK_INS 0x00000004 /* insert cookies when not accessing a server directly */
|
|
|
|
|
#define PR_CK_PFX 0x00000008 /* rewrite all cookies by prefixing the right serverid */
|
|
|
|
|
#define PR_CK_ANY (PR_CK_RW | PR_CK_IND | PR_CK_INS | PR_CK_PFX)
|
|
|
|
|
#define PR_CK_NOC 0x00000010 /* add a 'Cache-control' header with the cookie */
|
|
|
|
|
#define PR_CK_POST 0x00000020 /* don't insert cookies for requests other than a POST */
|
|
|
|
|
#define PR_CK_PSV 0x00000040 /* cookie ... preserve */
|
2012-05-31 15:02:17 -04:00
|
|
|
#define PR_CK_HTTPONLY 0x00000080 /* emit the "HttpOnly" attribute */
|
|
|
|
|
#define PR_CK_SECURE 0x00000100 /* emit the "Secure" attribute */
|
2012-05-31 14:40:20 -04:00
|
|
|
|
2010-01-04 09:45:53 -05:00
|
|
|
/* bits for sticking rules */
|
|
|
|
|
#define STK_IS_MATCH 0x00000001 /* match on request fetch */
|
|
|
|
|
#define STK_IS_STORE 0x00000002 /* store on request fetch */
|
|
|
|
|
#define STK_ON_RSP 0x00000004 /* store on response fetch */
|
2010-01-12 03:25:13 -05:00
|
|
|
|
2014-12-16 09:41:18 -05:00
|
|
|
struct session;
|
|
|
|
|
|
2009-03-01 17:21:47 -05:00
|
|
|
struct error_snapshot {
|
|
|
|
|
struct timeval when; /* date of this event, (tv_sec == 0) means "never" */
|
|
|
|
|
unsigned int len; /* original length of the last invalid request/response */
|
|
|
|
|
unsigned int pos; /* position of the first invalid character */
|
|
|
|
|
unsigned int sid; /* ID of the faulty session */
|
2010-12-12 08:00:34 -05:00
|
|
|
unsigned int ev_id; /* event number (counter incremented for each capture) */
|
2010-12-12 06:46:33 -05:00
|
|
|
unsigned int state; /* message state before the error (when saved) */
|
MEDIUM: http: improve error capture reports
A number of important information were missing from the error captures, so
let's improve them. Now we also log source port, session flags, transaction
flags, message flags, pending output bytes, expected buffer wrapping position,
total bytes transferred, message chunk length, and message body length.
As such, the output format has slightly evolved and the source address moved
to the third line :
[08/May/2012:11:14:36.341] frontend echo (#1): invalid request
backend echo (#1), server <NONE> (#-1), event #1
src 127.0.0.1:40616, session #4, session flags 0x00000000
HTTP msg state 26, msg flags 0x00000000, tx flags 0x00000000
HTTP chunk len 0 bytes, HTTP body len 0 bytes
buffer flags 0x00909002, out 0 bytes, total 28 bytes
pending 28 bytes, wrapping at 8030, error at position 7:
00000 GET / /?t=20000 HTTP/1.1\r\n
00026 \r\n
[08/May/2012:11:13:13.426] backend echo (#1) : invalid response
frontend echo (#1), server local (#1), event #0
src 127.0.0.1:40615, session #1, session flags 0x0000044e
HTTP msg state 32, msg flags 0x0000000e, tx flags 0x08200000
HTTP chunk len 0 bytes, HTTP body len 20 bytes
buffer flags 0x00008002, out 81 bytes, total 92 bytes
pending 11 bytes, wrapping at 7949, error at position 9:
00000 Foo: bar\r\r\n
2012-05-08 05:03:10 -04:00
|
|
|
unsigned int b_flags; /* buffer flags */
|
|
|
|
|
unsigned int s_flags; /* session flags */
|
|
|
|
|
unsigned int t_flags; /* transaction flags */
|
|
|
|
|
unsigned int m_flags; /* message flags */
|
|
|
|
|
unsigned int b_out; /* pending output bytes */
|
|
|
|
|
unsigned int b_wrap; /* position where the buffer is expected to wrap */
|
|
|
|
|
unsigned long long b_tot; /* total bytes transferred via this buffer */
|
|
|
|
|
unsigned long long m_clen; /* chunk len for this message */
|
|
|
|
|
unsigned long long m_blen; /* body len for this message */
|
2009-03-01 17:21:47 -05:00
|
|
|
struct server *srv; /* server associated with the error (or NULL) */
|
|
|
|
|
struct proxy *oe; /* other end = frontend or backend involved */
|
|
|
|
|
struct sockaddr_storage src; /* client's address */
|
|
|
|
|
char buf[BUFSIZE]; /* copy of the beginning of the message */
|
|
|
|
|
};
|
|
|
|
|
|
2015-01-29 21:23:00 -05:00
|
|
|
struct email_alert {
|
|
|
|
|
struct list list;
|
|
|
|
|
struct list tcpcheck_rules;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct email_alertq {
|
|
|
|
|
struct list email_alerts;
|
|
|
|
|
struct check check; /* Email alerts are implemented using existing check
|
|
|
|
|
* code even though they are not checks. This structure
|
|
|
|
|
* is as a parameter to the check code.
|
|
|
|
|
* Each check corresponds to a mailer */
|
|
|
|
|
};
|
|
|
|
|
|
2006-06-25 20:48:02 -04:00
|
|
|
struct proxy {
|
2012-11-11 18:42:33 -05:00
|
|
|
enum obj_type obj_type; /* object type == OBJ_TYPE_PROXY */
|
2013-12-06 15:29:13 -05:00
|
|
|
enum pr_state state; /* proxy state, one of PR_* */
|
|
|
|
|
enum pr_mode mode; /* mode = PR_MODE_TCP, PR_MODE_HTTP or PR_MODE_HEALTH */
|
|
|
|
|
char cap; /* supported capabilities (PR_CAP_*) */
|
|
|
|
|
unsigned int maxconn; /* max # of active sessions on the frontend */
|
|
|
|
|
|
2007-01-01 18:28:21 -05:00
|
|
|
int options; /* PR_O_REDISP, PR_O_TRANSP, ... */
|
2009-01-18 15:44:07 -05:00
|
|
|
int options2; /* PR_O2_* */
|
2012-11-11 18:42:33 -05:00
|
|
|
struct in_addr mon_net, mon_mask; /* don't forward connections from this net (network order) FIXME: should support IPv6 */
|
2012-05-31 14:40:20 -04:00
|
|
|
unsigned int ck_opts; /* PR_CK_* (cookie options) */
|
2009-08-16 16:37:44 -04:00
|
|
|
unsigned int fe_req_ana, be_req_ana; /* bitmap of common request protocol analysers for the frontend and backend */
|
2009-08-16 16:57:50 -04:00
|
|
|
unsigned int fe_rsp_ana, be_rsp_ana; /* bitmap of common response protocol analysers for the frontend and backend */
|
2013-03-24 02:22:08 -04:00
|
|
|
unsigned int http_needed; /* non-null if HTTP analyser may be used */
|
2007-01-01 17:11:07 -05:00
|
|
|
union {
|
|
|
|
|
struct proxy *be; /* default backend, or NULL if none set */
|
|
|
|
|
char *name; /* default backend name during config parse */
|
|
|
|
|
} defbe;
|
2007-05-06 18:53:22 -04:00
|
|
|
struct list acl; /* ACL declared on this proxy */
|
2013-06-11 10:06:12 -04:00
|
|
|
struct list http_req_rules; /* HTTP request rules: allow/deny/... */
|
|
|
|
|
struct list http_res_rules; /* HTTP response rules: allow/deny/... */
|
2014-04-28 16:05:31 -04:00
|
|
|
struct list block_rules; /* http-request block rules to be inserted before other ones */
|
2008-06-07 17:08:56 -04:00
|
|
|
struct list redirect_rules; /* content redirecting rules (chained) */
|
2007-06-17 13:56:27 -04:00
|
|
|
struct list switching_rules; /* content switching rules (chained) */
|
2010-04-24 18:00:51 -04:00
|
|
|
struct list persist_rules; /* 'force-persist' and 'ignore-persist' rules (chained) */
|
2010-01-04 09:45:53 -05:00
|
|
|
struct list sticking_rules; /* content sticking rules (chained) */
|
|
|
|
|
struct list storersp_rules; /* content store response rules (chained) */
|
2012-04-05 15:09:48 -04:00
|
|
|
struct list server_rules; /* server switching rules (chained) */
|
[MAJOR] implement tcp request content inspection
Some people need to inspect contents of TCP requests before
deciding to forward a connection or not. A future extension
of this demand might consist in selecting a server farm
depending on the protocol detected in the request.
For this reason, a new state CL_STINSPECT has been added on
the client side. It is immediately entered upon accept() if
the statement "tcp-request inspect-delay <xxx>" is found in
the frontend configuration. Haproxy will then wait up to
this amount of time trying to find a matching ACL, and will
either accept or reject the connection depending on the
"tcp-request content <action> {if|unless}" rules, where
<action> is either "accept" or "reject".
Note that it only waits that long if no definitive verdict
can be found earlier. That generally implies calling a fetch()
function which does not have enough information to decode
some contents, or a match() function which only finds the
beginning of what it's looking for.
It is only at the ACL level that partial data may be processed
as such, because we need to distinguish between MISS and FAIL
*before* applying the term negation.
Thus it is enough to add "| ACL_PARTIAL" to the last argument
when calling acl_exec_cond() to indicate that we expect
ACL_PAT_MISS to be returned if some data is missing (for
fetch() or match()). This is the only case we may return
this value. For this reason, the ACL check in process_cli()
has become a lot simpler.
A new ACL "req_len" of type "int" has been added. Right now
it is already possible to drop requests which talk too early
(eg: for SMTP) or which don't talk at all (eg: HTTP/SSL).
Also, the acl fetch() functions have been extended in order
to permit reporting of missing data in case of fetch failure,
using the ACL_TEST_F_MAY_CHANGE flag.
The default behaviour is unchanged, and if no rule matches,
the request is accepted.
As a side effect, all layer 7 fetching functions have been
cleaned up so that they now check for the validity of the
layer 7 pointer before dereferencing it.
2008-07-14 17:54:42 -04:00
|
|
|
struct { /* TCP request processing */
|
2008-08-17 11:13:47 -04:00
|
|
|
unsigned int inspect_delay; /* inspection delay */
|
[MAJOR] implement tcp request content inspection
Some people need to inspect contents of TCP requests before
deciding to forward a connection or not. A future extension
of this demand might consist in selecting a server farm
depending on the protocol detected in the request.
For this reason, a new state CL_STINSPECT has been added on
the client side. It is immediately entered upon accept() if
the statement "tcp-request inspect-delay <xxx>" is found in
the frontend configuration. Haproxy will then wait up to
this amount of time trying to find a matching ACL, and will
either accept or reject the connection depending on the
"tcp-request content <action> {if|unless}" rules, where
<action> is either "accept" or "reject".
Note that it only waits that long if no definitive verdict
can be found earlier. That generally implies calling a fetch()
function which does not have enough information to decode
some contents, or a match() function which only finds the
beginning of what it's looking for.
It is only at the ACL level that partial data may be processed
as such, because we need to distinguish between MISS and FAIL
*before* applying the term negation.
Thus it is enough to add "| ACL_PARTIAL" to the last argument
when calling acl_exec_cond() to indicate that we expect
ACL_PAT_MISS to be returned if some data is missing (for
fetch() or match()). This is the only case we may return
this value. For this reason, the ACL check in process_cli()
has become a lot simpler.
A new ACL "req_len" of type "int" has been added. Right now
it is already possible to drop requests which talk too early
(eg: for SMTP) or which don't talk at all (eg: HTTP/SSL).
Also, the acl fetch() functions have been extended in order
to permit reporting of missing data in case of fetch failure,
using the ACL_TEST_F_MAY_CHANGE flag.
The default behaviour is unchanged, and if no rule matches,
the request is accepted.
As a side effect, all layer 7 fetching functions have been
cleaned up so that they now check for the validity of the
layer 7 pointer before dereferencing it.
2008-07-14 17:54:42 -04:00
|
|
|
struct list inspect_rules; /* inspection rules */
|
2010-05-23 16:39:25 -04:00
|
|
|
struct list l4_rules; /* layer4 rules */
|
[MAJOR] implement tcp request content inspection
Some people need to inspect contents of TCP requests before
deciding to forward a connection or not. A future extension
of this demand might consist in selecting a server farm
depending on the protocol detected in the request.
For this reason, a new state CL_STINSPECT has been added on
the client side. It is immediately entered upon accept() if
the statement "tcp-request inspect-delay <xxx>" is found in
the frontend configuration. Haproxy will then wait up to
this amount of time trying to find a matching ACL, and will
either accept or reject the connection depending on the
"tcp-request content <action> {if|unless}" rules, where
<action> is either "accept" or "reject".
Note that it only waits that long if no definitive verdict
can be found earlier. That generally implies calling a fetch()
function which does not have enough information to decode
some contents, or a match() function which only finds the
beginning of what it's looking for.
It is only at the ACL level that partial data may be processed
as such, because we need to distinguish between MISS and FAIL
*before* applying the term negation.
Thus it is enough to add "| ACL_PARTIAL" to the last argument
when calling acl_exec_cond() to indicate that we expect
ACL_PAT_MISS to be returned if some data is missing (for
fetch() or match()). This is the only case we may return
this value. For this reason, the ACL check in process_cli()
has become a lot simpler.
A new ACL "req_len" of type "int" has been added. Right now
it is already possible to drop requests which talk too early
(eg: for SMTP) or which don't talk at all (eg: HTTP/SSL).
Also, the acl fetch() functions have been extended in order
to permit reporting of missing data in case of fetch failure,
using the ACL_TEST_F_MAY_CHANGE flag.
The default behaviour is unchanged, and if no rule matches,
the request is accepted.
As a side effect, all layer 7 fetching functions have been
cleaned up so that they now check for the validity of the
layer 7 pointer before dereferencing it.
2008-07-14 17:54:42 -04:00
|
|
|
} tcp_req;
|
2010-09-23 11:56:44 -04:00
|
|
|
struct { /* TCP request processing */
|
|
|
|
|
unsigned int inspect_delay; /* inspection delay */
|
|
|
|
|
struct list inspect_rules; /* inspection rules */
|
|
|
|
|
} tcp_rep;
|
2010-01-05 10:38:49 -05:00
|
|
|
struct server *srv, defsrv; /* known servers; default server configuration */
|
2007-11-25 19:15:43 -05:00
|
|
|
int srv_act, srv_bck; /* # of servers eligible for LB (UP|!checked) AND (enabled+weight!=0) */
|
2009-10-03 05:21:53 -04:00
|
|
|
struct lbprm lbprm; /* load-balancing parameters */
|
2008-05-29 17:03:34 -04:00
|
|
|
char *cookie_domain; /* domain used to insert the cookie */
|
2006-06-25 20:48:02 -04:00
|
|
|
char *cookie_name; /* name of the cookie to look for */
|
|
|
|
|
int cookie_len; /* strlen(cookie_name), computed only once */
|
2010-10-06 10:59:56 -04:00
|
|
|
unsigned int cookie_maxidle; /* max idle time for this cookie */
|
|
|
|
|
unsigned int cookie_maxlife; /* max life time for this cookie */
|
2009-06-30 11:57:00 -04:00
|
|
|
int rdp_cookie_len; /* strlen(rdp_cookie_name), computed only once */
|
2014-08-28 08:36:36 -04:00
|
|
|
char *rdp_cookie_name; /* name of the RDP cookie to look for */
|
2007-11-01 17:48:15 -04:00
|
|
|
char *url_param_name; /* name of the URL parameter used for hashing */
|
|
|
|
|
int url_param_len; /* strlen(url_param_name), computed only once */
|
2008-04-27 17:25:55 -04:00
|
|
|
int uri_len_limit; /* character limit for uri balancing algorithm */
|
|
|
|
|
int uri_dirs_depth1; /* directories+1 (slashes) limit for uri balancing algorithm */
|
2012-05-19 05:19:54 -04:00
|
|
|
int uri_whole; /* if != 0, calculates the hash from the whole uri. Still honors the len_limit and dirs_depth1 */
|
2009-03-25 08:02:10 -04:00
|
|
|
char *hh_name; /* name of the header parameter used for hashing */
|
|
|
|
|
int hh_len; /* strlen(hh_name), computed only once */
|
|
|
|
|
int hh_match_domain; /* toggle use of special match function */
|
2006-07-09 02:22:27 -04:00
|
|
|
char *appsession_name; /* name of the cookie to look for */
|
2006-06-25 20:48:02 -04:00
|
|
|
int appsession_name_len; /* strlen(appsession_name), computed only once */
|
2006-07-09 02:22:27 -04:00
|
|
|
int appsession_len; /* length of the appsession cookie value to be used */
|
2007-09-09 15:56:53 -04:00
|
|
|
struct appsession_hash htbl_proxy; /* Per Proxy hashtable */
|
2006-06-25 20:48:02 -04:00
|
|
|
char *capture_name; /* beginning of the name of the cookie to capture */
|
2006-07-09 02:22:27 -04:00
|
|
|
int capture_namelen; /* length of the cookie name to match */
|
2006-06-25 20:48:02 -04:00
|
|
|
int capture_len; /* length of the string to be captured */
|
|
|
|
|
struct uri_auth *uri_auth; /* if non-NULL, the (list of) per-URI authentications */
|
2014-08-28 08:36:36 -04:00
|
|
|
int max_ka_queue; /* 1+maximum requests in queue accepted for reusing a K-A conn (0=none) */
|
2006-07-09 02:22:27 -04:00
|
|
|
int monitor_uri_len; /* length of the string above. 0 if unused */
|
2014-08-28 08:36:36 -04:00
|
|
|
char *monitor_uri; /* a special URI to which we respond with HTTP/200 OK */
|
2007-11-30 14:51:32 -05:00
|
|
|
struct list mon_fail_cond; /* list of conditions to fail monitoring requests (chained) */
|
2008-02-15 05:15:34 -05:00
|
|
|
struct { /* WARNING! check proxy_reset_timeouts() in proxy.h !!! */
|
2008-07-06 18:09:58 -04:00
|
|
|
int client; /* client I/O timeout (in ticks) */
|
|
|
|
|
int tarpit; /* tarpit timeout, defaults to connect if unspecified */
|
|
|
|
|
int queue; /* queue timeout, defaults to connect if unspecified */
|
|
|
|
|
int connect; /* connect timeout (in ticks) */
|
|
|
|
|
int server; /* server I/O timeout (in ticks) */
|
|
|
|
|
int appsession; /* appsession cookie expiration */
|
|
|
|
|
int httpreq; /* maximum time for complete HTTP request */
|
2010-01-10 08:46:16 -05:00
|
|
|
int httpka; /* maximum time for a new HTTP request when using keep-alive */
|
2008-07-06 18:09:58 -04:00
|
|
|
int check; /* maximum time for complete check */
|
2012-05-12 06:50:00 -04:00
|
|
|
int tunnel; /* I/O timeout to use in tunnel mode (in ticks) */
|
2014-05-10 08:30:07 -04:00
|
|
|
int clientfin; /* timeout to apply to client half-closed connections */
|
|
|
|
|
int serverfin; /* timeout to apply to server half-closed connections */
|
2007-12-02 18:36:16 -05:00
|
|
|
} timeout;
|
2009-10-02 16:51:14 -04:00
|
|
|
char *id, *desc; /* proxy id (name) and description */
|
2006-07-09 02:22:27 -04:00
|
|
|
struct list pendconns; /* pending connections with no server assigned yet */
|
2009-10-04 17:12:44 -04:00
|
|
|
int nbpend; /* number of pending connections with no server assigned yet */
|
2006-07-09 02:22:27 -04:00
|
|
|
int totpend; /* total number of pending connections on this instance (for stats) */
|
2009-10-04 08:52:57 -04:00
|
|
|
unsigned int feconn, beconn; /* # of active frontend and backends sessions */
|
2010-02-26 04:05:55 -05:00
|
|
|
struct freq_ctr fe_req_per_sec; /* HTTP requests per second on the frontend */
|
2010-06-04 14:59:39 -04:00
|
|
|
struct freq_ctr fe_conn_per_sec; /* received connections per second on the frontend */
|
|
|
|
|
struct freq_ctr fe_sess_per_sec; /* accepted sessions per second on the frontend (after tcp rules) */
|
2009-03-05 12:43:00 -05:00
|
|
|
struct freq_ctr be_sess_per_sec; /* sessions per second on the backend */
|
2009-05-10 12:52:49 -04:00
|
|
|
unsigned int fe_sps_lim; /* limit on new sessions per second on the frontend */
|
2006-12-28 18:10:33 -05:00
|
|
|
unsigned int fullconn; /* #conns on backend above which servers are used at full load */
|
2007-03-25 10:00:04 -04:00
|
|
|
struct in_addr except_net, except_mask; /* don't x-forward-for for this address. FIXME: should support IPv6 */
|
2009-04-17 12:53:21 -04:00
|
|
|
struct in_addr except_to; /* don't x-original-to for this address. */
|
|
|
|
|
struct in_addr except_mask_to; /* the netmask for except_to. */
|
2008-08-03 04:51:45 -04:00
|
|
|
char *fwdfor_hdr_name; /* header to use - default: "x-forwarded-for" */
|
2009-04-17 12:53:21 -04:00
|
|
|
char *orgto_hdr_name; /* header to use - default: "x-original-to" */
|
2014-08-28 08:36:36 -04:00
|
|
|
int fwdfor_hdr_len; /* length of "x-forwarded-for" header */
|
2009-04-17 12:53:21 -04:00
|
|
|
int orgto_hdr_len; /* length of "x-original-to" header */
|
2012-01-04 13:02:01 -05:00
|
|
|
char *server_id_hdr_name; /* the header to use to send the server id (name) */
|
|
|
|
|
int server_id_hdr_len; /* the length of the id (name) header... name */
|
2014-08-28 08:36:36 -04:00
|
|
|
int conn_retries; /* maximum number of connect retries */
|
[MEDIUM] stats: report server and backend cumulated downtime
Hello,
This patch implements new statistics for SLA calculation by adding new
field 'Dwntime' with total down time since restart (both HTTP/CSV) and
extending status field (HTTP) or inserting a new one (CSV) with time
showing how long each server/backend is in a current state. Additionaly,
down transations are also calculated and displayed for backends, so it is
possible to know how many times selected backend was down, generating "No
server is available to handle this request." error.
New information are presentetd in two different ways:
- for HTTP: a "human redable form", one of "100000d 23h", "23h 59m" or
"59m 59s"
- for CSV: seconds
I believe that seconds resolution is enough.
As there are more columns in the status page I decided to shrink some
names to make more space:
- Weight -> Wght
- Check -> Chk
- Down -> Dwn
Making described changes I also made some improvements and fixed some
small bugs:
- don't increment s->health above 's->rise + s->fall - 1'. Previously it
was incremented an then (re)set to 's->rise + s->fall - 1'.
- do not set server down if it is down already
- do not set server up if it is up already
- fix colspan in multiple places (mostly introduced by my previous patch)
- add missing "status" header to CSV
- fix order of retries/redispatches in server (CSV)
- s/Tthen/Then/
- s/server/backend/ in DATA_ST_PX_BE (dumpstats.c)
Changes from previous version:
- deal with negative time intervales
- don't relay on s->state (SRV_RUNNING)
- little reworked human_time + compacted format (no spaces). If needed it
can be used in the future for other purposes by optionally making "cnt"
as an argument
- leave set_server_down mostly unchanged
- only little reworked "process_chk: 9"
- additional fields in CSV are appended to the rigth
- fix "SEC" macro
- named arguments (human_time, be_downtime, srv_downtime)
Hope it is OK. If there are only cosmetic changes needed please fill free
to correct it, however if there are some bigger changes required I would
like to discuss it first or at last to know what exactly was changed
especially since I already put this patch into my production server. :)
Thank you,
Best regards,
Krzysztof Oledzki
2007-10-22 10:21:10 -04:00
|
|
|
unsigned down_trans; /* up-down transitions */
|
|
|
|
|
unsigned down_time; /* total time the proxy was down */
|
|
|
|
|
time_t last_change; /* last time, when the state was changed */
|
2010-06-01 11:14:24 -04:00
|
|
|
int (*accept)(struct session *s); /* application layer's accept() */
|
2012-12-08 16:29:20 -05:00
|
|
|
struct conn_src conn_src; /* connection source settings */
|
2006-06-25 20:48:02 -04:00
|
|
|
struct proxy *next;
|
2014-08-28 09:03:15 -04:00
|
|
|
|
|
|
|
|
unsigned int log_count; /* number of logs produced by the frontend */
|
2011-10-12 11:50:54 -04:00
|
|
|
struct list logsrvs;
|
2012-02-08 10:37:49 -05:00
|
|
|
struct list logformat; /* log_format linked list */
|
2015-01-07 09:03:42 -05:00
|
|
|
char *log_tag; /* override default syslog tag */
|
2012-03-12 07:48:57 -04:00
|
|
|
char *header_unique_id; /* unique-id header */
|
|
|
|
|
struct list format_unique_id; /* unique-id format */
|
2006-06-25 20:48:02 -04:00
|
|
|
int to_log; /* things to be logged (LW_*) */
|
2008-07-06 18:09:58 -04:00
|
|
|
int stop_time; /* date to stop listening, when stopping != 0 (int ticks) */
|
2006-06-25 20:48:02 -04:00
|
|
|
struct hdr_exp *req_exp; /* regular expressions for request headers */
|
|
|
|
|
struct hdr_exp *rsp_exp; /* regular expressions for response headers */
|
|
|
|
|
int nb_req_cap, nb_rsp_cap; /* # of headers to be captured */
|
|
|
|
|
struct cap_hdr *req_cap; /* chained list of request headers to be captured */
|
|
|
|
|
struct cap_hdr *rsp_cap; /* chained list of response headers to be captured */
|
2007-05-13 16:46:04 -04:00
|
|
|
struct pool_head *req_cap_pool, /* pools of pre-allocated char ** used to build the sessions */
|
|
|
|
|
*rsp_cap_pool;
|
2010-01-03 15:03:22 -05:00
|
|
|
struct list req_add, rsp_add; /* headers to be added */
|
2011-03-10 17:25:56 -05:00
|
|
|
struct pxcounters be_counters; /* backend statistics counters */
|
|
|
|
|
struct pxcounters fe_counters; /* frontend statistics counters */
|
2010-01-04 09:45:53 -05:00
|
|
|
|
2011-07-24 17:55:06 -04:00
|
|
|
struct list listener_queue; /* list of the temporarily limited listeners because of lack of a proxy resource */
|
2010-01-04 09:45:53 -05:00
|
|
|
struct stktable table; /* table for storing sticking sessions */
|
|
|
|
|
|
2012-10-03 18:14:33 -04:00
|
|
|
struct task *task; /* the associated task, mandatory to manage rate limiting, stopping and resource shortage, NULL if disabled */
|
2013-10-06 17:24:13 -04:00
|
|
|
struct list tcpcheck_rules; /* tcp-check send / expect rules */
|
2014-08-28 08:36:36 -04:00
|
|
|
int grace; /* grace time after stop request */
|
2006-07-09 10:42:34 -04:00
|
|
|
int check_len; /* Length of the HTTP or SSL3 request */
|
2014-08-28 08:36:36 -04:00
|
|
|
char *check_req; /* HTTP or SSL request to use for PR_O_HTTP_CHK|PR_O_SSL3_CHK */
|
2014-06-19 23:30:16 -04:00
|
|
|
char *check_command; /* Command to use for external agent checks */
|
|
|
|
|
char *check_path; /* PATH environment to use for external agent checks */
|
2011-08-19 14:04:17 -04:00
|
|
|
char *expect_str; /* http-check expected content : string or text version of the regex */
|
2014-06-18 05:35:54 -04:00
|
|
|
struct my_regex *expect_regex; /* http-check expected content */
|
2006-12-23 14:51:41 -05:00
|
|
|
struct chunk errmsg[HTTP_ERR_SIZE]; /* default or customized error messages for known errors */
|
2007-11-04 17:35:08 -05:00
|
|
|
int uuid; /* universally unique proxy ID, used for SNMP */
|
2008-01-06 04:55:10 -05:00
|
|
|
unsigned int backlog; /* force the frontend's listen backlog */
|
2013-01-18 05:29:29 -05:00
|
|
|
unsigned long bind_proc; /* bitmask of processes using this proxy */
|
2011-10-21 12:51:57 -04:00
|
|
|
|
|
|
|
|
/* warning: these structs are huge, keep them at the bottom */
|
|
|
|
|
struct sockaddr_storage dispatch_addr; /* the default address to connect to */
|
2009-03-01 17:21:47 -05:00
|
|
|
struct error_snapshot invalid_req, invalid_rep; /* captures of last errors */
|
2009-06-14 05:10:45 -04:00
|
|
|
|
|
|
|
|
/* used only during configuration parsing */
|
|
|
|
|
int no_options; /* PR_O_REDISP, PR_O_TRANSP, ... */
|
|
|
|
|
int no_options2; /* PR_O2_* */
|
2009-10-04 08:52:57 -04:00
|
|
|
|
2009-10-04 14:54:54 -04:00
|
|
|
struct {
|
2012-10-04 02:01:43 -04:00
|
|
|
char *file; /* file where the section appears */
|
2009-10-04 14:54:54 -04:00
|
|
|
int line; /* line where the section appears */
|
2009-10-04 17:04:08 -04:00
|
|
|
struct eb32_node id; /* place in the tree of used IDs */
|
|
|
|
|
struct eb_root used_listener_id;/* list of listener IDs in use */
|
|
|
|
|
struct eb_root used_server_id; /* list of server IDs in use */
|
2012-09-13 11:54:29 -04:00
|
|
|
struct list bind; /* list of bind settings */
|
2012-09-20 10:48:07 -04:00
|
|
|
struct list listeners; /* list of listeners belonging to this frontend */
|
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve
While ACL args were resolved after all the config was parsed, it was not the
case with sample fetch args because they're almost everywhere now.
The issue is that ACLs now solely rely on sample fetches, so their args
resolving doesn't work anymore. And many fetches involving a server, a
proxy or a userlist don't work at all.
The real issue is that at the bottom layers we have no information about
proxies, line numbers, even ACLs in order to report understandable errors,
and that at the top layers we have no visibility over the locations where
fetches are referenced (think log node).
After failing multiple unsatisfying solutions attempts, we now have a new
concept of args list. The principle is that every proxy has a list head
which contains a number of indications such as the config keyword, the
context where it's used, the file and line number, etc... and a list of
arguments. This list head is of the same type as the elements, so it
serves as a template for adding new elements. This way, it is filled from
top to bottom by the callers with the information they have (eg: line
numbers, ACL name, ...) and the lower layers just have to duplicate it and
add an element when they face an argument they cannot resolve yet.
Then at the end of the configuration parsing, a loop passes over each
proxy's list and resolves all the args in sequence. And this way there is
all necessary information to report verbose errors.
The first immediate benefit is that for the first time we got very precise
location of issues (arg number in a keyword in its context, ...). Second,
in order to do this we had to parse log-format and unique-id-format a bit
earlier, so that was a great opportunity for doing so when the directives
are encountered (unless it's a default section). This way, the recorded
line numbers for these args are the ones of the place where the log format
is declared, not the end of the file.
Userlists report slightly more information now. They're the only remaining
ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
|
|
|
struct arg_list args; /* sample arg list that need to be resolved */
|
2014-03-15 02:22:35 -04:00
|
|
|
struct ebpt_node by_name; /* proxies are stored sorted by name here */
|
2013-04-12 12:13:46 -04:00
|
|
|
char *logformat_string; /* log format string */
|
|
|
|
|
char *lfs_file; /* file name where the logformat string appears (strdup) */
|
|
|
|
|
int lfs_line; /* file name where the logformat string appears */
|
|
|
|
|
int uif_line; /* file name where the unique-id-format string appears */
|
2014-08-28 08:36:36 -04:00
|
|
|
char *uif_file; /* file name where the unique-id-format string appears (strdup) */
|
|
|
|
|
char *uniqueid_format_string; /* unique-id format string */
|
2009-10-04 14:54:54 -04:00
|
|
|
} conf; /* config information */
|
2010-07-13 10:24:48 -04:00
|
|
|
void *parent; /* parent of the proxy when applicable */
|
MEDIUM: HTTP compression (zlib library support)
This commit introduces HTTP compression using the zlib library.
http_response_forward_body has been modified to call the compression
functions.
This feature includes 3 algorithms: identity, gzip and deflate:
* identity: this is mostly for debugging, and it was useful for
developping the compression feature. With Content-Length in input, it
is making each chunk with the data available in the current buffer.
With chunks in input, it is rechunking, the output chunks will be
bigger or smaller depending of the size of the input chunk and the
size of the buffer. Identity does not apply any change on data.
* gzip: same as identity, but applying a gzip compression. The data
are deflated using the Z_NO_FLUSH flag in zlib. When there is no more
data in the input buffer, it flushes the data in the output buffer
(Z_SYNC_FLUSH). At the end of data, when it receives the last chunk in
input, or when there is no more data to read, it writes the end of
data with Z_FINISH and the ending chunk.
* deflate: same as gzip, but with deflate algorithm and zlib format.
Note that this algorithm has ambiguous support on many browsers and
no support at all from recent ones. It is strongly recommended not
to use it for anything else than experimentation.
You can't choose the compression ratio at the moment, it will be set to
Z_BEST_SPEED (1), as tests have shown very little benefit in terms of
compression ration when going above for HTML contents, at the cost of
a massive CPU impact.
Compression will be activated depending of the Accept-Encoding request
header. With identity, it does not take care of that header.
To build HAProxy with zlib support, use USE_ZLIB=1 in the make
parameters.
This work was initially started by David Du Colombier at Exceliance.
2012-10-23 04:25:10 -04:00
|
|
|
struct comp *comp; /* http compression */
|
2015-01-29 21:22:59 -05:00
|
|
|
|
|
|
|
|
struct {
|
|
|
|
|
union {
|
|
|
|
|
struct mailers *m; /* Mailer to send email alerts via */
|
|
|
|
|
char *name;
|
|
|
|
|
} mailers;
|
2015-01-29 21:23:00 -05:00
|
|
|
char *from; /* Address to send email alerts from */
|
|
|
|
|
char *to; /* Address(es) to send email alerts to */
|
2015-01-29 21:22:59 -05:00
|
|
|
char *myhostname; /* Identity to use in HELO command sent to mailer */
|
2015-02-05 21:11:57 -05:00
|
|
|
int level; /* Maximum syslog level of messages to send
|
|
|
|
|
* email alerts for */
|
|
|
|
|
int set; /* True if email_alert settings are present */
|
2015-01-29 21:23:00 -05:00
|
|
|
struct email_alertq *queues; /* per-mailer alerts queues */
|
2015-01-29 21:22:59 -05:00
|
|
|
} email_alert;
|
2006-06-25 20:48:02 -04:00
|
|
|
};
|
|
|
|
|
|
2007-06-17 13:56:27 -04:00
|
|
|
struct switching_rule {
|
|
|
|
|
struct list list; /* list linked to from the proxy */
|
|
|
|
|
struct acl_cond *cond; /* acl condition to meet */
|
2013-11-19 05:43:06 -05:00
|
|
|
int dynamic; /* this is a dynamic rule using the logformat expression */
|
2007-06-17 13:56:27 -04:00
|
|
|
union {
|
|
|
|
|
struct proxy *backend; /* target backend */
|
|
|
|
|
char *name; /* target backend name during config parsing */
|
2013-11-19 05:43:06 -05:00
|
|
|
struct list expr; /* logformat expression to use for dynamic rules */
|
2007-06-17 13:56:27 -04:00
|
|
|
} be;
|
|
|
|
|
};
|
|
|
|
|
|
2012-04-05 15:09:48 -04:00
|
|
|
struct server_rule {
|
|
|
|
|
struct list list; /* list linked to from the proxy */
|
|
|
|
|
struct acl_cond *cond; /* acl condition to meet */
|
|
|
|
|
union {
|
|
|
|
|
struct server *ptr; /* target server */
|
|
|
|
|
char *name; /* target server name during config parsing */
|
|
|
|
|
} srv;
|
|
|
|
|
};
|
|
|
|
|
|
2010-04-24 18:00:51 -04:00
|
|
|
struct persist_rule {
|
2010-01-22 13:10:05 -05:00
|
|
|
struct list list; /* list linked to from the proxy */
|
|
|
|
|
struct acl_cond *cond; /* acl condition to meet */
|
2010-04-24 18:00:51 -04:00
|
|
|
int type;
|
2010-01-22 13:10:05 -05:00
|
|
|
};
|
|
|
|
|
|
2010-01-04 09:45:53 -05:00
|
|
|
struct sticking_rule {
|
|
|
|
|
struct list list; /* list linked to from the proxy */
|
|
|
|
|
struct acl_cond *cond; /* acl condition to meet */
|
2012-04-27 15:37:17 -04:00
|
|
|
struct sample_expr *expr; /* fetch expr to fetch key */
|
2010-01-04 09:45:53 -05:00
|
|
|
int flags; /* STK_* */
|
|
|
|
|
union {
|
|
|
|
|
struct stktable *t; /* target table */
|
|
|
|
|
char *name; /* target table name during config parsing */
|
|
|
|
|
} table;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2008-06-07 17:08:56 -04:00
|
|
|
struct redirect_rule {
|
|
|
|
|
struct list list; /* list linked to from the proxy */
|
|
|
|
|
struct acl_cond *cond; /* acl condition to meet */
|
|
|
|
|
int type;
|
|
|
|
|
int rdr_len;
|
|
|
|
|
char *rdr_str;
|
2013-11-29 06:15:45 -05:00
|
|
|
struct list rdr_fmt;
|
2008-06-07 17:08:56 -04:00
|
|
|
int code;
|
2008-11-19 14:03:04 -05:00
|
|
|
unsigned int flags;
|
2008-11-19 15:07:09 -05:00
|
|
|
int cookie_len;
|
|
|
|
|
char *cookie_str;
|
2008-06-07 17:08:56 -04:00
|
|
|
};
|
|
|
|
|
|
2006-06-25 20:48:02 -04:00
|
|
|
#endif /* _TYPES_PROXY_H */
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Local variables:
|
|
|
|
|
* c-indent-level: 8
|
|
|
|
|
* c-basic-offset: 8
|
|
|
|
|
* End:
|
|
|
|
|
*/
|
